From 2aa73ff15bfc4eb2afd85ca6d3ba081babf22432 Mon Sep 17 00:00:00 2001 From: Thomas Lange Date: Tue, 9 Jan 2024 20:01:07 +0100 Subject: remove unused security files This is what I did: git rm -rf */security/199* git rm -rf */security/20* git rm -rf */security/key-rollover git rm -rf */security/undated git rm -rf */lts/security/20* It removes 54335 files, including around 9650 DSA/DLA data files, 44189 wml files, nearly 500 Makefiles --- danish/lts/security/2014/Makefile | 1 - danish/lts/security/2014/index.wml | 14 -- danish/lts/security/2015/Makefile | 1 - danish/lts/security/2015/dla-374.wml | 12 -- danish/lts/security/2015/dla-375.wml | 28 --- danish/lts/security/2015/dla-376.wml | 12 -- danish/lts/security/2015/index.wml | 14 -- danish/lts/security/2016/Makefile | 1 - danish/lts/security/2016/dla-374.wml | 13 -- danish/lts/security/2016/dla-375.wml | 12 -- danish/lts/security/2016/dla-378.wml | 50 ----- danish/lts/security/2016/dla-379.wml | 36 ---- danish/lts/security/2016/dla-380.wml | 24 --- danish/lts/security/2016/dla-381.wml | 13 -- danish/lts/security/2016/dla-382.wml | 27 --- danish/lts/security/2016/dla-383.wml | 34 --- danish/lts/security/2016/dla-384.wml | 15 -- danish/lts/security/2016/dla-385.wml | 13 -- danish/lts/security/2016/dla-386.wml | 12 -- danish/lts/security/2016/dla-387.wml | 50 ----- danish/lts/security/2016/dla-388.wml | 12 -- danish/lts/security/2016/dla-389.wml | 12 -- danish/lts/security/2016/dla-390.wml | 18 -- danish/lts/security/2016/dla-391.wml | 12 -- danish/lts/security/2016/dla-392.wml | 17 -- danish/lts/security/2016/dla-393.wml | 13 -- danish/lts/security/2016/dla-394.wml | 14 -- danish/lts/security/2016/dla-395.wml | 13 -- danish/lts/security/2016/dla-396.wml | 10 - danish/lts/security/2016/dla-397.wml | 11 - danish/lts/security/2016/dla-398.wml | 20 -- danish/lts/security/2016/dla-399.wml | 11 - danish/lts/security/2016/dla-400.wml | 57 ----- danish/lts/security/2016/dla-401.wml | 24 --- danish/lts/security/2016/dla-402.wml | 18 -- danish/lts/security/2016/dla-403.wml | 30 --- danish/lts/security/2016/dla-404.wml | 15 -- danish/lts/security/2016/dla-405.wml | 21 -- danish/lts/security/2016/dla-406.wml | 23 -- danish/lts/security/2016/dla-407.wml | 18 -- danish/lts/security/2016/dla-408.wml | 21 -- danish/lts/security/2016/dla-409.wml | 21 -- danish/lts/security/2016/dla-410.wml | 83 -------- danish/lts/security/2016/dla-411.wml | 37 ---- danish/lts/security/2016/dla-412.wml | 57 ----- danish/lts/security/2016/dla-413.wml | 11 - danish/lts/security/2016/dla-414.wml | 11 - danish/lts/security/2016/dla-415.wml | 12 -- danish/lts/security/2016/dla-416.wml | 40 ---- danish/lts/security/2016/dla-417.wml | 13 -- danish/lts/security/2016/dla-418.wml | 31 --- danish/lts/security/2016/dla-419.wml | 13 -- danish/lts/security/2016/dla-420.wml | 18 -- danish/lts/security/2016/dla-421.wml | 27 --- danish/lts/security/2016/dla-422.wml | 27 --- danish/lts/security/2016/dla-423.wml | 25 --- danish/lts/security/2016/dla-424.wml | 10 - danish/lts/security/2016/dla-425.wml | 19 -- danish/lts/security/2016/dla-426.wml | 21 -- danish/lts/security/2016/dla-427.wml | 16 -- danish/lts/security/2016/dla-428.wml | 13 -- danish/lts/security/2016/dla-429.wml | 12 -- danish/lts/security/2016/dla-430.wml | 12 -- danish/lts/security/2016/dla-431.wml | 13 -- danish/lts/security/2016/dla-432.wml | 47 ----- danish/lts/security/2016/dla-433.wml | 13 -- danish/lts/security/2016/dla-434.wml | 33 --- danish/lts/security/2016/dla-435.wml | 74 ------- danish/lts/security/2016/dla-436.wml | 11 - danish/lts/security/2016/dla-437.wml | 26 --- danish/lts/security/2016/dla-438.wml | 30 --- danish/lts/security/2016/dla-439.wml | 58 ----- danish/lts/security/2016/dla-440.wml | 19 -- danish/lts/security/2016/dla-441.wml | 21 -- danish/lts/security/2016/dla-442.wml | 37 ---- danish/lts/security/2016/dla-443.wml | 27 --- danish/lts/security/2016/dla-444.wml | 53 ----- danish/lts/security/2016/dla-445.wml | 16 -- danish/lts/security/2016/index.wml | 14 -- danish/lts/security/2017/Makefile | 1 - danish/lts/security/2017/index.wml | 14 -- danish/lts/security/2018/Makefile | 1 - danish/lts/security/2018/index.wml | 14 -- danish/lts/security/2019/Makefile | 1 - danish/lts/security/2019/index.wml | 14 -- danish/lts/security/2020/Makefile | 1 - danish/lts/security/2020/index.wml | 14 -- danish/security/1997/Makefile | 1 - danish/security/1997/index.wml | 6 - danish/security/1998/Makefile | 1 - danish/security/1998/index.wml | 7 - danish/security/1999/Makefile | 1 - danish/security/1999/index.wml | 7 - danish/security/2000/Makefile | 1 - danish/security/2000/index.wml | 13 -- danish/security/2001/Makefile | 1 - danish/security/2001/dsa-011.wml | 10 - danish/security/2001/dsa-012.wml | 11 - danish/security/2001/dsa-013.wml | 10 - danish/security/2001/dsa-014.wml | 10 - danish/security/2001/dsa-015.wml | 13 -- danish/security/2001/dsa-016.wml | 11 - danish/security/2001/dsa-017.wml | 12 -- danish/security/2001/dsa-018.wml | 10 - danish/security/2001/dsa-019.wml | 13 -- danish/security/2001/dsa-020.wml | 15 -- danish/security/2001/dsa-021.wml | 11 - danish/security/2001/dsa-022.wml | 15 -- danish/security/2001/dsa-023.wml | 21 -- danish/security/2001/dsa-024.wml | 13 -- danish/security/2001/dsa-025.wml | 9 - danish/security/2001/dsa-026.wml | 12 -- danish/security/2001/dsa-027.wml | 16 -- danish/security/2001/dsa-028.wml | 12 -- danish/security/2001/dsa-029.wml | 22 -- danish/security/2001/dsa-030.wml | 81 ------- danish/security/2001/dsa-031.wml | 9 - danish/security/2001/dsa-032.wml | 20 -- danish/security/2001/dsa-033.wml | 17 -- danish/security/2001/dsa-034.wml | 17 -- danish/security/2001/dsa-035.wml | 10 - danish/security/2001/dsa-036.wml | 10 - danish/security/2001/dsa-037.wml | 10 - danish/security/2001/dsa-038.wml | 9 - danish/security/2001/dsa-039.wml | 23 -- danish/security/2001/dsa-040.wml | 15 -- danish/security/2001/dsa-041.wml | 15 -- danish/security/2001/dsa-042.wml | 24 --- danish/security/2001/dsa-043.wml | 52 ----- danish/security/2001/dsa-044.wml | 21 -- danish/security/2001/dsa-045.wml | 12 -- danish/security/2001/dsa-046.wml | 13 -- danish/security/2001/dsa-047.wml | 43 ---- danish/security/2001/dsa-048.wml | 30 --- danish/security/2001/dsa-049.wml | 18 -- danish/security/2001/dsa-050.wml | 14 -- danish/security/2001/dsa-051.wml | 20 -- danish/security/2001/dsa-052.wml | 13 -- danish/security/2001/dsa-053.wml | 15 -- danish/security/2001/dsa-054.wml | 14 -- danish/security/2001/dsa-055.wml | 15 -- danish/security/2001/dsa-056.wml | 29 --- danish/security/2001/dsa-057.wml | 16 -- danish/security/2001/dsa-058.wml | 15 -- danish/security/2001/dsa-059.wml | 25 --- danish/security/2001/dsa-060.wml | 13 -- danish/security/2001/dsa-061.wml | 25 --- danish/security/2001/dsa-062.wml | 20 -- danish/security/2001/dsa-063.wml | 16 -- danish/security/2001/dsa-064.wml | 14 -- danish/security/2001/dsa-065.wml | 29 --- danish/security/2001/dsa-066.wml | 27 --- danish/security/2001/dsa-067.wml | 40 ---- danish/security/2001/dsa-068.wml | 19 -- danish/security/2001/dsa-069.wml | 15 -- danish/security/2001/dsa-070.wml | 28 --- danish/security/2001/dsa-071.wml | 17 -- danish/security/2001/dsa-072.wml | 14 -- danish/security/2001/dsa-073.wml | 36 ---- danish/security/2001/dsa-074.wml | 17 -- danish/security/2001/dsa-075.wml | 23 -- danish/security/2001/dsa-076.wml | 18 -- danish/security/2001/dsa-077.wml | 15 -- danish/security/2001/dsa-078.wml | 20 -- danish/security/2001/dsa-079.wml | 29 --- danish/security/2001/dsa-080.wml | 22 -- danish/security/2001/dsa-081.wml | 21 -- danish/security/2001/dsa-082.wml | 17 -- danish/security/2001/dsa-083.wml | 16 -- danish/security/2001/dsa-084.wml | 16 -- danish/security/2001/dsa-085.wml | 18 -- danish/security/2001/dsa-086.wml | 27 --- danish/security/2001/dsa-087.wml | 13 -- danish/security/2001/dsa-088.wml | 15 -- danish/security/2001/dsa-089.wml | 25 --- danish/security/2001/dsa-090.wml | 18 -- danish/security/2001/dsa-091.wml | 14 -- danish/security/2001/dsa-092.wml | 19 -- danish/security/2001/dsa-093.wml | 12 -- danish/security/2001/dsa-094.wml | 13 -- danish/security/2001/dsa-095.wml | 14 -- danish/security/2001/index.wml | 13 -- danish/security/2002/Makefile | 1 - danish/security/2002/dsa-096.wml | 13 -- danish/security/2002/dsa-097.wml | 24 --- danish/security/2002/dsa-098.wml | 23 -- danish/security/2002/dsa-099.wml | 24 --- danish/security/2002/dsa-100.wml | 19 -- danish/security/2002/dsa-101.wml | 14 -- danish/security/2002/dsa-102.wml | 17 -- danish/security/2002/dsa-103.wml | 13 -- danish/security/2002/dsa-104.wml | 17 -- danish/security/2002/dsa-105.wml | 12 -- danish/security/2002/dsa-106.wml | 21 -- danish/security/2002/dsa-107.wml | 20 -- danish/security/2002/dsa-108.wml | 20 -- danish/security/2002/dsa-109.wml | 22 -- danish/security/2002/dsa-110.wml | 16 -- danish/security/2002/dsa-111.wml | 30 --- danish/security/2002/dsa-112.wml | 22 -- danish/security/2002/dsa-113.wml | 23 -- danish/security/2002/dsa-114.wml | 22 -- danish/security/2002/dsa-115.wml | 27 --- danish/security/2002/dsa-116.wml | 17 -- danish/security/2002/dsa-117.wml | 19 -- danish/security/2002/dsa-118.wml | 16 -- danish/security/2002/dsa-119.wml | 20 -- danish/security/2002/dsa-120.wml | 27 --- danish/security/2002/dsa-121.wml | 20 -- danish/security/2002/dsa-122.wml | 42 ---- danish/security/2002/dsa-123.wml | 12 -- danish/security/2002/dsa-124.wml | 19 -- danish/security/2002/dsa-125.wml | 22 -- danish/security/2002/dsa-126.wml | 18 -- danish/security/2002/dsa-127.wml | 14 -- danish/security/2002/dsa-128.wml | 15 -- danish/security/2002/dsa-129.wml | 13 -- danish/security/2002/dsa-130.wml | 22 -- danish/security/2002/dsa-131.wml | 21 -- danish/security/2002/dsa-132.wml | 23 -- danish/security/2002/dsa-133.wml | 20 -- danish/security/2002/dsa-134.wml | 138 ------------ danish/security/2002/dsa-135.wml | 17 -- danish/security/2002/dsa-136.wml | 34 --- danish/security/2002/dsa-137.wml | 19 -- danish/security/2002/dsa-138.wml | 13 -- danish/security/2002/dsa-139.wml | 18 -- danish/security/2002/dsa-140.wml | 36 ---- danish/security/2002/dsa-141.wml | 24 --- danish/security/2002/dsa-142.wml | 22 -- danish/security/2002/dsa-143.wml | 19 -- danish/security/2002/dsa-144.wml | 23 -- danish/security/2002/dsa-145.wml | 18 -- danish/security/2002/dsa-146.wml | 21 -- danish/security/2002/dsa-147.wml | 20 -- danish/security/2002/dsa-148.wml | 43 ---- danish/security/2002/dsa-149.wml | 19 -- danish/security/2002/dsa-150.wml | 22 -- danish/security/2002/dsa-151.wml | 19 -- danish/security/2002/dsa-152.wml | 19 -- danish/security/2002/dsa-153.wml | 51 ----- danish/security/2002/dsa-154.wml | 19 -- danish/security/2002/dsa-155.wml | 29 --- danish/security/2002/dsa-156.wml | 19 -- danish/security/2002/dsa-157.wml | 19 -- danish/security/2002/dsa-158.wml | 29 --- danish/security/2002/dsa-159.wml | 21 -- danish/security/2002/dsa-160.wml | 20 -- danish/security/2002/dsa-161.wml | 29 --- danish/security/2002/dsa-162.wml | 20 -- danish/security/2002/dsa-163.wml | 49 ----- danish/security/2002/dsa-164.wml | 20 -- danish/security/2002/dsa-165.wml | 44 ---- danish/security/2002/dsa-166.wml | 17 -- danish/security/2002/dsa-167.wml | 24 --- danish/security/2002/dsa-168.wml | 51 ----- danish/security/2002/dsa-169.wml | 20 -- danish/security/2002/dsa-170.wml | 20 -- danish/security/2002/dsa-171.wml | 23 -- danish/security/2002/dsa-172.wml | 16 -- danish/security/2002/dsa-173.wml | 22 -- danish/security/2002/dsa-174.wml | 19 -- danish/security/2002/dsa-175.wml | 21 -- danish/security/2002/dsa-176.wml | 18 -- danish/security/2002/dsa-177.wml | 27 --- danish/security/2002/dsa-178.wml | 19 -- danish/security/2002/dsa-179.wml | 18 -- danish/security/2002/dsa-180.wml | 18 -- danish/security/2002/dsa-181.wml | 30 --- danish/security/2002/dsa-182.wml | 19 -- danish/security/2002/dsa-183.wml | 20 -- danish/security/2002/dsa-184.wml | 17 -- danish/security/2002/dsa-185.wml | 19 -- danish/security/2002/dsa-186.wml | 20 -- danish/security/2002/dsa-187.wml | 52 ----- danish/security/2002/dsa-188.wml | 60 ------ danish/security/2002/dsa-189.wml | 21 -- danish/security/2002/dsa-190.wml | 17 -- danish/security/2002/dsa-191.wml | 31 --- danish/security/2002/dsa-192.wml | 18 -- danish/security/2002/dsa-193.wml | 22 -- danish/security/2002/dsa-194.wml | 19 -- danish/security/2002/dsa-195.wml | 59 ------ danish/security/2002/dsa-196.wml | 75 ------- danish/security/2002/dsa-197.wml | 20 -- danish/security/2002/dsa-198.wml | 22 -- danish/security/2002/dsa-199.wml | 20 -- danish/security/2002/dsa-200.wml | 16 -- danish/security/2002/dsa-201.wml | 20 -- danish/security/2002/dsa-202.wml | 27 --- danish/security/2002/dsa-203.wml | 17 -- danish/security/2002/dsa-204.wml | 21 -- danish/security/2002/dsa-205.wml | 13 -- danish/security/2002/dsa-206.wml | 13 -- danish/security/2002/dsa-207.wml | 24 --- danish/security/2002/dsa-208.wml | 22 -- danish/security/2002/dsa-209.wml | 23 -- danish/security/2002/dsa-210.wml | 16 -- danish/security/2002/dsa-211.wml | 21 -- danish/security/2002/dsa-212.wml | 45 ---- danish/security/2002/dsa-213.wml | 23 -- danish/security/2002/dsa-214.wml | 21 -- danish/security/2002/dsa-215.wml | 22 -- danish/security/2002/dsa-216.wml | 26 --- danish/security/2002/dsa-217.wml | 21 -- danish/security/2002/dsa-218.wml | 29 --- danish/security/2002/dsa-219.wml | 20 -- danish/security/2002/index.wml | 14 -- danish/security/2003/Makefile | 1 - danish/security/2003/dsa-220.wml | 21 -- danish/security/2003/dsa-221.wml | 22 -- danish/security/2003/dsa-222.wml | 23 -- danish/security/2003/dsa-223.wml | 22 -- danish/security/2003/dsa-224.wml | 31 --- danish/security/2003/dsa-225.wml | 26 --- danish/security/2003/dsa-226.wml | 22 -- danish/security/2003/dsa-227.wml | 24 --- danish/security/2003/dsa-228.wml | 32 --- danish/security/2003/dsa-229.wml | 37 ---- danish/security/2003/dsa-230.wml | 44 ---- danish/security/2003/dsa-231.wml | 23 -- danish/security/2003/dsa-232.wml | 72 ------- danish/security/2003/dsa-233.wml | 23 -- danish/security/2003/dsa-234.wml | 33 --- danish/security/2003/dsa-235.wml | 33 --- danish/security/2003/dsa-236.wml | 33 --- danish/security/2003/dsa-237.wml | 33 --- danish/security/2003/dsa-238.wml | 33 --- danish/security/2003/dsa-239.wml | 33 --- danish/security/2003/dsa-240.wml | 33 --- danish/security/2003/dsa-241.wml | 33 --- danish/security/2003/dsa-242.wml | 33 --- danish/security/2003/dsa-243.wml | 35 --- danish/security/2003/dsa-244.wml | 22 -- danish/security/2003/dsa-245.wml | 40 ---- danish/security/2003/dsa-246.wml | 39 ---- danish/security/2003/dsa-247.wml | 22 -- danish/security/2003/dsa-248.wml | 33 --- danish/security/2003/dsa-249.wml | 25 --- danish/security/2003/dsa-250.wml | 25 --- danish/security/2003/dsa-251.wml | 24 --- danish/security/2003/dsa-252.wml | 22 -- danish/security/2003/dsa-253.wml | 24 --- danish/security/2003/dsa-254.wml | 50 ----- danish/security/2003/dsa-255.wml | 26 --- danish/security/2003/dsa-256.wml | 21 -- danish/security/2003/dsa-257.wml | 20 -- danish/security/2003/dsa-258.wml | 21 -- danish/security/2003/dsa-259.wml | 19 -- danish/security/2003/dsa-260.wml | 20 -- danish/security/2003/dsa-261.wml | 21 -- danish/security/2003/dsa-262.wml | 21 -- danish/security/2003/dsa-263.wml | 23 -- danish/security/2003/dsa-264.wml | 23 -- danish/security/2003/dsa-265.wml | 33 --- danish/security/2003/dsa-266.wml | 51 ----- danish/security/2003/dsa-267.wml | 21 -- danish/security/2003/dsa-268.wml | 23 -- danish/security/2003/dsa-269.wml | 33 --- danish/security/2003/dsa-270.wml | 27 --- danish/security/2003/dsa-271.wml | 22 -- danish/security/2003/dsa-272.wml | 23 -- danish/security/2003/dsa-273.wml | 25 --- danish/security/2003/dsa-274.wml | 23 -- danish/security/2003/dsa-275.wml | 20 -- danish/security/2003/dsa-276.wml | 31 --- danish/security/2003/dsa-277.wml | 22 -- danish/security/2003/dsa-278.wml | 22 -- danish/security/2003/dsa-279.wml | 25 --- danish/security/2003/dsa-280.wml | 32 --- danish/security/2003/dsa-281.wml | 22 -- danish/security/2003/dsa-282.wml | 23 -- danish/security/2003/dsa-283.wml | 28 --- danish/security/2003/dsa-284.wml | 31 --- danish/security/2003/dsa-285.wml | 24 --- danish/security/2003/dsa-286.wml | 24 --- danish/security/2003/dsa-287.wml | 23 -- danish/security/2003/dsa-288.wml | 57 ----- danish/security/2003/dsa-289.wml | 23 -- danish/security/2003/dsa-290.wml | 22 -- danish/security/2003/dsa-291.wml | 24 --- danish/security/2003/dsa-292.wml | 29 --- danish/security/2003/dsa-293.wml | 30 --- danish/security/2003/dsa-294.wml | 37 ---- danish/security/2003/dsa-295.wml | 24 --- danish/security/2003/dsa-296.wml | 30 --- danish/security/2003/dsa-297.wml | 57 ----- danish/security/2003/dsa-298.wml | 24 --- danish/security/2003/dsa-299.wml | 21 -- danish/security/2003/dsa-300.wml | 23 -- danish/security/2003/dsa-301.wml | 25 --- danish/security/2003/dsa-302.wml | 21 -- danish/security/2003/dsa-303.wml | 28 --- danish/security/2003/dsa-304.wml | 24 --- danish/security/2003/dsa-305.wml | 22 -- danish/security/2003/dsa-306.wml | 24 --- danish/security/2003/dsa-307.wml | 41 ---- danish/security/2003/dsa-308.wml | 24 --- danish/security/2003/dsa-309.wml | 19 -- danish/security/2003/dsa-310.wml | 29 --- danish/security/2003/dsa-311.wml | 81 ------- danish/security/2003/dsa-312.wml | 57 ----- danish/security/2003/dsa-313.wml | 22 -- danish/security/2003/dsa-314.wml | 19 -- danish/security/2003/dsa-315.wml | 19 -- danish/security/2003/dsa-316.wml | 40 ---- danish/security/2003/dsa-317.wml | 20 -- danish/security/2003/dsa-318.wml | 21 -- danish/security/2003/dsa-319.wml | 21 -- danish/security/2003/dsa-320.wml | 20 -- danish/security/2003/dsa-321.wml | 21 -- danish/security/2003/dsa-322.wml | 23 -- danish/security/2003/dsa-323.wml | 22 -- danish/security/2003/dsa-324.wml | 51 ----- danish/security/2003/dsa-325.wml | 21 -- danish/security/2003/dsa-326.wml | 23 -- danish/security/2003/dsa-327.wml | 21 -- danish/security/2003/dsa-328.wml | 19 -- danish/security/2003/dsa-329.wml | 24 --- danish/security/2003/dsa-330.wml | 26 --- danish/security/2003/dsa-331.wml | 20 -- danish/security/2003/dsa-332.wml | 78 ------- danish/security/2003/dsa-333.wml | 19 -- danish/security/2003/dsa-334.wml | 18 -- danish/security/2003/dsa-335.wml | 21 -- danish/security/2003/dsa-336.wml | 86 -------- danish/security/2003/dsa-337.wml | 20 -- danish/security/2003/dsa-338.wml | 21 -- danish/security/2003/dsa-339.wml | 26 --- danish/security/2003/dsa-340.wml | 24 --- danish/security/2003/dsa-341.wml | 20 -- danish/security/2003/dsa-342.wml | 23 -- danish/security/2003/dsa-343.wml | 21 -- danish/security/2003/dsa-344.wml | 19 -- danish/security/2003/dsa-345.wml | 19 -- danish/security/2003/dsa-346.wml | 21 -- danish/security/2003/dsa-347.wml | 20 -- danish/security/2003/dsa-348.wml | 21 -- danish/security/2003/dsa-349.wml | 19 -- danish/security/2003/dsa-350.wml | 22 -- danish/security/2003/dsa-351.wml | 19 -- danish/security/2003/dsa-352.wml | 20 -- danish/security/2003/dsa-353.wml | 20 -- danish/security/2003/dsa-354.wml | 19 -- danish/security/2003/dsa-355.wml | 19 -- danish/security/2003/dsa-356.wml | 19 -- danish/security/2003/dsa-357.wml | 19 -- danish/security/2003/dsa-358.wml | 110 ---------- danish/security/2003/dsa-359.wml | 18 -- danish/security/2003/dsa-360.wml | 29 --- danish/security/2003/dsa-361.wml | 39 ---- danish/security/2003/dsa-362.wml | 19 -- danish/security/2003/dsa-363.wml | 29 --- danish/security/2003/dsa-364.wml | 41 ---- danish/security/2003/dsa-365.wml | 35 --- danish/security/2003/dsa-366.wml | 20 -- danish/security/2003/dsa-367.wml | 18 -- danish/security/2003/dsa-368.wml | 17 -- danish/security/2003/dsa-369.wml | 18 -- danish/security/2003/dsa-370.wml | 20 -- danish/security/2003/dsa-371.wml | 21 -- danish/security/2003/dsa-372.wml | 22 -- danish/security/2003/dsa-373.wml | 22 -- danish/security/2003/dsa-374.wml | 19 -- danish/security/2003/dsa-375.wml | 19 -- danish/security/2003/dsa-376.wml | 21 -- danish/security/2003/dsa-377.wml | 25 --- danish/security/2003/dsa-378.wml | 32 --- danish/security/2003/dsa-379.wml | 85 -------- danish/security/2003/dsa-380.wml | 219 ------------------- danish/security/2003/dsa-381.wml | 22 -- danish/security/2003/dsa-382.wml | 25 --- danish/security/2003/dsa-383.wml | 20 -- danish/security/2003/dsa-384.wml | 33 --- danish/security/2003/dsa-385.wml | 22 -- danish/security/2003/dsa-386.wml | 23 -- danish/security/2003/dsa-387.wml | 19 -- danish/security/2003/dsa-388.wml | 37 ---- danish/security/2003/dsa-389.wml | 24 --- danish/security/2003/dsa-390.wml | 17 -- danish/security/2003/dsa-391.wml | 17 -- danish/security/2003/dsa-392.wml | 31 --- danish/security/2003/dsa-393.wml | 26 --- danish/security/2003/dsa-394.wml | 66 ------ danish/security/2003/dsa-395.wml | 20 -- danish/security/2003/dsa-396.wml | 36 ---- danish/security/2003/dsa-397.wml | 17 -- danish/security/2003/dsa-398.wml | 18 -- danish/security/2003/dsa-399.wml | 21 -- danish/security/2003/dsa-400.wml | 19 -- danish/security/2003/dsa-401.wml | 18 -- danish/security/2003/dsa-402.wml | 18 -- danish/security/2003/dsa-403.wml | 22 -- danish/security/2003/dsa-404.wml | 39 ---- danish/security/2003/dsa-405.wml | 18 -- danish/security/2003/index.wml | 14 -- danish/security/2004/CAN-2004-0077.wml | 22 -- danish/security/2004/CAN-2004-0109.wml | 22 -- danish/security/2004/Makefile | 1 - danish/security/2004/dsa-406.wml | 18 -- danish/security/2004/dsa-407.wml | 50 ----- danish/security/2004/dsa-408.wml | 18 -- danish/security/2004/dsa-409.wml | 22 -- danish/security/2004/dsa-410.wml | 19 -- danish/security/2004/dsa-411.wml | 21 -- danish/security/2004/dsa-412.wml | 20 -- danish/security/2004/dsa-413.wml | 24 --- danish/security/2004/dsa-414.wml | 19 -- danish/security/2004/dsa-415.wml | 26 --- danish/security/2004/dsa-416.wml | 22 -- danish/security/2004/dsa-417.wml | 23 -- danish/security/2004/dsa-418.wml | 18 -- danish/security/2004/dsa-419.wml | 39 ---- danish/security/2004/dsa-420.wml | 22 -- danish/security/2004/dsa-421.wml | 21 -- danish/security/2004/dsa-422.wml | 35 --- danish/security/2004/dsa-423.wml | 111 ---------- danish/security/2004/dsa-424.wml | 18 -- danish/security/2004/dsa-425.wml | 31 --- danish/security/2004/dsa-426.wml | 20 -- danish/security/2004/dsa-427.wml | 20 -- danish/security/2004/dsa-428.wml | 27 --- danish/security/2004/dsa-429.wml | 21 -- danish/security/2004/dsa-430.wml | 20 -- danish/security/2004/dsa-431.wml | 21 -- danish/security/2004/dsa-432.wml | 20 -- danish/security/2004/dsa-433.wml | 21 -- danish/security/2004/dsa-434.wml | 63 ------ danish/security/2004/dsa-435.wml | 21 -- danish/security/2004/dsa-436.wml | 40 ---- danish/security/2004/dsa-437.wml | 19 -- danish/security/2004/dsa-438.wml | 32 --- danish/security/2004/dsa-439.wml | 55 ----- danish/security/2004/dsa-440.wml | 52 ----- danish/security/2004/dsa-441.wml | 28 --- danish/security/2004/dsa-442.wml | 104 --------- danish/security/2004/dsa-443.wml | 70 ------ danish/security/2004/dsa-444.wml | 27 --- danish/security/2004/dsa-445.wml | 18 -- danish/security/2004/dsa-446.wml | 21 -- danish/security/2004/dsa-447.wml | 24 --- danish/security/2004/dsa-448.wml | 22 -- danish/security/2004/dsa-449.wml | 26 --- danish/security/2004/dsa-450.wml | 54 ----- danish/security/2004/dsa-451.wml | 17 -- danish/security/2004/dsa-452.wml | 20 -- danish/security/2004/dsa-453.wml | 86 -------- danish/security/2004/dsa-454.wml | 46 ---- danish/security/2004/dsa-455.wml | 24 --- danish/security/2004/dsa-456.wml | 28 --- danish/security/2004/dsa-457.wml | 35 --- danish/security/2004/dsa-458.wml | 29 --- danish/security/2004/dsa-459.wml | 21 -- danish/security/2004/dsa-460.wml | 19 -- danish/security/2004/dsa-461.wml | 21 -- danish/security/2004/dsa-462.wml | 19 -- danish/security/2004/dsa-463.wml | 20 -- danish/security/2004/dsa-464.wml | 20 -- danish/security/2004/dsa-465.wml | 39 ---- danish/security/2004/dsa-466.wml | 35 --- danish/security/2004/dsa-467.wml | 28 --- danish/security/2004/dsa-468.wml | 34 --- danish/security/2004/dsa-469.wml | 19 -- danish/security/2004/dsa-470.wml | 48 ----- danish/security/2004/dsa-471.wml | 20 -- danish/security/2004/dsa-472.wml | 24 --- danish/security/2004/dsa-473.wml | 18 -- danish/security/2004/dsa-474.wml | 22 -- danish/security/2004/dsa-475.wml | 50 ----- danish/security/2004/dsa-476.wml | 20 -- danish/security/2004/dsa-477.wml | 22 -- danish/security/2004/dsa-478.wml | 19 -- danish/security/2004/dsa-479.wml | 104 --------- danish/security/2004/dsa-480.wml | 67 ------ danish/security/2004/dsa-481.wml | 68 ------ danish/security/2004/dsa-482.wml | 87 -------- danish/security/2004/dsa-483.wml | 38 ---- danish/security/2004/dsa-484.wml | 17 -- danish/security/2004/dsa-485.wml | 20 -- danish/security/2004/dsa-486.wml | 34 --- danish/security/2004/dsa-487.wml | 19 -- danish/security/2004/dsa-488.wml | 21 -- danish/security/2004/dsa-489.wml | 92 -------- danish/security/2004/dsa-490.wml | 20 -- danish/security/2004/dsa-491.wml | 86 -------- danish/security/2004/dsa-492.wml | 19 -- danish/security/2004/dsa-493.wml | 18 -- danish/security/2004/dsa-494.wml | 20 -- danish/security/2004/dsa-495.wml | 105 --------- danish/security/2004/dsa-496.wml | 20 -- danish/security/2004/dsa-497.wml | 24 --- danish/security/2004/dsa-498.wml | 47 ----- danish/security/2004/dsa-499.wml | 19 -- danish/security/2004/dsa-500.wml | 19 -- danish/security/2004/dsa-501.wml | 36 ---- danish/security/2004/dsa-502.wml | 39 ---- danish/security/2004/dsa-503.wml | 19 -- danish/security/2004/dsa-504.wml | 20 -- danish/security/2004/dsa-505.wml | 19 -- danish/security/2004/dsa-506.wml | 19 -- danish/security/2004/dsa-507.wml | 20 -- danish/security/2004/dsa-508.wml | 18 -- danish/security/2004/dsa-509.wml | 28 --- danish/security/2004/dsa-510.wml | 22 -- danish/security/2004/dsa-511.wml | 24 --- danish/security/2004/dsa-512.wml | 19 -- danish/security/2004/dsa-513.wml | 24 --- danish/security/2004/dsa-514.wml | 28 --- danish/security/2004/dsa-515.wml | 32 --- danish/security/2004/dsa-516.wml | 21 -- danish/security/2004/dsa-517.wml | 18 -- danish/security/2004/dsa-518.wml | 22 -- danish/security/2004/dsa-519.wml | 29 --- danish/security/2004/dsa-520.wml | 19 -- danish/security/2004/dsa-521.wml | 23 -- danish/security/2004/dsa-522.wml | 19 -- danish/security/2004/dsa-523.wml | 19 -- danish/security/2004/dsa-524.wml | 27 --- danish/security/2004/dsa-525.wml | 26 --- danish/security/2004/dsa-526.wml | 27 --- danish/security/2004/dsa-527.wml | 18 -- danish/security/2004/dsa-528.wml | 22 -- danish/security/2004/dsa-529.wml | 19 -- danish/security/2004/dsa-530.wml | 19 -- danish/security/2004/dsa-531.wml | 37 ---- danish/security/2004/dsa-532.wml | 37 ---- danish/security/2004/dsa-533.wml | 20 -- danish/security/2004/dsa-534.wml | 18 -- danish/security/2004/dsa-535.wml | 50 ----- danish/security/2004/dsa-536.wml | 48 ----- danish/security/2004/dsa-537.wml | 22 -- danish/security/2004/dsa-538.wml | 23 -- danish/security/2004/dsa-539.wml | 20 -- danish/security/2004/dsa-540.wml | 18 -- danish/security/2004/dsa-541.wml | 20 -- danish/security/2004/dsa-542.wml | 40 ---- danish/security/2004/dsa-543.wml | 46 ---- danish/security/2004/dsa-544.wml | 20 -- danish/security/2004/dsa-545.wml | 18 -- danish/security/2004/dsa-546.wml | 38 ---- danish/security/2004/dsa-547.wml | 20 -- danish/security/2004/dsa-548.wml | 23 -- danish/security/2004/dsa-549.wml | 37 ---- danish/security/2004/dsa-550.wml | 18 -- danish/security/2004/dsa-551.wml | 18 -- danish/security/2004/dsa-552.wml | 18 -- danish/security/2004/dsa-553.wml | 19 -- danish/security/2004/dsa-554.wml | 21 -- danish/security/2004/dsa-555.wml | 19 -- danish/security/2004/dsa-556.wml | 22 -- danish/security/2004/dsa-557.wml | 19 -- danish/security/2004/dsa-558.wml | 20 -- danish/security/2004/dsa-559.wml | 18 -- danish/security/2004/dsa-560.wml | 17 -- danish/security/2004/dsa-561.wml | 17 -- danish/security/2004/dsa-562.wml | 41 ---- danish/security/2004/dsa-563.wml | 31 --- danish/security/2004/dsa-564.wml | 20 -- danish/security/2004/dsa-565.wml | 18 -- danish/security/2004/dsa-566.wml | 24 --- danish/security/2004/dsa-567.wml | 43 ---- danish/security/2004/dsa-568.wml | 24 --- danish/security/2004/dsa-569.wml | 21 -- danish/security/2004/dsa-570.wml | 18 -- danish/security/2004/dsa-571.wml | 18 -- danish/security/2004/dsa-572.wml | 18 -- danish/security/2004/dsa-573.wml | 18 -- danish/security/2004/dsa-574.wml | 18 -- danish/security/2004/dsa-575.wml | 20 -- danish/security/2004/dsa-576.wml | 36 ---- danish/security/2004/dsa-577.wml | 20 -- danish/security/2004/dsa-578.wml | 19 -- danish/security/2004/dsa-579.wml | 18 -- danish/security/2004/dsa-580.wml | 20 -- danish/security/2004/dsa-581.wml | 18 -- danish/security/2004/dsa-582.wml | 24 --- danish/security/2004/dsa-583.wml | 19 -- danish/security/2004/dsa-584.wml | 19 -- danish/security/2004/dsa-585.wml | 21 -- danish/security/2004/dsa-586.wml | 19 -- danish/security/2004/dsa-587.wml | 18 -- danish/security/2004/dsa-588.wml | 17 -- danish/security/2004/dsa-589.wml | 18 -- danish/security/2004/dsa-590.wml | 18 -- danish/security/2004/dsa-591.wml | 18 -- danish/security/2004/dsa-592.wml | 19 -- danish/security/2004/dsa-593.wml | 18 -- danish/security/2004/dsa-594.wml | 32 --- danish/security/2004/dsa-595.wml | 19 -- danish/security/2004/dsa-596.wml | 21 -- danish/security/2004/dsa-597.wml | 19 -- danish/security/2004/dsa-598.wml | 20 -- danish/security/2004/dsa-599.wml | 19 -- danish/security/2004/dsa-600.wml | 19 -- danish/security/2004/dsa-601.wml | 19 -- danish/security/2004/dsa-602.wml | 19 -- danish/security/2004/dsa-603.wml | 18 -- danish/security/2004/dsa-604.wml | 18 -- danish/security/2004/dsa-605.wml | 24 --- danish/security/2004/dsa-606.wml | 18 -- danish/security/2004/dsa-607.wml | 19 -- danish/security/2004/dsa-608.wml | 33 --- danish/security/2004/dsa-609.wml | 18 -- danish/security/2004/dsa-610.wml | 18 -- danish/security/2004/dsa-611.wml | 17 -- danish/security/2004/dsa-612.wml | 20 -- danish/security/2004/dsa-613.wml | 17 -- danish/security/2004/dsa-614.wml | 19 -- danish/security/2004/dsa-615.wml | 20 -- danish/security/2004/dsa-616.wml | 17 -- danish/security/2004/dsa-617.wml | 19 -- danish/security/2004/dsa-618.wml | 34 --- danish/security/2004/dsa-619.wml | 19 -- danish/security/2004/dsa-620.wml | 33 --- danish/security/2004/dsa-621.wml | 19 -- danish/security/2004/index.wml | 14 -- danish/security/2005/Makefile | 1 - danish/security/2005/dsa-622.wml | 17 -- danish/security/2005/dsa-623.wml | 19 -- danish/security/2005/dsa-624.wml | 20 -- danish/security/2005/dsa-625.wml | 18 -- danish/security/2005/dsa-626.wml | 19 -- danish/security/2005/dsa-627.wml | 19 -- danish/security/2005/dsa-628.wml | 32 --- danish/security/2005/dsa-629.wml | 19 -- danish/security/2005/dsa-630.wml | 19 -- danish/security/2005/dsa-631.wml | 18 -- danish/security/2005/dsa-632.wml | 18 -- danish/security/2005/dsa-633.wml | 19 -- danish/security/2005/dsa-634.wml | 48 ----- danish/security/2005/dsa-635.wml | 18 -- danish/security/2005/dsa-636.wml | 20 -- danish/security/2005/dsa-637.wml | 19 -- danish/security/2005/dsa-638.wml | 31 --- danish/security/2005/dsa-639.wml | 64 ------ danish/security/2005/dsa-640.wml | 19 -- danish/security/2005/dsa-641.wml | 18 -- danish/security/2005/dsa-642.wml | 35 --- danish/security/2005/dsa-643.wml | 17 -- danish/security/2005/dsa-644.wml | 19 -- danish/security/2005/dsa-645.wml | 19 -- danish/security/2005/dsa-646.wml | 18 -- danish/security/2005/dsa-647.wml | 20 -- danish/security/2005/dsa-648.wml | 19 -- danish/security/2005/dsa-649.wml | 18 -- danish/security/2005/dsa-650.wml | 17 -- danish/security/2005/dsa-651.wml | 34 --- danish/security/2005/dsa-652.wml | 37 ---- danish/security/2005/dsa-653.wml | 19 -- danish/security/2005/dsa-654.wml | 41 ---- danish/security/2005/dsa-655.wml | 17 -- danish/security/2005/dsa-656.wml | 18 -- danish/security/2005/dsa-657.wml | 19 -- danish/security/2005/dsa-658.wml | 20 -- danish/security/2005/dsa-659.wml | 35 --- danish/security/2005/dsa-660.wml | 18 -- danish/security/2005/dsa-661.wml | 35 --- danish/security/2005/dsa-662.wml | 41 ---- danish/security/2005/dsa-663.wml | 18 -- danish/security/2005/dsa-664.wml | 18 -- danish/security/2005/dsa-665.wml | 19 -- danish/security/2005/dsa-666.wml | 44 ---- danish/security/2005/dsa-667.wml | 46 ---- danish/security/2005/dsa-668.wml | 18 -- danish/security/2005/dsa-669.wml | 35 --- danish/security/2005/dsa-670.wml | 19 -- danish/security/2005/dsa-671.wml | 19 -- danish/security/2005/dsa-672.wml | 19 -- danish/security/2005/dsa-673.wml | 19 -- danish/security/2005/dsa-674.wml | 48 ----- danish/security/2005/dsa-675.wml | 18 -- danish/security/2005/dsa-676.wml | 19 -- danish/security/2005/dsa-677.wml | 18 -- danish/security/2005/dsa-678.wml | 20 -- danish/security/2005/dsa-679.wml | 20 -- danish/security/2005/dsa-680.wml | 17 -- danish/security/2005/dsa-681.wml | 19 -- danish/security/2005/dsa-682.wml | 19 -- danish/security/2005/dsa-683.wml | 17 -- danish/security/2005/dsa-684.wml | 17 -- danish/security/2005/dsa-685.wml | 18 -- danish/security/2005/dsa-686.wml | 21 -- danish/security/2005/dsa-687.wml | 20 -- danish/security/2005/dsa-688.wml | 18 -- danish/security/2005/dsa-689.wml | 21 -- danish/security/2005/dsa-690.wml | 19 -- danish/security/2005/dsa-691.wml | 35 --- danish/security/2005/dsa-692.wml | 19 -- danish/security/2005/dsa-693.wml | 18 -- danish/security/2005/dsa-694.wml | 33 --- danish/security/2005/dsa-695.wml | 39 ---- danish/security/2005/dsa-696.wml | 20 -- danish/security/2005/dsa-697.wml | 18 -- danish/security/2005/dsa-698.wml | 18 -- danish/security/2005/dsa-699.wml | 18 -- danish/security/2005/dsa-700.wml | 20 -- danish/security/2005/dsa-701.wml | 29 --- danish/security/2005/dsa-702.wml | 46 ---- danish/security/2005/dsa-703.wml | 34 --- danish/security/2005/dsa-704.wml | 34 --- danish/security/2005/dsa-705.wml | 34 --- danish/security/2005/dsa-706.wml | 20 -- danish/security/2005/dsa-707.wml | 51 ----- danish/security/2005/dsa-708.wml | 20 -- danish/security/2005/dsa-709.wml | 19 -- danish/security/2005/dsa-710.wml | 18 -- danish/security/2005/dsa-711.wml | 20 -- danish/security/2005/dsa-712.wml | 19 -- danish/security/2005/dsa-713.wml | 34 --- danish/security/2005/dsa-714.wml | 19 -- danish/security/2005/dsa-715.wml | 35 --- danish/security/2005/dsa-716.wml | 22 -- danish/security/2005/dsa-717.wml | 31 --- danish/security/2005/dsa-718.wml | 22 -- danish/security/2005/dsa-719.wml | 19 -- danish/security/2005/dsa-720.wml | 19 -- danish/security/2005/dsa-721.wml | 19 -- danish/security/2005/dsa-722.wml | 18 -- danish/security/2005/dsa-723.wml | 18 -- danish/security/2005/dsa-724.wml | 18 -- danish/security/2005/dsa-725.wml | 21 -- danish/security/2005/dsa-726.wml | 16 -- danish/security/2005/dsa-727.wml | 18 -- danish/security/2005/dsa-728.wml | 42 ---- danish/security/2005/dsa-729.wml | 23 -- danish/security/2005/dsa-730.wml | 22 -- danish/security/2005/dsa-731.wml | 37 ---- danish/security/2005/dsa-732.wml | 45 ---- danish/security/2005/dsa-733.wml | 20 -- danish/security/2005/dsa-734.wml | 33 --- danish/security/2005/dsa-735.wml | 25 --- danish/security/2005/dsa-736.wml | 26 --- danish/security/2005/dsa-737.wml | 18 -- danish/security/2005/dsa-738.wml | 17 -- danish/security/2005/dsa-739.wml | 21 -- danish/security/2005/dsa-740.wml | 20 -- danish/security/2005/dsa-741.wml | 24 --- danish/security/2005/dsa-742.wml | 21 -- danish/security/2005/dsa-743.wml | 37 ---- danish/security/2005/dsa-744.wml | 20 -- danish/security/2005/dsa-745.wml | 20 -- danish/security/2005/dsa-746.wml | 24 --- danish/security/2005/dsa-747.wml | 21 -- danish/security/2005/dsa-748.wml | 18 -- danish/security/2005/dsa-749.wml | 20 -- danish/security/2005/dsa-750.wml | 21 -- danish/security/2005/dsa-751.wml | 24 --- danish/security/2005/dsa-752.wml | 39 ---- danish/security/2005/dsa-753.wml | 24 --- danish/security/2005/dsa-754.wml | 22 -- danish/security/2005/dsa-755.wml | 21 -- danish/security/2005/dsa-756.wml | 39 ---- danish/security/2005/dsa-757.wml | 41 ---- danish/security/2005/dsa-758.wml | 21 -- danish/security/2005/dsa-759.wml | 22 -- danish/security/2005/dsa-760.wml | 40 ---- danish/security/2005/dsa-761.wml | 26 --- danish/security/2005/dsa-762.wml | 36 ---- danish/security/2005/dsa-763.wml | 21 -- danish/security/2005/dsa-764.wml | 58 ----- danish/security/2005/dsa-765.wml | 23 -- danish/security/2005/dsa-766.wml | 20 -- danish/security/2005/dsa-767.wml | 23 -- danish/security/2005/dsa-768.wml | 21 -- danish/security/2005/dsa-769.wml | 23 -- danish/security/2005/dsa-770.wml | 20 -- danish/security/2005/dsa-771.wml | 38 ---- danish/security/2005/dsa-772.wml | 22 -- danish/security/2005/dsa-773.wml | 12 -- danish/security/2005/dsa-774.wml | 22 -- danish/security/2005/dsa-775.wml | 22 -- danish/security/2005/dsa-776.wml | 36 ---- danish/security/2005/dsa-777.wml | 19 -- danish/security/2005/dsa-778.wml | 43 ---- danish/security/2005/dsa-779.wml | 93 -------- danish/security/2005/dsa-780.wml | 20 -- danish/security/2005/dsa-781.wml | 74 ------- danish/security/2005/dsa-782.wml | 22 -- danish/security/2005/dsa-783.wml | 22 -- danish/security/2005/dsa-784.wml | 23 -- danish/security/2005/dsa-785.wml | 20 -- danish/security/2005/dsa-786.wml | 20 -- danish/security/2005/dsa-787.wml | 38 ---- danish/security/2005/dsa-788.wml | 34 --- danish/security/2005/dsa-789.wml | 43 ---- danish/security/2005/dsa-790.wml | 21 -- danish/security/2005/dsa-791.wml | 22 -- danish/security/2005/dsa-792.wml | 21 -- danish/security/2005/dsa-793.wml | 22 -- danish/security/2005/dsa-794.wml | 20 -- danish/security/2005/dsa-795.wml | 26 --- danish/security/2005/dsa-796.wml | 21 -- danish/security/2005/dsa-797.wml | 25 --- danish/security/2005/dsa-798.wml | 45 ---- danish/security/2005/dsa-799.wml | 19 -- danish/security/2005/dsa-800.wml | 25 --- danish/security/2005/dsa-801.wml | 20 -- danish/security/2005/dsa-802.wml | 20 -- danish/security/2005/dsa-803.wml | 27 --- danish/security/2005/dsa-804.wml | 19 -- danish/security/2005/dsa-805.wml | 51 ----- danish/security/2005/dsa-806.wml | 20 -- danish/security/2005/dsa-807.wml | 21 -- danish/security/2005/dsa-808.wml | 20 -- danish/security/2005/dsa-809.wml | 43 ---- danish/security/2005/dsa-810.wml | 74 ------- danish/security/2005/dsa-811.wml | 29 --- danish/security/2005/dsa-812.wml | 21 -- danish/security/2005/dsa-813.wml | 41 ---- danish/security/2005/dsa-814.wml | 21 -- danish/security/2005/dsa-815.wml | 20 -- danish/security/2005/dsa-816.wml | 28 --- danish/security/2005/dsa-817.wml | 23 -- danish/security/2005/dsa-818.wml | 21 -- danish/security/2005/dsa-819.wml | 23 -- danish/security/2005/dsa-820.wml | 22 -- danish/security/2005/dsa-821.wml | 22 -- danish/security/2005/dsa-822.wml | 20 -- danish/security/2005/dsa-823.wml | 21 -- danish/security/2005/dsa-824.wml | 34 --- danish/security/2005/dsa-825.wml | 21 -- danish/security/2005/dsa-826.wml | 37 ---- danish/security/2005/dsa-827.wml | 21 -- danish/security/2005/dsa-828.wml | 21 -- danish/security/2005/dsa-829.wml | 53 ----- danish/security/2005/dsa-830.wml | 22 -- danish/security/2005/dsa-831.wml | 53 ----- danish/security/2005/dsa-832.wml | 21 -- danish/security/2005/dsa-833.wml | 59 ------ danish/security/2005/dsa-834.wml | 19 -- danish/security/2005/dsa-835.wml | 22 -- danish/security/2005/dsa-836.wml | 21 -- danish/security/2005/dsa-837.wml | 20 -- danish/security/2005/dsa-838.wml | 53 ----- danish/security/2005/dsa-839.wml | 21 -- danish/security/2005/dsa-840.wml | 22 -- danish/security/2005/dsa-841.wml | 20 -- danish/security/2005/dsa-842.wml | 20 -- danish/security/2005/dsa-843.wml | 34 --- danish/security/2005/dsa-844.wml | 27 --- danish/security/2005/dsa-845.wml | 22 -- danish/security/2005/dsa-846.wml | 40 ---- danish/security/2005/dsa-847.wml | 21 -- danish/security/2005/dsa-848.wml | 38 ---- danish/security/2005/dsa-849.wml | 27 --- danish/security/2005/dsa-850.wml | 22 -- danish/security/2005/dsa-851.wml | 48 ----- danish/security/2005/dsa-852.wml | 21 -- danish/security/2005/dsa-853.wml | 62 ------ danish/security/2005/dsa-854.wml | 19 -- danish/security/2005/dsa-855.wml | 22 -- danish/security/2005/dsa-856.wml | 20 -- danish/security/2005/dsa-857.wml | 22 -- danish/security/2005/dsa-858.wml | 21 -- danish/security/2005/dsa-859.wml | 21 -- danish/security/2005/dsa-860.wml | 42 ---- danish/security/2005/dsa-861.wml | 20 -- danish/security/2005/dsa-862.wml | 42 ---- danish/security/2005/dsa-863.wml | 21 -- danish/security/2005/dsa-864.wml | 42 ---- danish/security/2005/dsa-865.wml | 22 -- danish/security/2005/dsa-866.wml | 78 ------- danish/security/2005/dsa-867.wml | 21 -- danish/security/2005/dsa-868.wml | 80 ------- danish/security/2005/dsa-869.wml | 20 -- danish/security/2005/dsa-870.wml | 25 --- danish/security/2005/dsa-871.wml | 20 -- danish/security/2005/dsa-872.wml | 20 -- danish/security/2005/dsa-873.wml | 21 -- danish/security/2005/dsa-874.wml | 21 -- danish/security/2005/dsa-875.wml | 56 ----- danish/security/2005/dsa-876.wml | 21 -- danish/security/2005/dsa-877.wml | 36 ---- danish/security/2005/dsa-878.wml | 22 -- danish/security/2005/dsa-879.wml | 19 -- danish/security/2005/dsa-880.wml | 48 ----- danish/security/2005/dsa-881.wml | 56 ----- danish/security/2005/dsa-882.wml | 56 ----- danish/security/2005/dsa-883.wml | 23 -- danish/security/2005/dsa-884.wml | 21 -- danish/security/2005/dsa-885.wml | 34 --- danish/security/2005/dsa-886.wml | 39 ---- danish/security/2005/dsa-887.wml | 49 ----- danish/security/2005/dsa-888.wml | 56 ----- danish/security/2005/dsa-889.wml | 21 -- danish/security/2005/dsa-890.wml | 35 --- danish/security/2005/dsa-891.wml | 20 -- danish/security/2005/dsa-892.wml | 21 -- danish/security/2005/dsa-893.wml | 33 --- danish/security/2005/dsa-894.wml | 21 -- danish/security/2005/dsa-895.wml | 21 -- danish/security/2005/dsa-896.wml | 21 -- danish/security/2005/dsa-897.wml | 42 ---- danish/security/2005/dsa-898.wml | 43 ---- danish/security/2005/dsa-899.wml | 52 ----- danish/security/2005/dsa-900.wml | 33 --- danish/security/2005/dsa-901.wml | 35 --- danish/security/2005/dsa-902.wml | 21 -- danish/security/2005/dsa-903.wml | 29 --- danish/security/2005/dsa-904.wml | 22 -- danish/security/2005/dsa-905.wml | 46 ---- danish/security/2005/dsa-906.wml | 49 ----- danish/security/2005/dsa-907.wml | 20 -- danish/security/2005/dsa-908.wml | 47 ----- danish/security/2005/dsa-909.wml | 20 -- danish/security/2005/dsa-910.wml | 20 -- danish/security/2005/dsa-911.wml | 60 ------ danish/security/2005/dsa-912.wml | 21 -- danish/security/2005/dsa-913.wml | 60 ------ danish/security/2005/dsa-914.wml | 20 -- danish/security/2005/dsa-915.wml | 22 -- danish/security/2005/dsa-916.wml | 35 --- danish/security/2005/dsa-917.wml | 21 -- danish/security/2005/dsa-918.wml | 36 ---- danish/security/2005/dsa-919.wml | 45 ---- danish/security/2005/dsa-920.wml | 20 -- danish/security/2005/dsa-921.wml | 147 ------------- danish/security/2005/dsa-922.wml | 246 --------------------- danish/security/2005/dsa-923.wml | 20 -- danish/security/2005/dsa-924.wml | 20 -- danish/security/2005/dsa-925.wml | 74 ------- danish/security/2005/dsa-926.wml | 22 -- danish/security/2005/dsa-927.wml | 27 --- danish/security/2005/dsa-928.wml | 22 -- danish/security/2005/index.wml | 14 -- danish/security/2006/Makefile | 1 - danish/security/2006/dsa-1000.wml | 27 --- danish/security/2006/dsa-1001.wml | 21 -- danish/security/2006/dsa-1002.wml | 39 ---- danish/security/2006/dsa-1003.wml | 22 -- danish/security/2006/dsa-1004.wml | 21 -- danish/security/2006/dsa-1005.wml | 21 -- danish/security/2006/dsa-1006.wml | 20 -- danish/security/2006/dsa-1007.wml | 48 ----- danish/security/2006/dsa-1008.wml | 21 -- danish/security/2006/dsa-1009.wml | 20 -- danish/security/2006/dsa-1010.wml | 22 -- danish/security/2006/dsa-1011.wml | 44 ---- danish/security/2006/dsa-1012.wml | 21 -- danish/security/2006/dsa-1013.wml | 21 -- danish/security/2006/dsa-1014.wml | 20 -- danish/security/2006/dsa-1015.wml | 22 -- danish/security/2006/dsa-1016.wml | 21 -- danish/security/2006/dsa-1017.wml | 237 --------------------- danish/security/2006/dsa-1018.wml | 167 --------------- danish/security/2006/dsa-1019.wml | 19 -- danish/security/2006/dsa-1020.wml | 25 --- danish/security/2006/dsa-1021.wml | 22 -- danish/security/2006/dsa-1022.wml | 42 ---- danish/security/2006/dsa-1023.wml | 20 -- danish/security/2006/dsa-1024.wml | 42 ---- danish/security/2006/dsa-1025.wml | 21 -- danish/security/2006/dsa-1026.wml | 27 --- danish/security/2006/dsa-1027.wml | 20 -- danish/security/2006/dsa-1028.wml | 20 -- danish/security/2006/dsa-1029.wml | 54 ----- danish/security/2006/dsa-1030.wml | 53 ----- danish/security/2006/dsa-1031.wml | 53 ----- danish/security/2006/dsa-1032.wml | 20 -- danish/security/2006/dsa-1033.wml | 41 ---- danish/security/2006/dsa-1034.wml | 35 --- danish/security/2006/dsa-1035.wml | 20 -- danish/security/2006/dsa-1036.wml | 21 -- danish/security/2006/dsa-1037.wml | 20 -- danish/security/2006/dsa-1038.wml | 21 -- danish/security/2006/dsa-1039.wml | 36 ---- danish/security/2006/dsa-1040.wml | 20 -- danish/security/2006/dsa-1041.wml | 21 -- danish/security/2006/dsa-1042.wml | 22 -- danish/security/2006/dsa-1043.wml | 21 -- danish/security/2006/dsa-1044.wml | 175 --------------- danish/security/2006/dsa-1045.wml | 20 -- danish/security/2006/dsa-1046.wml | 234 -------------------- danish/security/2006/dsa-1047.wml | 20 -- danish/security/2006/dsa-1048.wml | 36 ---- danish/security/2006/dsa-1049.wml | 64 ------ danish/security/2006/dsa-1050.wml | 22 -- danish/security/2006/dsa-1051.wml | 221 ------------------- danish/security/2006/dsa-1052.wml | 19 -- danish/security/2006/dsa-1053.wml | 17 -- danish/security/2006/dsa-1054.wml | 41 ---- danish/security/2006/dsa-1055.wml | 19 -- danish/security/2006/dsa-1056.wml | 20 -- danish/security/2006/dsa-1057.wml | 21 -- danish/security/2006/dsa-1058.wml | 20 -- danish/security/2006/dsa-1059.wml | 42 ---- danish/security/2006/dsa-1060.wml | 23 -- danish/security/2006/dsa-1061.wml | 20 -- danish/security/2006/dsa-1062.wml | 21 -- danish/security/2006/dsa-1063.wml | 22 -- danish/security/2006/dsa-1064.wml | 21 -- danish/security/2006/dsa-1065.wml | 21 -- danish/security/2006/dsa-1066.wml | 19 -- danish/security/2006/dsa-1067.wml | 172 --------------- danish/security/2006/dsa-1068.wml | 20 -- danish/security/2006/dsa-1069.wml | 176 --------------- danish/security/2006/dsa-1070.wml | 171 --------------- danish/security/2006/dsa-1071.wml | 72 ------- danish/security/2006/dsa-1072.wml | 20 -- danish/security/2006/dsa-1073.wml | 71 ------- danish/security/2006/dsa-1074.wml | 18 -- danish/security/2006/dsa-1075.wml | 26 --- danish/security/2006/dsa-1076.wml | 23 -- danish/security/2006/dsa-1077.wml | 21 -- danish/security/2006/dsa-1078.wml | 21 -- danish/security/2006/dsa-1079.wml | 72 ------- danish/security/2006/dsa-1080.wml | 20 -- danish/security/2006/dsa-1081.wml | 20 -- danish/security/2006/dsa-1082.wml | 175 --------------- danish/security/2006/dsa-1083.wml | 22 -- danish/security/2006/dsa-1084.wml | 21 -- danish/security/2006/dsa-1085.wml | 39 ---- danish/security/2006/dsa-1086.wml | 22 -- danish/security/2006/dsa-1087.wml | 46 ---- danish/security/2006/dsa-1088.wml | 22 -- danish/security/2006/dsa-1089.wml | 36 ---- danish/security/2006/dsa-1090.wml | 26 --- danish/security/2006/dsa-1091.wml | 36 ---- danish/security/2006/dsa-1092.wml | 24 --- danish/security/2006/dsa-1093.wml | 19 -- danish/security/2006/dsa-1094.wml | 21 -- danish/security/2006/dsa-1095.wml | 43 ---- danish/security/2006/dsa-1096.wml | 20 -- danish/security/2006/dsa-1097.wml | 164 -------------- danish/security/2006/dsa-1098.wml | 21 -- danish/security/2006/dsa-1099.wml | 20 -- danish/security/2006/dsa-1100.wml | 19 -- danish/security/2006/dsa-1101.wml | 20 -- danish/security/2006/dsa-1102.wml | 20 -- danish/security/2006/dsa-1103.wml | 210 ------------------ danish/security/2006/dsa-1104.wml | 54 ----- danish/security/2006/dsa-1105.wml | 21 -- danish/security/2006/dsa-1106.wml | 20 -- danish/security/2006/dsa-1107.wml | 22 -- danish/security/2006/dsa-1108.wml | 18 -- danish/security/2006/dsa-1109.wml | 18 -- danish/security/2006/dsa-1110.wml | 19 -- danish/security/2006/dsa-1111.wml | 35 --- danish/security/2006/dsa-1112.wml | 32 --- danish/security/2006/dsa-1113.wml | 17 -- danish/security/2006/dsa-1114.wml | 19 -- danish/security/2006/dsa-1115.wml | 18 -- danish/security/2006/dsa-1116.wml | 18 -- danish/security/2006/dsa-1117.wml | 18 -- danish/security/2006/dsa-1118.wml | 115 ---------- danish/security/2006/dsa-1119.wml | 19 -- danish/security/2006/dsa-1120.wml | 110 ---------- danish/security/2006/dsa-1121.wml | 21 -- danish/security/2006/dsa-1122.wml | 20 -- danish/security/2006/dsa-1123.wml | 19 -- danish/security/2006/dsa-1124.wml | 18 -- danish/security/2006/dsa-1125.wml | 51 ----- danish/security/2006/dsa-1126.wml | 19 -- danish/security/2006/dsa-1127.wml | 46 ---- danish/security/2006/dsa-1128.wml | 17 -- danish/security/2006/dsa-1129.wml | 20 -- danish/security/2006/dsa-1130.wml | 19 -- danish/security/2006/dsa-1131.wml | 16 -- danish/security/2006/dsa-1132.wml | 17 -- danish/security/2006/dsa-1133.wml | 43 ---- danish/security/2006/dsa-1134.wml | 117 ---------- danish/security/2006/dsa-1135.wml | 19 -- danish/security/2006/dsa-1136.wml | 20 -- danish/security/2006/dsa-1137.wml | 57 ----- danish/security/2006/dsa-1138.wml | 18 -- danish/security/2006/dsa-1139.wml | 17 -- danish/security/2006/dsa-1140.wml | 17 -- danish/security/2006/dsa-1141.wml | 18 -- danish/security/2006/dsa-1142.wml | 18 -- danish/security/2006/dsa-1143.wml | 17 -- danish/security/2006/dsa-1144.wml | 18 -- danish/security/2006/dsa-1145.wml | 33 --- danish/security/2006/dsa-1146.wml | 20 -- danish/security/2006/dsa-1147.wml | 18 -- danish/security/2006/dsa-1148.wml | 39 ---- danish/security/2006/dsa-1149.wml | 19 -- danish/security/2006/dsa-1150.wml | 18 -- danish/security/2006/dsa-1151.wml | 18 -- danish/security/2006/dsa-1152.wml | 19 -- danish/security/2006/dsa-1153.wml | 21 -- danish/security/2006/dsa-1154.wml | 19 -- danish/security/2006/dsa-1155.wml | 38 ---- danish/security/2006/dsa-1156.wml | 18 -- danish/security/2006/dsa-1157.wml | 34 --- danish/security/2006/dsa-1158.wml | 19 -- danish/security/2006/dsa-1159.wml | 70 ------ danish/security/2006/dsa-1160.wml | 76 ------- danish/security/2006/dsa-1161.wml | 62 ------ danish/security/2006/dsa-1162.wml | 18 -- danish/security/2006/dsa-1163.wml | 17 -- danish/security/2006/dsa-1164.wml | 23 -- danish/security/2006/dsa-1165.wml | 19 -- danish/security/2006/dsa-1166.wml | 18 -- danish/security/2006/dsa-1167.wml | 35 --- danish/security/2006/dsa-1168.wml | 40 ---- danish/security/2006/dsa-1169.wml | 35 --- danish/security/2006/dsa-1170.wml | 18 -- danish/security/2006/dsa-1171.wml | 62 ------ danish/security/2006/dsa-1172.wml | 19 -- danish/security/2006/dsa-1173.wml | 21 -- danish/security/2006/dsa-1174.wml | 21 -- danish/security/2006/dsa-1175.wml | 20 -- danish/security/2006/dsa-1176.wml | 18 -- danish/security/2006/dsa-1177.wml | 17 -- danish/security/2006/dsa-1178.wml | 18 -- danish/security/2006/dsa-1179.wml | 17 -- danish/security/2006/dsa-1180.wml | 33 --- danish/security/2006/dsa-1181.wml | 47 ----- danish/security/2006/dsa-1182.wml | 18 -- danish/security/2006/dsa-1183.wml | 131 ------------ danish/security/2006/dsa-1184.wml | 176 --------------- danish/security/2006/dsa-1185.wml | 79 ------- danish/security/2006/dsa-1186.wml | 18 -- danish/security/2006/dsa-1187.wml | 19 -- danish/security/2006/dsa-1188.wml | 33 --- danish/security/2006/dsa-1189.wml | 41 ---- danish/security/2006/dsa-1190.wml | 17 -- danish/security/2006/dsa-1191.wml | 60 ------ danish/security/2006/dsa-1192.wml | 57 ----- danish/security/2006/dsa-1193.wml | 49 ----- danish/security/2006/dsa-1194.wml | 18 -- danish/security/2006/dsa-1195.wml | 51 ----- danish/security/2006/dsa-1196.wml | 35 --- danish/security/2006/dsa-1197.wml | 21 -- danish/security/2006/dsa-1198.wml | 21 -- danish/security/2006/dsa-1199.wml | 41 ---- danish/security/2006/dsa-1200.wml | 20 -- danish/security/2006/dsa-1201.wml | 35 --- danish/security/2006/dsa-1202.wml | 22 -- danish/security/2006/dsa-1203.wml | 21 -- danish/security/2006/dsa-1204.wml | 19 -- danish/security/2006/dsa-1205.wml | 25 --- danish/security/2006/dsa-1206.wml | 45 ---- danish/security/2006/dsa-1207.wml | 58 ----- danish/security/2006/dsa-1208.wml | 36 ---- danish/security/2006/dsa-1209.wml | 20 -- danish/security/2006/dsa-1210.wml | 54 ----- danish/security/2006/dsa-1211.wml | 21 -- danish/security/2006/dsa-1212.wml | 35 --- danish/security/2006/dsa-1213.wml | 48 ----- danish/security/2006/dsa-1214.wml | 28 --- danish/security/2006/dsa-1215.wml | 35 --- danish/security/2006/dsa-1216.wml | 21 -- danish/security/2006/dsa-1217.wml | 22 -- danish/security/2006/dsa-1218.wml | 18 -- danish/security/2006/dsa-1219.wml | 36 ---- danish/security/2006/dsa-1220.wml | 22 -- danish/security/2006/dsa-1221.wml | 18 -- danish/security/2006/dsa-1222.wml | 48 ----- danish/security/2006/dsa-1223.wml | 19 -- danish/security/2006/dsa-1224.wml | 52 ----- danish/security/2006/dsa-1225.wml | 61 ------ danish/security/2006/dsa-1226.wml | 21 -- danish/security/2006/dsa-1227.wml | 55 ----- danish/security/2006/dsa-1228.wml | 21 -- danish/security/2006/dsa-1229.wml | 19 -- danish/security/2006/dsa-1230.wml | 18 -- danish/security/2006/dsa-1231.wml | 38 ---- danish/security/2006/dsa-1232.wml | 21 -- danish/security/2006/dsa-1233.wml | 119 ----------- danish/security/2006/dsa-1234.wml | 16 -- danish/security/2006/dsa-1235.wml | 15 -- danish/security/2006/dsa-1236.wml | 15 -- danish/security/2006/dsa-1237.wml | 101 --------- danish/security/2006/dsa-1238.wml | 35 --- danish/security/2006/dsa-1239.wml | 41 ---- danish/security/2006/dsa-1240.wml | 21 -- danish/security/2006/dsa-1241.wml | 29 --- danish/security/2006/dsa-1242.wml | 49 ----- danish/security/2006/dsa-1243.wml | 22 -- danish/security/2006/dsa-1244.wml | 21 -- danish/security/2006/dsa-929.wml | 19 -- danish/security/2006/dsa-930.wml | 25 --- danish/security/2006/dsa-931.wml | 22 -- danish/security/2006/dsa-932.wml | 22 -- danish/security/2006/dsa-933.wml | 22 -- danish/security/2006/dsa-934.wml | 32 --- danish/security/2006/dsa-935.wml | 21 -- danish/security/2006/dsa-936.wml | 22 -- danish/security/2006/dsa-937.wml | 23 -- danish/security/2006/dsa-938.wml | 22 -- danish/security/2006/dsa-939.wml | 22 -- danish/security/2006/dsa-940.wml | 22 -- danish/security/2006/dsa-941.wml | 20 -- danish/security/2006/dsa-942.wml | 20 -- danish/security/2006/dsa-943.wml | 23 -- danish/security/2006/dsa-944.wml | 70 ------ danish/security/2006/dsa-945.wml | 22 -- danish/security/2006/dsa-946.wml | 44 ---- danish/security/2006/dsa-947.wml | 25 --- danish/security/2006/dsa-948.wml | 20 -- danish/security/2006/dsa-949.wml | 23 -- danish/security/2006/dsa-950.wml | 19 -- danish/security/2006/dsa-951.wml | 42 ---- danish/security/2006/dsa-952.wml | 21 -- danish/security/2006/dsa-953.wml | 21 -- danish/security/2006/dsa-954.wml | 22 -- danish/security/2006/dsa-955.wml | 23 -- danish/security/2006/dsa-956.wml | 36 ---- danish/security/2006/dsa-957.wml | 24 --- danish/security/2006/dsa-958.wml | 42 ---- danish/security/2006/dsa-959.wml | 20 -- danish/security/2006/dsa-960.wml | 31 --- danish/security/2006/dsa-961.wml | 21 -- danish/security/2006/dsa-962.wml | 20 -- danish/security/2006/dsa-963.wml | 20 -- danish/security/2006/dsa-964.wml | 22 -- danish/security/2006/dsa-965.wml | 21 -- danish/security/2006/dsa-966.wml | 21 -- danish/security/2006/dsa-967.wml | 64 ------ danish/security/2006/dsa-968.wml | 21 -- danish/security/2006/dsa-969.wml | 22 -- danish/security/2006/dsa-970.wml | 20 -- danish/security/2006/dsa-971.wml | 21 -- danish/security/2006/dsa-972.wml | 23 -- danish/security/2006/dsa-973.wml | 43 ---- danish/security/2006/dsa-974.wml | 21 -- danish/security/2006/dsa-975.wml | 29 --- danish/security/2006/dsa-976.wml | 22 -- danish/security/2006/dsa-977.wml | 34 --- danish/security/2006/dsa-978.wml | 24 --- danish/security/2006/dsa-979.wml | 20 -- danish/security/2006/dsa-980.wml | 32 --- danish/security/2006/dsa-981.wml | 21 -- danish/security/2006/dsa-982.wml | 18 -- danish/security/2006/dsa-983.wml | 20 -- danish/security/2006/dsa-984.wml | 19 -- danish/security/2006/dsa-985.wml | 20 -- danish/security/2006/dsa-986.wml | 22 -- danish/security/2006/dsa-987.wml | 19 -- danish/security/2006/dsa-988.wml | 48 ----- danish/security/2006/dsa-989.wml | 21 -- danish/security/2006/dsa-990.wml | 19 -- danish/security/2006/dsa-991.wml | 21 -- danish/security/2006/dsa-992.wml | 20 -- danish/security/2006/dsa-993.wml | 23 -- danish/security/2006/dsa-994.wml | 20 -- danish/security/2006/dsa-995.wml | 22 -- danish/security/2006/dsa-996.wml | 21 -- danish/security/2006/dsa-997.wml | 20 -- danish/security/2006/dsa-998.wml | 20 -- danish/security/2006/dsa-999.wml | 41 ---- danish/security/2006/index.wml | 14 -- danish/security/2007/Makefile | 1 - danish/security/2007/dsa-1245.wml | 21 -- danish/security/2007/dsa-1246.wml | 19 -- danish/security/2007/dsa-1247.wml | 20 -- danish/security/2007/dsa-1248.wml | 21 -- danish/security/2007/dsa-1249.wml | 42 ---- danish/security/2007/dsa-1250.wml | 21 -- danish/security/2007/dsa-1251.wml | 22 -- danish/security/2007/dsa-1252.wml | 21 -- danish/security/2007/dsa-1253.wml | 56 ----- danish/security/2007/dsa-1254.wml | 22 -- danish/security/2007/dsa-1255.wml | 21 -- danish/security/2007/dsa-1256.wml | 23 -- danish/security/2007/dsa-1257.wml | 37 ---- danish/security/2007/dsa-1258.wml | 56 ----- danish/security/2007/dsa-1259.wml | 21 -- danish/security/2007/dsa-1260.wml | 23 -- danish/security/2007/dsa-1261.wml | 21 -- danish/security/2007/dsa-1262.wml | 20 -- danish/security/2007/dsa-1263.wml | 35 --- danish/security/2007/dsa-1264.wml | 54 ----- danish/security/2007/dsa-1265.wml | 60 ------ danish/security/2007/dsa-1266.wml | 24 --- danish/security/2007/dsa-1267.wml | 20 -- danish/security/2007/dsa-1268.wml | 22 -- danish/security/2007/dsa-1269.wml | 23 -- danish/security/2007/dsa-1270.wml | 50 ----- danish/security/2007/dsa-1271.wml | 43 ---- danish/security/2007/dsa-1272.wml | 21 -- danish/security/2007/dsa-1273.wml | 53 ----- danish/security/2007/dsa-1274.wml | 23 -- danish/security/2007/dsa-1275.wml | 23 -- danish/security/2007/dsa-1276.wml | 41 ---- danish/security/2007/dsa-1277.wml | 20 -- danish/security/2007/dsa-1278.wml | 19 -- danish/security/2007/dsa-1279.wml | 20 -- danish/security/2007/dsa-1280.wml | 21 -- danish/security/2007/dsa-1281.wml | 42 ---- danish/security/2007/dsa-1282.wml | 56 ----- danish/security/2007/dsa-1283.wml | 96 --------- danish/security/2007/dsa-1284.wml | 49 ----- danish/security/2007/dsa-1285.wml | 46 ---- danish/security/2007/dsa-1286.wml | 62 ------ danish/security/2007/dsa-1287.wml | 31 --- danish/security/2007/dsa-1288.wml | 21 -- danish/security/2007/dsa-1289.wml | 53 ----- danish/security/2007/dsa-1290.wml | 21 -- danish/security/2007/dsa-1291.wml | 39 ---- danish/security/2007/dsa-1292.wml | 19 -- danish/security/2007/dsa-1293.wml | 21 -- danish/security/2007/dsa-1294.wml | 50 ----- danish/security/2007/dsa-1295.wml | 36 ---- danish/security/2007/dsa-1296.wml | 26 --- danish/security/2007/dsa-1297.wml | 21 -- danish/security/2007/dsa-1298.wml | 19 -- danish/security/2007/dsa-1299.wml | 20 -- danish/security/2007/dsa-1300.wml | 64 ------ danish/security/2007/dsa-1301.wml | 22 -- danish/security/2007/dsa-1302.wml | 19 -- danish/security/2007/dsa-1303.wml | 33 --- danish/security/2007/dsa-1304.wml | 135 ------------ danish/security/2007/dsa-1305.wml | 45 ---- danish/security/2007/dsa-1306.wml | 58 ----- danish/security/2007/dsa-1307.wml | 22 -- danish/security/2007/dsa-1308.wml | 64 ------ danish/security/2007/dsa-1309.wml | 20 -- danish/security/2007/dsa-1310.wml | 18 -- danish/security/2007/dsa-1311.wml | 23 -- danish/security/2007/dsa-1312.wml | 23 -- danish/security/2007/dsa-1313.wml | 20 -- danish/security/2007/dsa-1314.wml | 35 --- danish/security/2007/dsa-1315.wml | 21 -- danish/security/2007/dsa-1316.wml | 15 -- danish/security/2007/dsa-1317.wml | 16 -- danish/security/2007/dsa-1318.wml | 53 ----- danish/security/2007/dsa-1319.wml | 40 ---- danish/security/2007/dsa-1320.wml | 56 ----- danish/security/2007/dsa-1321.wml | 21 -- danish/security/2007/dsa-1322.wml | 40 ---- danish/security/2007/dsa-1323.wml | 43 ---- danish/security/2007/dsa-1324.wml | 20 -- danish/security/2007/dsa-1325.wml | 37 ---- danish/security/2007/dsa-1326.wml | 21 -- danish/security/2007/dsa-1327.wml | 18 -- danish/security/2007/dsa-1328.wml | 18 -- danish/security/2007/dsa-1329.wml | 20 -- danish/security/2007/dsa-1330.wml | 37 ---- danish/security/2007/dsa-1331.wml | 43 ---- danish/security/2007/dsa-1332.wml | 39 ---- danish/security/2007/dsa-1333.wml | 16 -- danish/security/2007/dsa-1334.wml | 15 -- danish/security/2007/dsa-1335.wml | 39 ---- danish/security/2007/dsa-1336.wml | 78 ------- danish/security/2007/dsa-1337.wml | 63 ------ danish/security/2007/dsa-1338.wml | 65 ------ danish/security/2007/dsa-1339.wml | 65 ------ danish/security/2007/dsa-1340.wml | 24 --- danish/security/2007/dsa-1341.wml | 27 --- danish/security/2007/dsa-1342.wml | 22 -- danish/security/2007/dsa-1343.wml | 21 -- danish/security/2007/dsa-1344.wml | 39 ---- danish/security/2007/dsa-1345.wml | 38 ---- danish/security/2007/dsa-1346.wml | 39 ---- danish/security/2007/dsa-1347.wml | 19 -- danish/security/2007/dsa-1348.wml | 21 -- danish/security/2007/dsa-1349.wml | 21 -- danish/security/2007/dsa-1350.wml | 23 -- danish/security/2007/dsa-1351.wml | 21 -- danish/security/2007/dsa-1352.wml | 23 -- danish/security/2007/dsa-1353.wml | 21 -- danish/security/2007/dsa-1354.wml | 21 -- danish/security/2007/dsa-1355.wml | 23 -- danish/security/2007/dsa-1356.wml | 96 --------- danish/security/2007/dsa-1357.wml | 22 -- danish/security/2007/dsa-1358.wml | 66 ------ danish/security/2007/dsa-1359.wml | 20 -- danish/security/2007/dsa-1360.wml | 19 -- danish/security/2007/dsa-1361.wml | 20 -- danish/security/2007/dsa-1362.wml | 45 ---- danish/security/2007/dsa-1363.wml | 68 ------ danish/security/2007/dsa-1364.wml | 44 ---- danish/security/2007/dsa-1365.wml | 22 -- danish/security/2007/dsa-1366.wml | 36 ---- danish/security/2007/dsa-1367.wml | 19 -- danish/security/2007/dsa-1368.wml | 19 -- danish/security/2007/dsa-1369.wml | 19 -- danish/security/2007/dsa-1370.wml | 73 ------- danish/security/2007/dsa-1371.wml | 42 ---- danish/security/2007/dsa-1372.wml | 18 -- danish/security/2007/dsa-1373.wml | 20 -- danish/security/2007/dsa-1374.wml | 43 ---- danish/security/2007/dsa-1375.wml | 27 --- danish/security/2007/dsa-1376.wml | 18 -- danish/security/2007/dsa-1377.wml | 19 -- danish/security/2007/dsa-1378.wml | 68 ------ danish/security/2007/dsa-1379.wml | 25 --- danish/security/2007/dsa-1380.wml | 19 -- danish/security/2007/dsa-1381.wml | 79 ------- danish/security/2007/dsa-1382.wml | 21 -- danish/security/2007/dsa-1383.wml | 22 -- danish/security/2007/dsa-1384.wml | 33 --- danish/security/2007/dsa-1385.wml | 21 -- danish/security/2007/dsa-1386.wml | 26 --- danish/security/2007/dsa-1387.wml | 23 -- danish/security/2007/dsa-1388.wml | 31 --- danish/security/2007/dsa-1389.wml | 21 -- danish/security/2007/dsa-1390.wml | 20 -- danish/security/2007/dsa-1391.wml | 65 ------ danish/security/2007/dsa-1392.wml | 72 ------- danish/security/2007/dsa-1393.wml | 19 -- danish/security/2007/dsa-1394.wml | 22 -- danish/security/2007/dsa-1395.wml | 20 -- danish/security/2007/dsa-1396.wml | 75 ------- danish/security/2007/dsa-1397.wml | 20 -- danish/security/2007/dsa-1398.wml | 29 --- danish/security/2007/dsa-1399.wml | 104 --------- danish/security/2007/dsa-1400.wml | 36 ---- danish/security/2007/dsa-1401.wml | 82 ------- danish/security/2007/dsa-1402.wml | 20 -- danish/security/2007/dsa-1403.wml | 37 ---- danish/security/2007/dsa-1404.wml | 21 -- danish/security/2007/dsa-1405.wml | 20 -- danish/security/2007/dsa-1406.wml | 102 --------- danish/security/2007/dsa-1407.wml | 28 --- danish/security/2007/dsa-1408.wml | 17 -- danish/security/2007/dsa-1409.wml | 51 ----- danish/security/2007/dsa-1410.wml | 34 --- danish/security/2007/dsa-1411.wml | 33 --- danish/security/2007/dsa-1412.wml | 33 --- danish/security/2007/dsa-1413.wml | 71 ------- danish/security/2007/dsa-1414.wml | 50 ----- danish/security/2007/dsa-1415.wml | 19 -- danish/security/2007/dsa-1416.wml | 20 -- danish/security/2007/dsa-1417.wml | 19 -- danish/security/2007/dsa-1418.wml | 21 -- danish/security/2007/dsa-1419.wml | 26 --- danish/security/2007/dsa-1420.wml | 26 --- danish/security/2007/dsa-1421.wml | 27 --- danish/security/2007/dsa-1422.wml | 20 -- danish/security/2007/dsa-1423.wml | 54 ----- danish/security/2007/dsa-1424.wml | 42 ---- danish/security/2007/dsa-1425.wml | 41 ---- danish/security/2007/dsa-1426.wml | 37 ---- danish/security/2007/dsa-1427.wml | 30 --- danish/security/2007/dsa-1428.wml | 61 ------ danish/security/2007/dsa-1429.wml | 21 -- danish/security/2007/dsa-1430.wml | 24 --- danish/security/2007/dsa-1431.wml | 22 -- danish/security/2007/dsa-1432.wml | 21 -- danish/security/2007/dsa-1433.wml | 28 --- danish/security/2007/dsa-1434.wml | 28 --- danish/security/2007/dsa-1435.wml | 37 ---- danish/security/2007/dsa-1436.wml | 66 ------ danish/security/2007/dsa-1437.wml | 52 ----- danish/security/2007/dsa-1438.wml | 51 ----- danish/security/2007/dsa-1439.wml | 31 --- danish/security/2007/dsa-1440.wml | 32 --- danish/security/2007/dsa-1441.wml | 31 --- danish/security/2007/dsa-1442.wml | 26 --- danish/security/2007/index.wml | 14 -- danish/security/2008/Makefile | 1 - danish/security/2008/dsa-1443.wml | 31 --- danish/security/2008/dsa-1444.wml | 105 --------- danish/security/2008/dsa-1445.wml | 32 --- danish/security/2008/dsa-1446.wml | 48 ----- danish/security/2008/dsa-1447.wml | 71 ------- danish/security/2008/dsa-1448.wml | 21 -- danish/security/2008/dsa-1449.wml | 19 -- danish/security/2008/dsa-1450.wml | 19 -- danish/security/2008/dsa-1451.wml | 60 ------ danish/security/2008/dsa-1452.wml | 21 -- danish/security/2008/dsa-1453.wml | 55 ----- danish/security/2008/dsa-1454.wml | 31 --- danish/security/2008/dsa-1455.wml | 44 ---- danish/security/2008/dsa-1456.wml | 30 --- danish/security/2008/dsa-1457.wml | 31 --- danish/security/2008/dsa-1458.wml | 29 --- danish/security/2008/dsa-1459.wml | 32 --- danish/security/2008/dsa-1460.wml | 79 ------- danish/security/2008/dsa-1461.wml | 31 --- danish/security/2008/dsa-1462.wml | 31 --- danish/security/2008/dsa-1463.wml | 84 -------- danish/security/2008/dsa-1464.wml | 31 --- danish/security/2008/dsa-1465.wml | 22 -- danish/security/2008/dsa-1466.wml | 66 ------ danish/security/2008/dsa-1467.wml | 36 ---- danish/security/2008/dsa-1468.wml | 40 ---- danish/security/2008/dsa-1469.wml | 21 -- danish/security/2008/dsa-1470.wml | 23 -- danish/security/2008/dsa-1471.wml | 22 -- danish/security/2008/dsa-1472.wml | 23 -- danish/security/2008/dsa-1473.wml | 32 --- danish/security/2008/dsa-1474.wml | 17 -- danish/security/2008/dsa-1475.wml | 21 -- danish/security/2008/dsa-1476.wml | 17 -- danish/security/2008/dsa-1477.wml | 19 -- danish/security/2008/dsa-1478.wml | 20 -- danish/security/2008/dsa-1479.wml | 49 ----- danish/security/2008/dsa-1480.wml | 17 -- danish/security/2008/dsa-1481.wml | 18 -- danish/security/2008/dsa-1482.wml | 21 -- danish/security/2008/dsa-1483.wml | 19 -- danish/security/2008/dsa-1484.wml | 86 -------- danish/security/2008/dsa-1485.wml | 59 ------ danish/security/2008/dsa-1486.wml | 17 -- danish/security/2008/dsa-1487.wml | 43 ---- danish/security/2008/dsa-1488.wml | 55 ----- danish/security/2008/dsa-1489.wml | 87 -------- danish/security/2008/dsa-1490.wml | 18 -- danish/security/2008/dsa-1491.wml | 18 -- danish/security/2008/dsa-1492.wml | 18 -- danish/security/2008/dsa-1493.wml | 35 --- danish/security/2008/dsa-1494.wml | 38 ---- danish/security/2008/dsa-1495.wml | 31 --- danish/security/2008/dsa-1496.wml | 39 ---- danish/security/2008/dsa-1497.wml | 36 ---- danish/security/2008/dsa-1498.wml | 16 -- danish/security/2008/dsa-1499.wml | 22 -- danish/security/2008/dsa-1500.wml | 19 -- danish/security/2008/dsa-1501.wml | 21 -- danish/security/2008/dsa-1502.wml | 51 ----- danish/security/2008/dsa-1503.wml | 176 --------------- danish/security/2008/dsa-1504.wml | 174 --------------- danish/security/2008/dsa-1505.wml | 27 --- danish/security/2008/dsa-1506.wml | 87 -------- danish/security/2008/dsa-1507.wml | 22 -- danish/security/2008/dsa-1508.wml | 23 -- danish/security/2008/dsa-1509.wml | 47 ----- danish/security/2008/dsa-1510.wml | 20 -- danish/security/2008/dsa-1511.wml | 41 ---- danish/security/2008/dsa-1512.wml | 24 --- danish/security/2008/dsa-1513.wml | 17 -- danish/security/2008/dsa-1514.wml | 63 ------ danish/security/2008/dsa-1515.wml | 32 --- danish/security/2008/dsa-1516.wml | 37 ---- danish/security/2008/dsa-1517.wml | 23 -- danish/security/2008/dsa-1518.wml | 23 -- danish/security/2008/dsa-1519.wml | 20 -- danish/security/2008/dsa-1520.wml | 21 -- danish/security/2008/dsa-1521.wml | 16 -- danish/security/2008/dsa-1522.wml | 21 -- danish/security/2008/dsa-1523.wml | 22 -- danish/security/2008/dsa-1524.wml | 46 ---- danish/security/2008/dsa-1525.wml | 44 ---- danish/security/2008/dsa-1526.wml | 34 --- danish/security/2008/dsa-1527.wml | 21 -- danish/security/2008/dsa-1528.wml | 20 -- danish/security/2008/dsa-1529.wml | 59 ------ danish/security/2008/dsa-1530.wml | 37 ---- danish/security/2008/dsa-1531.wml | 20 -- danish/security/2008/dsa-1532.wml | 81 ------- danish/security/2008/dsa-1533.wml | 42 ---- danish/security/2008/dsa-1534.wml | 78 ------- danish/security/2008/dsa-1535.wml | 79 ------- danish/security/2008/dsa-1536.wml | 52 ----- danish/security/2008/dsa-1537.wml | 41 ---- danish/security/2008/dsa-1538.wml | 19 -- danish/security/2008/dsa-1539.wml | 36 ---- danish/security/2008/dsa-1540.wml | 15 -- danish/security/2008/dsa-1541.wml | 45 ---- danish/security/2008/dsa-1542.wml | 19 -- danish/security/2008/dsa-1543.wml | 73 ------- danish/security/2008/dsa-1544.wml | 23 -- danish/security/2008/dsa-1545.wml | 17 -- danish/security/2008/dsa-1546.wml | 19 -- danish/security/2008/dsa-1547.wml | 47 ----- danish/security/2008/dsa-1548.wml | 29 --- danish/security/2008/dsa-1549.wml | 38 ---- danish/security/2008/dsa-1550.wml | 17 -- danish/security/2008/dsa-1551.wml | 47 ----- danish/security/2008/dsa-1552.wml | 18 -- danish/security/2008/dsa-1553.wml | 17 -- danish/security/2008/dsa-1554.wml | 19 -- danish/security/2008/dsa-1555.wml | 17 -- danish/security/2008/dsa-1556.wml | 19 -- danish/security/2008/dsa-1557.wml | 40 ---- danish/security/2008/dsa-1558.wml | 17 -- danish/security/2008/dsa-1559.wml | 19 -- danish/security/2008/dsa-1560.wml | 19 -- danish/security/2008/dsa-1561.wml | 26 --- danish/security/2008/dsa-1562.wml | 18 -- danish/security/2008/dsa-1563.wml | 19 -- danish/security/2008/dsa-1564.wml | 51 ----- danish/security/2008/dsa-1565.wml | 50 ----- danish/security/2008/dsa-1566.wml | 20 -- danish/security/2008/dsa-1567.wml | 20 -- danish/security/2008/dsa-1568.wml | 18 -- danish/security/2008/dsa-1569.wml | 18 -- danish/security/2008/dsa-1570.wml | 21 -- danish/security/2008/dsa-1571.wml | 70 ------ danish/security/2008/dsa-1572.wml | 43 ---- danish/security/2008/dsa-1573.wml | 40 ---- danish/security/2008/dsa-1574.wml | 49 ----- danish/security/2008/dsa-1575.wml | 30 --- danish/security/2008/dsa-1576.wml | 147 ------------- danish/security/2008/dsa-1577.wml | 18 -- danish/security/2008/dsa-1578.wml | 49 ----- danish/security/2008/dsa-1579.wml | 20 -- danish/security/2008/dsa-1580.wml | 28 --- danish/security/2008/dsa-1581.wml | 47 ----- danish/security/2008/dsa-1582.wml | 19 -- danish/security/2008/dsa-1583.wml | 35 --- danish/security/2008/dsa-1584.wml | 19 -- danish/security/2008/dsa-1585.wml | 15 -- danish/security/2008/dsa-1586.wml | 43 ---- danish/security/2008/dsa-1587.wml | 18 -- danish/security/2008/dsa-1588.wml | 51 ----- danish/security/2008/dsa-1589.wml | 19 -- danish/security/2008/dsa-1590.wml | 19 -- danish/security/2008/dsa-1591.wml | 41 ---- danish/security/2008/dsa-1592.wml | 37 ---- danish/security/2008/dsa-1593.wml | 18 -- danish/security/2008/dsa-1594.wml | 18 -- danish/security/2008/dsa-1595.wml | 58 ----- danish/security/2008/dsa-1596.wml | 25 --- danish/security/2008/dsa-1597.wml | 39 ---- danish/security/2008/dsa-1598.wml | 19 -- danish/security/2008/dsa-1599.wml | 18 -- danish/security/2008/dsa-1600.wml | 17 -- danish/security/2008/dsa-1601.wml | 34 --- danish/security/2008/dsa-1602.wml | 18 -- danish/security/2008/dsa-1603.wml | 76 ------- danish/security/2008/dsa-1604.wml | 32 --- danish/security/2008/dsa-1605.wml | 29 --- danish/security/2008/dsa-1606.wml | 19 -- danish/security/2008/dsa-1607.wml | 85 -------- danish/security/2008/dsa-1608.wml | 25 --- danish/security/2008/dsa-1609.wml | 36 ---- danish/security/2008/dsa-1610.wml | 17 -- danish/security/2008/dsa-1611.wml | 19 -- danish/security/2008/dsa-1612.wml | 55 ----- danish/security/2008/dsa-1613.wml | 52 ----- danish/security/2008/dsa-1614.wml | 33 --- danish/security/2008/dsa-1615.wml | 96 --------- danish/security/2008/dsa-1616.wml | 30 --- danish/security/2008/dsa-1617.wml | 44 ---- danish/security/2008/dsa-1618.wml | 55 ----- danish/security/2008/dsa-1619.wml | 28 --- danish/security/2008/dsa-1620.wml | 46 ---- danish/security/2008/dsa-1621.wml | 76 ------- danish/security/2008/dsa-1622.wml | 19 -- danish/security/2008/dsa-1623.wml | 26 --- danish/security/2008/dsa-1624.wml | 16 -- danish/security/2008/dsa-1625.wml | 37 ---- danish/security/2008/dsa-1626.wml | 18 -- danish/security/2008/dsa-1627.wml | 37 ---- danish/security/2008/dsa-1628.wml | 20 -- danish/security/2008/dsa-1629.wml | 37 ---- danish/security/2008/dsa-1630.wml | 69 ------ danish/security/2008/dsa-1631.wml | 18 -- danish/security/2008/dsa-1632.wml | 21 -- danish/security/2008/dsa-1633.wml | 21 -- danish/security/2008/dsa-1634.wml | 22 -- danish/security/2008/dsa-1635.wml | 40 ---- danish/security/2008/dsa-1636.wml | 72 ------- danish/security/2008/dsa-1637.wml | 24 --- danish/security/2008/dsa-1638.wml | 32 --- danish/security/2008/dsa-1639.wml | 18 -- danish/security/2008/dsa-1640.wml | 31 --- danish/security/2008/dsa-1641.wml | 44 ---- danish/security/2008/dsa-1642.wml | 20 -- danish/security/2008/dsa-1643.wml | 19 -- danish/security/2008/dsa-1644.wml | 20 -- danish/security/2008/dsa-1645.wml | 39 ---- danish/security/2008/dsa-1646.wml | 19 -- danish/security/2008/dsa-1647.wml | 39 ---- danish/security/2008/dsa-1648.wml | 20 -- danish/security/2008/dsa-1649.wml | 95 --------- danish/security/2008/dsa-1650.wml | 18 -- danish/security/2008/dsa-1651.wml | 49 ----- danish/security/2008/dsa-1652.wml | 49 ----- danish/security/2008/dsa-1653.wml | 64 ------ danish/security/2008/dsa-1654.wml | 18 -- danish/security/2008/dsa-1655.wml | 46 ---- danish/security/2008/dsa-1656.wml | 38 ---- danish/security/2008/dsa-1657.wml | 19 -- danish/security/2008/dsa-1658.wml | 18 -- danish/security/2008/dsa-1659.wml | 24 --- danish/security/2008/dsa-1660.wml | 26 --- danish/security/2008/dsa-1661.wml | 35 --- danish/security/2008/dsa-1662.wml | 24 --- danish/security/2008/dsa-1663.wml | 42 ---- danish/security/2008/dsa-1664.wml | 19 -- danish/security/2008/dsa-1665.wml | 19 -- danish/security/2008/dsa-1666.wml | 34 --- danish/security/2008/dsa-1667.wml | 42 ---- danish/security/2008/dsa-1668.wml | 18 -- danish/security/2008/dsa-1669.wml | 152 ------------- danish/security/2008/dsa-1670.wml | 32 --- danish/security/2008/dsa-1671.wml | 80 ------- danish/security/2008/dsa-1672.wml | 18 -- danish/security/2008/dsa-1673.wml | 57 ----- danish/security/2008/dsa-1674.wml | 19 -- danish/security/2008/dsa-1675.wml | 23 -- danish/security/2008/dsa-1676.wml | 18 -- danish/security/2008/dsa-1677.wml | 20 -- danish/security/2008/dsa-1678.wml | 24 --- danish/security/2008/dsa-1679.wml | 19 -- danish/security/2008/dsa-1680.wml | 27 --- danish/security/2008/dsa-1681.wml | 95 --------- danish/security/2008/dsa-1682.wml | 19 -- danish/security/2008/dsa-1683.wml | 19 -- danish/security/2008/dsa-1684.wml | 37 ---- danish/security/2008/dsa-1685.wml | 26 --- danish/security/2008/dsa-1686.wml | 18 -- danish/security/2008/dsa-1687.wml | 106 ---------- danish/security/2008/dsa-1688.wml | 22 -- danish/security/2008/dsa-1689.wml | 20 -- danish/security/2008/dsa-1690.wml | 25 --- danish/security/2008/dsa-1691.wml | 45 ---- danish/security/2008/dsa-1692.wml | 28 --- danish/security/2008/dsa-1693.wml | 54 ----- danish/security/2008/index.wml | 14 -- danish/security/2009/Makefile | 1 - danish/security/2009/dsa-1694.wml | 22 -- danish/security/2009/dsa-1695.wml | 25 --- danish/security/2009/dsa-1696.wml | 171 --------------- danish/security/2009/dsa-1697.wml | 272 ------------------------ danish/security/2009/dsa-1698.wml | 18 -- danish/security/2009/dsa-1699.wml | 19 -- danish/security/2009/dsa-1700.wml | 18 -- danish/security/2009/dsa-1701.wml | 22 -- danish/security/2009/dsa-1702.wml | 21 -- danish/security/2009/dsa-1703.wml | 20 -- danish/security/2009/dsa-1704.wml | 58 ----- danish/security/2009/dsa-1705.wml | 24 --- danish/security/2009/dsa-1706.wml | 19 -- danish/security/2009/dsa-1707.wml | 79 ------- danish/security/2009/dsa-1708.wml | 30 --- danish/security/2009/dsa-1709.wml | 20 -- danish/security/2009/dsa-1710.wml | 21 -- danish/security/2009/dsa-1711.wml | 51 ----- danish/security/2009/dsa-1712.wml | 23 -- danish/security/2009/dsa-1713.wml | 23 -- danish/security/2009/dsa-1714.wml | 23 -- danish/security/2009/dsa-1715.wml | 24 --- danish/security/2009/dsa-1716.wml | 20 -- danish/security/2009/dsa-1717.wml | 22 -- danish/security/2009/dsa-1718.wml | 21 -- danish/security/2009/dsa-1719.wml | 26 --- danish/security/2009/dsa-1720.wml | 35 --- danish/security/2009/dsa-1721.wml | 39 ---- danish/security/2009/dsa-1722.wml | 22 -- danish/security/2009/dsa-1723.wml | 19 -- danish/security/2009/dsa-1724.wml | 44 ---- danish/security/2009/dsa-1725.wml | 21 -- danish/security/2009/dsa-1726.wml | 22 -- danish/security/2009/dsa-1727.wml | 40 ---- danish/security/2009/dsa-1728.wml | 20 -- danish/security/2009/dsa-1729.wml | 44 ---- danish/security/2009/dsa-1730.wml | 44 ---- danish/security/2009/dsa-1731.wml | 19 -- danish/security/2009/dsa-1732.wml | 19 -- danish/security/2009/dsa-1733.wml | 55 ----- danish/security/2009/dsa-1734.wml | 25 --- danish/security/2009/dsa-1735.wml | 23 -- danish/security/2009/dsa-1736.wml | 20 -- danish/security/2009/dsa-1737.wml | 40 ---- danish/security/2009/dsa-1738.wml | 29 --- danish/security/2009/dsa-1739.wml | 19 -- danish/security/2009/dsa-1740.wml | 21 -- danish/security/2009/dsa-1741.wml | 19 -- danish/security/2009/dsa-1742.wml | 23 -- danish/security/2009/dsa-1743.wml | 36 ---- danish/security/2009/dsa-1744.wml | 24 --- danish/security/2009/dsa-1745.wml | 43 ---- danish/security/2009/dsa-1746.wml | 39 ---- danish/security/2009/dsa-1747.wml | 24 --- danish/security/2009/dsa-1748.wml | 21 -- danish/security/2009/dsa-1749.wml | 87 -------- danish/security/2009/dsa-1750.wml | 68 ------ danish/security/2009/dsa-1751.wml | 59 ------ danish/security/2009/dsa-1752.wml | 19 -- danish/security/2009/dsa-1753.wml | 22 -- danish/security/2009/dsa-1754.wml | 23 -- danish/security/2009/dsa-1755.wml | 20 -- danish/security/2009/dsa-1756.wml | 47 ----- danish/security/2009/dsa-1757.wml | 23 -- danish/security/2009/dsa-1758.wml | 22 -- danish/security/2009/dsa-1759.wml | 22 -- danish/security/2009/dsa-1760.wml | 37 ---- danish/security/2009/dsa-1761.wml | 28 --- danish/security/2009/dsa-1762.wml | 22 -- danish/security/2009/dsa-1763.wml | 22 -- danish/security/2009/dsa-1764.wml | 37 ---- danish/security/2009/dsa-1765.wml | 45 ---- danish/security/2009/dsa-1766.wml | 49 ----- danish/security/2009/dsa-1767.wml | 26 --- danish/security/2009/dsa-1768.wml | 41 ---- danish/security/2009/dsa-1769.wml | 59 ------ danish/security/2009/dsa-1770.wml | 39 ---- danish/security/2009/dsa-1771.wml | 38 ---- danish/security/2009/dsa-1772.wml | 33 --- danish/security/2009/dsa-1773.wml | 22 -- danish/security/2009/dsa-1774.wml | 24 --- danish/security/2009/dsa-1775.wml | 24 --- danish/security/2009/dsa-1776.wml | 22 -- danish/security/2009/dsa-1777.wml | 26 --- danish/security/2009/dsa-1778.wml | 24 --- danish/security/2009/dsa-1779.wml | 35 --- danish/security/2009/dsa-1780.wml | 35 --- danish/security/2009/dsa-1781.wml | 36 ---- danish/security/2009/dsa-1782.wml | 40 ---- danish/security/2009/dsa-1783.wml | 39 ---- danish/security/2009/dsa-1784.wml | 25 --- danish/security/2009/dsa-1785.wml | 41 ---- danish/security/2009/dsa-1786.wml | 22 -- danish/security/2009/dsa-1787.wml | 175 --------------- danish/security/2009/dsa-1788.wml | 21 -- danish/security/2009/dsa-1789.wml | 95 --------- danish/security/2009/dsa-1790.wml | 106 ---------- danish/security/2009/dsa-1791.wml | 22 -- danish/security/2009/dsa-1792.wml | 45 ---- danish/security/2009/dsa-1793.wml | 95 --------- danish/security/2009/dsa-1794.wml | 141 ------------- danish/security/2009/dsa-1795.wml | 24 --- danish/security/2009/dsa-1796.wml | 26 --- danish/security/2009/dsa-1797.wml | 91 -------- danish/security/2009/dsa-1798.wml | 23 -- danish/security/2009/dsa-1799.wml | 40 ---- danish/security/2009/dsa-1800.wml | 110 ---------- danish/security/2009/dsa-1801.wml | 36 ---- danish/security/2009/dsa-1802.wml | 49 ----- danish/security/2009/dsa-1803.wml | 22 -- danish/security/2009/dsa-1804.wml | 39 ---- danish/security/2009/dsa-1805.wml | 45 ---- danish/security/2009/dsa-1806.wml | 22 -- danish/security/2009/dsa-1807.wml | 55 ----- danish/security/2009/dsa-1808.wml | 22 -- danish/security/2009/dsa-1809.wml | 52 ----- danish/security/2009/dsa-1810.wml | 23 -- danish/security/2009/dsa-1811.wml | 26 --- danish/security/2009/dsa-1812.wml | 44 ---- danish/security/2009/dsa-1813.wml | 42 ---- danish/security/2009/dsa-1814.wml | 43 ---- danish/security/2009/dsa-1815.wml | 21 -- danish/security/2009/dsa-1816.wml | 38 ---- danish/security/2009/dsa-1817.wml | 24 --- danish/security/2009/dsa-1818.wml | 28 --- danish/security/2009/dsa-1819.wml | 67 ------ danish/security/2009/dsa-1820.wml | 94 --------- danish/security/2009/dsa-1821.wml | 24 --- danish/security/2009/dsa-1822.wml | 25 --- danish/security/2009/dsa-1823.wml | 38 ---- danish/security/2009/dsa-1824.wml | 40 ---- danish/security/2009/dsa-1825.wml | 28 --- danish/security/2009/dsa-1826.wml | 36 ---- danish/security/2009/dsa-1827.wml | 23 -- danish/security/2009/dsa-1828.wml | 29 --- danish/security/2009/dsa-1829.wml | 24 --- danish/security/2009/dsa-1830.wml | 129 ----------- danish/security/2009/dsa-1831.wml | 22 -- danish/security/2009/dsa-1832.wml | 21 -- danish/security/2009/dsa-1833.wml | 37 ---- danish/security/2009/dsa-1834.wml | 43 ---- danish/security/2009/dsa-1835.wml | 36 ---- danish/security/2009/dsa-1836.wml | 20 -- danish/security/2009/dsa-1837.wml | 25 --- danish/security/2009/dsa-1838.wml | 19 -- danish/security/2009/dsa-1839.wml | 25 --- danish/security/2009/dsa-1840.wml | 81 ------- danish/security/2009/dsa-1841.wml | 29 --- danish/security/2009/dsa-1842.wml | 38 ---- danish/security/2009/dsa-1843.wml | 23 -- danish/security/2009/dsa-1844.wml | 83 -------- danish/security/2009/dsa-1845.wml | 57 ----- danish/security/2009/dsa-1846.wml | 19 -- danish/security/2009/dsa-1847.wml | 24 --- danish/security/2009/dsa-1848.wml | 21 -- danish/security/2009/dsa-1849.wml | 24 --- danish/security/2009/dsa-1850.wml | 35 --- danish/security/2009/dsa-1851.wml | 22 -- danish/security/2009/dsa-1852.wml | 32 --- danish/security/2009/dsa-1853.wml | 23 -- danish/security/2009/dsa-1854.wml | 22 -- danish/security/2009/dsa-1855.wml | 22 -- danish/security/2009/dsa-1856.wml | 27 --- danish/security/2009/dsa-1857.wml | 24 --- danish/security/2009/dsa-1858.wml | 92 -------- danish/security/2009/dsa-1859.wml | 37 ---- danish/security/2009/dsa-1860.wml | 35 --- danish/security/2009/dsa-1861.wml | 35 --- danish/security/2009/dsa-1862.wml | 36 ---- danish/security/2009/dsa-1863.wml | 47 ----- danish/security/2009/dsa-1864.wml | 34 --- danish/security/2009/dsa-1865.wml | 68 ------ danish/security/2009/dsa-1866.wml | 36 ---- danish/security/2009/dsa-1867.wml | 43 ---- danish/security/2009/dsa-1868.wml | 45 ---- danish/security/2009/dsa-1869.wml | 24 --- danish/security/2009/dsa-1870.wml | 37 ---- danish/security/2009/dsa-1871.wml | 89 -------- danish/security/2009/dsa-1872.wml | 72 ------- danish/security/2009/dsa-1873.wml | 20 -- danish/security/2009/dsa-1874.wml | 40 ---- danish/security/2009/dsa-1875.wml | 20 -- danish/security/2009/dsa-1876.wml | 33 --- danish/security/2009/dsa-1877.wml | 20 -- danish/security/2009/dsa-1878.wml | 25 --- danish/security/2009/dsa-1879.wml | 52 ----- danish/security/2009/dsa-1880.wml | 57 ----- danish/security/2009/dsa-1881.wml | 27 --- danish/security/2009/dsa-1882.wml | 24 --- danish/security/2009/dsa-1883.wml | 29 --- danish/security/2009/dsa-1884.wml | 27 --- danish/security/2009/dsa-1885.wml | 75 ------- danish/security/2009/dsa-1886.wml | 42 ---- danish/security/2009/dsa-1887.wml | 25 --- danish/security/2009/dsa-1888.wml | 31 --- danish/security/2009/dsa-1889.wml | 21 -- danish/security/2009/dsa-1890.wml | 27 --- danish/security/2009/dsa-1891.wml | 25 --- danish/security/2009/dsa-1892.wml | 24 --- danish/security/2009/dsa-1893.wml | 33 --- danish/security/2009/dsa-1894.wml | 22 -- danish/security/2009/dsa-1895.wml | 33 --- danish/security/2009/dsa-1896.wml | 38 ---- danish/security/2009/dsa-1897.wml | 30 --- danish/security/2009/dsa-1898.wml | 20 -- danish/security/2009/dsa-1899.wml | 38 ---- danish/security/2009/dsa-1900.wml | 49 ----- danish/security/2009/dsa-1901.wml | 53 ----- danish/security/2009/dsa-1902.wml | 19 -- danish/security/2009/dsa-1903.wml | 114 ---------- danish/security/2009/dsa-1904.wml | 27 --- danish/security/2009/dsa-1905.wml | 26 --- danish/security/2009/dsa-1906.wml | 21 -- danish/security/2009/dsa-1907.wml | 42 ---- danish/security/2009/dsa-1908.wml | 49 ----- danish/security/2009/dsa-1909.wml | 29 --- danish/security/2009/dsa-1910.wml | 29 --- danish/security/2009/dsa-1911.wml | 29 --- danish/security/2009/dsa-1912.wml | 25 --- danish/security/2009/dsa-1913.wml | 21 -- danish/security/2009/dsa-1914.wml | 75 ------- danish/security/2009/dsa-1915.wml | 114 ---------- danish/security/2009/dsa-1916.wml | 25 --- danish/security/2009/dsa-1917.wml | 38 ---- danish/security/2009/dsa-1918.wml | 44 ---- danish/security/2009/dsa-1919.wml | 35 --- danish/security/2009/dsa-1920.wml | 23 -- danish/security/2009/dsa-1921.wml | 22 -- danish/security/2009/dsa-1922.wml | 79 ------- danish/security/2009/dsa-1923.wml | 26 --- danish/security/2009/dsa-1924.wml | 35 --- danish/security/2009/dsa-1925.wml | 25 --- danish/security/2009/dsa-1926.wml | 83 -------- danish/security/2009/dsa-1927.wml | 90 -------- danish/security/2009/dsa-1928.wml | 141 ------------- danish/security/2009/dsa-1929.wml | 102 --------- danish/security/2009/dsa-1930.wml | 48 ----- danish/security/2009/dsa-1931.wml | 34 --- danish/security/2009/dsa-1932.wml | 19 -- danish/security/2009/dsa-1933.wml | 22 -- danish/security/2009/dsa-1934.wml | 71 ------- danish/security/2009/dsa-1935.wml | 31 --- danish/security/2009/dsa-1936.wml | 40 ---- danish/security/2009/dsa-1937.wml | 24 --- danish/security/2009/dsa-1938.wml | 23 -- danish/security/2009/dsa-1939.wml | 23 -- danish/security/2009/dsa-1940.wml | 69 ------ danish/security/2009/dsa-1941.wml | 21 -- danish/security/2009/dsa-1942.wml | 48 ----- danish/security/2009/dsa-1943.wml | 24 --- danish/security/2009/dsa-1944.wml | 25 --- danish/security/2009/dsa-1945.wml | 23 -- danish/security/2009/dsa-1946.wml | 22 -- danish/security/2009/dsa-1947.wml | 25 --- danish/security/2009/dsa-1948.wml | 28 --- danish/security/2009/dsa-1949.wml | 26 --- danish/security/2009/dsa-1950.wml | 141 ------------- danish/security/2009/dsa-1951.wml | 22 -- danish/security/2009/dsa-1952.wml | 57 ----- danish/security/2009/dsa-1953.wml | 24 --- danish/security/2009/dsa-1954.wml | 52 ----- danish/security/2009/dsa-1955.wml | 27 --- danish/security/2009/dsa-1956.wml | 53 ----- danish/security/2009/dsa-1957.wml | 21 -- danish/security/2009/dsa-1958.wml | 22 -- danish/security/2009/dsa-1959.wml | 25 --- danish/security/2009/dsa-1960.wml | 21 -- danish/security/2009/dsa-1961.wml | 28 --- danish/security/2009/dsa-1962.wml | 46 ---- danish/security/2009/dsa-1963.wml | 22 -- danish/security/2009/dsa-1964.wml | 38 ---- danish/security/2009/index.wml | 14 -- danish/security/2010/Makefile | 1 - danish/security/2010/dsa-1965.wml | 24 --- danish/security/2010/dsa-1966.wml | 45 ---- danish/security/2010/dsa-1967.wml | 20 -- danish/security/2010/dsa-1968.wml | 32 --- danish/security/2010/dsa-1969.wml | 25 --- danish/security/2010/dsa-1970.wml | 28 --- danish/security/2010/dsa-1971.wml | 23 -- danish/security/2010/dsa-1972.wml | 25 --- danish/security/2010/dsa-1973.wml | 23 -- danish/security/2010/dsa-1974.wml | 39 ---- danish/security/2010/dsa-1976.wml | 45 ---- danish/security/2010/dsa-1977.wml | 36 ---- danish/security/2010/dsa-1978.wml | 37 ---- danish/security/2010/dsa-1979.wml | 50 ----- danish/security/2010/dsa-1980.wml | 31 --- danish/security/2010/dsa-1981.wml | 22 -- danish/security/2010/dsa-1982.wml | 25 --- danish/security/2010/dsa-1983.wml | 31 --- danish/security/2010/dsa-1984.wml | 24 --- danish/security/2010/dsa-1985.wml | 26 --- danish/security/2010/dsa-1986.wml | 66 ------ danish/security/2010/dsa-1987.wml | 25 --- danish/security/2010/dsa-1988.wml | 97 --------- danish/security/2010/dsa-1989.wml | 23 -- danish/security/2010/dsa-1990.wml | 21 -- danish/security/2010/dsa-1991.wml | 37 ---- danish/security/2010/dsa-1992.wml | 51 ----- danish/security/2010/dsa-1993.wml | 23 -- danish/security/2010/dsa-1994.wml | 22 -- danish/security/2010/dsa-1995.wml | 49 ----- danish/security/2010/dsa-1996.wml | 116 ---------- danish/security/2010/dsa-1997.wml | 51 ----- danish/security/2010/dsa-1998.wml | 17 -- danish/security/2010/dsa-1999.wml | 49 ----- danish/security/2010/dsa-2000.wml | 35 --- danish/security/2010/dsa-2001.wml | 35 --- danish/security/2010/dsa-2002.wml | 35 --- danish/security/2010/dsa-2003.wml | 106 ---------- danish/security/2010/dsa-2004.wml | 34 --- danish/security/2010/dsa-2005.wml | 136 ------------ danish/security/2010/dsa-2006.wml | 37 ---- danish/security/2010/dsa-2007.wml | 24 --- danish/security/2010/dsa-2008.wml | 21 -- danish/security/2010/dsa-2009.wml | 21 -- danish/security/2010/dsa-2010.wml | 44 ---- danish/security/2010/dsa-2011.wml | 20 -- danish/security/2010/dsa-2012.wml | 46 ---- danish/security/2010/dsa-2013.wml | 20 -- danish/security/2010/dsa-2014.wml | 41 ---- danish/security/2010/dsa-2015.wml | 45 ---- danish/security/2010/dsa-2016.wml | 46 ---- danish/security/2010/dsa-2017.wml | 19 -- danish/security/2010/dsa-2018.wml | 20 -- danish/security/2010/dsa-2019.wml | 21 -- danish/security/2010/dsa-2020.wml | 20 -- danish/security/2010/dsa-2021.wml | 19 -- danish/security/2010/dsa-2022.wml | 33 --- danish/security/2010/dsa-2023.wml | 25 --- danish/security/2010/dsa-2024.wml | 24 --- danish/security/2010/dsa-2025.wml | 58 ----- danish/security/2010/dsa-2026.wml | 27 --- danish/security/2010/dsa-2027.wml | 51 ----- danish/security/2010/dsa-2028.wml | 57 ----- danish/security/2010/dsa-2029.wml | 22 -- danish/security/2010/dsa-2030.wml | 22 -- danish/security/2010/dsa-2031.wml | 20 -- danish/security/2010/dsa-2032.wml | 38 ---- danish/security/2010/dsa-2033.wml | 23 -- danish/security/2010/dsa-2034.wml | 39 ---- danish/security/2010/dsa-2035.wml | 40 ---- danish/security/2010/dsa-2036.wml | 24 --- danish/security/2010/dsa-2037.wml | 17 -- danish/security/2010/dsa-2038.wml | 39 ---- danish/security/2010/dsa-2039.wml | 17 -- danish/security/2010/dsa-2040.wml | 30 --- danish/security/2010/dsa-2041.wml | 22 -- danish/security/2010/dsa-2042.wml | 21 -- danish/security/2010/dsa-2043.wml | 23 -- danish/security/2010/dsa-2044.wml | 20 -- danish/security/2010/dsa-2045.wml | 22 -- danish/security/2010/dsa-2046.wml | 33 --- danish/security/2010/dsa-2047.wml | 21 -- danish/security/2010/dsa-2048.wml | 22 -- danish/security/2010/dsa-2049.wml | 18 -- danish/security/2010/dsa-2050.wml | 19 -- danish/security/2010/dsa-2051.wml | 43 ---- danish/security/2010/dsa-2052.wml | 25 --- danish/security/2010/dsa-2053.wml | 113 ---------- danish/security/2010/dsa-2054.wml | 52 ----- danish/security/2010/dsa-2055.wml | 22 -- danish/security/2010/dsa-2056.wml | 22 -- danish/security/2010/dsa-2057.wml | 53 ----- danish/security/2010/dsa-2058.wml | 50 ----- danish/security/2010/dsa-2059.wml | 18 -- danish/security/2010/dsa-2060.wml | 23 -- danish/security/2010/dsa-2061.wml | 22 -- danish/security/2010/dsa-2062.wml | 23 -- danish/security/2010/dsa-2063.wml | 21 -- danish/security/2010/dsa-2064.wml | 69 ------ danish/security/2010/dsa-2065.wml | 19 -- danish/security/2010/dsa-2066.wml | 20 -- danish/security/2010/dsa-2067.wml | 49 ----- danish/security/2010/dsa-2068.wml | 20 -- danish/security/2010/dsa-2069.wml | 18 -- danish/security/2010/dsa-2070.wml | 20 -- danish/security/2010/dsa-2071.wml | 18 -- danish/security/2010/dsa-2072.wml | 35 --- danish/security/2010/dsa-2073.wml | 21 -- danish/security/2010/dsa-2074.wml | 19 -- danish/security/2010/dsa-2075.wml | 71 ------- danish/security/2010/dsa-2076.wml | 20 -- danish/security/2010/dsa-2077.wml | 36 ---- danish/security/2010/dsa-2078.wml | 18 -- danish/security/2010/dsa-2079.wml | 37 ---- danish/security/2010/dsa-2080.wml | 19 -- danish/security/2010/dsa-2081.wml | 19 -- danish/security/2010/dsa-2082.wml | 17 -- danish/security/2010/dsa-2083.wml | 19 -- danish/security/2010/dsa-2084.wml | 17 -- danish/security/2010/dsa-2085.wml | 24 --- danish/security/2010/dsa-2086.wml | 31 --- danish/security/2010/dsa-2087.wml | 17 -- danish/security/2010/dsa-2088.wml | 21 -- danish/security/2010/dsa-2089.wml | 50 ----- danish/security/2010/dsa-2090.wml | 24 --- danish/security/2010/dsa-2091.wml | 27 --- danish/security/2010/dsa-2092.wml | 21 -- danish/security/2010/dsa-2093.wml | 36 ---- danish/security/2010/dsa-2094.wml | 93 -------- danish/security/2010/dsa-2095.wml | 20 -- danish/security/2010/dsa-2096.wml | 21 -- danish/security/2010/dsa-2097.wml | 36 ---- danish/security/2010/dsa-2098.wml | 24 --- danish/security/2010/dsa-2099.wml | 30 --- danish/security/2010/dsa-2100.wml | 18 -- danish/security/2010/dsa-2101.wml | 19 -- danish/security/2010/dsa-2102.wml | 23 -- danish/security/2010/dsa-2103.wml | 18 -- danish/security/2010/dsa-2104.wml | 42 ---- danish/security/2010/dsa-2105.wml | 73 ------- danish/security/2010/dsa-2106.wml | 70 ------ danish/security/2010/dsa-2107.wml | 17 -- danish/security/2010/dsa-2108.wml | 18 -- danish/security/2010/dsa-2109.wml | 27 --- danish/security/2010/dsa-2110.wml | 58 ----- danish/security/2010/dsa-2111.wml | 20 -- danish/security/2010/dsa-2112.wml | 28 --- danish/security/2010/dsa-2113.wml | 43 ---- danish/security/2010/dsa-2114.wml | 30 --- danish/security/2010/dsa-2115.wml | 107 ---------- danish/security/2010/dsa-2116.wml | 27 --- danish/security/2010/dsa-2117.wml | 25 --- danish/security/2010/dsa-2118.wml | 28 --- danish/security/2010/dsa-2119.wml | 17 -- danish/security/2010/dsa-2120.wml | 27 --- danish/security/2010/dsa-2121.wml | 43 ---- danish/security/2010/dsa-2122.wml | 20 -- danish/security/2010/dsa-2123.wml | 34 --- danish/security/2010/dsa-2124.wml | 79 ------- danish/security/2010/dsa-2125.wml | 36 ---- danish/security/2010/dsa-2126.wml | 222 ------------------- danish/security/2010/dsa-2127.wml | 20 -- danish/security/2010/dsa-2128.wml | 18 -- danish/security/2010/dsa-2129.wml | 37 ---- danish/security/2010/dsa-2130.wml | 45 ---- danish/security/2010/dsa-2131.wml | 34 --- danish/security/2010/dsa-2132.wml | 21 -- danish/security/2010/dsa-2133.wml | 26 --- danish/security/2010/dsa-2134.wml | 16 -- danish/security/2010/dsa-2135.wml | 19 -- danish/security/2010/dsa-2136.wml | 24 --- danish/security/2010/dsa-2137.wml | 21 -- danish/security/2010/dsa-2138.wml | 22 -- danish/security/2010/dsa-2139.wml | 44 ---- danish/security/2010/index.wml | 14 -- danish/security/2011/Makefile | 1 - danish/security/2011/dsa-2140.wml | 31 --- danish/security/2011/dsa-2141.wml | 59 ------ danish/security/2011/dsa-2142.wml | 27 --- danish/security/2011/dsa-2143.wml | 95 --------- danish/security/2011/dsa-2144.wml | 24 --- danish/security/2011/dsa-2145.wml | 24 --- danish/security/2011/dsa-2146.wml | 21 -- danish/security/2011/dsa-2147.wml | 21 -- danish/security/2011/dsa-2148.wml | 32 --- danish/security/2011/dsa-2149.wml | 22 -- danish/security/2011/dsa-2150.wml | 21 -- danish/security/2011/dsa-2151.wml | 88 -------- danish/security/2011/dsa-2152.wml | 25 --- danish/security/2011/dsa-2153.wml | 166 --------------- danish/security/2011/dsa-2154.wml | 72 ------- danish/security/2011/dsa-2155.wml | 20 -- danish/security/2011/dsa-2156.wml | 21 -- danish/security/2011/dsa-2157.wml | 25 --- danish/security/2011/dsa-2158.wml | 18 -- danish/security/2011/dsa-2159.wml | 22 -- danish/security/2011/dsa-2160.wml | 47 ----- danish/security/2011/dsa-2161.wml | 24 --- danish/security/2011/dsa-2162.wml | 28 --- danish/security/2011/dsa-2163.wml | 44 ---- danish/security/2011/dsa-2164.wml | 24 --- danish/security/2011/dsa-2165.wml | 43 ---- danish/security/2011/dsa-2166.wml | 72 ------- danish/security/2011/dsa-2167.wml | 22 -- danish/security/2011/dsa-2168.wml | 39 ---- danish/security/2011/dsa-2169.wml | 24 --- danish/security/2011/dsa-2170.wml | 27 --- danish/security/2011/dsa-2171.wml | 20 -- danish/security/2011/dsa-2172.wml | 20 -- danish/security/2011/dsa-2173.wml | 21 -- danish/security/2011/dsa-2174.wml | 21 -- danish/security/2011/dsa-2175.wml | 20 -- danish/security/2011/dsa-2176.wml | 58 ----- danish/security/2011/dsa-2177.wml | 21 -- danish/security/2011/dsa-2178.wml | 21 -- danish/security/2011/dsa-2179.wml | 43 ---- danish/security/2011/dsa-2180.wml | 67 ------ danish/security/2011/dsa-2181.wml | 21 -- danish/security/2011/dsa-2182.wml | 22 -- danish/security/2011/dsa-2183.wml | 20 -- danish/security/2011/dsa-2184.wml | 20 -- danish/security/2011/dsa-2185.wml | 19 -- danish/security/2011/dsa-2186.wml | 64 ------ danish/security/2011/dsa-2187.wml | 66 ------ danish/security/2011/dsa-2188.wml | 98 --------- danish/security/2011/dsa-2189.wml | 90 -------- danish/security/2011/dsa-2190.wml | 41 ---- danish/security/2011/dsa-2191.wml | 36 ---- danish/security/2011/dsa-2192.wml | 38 ---- danish/security/2011/dsa-2193.wml | 35 --- danish/security/2011/dsa-2194.wml | 23 -- danish/security/2011/dsa-2195.wml | 60 ------ danish/security/2011/dsa-2196.wml | 19 -- danish/security/2011/dsa-2197.wml | 46 ---- danish/security/2011/dsa-2198.wml | 24 --- danish/security/2011/dsa-2199.wml | 25 --- danish/security/2011/dsa-2200.wml | 27 --- danish/security/2011/dsa-2201.wml | 23 -- danish/security/2011/dsa-2202.wml | 28 --- danish/security/2011/dsa-2203.wml | 20 -- danish/security/2011/dsa-2204.wml | 23 -- danish/security/2011/dsa-2205.wml | 22 -- danish/security/2011/dsa-2206.wml | 37 ---- danish/security/2011/dsa-2207.wml | 24 --- danish/security/2011/dsa-2208.wml | 39 ---- danish/security/2011/dsa-2209.wml | 20 -- danish/security/2011/dsa-2210.wml | 45 ---- danish/security/2011/dsa-2211.wml | 30 --- danish/security/2011/dsa-2212.wml | 25 --- danish/security/2011/dsa-2213.wml | 26 --- danish/security/2011/dsa-2214.wml | 28 --- danish/security/2011/dsa-2215.wml | 29 --- danish/security/2011/dsa-2216.wml | 26 --- danish/security/2011/dsa-2217.wml | 21 -- danish/security/2011/dsa-2218.wml | 24 --- danish/security/2011/dsa-2219.wml | 22 -- danish/security/2011/dsa-2220.wml | 56 ----- danish/security/2011/dsa-2221.wml | 20 -- danish/security/2011/dsa-2222.wml | 20 -- danish/security/2011/dsa-2223.wml | 15 -- danish/security/2011/dsa-2224.wml | 73 ------- danish/security/2011/dsa-2225.wml | 53 ----- danish/security/2011/dsa-2226.wml | 21 -- danish/security/2011/dsa-2227.wml | 58 ----- danish/security/2011/dsa-2228.wml | 58 ----- danish/security/2011/dsa-2229.wml | 20 -- danish/security/2011/dsa-2230.wml | 33 --- danish/security/2011/dsa-2231.wml | 24 --- danish/security/2011/dsa-2232.wml | 22 -- danish/security/2011/dsa-2233.wml | 42 ---- danish/security/2011/dsa-2234.wml | 49 ----- danish/security/2011/dsa-2235.wml | 60 ------ danish/security/2011/dsa-2236.wml | 23 -- danish/security/2011/dsa-2237.wml | 28 --- danish/security/2011/dsa-2238.wml | 17 -- danish/security/2011/dsa-2239.wml | 22 -- danish/security/2011/dsa-2240.wml | 267 ----------------------- danish/security/2011/dsa-2241.wml | 18 -- danish/security/2011/dsa-2242.wml | 23 -- danish/security/2011/dsa-2243.wml | 23 -- danish/security/2011/dsa-2244.wml | 27 --- danish/security/2011/dsa-2245.wml | 69 ------ danish/security/2011/dsa-2246.wml | 75 ------- danish/security/2011/dsa-2247.wml | 38 ---- danish/security/2011/dsa-2248.wml | 25 --- danish/security/2011/dsa-2249.wml | 24 --- danish/security/2011/dsa-2250.wml | 23 -- danish/security/2011/dsa-2251.wml | 41 ---- danish/security/2011/dsa-2252.wml | 20 -- danish/security/2011/dsa-2253.wml | 19 -- danish/security/2011/dsa-2254.wml | 27 --- danish/security/2011/dsa-2255.wml | 21 -- danish/security/2011/dsa-2256.wml | 20 -- danish/security/2011/dsa-2257.wml | 22 -- danish/security/2011/dsa-2258.wml | 26 --- danish/security/2011/dsa-2259.wml | 24 --- danish/security/2011/dsa-2260.wml | 34 --- danish/security/2011/dsa-2261.wml | 32 --- danish/security/2011/dsa-2262.wml | 51 ----- danish/security/2011/dsa-2263.wml | 26 --- danish/security/2011/dsa-2264.wml | 287 ------------------------- danish/security/2011/dsa-2265.wml | 26 --- danish/security/2011/dsa-2266.wml | 57 ----- danish/security/2011/dsa-2267.wml | 27 --- danish/security/2011/dsa-2268.wml | 69 ------ danish/security/2011/dsa-2269.wml | 66 ------ danish/security/2011/dsa-2270.wml | 21 -- danish/security/2011/dsa-2271.wml | 27 --- danish/security/2011/dsa-2272.wml | 22 -- danish/security/2011/dsa-2273.wml | 69 ------ danish/security/2011/dsa-2274.wml | 22 -- danish/security/2011/dsa-2275.wml | 25 --- danish/security/2011/dsa-2276.wml | 41 ---- danish/security/2011/dsa-2277.wml | 26 --- danish/security/2011/dsa-2278.wml | 21 -- danish/security/2011/dsa-2279.wml | 22 -- danish/security/2011/dsa-2280.wml | 27 --- danish/security/2011/dsa-2281.wml | 28 --- danish/security/2011/dsa-2282.wml | 33 --- danish/security/2011/dsa-2283.wml | 19 -- danish/security/2011/dsa-2284.wml | 21 -- danish/security/2011/dsa-2285.wml | 36 ---- danish/security/2011/dsa-2286.wml | 54 ----- danish/security/2011/dsa-2287.wml | 30 --- danish/security/2011/dsa-2288.wml | 21 -- danish/security/2011/dsa-2289.wml | 24 --- danish/security/2011/dsa-2290.wml | 25 --- danish/security/2011/dsa-2291.wml | 44 ---- danish/security/2011/dsa-2292.wml | 20 -- danish/security/2011/dsa-2293.wml | 21 -- danish/security/2011/dsa-2294.wml | 20 -- danish/security/2011/dsa-2295.wml | 57 ----- danish/security/2011/dsa-2296.wml | 58 ----- danish/security/2011/dsa-2297.wml | 60 ------ danish/security/2011/dsa-2298.wml | 44 ---- danish/security/2011/dsa-2299.wml | 26 --- danish/security/2011/dsa-2300.wml | 23 -- danish/security/2011/dsa-2301.wml | 53 ----- danish/security/2011/dsa-2302.wml | 26 --- danish/security/2011/dsa-2303.wml | 145 ------------- danish/security/2011/dsa-2304.wml | 27 --- danish/security/2011/dsa-2305.wml | 51 ----- danish/security/2011/dsa-2306.wml | 55 ----- danish/security/2011/dsa-2307.wml | 51 ----- danish/security/2011/dsa-2308.wml | 21 -- danish/security/2011/dsa-2309.wml | 39 ---- danish/security/2011/dsa-2310.wml | 143 ------------- danish/security/2011/dsa-2311.wml | 63 ------ danish/security/2011/dsa-2312.wml | 54 ----- danish/security/2011/dsa-2313.wml | 56 ----- danish/security/2011/dsa-2314.wml | 64 ------ danish/security/2011/dsa-2315.wml | 22 -- danish/security/2011/dsa-2316.wml | 55 ----- danish/security/2011/dsa-2317.wml | 52 ----- danish/security/2011/dsa-2318.wml | 45 ---- danish/security/2011/dsa-2319.wml | 20 -- danish/security/2011/dsa-2320.wml | 17 -- danish/security/2011/dsa-2321.wml | 20 -- danish/security/2011/dsa-2322.wml | 88 -------- danish/security/2011/dsa-2323.wml | 53 ----- danish/security/2011/dsa-2324.wml | 20 -- danish/security/2011/dsa-2325.wml | 20 -- danish/security/2011/dsa-2326.wml | 22 -- danish/security/2011/dsa-2327.wml | 25 --- danish/security/2011/dsa-2328.wml | 21 -- danish/security/2011/dsa-2329.wml | 24 --- danish/security/2011/dsa-2330.wml | 29 --- danish/security/2011/dsa-2331.wml | 38 ---- danish/security/2011/dsa-2332.wml | 51 ----- danish/security/2011/dsa-2333.wml | 44 ---- danish/security/2011/dsa-2334.wml | 44 ---- danish/security/2011/dsa-2335.wml | 26 --- danish/security/2011/dsa-2336.wml | 47 ----- danish/security/2011/dsa-2337.wml | 41 ---- danish/security/2011/dsa-2338.wml | 58 ----- danish/security/2011/dsa-2339.wml | 27 --- danish/security/2011/dsa-2340.wml | 26 --- danish/security/2011/dsa-2341.wml | 40 ---- danish/security/2011/dsa-2342.wml | 39 ---- danish/security/2011/dsa-2343.wml | 28 --- danish/security/2011/dsa-2344.wml | 22 -- danish/security/2011/dsa-2345.wml | 41 ---- danish/security/2011/dsa-2346.wml | 35 --- danish/security/2011/dsa-2347.wml | 19 -- danish/security/2011/dsa-2348.wml | 36 ---- danish/security/2011/dsa-2349.wml | 20 -- danish/security/2011/dsa-2350.wml | 21 -- danish/security/2011/dsa-2351.wml | 20 -- danish/security/2011/dsa-2352.wml | 24 --- danish/security/2011/dsa-2353.wml | 20 -- danish/security/2011/dsa-2354.wml | 22 -- danish/security/2011/dsa-2355.wml | 20 -- danish/security/2011/dsa-2356.wml | 92 -------- danish/security/2011/dsa-2357.wml | 57 ----- danish/security/2011/dsa-2358.wml | 133 ------------ danish/security/2011/dsa-2359.wml | 18 -- danish/security/2011/dsa-2361.wml | 18 -- danish/security/2011/dsa-2362.wml | 43 ---- danish/security/2011/dsa-2363.wml | 39 ---- danish/security/2011/dsa-2364.wml | 19 -- danish/security/2011/dsa-2365.wml | 64 ------ danish/security/2011/dsa-2366.wml | 70 ------ danish/security/2011/dsa-2367.wml | 39 ---- danish/security/2011/dsa-2368.wml | 48 ----- danish/security/2011/dsa-2369.wml | 25 --- danish/security/2011/dsa-2370.wml | 35 --- danish/security/2011/dsa-2371.wml | 21 -- danish/security/2011/dsa-2372.wml | 22 -- danish/security/2011/dsa-2373.wml | 22 -- danish/security/2011/dsa-2374.wml | 23 -- danish/security/2011/dsa-2375.wml | 22 -- danish/security/2011/dsa-2376.wml | 23 -- danish/security/2011/index.wml | 14 -- danish/security/2012/Makefile | 1 - danish/security/2012/dsa-2377.wml | 25 --- danish/security/2012/dsa-2378.wml | 18 -- danish/security/2012/dsa-2379.wml | 35 --- danish/security/2012/dsa-2380.wml | 29 --- danish/security/2012/dsa-2381.wml | 21 -- danish/security/2012/dsa-2382.wml | 62 ------ danish/security/2012/dsa-2383.wml | 22 -- danish/security/2012/dsa-2384.wml | 24 --- danish/security/2012/dsa-2385.wml | 22 -- danish/security/2012/dsa-2386.wml | 21 -- danish/security/2012/dsa-2387.wml | 22 -- danish/security/2012/dsa-2388.wml | 59 ------ danish/security/2012/dsa-2389.wml | 103 --------- danish/security/2012/dsa-2390.wml | 60 ------ danish/security/2012/dsa-2391.wml | 38 ---- danish/security/2012/dsa-2392.wml | 22 -- danish/security/2012/dsa-2393.wml | 20 -- danish/security/2012/dsa-2394.wml | 56 ----- danish/security/2012/dsa-2395.wml | 29 --- danish/security/2012/dsa-2396.wml | 22 -- danish/security/2012/dsa-2397.wml | 20 -- danish/security/2012/dsa-2398.wml | 37 ---- danish/security/2012/dsa-2399.wml | 61 ------ danish/security/2012/dsa-2400.wml | 46 ---- danish/security/2012/dsa-2401.wml | 54 ----- danish/security/2012/dsa-2402.wml | 42 ---- danish/security/2012/dsa-2403.wml | 22 -- danish/security/2012/dsa-2404.wml | 20 -- danish/security/2012/dsa-2405.wml | 84 -------- danish/security/2012/dsa-2406.wml | 44 ---- danish/security/2012/dsa-2407.wml | 18 -- danish/security/2012/dsa-2408.wml | 63 ------ danish/security/2012/dsa-2409.wml | 44 ---- danish/security/2012/dsa-2410.wml | 17 -- danish/security/2012/dsa-2411.wml | 18 -- danish/security/2012/dsa-2412.wml | 17 -- danish/security/2012/dsa-2413.wml | 20 -- danish/security/2012/dsa-2414.wml | 22 -- danish/security/2012/dsa-2415.wml | 65 ------ danish/security/2012/dsa-2416.wml | 20 -- danish/security/2012/dsa-2417.wml | 22 -- danish/security/2012/dsa-2418.wml | 39 ---- danish/security/2012/dsa-2419.wml | 32 --- danish/security/2012/dsa-2420.wml | 88 -------- danish/security/2012/dsa-2421.wml | 74 ------- danish/security/2012/dsa-2422.wml | 19 -- danish/security/2012/dsa-2423.wml | 34 --- danish/security/2012/dsa-2424.wml | 19 -- danish/security/2012/dsa-2425.wml | 18 -- danish/security/2012/dsa-2426.wml | 68 ------ danish/security/2012/dsa-2427.wml | 34 --- danish/security/2012/dsa-2428.wml | 20 -- danish/security/2012/dsa-2429.wml | 27 --- danish/security/2012/dsa-2430.wml | 17 -- danish/security/2012/dsa-2431.wml | 18 -- danish/security/2012/dsa-2432.wml | 17 -- danish/security/2012/dsa-2433.wml | 46 ---- danish/security/2012/dsa-2434.wml | 19 -- danish/security/2012/dsa-2435.wml | 42 ---- danish/security/2012/dsa-2436.wml | 21 -- danish/security/2012/dsa-2437.wml | 41 ---- danish/security/2012/dsa-2438.wml | 17 -- danish/security/2012/dsa-2439.wml | 18 -- danish/security/2012/dsa-2440.wml | 20 -- danish/security/2012/dsa-2441.wml | 18 -- danish/security/2012/dsa-2442.wml | 20 -- danish/security/2012/dsa-2443.wml | 76 ------- danish/security/2012/dsa-2444.wml | 18 -- danish/security/2012/dsa-2445.wml | 40 ---- danish/security/2012/dsa-2446.wml | 16 -- danish/security/2012/dsa-2447.wml | 17 -- danish/security/2012/dsa-2448.wml | 21 -- danish/security/2012/dsa-2449.wml | 24 --- danish/security/2012/dsa-2450.wml | 20 -- danish/security/2012/dsa-2451.wml | 52 ----- danish/security/2012/dsa-2452.wml | 53 ----- danish/security/2012/dsa-2453.wml | 45 ---- danish/security/2012/dsa-2454.wml | 52 ----- danish/security/2012/dsa-2455.wml | 22 -- danish/security/2012/dsa-2456.wml | 23 -- danish/security/2012/dsa-2457.wml | 53 ----- danish/security/2012/dsa-2458.wml | 69 ------ danish/security/2012/dsa-2459.wml | 47 ----- danish/security/2012/dsa-2460.wml | 33 --- danish/security/2012/dsa-2461.wml | 21 -- danish/security/2012/dsa-2462.wml | 19 -- danish/security/2012/dsa-2463.wml | 18 -- danish/security/2012/dsa-2464.wml | 49 ----- danish/security/2012/dsa-2465.wml | 23 -- danish/security/2012/dsa-2466.wml | 20 -- danish/security/2012/dsa-2467.wml | 19 -- danish/security/2012/dsa-2468.wml | 16 -- danish/security/2012/dsa-2469.wml | 79 ------- danish/security/2012/dsa-2470.wml | 25 --- danish/security/2012/dsa-2471.wml | 23 -- danish/security/2012/dsa-2472.wml | 19 -- danish/security/2012/dsa-2473.wml | 18 -- danish/security/2012/dsa-2474.wml | 21 -- danish/security/2012/dsa-2475.wml | 20 -- danish/security/2012/dsa-2476.wml | 26 --- danish/security/2012/dsa-2477.wml | 22 -- danish/security/2012/dsa-2478.wml | 17 -- danish/security/2012/dsa-2479.wml | 17 -- danish/security/2012/dsa-2480.wml | 63 ------ danish/security/2012/dsa-2481.wml | 22 -- danish/security/2012/dsa-2482.wml | 22 -- danish/security/2012/dsa-2483.wml | 27 --- danish/security/2012/dsa-2484.wml | 17 -- danish/security/2012/dsa-2485.wml | 20 -- danish/security/2012/dsa-2486.wml | 15 -- danish/security/2012/dsa-2487.wml | 30 --- danish/security/2012/dsa-2488.wml | 47 ----- danish/security/2012/dsa-2489.wml | 39 ---- danish/security/2012/dsa-2490.wml | 19 -- danish/security/2012/dsa-2491.wml | 34 --- danish/security/2012/dsa-2492.wml | 21 -- danish/security/2012/dsa-2493.wml | 43 ---- danish/security/2012/dsa-2494.wml | 28 --- danish/security/2012/dsa-2495.wml | 17 -- danish/security/2012/dsa-2496.wml | 34 --- danish/security/2012/dsa-2497.wml | 19 -- danish/security/2012/dsa-2498.wml | 22 -- danish/security/2012/dsa-2499.wml | 21 -- danish/security/2012/dsa-2500.wml | 52 ----- danish/security/2012/dsa-2501.wml | 41 ---- danish/security/2012/dsa-2502.wml | 20 -- danish/security/2012/dsa-2503.wml | 18 -- danish/security/2012/dsa-2504.wml | 20 -- danish/security/2012/dsa-2505.wml | 19 -- danish/security/2012/dsa-2506.wml | 27 --- danish/security/2012/dsa-2507.wml | 59 ------ danish/security/2012/dsa-2508.wml | 21 -- danish/security/2012/dsa-2509.wml | 22 -- danish/security/2012/dsa-2510.wml | 27 --- danish/security/2012/dsa-2511.wml | 40 ---- danish/security/2012/dsa-2512.wml | 18 -- danish/security/2012/dsa-2513.wml | 40 ---- danish/security/2012/dsa-2514.wml | 61 ------ danish/security/2012/dsa-2515.wml | 22 -- danish/security/2012/dsa-2516.wml | 34 --- danish/security/2012/dsa-2517.wml | 21 -- danish/security/2012/dsa-2518.wml | 43 ---- danish/security/2012/dsa-2519.wml | 46 ---- danish/security/2012/dsa-2520.wml | 26 --- danish/security/2012/dsa-2521.wml | 17 -- danish/security/2012/dsa-2522.wml | 21 -- danish/security/2012/dsa-2523.wml | 20 -- danish/security/2012/dsa-2524.wml | 17 -- danish/security/2012/dsa-2525.wml | 21 -- danish/security/2012/dsa-2526.wml | 24 --- danish/security/2012/dsa-2527.wml | 31 --- danish/security/2012/dsa-2528.wml | 43 ---- danish/security/2012/dsa-2529.wml | 44 ---- danish/security/2012/dsa-2530.wml | 17 -- danish/security/2012/dsa-2531.wml | 36 ---- danish/security/2012/dsa-2532.wml | 18 -- danish/security/2012/dsa-2533.wml | 49 ----- danish/security/2012/dsa-2534.wml | 39 ---- danish/security/2012/dsa-2535.wml | 18 -- danish/security/2012/dsa-2536.wml | 19 -- danish/security/2012/dsa-2537.wml | 44 ---- danish/security/2012/dsa-2538.wml | 21 -- danish/security/2012/dsa-2539.wml | 21 -- danish/security/2012/dsa-2540.wml | 22 -- danish/security/2012/dsa-2541.wml | 24 --- danish/security/2012/dsa-2542.wml | 38 ---- danish/security/2012/dsa-2543.wml | 37 ---- danish/security/2012/dsa-2544.wml | 38 ---- danish/security/2012/dsa-2545.wml | 37 ---- danish/security/2012/dsa-2546.wml | 23 -- danish/security/2012/dsa-2547.wml | 17 -- danish/security/2012/dsa-2548.wml | 46 ---- danish/security/2012/dsa-2549.wml | 58 ----- danish/security/2012/dsa-2550.wml | 25 --- danish/security/2012/dsa-2551.wml | 23 -- danish/security/2012/dsa-2552.wml | 64 ------ danish/security/2012/dsa-2553.wml | 24 --- danish/security/2012/dsa-2554.wml | 23 -- danish/security/2012/dsa-2555.wml | 19 -- danish/security/2012/dsa-2556.wml | 25 --- danish/security/2012/dsa-2557.wml | 22 -- danish/security/2012/dsa-2558.wml | 20 -- danish/security/2012/dsa-2559.wml | 73 ------- danish/security/2012/dsa-2560.wml | 15 -- danish/security/2012/dsa-2561.wml | 18 -- danish/security/2012/dsa-2562.wml | 22 -- danish/security/2012/dsa-2563.wml | 47 ----- danish/security/2012/dsa-2564.wml | 21 -- danish/security/2012/dsa-2565.wml | 83 -------- danish/security/2012/dsa-2566.wml | 22 -- danish/security/2012/dsa-2567.wml | 56 ----- danish/security/2012/dsa-2568.wml | 14 -- danish/security/2012/dsa-2569.wml | 82 ------- danish/security/2012/dsa-2570.wml | 26 --- danish/security/2012/dsa-2571.wml | 20 -- danish/security/2012/dsa-2572.wml | 89 -------- danish/security/2012/dsa-2573.wml | 32 --- danish/security/2012/dsa-2574.wml | 20 -- danish/security/2012/dsa-2575.wml | 23 -- danish/security/2012/dsa-2576.wml | 22 -- danish/security/2012/dsa-2577.wml | 41 ---- danish/security/2012/dsa-2578.wml | 41 ---- danish/security/2012/dsa-2579.wml | 50 ----- danish/security/2012/dsa-2580.wml | 17 -- danish/security/2012/dsa-2581.wml | 32 --- danish/security/2012/dsa-2582.wml | 113 ---------- danish/security/2012/dsa-2583.wml | 58 ----- danish/security/2012/dsa-2584.wml | 58 ----- danish/security/2012/dsa-2585.wml | 19 -- danish/security/2012/dsa-2586.wml | 35 --- danish/security/2012/dsa-2587.wml | 18 -- danish/security/2012/dsa-2588.wml | 55 ----- danish/security/2012/dsa-2589.wml | 19 -- danish/security/2012/dsa-2590.wml | 17 -- danish/security/2012/dsa-2591.wml | 18 -- danish/security/2012/dsa-2592.wml | 25 --- danish/security/2012/dsa-2593.wml | 20 -- danish/security/2012/dsa-2594.wml | 19 -- danish/security/2012/dsa-2595.wml | 20 -- danish/security/2012/dsa-2596.wml | 21 -- danish/security/2012/index.wml | 14 -- danish/security/2013/Makefile | 1 - danish/security/2013/dsa-2597.wml | 23 -- danish/security/2013/dsa-2598.wml | 33 --- danish/security/2013/dsa-2599.wml | 23 -- danish/security/2013/dsa-2600.wml | 28 --- danish/security/2013/dsa-2601.wml | 22 -- danish/security/2013/dsa-2602.wml | 22 -- danish/security/2013/dsa-2603.wml | 20 -- danish/security/2013/dsa-2604.wml | 20 -- danish/security/2013/dsa-2605.wml | 18 -- danish/security/2013/dsa-2606.wml | 20 -- danish/security/2013/dsa-2607.wml | 20 -- danish/security/2013/dsa-2608.wml | 20 -- danish/security/2013/dsa-2609.wml | 16 -- danish/security/2013/dsa-2610.wml | 21 -- danish/security/2013/dsa-2611.wml | 23 -- danish/security/2013/dsa-2612.wml | 20 -- danish/security/2013/dsa-2613.wml | 27 --- danish/security/2013/dsa-2614.wml | 26 --- danish/security/2013/dsa-2615.wml | 26 --- danish/security/2013/dsa-2616.wml | 20 -- danish/security/2013/dsa-2617.wml | 42 ---- danish/security/2013/dsa-2618.wml | 21 -- danish/security/2013/dsa-2619.wml | 17 -- danish/security/2013/dsa-2620.wml | 29 --- danish/security/2013/dsa-2621.wml | 36 ---- danish/security/2013/dsa-2622.wml | 41 ---- danish/security/2013/dsa-2623.wml | 14 -- danish/security/2013/dsa-2624.wml | 22 -- danish/security/2013/dsa-2625.wml | 17 -- danish/security/2013/dsa-2626.wml | 42 ---- danish/security/2013/dsa-2627.wml | 20 -- danish/security/2013/dsa-2628.wml | 24 --- danish/security/2013/dsa-2629.wml | 34 --- danish/security/2013/dsa-2630.wml | 21 -- danish/security/2013/dsa-2631.wml | 38 ---- danish/security/2013/dsa-2632.wml | 52 ----- danish/security/2013/dsa-2633.wml | 19 -- danish/security/2013/dsa-2634.wml | 49 ----- danish/security/2013/dsa-2635.wml | 21 -- danish/security/2013/dsa-2636.wml | 44 ---- danish/security/2013/dsa-2637.wml | 43 ---- danish/security/2013/dsa-2638.wml | 20 -- danish/security/2013/dsa-2639.wml | 36 ---- danish/security/2013/dsa-2640.wml | 37 ---- danish/security/2013/dsa-2641.wml | 22 -- danish/security/2013/dsa-2642.wml | 34 --- danish/security/2013/dsa-2643.wml | 80 ------- danish/security/2013/dsa-2644.wml | 18 -- danish/security/2013/dsa-2645.wml | 21 -- danish/security/2013/dsa-2646.wml | 42 ---- danish/security/2013/dsa-2647.wml | 20 -- danish/security/2013/dsa-2648.wml | 19 -- danish/security/2013/dsa-2649.wml | 28 --- danish/security/2013/dsa-2650.wml | 24 --- danish/security/2013/dsa-2651.wml | 24 --- danish/security/2013/dsa-2652.wml | 21 -- danish/security/2013/dsa-2653.wml | 20 -- danish/security/2013/dsa-2654.wml | 21 -- danish/security/2013/dsa-2655.wml | 21 -- danish/security/2013/dsa-2656.wml | 23 -- danish/security/2013/dsa-2657.wml | 25 --- danish/security/2013/dsa-2658.wml | 44 ---- danish/security/2013/dsa-2659.wml | 28 --- danish/security/2013/dsa-2660.wml | 27 --- danish/security/2013/dsa-2661.wml | 29 --- danish/security/2013/dsa-2662.wml | 37 ---- danish/security/2013/dsa-2663.wml | 28 --- danish/security/2013/dsa-2664.wml | 32 --- danish/security/2013/dsa-2665.wml | 31 --- danish/security/2013/dsa-2666.wml | 63 ------ danish/security/2013/dsa-2667.wml | 19 -- danish/security/2013/dsa-2668.wml | 266 ----------------------- danish/security/2013/dsa-2669.wml | 162 -------------- danish/security/2013/dsa-2670.wml | 80 ------- danish/security/2013/dsa-2671.wml | 90 -------- danish/security/2013/dsa-2672.wml | 22 -- danish/security/2013/dsa-2673.wml | 24 --- danish/security/2013/dsa-2674.wml | 24 --- danish/security/2013/dsa-2675.wml | 24 --- danish/security/2013/dsa-2676.wml | 24 --- danish/security/2013/dsa-2677.wml | 24 --- danish/security/2013/dsa-2678.wml | 24 --- danish/security/2013/dsa-2679.wml | 24 --- danish/security/2013/dsa-2680.wml | 24 --- danish/security/2013/dsa-2681.wml | 24 --- danish/security/2013/dsa-2682.wml | 24 --- danish/security/2013/dsa-2683.wml | 24 --- danish/security/2013/dsa-2684.wml | 24 --- danish/security/2013/dsa-2685.wml | 24 --- danish/security/2013/dsa-2686.wml | 24 --- danish/security/2013/dsa-2687.wml | 24 --- danish/security/2013/dsa-2688.wml | 24 --- danish/security/2013/dsa-2689.wml | 24 --- danish/security/2013/dsa-2690.wml | 24 --- danish/security/2013/dsa-2691.wml | 24 --- danish/security/2013/dsa-2692.wml | 24 --- danish/security/2013/dsa-2693.wml | 24 --- danish/security/2013/dsa-2694.wml | 23 -- danish/security/2013/dsa-2695.wml | 127 ----------- danish/security/2013/dsa-2696.wml | 26 --- danish/security/2013/dsa-2697.wml | 21 -- danish/security/2013/dsa-2698.wml | 38 ---- danish/security/2013/dsa-2699.wml | 40 ---- danish/security/2013/dsa-2700.wml | 20 -- danish/security/2013/dsa-2701.wml | 23 -- danish/security/2013/dsa-2702.wml | 23 -- danish/security/2013/dsa-2703.wml | 38 ---- danish/security/2013/dsa-2704.wml | 22 -- danish/security/2013/dsa-2705.wml | 27 --- danish/security/2013/dsa-2706.wml | 92 -------- danish/security/2013/dsa-2707.wml | 26 --- danish/security/2013/dsa-2708.wml | 30 --- danish/security/2013/dsa-2709.wml | 18 -- danish/security/2013/dsa-2710.wml | 51 ----- danish/security/2013/dsa-2711.wml | 35 --- danish/security/2013/dsa-2712.wml | 20 -- danish/security/2013/dsa-2713.wml | 24 --- danish/security/2013/dsa-2714.wml | 18 -- danish/security/2013/dsa-2715.wml | 24 --- danish/security/2013/dsa-2716.wml | 25 --- danish/security/2013/dsa-2717.wml | 25 --- danish/security/2013/dsa-2718.wml | 84 -------- danish/security/2013/dsa-2719.wml | 32 --- danish/security/2013/dsa-2720.wml | 44 ---- danish/security/2013/dsa-2721.wml | 24 --- danish/security/2013/dsa-2722.wml | 19 -- danish/security/2013/dsa-2723.wml | 22 -- danish/security/2013/dsa-2724.wml | 85 -------- danish/security/2013/dsa-2725.wml | 42 ---- danish/security/2013/dsa-2726.wml | 22 -- danish/security/2013/dsa-2727.wml | 22 -- danish/security/2013/dsa-2728.wml | 22 -- danish/security/2013/dsa-2729.wml | 26 --- danish/security/2013/dsa-2730.wml | 25 --- danish/security/2013/dsa-2731.wml | 22 -- danish/security/2013/dsa-2732.wml | 52 ----- danish/security/2013/dsa-2733.wml | 30 --- danish/security/2013/dsa-2734.wml | 20 -- danish/security/2013/dsa-2735.wml | 24 --- danish/security/2013/dsa-2736.wml | 64 ------ danish/security/2013/dsa-2737.wml | 39 ---- danish/security/2013/dsa-2738.wml | 39 ---- danish/security/2013/dsa-2739.wml | 21 -- danish/security/2013/dsa-2740.wml | 32 --- danish/security/2013/dsa-2741.wml | 56 ----- danish/security/2013/dsa-2742.wml | 23 -- danish/security/2013/dsa-2743.wml | 55 ----- danish/security/2013/dsa-2744.wml | 22 -- danish/security/2013/dsa-2745.wml | 107 ---------- danish/security/2013/dsa-2746.wml | 28 --- danish/security/2013/dsa-2747.wml | 35 --- danish/security/2013/dsa-2748.wml | 22 -- danish/security/2013/dsa-2749.wml | 21 -- danish/security/2013/dsa-2750.wml | 22 -- danish/security/2013/dsa-2751.wml | 25 --- danish/security/2013/dsa-2752.wml | 21 -- danish/security/2013/dsa-2753.wml | 21 -- danish/security/2013/dsa-2754.wml | 27 --- danish/security/2013/dsa-2755.wml | 32 --- danish/security/2013/dsa-2756.wml | 21 -- danish/security/2013/dsa-2757.wml | 63 ------ danish/security/2013/dsa-2758.wml | 25 --- danish/security/2013/dsa-2759.wml | 21 -- danish/security/2013/dsa-2760.wml | 21 -- danish/security/2013/dsa-2761.wml | 48 ----- danish/security/2013/dsa-2762.wml | 28 --- danish/security/2013/dsa-2763.wml | 27 --- danish/security/2013/dsa-2764.wml | 21 -- danish/security/2013/dsa-2765.wml | 23 -- danish/security/2013/dsa-2766.wml | 109 ---------- danish/security/2013/dsa-2767.wml | 23 -- danish/security/2013/dsa-2768.wml | 25 --- danish/security/2013/dsa-2769.wml | 42 ---- danish/security/2013/dsa-2770.wml | 31 --- danish/security/2013/dsa-2771.wml | 24 --- danish/security/2013/dsa-2772.wml | 21 -- danish/security/2013/dsa-2773.wml | 40 ---- danish/security/2013/dsa-2774.wml | 40 ---- danish/security/2013/dsa-2775.wml | 26 --- danish/security/2013/dsa-2776.wml | 21 -- danish/security/2013/dsa-2777.wml | 20 -- danish/security/2013/dsa-2778.wml | 23 -- danish/security/2013/dsa-2779.wml | 22 -- danish/security/2013/dsa-2780.wml | 16 -- danish/security/2013/dsa-2781.wml | 28 --- danish/security/2013/dsa-2782.wml | 41 ---- danish/security/2013/dsa-2783.wml | 49 ----- danish/security/2013/dsa-2784.wml | 24 --- danish/security/2013/dsa-2785.wml | 124 ----------- danish/security/2013/dsa-2786.wml | 27 --- danish/security/2013/dsa-2787.wml | 23 -- danish/security/2013/dsa-2788.wml | 20 -- danish/security/2013/dsa-2789.wml | 28 --- danish/security/2013/dsa-2790.wml | 34 --- danish/security/2013/dsa-2791.wml | 20 -- danish/security/2013/dsa-2792.wml | 21 -- danish/security/2013/dsa-2793.wml | 20 -- danish/security/2013/dsa-2794.wml | 28 --- danish/security/2013/dsa-2795.wml | 52 ----- danish/security/2013/dsa-2796.wml | 25 --- danish/security/2013/dsa-2797.wml | 27 --- danish/security/2013/dsa-2798.wml | 26 --- danish/security/2013/dsa-2799.wml | 88 -------- danish/security/2013/dsa-2800.wml | 25 --- danish/security/2013/dsa-2801.wml | 30 --- danish/security/2013/dsa-2802.wml | 20 -- danish/security/2013/dsa-2803.wml | 33 --- danish/security/2013/dsa-2804.wml | 29 --- danish/security/2013/dsa-2805.wml | 30 --- danish/security/2013/dsa-2806.wml | 21 -- danish/security/2013/dsa-2807.wml | 24 --- danish/security/2013/dsa-2808.wml | 30 --- danish/security/2013/dsa-2809.wml | 46 ---- danish/security/2013/dsa-2810.wml | 24 --- danish/security/2013/dsa-2811.wml | 57 ----- danish/security/2013/dsa-2812.wml | 34 --- danish/security/2013/dsa-2813.wml | 22 -- danish/security/2013/dsa-2814.wml | 23 -- danish/security/2013/dsa-2815.wml | 38 ---- danish/security/2013/dsa-2816.wml | 40 ---- danish/security/2013/dsa-2817.wml | 24 --- danish/security/2013/dsa-2818.wml | 50 ----- danish/security/2013/dsa-2819.wml | 18 -- danish/security/2013/dsa-2820.wml | 22 -- danish/security/2013/dsa-2821.wml | 21 -- danish/security/2013/dsa-2822.wml | 20 -- danish/security/2013/dsa-2823.wml | 20 -- danish/security/2013/dsa-2824.wml | 23 -- danish/security/2013/dsa-2825.wml | 18 -- danish/security/2013/dsa-2826.wml | 27 --- danish/security/2013/dsa-2827.wml | 28 --- danish/security/2013/dsa-2828.wml | 25 --- danish/security/2013/dsa-2829.wml | 21 -- danish/security/2013/dsa-2830.wml | 23 -- danish/security/2013/dsa-2831.wml | 24 --- danish/security/2013/index.wml | 14 -- danish/security/2014/Makefile | 1 - danish/security/2014/dsa-2832.wml | 42 ---- danish/security/2014/dsa-2833.wml | 24 --- danish/security/2014/dsa-2834.wml | 27 --- danish/security/2014/dsa-2835.wml | 36 ---- danish/security/2014/dsa-2836.wml | 24 --- danish/security/2014/dsa-2837.wml | 19 -- danish/security/2014/dsa-2838.wml | 20 -- danish/security/2014/dsa-2839.wml | 43 ---- danish/security/2014/dsa-2840.wml | 28 --- danish/security/2014/dsa-2841.wml | 20 -- danish/security/2014/dsa-2842.wml | 48 ----- danish/security/2014/dsa-2843.wml | 43 ---- danish/security/2014/dsa-2844.wml | 18 -- danish/security/2014/dsa-2845.wml | 16 -- danish/security/2014/dsa-2846.wml | 32 --- danish/security/2014/dsa-2847.wml | 46 ---- danish/security/2014/dsa-2848.wml | 32 --- danish/security/2014/dsa-2849.wml | 22 -- danish/security/2014/dsa-2850.wml | 25 --- danish/security/2014/dsa-2851.wml | 19 -- danish/security/2014/dsa-2852.wml | 22 -- danish/security/2014/dsa-2853.wml | 21 -- danish/security/2014/dsa-2854.wml | 39 ---- danish/security/2014/dsa-2855.wml | 21 -- danish/security/2014/dsa-2856.wml | 22 -- danish/security/2014/dsa-2857.wml | 34 --- danish/security/2014/dsa-2858.wml | 23 -- danish/security/2014/dsa-2859.wml | 87 -------- danish/security/2014/dsa-2860.wml | 26 --- danish/security/2014/dsa-2861.wml | 25 --- danish/security/2014/dsa-2862.wml | 58 ----- danish/security/2014/dsa-2863.wml | 23 -- danish/security/2014/dsa-2864.wml | 109 ---------- danish/security/2014/dsa-2865.wml | 110 ---------- danish/security/2014/dsa-2866.wml | 21 -- danish/security/2014/dsa-2867.wml | 38 ---- danish/security/2014/dsa-2868.wml | 29 --- danish/security/2014/dsa-2869.wml | 30 --- danish/security/2014/dsa-2870.wml | 30 --- danish/security/2014/dsa-2871.wml | 38 ---- danish/security/2014/dsa-2872.wml | 20 -- danish/security/2014/dsa-2873.wml | 37 ---- danish/security/2014/dsa-2874.wml | 21 -- danish/security/2014/dsa-2875.wml | 18 -- danish/security/2014/dsa-2876.wml | 18 -- danish/security/2014/dsa-2877.wml | 43 ---- danish/security/2014/dsa-2878.wml | 24 --- danish/security/2014/dsa-2879.wml | 26 --- danish/security/2014/dsa-2880.wml | 30 --- danish/security/2014/dsa-2881.wml | 20 -- danish/security/2014/dsa-2882.wml | 22 -- danish/security/2014/dsa-2883.wml | 135 ------------ danish/security/2014/dsa-2884.wml | 23 -- danish/security/2014/dsa-2885.wml | 27 --- danish/security/2014/dsa-2886.wml | 23 -- danish/security/2014/dsa-2887.wml | 19 -- danish/security/2014/dsa-2888.wml | 18 -- danish/security/2014/dsa-2889.wml | 21 -- danish/security/2014/dsa-2890.wml | 32 --- danish/security/2014/dsa-2891.wml | 75 ------- danish/security/2014/dsa-2892.wml | 38 ---- danish/security/2014/dsa-2893.wml | 44 ---- danish/security/2014/dsa-2894.wml | 42 ---- danish/security/2014/dsa-2895.wml | 28 --- danish/security/2014/dsa-2896.wml | 32 --- danish/security/2014/dsa-2897.wml | 55 ----- danish/security/2014/dsa-2898.wml | 24 --- danish/security/2014/dsa-2899.wml | 27 --- danish/security/2014/dsa-2900.wml | 17 -- danish/security/2014/dsa-2901.wml | 41 ---- danish/security/2014/dsa-2902.wml | 40 ---- danish/security/2014/dsa-2903.wml | 33 --- danish/security/2014/dsa-2904.wml | 24 --- danish/security/2014/dsa-2905.wml | 94 --------- danish/security/2014/dsa-2906.wml | 198 ----------------- danish/security/2014/dsa-2907.wml | 55 ----- danish/security/2014/dsa-2908.wml | 52 ----- danish/security/2014/dsa-2909.wml | 27 --- danish/security/2014/dsa-2910.wml | 21 -- danish/security/2014/dsa-2911.wml | 25 --- danish/security/2014/dsa-2912.wml | 24 --- danish/security/2014/dsa-2913.wml | 28 --- danish/security/2014/dsa-2914.wml | 22 -- danish/security/2014/dsa-2915.wml | 28 --- danish/security/2014/dsa-2916.wml | 20 -- danish/security/2014/dsa-2917.wml | 19 -- danish/security/2014/dsa-2918.wml | 21 -- danish/security/2014/dsa-2919.wml | 32 --- danish/security/2014/dsa-2920.wml | 56 ----- danish/security/2014/dsa-2921.wml | 27 --- danish/security/2014/dsa-2922.wml | 29 --- danish/security/2014/dsa-2923.wml | 19 -- danish/security/2014/dsa-2924.wml | 24 --- danish/security/2014/dsa-2925.wml | 24 --- danish/security/2014/dsa-2926.wml | 45 ---- danish/security/2014/dsa-2927.wml | 46 ---- danish/security/2014/dsa-2928.wml | 56 ----- danish/security/2014/dsa-2929.wml | 35 --- danish/security/2014/dsa-2930.wml | 37 ---- danish/security/2014/dsa-2931.wml | 22 -- danish/security/2014/dsa-2932.wml | 37 ---- danish/security/2014/dsa-2933.wml | 32 --- danish/security/2014/dsa-2934.wml | 63 ------ danish/security/2014/dsa-2935.wml | 20 -- danish/security/2014/dsa-2936.wml | 22 -- danish/security/2014/dsa-2937.wml | 37 ---- danish/security/2014/dsa-2938.wml | 80 ------- danish/security/2014/dsa-2939.wml | 62 ------ danish/security/2014/dsa-2940.wml | 17 -- danish/security/2014/dsa-2941.wml | 22 -- danish/security/2014/dsa-2942.wml | 22 -- danish/security/2014/dsa-2943.wml | 45 ---- danish/security/2014/dsa-2944.wml | 19 -- danish/security/2014/dsa-2945.wml | 18 -- danish/security/2014/dsa-2946.wml | 21 -- danish/security/2014/dsa-2947.wml | 22 -- danish/security/2014/dsa-2948.wml | 21 -- danish/security/2014/dsa-2949.wml | 34 --- danish/security/2014/dsa-2950.wml | 51 ----- danish/security/2014/dsa-2951.wml | 20 -- danish/security/2014/dsa-2952.wml | 47 ----- danish/security/2014/dsa-2953.wml | 29 --- danish/security/2014/dsa-2954.wml | 21 -- danish/security/2014/dsa-2955.wml | 19 -- danish/security/2014/dsa-2956.wml | 22 -- danish/security/2014/dsa-2957.wml | 20 -- danish/security/2014/dsa-2958.wml | 21 -- danish/security/2014/dsa-2959.wml | 45 ---- danish/security/2014/dsa-2960.wml | 19 -- danish/security/2014/dsa-2961.wml | 24 --- danish/security/2014/dsa-2962.wml | 18 -- danish/security/2014/dsa-2963.wml | 20 -- danish/security/2014/dsa-2964.wml | 22 -- danish/security/2014/dsa-2965.wml | 20 -- danish/security/2014/dsa-2966.wml | 44 ---- danish/security/2014/dsa-2967.wml | 20 -- danish/security/2014/dsa-2968.wml | 23 -- danish/security/2014/dsa-2970.wml | 22 -- danish/security/2014/dsa-2971.wml | 47 ----- danish/security/2014/dsa-2972.wml | 20 -- danish/security/2014/dsa-2973.wml | 21 -- danish/security/2014/dsa-2974.wml | 65 ------ danish/security/2014/dsa-2975.wml | 49 ----- danish/security/2014/dsa-2976.wml | 21 -- danish/security/2014/dsa-2977.wml | 20 -- danish/security/2014/dsa-2978.wml | 17 -- danish/security/2014/dsa-2979.wml | 24 --- danish/security/2014/dsa-2980.wml | 16 -- danish/security/2014/dsa-2981.wml | 23 -- danish/security/2014/dsa-2982.wml | 23 -- danish/security/2014/dsa-2983.wml | 23 -- danish/security/2014/dsa-2984.wml | 22 -- danish/security/2014/dsa-2985.wml | 26 --- danish/security/2014/dsa-2986.wml | 19 -- danish/security/2014/dsa-2987.wml | 19 -- danish/security/2014/dsa-2988.wml | 17 -- danish/security/2014/dsa-2989.wml | 46 ---- danish/security/2014/dsa-2990.wml | 20 -- danish/security/2014/dsa-2991.wml | 25 --- danish/security/2014/dsa-2992.wml | 43 ---- danish/security/2014/dsa-2993.wml | 60 ------ danish/security/2014/dsa-2994.wml | 43 ---- danish/security/2014/dsa-2995.wml | 23 -- danish/security/2014/dsa-2996.wml | 19 -- danish/security/2014/dsa-2997.wml | 22 -- danish/security/2014/dsa-2998.wml | 35 --- danish/security/2014/dsa-2999.wml | 25 --- danish/security/2014/dsa-3000.wml | 60 ------ danish/security/2014/dsa-3001.wml | 20 -- danish/security/2014/dsa-3002.wml | 18 -- danish/security/2014/dsa-3003.wml | 19 -- danish/security/2014/dsa-3004.wml | 20 -- danish/security/2014/dsa-3005.wml | 23 -- danish/security/2014/dsa-3006.wml | 17 -- danish/security/2014/dsa-3007.wml | 18 -- danish/security/2014/dsa-3008.wml | 53 ----- danish/security/2014/dsa-3009.wml | 18 -- danish/security/2014/dsa-3010.wml | 57 ----- danish/security/2014/dsa-3011.wml | 22 -- danish/security/2014/dsa-3012.wml | 22 -- danish/security/2014/dsa-3013.wml | 16 -- danish/security/2014/dsa-3014.wml | 18 -- danish/security/2014/dsa-3015.wml | 19 -- danish/security/2014/dsa-3016.wml | 22 -- danish/security/2014/dsa-3017.wml | 17 -- danish/security/2014/dsa-3018.wml | 19 -- danish/security/2014/dsa-3019.wml | 20 -- danish/security/2014/dsa-3020.wml | 19 -- danish/security/2014/dsa-3021.wml | 22 -- danish/security/2014/dsa-3022.wml | 40 ---- danish/security/2014/dsa-3023.wml | 23 -- danish/security/2014/dsa-3024.wml | 23 -- danish/security/2014/dsa-3025.wml | 27 --- danish/security/2014/dsa-3026.wml | 51 ----- danish/security/2014/dsa-3027.wml | 22 -- danish/security/2014/dsa-3028.wml | 19 -- danish/security/2014/dsa-3029.wml | 22 -- danish/security/2014/dsa-3030.wml | 14 -- danish/security/2014/dsa-3031.wml | 30 --- danish/security/2014/dsa-3032.wml | 16 -- danish/security/2014/dsa-3033.wml | 25 --- danish/security/2014/dsa-3034.wml | 22 -- danish/security/2014/dsa-3035.wml | 25 --- danish/security/2014/dsa-3036.wml | 18 -- danish/security/2014/dsa-3037.wml | 22 -- danish/security/2014/dsa-3038.wml | 44 ---- danish/security/2014/dsa-3039.wml | 105 --------- danish/security/2014/dsa-3040.wml | 20 -- danish/security/2014/dsa-3041.wml | 18 -- danish/security/2014/dsa-3042.wml | 22 -- danish/security/2014/dsa-3044.wml | 26 --- danish/security/2014/dsa-3045.wml | 25 --- danish/security/2014/dsa-3046.wml | 22 -- danish/security/2014/dsa-3047.wml | 31 --- danish/security/2014/dsa-3048.wml | 22 -- danish/security/2014/dsa-3049.wml | 21 -- danish/security/2014/dsa-3050.wml | 29 --- danish/security/2014/dsa-3051.wml | 17 -- danish/security/2014/dsa-3052.wml | 22 -- danish/security/2014/dsa-3053.wml | 55 ----- danish/security/2014/dsa-3054.wml | 27 --- danish/security/2014/dsa-3055.wml | 41 ---- danish/security/2014/dsa-3056.wml | 16 -- danish/security/2014/dsa-3057.wml | 26 --- danish/security/2014/dsa-3058.wml | 19 -- danish/security/2014/dsa-3059.wml | 18 -- danish/security/2014/dsa-3060.wml | 92 -------- danish/security/2014/dsa-3061.wml | 24 --- danish/security/2014/dsa-3062.wml | 25 --- danish/security/2014/dsa-3063.wml | 20 -- danish/security/2014/dsa-3064.wml | 21 -- danish/security/2014/dsa-3065.wml | 22 -- danish/security/2014/dsa-3066.wml | 36 ---- danish/security/2014/dsa-3067.wml | 34 --- danish/security/2014/dsa-3068.wml | 18 -- danish/security/2014/dsa-3069.wml | 27 --- danish/security/2014/dsa-3070.wml | 37 ---- danish/security/2014/dsa-3071.wml | 24 --- danish/security/2014/dsa-3072.wml | 23 -- danish/security/2014/dsa-3073.wml | 15 -- danish/security/2014/dsa-3074.wml | 26 --- danish/security/2014/dsa-3075.wml | 38 ---- danish/security/2014/dsa-3076.wml | 21 -- danish/security/2014/dsa-3077.wml | 15 -- danish/security/2014/dsa-3078.wml | 24 --- danish/security/2014/dsa-3079.wml | 19 -- danish/security/2014/dsa-3080.wml | 21 -- danish/security/2014/dsa-3081.wml | 19 -- danish/security/2014/dsa-3082.wml | 19 -- danish/security/2014/dsa-3083.wml | 18 -- danish/security/2014/dsa-3084.wml | 18 -- danish/security/2014/dsa-3085.wml | 78 ------- danish/security/2014/dsa-3086.wml | 22 -- danish/security/2014/dsa-3087.wml | 17 -- danish/security/2014/dsa-3088.wml | 18 -- danish/security/2014/dsa-3089.wml | 18 -- danish/security/2014/dsa-3090.wml | 23 -- danish/security/2014/dsa-3091.wml | 48 ----- danish/security/2014/dsa-3092.wml | 23 -- danish/security/2014/dsa-3093.wml | 51 ----- danish/security/2014/dsa-3094.wml | 27 --- danish/security/2014/dsa-3095.wml | 21 -- danish/security/2014/dsa-3096.wml | 20 -- danish/security/2014/dsa-3097.wml | 24 --- danish/security/2014/dsa-3098.wml | 22 -- danish/security/2014/dsa-3099.wml | 25 --- danish/security/2014/dsa-3100.wml | 15 -- danish/security/2014/dsa-3101.wml | 21 -- danish/security/2014/dsa-3102.wml | 23 -- danish/security/2014/dsa-3103.wml | 26 --- danish/security/2014/dsa-3104.wml | 29 --- danish/security/2014/dsa-3105.wml | 38 ---- danish/security/2014/dsa-3106.wml | 23 -- danish/security/2014/dsa-3107.wml | 19 -- danish/security/2014/dsa-3108.wml | 46 ---- danish/security/2014/dsa-3109.wml | 22 -- danish/security/2014/dsa-3110.wml | 19 -- danish/security/2014/dsa-3111.wml | 22 -- danish/security/2014/dsa-3112.wml | 19 -- danish/security/2014/dsa-3113.wml | 27 --- danish/security/2014/dsa-3114.wml | 20 -- danish/security/2014/dsa-3115.wml | 23 -- danish/security/2014/dsa-3116.wml | 20 -- danish/security/2014/dsa-3117.wml | 29 --- danish/security/2014/index.wml | 14 -- danish/security/2015/Makefile | 1 - danish/security/2015/dsa-3118.wml | 36 ---- danish/security/2015/dsa-3119.wml | 22 -- danish/security/2015/dsa-3120.wml | 16 -- danish/security/2015/dsa-3121.wml | 30 --- danish/security/2015/dsa-3122.wml | 25 --- danish/security/2015/dsa-3123.wml | 21 -- danish/security/2015/dsa-3124.wml | 23 -- danish/security/2015/dsa-3125.wml | 88 -------- danish/security/2015/dsa-3126.wml | 20 -- danish/security/2015/dsa-3127.wml | 20 -- danish/security/2015/dsa-3128.wml | 63 ------ danish/security/2015/dsa-3129.wml | 34 --- danish/security/2015/dsa-3130.wml | 21 -- danish/security/2015/dsa-3131.wml | 18 -- danish/security/2015/dsa-3132.wml | 22 -- danish/security/2015/dsa-3133.wml | 20 -- danish/security/2015/dsa-3134.wml | 23 -- danish/security/2015/dsa-3135.wml | 25 --- danish/security/2015/dsa-3136.wml | 20 -- danish/security/2015/dsa-3137.wml | 19 -- danish/security/2015/dsa-3138.wml | 22 -- danish/security/2015/dsa-3139.wml | 16 -- danish/security/2015/dsa-3140.wml | 52 ----- danish/security/2015/dsa-3141.wml | 20 -- danish/security/2015/dsa-3142.wml | 46 ---- danish/security/2015/dsa-3143.wml | 17 -- danish/security/2015/dsa-3144.wml | 21 -- danish/security/2015/dsa-3145.wml | 21 -- danish/security/2015/dsa-3146.wml | 23 -- danish/security/2015/dsa-3147.wml | 15 -- danish/security/2015/dsa-3148.wml | 36 ---- danish/security/2015/dsa-3149.wml | 21 -- danish/security/2015/dsa-3150.wml | 55 ----- danish/security/2015/dsa-3151.wml | 47 ----- danish/security/2015/dsa-3152.wml | 23 -- danish/security/2015/dsa-3153.wml | 41 ---- danish/security/2015/dsa-3154.wml | 35 --- danish/security/2015/dsa-3155.wml | 48 ----- danish/security/2015/dsa-3157.wml | 38 ---- danish/security/2015/dsa-3158.wml | 20 -- danish/security/2015/dsa-3159.wml | 22 -- danish/security/2015/dsa-3160.wml | 18 -- danish/security/2015/dsa-3161.wml | 22 -- danish/security/2015/dsa-3162.wml | 17 -- danish/security/2015/dsa-3163.wml | 22 -- danish/security/2015/dsa-3164.wml | 22 -- danish/security/2015/dsa-3165.wml | 23 -- danish/security/2015/dsa-3166.wml | 35 --- danish/security/2015/dsa-3167.wml | 20 -- danish/security/2015/dsa-3168.wml | 20 -- danish/security/2015/dsa-3169.wml | 68 ------ danish/security/2015/dsa-3170.wml | 100 --------- danish/security/2015/dsa-3171.wml | 16 -- danish/security/2015/dsa-3172.wml | 19 -- danish/security/2015/dsa-3173.wml | 22 -- danish/security/2015/dsa-3174.wml | 19 -- danish/security/2015/dsa-3175.wml | 15 -- danish/security/2015/dsa-3176.wml | 41 ---- danish/security/2015/dsa-3177.wml | 20 -- danish/security/2015/dsa-3178.wml | 23 -- danish/security/2015/dsa-3179.wml | 19 -- danish/security/2015/dsa-3180.wml | 21 -- danish/security/2015/dsa-3181.wml | 39 ---- danish/security/2015/dsa-3182.wml | 19 -- danish/security/2015/dsa-3183.wml | 38 ---- danish/security/2015/dsa-3184.wml | 44 ---- danish/security/2015/dsa-3185.wml | 30 --- danish/security/2015/dsa-3186.wml | 21 -- danish/security/2015/dsa-3187.wml | 61 ------ danish/security/2015/dsa-3188.wml | 21 -- danish/security/2015/dsa-3189.wml | 19 -- danish/security/2015/dsa-3190.wml | 23 -- danish/security/2015/dsa-3191.wml | 31 --- danish/security/2015/dsa-3192.wml | 22 -- danish/security/2015/dsa-3193.wml | 21 -- danish/security/2015/dsa-3194.wml | 17 -- danish/security/2015/dsa-3195.wml | 46 ---- danish/security/2015/dsa-3196.wml | 20 -- danish/security/2015/dsa-3197.wml | 50 ----- danish/security/2015/dsa-3198.wml | 30 --- danish/security/2015/dsa-3199.wml | 18 -- danish/security/2015/dsa-3200.wml | 18 -- danish/security/2015/dsa-3201.wml | 37 ---- danish/security/2015/dsa-3202.wml | 20 -- danish/security/2015/dsa-3203.wml | 36 ---- danish/security/2015/dsa-3204.wml | 19 -- danish/security/2015/dsa-3205.wml | 20 -- danish/security/2015/dsa-3206.wml | 41 ---- danish/security/2015/dsa-3207.wml | 22 -- danish/security/2015/dsa-3208.wml | 22 -- danish/security/2015/dsa-3209.wml | 55 ----- danish/security/2015/dsa-3210.wml | 20 -- danish/security/2015/dsa-3211.wml | 20 -- danish/security/2015/dsa-3212.wml | 23 -- danish/security/2015/dsa-3213.wml | 48 ----- danish/security/2015/dsa-3214.wml | 20 -- danish/security/2015/dsa-3215.wml | 37 ---- danish/security/2015/dsa-3216.wml | 40 ---- danish/security/2015/dsa-3217.wml | 21 -- danish/security/2015/dsa-3218.wml | 19 -- danish/security/2015/dsa-3219.wml | 22 -- danish/security/2015/dsa-3220.wml | 16 -- danish/security/2015/dsa-3221.wml | 19 -- danish/security/2015/dsa-3222.wml | 44 ---- danish/security/2015/dsa-3223.wml | 40 ---- danish/security/2015/dsa-3224.wml | 27 --- danish/security/2015/dsa-3225.wml | 16 -- danish/security/2015/dsa-3226.wml | 28 --- danish/security/2015/dsa-3227.wml | 16 -- danish/security/2015/dsa-3228.wml | 19 -- danish/security/2015/dsa-3229.wml | 28 --- danish/security/2015/dsa-3230.wml | 22 -- danish/security/2015/dsa-3231.wml | 37 ---- danish/security/2015/dsa-3232.wml | 55 ----- danish/security/2015/dsa-3233.wml | 24 --- danish/security/2015/dsa-3234.wml | 16 -- danish/security/2015/dsa-3235.wml | 23 -- danish/security/2015/dsa-3236.wml | 20 -- danish/security/2015/dsa-3237.wml | 115 ---------- danish/security/2015/dsa-3238.wml | 103 --------- danish/security/2015/dsa-3239.wml | 23 -- danish/security/2015/dsa-3240.wml | 22 -- danish/security/2015/dsa-3241.wml | 16 -- danish/security/2015/dsa-3242.wml | 32 --- danish/security/2015/dsa-3243.wml | 23 -- danish/security/2015/dsa-3244.wml | 49 ----- danish/security/2015/dsa-3245.wml | 16 -- danish/security/2015/dsa-3246.wml | 16 -- danish/security/2015/dsa-3247.wml | 22 -- danish/security/2015/dsa-3248.wml | 21 -- danish/security/2015/dsa-3249.wml | 21 -- danish/security/2015/dsa-3250.wml | 30 --- danish/security/2015/dsa-3251.wml | 25 --- danish/security/2015/dsa-3252.wml | 20 -- danish/security/2015/dsa-3253.wml | 39 ---- danish/security/2015/dsa-3254.wml | 18 -- danish/security/2015/dsa-3255.wml | 22 -- danish/security/2015/dsa-3256.wml | 23 -- danish/security/2015/dsa-3257.wml | 24 --- danish/security/2015/dsa-3258.wml | 24 --- danish/security/2015/dsa-3259.wml | 45 ---- danish/security/2015/dsa-3260.wml | 22 -- danish/security/2015/dsa-3261.wml | 60 ------ danish/security/2015/dsa-3262.wml | 18 -- danish/security/2015/dsa-3263.wml | 21 -- danish/security/2015/dsa-3264.wml | 22 -- danish/security/2015/dsa-3265.wml | 88 -------- danish/security/2015/dsa-3266.wml | 23 -- danish/security/2015/dsa-3267.wml | 98 --------- danish/security/2015/dsa-3268.wml | 26 --- danish/security/2015/dsa-3269.wml | 49 ----- danish/security/2015/dsa-3270.wml | 44 ---- danish/security/2015/dsa-3271.wml | 31 --- danish/security/2015/dsa-3272.wml | 22 -- danish/security/2015/dsa-3273.wml | 18 -- danish/security/2015/dsa-3274.wml | 20 -- danish/security/2015/dsa-3275.wml | 20 -- danish/security/2015/dsa-3276.wml | 24 --- danish/security/2015/dsa-3277.wml | 24 --- danish/security/2015/dsa-3278.wml | 27 --- danish/security/2015/dsa-3279.wml | 21 -- danish/security/2015/dsa-3280.wml | 49 ----- danish/security/2015/dsa-3281.wml | 25 --- danish/security/2015/dsa-3282.wml | 32 --- danish/security/2015/dsa-3283.wml | 22 -- danish/security/2015/dsa-3284.wml | 68 ------ danish/security/2015/dsa-3285.wml | 34 --- danish/security/2015/dsa-3286.wml | 77 ------- danish/security/2015/dsa-3287.wml | 74 ------- danish/security/2015/dsa-3288.wml | 22 -- danish/security/2015/dsa-3289.wml | 23 -- danish/security/2015/dsa-3290.wml | 46 ---- danish/security/2015/dsa-3291.wml | 44 ---- danish/security/2015/dsa-3293.wml | 21 -- danish/security/2015/dsa-3294.wml | 22 -- danish/security/2015/dsa-3295.wml | 21 -- danish/security/2015/dsa-3296.wml | 26 --- danish/security/2015/dsa-3297.wml | 21 -- danish/security/2015/dsa-3298.wml | 29 --- danish/security/2015/dsa-3299.wml | 25 --- danish/security/2015/dsa-3300.wml | 24 --- danish/security/2015/dsa-3301.wml | 20 -- danish/security/2015/dsa-3302.wml | 21 -- danish/security/2015/dsa-3303.wml | 23 -- danish/security/2015/dsa-3304.wml | 24 --- danish/security/2015/dsa-3305.wml | 38 ---- danish/security/2015/dsa-3306.wml | 24 --- danish/security/2015/dsa-3307.wml | 24 --- danish/security/2015/dsa-3308.wml | 25 --- danish/security/2015/dsa-3309.wml | 26 --- danish/security/2015/dsa-3310.wml | 24 --- danish/security/2015/dsa-3311.wml | 29 --- danish/security/2015/dsa-3312.wml | 23 -- danish/security/2015/dsa-3313.wml | 60 ------ danish/security/2015/dsa-3314.wml | 18 -- danish/security/2015/dsa-3315.wml | 141 ------------- danish/security/2015/dsa-3316.wml | 22 -- danish/security/2015/dsa-3317.wml | 39 ---- danish/security/2015/dsa-3318.wml | 21 -- danish/security/2015/dsa-3319.wml | 19 -- danish/security/2015/dsa-3320.wml | 18 -- danish/security/2015/dsa-3321.wml | 22 -- danish/security/2015/dsa-3322.wml | 23 -- danish/security/2015/dsa-3323.wml | 56 ----- danish/security/2015/dsa-3324.wml | 23 -- danish/security/2015/dsa-3325.wml | 49 ----- danish/security/2015/dsa-3326.wml | 25 --- danish/security/2015/dsa-3327.wml | 23 -- danish/security/2015/dsa-3328.wml | 42 ---- danish/security/2015/dsa-3329.wml | 89 -------- danish/security/2015/dsa-3330.wml | 21 -- danish/security/2015/dsa-3331.wml | 46 ---- danish/security/2015/dsa-3332.wml | 54 ----- danish/security/2015/dsa-3333.wml | 27 --- danish/security/2015/dsa-3334.wml | 20 -- danish/security/2015/dsa-3335.wml | 29 --- danish/security/2015/dsa-3336.wml | 43 ---- danish/security/2015/dsa-3337.wml | 24 --- danish/security/2015/dsa-3338.wml | 26 --- danish/security/2015/dsa-3339.wml | 16 -- danish/security/2015/dsa-3340.wml | 25 --- danish/security/2015/dsa-3341.wml | 21 -- danish/security/2015/dsa-3342.wml | 19 -- danish/security/2015/dsa-3343.wml | 20 -- danish/security/2015/dsa-3344.wml | 65 ------ danish/security/2015/dsa-3345.wml | 41 ---- danish/security/2015/dsa-3346.wml | 59 ------ danish/security/2015/dsa-3347.wml | 19 -- danish/security/2015/dsa-3348.wml | 63 ------ danish/security/2015/dsa-3349.wml | 31 --- danish/security/2015/dsa-3350.wml | 19 -- danish/security/2015/dsa-3351.wml | 77 ------- danish/security/2015/dsa-3352.wml | 21 -- danish/security/2015/dsa-3353.wml | 22 -- danish/security/2015/dsa-3354.wml | 21 -- danish/security/2015/dsa-3355.wml | 24 --- danish/security/2015/dsa-3356.wml | 23 -- danish/security/2015/dsa-3357.wml | 29 --- danish/security/2015/dsa-3358.wml | 28 --- danish/security/2015/dsa-3359.wml | 27 --- danish/security/2015/dsa-3360.wml | 23 -- danish/security/2015/dsa-3361.wml | 56 ----- danish/security/2015/dsa-3362.wml | 48 ----- danish/security/2015/dsa-3363.wml | 24 --- danish/security/2015/dsa-3364.wml | 75 ------- danish/security/2015/dsa-3365.wml | 23 -- danish/security/2015/dsa-3366.wml | 19 -- danish/security/2015/dsa-3367.wml | 21 -- danish/security/2015/dsa-3368.wml | 19 -- danish/security/2015/dsa-3369.wml | 38 ---- danish/security/2015/dsa-3370.wml | 24 --- danish/security/2015/dsa-3371.wml | 23 -- danish/security/2015/dsa-3372.wml | 59 ------ danish/security/2015/dsa-3373.wml | 23 -- danish/security/2015/dsa-3374.wml | 35 --- danish/security/2015/dsa-3375.wml | 50 ----- danish/security/2015/dsa-3376.wml | 74 ------- danish/security/2015/dsa-3377.wml | 28 --- danish/security/2015/dsa-3378.wml | 42 ---- danish/security/2015/dsa-3379.wml | 23 -- danish/security/2015/dsa-3380.wml | 53 ----- danish/security/2015/dsa-3381.wml | 22 -- danish/security/2015/dsa-3382.wml | 61 ------ danish/security/2015/dsa-3383.wml | 69 ------ danish/security/2015/dsa-3384.wml | 22 -- danish/security/2015/dsa-3385.wml | 25 --- danish/security/2015/dsa-3386.wml | 43 ---- danish/security/2015/dsa-3387.wml | 21 -- danish/security/2015/dsa-3388.wml | 159 -------------- danish/security/2015/dsa-3389.wml | 14 -- danish/security/2015/dsa-3391.wml | 21 -- danish/security/2015/dsa-3392.wml | 22 -- danish/security/2015/dsa-3393.wml | 22 -- danish/security/2015/dsa-3394.wml | 53 ----- danish/security/2015/dsa-3395.wml | 49 ----- danish/security/2015/dsa-3396.wml | 53 ----- danish/security/2015/dsa-3397.wml | 70 ------ danish/security/2015/dsa-3398.wml | 33 --- danish/security/2015/dsa-3399.wml | 38 ---- danish/security/2015/dsa-3400.wml | 17 -- danish/security/2015/dsa-3401.wml | 20 -- danish/security/2015/dsa-3402.wml | 35 --- danish/security/2015/dsa-3403.wml | 30 --- danish/security/2015/dsa-3405.wml | 19 -- danish/security/2015/dsa-3406.wml | 24 --- danish/security/2015/dsa-3407.wml | 23 -- danish/security/2015/dsa-3408.wml | 16 -- danish/security/2015/dsa-3409.wml | 25 --- danish/security/2015/dsa-3410.wml | 25 --- danish/security/2015/dsa-3411.wml | 20 -- danish/security/2015/dsa-3412.wml | 21 -- danish/security/2015/dsa-3413.wml | 45 ---- danish/security/2015/dsa-3414.wml | 21 -- danish/security/2015/dsa-3415.wml | 129 ----------- danish/security/2015/dsa-3416.wml | 22 -- danish/security/2015/dsa-3417.wml | 31 --- danish/security/2015/dsa-3418.wml | 43 ---- danish/security/2015/dsa-3419.wml | 18 -- danish/security/2015/dsa-3420.wml | 22 -- danish/security/2015/dsa-3421.wml | 27 --- danish/security/2015/dsa-3422.wml | 23 -- danish/security/2015/dsa-3423.wml | 25 --- danish/security/2015/dsa-3424.wml | 20 -- danish/security/2015/dsa-3425.wml | 21 -- danish/security/2015/dsa-3426.wml | 70 ------ danish/security/2015/dsa-3427.wml | 19 -- danish/security/2015/dsa-3428.wml | 21 -- danish/security/2015/dsa-3429.wml | 21 -- danish/security/2015/dsa-3430.wml | 27 --- danish/security/2015/index.wml | 14 -- danish/security/2016/Makefile | 1 - danish/security/2016/dsa-3426.wml | 23 -- danish/security/2016/dsa-3431.wml | 22 -- danish/security/2016/dsa-3432.wml | 25 --- danish/security/2016/dsa-3433.wml | 85 -------- danish/security/2016/dsa-3434.wml | 106 ---------- danish/security/2016/dsa-3435.wml | 25 --- danish/security/2016/dsa-3436.wml | 26 --- danish/security/2016/dsa-3437.wml | 22 -- danish/security/2016/dsa-3438.wml | 21 -- danish/security/2016/dsa-3439.wml | 39 ---- danish/security/2016/dsa-3440.wml | 33 --- danish/security/2016/dsa-3441.wml | 20 -- danish/security/2016/dsa-3442.wml | 21 -- danish/security/2016/dsa-3443.wml | 36 ---- danish/security/2016/dsa-3444.wml | 21 -- danish/security/2016/dsa-3445.wml | 25 --- danish/security/2016/dsa-3446.wml | 61 ------ danish/security/2016/dsa-3447.wml | 30 --- danish/security/2016/dsa-3448.wml | 48 ----- danish/security/2016/dsa-3449.wml | 18 -- danish/security/2016/dsa-3450.wml | 19 -- danish/security/2016/dsa-3451.wml | 30 --- danish/security/2016/dsa-3452.wml | 19 -- danish/security/2016/dsa-3453.wml | 26 --- danish/security/2016/dsa-3454.wml | 27 --- danish/security/2016/dsa-3455.wml | 20 -- danish/security/2016/dsa-3456.wml | 70 ------ danish/security/2016/dsa-3457.wml | 22 -- danish/security/2016/dsa-3458.wml | 21 -- danish/security/2016/dsa-3459.wml | 26 --- danish/security/2016/dsa-3460.wml | 22 -- danish/security/2016/dsa-3461.wml | 15 -- danish/security/2016/dsa-3462.wml | 41 ---- danish/security/2016/dsa-3463.wml | 20 -- danish/security/2016/dsa-3464.wml | 19 -- danish/security/2016/dsa-3465.wml | 15 -- danish/security/2016/dsa-3466.wml | 45 ---- danish/security/2016/dsa-3467.wml | 24 --- danish/security/2016/dsa-3468.wml | 19 -- danish/security/2016/dsa-3469.wml | 86 -------- danish/security/2016/dsa-3470.wml | 86 -------- danish/security/2016/dsa-3471.wml | 140 ------------ danish/security/2016/dsa-3472.wml | 35 --- danish/security/2016/dsa-3473.wml | 25 --- danish/security/2016/dsa-3474.wml | 21 -- danish/security/2016/dsa-3475.wml | 39 ---- danish/security/2016/dsa-3476.wml | 33 --- danish/security/2016/dsa-3477.wml | 20 -- danish/security/2016/dsa-3478.wml | 18 -- danish/security/2016/dsa-3479.wml | 24 --- danish/security/2016/dsa-3480.wml | 106 ---------- danish/security/2016/dsa-3481.wml | 57 ----- danish/security/2016/dsa-3482.wml | 23 -- danish/security/2016/dsa-3483.wml | 21 -- danish/security/2016/dsa-3484.wml | 24 --- danish/security/2016/dsa-3485.wml | 21 -- danish/security/2016/dsa-3486.wml | 59 ------ danish/security/2016/dsa-3487.wml | 21 -- danish/security/2016/dsa-3488.wml | 24 --- danish/security/2016/dsa-3489.wml | 14 -- danish/security/2016/dsa-3490.wml | 19 -- danish/security/2016/dsa-3491.wml | 25 --- danish/security/2016/dsa-3492.wml | 30 --- danish/security/2016/dsa-3493.wml | 20 -- danish/security/2016/dsa-3494.wml | 25 --- danish/security/2016/dsa-3495.wml | 50 ----- danish/security/2016/dsa-3496.wml | 21 -- danish/security/2016/dsa-3497.wml | 21 -- danish/security/2016/dsa-3498.wml | 21 -- danish/security/2016/dsa-3499.wml | 25 --- danish/security/2016/dsa-3500.wml | 78 ------- danish/security/2016/dsa-3501.wml | 34 --- danish/security/2016/dsa-3502.wml | 31 --- danish/security/2016/dsa-3503.wml | 151 ------------- danish/security/2016/dsa-3504.wml | 23 -- danish/security/2016/dsa-3505.wml | 25 --- danish/security/2016/dsa-3506.wml | 19 -- danish/security/2016/dsa-3507.wml | 91 -------- danish/security/2016/dsa-3508.wml | 44 ---- danish/security/2016/dsa-3509.wml | 42 ---- danish/security/2016/dsa-3510.wml | 24 --- danish/security/2016/dsa-3511.wml | 34 --- danish/security/2016/dsa-3512.wml | 22 -- danish/security/2016/dsa-3513.wml | 36 ---- danish/security/2016/dsa-3514.wml | 49 ----- danish/security/2016/dsa-3515.wml | 24 --- danish/security/2016/dsa-3516.wml | 24 --- danish/security/2016/dsa-3517.wml | 36 ---- danish/security/2016/dsa-3518.wml | 34 --- danish/security/2016/dsa-3519.wml | 20 -- danish/security/2016/dsa-3520.wml | 22 -- danish/security/2016/dsa-3521.wml | 23 -- danish/security/2016/dsa-3522.wml | 25 --- danish/security/2016/dsa-3523.wml | 20 -- danish/security/2016/dsa-3524.wml | 25 --- danish/security/2016/dsa-3525.wml | 21 -- danish/security/2016/dsa-3526.wml | 23 -- danish/security/2016/dsa-3527.wml | 22 -- danish/security/2016/dsa-3528.wml | 20 -- danish/security/2016/dsa-3529.wml | 20 -- danish/security/2016/dsa-3530.wml | 16 -- danish/security/2016/dsa-3531.wml | 47 ----- danish/security/2016/dsa-3532.wml | 20 -- danish/security/2016/dsa-3533.wml | 21 -- danish/security/2016/dsa-3534.wml | 14 -- danish/security/2016/dsa-3535.wml | 20 -- danish/security/2016/dsa-3536.wml | 15 -- danish/security/2016/dsa-3537.wml | 37 ---- danish/security/2016/dsa-3538.wml | 42 ---- danish/security/2016/dsa-3539.wml | 21 -- danish/security/2016/dsa-3540.wml | 24 --- danish/security/2016/dsa-3541.wml | 19 -- danish/security/2016/dsa-3542.wml | 43 ---- danish/security/2016/dsa-3543.wml | 21 -- danish/security/2016/dsa-3544.wml | 41 ---- danish/security/2016/dsa-3545.wml | 22 -- danish/security/2016/dsa-3546.wml | 23 -- danish/security/2016/dsa-3547.wml | 20 -- danish/security/2016/dsa-3548.wml | 99 --------- danish/security/2016/dsa-3549.wml | 61 ------ danish/security/2016/dsa-3550.wml | 24 --- danish/security/2016/dsa-3551.wml | 37 ---- danish/security/2016/dsa-3552.wml | 26 --- danish/security/2016/dsa-3553.wml | 15 -- danish/security/2016/dsa-3554.wml | 39 ---- danish/security/2016/dsa-3555.wml | 52 ----- danish/security/2016/dsa-3556.wml | 25 --- danish/security/2016/dsa-3557.wml | 25 --- danish/security/2016/dsa-3558.wml | 15 -- danish/security/2016/dsa-3559.wml | 23 -- danish/security/2016/dsa-3560.wml | 23 -- danish/security/2016/dsa-3561.wml | 39 ---- danish/security/2016/dsa-3562.wml | 35 --- danish/security/2016/dsa-3563.wml | 21 -- danish/security/2016/dsa-3564.wml | 55 ----- danish/security/2016/dsa-3565.wml | 58 ----- danish/security/2016/dsa-3566.wml | 57 ----- danish/security/2016/dsa-3567.wml | 22 -- danish/security/2016/dsa-3568.wml | 23 -- danish/security/2016/dsa-3569.wml | 36 ---- danish/security/2016/dsa-3570.wml | 20 -- danish/security/2016/dsa-3571.wml | 18 -- danish/security/2016/dsa-3572.wml | 16 -- danish/security/2016/dsa-3573.wml | 31 --- danish/security/2016/dsa-3574.wml | 17 -- danish/security/2016/dsa-3575.wml | 20 -- danish/security/2016/dsa-3576.wml | 18 -- danish/security/2016/dsa-3577.wml | 20 -- danish/security/2016/dsa-3578.wml | 22 -- danish/security/2016/dsa-3579.wml | 22 -- danish/security/2016/dsa-3580.wml | 38 ---- danish/security/2016/dsa-3581.wml | 18 -- danish/security/2016/dsa-3582.wml | 20 -- danish/security/2016/dsa-3583.wml | 21 -- danish/security/2016/dsa-3584.wml | 22 -- danish/security/2016/dsa-3585.wml | 20 -- danish/security/2016/dsa-3586.wml | 20 -- danish/security/2016/dsa-3587.wml | 19 -- danish/security/2016/dsa-3588.wml | 37 ---- danish/security/2016/dsa-3589.wml | 18 -- danish/security/2016/dsa-3590.wml | 160 -------------- danish/security/2016/dsa-3591.wml | 24 --- danish/security/2016/dsa-3592.wml | 19 -- danish/security/2016/dsa-3593.wml | 18 -- danish/security/2016/dsa-3594.wml | 56 ----- danish/security/2016/dsa-3595.wml | 22 -- danish/security/2016/dsa-3596.wml | 33 --- danish/security/2016/dsa-3597.wml | 40 ---- danish/security/2016/dsa-3598.wml | 18 -- danish/security/2016/dsa-3599.wml | 25 --- danish/security/2016/dsa-3600.wml | 35 --- danish/security/2016/dsa-3601.wml | 26 --- danish/security/2016/dsa-3602.wml | 25 --- danish/security/2016/dsa-3603.wml | 17 -- danish/security/2016/dsa-3604.wml | 19 -- danish/security/2016/dsa-3605.wml | 16 -- danish/security/2016/dsa-3606.wml | 20 -- danish/security/2016/dsa-3607.wml | 193 ----------------- danish/security/2016/dsa-3608.wml | 21 -- danish/security/2016/dsa-3609.wml | 19 -- danish/security/2016/dsa-3610.wml | 21 -- danish/security/2016/dsa-3611.wml | 25 --- danish/security/2016/dsa-3612.wml | 18 -- danish/security/2016/dsa-3613.wml | 23 -- danish/security/2016/dsa-3614.wml | 29 --- danish/security/2016/dsa-3615.wml | 22 -- danish/security/2016/dsa-3616.wml | 54 ----- danish/security/2016/dsa-3617.wml | 21 -- danish/security/2016/dsa-3618.wml | 23 -- danish/security/2016/dsa-3619.wml | 21 -- danish/security/2016/dsa-3620.wml | 23 -- danish/security/2016/dsa-3621.wml | 27 --- danish/security/2016/dsa-3622.wml | 15 -- danish/security/2016/dsa-3623.wml | 19 -- danish/security/2016/dsa-3624.wml | 22 -- danish/security/2016/dsa-3625.wml | 55 ----- danish/security/2016/dsa-3626.wml | 22 -- danish/security/2016/dsa-3627.wml | 98 --------- danish/security/2016/dsa-3628.wml | 78 ------- danish/security/2016/dsa-3629.wml | 80 ------- danish/security/2016/dsa-3630.wml | 20 -- danish/security/2016/dsa-3631.wml | 23 -- danish/security/2016/dsa-3632.wml | 23 -- danish/security/2016/dsa-3633.wml | 45 ---- danish/security/2016/dsa-3634.wml | 22 -- danish/security/2016/dsa-3635.wml | 18 -- danish/security/2016/dsa-3636.wml | 25 --- danish/security/2016/dsa-3637.wml | 104 --------- danish/security/2016/dsa-3638.wml | 35 --- danish/security/2016/dsa-3639.wml | 17 -- danish/security/2016/dsa-3640.wml | 19 -- danish/security/2016/dsa-3641.wml | 15 -- danish/security/2016/dsa-3642.wml | 17 -- danish/security/2016/dsa-3643.wml | 20 -- danish/security/2016/dsa-3644.wml | 21 -- danish/security/2016/dsa-3645.wml | 54 ----- danish/security/2016/dsa-3646.wml | 31 --- danish/security/2016/dsa-3647.wml | 22 -- danish/security/2016/dsa-3648.wml | 21 -- danish/security/2016/dsa-3649.wml | 21 -- danish/security/2016/dsa-3650.wml | 21 -- danish/security/2016/dsa-3651.wml | 20 -- danish/security/2016/dsa-3652.wml | 20 -- danish/security/2016/dsa-3653.wml | 26 --- danish/security/2016/dsa-3654.wml | 28 --- danish/security/2016/dsa-3655.wml | 36 ---- danish/security/2016/dsa-3656.wml | 18 -- danish/security/2016/dsa-3657.wml | 21 -- danish/security/2016/dsa-3658.wml | 22 -- danish/security/2016/dsa-3659.wml | 64 ------ danish/security/2016/dsa-3660.wml | 117 ---------- danish/security/2016/dsa-3661.wml | 17 -- danish/security/2016/dsa-3662.wml | 17 -- danish/security/2016/dsa-3663.wml | 44 ---- danish/security/2016/dsa-3664.wml | 36 ---- danish/security/2016/dsa-3665.wml | 16 -- danish/security/2016/dsa-3666.wml | 28 --- danish/security/2016/dsa-3667.wml | 55 ----- danish/security/2016/dsa-3668.wml | 18 -- danish/security/2016/dsa-3669.wml | 14 -- danish/security/2016/dsa-3670.wml | 16 -- danish/security/2016/dsa-3671.wml | 21 -- danish/security/2016/dsa-3672.wml | 15 -- danish/security/2016/dsa-3673.wml | 65 ------ danish/security/2016/dsa-3674.wml | 18 -- danish/security/2016/dsa-3675.wml | 19 -- danish/security/2016/dsa-3676.wml | 37 ---- danish/security/2016/dsa-3677.wml | 18 -- danish/security/2016/dsa-3678.wml | 19 -- danish/security/2016/dsa-3679.wml | 19 -- danish/security/2016/dsa-3680.wml | 29 --- danish/security/2016/dsa-3681.wml | 16 -- danish/security/2016/dsa-3682.wml | 19 -- danish/security/2016/dsa-3683.wml | 33 --- danish/security/2016/dsa-3684.wml | 16 -- danish/security/2016/dsa-3685.wml | 16 -- danish/security/2016/dsa-3686.wml | 19 -- danish/security/2016/dsa-3687.wml | 37 ---- danish/security/2016/dsa-3688.wml | 76 ------- danish/security/2016/dsa-3689.wml | 25 --- danish/security/2016/dsa-3690.wml | 22 -- danish/security/2016/dsa-3691.wml | 15 -- danish/security/2016/dsa-3692.wml | 21 -- danish/security/2016/dsa-3693.wml | 17 -- danish/security/2016/dsa-3694.wml | 21 -- danish/security/2016/dsa-3695.wml | 15 -- danish/security/2016/dsa-3696.wml | 44 ---- danish/security/2016/dsa-3697.wml | 14 -- danish/security/2016/dsa-3698.wml | 20 -- danish/security/2016/dsa-3699.wml | 11 - danish/security/2016/dsa-3700.wml | 17 -- danish/security/2016/dsa-3701.wml | 17 -- danish/security/2016/dsa-3702.wml | 19 -- danish/security/2016/dsa-3703.wml | 17 -- danish/security/2016/dsa-3704.wml | 16 -- danish/security/2016/dsa-3705.wml | 81 ------- danish/security/2016/dsa-3706.wml | 24 --- danish/security/2016/dsa-3707.wml | 15 -- danish/security/2016/dsa-3708.wml | 16 -- danish/security/2016/dsa-3709.wml | 22 -- danish/security/2016/dsa-3710.wml | 21 -- danish/security/2016/dsa-3711.wml | 26 --- danish/security/2016/dsa-3712.wml | 17 -- danish/security/2016/dsa-3713.wml | 19 -- danish/security/2016/dsa-3714.wml | 16 -- danish/security/2016/dsa-3715.wml | 22 -- danish/security/2016/dsa-3716.wml | 20 -- danish/security/2016/dsa-3717.wml | 18 -- danish/security/2016/dsa-3718.wml | 19 -- danish/security/2016/dsa-3719.wml | 19 -- danish/security/2016/dsa-3720.wml | 17 -- danish/security/2016/dsa-3721.wml | 17 -- danish/security/2016/dsa-3722.wml | 16 -- danish/security/2016/dsa-3723.wml | 20 -- danish/security/2016/dsa-3724.wml | 19 -- danish/security/2016/dsa-3725.wml | 58 ----- danish/security/2016/dsa-3726.wml | 20 -- danish/security/2016/dsa-3727.wml | 18 -- danish/security/2016/dsa-3728.wml | 17 -- danish/security/2016/dsa-3729.wml | 70 ------ danish/security/2016/dsa-3730.wml | 20 -- danish/security/2016/dsa-3731.wml | 239 --------------------- danish/security/2016/dsa-3732.wml | 21 -- danish/security/2016/dsa-3733.wml | 21 -- danish/security/2016/dsa-3734.wml | 18 -- danish/security/2016/dsa-3735.wml | 20 -- danish/security/2016/dsa-3736.wml | 32 --- danish/security/2016/dsa-3737.wml | 21 -- danish/security/2016/dsa-3738.wml | 22 -- danish/security/2016/dsa-3739.wml | 22 -- danish/security/2016/dsa-3740.wml | 52 ----- danish/security/2016/dsa-3741.wml | 20 -- danish/security/2016/dsa-3742.wml | 19 -- danish/security/2016/dsa-3743.wml | 19 -- danish/security/2016/dsa-3744.wml | 25 --- danish/security/2016/dsa-3745.wml | 22 -- danish/security/2016/dsa-3746.wml | 105 --------- danish/security/2016/dsa-3747.wml | 15 -- danish/security/2016/dsa-3748.wml | 19 -- danish/security/2016/dsa-3749.wml | 19 -- danish/security/2016/dsa-3750.wml | 27 --- danish/security/2016/index.wml | 14 -- danish/security/2017/Makefile | 1 - danish/security/2017/dsa-3751.wml | 23 -- danish/security/2017/dsa-3752.wml | 18 -- danish/security/2017/dsa-3753.wml | 21 -- danish/security/2017/dsa-3754.wml | 14 -- danish/security/2017/dsa-3755.wml | 20 -- danish/security/2017/dsa-3756.wml | 18 -- danish/security/2017/dsa-3757.wml | 18 -- danish/security/2017/dsa-3758.wml | 38 ---- danish/security/2017/dsa-3759.wml | 20 -- danish/security/2017/dsa-3760.wml | 36 ---- danish/security/2017/dsa-3761.wml | 19 -- danish/security/2017/dsa-3762.wml | 31 --- danish/security/2017/dsa-3763.wml | 18 -- danish/security/2017/dsa-3764.wml | 53 ----- danish/security/2017/dsa-3765.wml | 22 -- danish/security/2017/dsa-3766.wml | 19 -- danish/security/2017/dsa-3767.wml | 24 --- danish/security/2017/dsa-3768.wml | 18 -- danish/security/2017/dsa-3769.wml | 19 -- danish/security/2017/dsa-3770.wml | 20 -- danish/security/2017/dsa-3771.wml | 19 -- danish/security/2017/dsa-3772.wml | 23 -- danish/security/2017/dsa-3773.wml | 36 ---- danish/security/2017/dsa-3774.wml | 21 -- danish/security/2017/dsa-3775.wml | 21 -- danish/security/2017/dsa-3776.wml | 118 ----------- danish/security/2017/dsa-3777.wml | 19 -- danish/security/2017/dsa-3778.wml | 17 -- danish/security/2017/dsa-3779.wml | 19 -- danish/security/2017/dsa-3780.wml | 19 -- danish/security/2017/dsa-3781.wml | 17 -- danish/security/2017/dsa-3782.wml | 17 -- danish/security/2017/dsa-3783.wml | 42 ---- danish/security/2017/dsa-3784.wml | 19 -- danish/security/2017/dsa-3785.wml | 15 -- danish/security/2017/dsa-3786.wml | 19 -- danish/security/2017/dsa-3787.wml | 15 -- danish/security/2017/dsa-3788.wml | 17 -- danish/security/2017/dsa-3789.wml | 18 -- danish/security/2017/dsa-3790.wml | 37 ---- danish/security/2017/dsa-3791.wml | 111 ---------- danish/security/2017/dsa-3792.wml | 23 -- danish/security/2017/dsa-3793.wml | 30 --- danish/security/2017/dsa-3794.wml | 17 -- danish/security/2017/dsa-3795.wml | 24 --- danish/security/2017/dsa-3796.wml | 48 ----- danish/security/2017/dsa-3797.wml | 21 -- danish/security/2017/dsa-3798.wml | 19 -- danish/security/2017/dsa-3799.wml | 23 -- danish/security/2017/dsa-3800.wml | 19 -- danish/security/2017/dsa-3801.wml | 22 -- danish/security/2017/dsa-3802.wml | 20 -- danish/security/2017/dsa-3803.wml | 23 -- danish/security/2017/dsa-3804.wml | 83 -------- danish/security/2017/dsa-3805.wml | 19 -- danish/security/2017/dsa-3806.wml | 20 -- danish/security/2017/dsa-3807.wml | 22 -- danish/security/2017/dsa-3808.wml | 28 --- danish/security/2017/dsa-3809.wml | 17 -- danish/security/2017/dsa-3810.wml | 105 --------- danish/security/2017/dsa-3811.wml | 19 -- danish/security/2017/dsa-3812.wml | 19 -- danish/security/2017/dsa-3813.wml | 21 -- danish/security/2017/dsa-3814.wml | 21 -- danish/security/2017/dsa-3815.wml | 19 -- danish/security/2017/dsa-3816.wml | 20 -- danish/security/2017/dsa-3817.wml | 22 -- danish/security/2017/dsa-3818.wml | 21 -- danish/security/2017/dsa-3819.wml | 21 -- danish/security/2017/dsa-3820.wml | 21 -- danish/security/2017/dsa-3821.wml | 21 -- danish/security/2017/dsa-3822.wml | 21 -- danish/security/2017/dsa-3823.wml | 19 -- danish/security/2017/dsa-3824.wml | 16 -- danish/security/2017/dsa-3825.wml | 23 -- danish/security/2017/dsa-3826.wml | 19 -- danish/security/2017/dsa-3827.wml | 15 -- danish/security/2017/dsa-3828.wml | 18 -- danish/security/2017/dsa-3829.wml | 21 -- danish/security/2017/dsa-3830.wml | 20 -- danish/security/2017/dsa-3831.wml | 20 -- danish/security/2017/dsa-3832.wml | 25 --- danish/security/2017/dsa-3833.wml | 16 -- danish/security/2017/dsa-3834.wml | 24 --- danish/security/2017/dsa-3835.wml | 44 ---- danish/security/2017/dsa-3836.wml | 19 -- danish/security/2017/dsa-3837.wml | 21 -- danish/security/2017/dsa-3838.wml | 18 -- danish/security/2017/dsa-3839.wml | 15 -- danish/security/2017/dsa-3840.wml | 23 -- danish/security/2017/dsa-3841.wml | 21 -- danish/security/2017/dsa-3842.wml | 33 --- danish/security/2017/dsa-3843.wml | 33 --- danish/security/2017/dsa-3844.wml | 21 -- danish/security/2017/dsa-3845.wml | 22 -- danish/security/2017/dsa-3846.wml | 20 -- danish/security/2017/dsa-3847.wml | 24 --- danish/security/2017/dsa-3848.wml | 19 -- danish/security/2017/dsa-3849.wml | 37 ---- danish/security/2017/dsa-3850.wml | 21 -- danish/security/2017/dsa-3851.wml | 32 --- danish/security/2017/dsa-3852.wml | 16 -- danish/security/2017/dsa-3853.wml | 19 -- danish/security/2017/dsa-3854.wml | 45 ---- danish/security/2017/dsa-3855.wml | 19 -- danish/security/2017/dsa-3856.wml | 18 -- danish/security/2017/dsa-3857.wml | 19 -- danish/security/2017/dsa-3858.wml | 15 -- danish/security/2017/dsa-3859.wml | 31 --- danish/security/2017/dsa-3860.wml | 16 -- danish/security/2017/dsa-3861.wml | 18 -- danish/security/2017/dsa-3862.wml | 23 -- danish/security/2017/dsa-3863.wml | 24 --- danish/security/2017/dsa-3864.wml | 20 -- danish/security/2017/dsa-3865.wml | 17 -- danish/security/2017/dsa-3866.wml | 42 ---- danish/security/2017/dsa-3867.wml | 17 -- danish/security/2017/dsa-3868.wml | 18 -- danish/security/2017/dsa-3869.wml | 20 -- danish/security/2017/dsa-3870.wml | 19 -- danish/security/2017/dsa-3871.wml | 23 -- danish/security/2017/dsa-3872.wml | 16 -- danish/security/2017/dsa-3873.wml | 23 -- danish/security/2017/dsa-3874.wml | 19 -- danish/security/2017/dsa-3875.wml | 18 -- danish/security/2017/dsa-3876.wml | 21 -- danish/security/2017/dsa-3877.wml | 23 -- danish/security/2017/dsa-3878.wml | 21 -- danish/security/2017/dsa-3879.wml | 21 -- danish/security/2017/dsa-3880.wml | 20 -- danish/security/2017/dsa-3881.wml | 26 --- danish/security/2017/dsa-3882.wml | 60 ------ danish/security/2017/dsa-3883.wml | 15 -- danish/security/2017/dsa-3884.wml | 22 -- danish/security/2017/dsa-3885.wml | 39 ---- danish/security/2017/dsa-3886.wml | 113 ---------- danish/security/2017/dsa-3887.wml | 22 -- danish/security/2017/dsa-3888.wml | 23 -- danish/security/2017/dsa-3889.wml | 29 --- danish/security/2017/dsa-3890.wml | 22 -- danish/security/2017/dsa-3891.wml | 26 --- danish/security/2017/dsa-3892.wml | 26 --- danish/security/2017/dsa-3893.wml | 22 -- danish/security/2017/dsa-3894.wml | 18 -- danish/security/2017/dsa-3895.wml | 18 -- danish/security/2017/dsa-3896.wml | 58 ----- danish/security/2017/dsa-3897.wml | 46 ---- danish/security/2017/dsa-3898.wml | 43 ---- danish/security/2017/dsa-3899.wml | 15 -- danish/security/2017/dsa-3900.wml | 55 ----- danish/security/2017/dsa-3901.wml | 28 --- danish/security/2017/dsa-3902.wml | 14 -- danish/security/2017/dsa-3903.wml | 24 --- danish/security/2017/dsa-3904.wml | 45 ---- danish/security/2017/dsa-3905.wml | 24 --- danish/security/2017/dsa-3906.wml | 20 -- danish/security/2017/dsa-3907.wml | 21 -- danish/security/2017/dsa-3908.wml | 19 -- danish/security/2017/dsa-3909.wml | 32 --- danish/security/2017/dsa-3910.wml | 21 -- danish/security/2017/dsa-3911.wml | 22 -- danish/security/2017/dsa-3912.wml | 27 --- danish/security/2017/dsa-3913.wml | 23 -- danish/security/2017/dsa-3914.wml | 24 --- danish/security/2017/dsa-3915.wml | 17 -- danish/security/2017/dsa-3916.wml | 19 -- danish/security/2017/dsa-3917.wml | 25 --- danish/security/2017/dsa-3918.wml | 21 -- danish/security/2017/dsa-3919.wml | 19 -- danish/security/2017/dsa-3920.wml | 48 ----- danish/security/2017/dsa-3921.wml | 18 -- danish/security/2017/dsa-3922.wml | 26 --- danish/security/2017/dsa-3923.wml | 23 -- danish/security/2017/dsa-3924.wml | 21 -- danish/security/2017/dsa-3925.wml | 33 --- danish/security/2017/dsa-3926.wml | 125 ----------- danish/security/2017/dsa-3927.wml | 88 -------- danish/security/2017/dsa-3928.wml | 20 -- danish/security/2017/dsa-3929.wml | 21 -- danish/security/2017/dsa-3930.wml | 46 ---- danish/security/2017/dsa-3931.wml | 14 -- danish/security/2017/dsa-3932.wml | 35 --- danish/security/2017/dsa-3933.wml | 17 -- danish/security/2017/dsa-3934.wml | 19 -- danish/security/2017/dsa-3935.wml | 34 --- danish/security/2017/dsa-3936.wml | 34 --- danish/security/2017/dsa-3937.wml | 18 -- danish/security/2017/dsa-3938.wml | 20 -- danish/security/2017/dsa-3939.wml | 19 -- danish/security/2017/dsa-3940.wml | 18 -- danish/security/2017/dsa-3941.wml | 16 -- danish/security/2017/dsa-3942.wml | 30 --- danish/security/2017/dsa-3943.wml | 21 -- danish/security/2017/dsa-3944.wml | 22 -- danish/security/2017/dsa-3945.wml | 103 --------- danish/security/2017/dsa-3946.wml | 20 -- danish/security/2017/dsa-3947.wml | 19 -- danish/security/2017/dsa-3948.wml | 19 -- danish/security/2017/dsa-3949.wml | 20 -- danish/security/2017/dsa-3950.wml | 19 -- danish/security/2017/dsa-3951.wml | 15 -- danish/security/2017/dsa-3952.wml | 25 --- danish/security/2017/dsa-3953.wml | 18 -- danish/security/2017/dsa-3954.wml | 16 -- danish/security/2017/dsa-3955.wml | 27 --- danish/security/2017/dsa-3956.wml | 28 --- danish/security/2017/dsa-3957.wml | 46 ---- danish/security/2017/dsa-3958.wml | 20 -- danish/security/2017/dsa-3959.wml | 21 -- danish/security/2017/dsa-3960.wml | 19 -- danish/security/2017/dsa-3961.wml | 22 -- danish/security/2017/dsa-3962.wml | 27 --- danish/security/2017/dsa-3963.wml | 39 ---- danish/security/2017/dsa-3964.wml | 24 --- danish/security/2017/dsa-3965.wml | 18 -- danish/security/2017/dsa-3966.wml | 44 ---- danish/security/2017/dsa-3967.wml | 24 --- danish/security/2017/dsa-3968.wml | 17 -- danish/security/2017/dsa-3969.wml | 91 -------- danish/security/2017/dsa-3970.wml | 18 -- danish/security/2017/dsa-3971.wml | 24 --- danish/security/2017/dsa-3972.wml | 19 -- danish/security/2017/dsa-3973.wml | 18 -- danish/security/2017/dsa-3974.wml | 33 --- danish/security/2017/dsa-3975.wml | 15 -- danish/security/2017/dsa-3976.wml | 22 -- danish/security/2017/dsa-3977.wml | 23 -- danish/security/2017/dsa-3978.wml | 18 -- danish/security/2017/dsa-3979.wml | 18 -- danish/security/2017/dsa-3980.wml | 17 -- danish/security/2017/dsa-3981.wml | 188 ----------------- danish/security/2017/dsa-3982.wml | 42 ---- danish/security/2017/dsa-3983.wml | 39 ---- danish/security/2017/dsa-3984.wml | 29 --- danish/security/2017/dsa-3985.wml | 78 ------- danish/security/2017/dsa-3986.wml | 18 -- danish/security/2017/dsa-3987.wml | 20 -- danish/security/2017/dsa-3988.wml | 25 --- danish/security/2017/dsa-3989.wml | 19 -- danish/security/2017/dsa-3990.wml | 20 -- danish/security/2017/dsa-3991.wml | 38 ---- danish/security/2017/dsa-3992.wml | 43 ---- danish/security/2017/dsa-3993.wml | 16 -- danish/security/2017/dsa-3994.wml | 29 --- danish/security/2017/dsa-3995.wml | 17 -- danish/security/2017/dsa-3996.wml | 16 -- danish/security/2017/dsa-3997.wml | 25 --- danish/security/2017/dsa-3998.wml | 27 --- danish/security/2017/dsa-3999.wml | 77 ------- danish/security/2017/dsa-4000.wml | 18 -- danish/security/2017/dsa-4001.wml | 16 -- danish/security/2017/dsa-4002.wml | 24 --- danish/security/2017/dsa-4003.wml | 25 --- danish/security/2017/dsa-4004.wml | 19 -- danish/security/2017/dsa-4005.wml | 14 -- danish/security/2017/dsa-4006.wml | 32 --- danish/security/2017/dsa-4007.wml | 21 -- danish/security/2017/dsa-4008.wml | 19 -- danish/security/2017/dsa-4009.wml | 15 -- danish/security/2017/dsa-4010.wml | 19 -- danish/security/2017/dsa-4011.wml | 19 -- danish/security/2017/dsa-4012.wml | 17 -- danish/security/2017/dsa-4013.wml | 18 -- danish/security/2017/dsa-4014.wml | 17 -- danish/security/2017/dsa-4015.wml | 15 -- danish/security/2017/dsa-4016.wml | 75 ------- danish/security/2017/dsa-4017.wml | 40 ---- danish/security/2017/dsa-4018.wml | 47 ----- danish/security/2017/dsa-4019.wml | 17 -- danish/security/2017/dsa-4020.wml | 125 ----------- danish/security/2017/dsa-4021.wml | 18 -- danish/security/2017/dsa-4022.wml | 18 -- danish/security/2017/dsa-4023.wml | 21 -- danish/security/2017/dsa-4024.wml | 34 --- danish/security/2017/dsa-4025.wml | 18 -- danish/security/2017/dsa-4026.wml | 19 -- danish/security/2017/dsa-4027.wml | 15 -- danish/security/2017/dsa-4028.wml | 27 --- danish/security/2017/dsa-4029.wml | 18 -- danish/security/2017/dsa-4030.wml | 18 -- danish/security/2017/dsa-4031.wml | 46 ---- danish/security/2017/dsa-4032.wml | 17 -- danish/security/2017/dsa-4033.wml | 18 -- danish/security/2017/dsa-4034.wml | 18 -- danish/security/2017/dsa-4035.wml | 19 -- danish/security/2017/dsa-4036.wml | 51 ----- danish/security/2017/dsa-4037.wml | 21 -- danish/security/2017/dsa-4038.wml | 23 -- danish/security/2017/dsa-4039.wml | 23 -- danish/security/2017/dsa-4040.wml | 17 -- danish/security/2017/dsa-4041.wml | 23 -- danish/security/2017/dsa-4042.wml | 23 -- danish/security/2017/dsa-4043.wml | 38 ---- danish/security/2017/dsa-4044.wml | 22 -- danish/security/2017/dsa-4045.wml | 23 -- danish/security/2017/dsa-4046.wml | 21 -- danish/security/2017/dsa-4047.wml | 23 -- danish/security/2017/dsa-4048.wml | 20 -- danish/security/2017/dsa-4049.wml | 20 -- danish/security/2017/dsa-4050.wml | 23 -- danish/security/2017/dsa-4051.wml | 38 ---- danish/security/2017/dsa-4052.wml | 24 --- danish/security/2017/dsa-4053.wml | 38 ---- danish/security/2017/dsa-4054.wml | 22 -- danish/security/2017/dsa-4055.wml | 22 -- danish/security/2017/dsa-4056.wml | 21 -- danish/security/2017/dsa-4057.wml | 22 -- danish/security/2017/dsa-4058.wml | 23 -- danish/security/2017/dsa-4059.wml | 24 --- danish/security/2017/dsa-4060.wml | 24 --- danish/security/2017/dsa-4061.wml | 22 -- danish/security/2017/dsa-4062.wml | 23 -- danish/security/2017/dsa-4063.wml | 22 -- danish/security/2017/dsa-4064.wml | 97 --------- danish/security/2017/dsa-4065.wml | 41 ---- danish/security/2017/dsa-4066.wml | 23 -- danish/security/2017/dsa-4067.wml | 26 --- danish/security/2017/dsa-4068.wml | 23 -- danish/security/2017/dsa-4069.wml | 25 --- danish/security/2017/dsa-4070.wml | 25 --- danish/security/2017/dsa-4071.wml | 27 --- danish/security/2017/dsa-4072.wml | 20 -- danish/security/2017/dsa-4073.wml | 162 -------------- danish/security/2017/dsa-4074.wml | 22 -- danish/security/2017/dsa-4075.wml | 23 -- danish/security/2017/dsa-4076.wml | 23 -- danish/security/2017/dsa-4077.wml | 23 -- danish/security/2017/index.wml | 14 -- danish/security/2018/Makefile | 1 - danish/security/2018/dsa-4078.wml | 40 ---- danish/security/2018/dsa-4079.wml | 23 -- danish/security/2018/dsa-4080.wml | 49 ----- danish/security/2018/dsa-4081.wml | 52 ----- danish/security/2018/dsa-4082.wml | 144 ------------- danish/security/2018/dsa-4083.wml | 24 --- danish/security/2018/dsa-4084.wml | 22 -- danish/security/2018/dsa-4085.wml | 25 --- danish/security/2018/dsa-4086.wml | 24 --- danish/security/2018/dsa-4087.wml | 24 --- danish/security/2018/dsa-4088.wml | 29 --- danish/security/2018/dsa-4089.wml | 24 --- danish/security/2018/dsa-4090.wml | 24 --- danish/security/2018/dsa-4091.wml | 28 --- danish/security/2018/dsa-4092.wml | 23 -- danish/security/2018/dsa-4093.wml | 28 --- danish/security/2018/dsa-4094.wml | 24 --- danish/security/2018/dsa-4095.wml | 22 -- danish/security/2018/dsa-4096.wml | 24 --- danish/security/2018/dsa-4097.wml | 26 --- danish/security/2018/dsa-4098.wml | 36 ---- danish/security/2018/dsa-4099.wml | 20 -- danish/security/2018/dsa-4100.wml | 23 -- danish/security/2018/dsa-4101.wml | 24 --- danish/security/2018/dsa-4102.wml | 22 -- danish/security/2018/dsa-4103.wml | 132 ------------ danish/security/2018/dsa-4104.wml | 26 --- danish/security/2018/dsa-4105.wml | 21 -- danish/security/2018/dsa-4106.wml | 20 -- danish/security/2018/dsa-4107.wml | 21 -- danish/security/2018/dsa-4108.wml | 25 --- danish/security/2018/dsa-4109.wml | 25 --- danish/security/2018/dsa-4110.wml | 24 --- danish/security/2018/dsa-4111.wml | 20 -- danish/security/2018/dsa-4112.wml | 58 ----- danish/security/2018/dsa-4113.wml | 20 -- danish/security/2018/dsa-4114.wml | 25 --- danish/security/2018/dsa-4115.wml | 62 ------ danish/security/2018/dsa-4116.wml | 22 -- danish/security/2018/dsa-4117.wml | 19 -- danish/security/2018/dsa-4118.wml | 26 --- danish/security/2018/dsa-4119.wml | 22 -- danish/security/2018/dsa-4120.wml | 88 -------- danish/security/2018/dsa-4121.wml | 15 -- danish/security/2018/dsa-4122.wml | 47 ----- danish/security/2018/dsa-4123.wml | 24 --- danish/security/2018/dsa-4124.wml | 22 -- danish/security/2018/dsa-4125.wml | 21 -- danish/security/2018/dsa-4126.wml | 25 --- danish/security/2018/dsa-4127.wml | 80 ------- danish/security/2018/dsa-4128.wml | 21 -- danish/security/2018/dsa-4129.wml | 22 -- danish/security/2018/dsa-4130.wml | 47 ----- danish/security/2018/dsa-4131.wml | 38 ---- danish/security/2018/dsa-4132.wml | 23 -- danish/security/2018/dsa-4133.wml | 50 ----- danish/security/2018/dsa-4134.wml | 23 -- danish/security/2018/dsa-4135.wml | 52 ----- danish/security/2018/dsa-4136.wml | 46 ---- danish/security/2018/dsa-4137.wml | 45 ---- danish/security/2018/dsa-4138.wml | 21 -- danish/security/2018/dsa-4139.wml | 23 -- danish/security/2018/dsa-4140.wml | 24 --- danish/security/2018/dsa-4141.wml | 24 --- danish/security/2018/dsa-4142.wml | 29 --- danish/security/2018/dsa-4143.wml | 23 -- danish/security/2018/dsa-4144.wml | 21 -- danish/security/2018/dsa-4145.wml | 48 ----- danish/security/2018/dsa-4146.wml | 23 -- danish/security/2018/dsa-4147.wml | 20 -- danish/security/2018/dsa-4148.wml | 23 -- danish/security/2018/dsa-4149.wml | 23 -- danish/security/2018/dsa-4150.wml | 23 -- danish/security/2018/dsa-4151.wml | 30 --- danish/security/2018/dsa-4152.wml | 26 --- danish/security/2018/dsa-4153.wml | 22 -- danish/security/2018/dsa-4154.wml | 26 --- danish/security/2018/dsa-4155.wml | 22 -- danish/security/2018/dsa-4156.wml | 25 --- danish/security/2018/dsa-4157.wml | 45 ---- danish/security/2018/dsa-4158.wml | 23 -- danish/security/2018/dsa-4159.wml | 23 -- danish/security/2018/dsa-4160.wml | 20 -- danish/security/2018/dsa-4161.wml | 25 --- danish/security/2018/dsa-4162.wml | 19 -- danish/security/2018/dsa-4163.wml | 22 -- danish/security/2018/dsa-4164.wml | 71 ------- danish/security/2018/dsa-4165.wml | 41 ---- danish/security/2018/dsa-4166.wml | 21 -- danish/security/2018/dsa-4167.wml | 24 --- danish/security/2018/dsa-4168.wml | 21 -- danish/security/2018/dsa-4169.wml | 21 -- danish/security/2018/dsa-4170.wml | 20 -- danish/security/2018/dsa-4171.wml | 23 -- danish/security/2018/dsa-4172.wml | 46 ---- danish/security/2018/dsa-4173.wml | 21 -- danish/security/2018/dsa-4174.wml | 20 -- danish/security/2018/dsa-4175.wml | 24 --- danish/security/2018/dsa-4176.wml | 27 --- danish/security/2018/dsa-4177.wml | 23 -- danish/security/2018/dsa-4178.wml | 23 -- danish/security/2018/dsa-4179.wml | 25 --- danish/security/2018/dsa-4180.wml | 25 --- danish/security/2018/dsa-4181.wml | 22 -- danish/security/2018/dsa-4182.wml | 290 ------------------------- danish/security/2018/dsa-4183.wml | 21 -- danish/security/2018/dsa-4184.wml | 23 -- danish/security/2018/dsa-4185.wml | 20 -- danish/security/2018/dsa-4186.wml | 19 -- danish/security/2018/dsa-4187.wml | 267 ----------------------- danish/security/2018/dsa-4188.wml | 228 -------------------- danish/security/2018/dsa-4189.wml | 25 --- danish/security/2018/dsa-4190.wml | 25 --- danish/security/2018/dsa-4191.wml | 27 --- danish/security/2018/dsa-4192.wml | 22 -- danish/security/2018/dsa-4193.wml | 26 --- danish/security/2018/dsa-4194.wml | 23 -- danish/security/2018/dsa-4195.wml | 25 --- danish/security/2018/dsa-4196.wml | 45 ---- danish/security/2018/dsa-4197.wml | 22 -- danish/security/2018/dsa-4198.wml | 22 -- danish/security/2018/dsa-4199.wml | 23 -- danish/security/2018/dsa-4200.wml | 20 -- danish/security/2018/dsa-4201.wml | 48 ----- danish/security/2018/dsa-4202.wml | 23 -- danish/security/2018/dsa-4203.wml | 31 --- danish/security/2018/dsa-4204.wml | 21 -- danish/security/2018/dsa-4205.wml | 15 -- danish/security/2018/dsa-4206.wml | 36 ---- danish/security/2018/dsa-4207.wml | 20 -- danish/security/2018/dsa-4208.wml | 55 ----- danish/security/2018/dsa-4209.wml | 23 -- danish/security/2018/dsa-4210.wml | 24 --- danish/security/2018/dsa-4211.wml | 27 --- danish/security/2018/dsa-4212.wml | 24 --- danish/security/2018/dsa-4213.wml | 80 ------- danish/security/2018/dsa-4214.wml | 29 --- danish/security/2018/dsa-4215.wml | 25 --- danish/security/2018/dsa-4216.wml | 29 --- danish/security/2018/dsa-4217.wml | 24 --- danish/security/2018/dsa-4218.wml | 53 ----- danish/security/2018/dsa-4219.wml | 30 --- danish/security/2018/dsa-4220.wml | 22 -- danish/security/2018/dsa-4221.wml | 23 -- danish/security/2018/dsa-4222.wml | 27 --- danish/security/2018/dsa-4223.wml | 24 --- danish/security/2018/dsa-4224.wml | 24 --- danish/security/2018/dsa-4225.wml | 20 -- danish/security/2018/dsa-4226.wml | 23 -- danish/security/2018/dsa-4227.wml | 24 --- danish/security/2018/dsa-4228.wml | 23 -- danish/security/2018/dsa-4229.wml | 39 ---- danish/security/2018/dsa-4230.wml | 19 -- danish/security/2018/dsa-4231.wml | 19 -- danish/security/2018/dsa-4232.wml | 23 -- danish/security/2018/dsa-4233.wml | 20 -- danish/security/2018/dsa-4234.wml | 21 -- danish/security/2018/dsa-4235.wml | 21 -- danish/security/2018/dsa-4236.wml | 37 ---- danish/security/2018/dsa-4237.wml | 157 -------------- danish/security/2018/dsa-4238.wml | 21 -- danish/security/2018/dsa-4239.wml | 20 -- danish/security/2018/dsa-4240.wml | 51 ----- danish/security/2018/dsa-4241.wml | 20 -- danish/security/2018/dsa-4242.wml | 21 -- danish/security/2018/dsa-4243.wml | 47 ----- danish/security/2018/dsa-4244.wml | 20 -- danish/security/2018/dsa-4245.wml | 21 -- danish/security/2018/dsa-4246.wml | 22 -- danish/security/2018/dsa-4247.wml | 19 -- danish/security/2018/dsa-4248.wml | 21 -- danish/security/2018/dsa-4249.wml | 20 -- danish/security/2018/dsa-4250.wml | 19 -- danish/security/2018/dsa-4251.wml | 20 -- danish/security/2018/dsa-4252.wml | 19 -- danish/security/2018/dsa-4253.wml | 23 -- danish/security/2018/dsa-4254.wml | 35 --- danish/security/2018/dsa-4255.wml | 22 -- danish/security/2018/dsa-4256.wml | 168 --------------- danish/security/2018/dsa-4257.wml | 22 -- danish/security/2018/dsa-4258.wml | 20 -- danish/security/2018/dsa-4259.wml | 26 --- danish/security/2018/dsa-4260.wml | 22 -- danish/security/2018/dsa-4261.wml | 22 -- danish/security/2018/dsa-4262.wml | 20 -- danish/security/2018/dsa-4263.wml | 20 -- danish/security/2018/dsa-4264.wml | 21 -- danish/security/2018/dsa-4265.wml | 21 -- danish/security/2018/dsa-4266.wml | 39 ---- danish/security/2018/dsa-4267.wml | 21 -- danish/security/2018/dsa-4268.wml | 20 -- danish/security/2018/dsa-4269.wml | 36 ---- danish/security/2018/dsa-4270.wml | 21 -- danish/security/2018/dsa-4271.wml | 35 --- danish/security/2018/dsa-4272.wml | 43 ---- danish/security/2018/dsa-4273.wml | 20 -- danish/security/2018/dsa-4274.wml | 27 --- danish/security/2018/dsa-4275.wml | 19 -- danish/security/2018/dsa-4276.wml | 21 -- danish/security/2018/dsa-4277.wml | 21 -- danish/security/2018/dsa-4278.wml | 19 -- danish/security/2018/dsa-4279.wml | 29 --- danish/security/2018/dsa-4280.wml | 21 -- danish/security/2018/dsa-4281.wml | 20 -- danish/security/2018/dsa-4282.wml | 20 -- danish/security/2018/dsa-4283.wml | 19 -- danish/security/2018/dsa-4284.wml | 20 -- danish/security/2018/dsa-4285.wml | 22 -- danish/security/2018/dsa-4286.wml | 23 -- danish/security/2018/dsa-4287.wml | 36 ---- danish/security/2018/dsa-4288.wml | 21 -- danish/security/2018/dsa-4289.wml | 121 ----------- danish/security/2018/dsa-4290.wml | 20 -- danish/security/2018/dsa-4291.wml | 22 -- danish/security/2018/dsa-4292.wml | 22 -- danish/security/2018/dsa-4293.wml | 21 -- danish/security/2018/dsa-4294.wml | 21 -- danish/security/2018/dsa-4295.wml | 36 ---- danish/security/2018/dsa-4296.wml | 20 -- danish/security/2018/dsa-4297.wml | 20 -- danish/security/2018/dsa-4298.wml | 20 -- danish/security/2018/dsa-4299.wml | 25 --- danish/security/2018/dsa-4300.wml | 21 -- danish/security/2018/dsa-4301.wml | 21 -- danish/security/2018/dsa-4302.wml | 52 ----- danish/security/2018/dsa-4303.wml | 20 -- danish/security/2018/dsa-4304.wml | 20 -- danish/security/2018/dsa-4305.wml | 49 ----- danish/security/2018/dsa-4306.wml | 21 -- danish/security/2018/dsa-4307.wml | 20 -- danish/security/2018/dsa-4308.wml | 156 -------------- danish/security/2018/dsa-4309.wml | 31 --- danish/security/2018/dsa-4310.wml | 20 -- danish/security/2018/dsa-4311.wml | 21 -- danish/security/2018/dsa-4312.wml | 37 ---- danish/security/2018/dsa-4313.wml | 42 ---- danish/security/2018/dsa-4314.wml | 21 -- danish/security/2018/dsa-4315.wml | 22 -- danish/security/2018/dsa-4316.wml | 21 -- danish/security/2018/dsa-4317.wml | 19 -- danish/security/2018/dsa-4318.wml | 22 -- danish/security/2018/dsa-4319.wml | 23 -- danish/security/2018/dsa-4320.wml | 20 -- danish/security/2018/dsa-4321.wml | 20 -- danish/security/2018/dsa-4322.wml | 24 --- danish/security/2018/dsa-4323.wml | 22 -- danish/security/2018/dsa-4324.wml | 20 -- danish/security/2018/dsa-4325.wml | 19 -- danish/security/2018/dsa-4326.wml | 21 -- danish/security/2018/dsa-4327.wml | 20 -- danish/security/2018/dsa-4328.wml | 20 -- danish/security/2018/dsa-4329.wml | 21 -- danish/security/2018/dsa-4330.wml | 97 --------- danish/security/2018/dsa-4331.wml | 37 ---- danish/security/2018/dsa-4332.wml | 35 --- danish/security/2018/dsa-4333.wml | 19 -- danish/security/2018/dsa-4334.wml | 20 -- danish/security/2018/dsa-4335.wml | 21 -- danish/security/2018/dsa-4336.wml | 25 --- danish/security/2018/dsa-4337.wml | 20 -- danish/security/2018/dsa-4338.wml | 23 -- danish/security/2018/dsa-4339.wml | 23 -- danish/security/2018/dsa-4340.wml | 23 -- danish/security/2018/dsa-4341.wml | 34 --- danish/security/2018/dsa-4343.wml | 20 -- danish/security/2018/dsa-4344.wml | 20 -- danish/security/2018/dsa-4345.wml | 52 ----- danish/security/2018/dsa-4346.wml | 24 --- danish/security/2018/dsa-4347.wml | 46 ---- danish/security/2018/dsa-4348.wml | 21 -- danish/security/2018/dsa-4349.wml | 20 -- danish/security/2018/dsa-4350.wml | 20 -- danish/security/2018/dsa-4351.wml | 21 -- danish/security/2018/dsa-4352.wml | 146 ------------- danish/security/2018/dsa-4353.wml | 25 --- danish/security/2018/dsa-4354.wml | 20 -- danish/security/2018/dsa-4355.wml | 21 -- danish/security/2018/dsa-4356.wml | 20 -- danish/security/2018/dsa-4357.wml | 28 --- danish/security/2018/dsa-4358.wml | 21 -- danish/security/2018/dsa-4359.wml | 20 -- danish/security/2018/dsa-4360.wml | 22 -- danish/security/2018/dsa-4361.wml | 20 -- danish/security/2018/index.wml | 14 -- danish/security/2019/Makefile | 1 - danish/security/2019/dsa-4362.wml | 19 -- danish/security/2019/dsa-4363.wml | 19 -- danish/security/2019/dsa-4364.wml | 20 -- danish/security/2019/dsa-4365.wml | 20 -- danish/security/2019/dsa-4366.wml | 18 -- danish/security/2019/dsa-4367.wml | 31 --- danish/security/2019/dsa-4368.wml | 19 -- danish/security/2019/dsa-4369.wml | 45 ---- danish/security/2019/dsa-4370.wml | 23 -- danish/security/2019/dsa-4371.wml | 193 ----------------- danish/security/2019/dsa-4372.wml | 21 -- danish/security/2019/dsa-4373.wml | 47 ----- danish/security/2019/dsa-4374.wml | 21 -- danish/security/2019/dsa-4375.wml | 21 -- danish/security/2019/dsa-4376.wml | 20 -- danish/security/2019/dsa-4377.wml | 25 --- danish/security/2019/dsa-4378.wml | 21 -- danish/security/2019/dsa-4379.wml | 23 -- danish/security/2019/dsa-4380.wml | 23 -- danish/security/2019/dsa-4381.wml | 21 -- danish/security/2019/dsa-4382.wml | 22 -- danish/security/2019/dsa-4383.wml | 20 -- danish/security/2019/dsa-4384.wml | 21 -- danish/security/2019/dsa-4385.wml | 29 --- danish/security/2019/dsa-4386.wml | 44 ---- danish/security/2019/dsa-4387.wml | 49 ----- danish/security/2019/dsa-4388.wml | 22 -- danish/security/2019/dsa-4389.wml | 23 -- danish/security/2019/dsa-4390.wml | 21 -- danish/security/2019/dsa-4391.wml | 19 -- danish/security/2019/dsa-4392.wml | 20 -- danish/security/2019/dsa-4393.wml | 20 -- danish/security/2019/dsa-4394.wml | 20 -- danish/security/2019/dsa-4395.wml | 162 -------------- danish/security/2019/dsa-4396.wml | 42 ---- danish/security/2019/dsa-4397.wml | 20 -- danish/security/2019/dsa-4398.wml | 21 -- danish/security/2019/dsa-4399.wml | 20 -- danish/security/2019/dsa-4400.wml | 19 -- danish/security/2019/dsa-4401.wml | 23 -- danish/security/2019/dsa-4402.wml | 19 -- danish/security/2019/dsa-4403.wml | 21 -- danish/security/2019/dsa-4404.wml | 24 --- danish/security/2019/dsa-4405.wml | 50 ----- danish/security/2019/dsa-4406.wml | 19 -- danish/security/2019/dsa-4407.wml | 20 -- danish/security/2019/dsa-4408.wml | 21 -- danish/security/2019/dsa-4409.wml | 21 -- danish/security/2019/dsa-4410.wml | 20 -- danish/security/2019/dsa-4411.wml | 19 -- danish/security/2019/dsa-4412.wml | 24 --- danish/security/2019/dsa-4413.wml | 20 -- danish/security/2019/dsa-4414.wml | 35 --- danish/security/2019/dsa-4415.wml | 22 -- danish/security/2019/dsa-4416.wml | 20 -- danish/security/2019/dsa-4417.wml | 19 -- danish/security/2019/dsa-4418.wml | 24 --- danish/security/2019/dsa-4419.wml | 20 -- danish/security/2019/dsa-4420.wml | 19 -- danish/security/2019/dsa-4421.wml | 97 --------- danish/security/2019/dsa-4422.wml | 67 ------ danish/security/2019/dsa-4423.wml | 20 -- danish/security/2019/dsa-4424.wml | 23 -- danish/security/2019/dsa-4425.wml | 22 -- danish/security/2019/dsa-4426.wml | 19 -- danish/security/2019/dsa-4427.wml | 21 -- danish/security/2019/dsa-4428.wml | 25 --- danish/security/2019/dsa-4429.wml | 20 -- danish/security/2019/dsa-4430.wml | 75 ------- danish/security/2019/dsa-4431.wml | 20 -- danish/security/2019/dsa-4432.wml | 20 -- danish/security/2019/dsa-4433.wml | 20 -- danish/security/2019/dsa-4434.wml | 22 -- danish/security/2019/dsa-4435.wml | 20 -- danish/security/2019/dsa-4436.wml | 22 -- danish/security/2019/dsa-4437.wml | 20 -- danish/security/2019/dsa-4438.wml | 19 -- danish/security/2019/dsa-4439.wml | 23 -- danish/security/2019/dsa-4440.wml | 36 ---- danish/security/2019/dsa-4441.wml | 22 -- danish/security/2019/dsa-4442.wml | 21 -- danish/security/2019/dsa-4443.wml | 23 -- danish/security/2019/dsa-4444.wml | 37 ---- danish/security/2019/dsa-4445.wml | 24 --- danish/security/2019/dsa-4446.wml | 21 -- danish/security/2019/dsa-4447.wml | 22 -- danish/security/2019/dsa-4448.wml | 19 -- danish/security/2019/dsa-4449.wml | 20 -- danish/security/2019/dsa-4450.wml | 28 --- danish/security/2019/dsa-4451.wml | 20 -- danish/security/2019/dsa-4452.wml | 20 -- danish/security/2019/dsa-4453.wml | 19 -- danish/security/2019/dsa-4454.wml | 24 --- danish/security/2019/dsa-4455.wml | 36 ---- danish/security/2019/dsa-4456.wml | 20 -- danish/security/2019/dsa-4457.wml | 21 -- danish/security/2019/dsa-4458.wml | 21 -- danish/security/2019/dsa-4459.wml | 20 -- danish/security/2019/dsa-4460.wml | 21 -- danish/security/2019/dsa-4461.wml | 20 -- danish/security/2019/dsa-4462.wml | 29 --- danish/security/2019/dsa-4463.wml | 22 -- danish/security/2019/dsa-4464.wml | 19 -- danish/security/2019/dsa-4465.wml | 110 ---------- danish/security/2019/dsa-4466.wml | 20 -- danish/security/2019/dsa-4467.wml | 27 --- danish/security/2019/dsa-4468.wml | 22 -- danish/security/2019/dsa-4469.wml | 34 --- danish/security/2019/dsa-4470.wml | 20 -- danish/security/2019/dsa-4471.wml | 19 -- danish/security/2019/dsa-4472.wml | 20 -- danish/security/2019/dsa-4473.wml | 19 -- danish/security/2019/dsa-4474.wml | 20 -- danish/security/2019/dsa-4475.wml | 24 --- danish/security/2019/dsa-4476.wml | 21 -- danish/security/2019/dsa-4477.wml | 26 --- danish/security/2019/dsa-4478.wml | 18 -- danish/security/2019/dsa-4479.wml | 30 --- danish/security/2019/dsa-4480.wml | 23 -- danish/security/2019/dsa-4481.wml | 25 --- danish/security/2019/dsa-4482.wml | 29 --- danish/security/2019/dsa-4483.wml | 35 --- danish/security/2019/dsa-4484.wml | 27 --- danish/security/2019/dsa-4485.wml | 21 -- danish/security/2019/dsa-4486.wml | 21 -- danish/security/2019/dsa-4487.wml | 22 -- danish/security/2019/dsa-4488.wml | 20 -- danish/security/2019/dsa-4489.wml | 28 --- danish/security/2019/dsa-4490.wml | 40 ---- danish/security/2019/dsa-4491.wml | 23 -- danish/security/2019/dsa-4492.wml | 23 -- danish/security/2019/dsa-4493.wml | 23 -- danish/security/2019/dsa-4494.wml | 26 --- danish/security/2019/dsa-4495.wml | 119 ----------- danish/security/2019/dsa-4496.wml | 22 -- danish/security/2019/dsa-4497.wml | 161 -------------- danish/security/2019/dsa-4498.wml | 22 -- danish/security/2019/dsa-4499.wml | 24 --- danish/security/2019/dsa-4500.wml | 262 ----------------------- danish/security/2019/dsa-4501.wml | 25 --- danish/security/2019/dsa-4502.wml | 20 -- danish/security/2019/dsa-4503.wml | 21 -- danish/security/2019/dsa-4504.wml | 23 -- danish/security/2019/dsa-4505.wml | 22 -- danish/security/2019/dsa-4506.wml | 23 -- danish/security/2019/dsa-4507.wml | 22 -- danish/security/2019/dsa-4508.wml | 19 -- danish/security/2019/dsa-4509.wml | 63 ------ danish/security/2019/dsa-4510.wml | 26 --- danish/security/2019/dsa-4511.wml | 22 -- danish/security/2019/dsa-4512.wml | 20 -- danish/security/2019/dsa-4513.wml | 26 --- danish/security/2019/dsa-4514.wml | 21 -- danish/security/2019/dsa-4515.wml | 132 ------------ danish/security/2019/dsa-4516.wml | 24 --- danish/security/2019/dsa-4517.wml | 23 -- danish/security/2019/dsa-4518.wml | 24 --- danish/security/2019/dsa-4519.wml | 24 --- danish/security/2019/dsa-4520.wml | 23 -- danish/security/2019/dsa-4521.wml | 22 -- danish/security/2019/dsa-4522.wml | 21 -- danish/security/2019/dsa-4523.wml | 24 --- danish/security/2019/dsa-4524.wml | 20 -- danish/security/2019/dsa-4525.wml | 27 --- danish/security/2019/dsa-4526.wml | 22 -- danish/security/2019/dsa-4527.wml | 21 -- danish/security/2019/dsa-4528.wml | 25 --- danish/security/2019/dsa-4529.wml | 21 -- danish/security/2019/dsa-4530.wml | 24 --- danish/security/2019/dsa-4531.wml | 67 ------ danish/security/2019/dsa-4532.wml | 24 --- danish/security/2019/dsa-4533.wml | 19 -- danish/security/2019/dsa-4534.wml | 20 -- danish/security/2019/dsa-4535.wml | 24 --- danish/security/2019/dsa-4536.wml | 20 -- danish/security/2019/dsa-4537.wml | 22 -- danish/security/2019/dsa-4538.wml | 39 ---- danish/security/2019/dsa-4539.wml | 25 --- danish/security/2019/dsa-4540.wml | 19 -- danish/security/2019/dsa-4541.wml | 25 --- danish/security/2019/dsa-4542.wml | 24 --- danish/security/2019/dsa-4543.wml | 31 --- danish/security/2019/dsa-4544.wml | 20 -- danish/security/2019/dsa-4545.wml | 23 -- danish/security/2019/dsa-4546.wml | 20 -- danish/security/2019/dsa-4547.wml | 23 -- danish/security/2019/dsa-4548.wml | 20 -- danish/security/2019/dsa-4549.wml | 30 --- danish/security/2019/dsa-4550.wml | 24 --- danish/security/2019/dsa-4551.wml | 19 -- danish/security/2019/dsa-4552.wml | 20 -- danish/security/2019/dsa-4553.wml | 20 -- danish/security/2019/dsa-4554.wml | 23 -- danish/security/2019/dsa-4555.wml | 24 --- danish/security/2019/dsa-4556.wml | 22 -- danish/security/2019/dsa-4557.wml | 24 --- danish/security/2019/dsa-4558.wml | 42 ---- danish/security/2019/dsa-4559.wml | 23 -- danish/security/2019/dsa-4560.wml | 22 -- danish/security/2019/dsa-4561.wml | 21 -- danish/security/2019/dsa-4562.wml | 299 -------------------------- danish/security/2019/dsa-4563.wml | 32 --- danish/security/2019/dsa-4564.wml | 109 ---------- danish/security/2019/dsa-4565.wml | 25 --- danish/security/2019/dsa-4566.wml | 22 -- danish/security/2019/dsa-4567.wml | 23 -- danish/security/2019/dsa-4568.wml | 23 -- danish/security/2019/dsa-4569.wml | 24 --- danish/security/2019/dsa-4570.wml | 22 -- danish/security/2019/dsa-4571.wml | 26 --- danish/security/2019/dsa-4572.wml | 21 -- danish/security/2019/dsa-4573.wml | 23 -- danish/security/2019/dsa-4574.wml | 20 -- danish/security/2019/dsa-4575.wml | 35 --- danish/security/2019/dsa-4576.wml | 21 -- danish/security/2019/dsa-4577.wml | 21 -- danish/security/2019/dsa-4578.wml | 23 -- danish/security/2019/dsa-4579.wml | 20 -- danish/security/2019/dsa-4580.wml | 22 -- danish/security/2019/dsa-4581.wml | 53 ----- danish/security/2019/dsa-4582.wml | 23 -- danish/security/2019/dsa-4583.wml | 21 -- danish/security/2019/dsa-4584.wml | 37 ---- danish/security/2019/dsa-4585.wml | 22 -- danish/security/2019/dsa-4586.wml | 20 -- danish/security/2019/dsa-4587.wml | 20 -- danish/security/2019/dsa-4588.wml | 24 --- danish/security/2019/dsa-4589.wml | 23 -- danish/security/2019/dsa-4590.wml | 23 -- danish/security/2019/dsa-4591.wml | 25 --- danish/security/2019/dsa-4592.wml | 22 -- danish/security/2019/dsa-4593.wml | 38 ---- danish/security/2019/dsa-4594.wml | 20 -- danish/security/2019/dsa-4595.wml | 28 --- danish/security/2019/dsa-4596.wml | 22 -- danish/security/2019/index.wml | 14 -- danish/security/2020/Makefile | 1 - danish/security/2020/dsa-4597.wml | 23 -- danish/security/2020/dsa-4598.wml | 30 --- danish/security/2020/dsa-4599.wml | 22 -- danish/security/2020/dsa-4600.wml | 23 -- danish/security/2020/dsa-4601.wml | 23 -- danish/security/2020/dsa-4602.wml | 33 --- danish/security/2020/dsa-4603.wml | 22 -- danish/security/2020/dsa-4604.wml | 52 ----- danish/security/2020/dsa-4605.wml | 20 -- danish/security/2020/dsa-4606.wml | 210 ------------------ danish/security/2020/dsa-4607.wml | 25 --- danish/security/2020/dsa-4608.wml | 19 -- danish/security/2020/dsa-4609.wml | 23 -- danish/security/2020/dsa-4610.wml | 37 ---- danish/security/2020/dsa-4611.wml | 26 --- danish/security/2020/dsa-4612.wml | 23 -- danish/security/2020/dsa-4613.wml | 21 -- danish/security/2020/dsa-4614.wml | 29 --- danish/security/2020/dsa-4615.wml | 24 --- danish/security/2020/dsa-4616.wml | 23 -- danish/security/2020/dsa-4617.wml | 23 -- danish/security/2020/dsa-4618.wml | 24 --- danish/security/2020/dsa-4619.wml | 29 --- danish/security/2020/dsa-4620.wml | 22 -- danish/security/2020/dsa-4621.wml | 20 -- danish/security/2020/dsa-4622.wml | 19 -- danish/security/2020/dsa-4623.wml | 19 -- danish/security/2020/dsa-4624.wml | 46 ---- danish/security/2020/dsa-4625.wml | 22 -- danish/security/2020/dsa-4626.wml | 20 -- danish/security/2020/dsa-4627.wml | 48 ----- danish/security/2020/dsa-4628.wml | 20 -- danish/security/2020/dsa-4629.wml | 24 --- danish/security/2020/dsa-4630.wml | 23 -- danish/security/2020/dsa-4631.wml | 24 --- danish/security/2020/dsa-4632.wml | 25 --- danish/security/2020/dsa-4633.wml | 41 ---- danish/security/2020/dsa-4634.wml | 23 -- danish/security/2020/dsa-4635.wml | 25 --- danish/security/2020/dsa-4636.wml | 20 -- danish/security/2020/dsa-4637.wml | 28 --- danish/security/2020/dsa-4638.wml | 226 -------------------- danish/security/2020/dsa-4639.wml | 22 -- danish/security/2020/dsa-4640.wml | 24 --- danish/security/2020/dsa-4641.wml | 28 --- danish/security/2020/dsa-4642.wml | 22 -- danish/security/2020/dsa-4643.wml | 21 -- danish/security/2020/dsa-4644.wml | 24 --- danish/security/2020/dsa-4645.wml | 70 ------ danish/security/2020/dsa-4646.wml | 22 -- danish/security/2020/dsa-4647.wml | 31 --- danish/security/2020/dsa-4648.wml | 23 -- danish/security/2020/dsa-4649.wml | 21 -- danish/security/2020/dsa-4650.wml | 26 --- danish/security/2020/dsa-4651.wml | 21 -- danish/security/2020/dsa-4652.wml | 21 -- danish/security/2020/dsa-4653.wml | 22 -- danish/security/2020/dsa-4654.wml | 39 ---- danish/security/2020/dsa-4655.wml | 22 -- danish/security/2020/dsa-4656.wml | 22 -- danish/security/2020/dsa-4657.wml | 24 --- danish/security/2020/dsa-4658.wml | 27 --- danish/security/2020/dsa-4659.wml | 25 --- danish/security/2020/dsa-4660.wml | 23 -- danish/security/2020/dsa-4661.wml | 22 -- danish/security/2020/dsa-4662.wml | 20 -- danish/security/2020/dsa-4663.wml | 24 --- danish/security/2020/dsa-4664.wml | 23 -- danish/security/2020/dsa-4665.wml | 20 -- danish/security/2020/dsa-4666.wml | 23 -- danish/security/2020/dsa-4667.wml | 62 ------ danish/security/2020/dsa-4668.wml | 20 -- danish/security/2020/dsa-4669.wml | 19 -- danish/security/2020/dsa-4670.wml | 20 -- danish/security/2020/dsa-4671.wml | 23 -- danish/security/2020/dsa-4672.wml | 20 -- danish/security/2020/dsa-4673.wml | 20 -- danish/security/2020/dsa-4674.wml | 26 --- danish/security/2020/dsa-4675.wml | 24 --- danish/security/2020/dsa-4676.wml | 24 --- danish/security/2020/dsa-4677.wml | 26 --- danish/security/2020/dsa-4678.wml | 23 -- danish/security/2020/dsa-4679.wml | 22 -- danish/security/2020/dsa-4680.wml | 29 --- danish/security/2020/dsa-4681.wml | 62 ------ danish/security/2020/dsa-4682.wml | 20 -- danish/security/2020/dsa-4683.wml | 23 -- danish/security/2020/dsa-4684.wml | 20 -- danish/security/2020/dsa-4685.wml | 23 -- danish/security/2020/dsa-4686.wml | 25 --- danish/security/2020/dsa-4687.wml | 23 -- danish/security/2020/dsa-4688.wml | 24 --- danish/security/2020/dsa-4689.wml | 44 ---- danish/security/2020/dsa-4690.wml | 20 -- danish/security/2020/dsa-4691.wml | 25 --- danish/security/2020/dsa-4692.wml | 24 --- danish/security/2020/dsa-4693.wml | 20 -- danish/security/2020/dsa-4694.wml | 25 --- danish/security/2020/dsa-4695.wml | 23 -- danish/security/2020/dsa-4696.wml | 19 -- danish/security/2020/dsa-4697.wml | 23 -- danish/security/2020/dsa-4698.wml | 245 --------------------- danish/security/2020/dsa-4699.wml | 117 ---------- danish/security/2020/dsa-4700.wml | 25 --- danish/security/2020/dsa-4701.wml | 40 ---- danish/security/2020/dsa-4702.wml | 23 -- danish/security/2020/dsa-4703.wml | 18 -- danish/security/2020/dsa-4704.wml | 23 -- danish/security/2020/dsa-4705.wml | 24 --- danish/security/2020/dsa-4706.wml | 23 -- danish/security/2020/dsa-4707.wml | 23 -- danish/security/2020/dsa-4708.wml | 20 -- danish/security/2020/dsa-4709.wml | 21 -- danish/security/2020/dsa-4710.wml | 20 -- danish/security/2020/dsa-4711.wml | 42 ---- danish/security/2020/dsa-4712.wml | 22 -- danish/security/2020/dsa-4713.wml | 22 -- danish/security/2020/dsa-4714.wml | 349 ------------------------------ danish/security/2020/dsa-4715.wml | 22 -- danish/security/2020/dsa-4716.wml | 22 -- danish/security/2020/dsa-4717.wml | 20 -- danish/security/2020/dsa-4718.wml | 22 -- danish/security/2020/dsa-4719.wml | 20 -- danish/security/2020/dsa-4720.wml | 21 -- danish/security/2020/dsa-4721.wml | 35 --- danish/security/2020/dsa-4722.wml | 20 -- danish/security/2020/dsa-4723.wml | 20 -- danish/security/2020/dsa-4724.wml | 64 ------ danish/security/2020/dsa-4725.wml | 20 -- danish/security/2020/dsa-4726.wml | 19 -- danish/security/2020/dsa-4727.wml | 19 -- danish/security/2020/dsa-4728.wml | 19 -- danish/security/2020/dsa-4729.wml | 21 -- danish/security/2020/dsa-4730.wml | 22 -- danish/security/2020/dsa-4731.wml | 20 -- danish/security/2020/dsa-4732.wml | 20 -- danish/security/2020/dsa-4733.wml | 23 -- danish/security/2020/dsa-4734.wml | 20 -- danish/security/2020/dsa-4735.wml | 65 ------ danish/security/2020/dsa-4736.wml | 20 -- danish/security/2020/dsa-4737.wml | 22 -- danish/security/2020/dsa-4738.wml | 20 -- danish/security/2020/dsa-4739.wml | 54 ----- danish/security/2020/dsa-4740.wml | 19 -- danish/security/2020/dsa-4741.wml | 20 -- danish/security/2020/dsa-4742.wml | 38 ---- danish/security/2020/dsa-4743.wml | 27 --- danish/security/2020/dsa-4744.wml | 21 -- danish/security/2020/dsa-4745.wml | 38 ---- danish/security/2020/dsa-4746.wml | 19 -- danish/security/2020/dsa-4747.wml | 20 -- danish/security/2020/dsa-4748.wml | 21 -- danish/security/2020/dsa-4749.wml | 20 -- danish/security/2020/dsa-4750.wml | 20 -- danish/security/2020/dsa-4751.wml | 21 -- danish/security/2020/dsa-4752.wml | 46 ---- danish/security/2020/dsa-4753.wml | 20 -- danish/security/2020/dsa-4754.wml | 20 -- danish/security/2020/dsa-4755.wml | 20 -- danish/security/2020/dsa-4756.wml | 21 -- danish/security/2020/dsa-4757.wml | 52 ----- danish/security/2020/dsa-4758.wml | 21 -- danish/security/2020/dsa-4759.wml | 20 -- danish/security/2020/dsa-4760.wml | 43 ---- danish/security/2020/dsa-4761.wml | 23 -- danish/security/2020/dsa-4762.wml | 21 -- danish/security/2020/dsa-4763.wml | 20 -- danish/security/2020/dsa-4764.wml | 19 -- danish/security/2020/dsa-4765.wml | 21 -- danish/security/2020/dsa-4766.wml | 21 -- danish/security/2020/dsa-4767.wml | 22 -- danish/security/2020/dsa-4768.wml | 29 --- danish/security/2020/dsa-4769.wml | 20 -- danish/security/2020/dsa-4770.wml | 28 --- danish/security/2020/dsa-4771.wml | 21 -- danish/security/2020/dsa-4772.wml | 21 -- danish/security/2020/dsa-4773.wml | 35 --- danish/security/2020/dsa-4774.wml | 61 ------ danish/security/2020/dsa-4775.wml | 20 -- danish/security/2020/dsa-4776.wml | 18 -- danish/security/2020/dsa-4777.wml | 20 -- danish/security/2020/dsa-4778.wml | 19 -- danish/security/2020/dsa-4779.wml | 20 -- danish/security/2020/dsa-4780.wml | 19 -- danish/security/2020/dsa-4781.wml | 20 -- danish/security/2020/dsa-4782.wml | 22 -- danish/security/2020/dsa-4783.wml | 20 -- danish/security/2020/dsa-4784.wml | 22 -- danish/security/2020/dsa-4785.wml | 21 -- danish/security/2020/dsa-4786.wml | 20 -- danish/security/2020/dsa-4787.wml | 32 --- danish/security/2020/dsa-4788.wml | 19 -- danish/security/2020/dsa-4789.wml | 20 -- danish/security/2020/dsa-4790.wml | 19 -- danish/security/2020/dsa-4791.wml | 27 --- danish/security/2020/dsa-4792.wml | 22 -- danish/security/2020/dsa-4793.wml | 21 -- danish/security/2020/dsa-4794.wml | 20 -- danish/security/2020/dsa-4795.wml | 19 -- danish/security/2020/dsa-4796.wml | 19 -- danish/security/2020/dsa-4797.wml | 42 ---- danish/security/2020/dsa-4798.wml | 20 -- danish/security/2020/dsa-4799.wml | 22 -- danish/security/2020/dsa-4800.wml | 20 -- danish/security/2020/dsa-4801.wml | 19 -- danish/security/2020/dsa-4802.wml | 19 -- danish/security/2020/dsa-4803.wml | 19 -- danish/security/2020/dsa-4804.wml | 19 -- danish/security/2020/dsa-4805.wml | 32 --- danish/security/2020/dsa-4806.wml | 20 -- danish/security/2020/dsa-4807.wml | 23 -- danish/security/2020/dsa-4808.wml | 21 -- danish/security/2020/dsa-4809.wml | 20 -- danish/security/2020/dsa-4810.wml | 19 -- danish/security/2020/dsa-4811.wml | 27 --- danish/security/2020/dsa-4812.wml | 24 --- danish/security/2020/dsa-4813.wml | 20 -- danish/security/2020/dsa-4814.wml | 24 --- danish/security/2020/dsa-4815.wml | 19 -- danish/security/2020/dsa-4816.wml | 20 -- danish/security/2020/dsa-4817.wml | 20 -- danish/security/2020/dsa-4818.wml | 26 --- danish/security/2020/dsa-4819.wml | 21 -- danish/security/2020/dsa-4820.wml | 19 -- danish/security/2020/dsa-4821.wml | 21 -- danish/security/2020/index.wml | 14 -- danish/security/2021/Makefile | 1 - danish/security/2021/dsa-4822.wml | 20 -- danish/security/2021/dsa-4823.wml | 20 -- danish/security/2021/dsa-4824.wml | 20 -- danish/security/2021/dsa-4825.wml | 38 ---- danish/security/2021/dsa-4826.wml | 20 -- danish/security/2021/dsa-4827.wml | 19 -- danish/security/2021/dsa-4828.wml | 21 -- danish/security/2021/dsa-4829.wml | 24 --- danish/security/2021/dsa-4830.wml | 36 ---- danish/security/2021/dsa-4831.wml | 20 -- danish/security/2021/dsa-4832.wml | 20 -- danish/security/2021/dsa-4833.wml | 20 -- danish/security/2021/dsa-4834.wml | 20 -- danish/security/2021/dsa-4835.wml | 19 -- danish/security/2021/dsa-4836.wml | 20 -- danish/security/2021/dsa-4837.wml | 21 -- danish/security/2021/dsa-4838.wml | 20 -- danish/security/2021/dsa-4839.wml | 21 -- danish/security/2021/dsa-4840.wml | 20 -- danish/security/2021/dsa-4841.wml | 21 -- danish/security/2021/dsa-4842.wml | 19 -- danish/security/2021/dsa-4843.wml | 94 --------- danish/security/2021/dsa-4844.wml | 20 -- danish/security/2021/dsa-4845.wml | 21 -- danish/security/2021/dsa-4846.wml | 169 --------------- danish/security/2021/dsa-4847.wml | 21 -- danish/security/2021/dsa-4848.wml | 20 -- danish/security/2021/dsa-4849.wml | 21 -- danish/security/2021/dsa-4850.wml | 20 -- danish/security/2021/dsa-4851.wml | 23 -- danish/security/2021/dsa-4852.wml | 20 -- danish/security/2021/dsa-4853.wml | 20 -- danish/security/2021/dsa-4854.wml | 27 --- danish/security/2021/dsa-4855.wml | 27 --- danish/security/2021/dsa-4856.wml | 20 -- danish/security/2021/dsa-4857.wml | 21 -- danish/security/2021/dsa-4858.wml | 70 ------ danish/security/2021/dsa-4859.wml | 21 -- danish/security/2021/dsa-4860.wml | 22 -- danish/security/2021/dsa-4861.wml | 21 -- danish/security/2021/dsa-4862.wml | 20 -- danish/security/2021/dsa-4863.wml | 19 -- danish/security/2021/dsa-4864.wml | 21 -- danish/security/2021/dsa-4865.wml | 20 -- danish/security/2021/dsa-4866.wml | 19 -- danish/security/2021/dsa-4867.wml | 63 ------ danish/security/2021/dsa-4868.wml | 20 -- danish/security/2021/dsa-4869.wml | 20 -- danish/security/2021/dsa-4870.wml | 19 -- danish/security/2021/dsa-4871.wml | 20 -- danish/security/2021/dsa-4872.wml | 23 -- danish/security/2021/dsa-4873.wml | 19 -- danish/security/2021/dsa-4874.wml | 20 -- danish/security/2021/dsa-4875.wml | 24 --- danish/security/2021/dsa-4876.wml | 19 -- danish/security/2021/dsa-4877.wml | 58 ----- danish/security/2021/dsa-4878.wml | 19 -- danish/security/2021/dsa-4879.wml | 21 -- danish/security/2021/dsa-4880.wml | 21 -- danish/security/2021/dsa-4881.wml | 76 ------- danish/security/2021/dsa-4882.wml | 20 -- danish/security/2021/dsa-4883.wml | 20 -- danish/security/2021/dsa-4884.wml | 41 ---- danish/security/2021/dsa-4885.wml | 20 -- danish/security/2021/dsa-4886.wml | 213 ------------------- danish/security/2021/dsa-4887.wml | 20 -- danish/security/2021/dsa-4888.wml | 19 -- danish/security/2021/dsa-4889.wml | 21 -- danish/security/2021/dsa-4890.wml | 20 -- danish/security/2021/dsa-4891.wml | 19 -- danish/security/2021/dsa-4892.wml | 23 -- danish/security/2021/dsa-4893.wml | 20 -- danish/security/2021/dsa-4894.wml | 20 -- danish/security/2021/dsa-4895.wml | 20 -- danish/security/2021/dsa-4896.wml | 20 -- danish/security/2021/dsa-4897.wml | 20 -- danish/security/2021/dsa-4898.wml | 43 ---- danish/security/2021/dsa-4899.wml | 19 -- danish/security/2021/dsa-4900.wml | 20 -- danish/security/2021/dsa-4901.wml | 20 -- danish/security/2021/dsa-4902.wml | 20 -- danish/security/2021/dsa-4903.wml | 20 -- danish/security/2021/dsa-4904.wml | 20 -- danish/security/2021/dsa-4905.wml | 26 --- danish/security/2021/dsa-4906.wml | 137 ------------ danish/security/2021/dsa-4907.wml | 20 -- danish/security/2021/dsa-4908.wml | 22 -- danish/security/2021/dsa-4909.wml | 39 ---- danish/security/2021/dsa-4910.wml | 21 -- danish/security/2021/dsa-4911.wml | 54 ----- danish/security/2021/dsa-4912.wml | 24 --- danish/security/2021/dsa-4913.wml | 19 -- danish/security/2021/dsa-4914.wml | 19 -- danish/security/2021/dsa-4915.wml | 20 -- danish/security/2021/dsa-4916.wml | 20 -- danish/security/2021/dsa-4917.wml | 96 --------- danish/security/2021/dsa-4918.wml | 20 -- danish/security/2021/dsa-4919.wml | 20 -- danish/security/2021/dsa-4920.wml | 21 -- danish/security/2021/dsa-4921.wml | 20 -- danish/security/2021/dsa-4922.wml | 22 -- danish/security/2021/dsa-4923.wml | 37 ---- danish/security/2021/dsa-4924.wml | 19 -- danish/security/2021/dsa-4925.wml | 19 -- danish/security/2021/dsa-4926.wml | 21 -- danish/security/2021/dsa-4927.wml | 20 -- danish/security/2021/dsa-4928.wml | 20 -- danish/security/2021/dsa-4929.wml | 19 -- danish/security/2021/dsa-4930.wml | 21 -- danish/security/2021/dsa-4931.wml | 19 -- danish/security/2021/dsa-4932.wml | 20 -- danish/security/2021/dsa-4933.wml | 21 -- danish/security/2021/dsa-4934.wml | 33 --- danish/security/2021/dsa-4935.wml | 21 -- danish/security/2021/dsa-4936.wml | 20 -- danish/security/2021/dsa-4937.wml | 20 -- danish/security/2021/dsa-4938.wml | 22 -- danish/security/2021/dsa-4939.wml | 19 -- danish/security/2021/dsa-4940.wml | 19 -- danish/security/2021/dsa-4941.wml | 53 ----- danish/security/2021/dsa-4942.wml | 24 --- danish/security/2021/dsa-4943.wml | 23 -- danish/security/2021/dsa-4944.wml | 22 -- danish/security/2021/dsa-4945.wml | 92 -------- danish/security/2021/dsa-4946.wml | 20 -- danish/security/2021/dsa-4947.wml | 21 -- danish/security/2021/dsa-4948.wml | 19 -- danish/security/2021/dsa-4949.wml | 20 -- danish/security/2021/dsa-4950.wml | 21 -- danish/security/2021/dsa-4951.wml | 36 ---- danish/security/2021/dsa-4952.wml | 20 -- danish/security/2021/dsa-4953.wml | 21 -- danish/security/2021/dsa-4954.wml | 21 -- danish/security/2021/dsa-4955.wml | 21 -- danish/security/2021/dsa-4956.wml | 19 -- danish/security/2021/dsa-4957.wml | 20 -- danish/security/2021/dsa-4958.wml | 21 -- danish/security/2021/dsa-4959.wml | 22 -- danish/security/2021/dsa-4960.wml | 29 --- danish/security/2021/dsa-4961.wml | 24 --- danish/security/2021/dsa-4962.wml | 23 -- danish/security/2021/dsa-4963.wml | 44 ---- danish/security/2021/dsa-4964.wml | 24 --- danish/security/2021/dsa-4965.wml | 21 -- danish/security/2021/dsa-4966.wml | 21 -- danish/security/2021/dsa-4967.wml | 25 --- danish/security/2021/dsa-4968.wml | 25 --- danish/security/2021/dsa-4969.wml | 22 -- danish/security/2021/dsa-4970.wml | 23 -- danish/security/2021/dsa-4971.wml | 23 -- danish/security/2021/dsa-4972.wml | 22 -- danish/security/2021/dsa-4973.wml | 22 -- danish/security/2021/dsa-4974.wml | 22 -- danish/security/2021/dsa-4975.wml | 31 --- danish/security/2021/dsa-4976.wml | 28 --- danish/security/2021/dsa-4977.wml | 24 --- danish/security/2021/dsa-4978.wml | 124 ----------- danish/security/2021/dsa-4979.wml | 24 --- danish/security/2021/dsa-4980.wml | 20 -- danish/security/2021/dsa-4981.wml | 22 -- danish/security/2021/dsa-4982.wml | 24 --- danish/security/2021/dsa-4983.wml | 28 --- danish/security/2021/dsa-4984.wml | 26 --- danish/security/2021/dsa-4985.wml | 23 -- danish/security/2021/dsa-4986.wml | 22 -- danish/security/2021/dsa-4987.wml | 25 --- danish/security/2021/dsa-4988.wml | 20 -- danish/security/2021/dsa-4989.wml | 50 ----- danish/security/2021/dsa-4990.wml | 20 -- danish/security/2021/dsa-4991.wml | 21 -- danish/security/2021/dsa-4992.wml | 20 -- danish/security/2021/dsa-4993.wml | 20 -- danish/security/2021/dsa-4994.wml | 24 --- danish/security/2021/dsa-4995.wml | 42 ---- danish/security/2021/dsa-4996.wml | 39 ---- danish/security/2021/dsa-4997.wml | 20 -- danish/security/2021/dsa-4998.wml | 20 -- danish/security/2021/dsa-4999.wml | 19 -- danish/security/2021/dsa-5000.wml | 24 --- danish/security/2021/dsa-5001.wml | 23 -- danish/security/2021/dsa-5002.wml | 20 -- danish/security/2021/dsa-5003.wml | 74 ------- danish/security/2021/dsa-5004.wml | 37 ---- danish/security/2021/dsa-5005.wml | 20 -- danish/security/2021/dsa-5006.wml | 19 -- danish/security/2021/dsa-5007.wml | 19 -- danish/security/2021/dsa-5008.wml | 20 -- danish/security/2021/dsa-5009.wml | 21 -- danish/security/2021/dsa-5010.wml | 24 --- danish/security/2021/dsa-5011.wml | 25 --- danish/security/2021/dsa-5012.wml | 20 -- danish/security/2021/dsa-5013.wml | 24 --- danish/security/2021/dsa-5014.wml | 20 -- danish/security/2021/dsa-5015.wml | 35 --- danish/security/2021/dsa-5016.wml | 24 --- danish/security/2021/dsa-5017.wml | 19 -- danish/security/2021/dsa-5018.wml | 20 -- danish/security/2021/dsa-5019.wml | 24 --- danish/security/2021/dsa-5020.wml | 36 ---- danish/security/2021/dsa-5021.wml | 28 --- danish/security/2021/dsa-5022.wml | 30 --- danish/security/2021/dsa-5023.wml | 26 --- danish/security/2021/dsa-5024.wml | 26 --- danish/security/2021/dsa-5025.wml | 19 -- danish/security/2021/dsa-5026.wml | 33 --- danish/security/2021/dsa-5027.wml | 23 -- danish/security/2021/dsa-5028.wml | 23 -- danish/security/2021/dsa-5029.wml | 22 -- danish/security/2021/dsa-5030.wml | 37 ---- danish/security/2021/dsa-5031.wml | 34 --- danish/security/2021/dsa-5032.wml | 24 --- danish/security/2021/dsa-5033.wml | 19 -- danish/security/2021/index.wml | 14 -- danish/security/2022/Makefile | 1 - danish/security/2022/dsa-5034.wml | 24 --- danish/security/2022/dsa-5035.wml | 36 ---- danish/security/2022/dsa-5036.wml | 20 -- danish/security/2022/dsa-5037.wml | 24 --- danish/security/2022/dsa-5038.wml | 24 --- danish/security/2022/dsa-5039.wml | 24 --- danish/security/2022/dsa-5040.wml | 22 -- danish/security/2022/dsa-5041.wml | 19 -- danish/security/2022/dsa-5042.wml | 19 -- danish/security/2022/dsa-5043.wml | 23 -- danish/security/2022/dsa-5044.wml | 24 --- danish/security/2022/dsa-5045.wml | 22 -- danish/security/2022/dsa-5046.wml | 26 --- danish/security/2022/dsa-5047.wml | 22 -- danish/security/2022/dsa-5048.wml | 20 -- danish/security/2022/dsa-5049.wml | 39 ---- danish/security/2022/dsa-5050.wml | 89 -------- danish/security/2022/dsa-5051.wml | 24 --- danish/security/2022/dsa-5052.wml | 23 -- danish/security/2022/dsa-5053.wml | 24 --- danish/security/2022/dsa-5054.wml | 19 -- danish/security/2022/dsa-5055.wml | 26 --- danish/security/2022/dsa-5056.wml | 35 --- danish/security/2022/dsa-5057.wml | 23 -- danish/security/2022/dsa-5058.wml | 20 -- danish/security/2022/dsa-5059.wml | 26 --- danish/security/2022/dsa-5060.wml | 60 ------ danish/security/2022/dsa-5061.wml | 57 ----- danish/security/2022/dsa-5062.wml | 22 -- danish/security/2022/dsa-5063.wml | 23 -- danish/security/2022/dsa-5064.wml | 22 -- danish/security/2022/dsa-5065.wml | 24 --- danish/security/2022/dsa-5066.wml | 20 -- danish/security/2022/dsa-5067.wml | 19 -- danish/security/2022/dsa-5068.wml | 19 -- danish/security/2022/dsa-5069.wml | 23 -- danish/security/2022/dsa-5070.wml | 76 ------- danish/security/2022/dsa-5071.wml | 42 ---- danish/security/2022/dsa-5072.wml | 27 --- danish/security/2022/dsa-5073.wml | 23 -- danish/security/2022/dsa-5074.wml | 22 -- danish/security/2022/dsa-5075.wml | 27 --- danish/security/2022/dsa-5076.wml | 28 --- danish/security/2022/dsa-5077.wml | 23 -- danish/security/2022/dsa-5078.wml | 25 --- danish/security/2022/dsa-5079.wml | 19 -- danish/security/2022/dsa-5080.wml | 23 -- danish/security/2022/dsa-5081.wml | 22 -- danish/security/2022/dsa-5082.wml | 20 -- danish/security/2022/dsa-5083.wml | 47 ----- danish/security/2022/dsa-5084.wml | 44 ---- danish/security/2022/dsa-5085.wml | 23 -- danish/security/2022/dsa-5086.wml | 22 -- danish/security/2022/dsa-5087.wml | 24 --- danish/security/2022/dsa-5088.wml | 33 --- danish/security/2022/dsa-5089.wml | 19 -- danish/security/2022/dsa-5090.wml | 22 -- danish/security/2022/dsa-5091.wml | 19 -- danish/security/2022/dsa-5092.wml | 82 ------- danish/security/2022/dsa-5093.wml | 22 -- danish/security/2022/dsa-5094.wml | 22 -- danish/security/2022/dsa-5095.wml | 79 ------- danish/security/2022/dsa-5096.wml | 376 --------------------------------- danish/security/2022/dsa-5097.wml | 23 -- danish/security/2022/dsa-5098.wml | 23 -- danish/security/2022/dsa-5099.wml | 23 -- danish/security/2022/dsa-5100.wml | 22 -- danish/security/2022/dsa-5101.wml | 25 --- danish/security/2022/dsa-5102.wml | 21 -- danish/security/2022/dsa-5103.wml | 30 --- danish/security/2022/dsa-5104.wml | 19 -- danish/security/2022/dsa-5105.wml | 22 -- danish/security/2022/dsa-5106.wml | 22 -- danish/security/2022/dsa-5107.wml | 20 -- danish/security/2022/dsa-5108.wml | 23 -- danish/security/2022/dsa-5109.wml | 20 -- danish/security/2022/dsa-5110.wml | 19 -- danish/security/2022/dsa-5111.wml | 23 -- danish/security/2022/dsa-5112.wml | 19 -- danish/security/2022/dsa-5113.wml | 23 -- danish/security/2022/dsa-5114.wml | 19 -- danish/security/2022/dsa-5115.wml | 40 ---- danish/security/2022/dsa-5116.wml | 37 ---- danish/security/2022/dsa-5117.wml | 19 -- danish/security/2022/dsa-5118.wml | 22 -- danish/security/2022/dsa-5119.wml | 38 ---- danish/security/2022/dsa-5120.wml | 19 -- danish/security/2022/dsa-5121.wml | 19 -- danish/security/2022/dsa-5122.wml | 24 --- danish/security/2022/dsa-5123.wml | 24 --- danish/security/2022/dsa-5124.wml | 20 -- danish/security/2022/dsa-5125.wml | 19 -- danish/security/2022/dsa-5126.wml | 20 -- danish/security/2022/dsa-5127.wml | 142 ------------- danish/security/2022/dsa-5128.wml | 20 -- danish/security/2022/dsa-5129.wml | 23 -- danish/security/2022/dsa-5130.wml | 22 -- danish/security/2022/dsa-5131.wml | 22 -- danish/security/2022/dsa-5132.wml | 24 --- danish/security/2022/dsa-5133.wml | 20 -- danish/security/2022/dsa-5134.wml | 19 -- danish/security/2022/dsa-5135.wml | 24 --- danish/security/2022/dsa-5136.wml | 24 --- danish/security/2022/dsa-5137.wml | 26 --- danish/security/2022/dsa-5138.wml | 23 -- danish/security/2022/dsa-5139.wml | 23 -- danish/security/2022/dsa-5140.wml | 24 --- danish/security/2022/dsa-5141.wml | 22 -- danish/security/2022/dsa-5142.wml | 26 --- danish/security/2022/dsa-5143.wml | 22 -- danish/security/2022/dsa-5144.wml | 23 -- danish/security/2022/dsa-5145.wml | 25 --- danish/security/2022/dsa-5146.wml | 20 -- danish/security/2022/dsa-5147.wml | 24 --- danish/security/2022/dsa-5148.wml | 19 -- danish/security/2022/dsa-5149.wml | 23 -- danish/security/2022/dsa-5150.wml | 24 --- danish/security/2022/dsa-5151.wml | 27 --- danish/security/2022/dsa-5152.wml | 22 -- danish/security/2022/dsa-5153.wml | 23 -- danish/security/2022/dsa-5154.wml | 56 ----- danish/security/2022/dsa-5155.wml | 53 ----- danish/security/2022/dsa-5156.wml | 23 -- danish/security/2022/dsa-5157.wml | 25 --- danish/security/2022/dsa-5158.wml | 22 -- danish/security/2022/dsa-5159.wml | 22 -- danish/security/2022/dsa-5160.wml | 23 -- danish/security/2022/dsa-5161.wml | 87 -------- danish/security/2022/dsa-5162.wml | 19 -- danish/security/2022/dsa-5163.wml | 19 -- danish/security/2022/dsa-5164.wml | 24 --- danish/security/2022/dsa-5165.wml | 23 -- danish/security/2022/dsa-5166.wml | 20 -- danish/security/2022/dsa-5167.wml | 23 -- danish/security/2022/dsa-5168.wml | 19 -- danish/security/2022/dsa-5169.wml | 22 -- danish/security/2022/dsa-5170.wml | 20 -- danish/security/2022/dsa-5171.wml | 35 --- danish/security/2022/dsa-5172.wml | 23 -- danish/security/2022/dsa-5173.wml | 290 ------------------------- danish/security/2022/dsa-5174.wml | 27 --- danish/security/2022/dsa-5177.wml | 21 -- danish/security/2022/dsa-5178.wml | 46 ---- danish/security/2022/dsa-5179.wml | 32 --- danish/security/2022/dsa-5180.wml | 19 -- danish/security/2022/dsa-5181.wml | 38 ---- danish/security/2022/dsa-5182.wml | 35 --- danish/security/2022/dsa-5183.wml | 32 --- danish/security/2022/dsa-5184.wml | 25 --- danish/security/2022/dsa-5185.wml | 22 -- danish/security/2022/dsa-5186.wml | 22 -- danish/security/2022/dsa-5187.wml | 19 -- danish/security/2022/dsa-5188.wml | 22 -- danish/security/2022/dsa-5189.wml | 23 -- danish/security/2022/dsa-5190.wml | 22 -- danish/security/2022/dsa-5191.wml | 60 ------ danish/security/2022/dsa-5192.wml | 19 -- danish/security/2022/dsa-5193.wml | 22 -- danish/security/2022/dsa-5194.wml | 23 -- danish/security/2022/dsa-5195.wml | 22 -- danish/security/2022/dsa-5196.wml | 43 ---- danish/security/2022/dsa-5197.wml | 21 -- danish/security/2022/dsa-5198.wml | 38 ---- danish/security/2022/dsa-5199.wml | 20 -- danish/security/2022/dsa-5200.wml | 20 -- danish/security/2022/dsa-5201.wml | 19 -- danish/security/2022/dsa-5202.wml | 20 -- danish/security/2022/dsa-5203.wml | 22 -- danish/security/2022/dsa-5204.wml | 20 -- danish/security/2022/dsa-5205.wml | 56 ----- danish/security/2022/dsa-5206.wml | 20 -- danish/security/2022/dsa-5207.wml | 85 -------- danish/security/2022/dsa-5208.wml | 18 -- danish/security/2022/dsa-5209.wml | 20 -- danish/security/2022/dsa-5210.wml | 32 --- danish/security/2022/dsa-5211.wml | 32 --- danish/security/2022/dsa-5212.wml | 19 -- danish/security/2022/dsa-5213.wml | 33 --- danish/security/2022/dsa-5214.wml | 20 -- danish/security/2022/dsa-5215.wml | 20 -- danish/security/2022/dsa-5216.wml | 21 -- danish/security/2022/dsa-5217.wml | 19 -- danish/security/2022/dsa-5218.wml | 21 -- danish/security/2022/dsa-5219.wml | 28 --- danish/security/2022/dsa-5220.wml | 28 --- danish/security/2022/dsa-5221.wml | 19 -- danish/security/2022/dsa-5222.wml | 20 -- danish/security/2022/dsa-5223.wml | 19 -- danish/security/2022/dsa-5224.wml | 20 -- danish/security/2022/dsa-5225.wml | 19 -- danish/security/2022/dsa-5226.wml | 33 --- danish/security/2022/dsa-5227.wml | 24 --- danish/security/2022/dsa-5228.wml | 36 ---- danish/security/2022/dsa-5229.wml | 20 -- danish/security/2022/dsa-5230.wml | 19 -- danish/security/2022/dsa-5231.wml | 20 -- danish/security/2022/dsa-5232.wml | 20 -- danish/security/2022/dsa-5233.wml | 19 -- danish/security/2022/dsa-5234.wml | 23 -- danish/security/2022/dsa-5235.wml | 51 ----- danish/security/2022/dsa-5236.wml | 21 -- danish/security/2022/dsa-5237.wml | 29 --- danish/security/2022/dsa-5238.wml | 21 -- danish/security/2022/dsa-5239.wml | 21 -- danish/security/2022/dsa-5240.wml | 27 --- danish/security/2022/dsa-5241.wml | 27 --- danish/security/2022/dsa-5242.wml | 21 -- danish/security/2022/dsa-5243.wml | 33 --- danish/security/2022/dsa-5244.wml | 19 -- danish/security/2022/dsa-5245.wml | 19 -- danish/security/2022/dsa-5246.wml | 20 -- danish/security/2022/dsa-5247.wml | 20 -- danish/security/2022/index.wml | 14 -- danish/security/2023/Makefile | 1 - danish/security/2023/index.wml | 14 -- danish/security/undated/Makefile | 1 - danish/security/undated/index.wml | 6 - 5372 files changed, 167381 deletions(-) delete mode 100644 danish/lts/security/2014/Makefile delete mode 100644 danish/lts/security/2014/index.wml delete mode 100644 danish/lts/security/2015/Makefile delete mode 100644 danish/lts/security/2015/dla-374.wml delete mode 100644 danish/lts/security/2015/dla-375.wml delete mode 100644 danish/lts/security/2015/dla-376.wml delete mode 100644 danish/lts/security/2015/index.wml delete mode 100644 danish/lts/security/2016/Makefile delete mode 100644 danish/lts/security/2016/dla-374.wml delete mode 100644 danish/lts/security/2016/dla-375.wml delete mode 100644 danish/lts/security/2016/dla-378.wml delete mode 100644 danish/lts/security/2016/dla-379.wml delete mode 100644 danish/lts/security/2016/dla-380.wml delete mode 100644 danish/lts/security/2016/dla-381.wml delete mode 100644 danish/lts/security/2016/dla-382.wml delete mode 100644 danish/lts/security/2016/dla-383.wml delete mode 100644 danish/lts/security/2016/dla-384.wml delete mode 100644 danish/lts/security/2016/dla-385.wml delete mode 100644 danish/lts/security/2016/dla-386.wml delete mode 100644 danish/lts/security/2016/dla-387.wml delete mode 100644 danish/lts/security/2016/dla-388.wml delete mode 100644 danish/lts/security/2016/dla-389.wml delete mode 100644 danish/lts/security/2016/dla-390.wml delete mode 100644 danish/lts/security/2016/dla-391.wml delete mode 100644 danish/lts/security/2016/dla-392.wml delete mode 100644 danish/lts/security/2016/dla-393.wml delete mode 100644 danish/lts/security/2016/dla-394.wml delete mode 100644 danish/lts/security/2016/dla-395.wml delete mode 100644 danish/lts/security/2016/dla-396.wml delete mode 100644 danish/lts/security/2016/dla-397.wml delete mode 100644 danish/lts/security/2016/dla-398.wml delete mode 100644 danish/lts/security/2016/dla-399.wml delete mode 100644 danish/lts/security/2016/dla-400.wml delete mode 100644 danish/lts/security/2016/dla-401.wml delete mode 100644 danish/lts/security/2016/dla-402.wml delete mode 100644 danish/lts/security/2016/dla-403.wml delete mode 100644 danish/lts/security/2016/dla-404.wml delete mode 100644 danish/lts/security/2016/dla-405.wml delete mode 100644 danish/lts/security/2016/dla-406.wml delete mode 100644 danish/lts/security/2016/dla-407.wml delete mode 100644 danish/lts/security/2016/dla-408.wml delete mode 100644 danish/lts/security/2016/dla-409.wml delete mode 100644 danish/lts/security/2016/dla-410.wml delete mode 100644 danish/lts/security/2016/dla-411.wml delete mode 100644 danish/lts/security/2016/dla-412.wml delete mode 100644 danish/lts/security/2016/dla-413.wml delete mode 100644 danish/lts/security/2016/dla-414.wml delete mode 100644 danish/lts/security/2016/dla-415.wml delete mode 100644 danish/lts/security/2016/dla-416.wml delete mode 100644 danish/lts/security/2016/dla-417.wml delete mode 100644 danish/lts/security/2016/dla-418.wml delete mode 100644 danish/lts/security/2016/dla-419.wml delete mode 100644 danish/lts/security/2016/dla-420.wml delete mode 100644 danish/lts/security/2016/dla-421.wml delete mode 100644 danish/lts/security/2016/dla-422.wml delete mode 100644 danish/lts/security/2016/dla-423.wml delete mode 100644 danish/lts/security/2016/dla-424.wml delete mode 100644 danish/lts/security/2016/dla-425.wml delete mode 100644 danish/lts/security/2016/dla-426.wml delete mode 100644 danish/lts/security/2016/dla-427.wml delete mode 100644 danish/lts/security/2016/dla-428.wml delete mode 100644 danish/lts/security/2016/dla-429.wml delete mode 100644 danish/lts/security/2016/dla-430.wml delete mode 100644 danish/lts/security/2016/dla-431.wml delete mode 100644 danish/lts/security/2016/dla-432.wml delete mode 100644 danish/lts/security/2016/dla-433.wml delete mode 100644 danish/lts/security/2016/dla-434.wml delete mode 100644 danish/lts/security/2016/dla-435.wml delete mode 100644 danish/lts/security/2016/dla-436.wml delete mode 100644 danish/lts/security/2016/dla-437.wml delete mode 100644 danish/lts/security/2016/dla-438.wml delete mode 100644 danish/lts/security/2016/dla-439.wml delete mode 100644 danish/lts/security/2016/dla-440.wml delete mode 100644 danish/lts/security/2016/dla-441.wml delete mode 100644 danish/lts/security/2016/dla-442.wml delete mode 100644 danish/lts/security/2016/dla-443.wml delete mode 100644 danish/lts/security/2016/dla-444.wml delete mode 100644 danish/lts/security/2016/dla-445.wml delete mode 100644 danish/lts/security/2016/index.wml delete mode 100644 danish/lts/security/2017/Makefile delete mode 100644 danish/lts/security/2017/index.wml delete mode 100644 danish/lts/security/2018/Makefile delete mode 100644 danish/lts/security/2018/index.wml delete mode 100644 danish/lts/security/2019/Makefile delete mode 100644 danish/lts/security/2019/index.wml delete mode 100644 danish/lts/security/2020/Makefile delete mode 100644 danish/lts/security/2020/index.wml delete mode 100644 danish/security/1997/Makefile delete mode 100644 danish/security/1997/index.wml delete mode 100644 danish/security/1998/Makefile delete mode 100644 danish/security/1998/index.wml delete mode 100644 danish/security/1999/Makefile delete mode 100644 danish/security/1999/index.wml delete mode 100644 danish/security/2000/Makefile delete mode 100644 danish/security/2000/index.wml delete mode 100644 danish/security/2001/Makefile delete mode 100644 danish/security/2001/dsa-011.wml delete mode 100644 danish/security/2001/dsa-012.wml delete mode 100644 danish/security/2001/dsa-013.wml delete mode 100644 danish/security/2001/dsa-014.wml delete mode 100644 danish/security/2001/dsa-015.wml delete mode 100644 danish/security/2001/dsa-016.wml delete mode 100644 danish/security/2001/dsa-017.wml delete mode 100644 danish/security/2001/dsa-018.wml delete mode 100644 danish/security/2001/dsa-019.wml delete mode 100644 danish/security/2001/dsa-020.wml delete mode 100644 danish/security/2001/dsa-021.wml delete mode 100644 danish/security/2001/dsa-022.wml delete mode 100644 danish/security/2001/dsa-023.wml delete mode 100644 danish/security/2001/dsa-024.wml delete mode 100644 danish/security/2001/dsa-025.wml delete mode 100644 danish/security/2001/dsa-026.wml delete mode 100644 danish/security/2001/dsa-027.wml delete mode 100644 danish/security/2001/dsa-028.wml delete mode 100644 danish/security/2001/dsa-029.wml delete mode 100644 danish/security/2001/dsa-030.wml delete mode 100644 danish/security/2001/dsa-031.wml delete mode 100644 danish/security/2001/dsa-032.wml delete mode 100644 danish/security/2001/dsa-033.wml delete mode 100644 danish/security/2001/dsa-034.wml delete mode 100644 danish/security/2001/dsa-035.wml delete mode 100644 danish/security/2001/dsa-036.wml delete mode 100644 danish/security/2001/dsa-037.wml delete mode 100644 danish/security/2001/dsa-038.wml delete mode 100644 danish/security/2001/dsa-039.wml delete mode 100644 danish/security/2001/dsa-040.wml delete mode 100644 danish/security/2001/dsa-041.wml delete mode 100644 danish/security/2001/dsa-042.wml delete mode 100644 danish/security/2001/dsa-043.wml delete mode 100644 danish/security/2001/dsa-044.wml delete mode 100644 danish/security/2001/dsa-045.wml delete mode 100644 danish/security/2001/dsa-046.wml delete mode 100644 danish/security/2001/dsa-047.wml delete mode 100644 danish/security/2001/dsa-048.wml delete mode 100644 danish/security/2001/dsa-049.wml delete mode 100644 danish/security/2001/dsa-050.wml delete mode 100644 danish/security/2001/dsa-051.wml delete mode 100644 danish/security/2001/dsa-052.wml delete mode 100644 danish/security/2001/dsa-053.wml delete mode 100644 danish/security/2001/dsa-054.wml delete mode 100644 danish/security/2001/dsa-055.wml delete mode 100644 danish/security/2001/dsa-056.wml delete mode 100644 danish/security/2001/dsa-057.wml delete mode 100644 danish/security/2001/dsa-058.wml delete mode 100644 danish/security/2001/dsa-059.wml delete mode 100644 danish/security/2001/dsa-060.wml delete mode 100644 danish/security/2001/dsa-061.wml delete mode 100644 danish/security/2001/dsa-062.wml delete mode 100644 danish/security/2001/dsa-063.wml delete mode 100644 danish/security/2001/dsa-064.wml delete mode 100644 danish/security/2001/dsa-065.wml delete mode 100644 danish/security/2001/dsa-066.wml delete mode 100644 danish/security/2001/dsa-067.wml delete mode 100644 danish/security/2001/dsa-068.wml delete mode 100644 danish/security/2001/dsa-069.wml delete mode 100644 danish/security/2001/dsa-070.wml delete mode 100644 danish/security/2001/dsa-071.wml delete mode 100644 danish/security/2001/dsa-072.wml delete mode 100644 danish/security/2001/dsa-073.wml delete mode 100644 danish/security/2001/dsa-074.wml delete mode 100644 danish/security/2001/dsa-075.wml delete mode 100644 danish/security/2001/dsa-076.wml delete mode 100644 danish/security/2001/dsa-077.wml delete mode 100644 danish/security/2001/dsa-078.wml delete mode 100644 danish/security/2001/dsa-079.wml delete mode 100644 danish/security/2001/dsa-080.wml delete mode 100644 danish/security/2001/dsa-081.wml delete mode 100644 danish/security/2001/dsa-082.wml delete mode 100644 danish/security/2001/dsa-083.wml delete mode 100644 danish/security/2001/dsa-084.wml delete mode 100644 danish/security/2001/dsa-085.wml delete mode 100644 danish/security/2001/dsa-086.wml delete mode 100644 danish/security/2001/dsa-087.wml delete mode 100644 danish/security/2001/dsa-088.wml delete mode 100644 danish/security/2001/dsa-089.wml delete mode 100644 danish/security/2001/dsa-090.wml delete mode 100644 danish/security/2001/dsa-091.wml delete mode 100644 danish/security/2001/dsa-092.wml delete mode 100644 danish/security/2001/dsa-093.wml delete mode 100644 danish/security/2001/dsa-094.wml delete mode 100644 danish/security/2001/dsa-095.wml delete mode 100644 danish/security/2001/index.wml delete mode 100644 danish/security/2002/Makefile delete mode 100644 danish/security/2002/dsa-096.wml delete mode 100644 danish/security/2002/dsa-097.wml delete mode 100644 danish/security/2002/dsa-098.wml delete mode 100644 danish/security/2002/dsa-099.wml delete mode 100644 danish/security/2002/dsa-100.wml delete mode 100644 danish/security/2002/dsa-101.wml delete mode 100644 danish/security/2002/dsa-102.wml delete mode 100644 danish/security/2002/dsa-103.wml delete mode 100644 danish/security/2002/dsa-104.wml delete mode 100644 danish/security/2002/dsa-105.wml delete mode 100644 danish/security/2002/dsa-106.wml delete mode 100644 danish/security/2002/dsa-107.wml delete mode 100644 danish/security/2002/dsa-108.wml delete mode 100644 danish/security/2002/dsa-109.wml delete mode 100644 danish/security/2002/dsa-110.wml delete mode 100644 danish/security/2002/dsa-111.wml delete mode 100644 danish/security/2002/dsa-112.wml delete mode 100644 danish/security/2002/dsa-113.wml delete mode 100644 danish/security/2002/dsa-114.wml delete mode 100644 danish/security/2002/dsa-115.wml delete mode 100644 danish/security/2002/dsa-116.wml delete mode 100644 danish/security/2002/dsa-117.wml delete mode 100644 danish/security/2002/dsa-118.wml delete mode 100644 danish/security/2002/dsa-119.wml delete mode 100644 danish/security/2002/dsa-120.wml delete mode 100644 danish/security/2002/dsa-121.wml delete mode 100644 danish/security/2002/dsa-122.wml delete mode 100644 danish/security/2002/dsa-123.wml delete mode 100644 danish/security/2002/dsa-124.wml delete mode 100644 danish/security/2002/dsa-125.wml delete mode 100644 danish/security/2002/dsa-126.wml delete mode 100644 danish/security/2002/dsa-127.wml delete mode 100644 danish/security/2002/dsa-128.wml delete mode 100644 danish/security/2002/dsa-129.wml delete mode 100644 danish/security/2002/dsa-130.wml delete mode 100644 danish/security/2002/dsa-131.wml delete mode 100644 danish/security/2002/dsa-132.wml delete mode 100644 danish/security/2002/dsa-133.wml delete mode 100644 danish/security/2002/dsa-134.wml delete mode 100644 danish/security/2002/dsa-135.wml delete mode 100644 danish/security/2002/dsa-136.wml delete mode 100644 danish/security/2002/dsa-137.wml delete mode 100644 danish/security/2002/dsa-138.wml delete mode 100644 danish/security/2002/dsa-139.wml delete mode 100644 danish/security/2002/dsa-140.wml delete mode 100644 danish/security/2002/dsa-141.wml delete mode 100644 danish/security/2002/dsa-142.wml delete mode 100644 danish/security/2002/dsa-143.wml delete mode 100644 danish/security/2002/dsa-144.wml delete mode 100644 danish/security/2002/dsa-145.wml delete mode 100644 danish/security/2002/dsa-146.wml delete mode 100644 danish/security/2002/dsa-147.wml delete mode 100644 danish/security/2002/dsa-148.wml delete mode 100644 danish/security/2002/dsa-149.wml delete mode 100644 danish/security/2002/dsa-150.wml delete mode 100644 danish/security/2002/dsa-151.wml delete mode 100644 danish/security/2002/dsa-152.wml delete mode 100644 danish/security/2002/dsa-153.wml delete mode 100644 danish/security/2002/dsa-154.wml delete mode 100644 danish/security/2002/dsa-155.wml delete mode 100644 danish/security/2002/dsa-156.wml delete mode 100644 danish/security/2002/dsa-157.wml delete mode 100644 danish/security/2002/dsa-158.wml delete mode 100644 danish/security/2002/dsa-159.wml delete mode 100644 danish/security/2002/dsa-160.wml delete mode 100644 danish/security/2002/dsa-161.wml delete mode 100644 danish/security/2002/dsa-162.wml delete mode 100644 danish/security/2002/dsa-163.wml delete mode 100644 danish/security/2002/dsa-164.wml delete mode 100644 danish/security/2002/dsa-165.wml delete mode 100644 danish/security/2002/dsa-166.wml delete mode 100644 danish/security/2002/dsa-167.wml delete mode 100644 danish/security/2002/dsa-168.wml delete mode 100644 danish/security/2002/dsa-169.wml delete mode 100644 danish/security/2002/dsa-170.wml delete mode 100644 danish/security/2002/dsa-171.wml delete mode 100644 danish/security/2002/dsa-172.wml delete mode 100644 danish/security/2002/dsa-173.wml delete mode 100644 danish/security/2002/dsa-174.wml delete mode 100644 danish/security/2002/dsa-175.wml delete mode 100644 danish/security/2002/dsa-176.wml delete mode 100644 danish/security/2002/dsa-177.wml delete mode 100644 danish/security/2002/dsa-178.wml delete mode 100644 danish/security/2002/dsa-179.wml delete mode 100644 danish/security/2002/dsa-180.wml delete mode 100644 danish/security/2002/dsa-181.wml delete mode 100644 danish/security/2002/dsa-182.wml delete mode 100644 danish/security/2002/dsa-183.wml delete mode 100644 danish/security/2002/dsa-184.wml delete mode 100644 danish/security/2002/dsa-185.wml delete mode 100644 danish/security/2002/dsa-186.wml delete mode 100644 danish/security/2002/dsa-187.wml delete mode 100644 danish/security/2002/dsa-188.wml delete mode 100644 danish/security/2002/dsa-189.wml delete mode 100644 danish/security/2002/dsa-190.wml delete mode 100644 danish/security/2002/dsa-191.wml delete mode 100644 danish/security/2002/dsa-192.wml delete mode 100644 danish/security/2002/dsa-193.wml delete mode 100644 danish/security/2002/dsa-194.wml delete mode 100644 danish/security/2002/dsa-195.wml delete mode 100644 danish/security/2002/dsa-196.wml delete mode 100644 danish/security/2002/dsa-197.wml delete mode 100644 danish/security/2002/dsa-198.wml delete mode 100644 danish/security/2002/dsa-199.wml delete mode 100644 danish/security/2002/dsa-200.wml delete mode 100644 danish/security/2002/dsa-201.wml delete mode 100644 danish/security/2002/dsa-202.wml delete mode 100644 danish/security/2002/dsa-203.wml delete mode 100644 danish/security/2002/dsa-204.wml delete mode 100644 danish/security/2002/dsa-205.wml delete mode 100644 danish/security/2002/dsa-206.wml delete mode 100644 danish/security/2002/dsa-207.wml delete mode 100644 danish/security/2002/dsa-208.wml delete mode 100644 danish/security/2002/dsa-209.wml delete mode 100644 danish/security/2002/dsa-210.wml delete mode 100644 danish/security/2002/dsa-211.wml delete mode 100644 danish/security/2002/dsa-212.wml delete mode 100644 danish/security/2002/dsa-213.wml delete mode 100644 danish/security/2002/dsa-214.wml delete mode 100644 danish/security/2002/dsa-215.wml delete mode 100644 danish/security/2002/dsa-216.wml delete mode 100644 danish/security/2002/dsa-217.wml delete mode 100644 danish/security/2002/dsa-218.wml delete mode 100644 danish/security/2002/dsa-219.wml delete mode 100644 danish/security/2002/index.wml delete mode 100644 danish/security/2003/Makefile delete mode 100644 danish/security/2003/dsa-220.wml delete mode 100644 danish/security/2003/dsa-221.wml delete mode 100644 danish/security/2003/dsa-222.wml delete mode 100644 danish/security/2003/dsa-223.wml delete mode 100644 danish/security/2003/dsa-224.wml delete mode 100644 danish/security/2003/dsa-225.wml delete mode 100644 danish/security/2003/dsa-226.wml delete mode 100644 danish/security/2003/dsa-227.wml delete mode 100644 danish/security/2003/dsa-228.wml delete mode 100644 danish/security/2003/dsa-229.wml delete mode 100644 danish/security/2003/dsa-230.wml delete mode 100644 danish/security/2003/dsa-231.wml delete mode 100644 danish/security/2003/dsa-232.wml delete mode 100644 danish/security/2003/dsa-233.wml delete mode 100644 danish/security/2003/dsa-234.wml delete mode 100644 danish/security/2003/dsa-235.wml delete mode 100644 danish/security/2003/dsa-236.wml delete mode 100644 danish/security/2003/dsa-237.wml delete mode 100644 danish/security/2003/dsa-238.wml delete mode 100644 danish/security/2003/dsa-239.wml delete mode 100644 danish/security/2003/dsa-240.wml delete mode 100644 danish/security/2003/dsa-241.wml delete mode 100644 danish/security/2003/dsa-242.wml delete mode 100644 danish/security/2003/dsa-243.wml delete mode 100644 danish/security/2003/dsa-244.wml delete mode 100644 danish/security/2003/dsa-245.wml delete mode 100644 danish/security/2003/dsa-246.wml delete mode 100644 danish/security/2003/dsa-247.wml delete mode 100644 danish/security/2003/dsa-248.wml delete mode 100644 danish/security/2003/dsa-249.wml delete mode 100644 danish/security/2003/dsa-250.wml delete mode 100644 danish/security/2003/dsa-251.wml delete mode 100644 danish/security/2003/dsa-252.wml delete mode 100644 danish/security/2003/dsa-253.wml delete mode 100644 danish/security/2003/dsa-254.wml delete mode 100644 danish/security/2003/dsa-255.wml delete mode 100644 danish/security/2003/dsa-256.wml delete mode 100644 danish/security/2003/dsa-257.wml delete mode 100644 danish/security/2003/dsa-258.wml delete mode 100644 danish/security/2003/dsa-259.wml delete mode 100644 danish/security/2003/dsa-260.wml delete mode 100644 danish/security/2003/dsa-261.wml delete mode 100644 danish/security/2003/dsa-262.wml delete mode 100644 danish/security/2003/dsa-263.wml delete mode 100644 danish/security/2003/dsa-264.wml delete mode 100644 danish/security/2003/dsa-265.wml delete mode 100644 danish/security/2003/dsa-266.wml delete mode 100644 danish/security/2003/dsa-267.wml delete mode 100644 danish/security/2003/dsa-268.wml delete mode 100644 danish/security/2003/dsa-269.wml delete mode 100644 danish/security/2003/dsa-270.wml delete mode 100644 danish/security/2003/dsa-271.wml delete mode 100644 danish/security/2003/dsa-272.wml delete mode 100644 danish/security/2003/dsa-273.wml delete mode 100644 danish/security/2003/dsa-274.wml delete mode 100644 danish/security/2003/dsa-275.wml delete mode 100644 danish/security/2003/dsa-276.wml delete mode 100644 danish/security/2003/dsa-277.wml delete mode 100644 danish/security/2003/dsa-278.wml delete mode 100644 danish/security/2003/dsa-279.wml delete mode 100644 danish/security/2003/dsa-280.wml delete mode 100644 danish/security/2003/dsa-281.wml delete mode 100644 danish/security/2003/dsa-282.wml delete mode 100644 danish/security/2003/dsa-283.wml delete mode 100644 danish/security/2003/dsa-284.wml delete mode 100644 danish/security/2003/dsa-285.wml delete mode 100644 danish/security/2003/dsa-286.wml delete mode 100644 danish/security/2003/dsa-287.wml delete mode 100644 danish/security/2003/dsa-288.wml delete mode 100644 danish/security/2003/dsa-289.wml delete mode 100644 danish/security/2003/dsa-290.wml delete mode 100644 danish/security/2003/dsa-291.wml delete mode 100644 danish/security/2003/dsa-292.wml delete mode 100644 danish/security/2003/dsa-293.wml delete mode 100644 danish/security/2003/dsa-294.wml delete mode 100644 danish/security/2003/dsa-295.wml delete mode 100644 danish/security/2003/dsa-296.wml delete mode 100644 danish/security/2003/dsa-297.wml delete mode 100644 danish/security/2003/dsa-298.wml delete mode 100644 danish/security/2003/dsa-299.wml delete mode 100644 danish/security/2003/dsa-300.wml delete mode 100644 danish/security/2003/dsa-301.wml delete mode 100644 danish/security/2003/dsa-302.wml delete mode 100644 danish/security/2003/dsa-303.wml delete mode 100644 danish/security/2003/dsa-304.wml delete mode 100644 danish/security/2003/dsa-305.wml delete mode 100644 danish/security/2003/dsa-306.wml delete mode 100644 danish/security/2003/dsa-307.wml delete mode 100644 danish/security/2003/dsa-308.wml delete mode 100644 danish/security/2003/dsa-309.wml delete mode 100644 danish/security/2003/dsa-310.wml delete mode 100644 danish/security/2003/dsa-311.wml delete mode 100644 danish/security/2003/dsa-312.wml delete mode 100644 danish/security/2003/dsa-313.wml delete mode 100644 danish/security/2003/dsa-314.wml delete mode 100644 danish/security/2003/dsa-315.wml delete mode 100644 danish/security/2003/dsa-316.wml delete mode 100644 danish/security/2003/dsa-317.wml delete mode 100644 danish/security/2003/dsa-318.wml delete mode 100644 danish/security/2003/dsa-319.wml delete mode 100644 danish/security/2003/dsa-320.wml delete mode 100644 danish/security/2003/dsa-321.wml delete mode 100644 danish/security/2003/dsa-322.wml delete mode 100644 danish/security/2003/dsa-323.wml delete mode 100644 danish/security/2003/dsa-324.wml delete mode 100644 danish/security/2003/dsa-325.wml delete mode 100644 danish/security/2003/dsa-326.wml delete mode 100644 danish/security/2003/dsa-327.wml delete mode 100644 danish/security/2003/dsa-328.wml delete mode 100644 danish/security/2003/dsa-329.wml delete mode 100644 danish/security/2003/dsa-330.wml delete mode 100644 danish/security/2003/dsa-331.wml delete mode 100644 danish/security/2003/dsa-332.wml delete mode 100644 danish/security/2003/dsa-333.wml delete mode 100644 danish/security/2003/dsa-334.wml delete mode 100644 danish/security/2003/dsa-335.wml delete mode 100644 danish/security/2003/dsa-336.wml delete mode 100644 danish/security/2003/dsa-337.wml delete mode 100644 danish/security/2003/dsa-338.wml delete mode 100644 danish/security/2003/dsa-339.wml delete mode 100644 danish/security/2003/dsa-340.wml delete mode 100644 danish/security/2003/dsa-341.wml delete mode 100644 danish/security/2003/dsa-342.wml delete mode 100644 danish/security/2003/dsa-343.wml delete mode 100644 danish/security/2003/dsa-344.wml delete mode 100644 danish/security/2003/dsa-345.wml delete mode 100644 danish/security/2003/dsa-346.wml delete mode 100644 danish/security/2003/dsa-347.wml delete mode 100644 danish/security/2003/dsa-348.wml delete mode 100644 danish/security/2003/dsa-349.wml delete mode 100644 danish/security/2003/dsa-350.wml delete mode 100644 danish/security/2003/dsa-351.wml delete mode 100644 danish/security/2003/dsa-352.wml delete mode 100644 danish/security/2003/dsa-353.wml delete mode 100644 danish/security/2003/dsa-354.wml delete mode 100644 danish/security/2003/dsa-355.wml delete mode 100644 danish/security/2003/dsa-356.wml delete mode 100644 danish/security/2003/dsa-357.wml delete mode 100644 danish/security/2003/dsa-358.wml delete mode 100644 danish/security/2003/dsa-359.wml delete mode 100644 danish/security/2003/dsa-360.wml delete mode 100644 danish/security/2003/dsa-361.wml delete mode 100644 danish/security/2003/dsa-362.wml delete mode 100644 danish/security/2003/dsa-363.wml delete mode 100644 danish/security/2003/dsa-364.wml delete mode 100644 danish/security/2003/dsa-365.wml delete mode 100644 danish/security/2003/dsa-366.wml delete mode 100644 danish/security/2003/dsa-367.wml delete mode 100644 danish/security/2003/dsa-368.wml delete mode 100644 danish/security/2003/dsa-369.wml delete mode 100644 danish/security/2003/dsa-370.wml delete mode 100644 danish/security/2003/dsa-371.wml delete mode 100644 danish/security/2003/dsa-372.wml delete mode 100644 danish/security/2003/dsa-373.wml delete mode 100644 danish/security/2003/dsa-374.wml delete mode 100644 danish/security/2003/dsa-375.wml delete mode 100644 danish/security/2003/dsa-376.wml delete mode 100644 danish/security/2003/dsa-377.wml delete mode 100644 danish/security/2003/dsa-378.wml delete mode 100644 danish/security/2003/dsa-379.wml delete mode 100644 danish/security/2003/dsa-380.wml delete mode 100644 danish/security/2003/dsa-381.wml delete mode 100644 danish/security/2003/dsa-382.wml delete mode 100644 danish/security/2003/dsa-383.wml delete mode 100644 danish/security/2003/dsa-384.wml delete mode 100644 danish/security/2003/dsa-385.wml delete mode 100644 danish/security/2003/dsa-386.wml delete mode 100644 danish/security/2003/dsa-387.wml delete mode 100644 danish/security/2003/dsa-388.wml delete mode 100644 danish/security/2003/dsa-389.wml delete mode 100644 danish/security/2003/dsa-390.wml delete mode 100644 danish/security/2003/dsa-391.wml delete mode 100644 danish/security/2003/dsa-392.wml delete mode 100644 danish/security/2003/dsa-393.wml delete mode 100644 danish/security/2003/dsa-394.wml delete mode 100644 danish/security/2003/dsa-395.wml delete mode 100644 danish/security/2003/dsa-396.wml delete mode 100644 danish/security/2003/dsa-397.wml delete mode 100644 danish/security/2003/dsa-398.wml delete mode 100644 danish/security/2003/dsa-399.wml delete mode 100644 danish/security/2003/dsa-400.wml delete mode 100644 danish/security/2003/dsa-401.wml delete mode 100644 danish/security/2003/dsa-402.wml delete mode 100644 danish/security/2003/dsa-403.wml delete mode 100644 danish/security/2003/dsa-404.wml delete mode 100644 danish/security/2003/dsa-405.wml delete mode 100644 danish/security/2003/index.wml delete mode 100644 danish/security/2004/CAN-2004-0077.wml delete mode 100644 danish/security/2004/CAN-2004-0109.wml delete mode 100644 danish/security/2004/Makefile delete mode 100644 danish/security/2004/dsa-406.wml delete mode 100644 danish/security/2004/dsa-407.wml delete mode 100644 danish/security/2004/dsa-408.wml delete mode 100644 danish/security/2004/dsa-409.wml delete mode 100644 danish/security/2004/dsa-410.wml delete mode 100644 danish/security/2004/dsa-411.wml delete mode 100644 danish/security/2004/dsa-412.wml delete mode 100644 danish/security/2004/dsa-413.wml delete mode 100644 danish/security/2004/dsa-414.wml delete mode 100644 danish/security/2004/dsa-415.wml delete mode 100644 danish/security/2004/dsa-416.wml delete mode 100644 danish/security/2004/dsa-417.wml delete mode 100644 danish/security/2004/dsa-418.wml delete mode 100644 danish/security/2004/dsa-419.wml delete mode 100644 danish/security/2004/dsa-420.wml delete mode 100644 danish/security/2004/dsa-421.wml delete mode 100644 danish/security/2004/dsa-422.wml delete mode 100644 danish/security/2004/dsa-423.wml delete mode 100644 danish/security/2004/dsa-424.wml delete mode 100644 danish/security/2004/dsa-425.wml delete mode 100644 danish/security/2004/dsa-426.wml delete mode 100644 danish/security/2004/dsa-427.wml delete mode 100644 danish/security/2004/dsa-428.wml delete mode 100644 danish/security/2004/dsa-429.wml delete mode 100644 danish/security/2004/dsa-430.wml delete mode 100644 danish/security/2004/dsa-431.wml delete mode 100644 danish/security/2004/dsa-432.wml delete mode 100644 danish/security/2004/dsa-433.wml delete mode 100644 danish/security/2004/dsa-434.wml delete mode 100644 danish/security/2004/dsa-435.wml delete mode 100644 danish/security/2004/dsa-436.wml delete mode 100644 danish/security/2004/dsa-437.wml delete mode 100644 danish/security/2004/dsa-438.wml delete mode 100644 danish/security/2004/dsa-439.wml delete mode 100644 danish/security/2004/dsa-440.wml delete mode 100644 danish/security/2004/dsa-441.wml delete mode 100644 danish/security/2004/dsa-442.wml delete mode 100644 danish/security/2004/dsa-443.wml delete mode 100644 danish/security/2004/dsa-444.wml delete mode 100644 danish/security/2004/dsa-445.wml delete mode 100644 danish/security/2004/dsa-446.wml delete mode 100644 danish/security/2004/dsa-447.wml delete mode 100644 danish/security/2004/dsa-448.wml delete mode 100644 danish/security/2004/dsa-449.wml delete mode 100644 danish/security/2004/dsa-450.wml delete mode 100644 danish/security/2004/dsa-451.wml delete mode 100644 danish/security/2004/dsa-452.wml delete mode 100644 danish/security/2004/dsa-453.wml delete mode 100644 danish/security/2004/dsa-454.wml delete mode 100644 danish/security/2004/dsa-455.wml delete mode 100644 danish/security/2004/dsa-456.wml delete mode 100644 danish/security/2004/dsa-457.wml delete mode 100644 danish/security/2004/dsa-458.wml delete mode 100644 danish/security/2004/dsa-459.wml delete mode 100644 danish/security/2004/dsa-460.wml delete mode 100644 danish/security/2004/dsa-461.wml delete mode 100644 danish/security/2004/dsa-462.wml delete mode 100644 danish/security/2004/dsa-463.wml delete mode 100644 danish/security/2004/dsa-464.wml delete mode 100644 danish/security/2004/dsa-465.wml delete mode 100644 danish/security/2004/dsa-466.wml delete mode 100644 danish/security/2004/dsa-467.wml delete mode 100644 danish/security/2004/dsa-468.wml delete mode 100644 danish/security/2004/dsa-469.wml delete mode 100644 danish/security/2004/dsa-470.wml delete mode 100644 danish/security/2004/dsa-471.wml delete mode 100644 danish/security/2004/dsa-472.wml delete mode 100644 danish/security/2004/dsa-473.wml delete mode 100644 danish/security/2004/dsa-474.wml delete mode 100644 danish/security/2004/dsa-475.wml delete mode 100644 danish/security/2004/dsa-476.wml delete mode 100644 danish/security/2004/dsa-477.wml delete mode 100644 danish/security/2004/dsa-478.wml delete mode 100644 danish/security/2004/dsa-479.wml delete mode 100644 danish/security/2004/dsa-480.wml delete mode 100644 danish/security/2004/dsa-481.wml delete mode 100644 danish/security/2004/dsa-482.wml delete mode 100644 danish/security/2004/dsa-483.wml delete mode 100644 danish/security/2004/dsa-484.wml delete mode 100644 danish/security/2004/dsa-485.wml delete mode 100644 danish/security/2004/dsa-486.wml delete mode 100644 danish/security/2004/dsa-487.wml delete mode 100644 danish/security/2004/dsa-488.wml delete mode 100644 danish/security/2004/dsa-489.wml delete mode 100644 danish/security/2004/dsa-490.wml delete mode 100644 danish/security/2004/dsa-491.wml delete mode 100644 danish/security/2004/dsa-492.wml delete mode 100644 danish/security/2004/dsa-493.wml delete mode 100644 danish/security/2004/dsa-494.wml delete mode 100644 danish/security/2004/dsa-495.wml delete mode 100644 danish/security/2004/dsa-496.wml delete mode 100644 danish/security/2004/dsa-497.wml delete mode 100644 danish/security/2004/dsa-498.wml delete mode 100644 danish/security/2004/dsa-499.wml delete mode 100644 danish/security/2004/dsa-500.wml delete mode 100644 danish/security/2004/dsa-501.wml delete mode 100644 danish/security/2004/dsa-502.wml delete mode 100644 danish/security/2004/dsa-503.wml delete mode 100644 danish/security/2004/dsa-504.wml delete mode 100644 danish/security/2004/dsa-505.wml delete mode 100644 danish/security/2004/dsa-506.wml delete mode 100644 danish/security/2004/dsa-507.wml delete mode 100644 danish/security/2004/dsa-508.wml delete mode 100644 danish/security/2004/dsa-509.wml delete mode 100644 danish/security/2004/dsa-510.wml delete mode 100644 danish/security/2004/dsa-511.wml delete mode 100644 danish/security/2004/dsa-512.wml delete mode 100644 danish/security/2004/dsa-513.wml delete mode 100644 danish/security/2004/dsa-514.wml delete mode 100644 danish/security/2004/dsa-515.wml delete mode 100644 danish/security/2004/dsa-516.wml delete mode 100644 danish/security/2004/dsa-517.wml delete mode 100644 danish/security/2004/dsa-518.wml delete mode 100644 danish/security/2004/dsa-519.wml delete mode 100644 danish/security/2004/dsa-520.wml delete mode 100644 danish/security/2004/dsa-521.wml delete mode 100644 danish/security/2004/dsa-522.wml delete mode 100644 danish/security/2004/dsa-523.wml delete mode 100644 danish/security/2004/dsa-524.wml delete mode 100644 danish/security/2004/dsa-525.wml delete mode 100644 danish/security/2004/dsa-526.wml delete mode 100644 danish/security/2004/dsa-527.wml delete mode 100644 danish/security/2004/dsa-528.wml delete mode 100644 danish/security/2004/dsa-529.wml delete mode 100644 danish/security/2004/dsa-530.wml delete mode 100644 danish/security/2004/dsa-531.wml delete mode 100644 danish/security/2004/dsa-532.wml delete mode 100644 danish/security/2004/dsa-533.wml delete mode 100644 danish/security/2004/dsa-534.wml delete mode 100644 danish/security/2004/dsa-535.wml delete mode 100644 danish/security/2004/dsa-536.wml delete mode 100644 danish/security/2004/dsa-537.wml delete mode 100644 danish/security/2004/dsa-538.wml delete mode 100644 danish/security/2004/dsa-539.wml delete mode 100644 danish/security/2004/dsa-540.wml delete mode 100644 danish/security/2004/dsa-541.wml delete mode 100644 danish/security/2004/dsa-542.wml delete mode 100644 danish/security/2004/dsa-543.wml delete mode 100644 danish/security/2004/dsa-544.wml delete mode 100644 danish/security/2004/dsa-545.wml delete mode 100644 danish/security/2004/dsa-546.wml delete mode 100644 danish/security/2004/dsa-547.wml delete mode 100644 danish/security/2004/dsa-548.wml delete mode 100644 danish/security/2004/dsa-549.wml delete mode 100644 danish/security/2004/dsa-550.wml delete mode 100644 danish/security/2004/dsa-551.wml delete mode 100644 danish/security/2004/dsa-552.wml delete mode 100644 danish/security/2004/dsa-553.wml delete mode 100644 danish/security/2004/dsa-554.wml delete mode 100644 danish/security/2004/dsa-555.wml delete mode 100644 danish/security/2004/dsa-556.wml delete mode 100644 danish/security/2004/dsa-557.wml delete mode 100644 danish/security/2004/dsa-558.wml delete mode 100644 danish/security/2004/dsa-559.wml delete mode 100644 danish/security/2004/dsa-560.wml delete mode 100644 danish/security/2004/dsa-561.wml delete mode 100644 danish/security/2004/dsa-562.wml delete mode 100644 danish/security/2004/dsa-563.wml delete mode 100644 danish/security/2004/dsa-564.wml delete mode 100644 danish/security/2004/dsa-565.wml delete mode 100644 danish/security/2004/dsa-566.wml delete mode 100644 danish/security/2004/dsa-567.wml delete mode 100644 danish/security/2004/dsa-568.wml delete mode 100644 danish/security/2004/dsa-569.wml delete mode 100644 danish/security/2004/dsa-570.wml delete mode 100644 danish/security/2004/dsa-571.wml delete mode 100644 danish/security/2004/dsa-572.wml delete mode 100644 danish/security/2004/dsa-573.wml delete mode 100644 danish/security/2004/dsa-574.wml delete mode 100644 danish/security/2004/dsa-575.wml delete mode 100644 danish/security/2004/dsa-576.wml delete mode 100644 danish/security/2004/dsa-577.wml delete mode 100644 danish/security/2004/dsa-578.wml delete mode 100644 danish/security/2004/dsa-579.wml delete mode 100644 danish/security/2004/dsa-580.wml delete mode 100644 danish/security/2004/dsa-581.wml delete mode 100644 danish/security/2004/dsa-582.wml delete mode 100644 danish/security/2004/dsa-583.wml delete mode 100644 danish/security/2004/dsa-584.wml delete mode 100644 danish/security/2004/dsa-585.wml delete mode 100644 danish/security/2004/dsa-586.wml delete mode 100644 danish/security/2004/dsa-587.wml delete mode 100644 danish/security/2004/dsa-588.wml delete mode 100644 danish/security/2004/dsa-589.wml delete mode 100644 danish/security/2004/dsa-590.wml delete mode 100644 danish/security/2004/dsa-591.wml delete mode 100644 danish/security/2004/dsa-592.wml delete mode 100644 danish/security/2004/dsa-593.wml delete mode 100644 danish/security/2004/dsa-594.wml delete mode 100644 danish/security/2004/dsa-595.wml delete mode 100644 danish/security/2004/dsa-596.wml delete mode 100644 danish/security/2004/dsa-597.wml delete mode 100644 danish/security/2004/dsa-598.wml delete mode 100644 danish/security/2004/dsa-599.wml delete mode 100644 danish/security/2004/dsa-600.wml delete mode 100644 danish/security/2004/dsa-601.wml delete mode 100644 danish/security/2004/dsa-602.wml delete mode 100644 danish/security/2004/dsa-603.wml delete mode 100644 danish/security/2004/dsa-604.wml delete mode 100644 danish/security/2004/dsa-605.wml delete mode 100644 danish/security/2004/dsa-606.wml delete mode 100644 danish/security/2004/dsa-607.wml delete mode 100644 danish/security/2004/dsa-608.wml delete mode 100644 danish/security/2004/dsa-609.wml delete mode 100644 danish/security/2004/dsa-610.wml delete mode 100644 danish/security/2004/dsa-611.wml delete mode 100644 danish/security/2004/dsa-612.wml delete mode 100644 danish/security/2004/dsa-613.wml delete mode 100644 danish/security/2004/dsa-614.wml delete mode 100644 danish/security/2004/dsa-615.wml delete mode 100644 danish/security/2004/dsa-616.wml delete mode 100644 danish/security/2004/dsa-617.wml delete mode 100644 danish/security/2004/dsa-618.wml delete mode 100644 danish/security/2004/dsa-619.wml delete mode 100644 danish/security/2004/dsa-620.wml delete mode 100644 danish/security/2004/dsa-621.wml delete mode 100644 danish/security/2004/index.wml delete mode 100644 danish/security/2005/Makefile delete mode 100644 danish/security/2005/dsa-622.wml delete mode 100644 danish/security/2005/dsa-623.wml delete mode 100644 danish/security/2005/dsa-624.wml delete mode 100644 danish/security/2005/dsa-625.wml delete mode 100644 danish/security/2005/dsa-626.wml delete mode 100644 danish/security/2005/dsa-627.wml delete mode 100644 danish/security/2005/dsa-628.wml delete mode 100644 danish/security/2005/dsa-629.wml delete mode 100644 danish/security/2005/dsa-630.wml delete mode 100644 danish/security/2005/dsa-631.wml delete mode 100644 danish/security/2005/dsa-632.wml delete mode 100644 danish/security/2005/dsa-633.wml delete mode 100644 danish/security/2005/dsa-634.wml delete mode 100644 danish/security/2005/dsa-635.wml delete mode 100644 danish/security/2005/dsa-636.wml delete mode 100644 danish/security/2005/dsa-637.wml delete mode 100644 danish/security/2005/dsa-638.wml delete mode 100644 danish/security/2005/dsa-639.wml delete mode 100644 danish/security/2005/dsa-640.wml delete mode 100644 danish/security/2005/dsa-641.wml delete mode 100644 danish/security/2005/dsa-642.wml delete mode 100644 danish/security/2005/dsa-643.wml delete mode 100644 danish/security/2005/dsa-644.wml delete mode 100644 danish/security/2005/dsa-645.wml delete mode 100644 danish/security/2005/dsa-646.wml delete mode 100644 danish/security/2005/dsa-647.wml delete mode 100644 danish/security/2005/dsa-648.wml delete mode 100644 danish/security/2005/dsa-649.wml delete mode 100644 danish/security/2005/dsa-650.wml delete mode 100644 danish/security/2005/dsa-651.wml delete mode 100644 danish/security/2005/dsa-652.wml delete mode 100644 danish/security/2005/dsa-653.wml delete mode 100644 danish/security/2005/dsa-654.wml delete mode 100644 danish/security/2005/dsa-655.wml delete mode 100644 danish/security/2005/dsa-656.wml delete mode 100644 danish/security/2005/dsa-657.wml delete mode 100644 danish/security/2005/dsa-658.wml delete mode 100644 danish/security/2005/dsa-659.wml delete mode 100644 danish/security/2005/dsa-660.wml delete mode 100644 danish/security/2005/dsa-661.wml delete mode 100644 danish/security/2005/dsa-662.wml delete mode 100644 danish/security/2005/dsa-663.wml delete mode 100644 danish/security/2005/dsa-664.wml delete mode 100644 danish/security/2005/dsa-665.wml delete mode 100644 danish/security/2005/dsa-666.wml delete mode 100644 danish/security/2005/dsa-667.wml delete mode 100644 danish/security/2005/dsa-668.wml delete mode 100644 danish/security/2005/dsa-669.wml delete mode 100644 danish/security/2005/dsa-670.wml delete mode 100644 danish/security/2005/dsa-671.wml delete mode 100644 danish/security/2005/dsa-672.wml delete mode 100644 danish/security/2005/dsa-673.wml delete mode 100644 danish/security/2005/dsa-674.wml delete mode 100644 danish/security/2005/dsa-675.wml delete mode 100644 danish/security/2005/dsa-676.wml delete mode 100644 danish/security/2005/dsa-677.wml delete mode 100644 danish/security/2005/dsa-678.wml delete mode 100644 danish/security/2005/dsa-679.wml delete mode 100644 danish/security/2005/dsa-680.wml delete mode 100644 danish/security/2005/dsa-681.wml delete mode 100644 danish/security/2005/dsa-682.wml delete mode 100644 danish/security/2005/dsa-683.wml delete mode 100644 danish/security/2005/dsa-684.wml delete mode 100644 danish/security/2005/dsa-685.wml delete mode 100644 danish/security/2005/dsa-686.wml delete mode 100644 danish/security/2005/dsa-687.wml delete mode 100644 danish/security/2005/dsa-688.wml delete mode 100644 danish/security/2005/dsa-689.wml delete mode 100644 danish/security/2005/dsa-690.wml delete mode 100644 danish/security/2005/dsa-691.wml delete mode 100644 danish/security/2005/dsa-692.wml delete mode 100644 danish/security/2005/dsa-693.wml delete mode 100644 danish/security/2005/dsa-694.wml delete mode 100644 danish/security/2005/dsa-695.wml delete mode 100644 danish/security/2005/dsa-696.wml delete mode 100644 danish/security/2005/dsa-697.wml delete mode 100644 danish/security/2005/dsa-698.wml delete mode 100644 danish/security/2005/dsa-699.wml delete mode 100644 danish/security/2005/dsa-700.wml delete mode 100644 danish/security/2005/dsa-701.wml delete mode 100644 danish/security/2005/dsa-702.wml delete mode 100644 danish/security/2005/dsa-703.wml delete mode 100644 danish/security/2005/dsa-704.wml delete mode 100644 danish/security/2005/dsa-705.wml delete mode 100644 danish/security/2005/dsa-706.wml delete mode 100644 danish/security/2005/dsa-707.wml delete mode 100644 danish/security/2005/dsa-708.wml delete mode 100644 danish/security/2005/dsa-709.wml delete mode 100644 danish/security/2005/dsa-710.wml delete mode 100644 danish/security/2005/dsa-711.wml delete mode 100644 danish/security/2005/dsa-712.wml delete mode 100644 danish/security/2005/dsa-713.wml delete mode 100644 danish/security/2005/dsa-714.wml delete mode 100644 danish/security/2005/dsa-715.wml delete mode 100644 danish/security/2005/dsa-716.wml delete mode 100644 danish/security/2005/dsa-717.wml delete mode 100644 danish/security/2005/dsa-718.wml delete mode 100644 danish/security/2005/dsa-719.wml delete mode 100644 danish/security/2005/dsa-720.wml delete mode 100644 danish/security/2005/dsa-721.wml delete mode 100644 danish/security/2005/dsa-722.wml delete mode 100644 danish/security/2005/dsa-723.wml delete mode 100644 danish/security/2005/dsa-724.wml delete mode 100644 danish/security/2005/dsa-725.wml delete mode 100644 danish/security/2005/dsa-726.wml delete mode 100644 danish/security/2005/dsa-727.wml delete mode 100644 danish/security/2005/dsa-728.wml delete mode 100644 danish/security/2005/dsa-729.wml delete mode 100644 danish/security/2005/dsa-730.wml delete mode 100644 danish/security/2005/dsa-731.wml delete mode 100644 danish/security/2005/dsa-732.wml delete mode 100644 danish/security/2005/dsa-733.wml delete mode 100644 danish/security/2005/dsa-734.wml delete mode 100644 danish/security/2005/dsa-735.wml delete mode 100644 danish/security/2005/dsa-736.wml delete mode 100644 danish/security/2005/dsa-737.wml delete mode 100644 danish/security/2005/dsa-738.wml delete mode 100644 danish/security/2005/dsa-739.wml delete mode 100644 danish/security/2005/dsa-740.wml delete mode 100644 danish/security/2005/dsa-741.wml delete mode 100644 danish/security/2005/dsa-742.wml delete mode 100644 danish/security/2005/dsa-743.wml delete mode 100644 danish/security/2005/dsa-744.wml delete mode 100644 danish/security/2005/dsa-745.wml delete mode 100644 danish/security/2005/dsa-746.wml delete mode 100644 danish/security/2005/dsa-747.wml delete mode 100644 danish/security/2005/dsa-748.wml delete mode 100644 danish/security/2005/dsa-749.wml delete mode 100644 danish/security/2005/dsa-750.wml delete mode 100644 danish/security/2005/dsa-751.wml delete mode 100644 danish/security/2005/dsa-752.wml delete mode 100644 danish/security/2005/dsa-753.wml delete mode 100644 danish/security/2005/dsa-754.wml delete mode 100644 danish/security/2005/dsa-755.wml delete mode 100644 danish/security/2005/dsa-756.wml delete mode 100644 danish/security/2005/dsa-757.wml delete mode 100644 danish/security/2005/dsa-758.wml delete mode 100644 danish/security/2005/dsa-759.wml delete mode 100644 danish/security/2005/dsa-760.wml delete mode 100644 danish/security/2005/dsa-761.wml delete mode 100644 danish/security/2005/dsa-762.wml delete mode 100644 danish/security/2005/dsa-763.wml delete mode 100644 danish/security/2005/dsa-764.wml delete mode 100644 danish/security/2005/dsa-765.wml delete mode 100644 danish/security/2005/dsa-766.wml delete mode 100644 danish/security/2005/dsa-767.wml delete mode 100644 danish/security/2005/dsa-768.wml delete mode 100644 danish/security/2005/dsa-769.wml delete mode 100644 danish/security/2005/dsa-770.wml delete mode 100644 danish/security/2005/dsa-771.wml delete mode 100644 danish/security/2005/dsa-772.wml delete mode 100644 danish/security/2005/dsa-773.wml delete mode 100644 danish/security/2005/dsa-774.wml delete mode 100644 danish/security/2005/dsa-775.wml delete mode 100644 danish/security/2005/dsa-776.wml delete mode 100644 danish/security/2005/dsa-777.wml delete mode 100644 danish/security/2005/dsa-778.wml delete mode 100644 danish/security/2005/dsa-779.wml delete mode 100644 danish/security/2005/dsa-780.wml delete mode 100644 danish/security/2005/dsa-781.wml delete mode 100644 danish/security/2005/dsa-782.wml delete mode 100644 danish/security/2005/dsa-783.wml delete mode 100644 danish/security/2005/dsa-784.wml delete mode 100644 danish/security/2005/dsa-785.wml delete mode 100644 danish/security/2005/dsa-786.wml delete mode 100644 danish/security/2005/dsa-787.wml delete mode 100644 danish/security/2005/dsa-788.wml delete mode 100644 danish/security/2005/dsa-789.wml delete mode 100644 danish/security/2005/dsa-790.wml delete mode 100644 danish/security/2005/dsa-791.wml delete mode 100644 danish/security/2005/dsa-792.wml delete mode 100644 danish/security/2005/dsa-793.wml delete mode 100644 danish/security/2005/dsa-794.wml delete mode 100644 danish/security/2005/dsa-795.wml delete mode 100644 danish/security/2005/dsa-796.wml delete mode 100644 danish/security/2005/dsa-797.wml delete mode 100644 danish/security/2005/dsa-798.wml delete mode 100644 danish/security/2005/dsa-799.wml delete mode 100644 danish/security/2005/dsa-800.wml delete mode 100644 danish/security/2005/dsa-801.wml delete mode 100644 danish/security/2005/dsa-802.wml delete mode 100644 danish/security/2005/dsa-803.wml delete mode 100644 danish/security/2005/dsa-804.wml delete mode 100644 danish/security/2005/dsa-805.wml delete mode 100644 danish/security/2005/dsa-806.wml delete mode 100644 danish/security/2005/dsa-807.wml delete mode 100644 danish/security/2005/dsa-808.wml delete mode 100644 danish/security/2005/dsa-809.wml delete mode 100644 danish/security/2005/dsa-810.wml delete mode 100644 danish/security/2005/dsa-811.wml delete mode 100644 danish/security/2005/dsa-812.wml delete mode 100644 danish/security/2005/dsa-813.wml delete mode 100644 danish/security/2005/dsa-814.wml delete mode 100644 danish/security/2005/dsa-815.wml delete mode 100644 danish/security/2005/dsa-816.wml delete mode 100644 danish/security/2005/dsa-817.wml delete mode 100644 danish/security/2005/dsa-818.wml delete mode 100644 danish/security/2005/dsa-819.wml delete mode 100644 danish/security/2005/dsa-820.wml delete mode 100644 danish/security/2005/dsa-821.wml delete mode 100644 danish/security/2005/dsa-822.wml delete mode 100644 danish/security/2005/dsa-823.wml delete mode 100644 danish/security/2005/dsa-824.wml delete mode 100644 danish/security/2005/dsa-825.wml delete mode 100644 danish/security/2005/dsa-826.wml delete mode 100644 danish/security/2005/dsa-827.wml delete mode 100644 danish/security/2005/dsa-828.wml delete mode 100644 danish/security/2005/dsa-829.wml delete mode 100644 danish/security/2005/dsa-830.wml delete mode 100644 danish/security/2005/dsa-831.wml delete mode 100644 danish/security/2005/dsa-832.wml delete mode 100644 danish/security/2005/dsa-833.wml delete mode 100644 danish/security/2005/dsa-834.wml delete mode 100644 danish/security/2005/dsa-835.wml delete mode 100644 danish/security/2005/dsa-836.wml delete mode 100644 danish/security/2005/dsa-837.wml delete mode 100644 danish/security/2005/dsa-838.wml delete mode 100644 danish/security/2005/dsa-839.wml delete mode 100644 danish/security/2005/dsa-840.wml delete mode 100644 danish/security/2005/dsa-841.wml delete mode 100644 danish/security/2005/dsa-842.wml delete mode 100644 danish/security/2005/dsa-843.wml delete mode 100644 danish/security/2005/dsa-844.wml delete mode 100644 danish/security/2005/dsa-845.wml delete mode 100644 danish/security/2005/dsa-846.wml delete mode 100644 danish/security/2005/dsa-847.wml delete mode 100644 danish/security/2005/dsa-848.wml delete mode 100644 danish/security/2005/dsa-849.wml delete mode 100644 danish/security/2005/dsa-850.wml delete mode 100644 danish/security/2005/dsa-851.wml delete mode 100644 danish/security/2005/dsa-852.wml delete mode 100644 danish/security/2005/dsa-853.wml delete mode 100644 danish/security/2005/dsa-854.wml delete mode 100644 danish/security/2005/dsa-855.wml delete mode 100644 danish/security/2005/dsa-856.wml delete mode 100644 danish/security/2005/dsa-857.wml delete mode 100644 danish/security/2005/dsa-858.wml delete mode 100644 danish/security/2005/dsa-859.wml delete mode 100644 danish/security/2005/dsa-860.wml delete mode 100644 danish/security/2005/dsa-861.wml delete mode 100644 danish/security/2005/dsa-862.wml delete mode 100644 danish/security/2005/dsa-863.wml delete mode 100644 danish/security/2005/dsa-864.wml delete mode 100644 danish/security/2005/dsa-865.wml delete mode 100644 danish/security/2005/dsa-866.wml delete mode 100644 danish/security/2005/dsa-867.wml delete mode 100644 danish/security/2005/dsa-868.wml delete mode 100644 danish/security/2005/dsa-869.wml delete mode 100644 danish/security/2005/dsa-870.wml delete mode 100644 danish/security/2005/dsa-871.wml delete mode 100644 danish/security/2005/dsa-872.wml delete mode 100644 danish/security/2005/dsa-873.wml delete mode 100644 danish/security/2005/dsa-874.wml delete mode 100644 danish/security/2005/dsa-875.wml delete mode 100644 danish/security/2005/dsa-876.wml delete mode 100644 danish/security/2005/dsa-877.wml delete mode 100644 danish/security/2005/dsa-878.wml delete mode 100644 danish/security/2005/dsa-879.wml delete mode 100644 danish/security/2005/dsa-880.wml delete mode 100644 danish/security/2005/dsa-881.wml delete mode 100644 danish/security/2005/dsa-882.wml delete mode 100644 danish/security/2005/dsa-883.wml delete mode 100644 danish/security/2005/dsa-884.wml delete mode 100644 danish/security/2005/dsa-885.wml delete mode 100644 danish/security/2005/dsa-886.wml delete mode 100644 danish/security/2005/dsa-887.wml delete mode 100644 danish/security/2005/dsa-888.wml delete mode 100644 danish/security/2005/dsa-889.wml delete mode 100644 danish/security/2005/dsa-890.wml delete mode 100644 danish/security/2005/dsa-891.wml delete mode 100644 danish/security/2005/dsa-892.wml delete mode 100644 danish/security/2005/dsa-893.wml delete mode 100644 danish/security/2005/dsa-894.wml delete mode 100644 danish/security/2005/dsa-895.wml delete mode 100644 danish/security/2005/dsa-896.wml delete mode 100644 danish/security/2005/dsa-897.wml delete mode 100644 danish/security/2005/dsa-898.wml delete mode 100644 danish/security/2005/dsa-899.wml delete mode 100644 danish/security/2005/dsa-900.wml delete mode 100644 danish/security/2005/dsa-901.wml delete mode 100644 danish/security/2005/dsa-902.wml delete mode 100644 danish/security/2005/dsa-903.wml delete mode 100644 danish/security/2005/dsa-904.wml delete mode 100644 danish/security/2005/dsa-905.wml delete mode 100644 danish/security/2005/dsa-906.wml delete mode 100644 danish/security/2005/dsa-907.wml delete mode 100644 danish/security/2005/dsa-908.wml delete mode 100644 danish/security/2005/dsa-909.wml delete mode 100644 danish/security/2005/dsa-910.wml delete mode 100644 danish/security/2005/dsa-911.wml delete mode 100644 danish/security/2005/dsa-912.wml delete mode 100644 danish/security/2005/dsa-913.wml delete mode 100644 danish/security/2005/dsa-914.wml delete mode 100644 danish/security/2005/dsa-915.wml delete mode 100644 danish/security/2005/dsa-916.wml delete mode 100644 danish/security/2005/dsa-917.wml delete mode 100644 danish/security/2005/dsa-918.wml delete mode 100644 danish/security/2005/dsa-919.wml delete mode 100644 danish/security/2005/dsa-920.wml delete mode 100644 danish/security/2005/dsa-921.wml delete mode 100644 danish/security/2005/dsa-922.wml delete mode 100644 danish/security/2005/dsa-923.wml delete mode 100644 danish/security/2005/dsa-924.wml delete mode 100644 danish/security/2005/dsa-925.wml delete mode 100644 danish/security/2005/dsa-926.wml delete mode 100644 danish/security/2005/dsa-927.wml delete mode 100644 danish/security/2005/dsa-928.wml delete mode 100644 danish/security/2005/index.wml delete mode 100644 danish/security/2006/Makefile delete mode 100644 danish/security/2006/dsa-1000.wml delete mode 100644 danish/security/2006/dsa-1001.wml delete mode 100644 danish/security/2006/dsa-1002.wml delete mode 100644 danish/security/2006/dsa-1003.wml delete mode 100644 danish/security/2006/dsa-1004.wml delete mode 100644 danish/security/2006/dsa-1005.wml delete mode 100644 danish/security/2006/dsa-1006.wml delete mode 100644 danish/security/2006/dsa-1007.wml delete mode 100644 danish/security/2006/dsa-1008.wml delete mode 100644 danish/security/2006/dsa-1009.wml delete mode 100644 danish/security/2006/dsa-1010.wml delete mode 100644 danish/security/2006/dsa-1011.wml delete mode 100644 danish/security/2006/dsa-1012.wml delete mode 100644 danish/security/2006/dsa-1013.wml delete mode 100644 danish/security/2006/dsa-1014.wml delete mode 100644 danish/security/2006/dsa-1015.wml delete mode 100644 danish/security/2006/dsa-1016.wml delete mode 100644 danish/security/2006/dsa-1017.wml delete mode 100644 danish/security/2006/dsa-1018.wml delete mode 100644 danish/security/2006/dsa-1019.wml delete mode 100644 danish/security/2006/dsa-1020.wml delete mode 100644 danish/security/2006/dsa-1021.wml delete mode 100644 danish/security/2006/dsa-1022.wml delete mode 100644 danish/security/2006/dsa-1023.wml delete mode 100644 danish/security/2006/dsa-1024.wml delete mode 100644 danish/security/2006/dsa-1025.wml delete mode 100644 danish/security/2006/dsa-1026.wml delete mode 100644 danish/security/2006/dsa-1027.wml delete mode 100644 danish/security/2006/dsa-1028.wml delete mode 100644 danish/security/2006/dsa-1029.wml delete mode 100644 danish/security/2006/dsa-1030.wml delete mode 100644 danish/security/2006/dsa-1031.wml delete mode 100644 danish/security/2006/dsa-1032.wml delete mode 100644 danish/security/2006/dsa-1033.wml delete mode 100644 danish/security/2006/dsa-1034.wml delete mode 100644 danish/security/2006/dsa-1035.wml delete mode 100644 danish/security/2006/dsa-1036.wml delete mode 100644 danish/security/2006/dsa-1037.wml delete mode 100644 danish/security/2006/dsa-1038.wml delete mode 100644 danish/security/2006/dsa-1039.wml delete mode 100644 danish/security/2006/dsa-1040.wml delete mode 100644 danish/security/2006/dsa-1041.wml delete mode 100644 danish/security/2006/dsa-1042.wml delete mode 100644 danish/security/2006/dsa-1043.wml delete mode 100644 danish/security/2006/dsa-1044.wml delete mode 100644 danish/security/2006/dsa-1045.wml delete mode 100644 danish/security/2006/dsa-1046.wml delete mode 100644 danish/security/2006/dsa-1047.wml delete mode 100644 danish/security/2006/dsa-1048.wml delete mode 100644 danish/security/2006/dsa-1049.wml delete mode 100644 danish/security/2006/dsa-1050.wml delete mode 100644 danish/security/2006/dsa-1051.wml delete mode 100644 danish/security/2006/dsa-1052.wml delete mode 100644 danish/security/2006/dsa-1053.wml delete mode 100644 danish/security/2006/dsa-1054.wml delete mode 100644 danish/security/2006/dsa-1055.wml delete mode 100644 danish/security/2006/dsa-1056.wml delete mode 100644 danish/security/2006/dsa-1057.wml delete mode 100644 danish/security/2006/dsa-1058.wml delete mode 100644 danish/security/2006/dsa-1059.wml delete mode 100644 danish/security/2006/dsa-1060.wml delete mode 100644 danish/security/2006/dsa-1061.wml delete mode 100644 danish/security/2006/dsa-1062.wml delete mode 100644 danish/security/2006/dsa-1063.wml delete mode 100644 danish/security/2006/dsa-1064.wml delete mode 100644 danish/security/2006/dsa-1065.wml delete mode 100644 danish/security/2006/dsa-1066.wml delete mode 100644 danish/security/2006/dsa-1067.wml delete mode 100644 danish/security/2006/dsa-1068.wml delete mode 100644 danish/security/2006/dsa-1069.wml delete mode 100644 danish/security/2006/dsa-1070.wml delete mode 100644 danish/security/2006/dsa-1071.wml delete mode 100644 danish/security/2006/dsa-1072.wml delete mode 100644 danish/security/2006/dsa-1073.wml delete mode 100644 danish/security/2006/dsa-1074.wml delete mode 100644 danish/security/2006/dsa-1075.wml delete mode 100644 danish/security/2006/dsa-1076.wml delete mode 100644 danish/security/2006/dsa-1077.wml delete mode 100644 danish/security/2006/dsa-1078.wml delete mode 100644 danish/security/2006/dsa-1079.wml delete mode 100644 danish/security/2006/dsa-1080.wml delete mode 100644 danish/security/2006/dsa-1081.wml delete mode 100644 danish/security/2006/dsa-1082.wml delete mode 100644 danish/security/2006/dsa-1083.wml delete mode 100644 danish/security/2006/dsa-1084.wml delete mode 100644 danish/security/2006/dsa-1085.wml delete mode 100644 danish/security/2006/dsa-1086.wml delete mode 100644 danish/security/2006/dsa-1087.wml delete mode 100644 danish/security/2006/dsa-1088.wml delete mode 100644 danish/security/2006/dsa-1089.wml delete mode 100644 danish/security/2006/dsa-1090.wml delete mode 100644 danish/security/2006/dsa-1091.wml delete mode 100644 danish/security/2006/dsa-1092.wml delete mode 100644 danish/security/2006/dsa-1093.wml delete mode 100644 danish/security/2006/dsa-1094.wml delete mode 100644 danish/security/2006/dsa-1095.wml delete mode 100644 danish/security/2006/dsa-1096.wml delete mode 100644 danish/security/2006/dsa-1097.wml delete mode 100644 danish/security/2006/dsa-1098.wml delete mode 100644 danish/security/2006/dsa-1099.wml delete mode 100644 danish/security/2006/dsa-1100.wml delete mode 100644 danish/security/2006/dsa-1101.wml delete mode 100644 danish/security/2006/dsa-1102.wml delete mode 100644 danish/security/2006/dsa-1103.wml delete mode 100644 danish/security/2006/dsa-1104.wml delete mode 100644 danish/security/2006/dsa-1105.wml delete mode 100644 danish/security/2006/dsa-1106.wml delete mode 100644 danish/security/2006/dsa-1107.wml delete mode 100644 danish/security/2006/dsa-1108.wml delete mode 100644 danish/security/2006/dsa-1109.wml delete mode 100644 danish/security/2006/dsa-1110.wml delete mode 100644 danish/security/2006/dsa-1111.wml delete mode 100644 danish/security/2006/dsa-1112.wml delete mode 100644 danish/security/2006/dsa-1113.wml delete mode 100644 danish/security/2006/dsa-1114.wml delete mode 100644 danish/security/2006/dsa-1115.wml delete mode 100644 danish/security/2006/dsa-1116.wml delete mode 100644 danish/security/2006/dsa-1117.wml delete mode 100644 danish/security/2006/dsa-1118.wml delete mode 100644 danish/security/2006/dsa-1119.wml delete mode 100644 danish/security/2006/dsa-1120.wml delete mode 100644 danish/security/2006/dsa-1121.wml delete mode 100644 danish/security/2006/dsa-1122.wml delete mode 100644 danish/security/2006/dsa-1123.wml delete mode 100644 danish/security/2006/dsa-1124.wml delete mode 100644 danish/security/2006/dsa-1125.wml delete mode 100644 danish/security/2006/dsa-1126.wml delete mode 100644 danish/security/2006/dsa-1127.wml delete mode 100644 danish/security/2006/dsa-1128.wml delete mode 100644 danish/security/2006/dsa-1129.wml delete mode 100644 danish/security/2006/dsa-1130.wml delete mode 100644 danish/security/2006/dsa-1131.wml delete mode 100644 danish/security/2006/dsa-1132.wml delete mode 100644 danish/security/2006/dsa-1133.wml delete mode 100644 danish/security/2006/dsa-1134.wml delete mode 100644 danish/security/2006/dsa-1135.wml delete mode 100644 danish/security/2006/dsa-1136.wml delete mode 100644 danish/security/2006/dsa-1137.wml delete mode 100644 danish/security/2006/dsa-1138.wml delete mode 100644 danish/security/2006/dsa-1139.wml delete mode 100644 danish/security/2006/dsa-1140.wml delete mode 100644 danish/security/2006/dsa-1141.wml delete mode 100644 danish/security/2006/dsa-1142.wml delete mode 100644 danish/security/2006/dsa-1143.wml delete mode 100644 danish/security/2006/dsa-1144.wml delete mode 100644 danish/security/2006/dsa-1145.wml delete mode 100644 danish/security/2006/dsa-1146.wml delete mode 100644 danish/security/2006/dsa-1147.wml delete mode 100644 danish/security/2006/dsa-1148.wml delete mode 100644 danish/security/2006/dsa-1149.wml delete mode 100644 danish/security/2006/dsa-1150.wml delete mode 100644 danish/security/2006/dsa-1151.wml delete mode 100644 danish/security/2006/dsa-1152.wml delete mode 100644 danish/security/2006/dsa-1153.wml delete mode 100644 danish/security/2006/dsa-1154.wml delete mode 100644 danish/security/2006/dsa-1155.wml delete mode 100644 danish/security/2006/dsa-1156.wml delete mode 100644 danish/security/2006/dsa-1157.wml delete mode 100644 danish/security/2006/dsa-1158.wml delete mode 100644 danish/security/2006/dsa-1159.wml delete mode 100644 danish/security/2006/dsa-1160.wml delete mode 100644 danish/security/2006/dsa-1161.wml delete mode 100644 danish/security/2006/dsa-1162.wml delete mode 100644 danish/security/2006/dsa-1163.wml delete mode 100644 danish/security/2006/dsa-1164.wml delete mode 100644 danish/security/2006/dsa-1165.wml delete mode 100644 danish/security/2006/dsa-1166.wml delete mode 100644 danish/security/2006/dsa-1167.wml delete mode 100644 danish/security/2006/dsa-1168.wml delete mode 100644 danish/security/2006/dsa-1169.wml delete mode 100644 danish/security/2006/dsa-1170.wml delete mode 100644 danish/security/2006/dsa-1171.wml delete mode 100644 danish/security/2006/dsa-1172.wml delete mode 100644 danish/security/2006/dsa-1173.wml delete mode 100644 danish/security/2006/dsa-1174.wml delete mode 100644 danish/security/2006/dsa-1175.wml delete mode 100644 danish/security/2006/dsa-1176.wml delete mode 100644 danish/security/2006/dsa-1177.wml delete mode 100644 danish/security/2006/dsa-1178.wml delete mode 100644 danish/security/2006/dsa-1179.wml delete mode 100644 danish/security/2006/dsa-1180.wml delete mode 100644 danish/security/2006/dsa-1181.wml delete mode 100644 danish/security/2006/dsa-1182.wml delete mode 100644 danish/security/2006/dsa-1183.wml delete mode 100644 danish/security/2006/dsa-1184.wml delete mode 100644 danish/security/2006/dsa-1185.wml delete mode 100644 danish/security/2006/dsa-1186.wml delete mode 100644 danish/security/2006/dsa-1187.wml delete mode 100644 danish/security/2006/dsa-1188.wml delete mode 100644 danish/security/2006/dsa-1189.wml delete mode 100644 danish/security/2006/dsa-1190.wml delete mode 100644 danish/security/2006/dsa-1191.wml delete mode 100644 danish/security/2006/dsa-1192.wml delete mode 100644 danish/security/2006/dsa-1193.wml delete mode 100644 danish/security/2006/dsa-1194.wml delete mode 100644 danish/security/2006/dsa-1195.wml delete mode 100644 danish/security/2006/dsa-1196.wml delete mode 100644 danish/security/2006/dsa-1197.wml delete mode 100644 danish/security/2006/dsa-1198.wml delete mode 100644 danish/security/2006/dsa-1199.wml delete mode 100644 danish/security/2006/dsa-1200.wml delete mode 100644 danish/security/2006/dsa-1201.wml delete mode 100644 danish/security/2006/dsa-1202.wml delete mode 100644 danish/security/2006/dsa-1203.wml delete mode 100644 danish/security/2006/dsa-1204.wml delete mode 100644 danish/security/2006/dsa-1205.wml delete mode 100644 danish/security/2006/dsa-1206.wml delete mode 100644 danish/security/2006/dsa-1207.wml delete mode 100644 danish/security/2006/dsa-1208.wml delete mode 100644 danish/security/2006/dsa-1209.wml delete mode 100644 danish/security/2006/dsa-1210.wml delete mode 100644 danish/security/2006/dsa-1211.wml delete mode 100644 danish/security/2006/dsa-1212.wml delete mode 100644 danish/security/2006/dsa-1213.wml delete mode 100644 danish/security/2006/dsa-1214.wml delete mode 100644 danish/security/2006/dsa-1215.wml delete mode 100644 danish/security/2006/dsa-1216.wml delete mode 100644 danish/security/2006/dsa-1217.wml delete mode 100644 danish/security/2006/dsa-1218.wml delete mode 100644 danish/security/2006/dsa-1219.wml delete mode 100644 danish/security/2006/dsa-1220.wml delete mode 100644 danish/security/2006/dsa-1221.wml delete mode 100644 danish/security/2006/dsa-1222.wml delete mode 100644 danish/security/2006/dsa-1223.wml delete mode 100644 danish/security/2006/dsa-1224.wml delete mode 100644 danish/security/2006/dsa-1225.wml delete mode 100644 danish/security/2006/dsa-1226.wml delete mode 100644 danish/security/2006/dsa-1227.wml delete mode 100644 danish/security/2006/dsa-1228.wml delete mode 100644 danish/security/2006/dsa-1229.wml delete mode 100644 danish/security/2006/dsa-1230.wml delete mode 100644 danish/security/2006/dsa-1231.wml delete mode 100644 danish/security/2006/dsa-1232.wml delete mode 100644 danish/security/2006/dsa-1233.wml delete mode 100644 danish/security/2006/dsa-1234.wml delete mode 100644 danish/security/2006/dsa-1235.wml delete mode 100644 danish/security/2006/dsa-1236.wml delete mode 100644 danish/security/2006/dsa-1237.wml delete mode 100644 danish/security/2006/dsa-1238.wml delete mode 100644 danish/security/2006/dsa-1239.wml delete mode 100644 danish/security/2006/dsa-1240.wml delete mode 100644 danish/security/2006/dsa-1241.wml delete mode 100644 danish/security/2006/dsa-1242.wml delete mode 100644 danish/security/2006/dsa-1243.wml delete mode 100644 danish/security/2006/dsa-1244.wml delete mode 100644 danish/security/2006/dsa-929.wml delete mode 100644 danish/security/2006/dsa-930.wml delete mode 100644 danish/security/2006/dsa-931.wml delete mode 100644 danish/security/2006/dsa-932.wml delete mode 100644 danish/security/2006/dsa-933.wml delete mode 100644 danish/security/2006/dsa-934.wml delete mode 100644 danish/security/2006/dsa-935.wml delete mode 100644 danish/security/2006/dsa-936.wml delete mode 100644 danish/security/2006/dsa-937.wml delete mode 100644 danish/security/2006/dsa-938.wml delete mode 100644 danish/security/2006/dsa-939.wml delete mode 100644 danish/security/2006/dsa-940.wml delete mode 100644 danish/security/2006/dsa-941.wml delete mode 100644 danish/security/2006/dsa-942.wml delete mode 100644 danish/security/2006/dsa-943.wml delete mode 100644 danish/security/2006/dsa-944.wml delete mode 100644 danish/security/2006/dsa-945.wml delete mode 100644 danish/security/2006/dsa-946.wml delete mode 100644 danish/security/2006/dsa-947.wml delete mode 100644 danish/security/2006/dsa-948.wml delete mode 100644 danish/security/2006/dsa-949.wml delete mode 100644 danish/security/2006/dsa-950.wml delete mode 100644 danish/security/2006/dsa-951.wml delete mode 100644 danish/security/2006/dsa-952.wml delete mode 100644 danish/security/2006/dsa-953.wml delete mode 100644 danish/security/2006/dsa-954.wml delete mode 100644 danish/security/2006/dsa-955.wml delete mode 100644 danish/security/2006/dsa-956.wml delete mode 100644 danish/security/2006/dsa-957.wml delete mode 100644 danish/security/2006/dsa-958.wml delete mode 100644 danish/security/2006/dsa-959.wml delete mode 100644 danish/security/2006/dsa-960.wml delete mode 100644 danish/security/2006/dsa-961.wml delete mode 100644 danish/security/2006/dsa-962.wml delete mode 100644 danish/security/2006/dsa-963.wml delete mode 100644 danish/security/2006/dsa-964.wml delete mode 100644 danish/security/2006/dsa-965.wml delete mode 100644 danish/security/2006/dsa-966.wml delete mode 100644 danish/security/2006/dsa-967.wml delete mode 100644 danish/security/2006/dsa-968.wml delete mode 100644 danish/security/2006/dsa-969.wml delete mode 100644 danish/security/2006/dsa-970.wml delete mode 100644 danish/security/2006/dsa-971.wml delete mode 100644 danish/security/2006/dsa-972.wml delete mode 100644 danish/security/2006/dsa-973.wml delete mode 100644 danish/security/2006/dsa-974.wml delete mode 100644 danish/security/2006/dsa-975.wml delete mode 100644 danish/security/2006/dsa-976.wml delete mode 100644 danish/security/2006/dsa-977.wml delete mode 100644 danish/security/2006/dsa-978.wml delete mode 100644 danish/security/2006/dsa-979.wml delete mode 100644 danish/security/2006/dsa-980.wml delete mode 100644 danish/security/2006/dsa-981.wml delete mode 100644 danish/security/2006/dsa-982.wml delete mode 100644 danish/security/2006/dsa-983.wml delete mode 100644 danish/security/2006/dsa-984.wml delete mode 100644 danish/security/2006/dsa-985.wml delete mode 100644 danish/security/2006/dsa-986.wml delete mode 100644 danish/security/2006/dsa-987.wml delete mode 100644 danish/security/2006/dsa-988.wml delete mode 100644 danish/security/2006/dsa-989.wml delete mode 100644 danish/security/2006/dsa-990.wml delete mode 100644 danish/security/2006/dsa-991.wml delete mode 100644 danish/security/2006/dsa-992.wml delete mode 100644 danish/security/2006/dsa-993.wml delete mode 100644 danish/security/2006/dsa-994.wml delete mode 100644 danish/security/2006/dsa-995.wml delete mode 100644 danish/security/2006/dsa-996.wml delete mode 100644 danish/security/2006/dsa-997.wml delete mode 100644 danish/security/2006/dsa-998.wml delete mode 100644 danish/security/2006/dsa-999.wml delete mode 100644 danish/security/2006/index.wml delete mode 100644 danish/security/2007/Makefile delete mode 100644 danish/security/2007/dsa-1245.wml delete mode 100644 danish/security/2007/dsa-1246.wml delete mode 100644 danish/security/2007/dsa-1247.wml delete mode 100644 danish/security/2007/dsa-1248.wml delete mode 100644 danish/security/2007/dsa-1249.wml delete mode 100644 danish/security/2007/dsa-1250.wml delete mode 100644 danish/security/2007/dsa-1251.wml delete mode 100644 danish/security/2007/dsa-1252.wml delete mode 100644 danish/security/2007/dsa-1253.wml delete mode 100644 danish/security/2007/dsa-1254.wml delete mode 100644 danish/security/2007/dsa-1255.wml delete mode 100644 danish/security/2007/dsa-1256.wml delete mode 100644 danish/security/2007/dsa-1257.wml delete mode 100644 danish/security/2007/dsa-1258.wml delete mode 100644 danish/security/2007/dsa-1259.wml delete mode 100644 danish/security/2007/dsa-1260.wml delete mode 100644 danish/security/2007/dsa-1261.wml delete mode 100644 danish/security/2007/dsa-1262.wml delete mode 100644 danish/security/2007/dsa-1263.wml delete mode 100644 danish/security/2007/dsa-1264.wml delete mode 100644 danish/security/2007/dsa-1265.wml delete mode 100644 danish/security/2007/dsa-1266.wml delete mode 100644 danish/security/2007/dsa-1267.wml delete mode 100644 danish/security/2007/dsa-1268.wml delete mode 100644 danish/security/2007/dsa-1269.wml delete mode 100644 danish/security/2007/dsa-1270.wml delete mode 100644 danish/security/2007/dsa-1271.wml delete mode 100644 danish/security/2007/dsa-1272.wml delete mode 100644 danish/security/2007/dsa-1273.wml delete mode 100644 danish/security/2007/dsa-1274.wml delete mode 100644 danish/security/2007/dsa-1275.wml delete mode 100644 danish/security/2007/dsa-1276.wml delete mode 100644 danish/security/2007/dsa-1277.wml delete mode 100644 danish/security/2007/dsa-1278.wml delete mode 100644 danish/security/2007/dsa-1279.wml delete mode 100644 danish/security/2007/dsa-1280.wml delete mode 100644 danish/security/2007/dsa-1281.wml delete mode 100644 danish/security/2007/dsa-1282.wml delete mode 100644 danish/security/2007/dsa-1283.wml delete mode 100644 danish/security/2007/dsa-1284.wml delete mode 100644 danish/security/2007/dsa-1285.wml delete mode 100644 danish/security/2007/dsa-1286.wml delete mode 100644 danish/security/2007/dsa-1287.wml delete mode 100644 danish/security/2007/dsa-1288.wml delete mode 100644 danish/security/2007/dsa-1289.wml delete mode 100644 danish/security/2007/dsa-1290.wml delete mode 100644 danish/security/2007/dsa-1291.wml delete mode 100644 danish/security/2007/dsa-1292.wml delete mode 100644 danish/security/2007/dsa-1293.wml delete mode 100644 danish/security/2007/dsa-1294.wml delete mode 100644 danish/security/2007/dsa-1295.wml delete mode 100644 danish/security/2007/dsa-1296.wml delete mode 100644 danish/security/2007/dsa-1297.wml delete mode 100644 danish/security/2007/dsa-1298.wml delete mode 100644 danish/security/2007/dsa-1299.wml delete mode 100644 danish/security/2007/dsa-1300.wml delete mode 100644 danish/security/2007/dsa-1301.wml delete mode 100644 danish/security/2007/dsa-1302.wml delete mode 100644 danish/security/2007/dsa-1303.wml delete mode 100644 danish/security/2007/dsa-1304.wml delete mode 100644 danish/security/2007/dsa-1305.wml delete mode 100644 danish/security/2007/dsa-1306.wml delete mode 100644 danish/security/2007/dsa-1307.wml delete mode 100644 danish/security/2007/dsa-1308.wml delete mode 100644 danish/security/2007/dsa-1309.wml delete mode 100644 danish/security/2007/dsa-1310.wml delete mode 100644 danish/security/2007/dsa-1311.wml delete mode 100644 danish/security/2007/dsa-1312.wml delete mode 100644 danish/security/2007/dsa-1313.wml delete mode 100644 danish/security/2007/dsa-1314.wml delete mode 100644 danish/security/2007/dsa-1315.wml delete mode 100644 danish/security/2007/dsa-1316.wml delete mode 100644 danish/security/2007/dsa-1317.wml delete mode 100644 danish/security/2007/dsa-1318.wml delete mode 100644 danish/security/2007/dsa-1319.wml delete mode 100644 danish/security/2007/dsa-1320.wml delete mode 100644 danish/security/2007/dsa-1321.wml delete mode 100644 danish/security/2007/dsa-1322.wml delete mode 100644 danish/security/2007/dsa-1323.wml delete mode 100644 danish/security/2007/dsa-1324.wml delete mode 100644 danish/security/2007/dsa-1325.wml delete mode 100644 danish/security/2007/dsa-1326.wml delete mode 100644 danish/security/2007/dsa-1327.wml delete mode 100644 danish/security/2007/dsa-1328.wml delete mode 100644 danish/security/2007/dsa-1329.wml delete mode 100644 danish/security/2007/dsa-1330.wml delete mode 100644 danish/security/2007/dsa-1331.wml delete mode 100644 danish/security/2007/dsa-1332.wml delete mode 100644 danish/security/2007/dsa-1333.wml delete mode 100644 danish/security/2007/dsa-1334.wml delete mode 100644 danish/security/2007/dsa-1335.wml delete mode 100644 danish/security/2007/dsa-1336.wml delete mode 100644 danish/security/2007/dsa-1337.wml delete mode 100644 danish/security/2007/dsa-1338.wml delete mode 100644 danish/security/2007/dsa-1339.wml delete mode 100644 danish/security/2007/dsa-1340.wml delete mode 100644 danish/security/2007/dsa-1341.wml delete mode 100644 danish/security/2007/dsa-1342.wml delete mode 100644 danish/security/2007/dsa-1343.wml delete mode 100644 danish/security/2007/dsa-1344.wml delete mode 100644 danish/security/2007/dsa-1345.wml delete mode 100644 danish/security/2007/dsa-1346.wml delete mode 100644 danish/security/2007/dsa-1347.wml delete mode 100644 danish/security/2007/dsa-1348.wml delete mode 100644 danish/security/2007/dsa-1349.wml delete mode 100644 danish/security/2007/dsa-1350.wml delete mode 100644 danish/security/2007/dsa-1351.wml delete mode 100644 danish/security/2007/dsa-1352.wml delete mode 100644 danish/security/2007/dsa-1353.wml delete mode 100644 danish/security/2007/dsa-1354.wml delete mode 100644 danish/security/2007/dsa-1355.wml delete mode 100644 danish/security/2007/dsa-1356.wml delete mode 100644 danish/security/2007/dsa-1357.wml delete mode 100644 danish/security/2007/dsa-1358.wml delete mode 100644 danish/security/2007/dsa-1359.wml delete mode 100644 danish/security/2007/dsa-1360.wml delete mode 100644 danish/security/2007/dsa-1361.wml delete mode 100644 danish/security/2007/dsa-1362.wml delete mode 100644 danish/security/2007/dsa-1363.wml delete mode 100644 danish/security/2007/dsa-1364.wml delete mode 100644 danish/security/2007/dsa-1365.wml delete mode 100644 danish/security/2007/dsa-1366.wml delete mode 100644 danish/security/2007/dsa-1367.wml delete mode 100644 danish/security/2007/dsa-1368.wml delete mode 100644 danish/security/2007/dsa-1369.wml delete mode 100644 danish/security/2007/dsa-1370.wml delete mode 100644 danish/security/2007/dsa-1371.wml delete mode 100644 danish/security/2007/dsa-1372.wml delete mode 100644 danish/security/2007/dsa-1373.wml delete mode 100644 danish/security/2007/dsa-1374.wml delete mode 100644 danish/security/2007/dsa-1375.wml delete mode 100644 danish/security/2007/dsa-1376.wml delete mode 100644 danish/security/2007/dsa-1377.wml delete mode 100644 danish/security/2007/dsa-1378.wml delete mode 100644 danish/security/2007/dsa-1379.wml delete mode 100644 danish/security/2007/dsa-1380.wml delete mode 100644 danish/security/2007/dsa-1381.wml delete mode 100644 danish/security/2007/dsa-1382.wml delete mode 100644 danish/security/2007/dsa-1383.wml delete mode 100644 danish/security/2007/dsa-1384.wml delete mode 100644 danish/security/2007/dsa-1385.wml delete mode 100644 danish/security/2007/dsa-1386.wml delete mode 100644 danish/security/2007/dsa-1387.wml delete mode 100644 danish/security/2007/dsa-1388.wml delete mode 100644 danish/security/2007/dsa-1389.wml delete mode 100644 danish/security/2007/dsa-1390.wml delete mode 100644 danish/security/2007/dsa-1391.wml delete mode 100644 danish/security/2007/dsa-1392.wml delete mode 100644 danish/security/2007/dsa-1393.wml delete mode 100644 danish/security/2007/dsa-1394.wml delete mode 100644 danish/security/2007/dsa-1395.wml delete mode 100644 danish/security/2007/dsa-1396.wml delete mode 100644 danish/security/2007/dsa-1397.wml delete mode 100644 danish/security/2007/dsa-1398.wml delete mode 100644 danish/security/2007/dsa-1399.wml delete mode 100644 danish/security/2007/dsa-1400.wml delete mode 100644 danish/security/2007/dsa-1401.wml delete mode 100644 danish/security/2007/dsa-1402.wml delete mode 100644 danish/security/2007/dsa-1403.wml delete mode 100644 danish/security/2007/dsa-1404.wml delete mode 100644 danish/security/2007/dsa-1405.wml delete mode 100644 danish/security/2007/dsa-1406.wml delete mode 100644 danish/security/2007/dsa-1407.wml delete mode 100644 danish/security/2007/dsa-1408.wml delete mode 100644 danish/security/2007/dsa-1409.wml delete mode 100644 danish/security/2007/dsa-1410.wml delete mode 100644 danish/security/2007/dsa-1411.wml delete mode 100644 danish/security/2007/dsa-1412.wml delete mode 100644 danish/security/2007/dsa-1413.wml delete mode 100644 danish/security/2007/dsa-1414.wml delete mode 100644 danish/security/2007/dsa-1415.wml delete mode 100644 danish/security/2007/dsa-1416.wml delete mode 100644 danish/security/2007/dsa-1417.wml delete mode 100644 danish/security/2007/dsa-1418.wml delete mode 100644 danish/security/2007/dsa-1419.wml delete mode 100644 danish/security/2007/dsa-1420.wml delete mode 100644 danish/security/2007/dsa-1421.wml delete mode 100644 danish/security/2007/dsa-1422.wml delete mode 100644 danish/security/2007/dsa-1423.wml delete mode 100644 danish/security/2007/dsa-1424.wml delete mode 100644 danish/security/2007/dsa-1425.wml delete mode 100644 danish/security/2007/dsa-1426.wml delete mode 100644 danish/security/2007/dsa-1427.wml delete mode 100644 danish/security/2007/dsa-1428.wml delete mode 100644 danish/security/2007/dsa-1429.wml delete mode 100644 danish/security/2007/dsa-1430.wml delete mode 100644 danish/security/2007/dsa-1431.wml delete mode 100644 danish/security/2007/dsa-1432.wml delete mode 100644 danish/security/2007/dsa-1433.wml delete mode 100644 danish/security/2007/dsa-1434.wml delete mode 100644 danish/security/2007/dsa-1435.wml delete mode 100644 danish/security/2007/dsa-1436.wml delete mode 100644 danish/security/2007/dsa-1437.wml delete mode 100644 danish/security/2007/dsa-1438.wml delete mode 100644 danish/security/2007/dsa-1439.wml delete mode 100644 danish/security/2007/dsa-1440.wml delete mode 100644 danish/security/2007/dsa-1441.wml delete mode 100644 danish/security/2007/dsa-1442.wml delete mode 100644 danish/security/2007/index.wml delete mode 100644 danish/security/2008/Makefile delete mode 100644 danish/security/2008/dsa-1443.wml delete mode 100644 danish/security/2008/dsa-1444.wml delete mode 100644 danish/security/2008/dsa-1445.wml delete mode 100644 danish/security/2008/dsa-1446.wml delete mode 100644 danish/security/2008/dsa-1447.wml delete mode 100644 danish/security/2008/dsa-1448.wml delete mode 100644 danish/security/2008/dsa-1449.wml delete mode 100644 danish/security/2008/dsa-1450.wml delete mode 100644 danish/security/2008/dsa-1451.wml delete mode 100644 danish/security/2008/dsa-1452.wml delete mode 100644 danish/security/2008/dsa-1453.wml delete mode 100644 danish/security/2008/dsa-1454.wml delete mode 100644 danish/security/2008/dsa-1455.wml delete mode 100644 danish/security/2008/dsa-1456.wml delete mode 100644 danish/security/2008/dsa-1457.wml delete mode 100644 danish/security/2008/dsa-1458.wml delete mode 100644 danish/security/2008/dsa-1459.wml delete mode 100644 danish/security/2008/dsa-1460.wml delete mode 100644 danish/security/2008/dsa-1461.wml delete mode 100644 danish/security/2008/dsa-1462.wml delete mode 100644 danish/security/2008/dsa-1463.wml delete mode 100644 danish/security/2008/dsa-1464.wml delete mode 100644 danish/security/2008/dsa-1465.wml delete mode 100644 danish/security/2008/dsa-1466.wml delete mode 100644 danish/security/2008/dsa-1467.wml delete mode 100644 danish/security/2008/dsa-1468.wml delete mode 100644 danish/security/2008/dsa-1469.wml delete mode 100644 danish/security/2008/dsa-1470.wml delete mode 100644 danish/security/2008/dsa-1471.wml delete mode 100644 danish/security/2008/dsa-1472.wml delete mode 100644 danish/security/2008/dsa-1473.wml delete mode 100644 danish/security/2008/dsa-1474.wml delete mode 100644 danish/security/2008/dsa-1475.wml delete mode 100644 danish/security/2008/dsa-1476.wml delete mode 100644 danish/security/2008/dsa-1477.wml delete mode 100644 danish/security/2008/dsa-1478.wml delete mode 100644 danish/security/2008/dsa-1479.wml delete mode 100644 danish/security/2008/dsa-1480.wml delete mode 100644 danish/security/2008/dsa-1481.wml delete mode 100644 danish/security/2008/dsa-1482.wml delete mode 100644 danish/security/2008/dsa-1483.wml delete mode 100644 danish/security/2008/dsa-1484.wml delete mode 100644 danish/security/2008/dsa-1485.wml delete mode 100644 danish/security/2008/dsa-1486.wml delete mode 100644 danish/security/2008/dsa-1487.wml delete mode 100644 danish/security/2008/dsa-1488.wml delete mode 100644 danish/security/2008/dsa-1489.wml delete mode 100644 danish/security/2008/dsa-1490.wml delete mode 100644 danish/security/2008/dsa-1491.wml delete mode 100644 danish/security/2008/dsa-1492.wml delete mode 100644 danish/security/2008/dsa-1493.wml delete mode 100644 danish/security/2008/dsa-1494.wml delete mode 100644 danish/security/2008/dsa-1495.wml delete mode 100644 danish/security/2008/dsa-1496.wml delete mode 100644 danish/security/2008/dsa-1497.wml delete mode 100644 danish/security/2008/dsa-1498.wml delete mode 100644 danish/security/2008/dsa-1499.wml delete mode 100644 danish/security/2008/dsa-1500.wml delete mode 100644 danish/security/2008/dsa-1501.wml delete mode 100644 danish/security/2008/dsa-1502.wml delete mode 100644 danish/security/2008/dsa-1503.wml delete mode 100644 danish/security/2008/dsa-1504.wml delete mode 100644 danish/security/2008/dsa-1505.wml delete mode 100644 danish/security/2008/dsa-1506.wml delete mode 100644 danish/security/2008/dsa-1507.wml delete mode 100644 danish/security/2008/dsa-1508.wml delete mode 100644 danish/security/2008/dsa-1509.wml delete mode 100644 danish/security/2008/dsa-1510.wml delete mode 100644 danish/security/2008/dsa-1511.wml delete mode 100644 danish/security/2008/dsa-1512.wml delete mode 100644 danish/security/2008/dsa-1513.wml delete mode 100644 danish/security/2008/dsa-1514.wml delete mode 100644 danish/security/2008/dsa-1515.wml delete mode 100644 danish/security/2008/dsa-1516.wml delete mode 100644 danish/security/2008/dsa-1517.wml delete mode 100644 danish/security/2008/dsa-1518.wml delete mode 100644 danish/security/2008/dsa-1519.wml delete mode 100644 danish/security/2008/dsa-1520.wml delete mode 100644 danish/security/2008/dsa-1521.wml delete mode 100644 danish/security/2008/dsa-1522.wml delete mode 100644 danish/security/2008/dsa-1523.wml delete mode 100644 danish/security/2008/dsa-1524.wml delete mode 100644 danish/security/2008/dsa-1525.wml delete mode 100644 danish/security/2008/dsa-1526.wml delete mode 100644 danish/security/2008/dsa-1527.wml delete mode 100644 danish/security/2008/dsa-1528.wml delete mode 100644 danish/security/2008/dsa-1529.wml delete mode 100644 danish/security/2008/dsa-1530.wml delete mode 100644 danish/security/2008/dsa-1531.wml delete mode 100644 danish/security/2008/dsa-1532.wml delete mode 100644 danish/security/2008/dsa-1533.wml delete mode 100644 danish/security/2008/dsa-1534.wml delete mode 100644 danish/security/2008/dsa-1535.wml delete mode 100644 danish/security/2008/dsa-1536.wml delete mode 100644 danish/security/2008/dsa-1537.wml delete mode 100644 danish/security/2008/dsa-1538.wml delete mode 100644 danish/security/2008/dsa-1539.wml delete mode 100644 danish/security/2008/dsa-1540.wml delete mode 100644 danish/security/2008/dsa-1541.wml delete mode 100644 danish/security/2008/dsa-1542.wml delete mode 100644 danish/security/2008/dsa-1543.wml delete mode 100644 danish/security/2008/dsa-1544.wml delete mode 100644 danish/security/2008/dsa-1545.wml delete mode 100644 danish/security/2008/dsa-1546.wml delete mode 100644 danish/security/2008/dsa-1547.wml delete mode 100644 danish/security/2008/dsa-1548.wml delete mode 100644 danish/security/2008/dsa-1549.wml delete mode 100644 danish/security/2008/dsa-1550.wml delete mode 100644 danish/security/2008/dsa-1551.wml delete mode 100644 danish/security/2008/dsa-1552.wml delete mode 100644 danish/security/2008/dsa-1553.wml delete mode 100644 danish/security/2008/dsa-1554.wml delete mode 100644 danish/security/2008/dsa-1555.wml delete mode 100644 danish/security/2008/dsa-1556.wml delete mode 100644 danish/security/2008/dsa-1557.wml delete mode 100644 danish/security/2008/dsa-1558.wml delete mode 100644 danish/security/2008/dsa-1559.wml delete mode 100644 danish/security/2008/dsa-1560.wml delete mode 100644 danish/security/2008/dsa-1561.wml delete mode 100644 danish/security/2008/dsa-1562.wml delete mode 100644 danish/security/2008/dsa-1563.wml delete mode 100644 danish/security/2008/dsa-1564.wml delete mode 100644 danish/security/2008/dsa-1565.wml delete mode 100644 danish/security/2008/dsa-1566.wml delete mode 100644 danish/security/2008/dsa-1567.wml delete mode 100644 danish/security/2008/dsa-1568.wml delete mode 100644 danish/security/2008/dsa-1569.wml delete mode 100644 danish/security/2008/dsa-1570.wml delete mode 100644 danish/security/2008/dsa-1571.wml delete mode 100644 danish/security/2008/dsa-1572.wml delete mode 100644 danish/security/2008/dsa-1573.wml delete mode 100644 danish/security/2008/dsa-1574.wml delete mode 100644 danish/security/2008/dsa-1575.wml delete mode 100644 danish/security/2008/dsa-1576.wml delete mode 100644 danish/security/2008/dsa-1577.wml delete mode 100644 danish/security/2008/dsa-1578.wml delete mode 100644 danish/security/2008/dsa-1579.wml delete mode 100644 danish/security/2008/dsa-1580.wml delete mode 100644 danish/security/2008/dsa-1581.wml delete mode 100644 danish/security/2008/dsa-1582.wml delete mode 100644 danish/security/2008/dsa-1583.wml delete mode 100644 danish/security/2008/dsa-1584.wml delete mode 100644 danish/security/2008/dsa-1585.wml delete mode 100644 danish/security/2008/dsa-1586.wml delete mode 100644 danish/security/2008/dsa-1587.wml delete mode 100644 danish/security/2008/dsa-1588.wml delete mode 100644 danish/security/2008/dsa-1589.wml delete mode 100644 danish/security/2008/dsa-1590.wml delete mode 100644 danish/security/2008/dsa-1591.wml delete mode 100644 danish/security/2008/dsa-1592.wml delete mode 100644 danish/security/2008/dsa-1593.wml delete mode 100644 danish/security/2008/dsa-1594.wml delete mode 100644 danish/security/2008/dsa-1595.wml delete mode 100644 danish/security/2008/dsa-1596.wml delete mode 100644 danish/security/2008/dsa-1597.wml delete mode 100644 danish/security/2008/dsa-1598.wml delete mode 100644 danish/security/2008/dsa-1599.wml delete mode 100644 danish/security/2008/dsa-1600.wml delete mode 100644 danish/security/2008/dsa-1601.wml delete mode 100644 danish/security/2008/dsa-1602.wml delete mode 100644 danish/security/2008/dsa-1603.wml delete mode 100644 danish/security/2008/dsa-1604.wml delete mode 100644 danish/security/2008/dsa-1605.wml delete mode 100644 danish/security/2008/dsa-1606.wml delete mode 100644 danish/security/2008/dsa-1607.wml delete mode 100644 danish/security/2008/dsa-1608.wml delete mode 100644 danish/security/2008/dsa-1609.wml delete mode 100644 danish/security/2008/dsa-1610.wml delete mode 100644 danish/security/2008/dsa-1611.wml delete mode 100644 danish/security/2008/dsa-1612.wml delete mode 100644 danish/security/2008/dsa-1613.wml delete mode 100644 danish/security/2008/dsa-1614.wml delete mode 100644 danish/security/2008/dsa-1615.wml delete mode 100644 danish/security/2008/dsa-1616.wml delete mode 100644 danish/security/2008/dsa-1617.wml delete mode 100644 danish/security/2008/dsa-1618.wml delete mode 100644 danish/security/2008/dsa-1619.wml delete mode 100644 danish/security/2008/dsa-1620.wml delete mode 100644 danish/security/2008/dsa-1621.wml delete mode 100644 danish/security/2008/dsa-1622.wml delete mode 100644 danish/security/2008/dsa-1623.wml delete mode 100644 danish/security/2008/dsa-1624.wml delete mode 100644 danish/security/2008/dsa-1625.wml delete mode 100644 danish/security/2008/dsa-1626.wml delete mode 100644 danish/security/2008/dsa-1627.wml delete mode 100644 danish/security/2008/dsa-1628.wml delete mode 100644 danish/security/2008/dsa-1629.wml delete mode 100644 danish/security/2008/dsa-1630.wml delete mode 100644 danish/security/2008/dsa-1631.wml delete mode 100644 danish/security/2008/dsa-1632.wml delete mode 100644 danish/security/2008/dsa-1633.wml delete mode 100644 danish/security/2008/dsa-1634.wml delete mode 100644 danish/security/2008/dsa-1635.wml delete mode 100644 danish/security/2008/dsa-1636.wml delete mode 100644 danish/security/2008/dsa-1637.wml delete mode 100644 danish/security/2008/dsa-1638.wml delete mode 100644 danish/security/2008/dsa-1639.wml delete mode 100644 danish/security/2008/dsa-1640.wml delete mode 100644 danish/security/2008/dsa-1641.wml delete mode 100644 danish/security/2008/dsa-1642.wml delete mode 100644 danish/security/2008/dsa-1643.wml delete mode 100644 danish/security/2008/dsa-1644.wml delete mode 100644 danish/security/2008/dsa-1645.wml delete mode 100644 danish/security/2008/dsa-1646.wml delete mode 100644 danish/security/2008/dsa-1647.wml delete mode 100644 danish/security/2008/dsa-1648.wml delete mode 100644 danish/security/2008/dsa-1649.wml delete mode 100644 danish/security/2008/dsa-1650.wml delete mode 100644 danish/security/2008/dsa-1651.wml delete mode 100644 danish/security/2008/dsa-1652.wml delete mode 100644 danish/security/2008/dsa-1653.wml delete mode 100644 danish/security/2008/dsa-1654.wml delete mode 100644 danish/security/2008/dsa-1655.wml delete mode 100644 danish/security/2008/dsa-1656.wml delete mode 100644 danish/security/2008/dsa-1657.wml delete mode 100644 danish/security/2008/dsa-1658.wml delete mode 100644 danish/security/2008/dsa-1659.wml delete mode 100644 danish/security/2008/dsa-1660.wml delete mode 100644 danish/security/2008/dsa-1661.wml delete mode 100644 danish/security/2008/dsa-1662.wml delete mode 100644 danish/security/2008/dsa-1663.wml delete mode 100644 danish/security/2008/dsa-1664.wml delete mode 100644 danish/security/2008/dsa-1665.wml delete mode 100644 danish/security/2008/dsa-1666.wml delete mode 100644 danish/security/2008/dsa-1667.wml delete mode 100644 danish/security/2008/dsa-1668.wml delete mode 100644 danish/security/2008/dsa-1669.wml delete mode 100644 danish/security/2008/dsa-1670.wml delete mode 100644 danish/security/2008/dsa-1671.wml delete mode 100644 danish/security/2008/dsa-1672.wml delete mode 100644 danish/security/2008/dsa-1673.wml delete mode 100644 danish/security/2008/dsa-1674.wml delete mode 100644 danish/security/2008/dsa-1675.wml delete mode 100644 danish/security/2008/dsa-1676.wml delete mode 100644 danish/security/2008/dsa-1677.wml delete mode 100644 danish/security/2008/dsa-1678.wml delete mode 100644 danish/security/2008/dsa-1679.wml delete mode 100644 danish/security/2008/dsa-1680.wml delete mode 100644 danish/security/2008/dsa-1681.wml delete mode 100644 danish/security/2008/dsa-1682.wml delete mode 100644 danish/security/2008/dsa-1683.wml delete mode 100644 danish/security/2008/dsa-1684.wml delete mode 100644 danish/security/2008/dsa-1685.wml delete mode 100644 danish/security/2008/dsa-1686.wml delete mode 100644 danish/security/2008/dsa-1687.wml delete mode 100644 danish/security/2008/dsa-1688.wml delete mode 100644 danish/security/2008/dsa-1689.wml delete mode 100644 danish/security/2008/dsa-1690.wml delete mode 100644 danish/security/2008/dsa-1691.wml delete mode 100644 danish/security/2008/dsa-1692.wml delete mode 100644 danish/security/2008/dsa-1693.wml delete mode 100644 danish/security/2008/index.wml delete mode 100644 danish/security/2009/Makefile delete mode 100644 danish/security/2009/dsa-1694.wml delete mode 100644 danish/security/2009/dsa-1695.wml delete mode 100644 danish/security/2009/dsa-1696.wml delete mode 100644 danish/security/2009/dsa-1697.wml delete mode 100644 danish/security/2009/dsa-1698.wml delete mode 100644 danish/security/2009/dsa-1699.wml delete mode 100644 danish/security/2009/dsa-1700.wml delete mode 100644 danish/security/2009/dsa-1701.wml delete mode 100644 danish/security/2009/dsa-1702.wml delete mode 100644 danish/security/2009/dsa-1703.wml delete mode 100644 danish/security/2009/dsa-1704.wml delete mode 100644 danish/security/2009/dsa-1705.wml delete mode 100644 danish/security/2009/dsa-1706.wml delete mode 100644 danish/security/2009/dsa-1707.wml delete mode 100644 danish/security/2009/dsa-1708.wml delete mode 100644 danish/security/2009/dsa-1709.wml delete mode 100644 danish/security/2009/dsa-1710.wml delete mode 100644 danish/security/2009/dsa-1711.wml delete mode 100644 danish/security/2009/dsa-1712.wml delete mode 100644 danish/security/2009/dsa-1713.wml delete mode 100644 danish/security/2009/dsa-1714.wml delete mode 100644 danish/security/2009/dsa-1715.wml delete mode 100644 danish/security/2009/dsa-1716.wml delete mode 100644 danish/security/2009/dsa-1717.wml delete mode 100644 danish/security/2009/dsa-1718.wml delete mode 100644 danish/security/2009/dsa-1719.wml delete mode 100644 danish/security/2009/dsa-1720.wml delete mode 100644 danish/security/2009/dsa-1721.wml delete mode 100644 danish/security/2009/dsa-1722.wml delete mode 100644 danish/security/2009/dsa-1723.wml delete mode 100644 danish/security/2009/dsa-1724.wml delete mode 100644 danish/security/2009/dsa-1725.wml delete mode 100644 danish/security/2009/dsa-1726.wml delete mode 100644 danish/security/2009/dsa-1727.wml delete mode 100644 danish/security/2009/dsa-1728.wml delete mode 100644 danish/security/2009/dsa-1729.wml delete mode 100644 danish/security/2009/dsa-1730.wml delete mode 100644 danish/security/2009/dsa-1731.wml delete mode 100644 danish/security/2009/dsa-1732.wml delete mode 100644 danish/security/2009/dsa-1733.wml delete mode 100644 danish/security/2009/dsa-1734.wml delete mode 100644 danish/security/2009/dsa-1735.wml delete mode 100644 danish/security/2009/dsa-1736.wml delete mode 100644 danish/security/2009/dsa-1737.wml delete mode 100644 danish/security/2009/dsa-1738.wml delete mode 100644 danish/security/2009/dsa-1739.wml delete mode 100644 danish/security/2009/dsa-1740.wml delete mode 100644 danish/security/2009/dsa-1741.wml delete mode 100644 danish/security/2009/dsa-1742.wml delete mode 100644 danish/security/2009/dsa-1743.wml delete mode 100644 danish/security/2009/dsa-1744.wml delete mode 100644 danish/security/2009/dsa-1745.wml delete mode 100644 danish/security/2009/dsa-1746.wml delete mode 100644 danish/security/2009/dsa-1747.wml delete mode 100644 danish/security/2009/dsa-1748.wml delete mode 100644 danish/security/2009/dsa-1749.wml delete mode 100644 danish/security/2009/dsa-1750.wml delete mode 100644 danish/security/2009/dsa-1751.wml delete mode 100644 danish/security/2009/dsa-1752.wml delete mode 100644 danish/security/2009/dsa-1753.wml delete mode 100644 danish/security/2009/dsa-1754.wml delete mode 100644 danish/security/2009/dsa-1755.wml delete mode 100644 danish/security/2009/dsa-1756.wml delete mode 100644 danish/security/2009/dsa-1757.wml delete mode 100644 danish/security/2009/dsa-1758.wml delete mode 100644 danish/security/2009/dsa-1759.wml delete mode 100644 danish/security/2009/dsa-1760.wml delete mode 100644 danish/security/2009/dsa-1761.wml delete mode 100644 danish/security/2009/dsa-1762.wml delete mode 100644 danish/security/2009/dsa-1763.wml delete mode 100644 danish/security/2009/dsa-1764.wml delete mode 100644 danish/security/2009/dsa-1765.wml delete mode 100644 danish/security/2009/dsa-1766.wml delete mode 100644 danish/security/2009/dsa-1767.wml delete mode 100644 danish/security/2009/dsa-1768.wml delete mode 100644 danish/security/2009/dsa-1769.wml delete mode 100644 danish/security/2009/dsa-1770.wml delete mode 100644 danish/security/2009/dsa-1771.wml delete mode 100644 danish/security/2009/dsa-1772.wml delete mode 100644 danish/security/2009/dsa-1773.wml delete mode 100644 danish/security/2009/dsa-1774.wml delete mode 100644 danish/security/2009/dsa-1775.wml delete mode 100644 danish/security/2009/dsa-1776.wml delete mode 100644 danish/security/2009/dsa-1777.wml delete mode 100644 danish/security/2009/dsa-1778.wml delete mode 100644 danish/security/2009/dsa-1779.wml delete mode 100644 danish/security/2009/dsa-1780.wml delete mode 100644 danish/security/2009/dsa-1781.wml delete mode 100644 danish/security/2009/dsa-1782.wml delete mode 100644 danish/security/2009/dsa-1783.wml delete mode 100644 danish/security/2009/dsa-1784.wml delete mode 100644 danish/security/2009/dsa-1785.wml delete mode 100644 danish/security/2009/dsa-1786.wml delete mode 100644 danish/security/2009/dsa-1787.wml delete mode 100644 danish/security/2009/dsa-1788.wml delete mode 100644 danish/security/2009/dsa-1789.wml delete mode 100644 danish/security/2009/dsa-1790.wml delete mode 100644 danish/security/2009/dsa-1791.wml delete mode 100644 danish/security/2009/dsa-1792.wml delete mode 100644 danish/security/2009/dsa-1793.wml delete mode 100644 danish/security/2009/dsa-1794.wml delete mode 100644 danish/security/2009/dsa-1795.wml delete mode 100644 danish/security/2009/dsa-1796.wml delete mode 100644 danish/security/2009/dsa-1797.wml delete mode 100644 danish/security/2009/dsa-1798.wml delete mode 100644 danish/security/2009/dsa-1799.wml delete mode 100644 danish/security/2009/dsa-1800.wml delete mode 100644 danish/security/2009/dsa-1801.wml delete mode 100644 danish/security/2009/dsa-1802.wml delete mode 100644 danish/security/2009/dsa-1803.wml delete mode 100644 danish/security/2009/dsa-1804.wml delete mode 100644 danish/security/2009/dsa-1805.wml delete mode 100644 danish/security/2009/dsa-1806.wml delete mode 100644 danish/security/2009/dsa-1807.wml delete mode 100644 danish/security/2009/dsa-1808.wml delete mode 100644 danish/security/2009/dsa-1809.wml delete mode 100644 danish/security/2009/dsa-1810.wml delete mode 100644 danish/security/2009/dsa-1811.wml delete mode 100644 danish/security/2009/dsa-1812.wml delete mode 100644 danish/security/2009/dsa-1813.wml delete mode 100644 danish/security/2009/dsa-1814.wml delete mode 100644 danish/security/2009/dsa-1815.wml delete mode 100644 danish/security/2009/dsa-1816.wml delete mode 100644 danish/security/2009/dsa-1817.wml delete mode 100644 danish/security/2009/dsa-1818.wml delete mode 100644 danish/security/2009/dsa-1819.wml delete mode 100644 danish/security/2009/dsa-1820.wml delete mode 100644 danish/security/2009/dsa-1821.wml delete mode 100644 danish/security/2009/dsa-1822.wml delete mode 100644 danish/security/2009/dsa-1823.wml delete mode 100644 danish/security/2009/dsa-1824.wml delete mode 100644 danish/security/2009/dsa-1825.wml delete mode 100644 danish/security/2009/dsa-1826.wml delete mode 100644 danish/security/2009/dsa-1827.wml delete mode 100644 danish/security/2009/dsa-1828.wml delete mode 100644 danish/security/2009/dsa-1829.wml delete mode 100644 danish/security/2009/dsa-1830.wml delete mode 100644 danish/security/2009/dsa-1831.wml delete mode 100644 danish/security/2009/dsa-1832.wml delete mode 100644 danish/security/2009/dsa-1833.wml delete mode 100644 danish/security/2009/dsa-1834.wml delete mode 100644 danish/security/2009/dsa-1835.wml delete mode 100644 danish/security/2009/dsa-1836.wml delete mode 100644 danish/security/2009/dsa-1837.wml delete mode 100644 danish/security/2009/dsa-1838.wml delete mode 100644 danish/security/2009/dsa-1839.wml delete mode 100644 danish/security/2009/dsa-1840.wml delete mode 100644 danish/security/2009/dsa-1841.wml delete mode 100644 danish/security/2009/dsa-1842.wml delete mode 100644 danish/security/2009/dsa-1843.wml delete mode 100644 danish/security/2009/dsa-1844.wml delete mode 100644 danish/security/2009/dsa-1845.wml delete mode 100644 danish/security/2009/dsa-1846.wml delete mode 100644 danish/security/2009/dsa-1847.wml delete mode 100644 danish/security/2009/dsa-1848.wml delete mode 100644 danish/security/2009/dsa-1849.wml delete mode 100644 danish/security/2009/dsa-1850.wml delete mode 100644 danish/security/2009/dsa-1851.wml delete mode 100644 danish/security/2009/dsa-1852.wml delete mode 100644 danish/security/2009/dsa-1853.wml delete mode 100644 danish/security/2009/dsa-1854.wml delete mode 100644 danish/security/2009/dsa-1855.wml delete mode 100644 danish/security/2009/dsa-1856.wml delete mode 100644 danish/security/2009/dsa-1857.wml delete mode 100644 danish/security/2009/dsa-1858.wml delete mode 100644 danish/security/2009/dsa-1859.wml delete mode 100644 danish/security/2009/dsa-1860.wml delete mode 100644 danish/security/2009/dsa-1861.wml delete mode 100644 danish/security/2009/dsa-1862.wml delete mode 100644 danish/security/2009/dsa-1863.wml delete mode 100644 danish/security/2009/dsa-1864.wml delete mode 100644 danish/security/2009/dsa-1865.wml delete mode 100644 danish/security/2009/dsa-1866.wml delete mode 100644 danish/security/2009/dsa-1867.wml delete mode 100644 danish/security/2009/dsa-1868.wml delete mode 100644 danish/security/2009/dsa-1869.wml delete mode 100644 danish/security/2009/dsa-1870.wml delete mode 100644 danish/security/2009/dsa-1871.wml delete mode 100644 danish/security/2009/dsa-1872.wml delete mode 100644 danish/security/2009/dsa-1873.wml delete mode 100644 danish/security/2009/dsa-1874.wml delete mode 100644 danish/security/2009/dsa-1875.wml delete mode 100644 danish/security/2009/dsa-1876.wml delete mode 100644 danish/security/2009/dsa-1877.wml delete mode 100644 danish/security/2009/dsa-1878.wml delete mode 100644 danish/security/2009/dsa-1879.wml delete mode 100644 danish/security/2009/dsa-1880.wml delete mode 100644 danish/security/2009/dsa-1881.wml delete mode 100644 danish/security/2009/dsa-1882.wml delete mode 100644 danish/security/2009/dsa-1883.wml delete mode 100644 danish/security/2009/dsa-1884.wml delete mode 100644 danish/security/2009/dsa-1885.wml delete mode 100644 danish/security/2009/dsa-1886.wml delete mode 100644 danish/security/2009/dsa-1887.wml delete mode 100644 danish/security/2009/dsa-1888.wml delete mode 100644 danish/security/2009/dsa-1889.wml delete mode 100644 danish/security/2009/dsa-1890.wml delete mode 100644 danish/security/2009/dsa-1891.wml delete mode 100644 danish/security/2009/dsa-1892.wml delete mode 100644 danish/security/2009/dsa-1893.wml delete mode 100644 danish/security/2009/dsa-1894.wml delete mode 100644 danish/security/2009/dsa-1895.wml delete mode 100644 danish/security/2009/dsa-1896.wml delete mode 100644 danish/security/2009/dsa-1897.wml delete mode 100644 danish/security/2009/dsa-1898.wml delete mode 100644 danish/security/2009/dsa-1899.wml delete mode 100644 danish/security/2009/dsa-1900.wml delete mode 100644 danish/security/2009/dsa-1901.wml delete mode 100644 danish/security/2009/dsa-1902.wml delete mode 100644 danish/security/2009/dsa-1903.wml delete mode 100644 danish/security/2009/dsa-1904.wml delete mode 100644 danish/security/2009/dsa-1905.wml delete mode 100644 danish/security/2009/dsa-1906.wml delete mode 100644 danish/security/2009/dsa-1907.wml delete mode 100644 danish/security/2009/dsa-1908.wml delete mode 100644 danish/security/2009/dsa-1909.wml delete mode 100644 danish/security/2009/dsa-1910.wml delete mode 100644 danish/security/2009/dsa-1911.wml delete mode 100644 danish/security/2009/dsa-1912.wml delete mode 100644 danish/security/2009/dsa-1913.wml delete mode 100644 danish/security/2009/dsa-1914.wml delete mode 100644 danish/security/2009/dsa-1915.wml delete mode 100644 danish/security/2009/dsa-1916.wml delete mode 100644 danish/security/2009/dsa-1917.wml delete mode 100644 danish/security/2009/dsa-1918.wml delete mode 100644 danish/security/2009/dsa-1919.wml delete mode 100644 danish/security/2009/dsa-1920.wml delete mode 100644 danish/security/2009/dsa-1921.wml delete mode 100644 danish/security/2009/dsa-1922.wml delete mode 100644 danish/security/2009/dsa-1923.wml delete mode 100644 danish/security/2009/dsa-1924.wml delete mode 100644 danish/security/2009/dsa-1925.wml delete mode 100644 danish/security/2009/dsa-1926.wml delete mode 100644 danish/security/2009/dsa-1927.wml delete mode 100644 danish/security/2009/dsa-1928.wml delete mode 100644 danish/security/2009/dsa-1929.wml delete mode 100644 danish/security/2009/dsa-1930.wml delete mode 100644 danish/security/2009/dsa-1931.wml delete mode 100644 danish/security/2009/dsa-1932.wml delete mode 100644 danish/security/2009/dsa-1933.wml delete mode 100644 danish/security/2009/dsa-1934.wml delete mode 100644 danish/security/2009/dsa-1935.wml delete mode 100644 danish/security/2009/dsa-1936.wml delete mode 100644 danish/security/2009/dsa-1937.wml delete mode 100644 danish/security/2009/dsa-1938.wml delete mode 100644 danish/security/2009/dsa-1939.wml delete mode 100644 danish/security/2009/dsa-1940.wml delete mode 100644 danish/security/2009/dsa-1941.wml delete mode 100644 danish/security/2009/dsa-1942.wml delete mode 100644 danish/security/2009/dsa-1943.wml delete mode 100644 danish/security/2009/dsa-1944.wml delete mode 100644 danish/security/2009/dsa-1945.wml delete mode 100644 danish/security/2009/dsa-1946.wml delete mode 100644 danish/security/2009/dsa-1947.wml delete mode 100644 danish/security/2009/dsa-1948.wml delete mode 100644 danish/security/2009/dsa-1949.wml delete mode 100644 danish/security/2009/dsa-1950.wml delete mode 100644 danish/security/2009/dsa-1951.wml delete mode 100644 danish/security/2009/dsa-1952.wml delete mode 100644 danish/security/2009/dsa-1953.wml delete mode 100644 danish/security/2009/dsa-1954.wml delete mode 100644 danish/security/2009/dsa-1955.wml delete mode 100644 danish/security/2009/dsa-1956.wml delete mode 100644 danish/security/2009/dsa-1957.wml delete mode 100644 danish/security/2009/dsa-1958.wml delete mode 100644 danish/security/2009/dsa-1959.wml delete mode 100644 danish/security/2009/dsa-1960.wml delete mode 100644 danish/security/2009/dsa-1961.wml delete mode 100644 danish/security/2009/dsa-1962.wml delete mode 100644 danish/security/2009/dsa-1963.wml delete mode 100644 danish/security/2009/dsa-1964.wml delete mode 100644 danish/security/2009/index.wml delete mode 100644 danish/security/2010/Makefile delete mode 100644 danish/security/2010/dsa-1965.wml delete mode 100644 danish/security/2010/dsa-1966.wml delete mode 100644 danish/security/2010/dsa-1967.wml delete mode 100644 danish/security/2010/dsa-1968.wml delete mode 100644 danish/security/2010/dsa-1969.wml delete mode 100644 danish/security/2010/dsa-1970.wml delete mode 100644 danish/security/2010/dsa-1971.wml delete mode 100644 danish/security/2010/dsa-1972.wml delete mode 100644 danish/security/2010/dsa-1973.wml delete mode 100644 danish/security/2010/dsa-1974.wml delete mode 100644 danish/security/2010/dsa-1976.wml delete mode 100644 danish/security/2010/dsa-1977.wml delete mode 100644 danish/security/2010/dsa-1978.wml delete mode 100644 danish/security/2010/dsa-1979.wml delete mode 100644 danish/security/2010/dsa-1980.wml delete mode 100644 danish/security/2010/dsa-1981.wml delete mode 100644 danish/security/2010/dsa-1982.wml delete mode 100644 danish/security/2010/dsa-1983.wml delete mode 100644 danish/security/2010/dsa-1984.wml delete mode 100644 danish/security/2010/dsa-1985.wml delete mode 100644 danish/security/2010/dsa-1986.wml delete mode 100644 danish/security/2010/dsa-1987.wml delete mode 100644 danish/security/2010/dsa-1988.wml delete mode 100644 danish/security/2010/dsa-1989.wml delete mode 100644 danish/security/2010/dsa-1990.wml delete mode 100644 danish/security/2010/dsa-1991.wml delete mode 100644 danish/security/2010/dsa-1992.wml delete mode 100644 danish/security/2010/dsa-1993.wml delete mode 100644 danish/security/2010/dsa-1994.wml delete mode 100644 danish/security/2010/dsa-1995.wml delete mode 100644 danish/security/2010/dsa-1996.wml delete mode 100644 danish/security/2010/dsa-1997.wml delete mode 100644 danish/security/2010/dsa-1998.wml delete mode 100644 danish/security/2010/dsa-1999.wml delete mode 100644 danish/security/2010/dsa-2000.wml delete mode 100644 danish/security/2010/dsa-2001.wml delete mode 100644 danish/security/2010/dsa-2002.wml delete mode 100644 danish/security/2010/dsa-2003.wml delete mode 100644 danish/security/2010/dsa-2004.wml delete mode 100644 danish/security/2010/dsa-2005.wml delete mode 100644 danish/security/2010/dsa-2006.wml delete mode 100644 danish/security/2010/dsa-2007.wml delete mode 100644 danish/security/2010/dsa-2008.wml delete mode 100644 danish/security/2010/dsa-2009.wml delete mode 100644 danish/security/2010/dsa-2010.wml delete mode 100644 danish/security/2010/dsa-2011.wml delete mode 100644 danish/security/2010/dsa-2012.wml delete mode 100644 danish/security/2010/dsa-2013.wml delete mode 100644 danish/security/2010/dsa-2014.wml delete mode 100644 danish/security/2010/dsa-2015.wml delete mode 100644 danish/security/2010/dsa-2016.wml delete mode 100644 danish/security/2010/dsa-2017.wml delete mode 100644 danish/security/2010/dsa-2018.wml delete mode 100644 danish/security/2010/dsa-2019.wml delete mode 100644 danish/security/2010/dsa-2020.wml delete mode 100644 danish/security/2010/dsa-2021.wml delete mode 100644 danish/security/2010/dsa-2022.wml delete mode 100644 danish/security/2010/dsa-2023.wml delete mode 100644 danish/security/2010/dsa-2024.wml delete mode 100644 danish/security/2010/dsa-2025.wml delete mode 100644 danish/security/2010/dsa-2026.wml delete mode 100644 danish/security/2010/dsa-2027.wml delete mode 100644 danish/security/2010/dsa-2028.wml delete mode 100644 danish/security/2010/dsa-2029.wml delete mode 100644 danish/security/2010/dsa-2030.wml delete mode 100644 danish/security/2010/dsa-2031.wml delete mode 100644 danish/security/2010/dsa-2032.wml delete mode 100644 danish/security/2010/dsa-2033.wml delete mode 100644 danish/security/2010/dsa-2034.wml delete mode 100644 danish/security/2010/dsa-2035.wml delete mode 100644 danish/security/2010/dsa-2036.wml delete mode 100644 danish/security/2010/dsa-2037.wml delete mode 100644 danish/security/2010/dsa-2038.wml delete mode 100644 danish/security/2010/dsa-2039.wml delete mode 100644 danish/security/2010/dsa-2040.wml delete mode 100644 danish/security/2010/dsa-2041.wml delete mode 100644 danish/security/2010/dsa-2042.wml delete mode 100644 danish/security/2010/dsa-2043.wml delete mode 100644 danish/security/2010/dsa-2044.wml delete mode 100644 danish/security/2010/dsa-2045.wml delete mode 100644 danish/security/2010/dsa-2046.wml delete mode 100644 danish/security/2010/dsa-2047.wml delete mode 100644 danish/security/2010/dsa-2048.wml delete mode 100644 danish/security/2010/dsa-2049.wml delete mode 100644 danish/security/2010/dsa-2050.wml delete mode 100644 danish/security/2010/dsa-2051.wml delete mode 100644 danish/security/2010/dsa-2052.wml delete mode 100644 danish/security/2010/dsa-2053.wml delete mode 100644 danish/security/2010/dsa-2054.wml delete mode 100644 danish/security/2010/dsa-2055.wml delete mode 100644 danish/security/2010/dsa-2056.wml delete mode 100644 danish/security/2010/dsa-2057.wml delete mode 100644 danish/security/2010/dsa-2058.wml delete mode 100644 danish/security/2010/dsa-2059.wml delete mode 100644 danish/security/2010/dsa-2060.wml delete mode 100644 danish/security/2010/dsa-2061.wml delete mode 100644 danish/security/2010/dsa-2062.wml delete mode 100644 danish/security/2010/dsa-2063.wml delete mode 100644 danish/security/2010/dsa-2064.wml delete mode 100644 danish/security/2010/dsa-2065.wml delete mode 100644 danish/security/2010/dsa-2066.wml delete mode 100644 danish/security/2010/dsa-2067.wml delete mode 100644 danish/security/2010/dsa-2068.wml delete mode 100644 danish/security/2010/dsa-2069.wml delete mode 100644 danish/security/2010/dsa-2070.wml delete mode 100644 danish/security/2010/dsa-2071.wml delete mode 100644 danish/security/2010/dsa-2072.wml delete mode 100644 danish/security/2010/dsa-2073.wml delete mode 100644 danish/security/2010/dsa-2074.wml delete mode 100644 danish/security/2010/dsa-2075.wml delete mode 100644 danish/security/2010/dsa-2076.wml delete mode 100644 danish/security/2010/dsa-2077.wml delete mode 100644 danish/security/2010/dsa-2078.wml delete mode 100644 danish/security/2010/dsa-2079.wml delete mode 100644 danish/security/2010/dsa-2080.wml delete mode 100644 danish/security/2010/dsa-2081.wml delete mode 100644 danish/security/2010/dsa-2082.wml delete mode 100644 danish/security/2010/dsa-2083.wml delete mode 100644 danish/security/2010/dsa-2084.wml delete mode 100644 danish/security/2010/dsa-2085.wml delete mode 100644 danish/security/2010/dsa-2086.wml delete mode 100644 danish/security/2010/dsa-2087.wml delete mode 100644 danish/security/2010/dsa-2088.wml delete mode 100644 danish/security/2010/dsa-2089.wml delete mode 100644 danish/security/2010/dsa-2090.wml delete mode 100644 danish/security/2010/dsa-2091.wml delete mode 100644 danish/security/2010/dsa-2092.wml delete mode 100644 danish/security/2010/dsa-2093.wml delete mode 100644 danish/security/2010/dsa-2094.wml delete mode 100644 danish/security/2010/dsa-2095.wml delete mode 100644 danish/security/2010/dsa-2096.wml delete mode 100644 danish/security/2010/dsa-2097.wml delete mode 100644 danish/security/2010/dsa-2098.wml delete mode 100644 danish/security/2010/dsa-2099.wml delete mode 100644 danish/security/2010/dsa-2100.wml delete mode 100644 danish/security/2010/dsa-2101.wml delete mode 100644 danish/security/2010/dsa-2102.wml delete mode 100644 danish/security/2010/dsa-2103.wml delete mode 100644 danish/security/2010/dsa-2104.wml delete mode 100644 danish/security/2010/dsa-2105.wml delete mode 100644 danish/security/2010/dsa-2106.wml delete mode 100644 danish/security/2010/dsa-2107.wml delete mode 100644 danish/security/2010/dsa-2108.wml delete mode 100644 danish/security/2010/dsa-2109.wml delete mode 100644 danish/security/2010/dsa-2110.wml delete mode 100644 danish/security/2010/dsa-2111.wml delete mode 100644 danish/security/2010/dsa-2112.wml delete mode 100644 danish/security/2010/dsa-2113.wml delete mode 100644 danish/security/2010/dsa-2114.wml delete mode 100644 danish/security/2010/dsa-2115.wml delete mode 100644 danish/security/2010/dsa-2116.wml delete mode 100644 danish/security/2010/dsa-2117.wml delete mode 100644 danish/security/2010/dsa-2118.wml delete mode 100644 danish/security/2010/dsa-2119.wml delete mode 100644 danish/security/2010/dsa-2120.wml delete mode 100644 danish/security/2010/dsa-2121.wml delete mode 100644 danish/security/2010/dsa-2122.wml delete mode 100644 danish/security/2010/dsa-2123.wml delete mode 100644 danish/security/2010/dsa-2124.wml delete mode 100644 danish/security/2010/dsa-2125.wml delete mode 100644 danish/security/2010/dsa-2126.wml delete mode 100644 danish/security/2010/dsa-2127.wml delete mode 100644 danish/security/2010/dsa-2128.wml delete mode 100644 danish/security/2010/dsa-2129.wml delete mode 100644 danish/security/2010/dsa-2130.wml delete mode 100644 danish/security/2010/dsa-2131.wml delete mode 100644 danish/security/2010/dsa-2132.wml delete mode 100644 danish/security/2010/dsa-2133.wml delete mode 100644 danish/security/2010/dsa-2134.wml delete mode 100644 danish/security/2010/dsa-2135.wml delete mode 100644 danish/security/2010/dsa-2136.wml delete mode 100644 danish/security/2010/dsa-2137.wml delete mode 100644 danish/security/2010/dsa-2138.wml delete mode 100644 danish/security/2010/dsa-2139.wml delete mode 100644 danish/security/2010/index.wml delete mode 100644 danish/security/2011/Makefile delete mode 100644 danish/security/2011/dsa-2140.wml delete mode 100644 danish/security/2011/dsa-2141.wml delete mode 100644 danish/security/2011/dsa-2142.wml delete mode 100644 danish/security/2011/dsa-2143.wml delete mode 100644 danish/security/2011/dsa-2144.wml delete mode 100644 danish/security/2011/dsa-2145.wml delete mode 100644 danish/security/2011/dsa-2146.wml delete mode 100644 danish/security/2011/dsa-2147.wml delete mode 100644 danish/security/2011/dsa-2148.wml delete mode 100644 danish/security/2011/dsa-2149.wml delete mode 100644 danish/security/2011/dsa-2150.wml delete mode 100644 danish/security/2011/dsa-2151.wml delete mode 100644 danish/security/2011/dsa-2152.wml delete mode 100644 danish/security/2011/dsa-2153.wml delete mode 100644 danish/security/2011/dsa-2154.wml delete mode 100644 danish/security/2011/dsa-2155.wml delete mode 100644 danish/security/2011/dsa-2156.wml delete mode 100644 danish/security/2011/dsa-2157.wml delete mode 100644 danish/security/2011/dsa-2158.wml delete mode 100644 danish/security/2011/dsa-2159.wml delete mode 100644 danish/security/2011/dsa-2160.wml delete mode 100644 danish/security/2011/dsa-2161.wml delete mode 100644 danish/security/2011/dsa-2162.wml delete mode 100644 danish/security/2011/dsa-2163.wml delete mode 100644 danish/security/2011/dsa-2164.wml delete mode 100644 danish/security/2011/dsa-2165.wml delete mode 100644 danish/security/2011/dsa-2166.wml delete mode 100644 danish/security/2011/dsa-2167.wml delete mode 100644 danish/security/2011/dsa-2168.wml delete mode 100644 danish/security/2011/dsa-2169.wml delete mode 100644 danish/security/2011/dsa-2170.wml delete mode 100644 danish/security/2011/dsa-2171.wml delete mode 100644 danish/security/2011/dsa-2172.wml delete mode 100644 danish/security/2011/dsa-2173.wml delete mode 100644 danish/security/2011/dsa-2174.wml delete mode 100644 danish/security/2011/dsa-2175.wml delete mode 100644 danish/security/2011/dsa-2176.wml delete mode 100644 danish/security/2011/dsa-2177.wml delete mode 100644 danish/security/2011/dsa-2178.wml delete mode 100644 danish/security/2011/dsa-2179.wml delete mode 100644 danish/security/2011/dsa-2180.wml delete mode 100644 danish/security/2011/dsa-2181.wml delete mode 100644 danish/security/2011/dsa-2182.wml delete mode 100644 danish/security/2011/dsa-2183.wml delete mode 100644 danish/security/2011/dsa-2184.wml delete mode 100644 danish/security/2011/dsa-2185.wml delete mode 100644 danish/security/2011/dsa-2186.wml delete mode 100644 danish/security/2011/dsa-2187.wml delete mode 100644 danish/security/2011/dsa-2188.wml delete mode 100644 danish/security/2011/dsa-2189.wml delete mode 100644 danish/security/2011/dsa-2190.wml delete mode 100644 danish/security/2011/dsa-2191.wml delete mode 100644 danish/security/2011/dsa-2192.wml delete mode 100644 danish/security/2011/dsa-2193.wml delete mode 100644 danish/security/2011/dsa-2194.wml delete mode 100644 danish/security/2011/dsa-2195.wml delete mode 100644 danish/security/2011/dsa-2196.wml delete mode 100644 danish/security/2011/dsa-2197.wml delete mode 100644 danish/security/2011/dsa-2198.wml delete mode 100644 danish/security/2011/dsa-2199.wml delete mode 100644 danish/security/2011/dsa-2200.wml delete mode 100644 danish/security/2011/dsa-2201.wml delete mode 100644 danish/security/2011/dsa-2202.wml delete mode 100644 danish/security/2011/dsa-2203.wml delete mode 100644 danish/security/2011/dsa-2204.wml delete mode 100644 danish/security/2011/dsa-2205.wml delete mode 100644 danish/security/2011/dsa-2206.wml delete mode 100644 danish/security/2011/dsa-2207.wml delete mode 100644 danish/security/2011/dsa-2208.wml delete mode 100644 danish/security/2011/dsa-2209.wml delete mode 100644 danish/security/2011/dsa-2210.wml delete mode 100644 danish/security/2011/dsa-2211.wml delete mode 100644 danish/security/2011/dsa-2212.wml delete mode 100644 danish/security/2011/dsa-2213.wml delete mode 100644 danish/security/2011/dsa-2214.wml delete mode 100644 danish/security/2011/dsa-2215.wml delete mode 100644 danish/security/2011/dsa-2216.wml delete mode 100644 danish/security/2011/dsa-2217.wml delete mode 100644 danish/security/2011/dsa-2218.wml delete mode 100644 danish/security/2011/dsa-2219.wml delete mode 100644 danish/security/2011/dsa-2220.wml delete mode 100644 danish/security/2011/dsa-2221.wml delete mode 100644 danish/security/2011/dsa-2222.wml delete mode 100644 danish/security/2011/dsa-2223.wml delete mode 100644 danish/security/2011/dsa-2224.wml delete mode 100644 danish/security/2011/dsa-2225.wml delete mode 100644 danish/security/2011/dsa-2226.wml delete mode 100644 danish/security/2011/dsa-2227.wml delete mode 100644 danish/security/2011/dsa-2228.wml delete mode 100644 danish/security/2011/dsa-2229.wml delete mode 100644 danish/security/2011/dsa-2230.wml delete mode 100644 danish/security/2011/dsa-2231.wml delete mode 100644 danish/security/2011/dsa-2232.wml delete mode 100644 danish/security/2011/dsa-2233.wml delete mode 100644 danish/security/2011/dsa-2234.wml delete mode 100644 danish/security/2011/dsa-2235.wml delete mode 100644 danish/security/2011/dsa-2236.wml delete mode 100644 danish/security/2011/dsa-2237.wml delete mode 100644 danish/security/2011/dsa-2238.wml delete mode 100644 danish/security/2011/dsa-2239.wml delete mode 100644 danish/security/2011/dsa-2240.wml delete mode 100644 danish/security/2011/dsa-2241.wml delete mode 100644 danish/security/2011/dsa-2242.wml delete mode 100644 danish/security/2011/dsa-2243.wml delete mode 100644 danish/security/2011/dsa-2244.wml delete mode 100644 danish/security/2011/dsa-2245.wml delete mode 100644 danish/security/2011/dsa-2246.wml delete mode 100644 danish/security/2011/dsa-2247.wml delete mode 100644 danish/security/2011/dsa-2248.wml delete mode 100644 danish/security/2011/dsa-2249.wml delete mode 100644 danish/security/2011/dsa-2250.wml delete mode 100644 danish/security/2011/dsa-2251.wml delete mode 100644 danish/security/2011/dsa-2252.wml delete mode 100644 danish/security/2011/dsa-2253.wml delete mode 100644 danish/security/2011/dsa-2254.wml delete mode 100644 danish/security/2011/dsa-2255.wml delete mode 100644 danish/security/2011/dsa-2256.wml delete mode 100644 danish/security/2011/dsa-2257.wml delete mode 100644 danish/security/2011/dsa-2258.wml delete mode 100644 danish/security/2011/dsa-2259.wml delete mode 100644 danish/security/2011/dsa-2260.wml delete mode 100644 danish/security/2011/dsa-2261.wml delete mode 100644 danish/security/2011/dsa-2262.wml delete mode 100644 danish/security/2011/dsa-2263.wml delete mode 100644 danish/security/2011/dsa-2264.wml delete mode 100644 danish/security/2011/dsa-2265.wml delete mode 100644 danish/security/2011/dsa-2266.wml delete mode 100644 danish/security/2011/dsa-2267.wml delete mode 100644 danish/security/2011/dsa-2268.wml delete mode 100644 danish/security/2011/dsa-2269.wml delete mode 100644 danish/security/2011/dsa-2270.wml delete mode 100644 danish/security/2011/dsa-2271.wml delete mode 100644 danish/security/2011/dsa-2272.wml delete mode 100644 danish/security/2011/dsa-2273.wml delete mode 100644 danish/security/2011/dsa-2274.wml delete mode 100644 danish/security/2011/dsa-2275.wml delete mode 100644 danish/security/2011/dsa-2276.wml delete mode 100644 danish/security/2011/dsa-2277.wml delete mode 100644 danish/security/2011/dsa-2278.wml delete mode 100644 danish/security/2011/dsa-2279.wml delete mode 100644 danish/security/2011/dsa-2280.wml delete mode 100644 danish/security/2011/dsa-2281.wml delete mode 100644 danish/security/2011/dsa-2282.wml delete mode 100644 danish/security/2011/dsa-2283.wml delete mode 100644 danish/security/2011/dsa-2284.wml delete mode 100644 danish/security/2011/dsa-2285.wml delete mode 100644 danish/security/2011/dsa-2286.wml delete mode 100644 danish/security/2011/dsa-2287.wml delete mode 100644 danish/security/2011/dsa-2288.wml delete mode 100644 danish/security/2011/dsa-2289.wml delete mode 100644 danish/security/2011/dsa-2290.wml delete mode 100644 danish/security/2011/dsa-2291.wml delete mode 100644 danish/security/2011/dsa-2292.wml delete mode 100644 danish/security/2011/dsa-2293.wml delete mode 100644 danish/security/2011/dsa-2294.wml delete mode 100644 danish/security/2011/dsa-2295.wml delete mode 100644 danish/security/2011/dsa-2296.wml delete mode 100644 danish/security/2011/dsa-2297.wml delete mode 100644 danish/security/2011/dsa-2298.wml delete mode 100644 danish/security/2011/dsa-2299.wml delete mode 100644 danish/security/2011/dsa-2300.wml delete mode 100644 danish/security/2011/dsa-2301.wml delete mode 100644 danish/security/2011/dsa-2302.wml delete mode 100644 danish/security/2011/dsa-2303.wml delete mode 100644 danish/security/2011/dsa-2304.wml delete mode 100644 danish/security/2011/dsa-2305.wml delete mode 100644 danish/security/2011/dsa-2306.wml delete mode 100644 danish/security/2011/dsa-2307.wml delete mode 100644 danish/security/2011/dsa-2308.wml delete mode 100644 danish/security/2011/dsa-2309.wml delete mode 100644 danish/security/2011/dsa-2310.wml delete mode 100644 danish/security/2011/dsa-2311.wml delete mode 100644 danish/security/2011/dsa-2312.wml delete mode 100644 danish/security/2011/dsa-2313.wml delete mode 100644 danish/security/2011/dsa-2314.wml delete mode 100644 danish/security/2011/dsa-2315.wml delete mode 100644 danish/security/2011/dsa-2316.wml delete mode 100644 danish/security/2011/dsa-2317.wml delete mode 100644 danish/security/2011/dsa-2318.wml delete mode 100644 danish/security/2011/dsa-2319.wml delete mode 100644 danish/security/2011/dsa-2320.wml delete mode 100644 danish/security/2011/dsa-2321.wml delete mode 100644 danish/security/2011/dsa-2322.wml delete mode 100644 danish/security/2011/dsa-2323.wml delete mode 100644 danish/security/2011/dsa-2324.wml delete mode 100644 danish/security/2011/dsa-2325.wml delete mode 100644 danish/security/2011/dsa-2326.wml delete mode 100644 danish/security/2011/dsa-2327.wml delete mode 100644 danish/security/2011/dsa-2328.wml delete mode 100644 danish/security/2011/dsa-2329.wml delete mode 100644 danish/security/2011/dsa-2330.wml delete mode 100644 danish/security/2011/dsa-2331.wml delete mode 100644 danish/security/2011/dsa-2332.wml delete mode 100644 danish/security/2011/dsa-2333.wml delete mode 100644 danish/security/2011/dsa-2334.wml delete mode 100644 danish/security/2011/dsa-2335.wml delete mode 100644 danish/security/2011/dsa-2336.wml delete mode 100644 danish/security/2011/dsa-2337.wml delete mode 100644 danish/security/2011/dsa-2338.wml delete mode 100644 danish/security/2011/dsa-2339.wml delete mode 100644 danish/security/2011/dsa-2340.wml delete mode 100644 danish/security/2011/dsa-2341.wml delete mode 100644 danish/security/2011/dsa-2342.wml delete mode 100644 danish/security/2011/dsa-2343.wml delete mode 100644 danish/security/2011/dsa-2344.wml delete mode 100644 danish/security/2011/dsa-2345.wml delete mode 100644 danish/security/2011/dsa-2346.wml delete mode 100644 danish/security/2011/dsa-2347.wml delete mode 100644 danish/security/2011/dsa-2348.wml delete mode 100644 danish/security/2011/dsa-2349.wml delete mode 100644 danish/security/2011/dsa-2350.wml delete mode 100644 danish/security/2011/dsa-2351.wml delete mode 100644 danish/security/2011/dsa-2352.wml delete mode 100644 danish/security/2011/dsa-2353.wml delete mode 100644 danish/security/2011/dsa-2354.wml delete mode 100644 danish/security/2011/dsa-2355.wml delete mode 100644 danish/security/2011/dsa-2356.wml delete mode 100644 danish/security/2011/dsa-2357.wml delete mode 100644 danish/security/2011/dsa-2358.wml delete mode 100644 danish/security/2011/dsa-2359.wml delete mode 100644 danish/security/2011/dsa-2361.wml delete mode 100644 danish/security/2011/dsa-2362.wml delete mode 100644 danish/security/2011/dsa-2363.wml delete mode 100644 danish/security/2011/dsa-2364.wml delete mode 100644 danish/security/2011/dsa-2365.wml delete mode 100644 danish/security/2011/dsa-2366.wml delete mode 100644 danish/security/2011/dsa-2367.wml delete mode 100644 danish/security/2011/dsa-2368.wml delete mode 100644 danish/security/2011/dsa-2369.wml delete mode 100644 danish/security/2011/dsa-2370.wml delete mode 100644 danish/security/2011/dsa-2371.wml delete mode 100644 danish/security/2011/dsa-2372.wml delete mode 100644 danish/security/2011/dsa-2373.wml delete mode 100644 danish/security/2011/dsa-2374.wml delete mode 100644 danish/security/2011/dsa-2375.wml delete mode 100644 danish/security/2011/dsa-2376.wml delete mode 100644 danish/security/2011/index.wml delete mode 100644 danish/security/2012/Makefile delete mode 100644 danish/security/2012/dsa-2377.wml delete mode 100644 danish/security/2012/dsa-2378.wml delete mode 100644 danish/security/2012/dsa-2379.wml delete mode 100644 danish/security/2012/dsa-2380.wml delete mode 100644 danish/security/2012/dsa-2381.wml delete mode 100644 danish/security/2012/dsa-2382.wml delete mode 100644 danish/security/2012/dsa-2383.wml delete mode 100644 danish/security/2012/dsa-2384.wml delete mode 100644 danish/security/2012/dsa-2385.wml delete mode 100644 danish/security/2012/dsa-2386.wml delete mode 100644 danish/security/2012/dsa-2387.wml delete mode 100644 danish/security/2012/dsa-2388.wml delete mode 100644 danish/security/2012/dsa-2389.wml delete mode 100644 danish/security/2012/dsa-2390.wml delete mode 100644 danish/security/2012/dsa-2391.wml delete mode 100644 danish/security/2012/dsa-2392.wml delete mode 100644 danish/security/2012/dsa-2393.wml delete mode 100644 danish/security/2012/dsa-2394.wml delete mode 100644 danish/security/2012/dsa-2395.wml delete mode 100644 danish/security/2012/dsa-2396.wml delete mode 100644 danish/security/2012/dsa-2397.wml delete mode 100644 danish/security/2012/dsa-2398.wml delete mode 100644 danish/security/2012/dsa-2399.wml delete mode 100644 danish/security/2012/dsa-2400.wml delete mode 100644 danish/security/2012/dsa-2401.wml delete mode 100644 danish/security/2012/dsa-2402.wml delete mode 100644 danish/security/2012/dsa-2403.wml delete mode 100644 danish/security/2012/dsa-2404.wml delete mode 100644 danish/security/2012/dsa-2405.wml delete mode 100644 danish/security/2012/dsa-2406.wml delete mode 100644 danish/security/2012/dsa-2407.wml delete mode 100644 danish/security/2012/dsa-2408.wml delete mode 100644 danish/security/2012/dsa-2409.wml delete mode 100644 danish/security/2012/dsa-2410.wml delete mode 100644 danish/security/2012/dsa-2411.wml delete mode 100644 danish/security/2012/dsa-2412.wml delete mode 100644 danish/security/2012/dsa-2413.wml delete mode 100644 danish/security/2012/dsa-2414.wml delete mode 100644 danish/security/2012/dsa-2415.wml delete mode 100644 danish/security/2012/dsa-2416.wml delete mode 100644 danish/security/2012/dsa-2417.wml delete mode 100644 danish/security/2012/dsa-2418.wml delete mode 100644 danish/security/2012/dsa-2419.wml delete mode 100644 danish/security/2012/dsa-2420.wml delete mode 100644 danish/security/2012/dsa-2421.wml delete mode 100644 danish/security/2012/dsa-2422.wml delete mode 100644 danish/security/2012/dsa-2423.wml delete mode 100644 danish/security/2012/dsa-2424.wml delete mode 100644 danish/security/2012/dsa-2425.wml delete mode 100644 danish/security/2012/dsa-2426.wml delete mode 100644 danish/security/2012/dsa-2427.wml delete mode 100644 danish/security/2012/dsa-2428.wml delete mode 100644 danish/security/2012/dsa-2429.wml delete mode 100644 danish/security/2012/dsa-2430.wml delete mode 100644 danish/security/2012/dsa-2431.wml delete mode 100644 danish/security/2012/dsa-2432.wml delete mode 100644 danish/security/2012/dsa-2433.wml delete mode 100644 danish/security/2012/dsa-2434.wml delete mode 100644 danish/security/2012/dsa-2435.wml delete mode 100644 danish/security/2012/dsa-2436.wml delete mode 100644 danish/security/2012/dsa-2437.wml delete mode 100644 danish/security/2012/dsa-2438.wml delete mode 100644 danish/security/2012/dsa-2439.wml delete mode 100644 danish/security/2012/dsa-2440.wml delete mode 100644 danish/security/2012/dsa-2441.wml delete mode 100644 danish/security/2012/dsa-2442.wml delete mode 100644 danish/security/2012/dsa-2443.wml delete mode 100644 danish/security/2012/dsa-2444.wml delete mode 100644 danish/security/2012/dsa-2445.wml delete mode 100644 danish/security/2012/dsa-2446.wml delete mode 100644 danish/security/2012/dsa-2447.wml delete mode 100644 danish/security/2012/dsa-2448.wml delete mode 100644 danish/security/2012/dsa-2449.wml delete mode 100644 danish/security/2012/dsa-2450.wml delete mode 100644 danish/security/2012/dsa-2451.wml delete mode 100644 danish/security/2012/dsa-2452.wml delete mode 100644 danish/security/2012/dsa-2453.wml delete mode 100644 danish/security/2012/dsa-2454.wml delete mode 100644 danish/security/2012/dsa-2455.wml delete mode 100644 danish/security/2012/dsa-2456.wml delete mode 100644 danish/security/2012/dsa-2457.wml delete mode 100644 danish/security/2012/dsa-2458.wml delete mode 100644 danish/security/2012/dsa-2459.wml delete mode 100644 danish/security/2012/dsa-2460.wml delete mode 100644 danish/security/2012/dsa-2461.wml delete mode 100644 danish/security/2012/dsa-2462.wml delete mode 100644 danish/security/2012/dsa-2463.wml delete mode 100644 danish/security/2012/dsa-2464.wml delete mode 100644 danish/security/2012/dsa-2465.wml delete mode 100644 danish/security/2012/dsa-2466.wml delete mode 100644 danish/security/2012/dsa-2467.wml delete mode 100644 danish/security/2012/dsa-2468.wml delete mode 100644 danish/security/2012/dsa-2469.wml delete mode 100644 danish/security/2012/dsa-2470.wml delete mode 100644 danish/security/2012/dsa-2471.wml delete mode 100644 danish/security/2012/dsa-2472.wml delete mode 100644 danish/security/2012/dsa-2473.wml delete mode 100644 danish/security/2012/dsa-2474.wml delete mode 100644 danish/security/2012/dsa-2475.wml delete mode 100644 danish/security/2012/dsa-2476.wml delete mode 100644 danish/security/2012/dsa-2477.wml delete mode 100644 danish/security/2012/dsa-2478.wml delete mode 100644 danish/security/2012/dsa-2479.wml delete mode 100644 danish/security/2012/dsa-2480.wml delete mode 100644 danish/security/2012/dsa-2481.wml delete mode 100644 danish/security/2012/dsa-2482.wml delete mode 100644 danish/security/2012/dsa-2483.wml delete mode 100644 danish/security/2012/dsa-2484.wml delete mode 100644 danish/security/2012/dsa-2485.wml delete mode 100644 danish/security/2012/dsa-2486.wml delete mode 100644 danish/security/2012/dsa-2487.wml delete mode 100644 danish/security/2012/dsa-2488.wml delete mode 100644 danish/security/2012/dsa-2489.wml delete mode 100644 danish/security/2012/dsa-2490.wml delete mode 100644 danish/security/2012/dsa-2491.wml delete mode 100644 danish/security/2012/dsa-2492.wml delete mode 100644 danish/security/2012/dsa-2493.wml delete mode 100644 danish/security/2012/dsa-2494.wml delete mode 100644 danish/security/2012/dsa-2495.wml delete mode 100644 danish/security/2012/dsa-2496.wml delete mode 100644 danish/security/2012/dsa-2497.wml delete mode 100644 danish/security/2012/dsa-2498.wml delete mode 100644 danish/security/2012/dsa-2499.wml delete mode 100644 danish/security/2012/dsa-2500.wml delete mode 100644 danish/security/2012/dsa-2501.wml delete mode 100644 danish/security/2012/dsa-2502.wml delete mode 100644 danish/security/2012/dsa-2503.wml delete mode 100644 danish/security/2012/dsa-2504.wml delete mode 100644 danish/security/2012/dsa-2505.wml delete mode 100644 danish/security/2012/dsa-2506.wml delete mode 100644 danish/security/2012/dsa-2507.wml delete mode 100644 danish/security/2012/dsa-2508.wml delete mode 100644 danish/security/2012/dsa-2509.wml delete mode 100644 danish/security/2012/dsa-2510.wml delete mode 100644 danish/security/2012/dsa-2511.wml delete mode 100644 danish/security/2012/dsa-2512.wml delete mode 100644 danish/security/2012/dsa-2513.wml delete mode 100644 danish/security/2012/dsa-2514.wml delete mode 100644 danish/security/2012/dsa-2515.wml delete mode 100644 danish/security/2012/dsa-2516.wml delete mode 100644 danish/security/2012/dsa-2517.wml delete mode 100644 danish/security/2012/dsa-2518.wml delete mode 100644 danish/security/2012/dsa-2519.wml delete mode 100644 danish/security/2012/dsa-2520.wml delete mode 100644 danish/security/2012/dsa-2521.wml delete mode 100644 danish/security/2012/dsa-2522.wml delete mode 100644 danish/security/2012/dsa-2523.wml delete mode 100644 danish/security/2012/dsa-2524.wml delete mode 100644 danish/security/2012/dsa-2525.wml delete mode 100644 danish/security/2012/dsa-2526.wml delete mode 100644 danish/security/2012/dsa-2527.wml delete mode 100644 danish/security/2012/dsa-2528.wml delete mode 100644 danish/security/2012/dsa-2529.wml delete mode 100644 danish/security/2012/dsa-2530.wml delete mode 100644 danish/security/2012/dsa-2531.wml delete mode 100644 danish/security/2012/dsa-2532.wml delete mode 100644 danish/security/2012/dsa-2533.wml delete mode 100644 danish/security/2012/dsa-2534.wml delete mode 100644 danish/security/2012/dsa-2535.wml delete mode 100644 danish/security/2012/dsa-2536.wml delete mode 100644 danish/security/2012/dsa-2537.wml delete mode 100644 danish/security/2012/dsa-2538.wml delete mode 100644 danish/security/2012/dsa-2539.wml delete mode 100644 danish/security/2012/dsa-2540.wml delete mode 100644 danish/security/2012/dsa-2541.wml delete mode 100644 danish/security/2012/dsa-2542.wml delete mode 100644 danish/security/2012/dsa-2543.wml delete mode 100644 danish/security/2012/dsa-2544.wml delete mode 100644 danish/security/2012/dsa-2545.wml delete mode 100644 danish/security/2012/dsa-2546.wml delete mode 100644 danish/security/2012/dsa-2547.wml delete mode 100644 danish/security/2012/dsa-2548.wml delete mode 100644 danish/security/2012/dsa-2549.wml delete mode 100644 danish/security/2012/dsa-2550.wml delete mode 100644 danish/security/2012/dsa-2551.wml delete mode 100644 danish/security/2012/dsa-2552.wml delete mode 100644 danish/security/2012/dsa-2553.wml delete mode 100644 danish/security/2012/dsa-2554.wml delete mode 100644 danish/security/2012/dsa-2555.wml delete mode 100644 danish/security/2012/dsa-2556.wml delete mode 100644 danish/security/2012/dsa-2557.wml delete mode 100644 danish/security/2012/dsa-2558.wml delete mode 100644 danish/security/2012/dsa-2559.wml delete mode 100644 danish/security/2012/dsa-2560.wml delete mode 100644 danish/security/2012/dsa-2561.wml delete mode 100644 danish/security/2012/dsa-2562.wml delete mode 100644 danish/security/2012/dsa-2563.wml delete mode 100644 danish/security/2012/dsa-2564.wml delete mode 100644 danish/security/2012/dsa-2565.wml delete mode 100644 danish/security/2012/dsa-2566.wml delete mode 100644 danish/security/2012/dsa-2567.wml delete mode 100644 danish/security/2012/dsa-2568.wml delete mode 100644 danish/security/2012/dsa-2569.wml delete mode 100644 danish/security/2012/dsa-2570.wml delete mode 100644 danish/security/2012/dsa-2571.wml delete mode 100644 danish/security/2012/dsa-2572.wml delete mode 100644 danish/security/2012/dsa-2573.wml delete mode 100644 danish/security/2012/dsa-2574.wml delete mode 100644 danish/security/2012/dsa-2575.wml delete mode 100644 danish/security/2012/dsa-2576.wml delete mode 100644 danish/security/2012/dsa-2577.wml delete mode 100644 danish/security/2012/dsa-2578.wml delete mode 100644 danish/security/2012/dsa-2579.wml delete mode 100644 danish/security/2012/dsa-2580.wml delete mode 100644 danish/security/2012/dsa-2581.wml delete mode 100644 danish/security/2012/dsa-2582.wml delete mode 100644 danish/security/2012/dsa-2583.wml delete mode 100644 danish/security/2012/dsa-2584.wml delete mode 100644 danish/security/2012/dsa-2585.wml delete mode 100644 danish/security/2012/dsa-2586.wml delete mode 100644 danish/security/2012/dsa-2587.wml delete mode 100644 danish/security/2012/dsa-2588.wml delete mode 100644 danish/security/2012/dsa-2589.wml delete mode 100644 danish/security/2012/dsa-2590.wml delete mode 100644 danish/security/2012/dsa-2591.wml delete mode 100644 danish/security/2012/dsa-2592.wml delete mode 100644 danish/security/2012/dsa-2593.wml delete mode 100644 danish/security/2012/dsa-2594.wml delete mode 100644 danish/security/2012/dsa-2595.wml delete mode 100644 danish/security/2012/dsa-2596.wml delete mode 100644 danish/security/2012/index.wml delete mode 100644 danish/security/2013/Makefile delete mode 100644 danish/security/2013/dsa-2597.wml delete mode 100644 danish/security/2013/dsa-2598.wml delete mode 100644 danish/security/2013/dsa-2599.wml delete mode 100644 danish/security/2013/dsa-2600.wml delete mode 100644 danish/security/2013/dsa-2601.wml delete mode 100644 danish/security/2013/dsa-2602.wml delete mode 100644 danish/security/2013/dsa-2603.wml delete mode 100644 danish/security/2013/dsa-2604.wml delete mode 100644 danish/security/2013/dsa-2605.wml delete mode 100644 danish/security/2013/dsa-2606.wml delete mode 100644 danish/security/2013/dsa-2607.wml delete mode 100644 danish/security/2013/dsa-2608.wml delete mode 100644 danish/security/2013/dsa-2609.wml delete mode 100644 danish/security/2013/dsa-2610.wml delete mode 100644 danish/security/2013/dsa-2611.wml delete mode 100644 danish/security/2013/dsa-2612.wml delete mode 100644 danish/security/2013/dsa-2613.wml delete mode 100644 danish/security/2013/dsa-2614.wml delete mode 100644 danish/security/2013/dsa-2615.wml delete mode 100644 danish/security/2013/dsa-2616.wml delete mode 100644 danish/security/2013/dsa-2617.wml delete mode 100644 danish/security/2013/dsa-2618.wml delete mode 100644 danish/security/2013/dsa-2619.wml delete mode 100644 danish/security/2013/dsa-2620.wml delete mode 100644 danish/security/2013/dsa-2621.wml delete mode 100644 danish/security/2013/dsa-2622.wml delete mode 100644 danish/security/2013/dsa-2623.wml delete mode 100644 danish/security/2013/dsa-2624.wml delete mode 100644 danish/security/2013/dsa-2625.wml delete mode 100644 danish/security/2013/dsa-2626.wml delete mode 100644 danish/security/2013/dsa-2627.wml delete mode 100644 danish/security/2013/dsa-2628.wml delete mode 100644 danish/security/2013/dsa-2629.wml delete mode 100644 danish/security/2013/dsa-2630.wml delete mode 100644 danish/security/2013/dsa-2631.wml delete mode 100644 danish/security/2013/dsa-2632.wml delete mode 100644 danish/security/2013/dsa-2633.wml delete mode 100644 danish/security/2013/dsa-2634.wml delete mode 100644 danish/security/2013/dsa-2635.wml delete mode 100644 danish/security/2013/dsa-2636.wml delete mode 100644 danish/security/2013/dsa-2637.wml delete mode 100644 danish/security/2013/dsa-2638.wml delete mode 100644 danish/security/2013/dsa-2639.wml delete mode 100644 danish/security/2013/dsa-2640.wml delete mode 100644 danish/security/2013/dsa-2641.wml delete mode 100644 danish/security/2013/dsa-2642.wml delete mode 100644 danish/security/2013/dsa-2643.wml delete mode 100644 danish/security/2013/dsa-2644.wml delete mode 100644 danish/security/2013/dsa-2645.wml delete mode 100644 danish/security/2013/dsa-2646.wml delete mode 100644 danish/security/2013/dsa-2647.wml delete mode 100644 danish/security/2013/dsa-2648.wml delete mode 100644 danish/security/2013/dsa-2649.wml delete mode 100644 danish/security/2013/dsa-2650.wml delete mode 100644 danish/security/2013/dsa-2651.wml delete mode 100644 danish/security/2013/dsa-2652.wml delete mode 100644 danish/security/2013/dsa-2653.wml delete mode 100644 danish/security/2013/dsa-2654.wml delete mode 100644 danish/security/2013/dsa-2655.wml delete mode 100644 danish/security/2013/dsa-2656.wml delete mode 100644 danish/security/2013/dsa-2657.wml delete mode 100644 danish/security/2013/dsa-2658.wml delete mode 100644 danish/security/2013/dsa-2659.wml delete mode 100644 danish/security/2013/dsa-2660.wml delete mode 100644 danish/security/2013/dsa-2661.wml delete mode 100644 danish/security/2013/dsa-2662.wml delete mode 100644 danish/security/2013/dsa-2663.wml delete mode 100644 danish/security/2013/dsa-2664.wml delete mode 100644 danish/security/2013/dsa-2665.wml delete mode 100644 danish/security/2013/dsa-2666.wml delete mode 100644 danish/security/2013/dsa-2667.wml delete mode 100644 danish/security/2013/dsa-2668.wml delete mode 100644 danish/security/2013/dsa-2669.wml delete mode 100644 danish/security/2013/dsa-2670.wml delete mode 100644 danish/security/2013/dsa-2671.wml delete mode 100644 danish/security/2013/dsa-2672.wml delete mode 100644 danish/security/2013/dsa-2673.wml delete mode 100644 danish/security/2013/dsa-2674.wml delete mode 100644 danish/security/2013/dsa-2675.wml delete mode 100644 danish/security/2013/dsa-2676.wml delete mode 100644 danish/security/2013/dsa-2677.wml delete mode 100644 danish/security/2013/dsa-2678.wml delete mode 100644 danish/security/2013/dsa-2679.wml delete mode 100644 danish/security/2013/dsa-2680.wml delete mode 100644 danish/security/2013/dsa-2681.wml delete mode 100644 danish/security/2013/dsa-2682.wml delete mode 100644 danish/security/2013/dsa-2683.wml delete mode 100644 danish/security/2013/dsa-2684.wml delete mode 100644 danish/security/2013/dsa-2685.wml delete mode 100644 danish/security/2013/dsa-2686.wml delete mode 100644 danish/security/2013/dsa-2687.wml delete mode 100644 danish/security/2013/dsa-2688.wml delete mode 100644 danish/security/2013/dsa-2689.wml delete mode 100644 danish/security/2013/dsa-2690.wml delete mode 100644 danish/security/2013/dsa-2691.wml delete mode 100644 danish/security/2013/dsa-2692.wml delete mode 100644 danish/security/2013/dsa-2693.wml delete mode 100644 danish/security/2013/dsa-2694.wml delete mode 100644 danish/security/2013/dsa-2695.wml delete mode 100644 danish/security/2013/dsa-2696.wml delete mode 100644 danish/security/2013/dsa-2697.wml delete mode 100644 danish/security/2013/dsa-2698.wml delete mode 100644 danish/security/2013/dsa-2699.wml delete mode 100644 danish/security/2013/dsa-2700.wml delete mode 100644 danish/security/2013/dsa-2701.wml delete mode 100644 danish/security/2013/dsa-2702.wml delete mode 100644 danish/security/2013/dsa-2703.wml delete mode 100644 danish/security/2013/dsa-2704.wml delete mode 100644 danish/security/2013/dsa-2705.wml delete mode 100644 danish/security/2013/dsa-2706.wml delete mode 100644 danish/security/2013/dsa-2707.wml delete mode 100644 danish/security/2013/dsa-2708.wml delete mode 100644 danish/security/2013/dsa-2709.wml delete mode 100644 danish/security/2013/dsa-2710.wml delete mode 100644 danish/security/2013/dsa-2711.wml delete mode 100644 danish/security/2013/dsa-2712.wml delete mode 100644 danish/security/2013/dsa-2713.wml delete mode 100644 danish/security/2013/dsa-2714.wml delete mode 100644 danish/security/2013/dsa-2715.wml delete mode 100644 danish/security/2013/dsa-2716.wml delete mode 100644 danish/security/2013/dsa-2717.wml delete mode 100644 danish/security/2013/dsa-2718.wml delete mode 100644 danish/security/2013/dsa-2719.wml delete mode 100644 danish/security/2013/dsa-2720.wml delete mode 100644 danish/security/2013/dsa-2721.wml delete mode 100644 danish/security/2013/dsa-2722.wml delete mode 100644 danish/security/2013/dsa-2723.wml delete mode 100644 danish/security/2013/dsa-2724.wml delete mode 100644 danish/security/2013/dsa-2725.wml delete mode 100644 danish/security/2013/dsa-2726.wml delete mode 100644 danish/security/2013/dsa-2727.wml delete mode 100644 danish/security/2013/dsa-2728.wml delete mode 100644 danish/security/2013/dsa-2729.wml delete mode 100644 danish/security/2013/dsa-2730.wml delete mode 100644 danish/security/2013/dsa-2731.wml delete mode 100644 danish/security/2013/dsa-2732.wml delete mode 100644 danish/security/2013/dsa-2733.wml delete mode 100644 danish/security/2013/dsa-2734.wml delete mode 100644 danish/security/2013/dsa-2735.wml delete mode 100644 danish/security/2013/dsa-2736.wml delete mode 100644 danish/security/2013/dsa-2737.wml delete mode 100644 danish/security/2013/dsa-2738.wml delete mode 100644 danish/security/2013/dsa-2739.wml delete mode 100644 danish/security/2013/dsa-2740.wml delete mode 100644 danish/security/2013/dsa-2741.wml delete mode 100644 danish/security/2013/dsa-2742.wml delete mode 100644 danish/security/2013/dsa-2743.wml delete mode 100644 danish/security/2013/dsa-2744.wml delete mode 100644 danish/security/2013/dsa-2745.wml delete mode 100644 danish/security/2013/dsa-2746.wml delete mode 100644 danish/security/2013/dsa-2747.wml delete mode 100644 danish/security/2013/dsa-2748.wml delete mode 100644 danish/security/2013/dsa-2749.wml delete mode 100644 danish/security/2013/dsa-2750.wml delete mode 100644 danish/security/2013/dsa-2751.wml delete mode 100644 danish/security/2013/dsa-2752.wml delete mode 100644 danish/security/2013/dsa-2753.wml delete mode 100644 danish/security/2013/dsa-2754.wml delete mode 100644 danish/security/2013/dsa-2755.wml delete mode 100644 danish/security/2013/dsa-2756.wml delete mode 100644 danish/security/2013/dsa-2757.wml delete mode 100644 danish/security/2013/dsa-2758.wml delete mode 100644 danish/security/2013/dsa-2759.wml delete mode 100644 danish/security/2013/dsa-2760.wml delete mode 100644 danish/security/2013/dsa-2761.wml delete mode 100644 danish/security/2013/dsa-2762.wml delete mode 100644 danish/security/2013/dsa-2763.wml delete mode 100644 danish/security/2013/dsa-2764.wml delete mode 100644 danish/security/2013/dsa-2765.wml delete mode 100644 danish/security/2013/dsa-2766.wml delete mode 100644 danish/security/2013/dsa-2767.wml delete mode 100644 danish/security/2013/dsa-2768.wml delete mode 100644 danish/security/2013/dsa-2769.wml delete mode 100644 danish/security/2013/dsa-2770.wml delete mode 100644 danish/security/2013/dsa-2771.wml delete mode 100644 danish/security/2013/dsa-2772.wml delete mode 100644 danish/security/2013/dsa-2773.wml delete mode 100644 danish/security/2013/dsa-2774.wml delete mode 100644 danish/security/2013/dsa-2775.wml delete mode 100644 danish/security/2013/dsa-2776.wml delete mode 100644 danish/security/2013/dsa-2777.wml delete mode 100644 danish/security/2013/dsa-2778.wml delete mode 100644 danish/security/2013/dsa-2779.wml delete mode 100644 danish/security/2013/dsa-2780.wml delete mode 100644 danish/security/2013/dsa-2781.wml delete mode 100644 danish/security/2013/dsa-2782.wml delete mode 100644 danish/security/2013/dsa-2783.wml delete mode 100644 danish/security/2013/dsa-2784.wml delete mode 100644 danish/security/2013/dsa-2785.wml delete mode 100644 danish/security/2013/dsa-2786.wml delete mode 100644 danish/security/2013/dsa-2787.wml delete mode 100644 danish/security/2013/dsa-2788.wml delete mode 100644 danish/security/2013/dsa-2789.wml delete mode 100644 danish/security/2013/dsa-2790.wml delete mode 100644 danish/security/2013/dsa-2791.wml delete mode 100644 danish/security/2013/dsa-2792.wml delete mode 100644 danish/security/2013/dsa-2793.wml delete mode 100644 danish/security/2013/dsa-2794.wml delete mode 100644 danish/security/2013/dsa-2795.wml delete mode 100644 danish/security/2013/dsa-2796.wml delete mode 100644 danish/security/2013/dsa-2797.wml delete mode 100644 danish/security/2013/dsa-2798.wml delete mode 100644 danish/security/2013/dsa-2799.wml delete mode 100644 danish/security/2013/dsa-2800.wml delete mode 100644 danish/security/2013/dsa-2801.wml delete mode 100644 danish/security/2013/dsa-2802.wml delete mode 100644 danish/security/2013/dsa-2803.wml delete mode 100644 danish/security/2013/dsa-2804.wml delete mode 100644 danish/security/2013/dsa-2805.wml delete mode 100644 danish/security/2013/dsa-2806.wml delete mode 100644 danish/security/2013/dsa-2807.wml delete mode 100644 danish/security/2013/dsa-2808.wml delete mode 100644 danish/security/2013/dsa-2809.wml delete mode 100644 danish/security/2013/dsa-2810.wml delete mode 100644 danish/security/2013/dsa-2811.wml delete mode 100644 danish/security/2013/dsa-2812.wml delete mode 100644 danish/security/2013/dsa-2813.wml delete mode 100644 danish/security/2013/dsa-2814.wml delete mode 100644 danish/security/2013/dsa-2815.wml delete mode 100644 danish/security/2013/dsa-2816.wml delete mode 100644 danish/security/2013/dsa-2817.wml delete mode 100644 danish/security/2013/dsa-2818.wml delete mode 100644 danish/security/2013/dsa-2819.wml delete mode 100644 danish/security/2013/dsa-2820.wml delete mode 100644 danish/security/2013/dsa-2821.wml delete mode 100644 danish/security/2013/dsa-2822.wml delete mode 100644 danish/security/2013/dsa-2823.wml delete mode 100644 danish/security/2013/dsa-2824.wml delete mode 100644 danish/security/2013/dsa-2825.wml delete mode 100644 danish/security/2013/dsa-2826.wml delete mode 100644 danish/security/2013/dsa-2827.wml delete mode 100644 danish/security/2013/dsa-2828.wml delete mode 100644 danish/security/2013/dsa-2829.wml delete mode 100644 danish/security/2013/dsa-2830.wml delete mode 100644 danish/security/2013/dsa-2831.wml delete mode 100644 danish/security/2013/index.wml delete mode 100644 danish/security/2014/Makefile delete mode 100644 danish/security/2014/dsa-2832.wml delete mode 100644 danish/security/2014/dsa-2833.wml delete mode 100644 danish/security/2014/dsa-2834.wml delete mode 100644 danish/security/2014/dsa-2835.wml delete mode 100644 danish/security/2014/dsa-2836.wml delete mode 100644 danish/security/2014/dsa-2837.wml delete mode 100644 danish/security/2014/dsa-2838.wml delete mode 100644 danish/security/2014/dsa-2839.wml delete mode 100644 danish/security/2014/dsa-2840.wml delete mode 100644 danish/security/2014/dsa-2841.wml delete mode 100644 danish/security/2014/dsa-2842.wml delete mode 100644 danish/security/2014/dsa-2843.wml delete mode 100644 danish/security/2014/dsa-2844.wml delete mode 100644 danish/security/2014/dsa-2845.wml delete mode 100644 danish/security/2014/dsa-2846.wml delete mode 100644 danish/security/2014/dsa-2847.wml delete mode 100644 danish/security/2014/dsa-2848.wml delete mode 100644 danish/security/2014/dsa-2849.wml delete mode 100644 danish/security/2014/dsa-2850.wml delete mode 100644 danish/security/2014/dsa-2851.wml delete mode 100644 danish/security/2014/dsa-2852.wml delete mode 100644 danish/security/2014/dsa-2853.wml delete mode 100644 danish/security/2014/dsa-2854.wml delete mode 100644 danish/security/2014/dsa-2855.wml delete mode 100644 danish/security/2014/dsa-2856.wml delete mode 100644 danish/security/2014/dsa-2857.wml delete mode 100644 danish/security/2014/dsa-2858.wml delete mode 100644 danish/security/2014/dsa-2859.wml delete mode 100644 danish/security/2014/dsa-2860.wml delete mode 100644 danish/security/2014/dsa-2861.wml delete mode 100644 danish/security/2014/dsa-2862.wml delete mode 100644 danish/security/2014/dsa-2863.wml delete mode 100644 danish/security/2014/dsa-2864.wml delete mode 100644 danish/security/2014/dsa-2865.wml delete mode 100644 danish/security/2014/dsa-2866.wml delete mode 100644 danish/security/2014/dsa-2867.wml delete mode 100644 danish/security/2014/dsa-2868.wml delete mode 100644 danish/security/2014/dsa-2869.wml delete mode 100644 danish/security/2014/dsa-2870.wml delete mode 100644 danish/security/2014/dsa-2871.wml delete mode 100644 danish/security/2014/dsa-2872.wml delete mode 100644 danish/security/2014/dsa-2873.wml delete mode 100644 danish/security/2014/dsa-2874.wml delete mode 100644 danish/security/2014/dsa-2875.wml delete mode 100644 danish/security/2014/dsa-2876.wml delete mode 100644 danish/security/2014/dsa-2877.wml delete mode 100644 danish/security/2014/dsa-2878.wml delete mode 100644 danish/security/2014/dsa-2879.wml delete mode 100644 danish/security/2014/dsa-2880.wml delete mode 100644 danish/security/2014/dsa-2881.wml delete mode 100644 danish/security/2014/dsa-2882.wml delete mode 100644 danish/security/2014/dsa-2883.wml delete mode 100644 danish/security/2014/dsa-2884.wml delete mode 100644 danish/security/2014/dsa-2885.wml delete mode 100644 danish/security/2014/dsa-2886.wml delete mode 100644 danish/security/2014/dsa-2887.wml delete mode 100644 danish/security/2014/dsa-2888.wml delete mode 100644 danish/security/2014/dsa-2889.wml delete mode 100644 danish/security/2014/dsa-2890.wml delete mode 100644 danish/security/2014/dsa-2891.wml delete mode 100644 danish/security/2014/dsa-2892.wml delete mode 100644 danish/security/2014/dsa-2893.wml delete mode 100644 danish/security/2014/dsa-2894.wml delete mode 100644 danish/security/2014/dsa-2895.wml delete mode 100644 danish/security/2014/dsa-2896.wml delete mode 100644 danish/security/2014/dsa-2897.wml delete mode 100644 danish/security/2014/dsa-2898.wml delete mode 100644 danish/security/2014/dsa-2899.wml delete mode 100644 danish/security/2014/dsa-2900.wml delete mode 100644 danish/security/2014/dsa-2901.wml delete mode 100644 danish/security/2014/dsa-2902.wml delete mode 100644 danish/security/2014/dsa-2903.wml delete mode 100644 danish/security/2014/dsa-2904.wml delete mode 100644 danish/security/2014/dsa-2905.wml delete mode 100644 danish/security/2014/dsa-2906.wml delete mode 100644 danish/security/2014/dsa-2907.wml delete mode 100644 danish/security/2014/dsa-2908.wml delete mode 100644 danish/security/2014/dsa-2909.wml delete mode 100644 danish/security/2014/dsa-2910.wml delete mode 100644 danish/security/2014/dsa-2911.wml delete mode 100644 danish/security/2014/dsa-2912.wml delete mode 100644 danish/security/2014/dsa-2913.wml delete mode 100644 danish/security/2014/dsa-2914.wml delete mode 100644 danish/security/2014/dsa-2915.wml delete mode 100644 danish/security/2014/dsa-2916.wml delete mode 100644 danish/security/2014/dsa-2917.wml delete mode 100644 danish/security/2014/dsa-2918.wml delete mode 100644 danish/security/2014/dsa-2919.wml delete mode 100644 danish/security/2014/dsa-2920.wml delete mode 100644 danish/security/2014/dsa-2921.wml delete mode 100644 danish/security/2014/dsa-2922.wml delete mode 100644 danish/security/2014/dsa-2923.wml delete mode 100644 danish/security/2014/dsa-2924.wml delete mode 100644 danish/security/2014/dsa-2925.wml delete mode 100644 danish/security/2014/dsa-2926.wml delete mode 100644 danish/security/2014/dsa-2927.wml delete mode 100644 danish/security/2014/dsa-2928.wml delete mode 100644 danish/security/2014/dsa-2929.wml delete mode 100644 danish/security/2014/dsa-2930.wml delete mode 100644 danish/security/2014/dsa-2931.wml delete mode 100644 danish/security/2014/dsa-2932.wml delete mode 100644 danish/security/2014/dsa-2933.wml delete mode 100644 danish/security/2014/dsa-2934.wml delete mode 100644 danish/security/2014/dsa-2935.wml delete mode 100644 danish/security/2014/dsa-2936.wml delete mode 100644 danish/security/2014/dsa-2937.wml delete mode 100644 danish/security/2014/dsa-2938.wml delete mode 100644 danish/security/2014/dsa-2939.wml delete mode 100644 danish/security/2014/dsa-2940.wml delete mode 100644 danish/security/2014/dsa-2941.wml delete mode 100644 danish/security/2014/dsa-2942.wml delete mode 100644 danish/security/2014/dsa-2943.wml delete mode 100644 danish/security/2014/dsa-2944.wml delete mode 100644 danish/security/2014/dsa-2945.wml delete mode 100644 danish/security/2014/dsa-2946.wml delete mode 100644 danish/security/2014/dsa-2947.wml delete mode 100644 danish/security/2014/dsa-2948.wml delete mode 100644 danish/security/2014/dsa-2949.wml delete mode 100644 danish/security/2014/dsa-2950.wml delete mode 100644 danish/security/2014/dsa-2951.wml delete mode 100644 danish/security/2014/dsa-2952.wml delete mode 100644 danish/security/2014/dsa-2953.wml delete mode 100644 danish/security/2014/dsa-2954.wml delete mode 100644 danish/security/2014/dsa-2955.wml delete mode 100644 danish/security/2014/dsa-2956.wml delete mode 100644 danish/security/2014/dsa-2957.wml delete mode 100644 danish/security/2014/dsa-2958.wml delete mode 100644 danish/security/2014/dsa-2959.wml delete mode 100644 danish/security/2014/dsa-2960.wml delete mode 100644 danish/security/2014/dsa-2961.wml delete mode 100644 danish/security/2014/dsa-2962.wml delete mode 100644 danish/security/2014/dsa-2963.wml delete mode 100644 danish/security/2014/dsa-2964.wml delete mode 100644 danish/security/2014/dsa-2965.wml delete mode 100644 danish/security/2014/dsa-2966.wml delete mode 100644 danish/security/2014/dsa-2967.wml delete mode 100644 danish/security/2014/dsa-2968.wml delete mode 100644 danish/security/2014/dsa-2970.wml delete mode 100644 danish/security/2014/dsa-2971.wml delete mode 100644 danish/security/2014/dsa-2972.wml delete mode 100644 danish/security/2014/dsa-2973.wml delete mode 100644 danish/security/2014/dsa-2974.wml delete mode 100644 danish/security/2014/dsa-2975.wml delete mode 100644 danish/security/2014/dsa-2976.wml delete mode 100644 danish/security/2014/dsa-2977.wml delete mode 100644 danish/security/2014/dsa-2978.wml delete mode 100644 danish/security/2014/dsa-2979.wml delete mode 100644 danish/security/2014/dsa-2980.wml delete mode 100644 danish/security/2014/dsa-2981.wml delete mode 100644 danish/security/2014/dsa-2982.wml delete mode 100644 danish/security/2014/dsa-2983.wml delete mode 100644 danish/security/2014/dsa-2984.wml delete mode 100644 danish/security/2014/dsa-2985.wml delete mode 100644 danish/security/2014/dsa-2986.wml delete mode 100644 danish/security/2014/dsa-2987.wml delete mode 100644 danish/security/2014/dsa-2988.wml delete mode 100644 danish/security/2014/dsa-2989.wml delete mode 100644 danish/security/2014/dsa-2990.wml delete mode 100644 danish/security/2014/dsa-2991.wml delete mode 100644 danish/security/2014/dsa-2992.wml delete mode 100644 danish/security/2014/dsa-2993.wml delete mode 100644 danish/security/2014/dsa-2994.wml delete mode 100644 danish/security/2014/dsa-2995.wml delete mode 100644 danish/security/2014/dsa-2996.wml delete mode 100644 danish/security/2014/dsa-2997.wml delete mode 100644 danish/security/2014/dsa-2998.wml delete mode 100644 danish/security/2014/dsa-2999.wml delete mode 100644 danish/security/2014/dsa-3000.wml delete mode 100644 danish/security/2014/dsa-3001.wml delete mode 100644 danish/security/2014/dsa-3002.wml delete mode 100644 danish/security/2014/dsa-3003.wml delete mode 100644 danish/security/2014/dsa-3004.wml delete mode 100644 danish/security/2014/dsa-3005.wml delete mode 100644 danish/security/2014/dsa-3006.wml delete mode 100644 danish/security/2014/dsa-3007.wml delete mode 100644 danish/security/2014/dsa-3008.wml delete mode 100644 danish/security/2014/dsa-3009.wml delete mode 100644 danish/security/2014/dsa-3010.wml delete mode 100644 danish/security/2014/dsa-3011.wml delete mode 100644 danish/security/2014/dsa-3012.wml delete mode 100644 danish/security/2014/dsa-3013.wml delete mode 100644 danish/security/2014/dsa-3014.wml delete mode 100644 danish/security/2014/dsa-3015.wml delete mode 100644 danish/security/2014/dsa-3016.wml delete mode 100644 danish/security/2014/dsa-3017.wml delete mode 100644 danish/security/2014/dsa-3018.wml delete mode 100644 danish/security/2014/dsa-3019.wml delete mode 100644 danish/security/2014/dsa-3020.wml delete mode 100644 danish/security/2014/dsa-3021.wml delete mode 100644 danish/security/2014/dsa-3022.wml delete mode 100644 danish/security/2014/dsa-3023.wml delete mode 100644 danish/security/2014/dsa-3024.wml delete mode 100644 danish/security/2014/dsa-3025.wml delete mode 100644 danish/security/2014/dsa-3026.wml delete mode 100644 danish/security/2014/dsa-3027.wml delete mode 100644 danish/security/2014/dsa-3028.wml delete mode 100644 danish/security/2014/dsa-3029.wml delete mode 100644 danish/security/2014/dsa-3030.wml delete mode 100644 danish/security/2014/dsa-3031.wml delete mode 100644 danish/security/2014/dsa-3032.wml delete mode 100644 danish/security/2014/dsa-3033.wml delete mode 100644 danish/security/2014/dsa-3034.wml delete mode 100644 danish/security/2014/dsa-3035.wml delete mode 100644 danish/security/2014/dsa-3036.wml delete mode 100644 danish/security/2014/dsa-3037.wml delete mode 100644 danish/security/2014/dsa-3038.wml delete mode 100644 danish/security/2014/dsa-3039.wml delete mode 100644 danish/security/2014/dsa-3040.wml delete mode 100644 danish/security/2014/dsa-3041.wml delete mode 100644 danish/security/2014/dsa-3042.wml delete mode 100644 danish/security/2014/dsa-3044.wml delete mode 100644 danish/security/2014/dsa-3045.wml delete mode 100644 danish/security/2014/dsa-3046.wml delete mode 100644 danish/security/2014/dsa-3047.wml delete mode 100644 danish/security/2014/dsa-3048.wml delete mode 100644 danish/security/2014/dsa-3049.wml delete mode 100644 danish/security/2014/dsa-3050.wml delete mode 100644 danish/security/2014/dsa-3051.wml delete mode 100644 danish/security/2014/dsa-3052.wml delete mode 100644 danish/security/2014/dsa-3053.wml delete mode 100644 danish/security/2014/dsa-3054.wml delete mode 100644 danish/security/2014/dsa-3055.wml delete mode 100644 danish/security/2014/dsa-3056.wml delete mode 100644 danish/security/2014/dsa-3057.wml delete mode 100644 danish/security/2014/dsa-3058.wml delete mode 100644 danish/security/2014/dsa-3059.wml delete mode 100644 danish/security/2014/dsa-3060.wml delete mode 100644 danish/security/2014/dsa-3061.wml delete mode 100644 danish/security/2014/dsa-3062.wml delete mode 100644 danish/security/2014/dsa-3063.wml delete mode 100644 danish/security/2014/dsa-3064.wml delete mode 100644 danish/security/2014/dsa-3065.wml delete mode 100644 danish/security/2014/dsa-3066.wml delete mode 100644 danish/security/2014/dsa-3067.wml delete mode 100644 danish/security/2014/dsa-3068.wml delete mode 100644 danish/security/2014/dsa-3069.wml delete mode 100644 danish/security/2014/dsa-3070.wml delete mode 100644 danish/security/2014/dsa-3071.wml delete mode 100644 danish/security/2014/dsa-3072.wml delete mode 100644 danish/security/2014/dsa-3073.wml delete mode 100644 danish/security/2014/dsa-3074.wml delete mode 100644 danish/security/2014/dsa-3075.wml delete mode 100644 danish/security/2014/dsa-3076.wml delete mode 100644 danish/security/2014/dsa-3077.wml delete mode 100644 danish/security/2014/dsa-3078.wml delete mode 100644 danish/security/2014/dsa-3079.wml delete mode 100644 danish/security/2014/dsa-3080.wml delete mode 100644 danish/security/2014/dsa-3081.wml delete mode 100644 danish/security/2014/dsa-3082.wml delete mode 100644 danish/security/2014/dsa-3083.wml delete mode 100644 danish/security/2014/dsa-3084.wml delete mode 100644 danish/security/2014/dsa-3085.wml delete mode 100644 danish/security/2014/dsa-3086.wml delete mode 100644 danish/security/2014/dsa-3087.wml delete mode 100644 danish/security/2014/dsa-3088.wml delete mode 100644 danish/security/2014/dsa-3089.wml delete mode 100644 danish/security/2014/dsa-3090.wml delete mode 100644 danish/security/2014/dsa-3091.wml delete mode 100644 danish/security/2014/dsa-3092.wml delete mode 100644 danish/security/2014/dsa-3093.wml delete mode 100644 danish/security/2014/dsa-3094.wml delete mode 100644 danish/security/2014/dsa-3095.wml delete mode 100644 danish/security/2014/dsa-3096.wml delete mode 100644 danish/security/2014/dsa-3097.wml delete mode 100644 danish/security/2014/dsa-3098.wml delete mode 100644 danish/security/2014/dsa-3099.wml delete mode 100644 danish/security/2014/dsa-3100.wml delete mode 100644 danish/security/2014/dsa-3101.wml delete mode 100644 danish/security/2014/dsa-3102.wml delete mode 100644 danish/security/2014/dsa-3103.wml delete mode 100644 danish/security/2014/dsa-3104.wml delete mode 100644 danish/security/2014/dsa-3105.wml delete mode 100644 danish/security/2014/dsa-3106.wml delete mode 100644 danish/security/2014/dsa-3107.wml delete mode 100644 danish/security/2014/dsa-3108.wml delete mode 100644 danish/security/2014/dsa-3109.wml delete mode 100644 danish/security/2014/dsa-3110.wml delete mode 100644 danish/security/2014/dsa-3111.wml delete mode 100644 danish/security/2014/dsa-3112.wml delete mode 100644 danish/security/2014/dsa-3113.wml delete mode 100644 danish/security/2014/dsa-3114.wml delete mode 100644 danish/security/2014/dsa-3115.wml delete mode 100644 danish/security/2014/dsa-3116.wml delete mode 100644 danish/security/2014/dsa-3117.wml delete mode 100644 danish/security/2014/index.wml delete mode 100644 danish/security/2015/Makefile delete mode 100644 danish/security/2015/dsa-3118.wml delete mode 100644 danish/security/2015/dsa-3119.wml delete mode 100644 danish/security/2015/dsa-3120.wml delete mode 100644 danish/security/2015/dsa-3121.wml delete mode 100644 danish/security/2015/dsa-3122.wml delete mode 100644 danish/security/2015/dsa-3123.wml delete mode 100644 danish/security/2015/dsa-3124.wml delete mode 100644 danish/security/2015/dsa-3125.wml delete mode 100644 danish/security/2015/dsa-3126.wml delete mode 100644 danish/security/2015/dsa-3127.wml delete mode 100644 danish/security/2015/dsa-3128.wml delete mode 100644 danish/security/2015/dsa-3129.wml delete mode 100644 danish/security/2015/dsa-3130.wml delete mode 100644 danish/security/2015/dsa-3131.wml delete mode 100644 danish/security/2015/dsa-3132.wml delete mode 100644 danish/security/2015/dsa-3133.wml delete mode 100644 danish/security/2015/dsa-3134.wml delete mode 100644 danish/security/2015/dsa-3135.wml delete mode 100644 danish/security/2015/dsa-3136.wml delete mode 100644 danish/security/2015/dsa-3137.wml delete mode 100644 danish/security/2015/dsa-3138.wml delete mode 100644 danish/security/2015/dsa-3139.wml delete mode 100644 danish/security/2015/dsa-3140.wml delete mode 100644 danish/security/2015/dsa-3141.wml delete mode 100644 danish/security/2015/dsa-3142.wml delete mode 100644 danish/security/2015/dsa-3143.wml delete mode 100644 danish/security/2015/dsa-3144.wml delete mode 100644 danish/security/2015/dsa-3145.wml delete mode 100644 danish/security/2015/dsa-3146.wml delete mode 100644 danish/security/2015/dsa-3147.wml delete mode 100644 danish/security/2015/dsa-3148.wml delete mode 100644 danish/security/2015/dsa-3149.wml delete mode 100644 danish/security/2015/dsa-3150.wml delete mode 100644 danish/security/2015/dsa-3151.wml delete mode 100644 danish/security/2015/dsa-3152.wml delete mode 100644 danish/security/2015/dsa-3153.wml delete mode 100644 danish/security/2015/dsa-3154.wml delete mode 100644 danish/security/2015/dsa-3155.wml delete mode 100644 danish/security/2015/dsa-3157.wml delete mode 100644 danish/security/2015/dsa-3158.wml delete mode 100644 danish/security/2015/dsa-3159.wml delete mode 100644 danish/security/2015/dsa-3160.wml delete mode 100644 danish/security/2015/dsa-3161.wml delete mode 100644 danish/security/2015/dsa-3162.wml delete mode 100644 danish/security/2015/dsa-3163.wml delete mode 100644 danish/security/2015/dsa-3164.wml delete mode 100644 danish/security/2015/dsa-3165.wml delete mode 100644 danish/security/2015/dsa-3166.wml delete mode 100644 danish/security/2015/dsa-3167.wml delete mode 100644 danish/security/2015/dsa-3168.wml delete mode 100644 danish/security/2015/dsa-3169.wml delete mode 100644 danish/security/2015/dsa-3170.wml delete mode 100644 danish/security/2015/dsa-3171.wml delete mode 100644 danish/security/2015/dsa-3172.wml delete mode 100644 danish/security/2015/dsa-3173.wml delete mode 100644 danish/security/2015/dsa-3174.wml delete mode 100644 danish/security/2015/dsa-3175.wml delete mode 100644 danish/security/2015/dsa-3176.wml delete mode 100644 danish/security/2015/dsa-3177.wml delete mode 100644 danish/security/2015/dsa-3178.wml delete mode 100644 danish/security/2015/dsa-3179.wml delete mode 100644 danish/security/2015/dsa-3180.wml delete mode 100644 danish/security/2015/dsa-3181.wml delete mode 100644 danish/security/2015/dsa-3182.wml delete mode 100644 danish/security/2015/dsa-3183.wml delete mode 100644 danish/security/2015/dsa-3184.wml delete mode 100644 danish/security/2015/dsa-3185.wml delete mode 100644 danish/security/2015/dsa-3186.wml delete mode 100644 danish/security/2015/dsa-3187.wml delete mode 100644 danish/security/2015/dsa-3188.wml delete mode 100644 danish/security/2015/dsa-3189.wml delete mode 100644 danish/security/2015/dsa-3190.wml delete mode 100644 danish/security/2015/dsa-3191.wml delete mode 100644 danish/security/2015/dsa-3192.wml delete mode 100644 danish/security/2015/dsa-3193.wml delete mode 100644 danish/security/2015/dsa-3194.wml delete mode 100644 danish/security/2015/dsa-3195.wml delete mode 100644 danish/security/2015/dsa-3196.wml delete mode 100644 danish/security/2015/dsa-3197.wml delete mode 100644 danish/security/2015/dsa-3198.wml delete mode 100644 danish/security/2015/dsa-3199.wml delete mode 100644 danish/security/2015/dsa-3200.wml delete mode 100644 danish/security/2015/dsa-3201.wml delete mode 100644 danish/security/2015/dsa-3202.wml delete mode 100644 danish/security/2015/dsa-3203.wml delete mode 100644 danish/security/2015/dsa-3204.wml delete mode 100644 danish/security/2015/dsa-3205.wml delete mode 100644 danish/security/2015/dsa-3206.wml delete mode 100644 danish/security/2015/dsa-3207.wml delete mode 100644 danish/security/2015/dsa-3208.wml delete mode 100644 danish/security/2015/dsa-3209.wml delete mode 100644 danish/security/2015/dsa-3210.wml delete mode 100644 danish/security/2015/dsa-3211.wml delete mode 100644 danish/security/2015/dsa-3212.wml delete mode 100644 danish/security/2015/dsa-3213.wml delete mode 100644 danish/security/2015/dsa-3214.wml delete mode 100644 danish/security/2015/dsa-3215.wml delete mode 100644 danish/security/2015/dsa-3216.wml delete mode 100644 danish/security/2015/dsa-3217.wml delete mode 100644 danish/security/2015/dsa-3218.wml delete mode 100644 danish/security/2015/dsa-3219.wml delete mode 100644 danish/security/2015/dsa-3220.wml delete mode 100644 danish/security/2015/dsa-3221.wml delete mode 100644 danish/security/2015/dsa-3222.wml delete mode 100644 danish/security/2015/dsa-3223.wml delete mode 100644 danish/security/2015/dsa-3224.wml delete mode 100644 danish/security/2015/dsa-3225.wml delete mode 100644 danish/security/2015/dsa-3226.wml delete mode 100644 danish/security/2015/dsa-3227.wml delete mode 100644 danish/security/2015/dsa-3228.wml delete mode 100644 danish/security/2015/dsa-3229.wml delete mode 100644 danish/security/2015/dsa-3230.wml delete mode 100644 danish/security/2015/dsa-3231.wml delete mode 100644 danish/security/2015/dsa-3232.wml delete mode 100644 danish/security/2015/dsa-3233.wml delete mode 100644 danish/security/2015/dsa-3234.wml delete mode 100644 danish/security/2015/dsa-3235.wml delete mode 100644 danish/security/2015/dsa-3236.wml delete mode 100644 danish/security/2015/dsa-3237.wml delete mode 100644 danish/security/2015/dsa-3238.wml delete mode 100644 danish/security/2015/dsa-3239.wml delete mode 100644 danish/security/2015/dsa-3240.wml delete mode 100644 danish/security/2015/dsa-3241.wml delete mode 100644 danish/security/2015/dsa-3242.wml delete mode 100644 danish/security/2015/dsa-3243.wml delete mode 100644 danish/security/2015/dsa-3244.wml delete mode 100644 danish/security/2015/dsa-3245.wml delete mode 100644 danish/security/2015/dsa-3246.wml delete mode 100644 danish/security/2015/dsa-3247.wml delete mode 100644 danish/security/2015/dsa-3248.wml delete mode 100644 danish/security/2015/dsa-3249.wml delete mode 100644 danish/security/2015/dsa-3250.wml delete mode 100644 danish/security/2015/dsa-3251.wml delete mode 100644 danish/security/2015/dsa-3252.wml delete mode 100644 danish/security/2015/dsa-3253.wml delete mode 100644 danish/security/2015/dsa-3254.wml delete mode 100644 danish/security/2015/dsa-3255.wml delete mode 100644 danish/security/2015/dsa-3256.wml delete mode 100644 danish/security/2015/dsa-3257.wml delete mode 100644 danish/security/2015/dsa-3258.wml delete mode 100644 danish/security/2015/dsa-3259.wml delete mode 100644 danish/security/2015/dsa-3260.wml delete mode 100644 danish/security/2015/dsa-3261.wml delete mode 100644 danish/security/2015/dsa-3262.wml delete mode 100644 danish/security/2015/dsa-3263.wml delete mode 100644 danish/security/2015/dsa-3264.wml delete mode 100644 danish/security/2015/dsa-3265.wml delete mode 100644 danish/security/2015/dsa-3266.wml delete mode 100644 danish/security/2015/dsa-3267.wml delete mode 100644 danish/security/2015/dsa-3268.wml delete mode 100644 danish/security/2015/dsa-3269.wml delete mode 100644 danish/security/2015/dsa-3270.wml delete mode 100644 danish/security/2015/dsa-3271.wml delete mode 100644 danish/security/2015/dsa-3272.wml delete mode 100644 danish/security/2015/dsa-3273.wml delete mode 100644 danish/security/2015/dsa-3274.wml delete mode 100644 danish/security/2015/dsa-3275.wml delete mode 100644 danish/security/2015/dsa-3276.wml delete mode 100644 danish/security/2015/dsa-3277.wml delete mode 100644 danish/security/2015/dsa-3278.wml delete mode 100644 danish/security/2015/dsa-3279.wml delete mode 100644 danish/security/2015/dsa-3280.wml delete mode 100644 danish/security/2015/dsa-3281.wml delete mode 100644 danish/security/2015/dsa-3282.wml delete mode 100644 danish/security/2015/dsa-3283.wml delete mode 100644 danish/security/2015/dsa-3284.wml delete mode 100644 danish/security/2015/dsa-3285.wml delete mode 100644 danish/security/2015/dsa-3286.wml delete mode 100644 danish/security/2015/dsa-3287.wml delete mode 100644 danish/security/2015/dsa-3288.wml delete mode 100644 danish/security/2015/dsa-3289.wml delete mode 100644 danish/security/2015/dsa-3290.wml delete mode 100644 danish/security/2015/dsa-3291.wml delete mode 100644 danish/security/2015/dsa-3293.wml delete mode 100644 danish/security/2015/dsa-3294.wml delete mode 100644 danish/security/2015/dsa-3295.wml delete mode 100644 danish/security/2015/dsa-3296.wml delete mode 100644 danish/security/2015/dsa-3297.wml delete mode 100644 danish/security/2015/dsa-3298.wml delete mode 100644 danish/security/2015/dsa-3299.wml delete mode 100644 danish/security/2015/dsa-3300.wml delete mode 100644 danish/security/2015/dsa-3301.wml delete mode 100644 danish/security/2015/dsa-3302.wml delete mode 100644 danish/security/2015/dsa-3303.wml delete mode 100644 danish/security/2015/dsa-3304.wml delete mode 100644 danish/security/2015/dsa-3305.wml delete mode 100644 danish/security/2015/dsa-3306.wml delete mode 100644 danish/security/2015/dsa-3307.wml delete mode 100644 danish/security/2015/dsa-3308.wml delete mode 100644 danish/security/2015/dsa-3309.wml delete mode 100644 danish/security/2015/dsa-3310.wml delete mode 100644 danish/security/2015/dsa-3311.wml delete mode 100644 danish/security/2015/dsa-3312.wml delete mode 100644 danish/security/2015/dsa-3313.wml delete mode 100644 danish/security/2015/dsa-3314.wml delete mode 100644 danish/security/2015/dsa-3315.wml delete mode 100644 danish/security/2015/dsa-3316.wml delete mode 100644 danish/security/2015/dsa-3317.wml delete mode 100644 danish/security/2015/dsa-3318.wml delete mode 100644 danish/security/2015/dsa-3319.wml delete mode 100644 danish/security/2015/dsa-3320.wml delete mode 100644 danish/security/2015/dsa-3321.wml delete mode 100644 danish/security/2015/dsa-3322.wml delete mode 100644 danish/security/2015/dsa-3323.wml delete mode 100644 danish/security/2015/dsa-3324.wml delete mode 100644 danish/security/2015/dsa-3325.wml delete mode 100644 danish/security/2015/dsa-3326.wml delete mode 100644 danish/security/2015/dsa-3327.wml delete mode 100644 danish/security/2015/dsa-3328.wml delete mode 100644 danish/security/2015/dsa-3329.wml delete mode 100644 danish/security/2015/dsa-3330.wml delete mode 100644 danish/security/2015/dsa-3331.wml delete mode 100644 danish/security/2015/dsa-3332.wml delete mode 100644 danish/security/2015/dsa-3333.wml delete mode 100644 danish/security/2015/dsa-3334.wml delete mode 100644 danish/security/2015/dsa-3335.wml delete mode 100644 danish/security/2015/dsa-3336.wml delete mode 100644 danish/security/2015/dsa-3337.wml delete mode 100644 danish/security/2015/dsa-3338.wml delete mode 100644 danish/security/2015/dsa-3339.wml delete mode 100644 danish/security/2015/dsa-3340.wml delete mode 100644 danish/security/2015/dsa-3341.wml delete mode 100644 danish/security/2015/dsa-3342.wml delete mode 100644 danish/security/2015/dsa-3343.wml delete mode 100644 danish/security/2015/dsa-3344.wml delete mode 100644 danish/security/2015/dsa-3345.wml delete mode 100644 danish/security/2015/dsa-3346.wml delete mode 100644 danish/security/2015/dsa-3347.wml delete mode 100644 danish/security/2015/dsa-3348.wml delete mode 100644 danish/security/2015/dsa-3349.wml delete mode 100644 danish/security/2015/dsa-3350.wml delete mode 100644 danish/security/2015/dsa-3351.wml delete mode 100644 danish/security/2015/dsa-3352.wml delete mode 100644 danish/security/2015/dsa-3353.wml delete mode 100644 danish/security/2015/dsa-3354.wml delete mode 100644 danish/security/2015/dsa-3355.wml delete mode 100644 danish/security/2015/dsa-3356.wml delete mode 100644 danish/security/2015/dsa-3357.wml delete mode 100644 danish/security/2015/dsa-3358.wml delete mode 100644 danish/security/2015/dsa-3359.wml delete mode 100644 danish/security/2015/dsa-3360.wml delete mode 100644 danish/security/2015/dsa-3361.wml delete mode 100644 danish/security/2015/dsa-3362.wml delete mode 100644 danish/security/2015/dsa-3363.wml delete mode 100644 danish/security/2015/dsa-3364.wml delete mode 100644 danish/security/2015/dsa-3365.wml delete mode 100644 danish/security/2015/dsa-3366.wml delete mode 100644 danish/security/2015/dsa-3367.wml delete mode 100644 danish/security/2015/dsa-3368.wml delete mode 100644 danish/security/2015/dsa-3369.wml delete mode 100644 danish/security/2015/dsa-3370.wml delete mode 100644 danish/security/2015/dsa-3371.wml delete mode 100644 danish/security/2015/dsa-3372.wml delete mode 100644 danish/security/2015/dsa-3373.wml delete mode 100644 danish/security/2015/dsa-3374.wml delete mode 100644 danish/security/2015/dsa-3375.wml delete mode 100644 danish/security/2015/dsa-3376.wml delete mode 100644 danish/security/2015/dsa-3377.wml delete mode 100644 danish/security/2015/dsa-3378.wml delete mode 100644 danish/security/2015/dsa-3379.wml delete mode 100644 danish/security/2015/dsa-3380.wml delete mode 100644 danish/security/2015/dsa-3381.wml delete mode 100644 danish/security/2015/dsa-3382.wml delete mode 100644 danish/security/2015/dsa-3383.wml delete mode 100644 danish/security/2015/dsa-3384.wml delete mode 100644 danish/security/2015/dsa-3385.wml delete mode 100644 danish/security/2015/dsa-3386.wml delete mode 100644 danish/security/2015/dsa-3387.wml delete mode 100644 danish/security/2015/dsa-3388.wml delete mode 100644 danish/security/2015/dsa-3389.wml delete mode 100644 danish/security/2015/dsa-3391.wml delete mode 100644 danish/security/2015/dsa-3392.wml delete mode 100644 danish/security/2015/dsa-3393.wml delete mode 100644 danish/security/2015/dsa-3394.wml delete mode 100644 danish/security/2015/dsa-3395.wml delete mode 100644 danish/security/2015/dsa-3396.wml delete mode 100644 danish/security/2015/dsa-3397.wml delete mode 100644 danish/security/2015/dsa-3398.wml delete mode 100644 danish/security/2015/dsa-3399.wml delete mode 100644 danish/security/2015/dsa-3400.wml delete mode 100644 danish/security/2015/dsa-3401.wml delete mode 100644 danish/security/2015/dsa-3402.wml delete mode 100644 danish/security/2015/dsa-3403.wml delete mode 100644 danish/security/2015/dsa-3405.wml delete mode 100644 danish/security/2015/dsa-3406.wml delete mode 100644 danish/security/2015/dsa-3407.wml delete mode 100644 danish/security/2015/dsa-3408.wml delete mode 100644 danish/security/2015/dsa-3409.wml delete mode 100644 danish/security/2015/dsa-3410.wml delete mode 100644 danish/security/2015/dsa-3411.wml delete mode 100644 danish/security/2015/dsa-3412.wml delete mode 100644 danish/security/2015/dsa-3413.wml delete mode 100644 danish/security/2015/dsa-3414.wml delete mode 100644 danish/security/2015/dsa-3415.wml delete mode 100644 danish/security/2015/dsa-3416.wml delete mode 100644 danish/security/2015/dsa-3417.wml delete mode 100644 danish/security/2015/dsa-3418.wml delete mode 100644 danish/security/2015/dsa-3419.wml delete mode 100644 danish/security/2015/dsa-3420.wml delete mode 100644 danish/security/2015/dsa-3421.wml delete mode 100644 danish/security/2015/dsa-3422.wml delete mode 100644 danish/security/2015/dsa-3423.wml delete mode 100644 danish/security/2015/dsa-3424.wml delete mode 100644 danish/security/2015/dsa-3425.wml delete mode 100644 danish/security/2015/dsa-3426.wml delete mode 100644 danish/security/2015/dsa-3427.wml delete mode 100644 danish/security/2015/dsa-3428.wml delete mode 100644 danish/security/2015/dsa-3429.wml delete mode 100644 danish/security/2015/dsa-3430.wml delete mode 100644 danish/security/2015/index.wml delete mode 100644 danish/security/2016/Makefile delete mode 100644 danish/security/2016/dsa-3426.wml delete mode 100644 danish/security/2016/dsa-3431.wml delete mode 100644 danish/security/2016/dsa-3432.wml delete mode 100644 danish/security/2016/dsa-3433.wml delete mode 100644 danish/security/2016/dsa-3434.wml delete mode 100644 danish/security/2016/dsa-3435.wml delete mode 100644 danish/security/2016/dsa-3436.wml delete mode 100644 danish/security/2016/dsa-3437.wml delete mode 100644 danish/security/2016/dsa-3438.wml delete mode 100644 danish/security/2016/dsa-3439.wml delete mode 100644 danish/security/2016/dsa-3440.wml delete mode 100644 danish/security/2016/dsa-3441.wml delete mode 100644 danish/security/2016/dsa-3442.wml delete mode 100644 danish/security/2016/dsa-3443.wml delete mode 100644 danish/security/2016/dsa-3444.wml delete mode 100644 danish/security/2016/dsa-3445.wml delete mode 100644 danish/security/2016/dsa-3446.wml delete mode 100644 danish/security/2016/dsa-3447.wml delete mode 100644 danish/security/2016/dsa-3448.wml delete mode 100644 danish/security/2016/dsa-3449.wml delete mode 100644 danish/security/2016/dsa-3450.wml delete mode 100644 danish/security/2016/dsa-3451.wml delete mode 100644 danish/security/2016/dsa-3452.wml delete mode 100644 danish/security/2016/dsa-3453.wml delete mode 100644 danish/security/2016/dsa-3454.wml delete mode 100644 danish/security/2016/dsa-3455.wml delete mode 100644 danish/security/2016/dsa-3456.wml delete mode 100644 danish/security/2016/dsa-3457.wml delete mode 100644 danish/security/2016/dsa-3458.wml delete mode 100644 danish/security/2016/dsa-3459.wml delete mode 100644 danish/security/2016/dsa-3460.wml delete mode 100644 danish/security/2016/dsa-3461.wml delete mode 100644 danish/security/2016/dsa-3462.wml delete mode 100644 danish/security/2016/dsa-3463.wml delete mode 100644 danish/security/2016/dsa-3464.wml delete mode 100644 danish/security/2016/dsa-3465.wml delete mode 100644 danish/security/2016/dsa-3466.wml delete mode 100644 danish/security/2016/dsa-3467.wml delete mode 100644 danish/security/2016/dsa-3468.wml delete mode 100644 danish/security/2016/dsa-3469.wml delete mode 100644 danish/security/2016/dsa-3470.wml delete mode 100644 danish/security/2016/dsa-3471.wml delete mode 100644 danish/security/2016/dsa-3472.wml delete mode 100644 danish/security/2016/dsa-3473.wml delete mode 100644 danish/security/2016/dsa-3474.wml delete mode 100644 danish/security/2016/dsa-3475.wml delete mode 100644 danish/security/2016/dsa-3476.wml delete mode 100644 danish/security/2016/dsa-3477.wml delete mode 100644 danish/security/2016/dsa-3478.wml delete mode 100644 danish/security/2016/dsa-3479.wml delete mode 100644 danish/security/2016/dsa-3480.wml delete mode 100644 danish/security/2016/dsa-3481.wml delete mode 100644 danish/security/2016/dsa-3482.wml delete mode 100644 danish/security/2016/dsa-3483.wml delete mode 100644 danish/security/2016/dsa-3484.wml delete mode 100644 danish/security/2016/dsa-3485.wml delete mode 100644 danish/security/2016/dsa-3486.wml delete mode 100644 danish/security/2016/dsa-3487.wml delete mode 100644 danish/security/2016/dsa-3488.wml delete mode 100644 danish/security/2016/dsa-3489.wml delete mode 100644 danish/security/2016/dsa-3490.wml delete mode 100644 danish/security/2016/dsa-3491.wml delete mode 100644 danish/security/2016/dsa-3492.wml delete mode 100644 danish/security/2016/dsa-3493.wml delete mode 100644 danish/security/2016/dsa-3494.wml delete mode 100644 danish/security/2016/dsa-3495.wml delete mode 100644 danish/security/2016/dsa-3496.wml delete mode 100644 danish/security/2016/dsa-3497.wml delete mode 100644 danish/security/2016/dsa-3498.wml delete mode 100644 danish/security/2016/dsa-3499.wml delete mode 100644 danish/security/2016/dsa-3500.wml delete mode 100644 danish/security/2016/dsa-3501.wml delete mode 100644 danish/security/2016/dsa-3502.wml delete mode 100644 danish/security/2016/dsa-3503.wml delete mode 100644 danish/security/2016/dsa-3504.wml delete mode 100644 danish/security/2016/dsa-3505.wml delete mode 100644 danish/security/2016/dsa-3506.wml delete mode 100644 danish/security/2016/dsa-3507.wml delete mode 100644 danish/security/2016/dsa-3508.wml delete mode 100644 danish/security/2016/dsa-3509.wml delete mode 100644 danish/security/2016/dsa-3510.wml delete mode 100644 danish/security/2016/dsa-3511.wml delete mode 100644 danish/security/2016/dsa-3512.wml delete mode 100644 danish/security/2016/dsa-3513.wml delete mode 100644 danish/security/2016/dsa-3514.wml delete mode 100644 danish/security/2016/dsa-3515.wml delete mode 100644 danish/security/2016/dsa-3516.wml delete mode 100644 danish/security/2016/dsa-3517.wml delete mode 100644 danish/security/2016/dsa-3518.wml delete mode 100644 danish/security/2016/dsa-3519.wml delete mode 100644 danish/security/2016/dsa-3520.wml delete mode 100644 danish/security/2016/dsa-3521.wml delete mode 100644 danish/security/2016/dsa-3522.wml delete mode 100644 danish/security/2016/dsa-3523.wml delete mode 100644 danish/security/2016/dsa-3524.wml delete mode 100644 danish/security/2016/dsa-3525.wml delete mode 100644 danish/security/2016/dsa-3526.wml delete mode 100644 danish/security/2016/dsa-3527.wml delete mode 100644 danish/security/2016/dsa-3528.wml delete mode 100644 danish/security/2016/dsa-3529.wml delete mode 100644 danish/security/2016/dsa-3530.wml delete mode 100644 danish/security/2016/dsa-3531.wml delete mode 100644 danish/security/2016/dsa-3532.wml delete mode 100644 danish/security/2016/dsa-3533.wml delete mode 100644 danish/security/2016/dsa-3534.wml delete mode 100644 danish/security/2016/dsa-3535.wml delete mode 100644 danish/security/2016/dsa-3536.wml delete mode 100644 danish/security/2016/dsa-3537.wml delete mode 100644 danish/security/2016/dsa-3538.wml delete mode 100644 danish/security/2016/dsa-3539.wml delete mode 100644 danish/security/2016/dsa-3540.wml delete mode 100644 danish/security/2016/dsa-3541.wml delete mode 100644 danish/security/2016/dsa-3542.wml delete mode 100644 danish/security/2016/dsa-3543.wml delete mode 100644 danish/security/2016/dsa-3544.wml delete mode 100644 danish/security/2016/dsa-3545.wml delete mode 100644 danish/security/2016/dsa-3546.wml delete mode 100644 danish/security/2016/dsa-3547.wml delete mode 100644 danish/security/2016/dsa-3548.wml delete mode 100644 danish/security/2016/dsa-3549.wml delete mode 100644 danish/security/2016/dsa-3550.wml delete mode 100644 danish/security/2016/dsa-3551.wml delete mode 100644 danish/security/2016/dsa-3552.wml delete mode 100644 danish/security/2016/dsa-3553.wml delete mode 100644 danish/security/2016/dsa-3554.wml delete mode 100644 danish/security/2016/dsa-3555.wml delete mode 100644 danish/security/2016/dsa-3556.wml delete mode 100644 danish/security/2016/dsa-3557.wml delete mode 100644 danish/security/2016/dsa-3558.wml delete mode 100644 danish/security/2016/dsa-3559.wml delete mode 100644 danish/security/2016/dsa-3560.wml delete mode 100644 danish/security/2016/dsa-3561.wml delete mode 100644 danish/security/2016/dsa-3562.wml delete mode 100644 danish/security/2016/dsa-3563.wml delete mode 100644 danish/security/2016/dsa-3564.wml delete mode 100644 danish/security/2016/dsa-3565.wml delete mode 100644 danish/security/2016/dsa-3566.wml delete mode 100644 danish/security/2016/dsa-3567.wml delete mode 100644 danish/security/2016/dsa-3568.wml delete mode 100644 danish/security/2016/dsa-3569.wml delete mode 100644 danish/security/2016/dsa-3570.wml delete mode 100644 danish/security/2016/dsa-3571.wml delete mode 100644 danish/security/2016/dsa-3572.wml delete mode 100644 danish/security/2016/dsa-3573.wml delete mode 100644 danish/security/2016/dsa-3574.wml delete mode 100644 danish/security/2016/dsa-3575.wml delete mode 100644 danish/security/2016/dsa-3576.wml delete mode 100644 danish/security/2016/dsa-3577.wml delete mode 100644 danish/security/2016/dsa-3578.wml delete mode 100644 danish/security/2016/dsa-3579.wml delete mode 100644 danish/security/2016/dsa-3580.wml delete mode 100644 danish/security/2016/dsa-3581.wml delete mode 100644 danish/security/2016/dsa-3582.wml delete mode 100644 danish/security/2016/dsa-3583.wml delete mode 100644 danish/security/2016/dsa-3584.wml delete mode 100644 danish/security/2016/dsa-3585.wml delete mode 100644 danish/security/2016/dsa-3586.wml delete mode 100644 danish/security/2016/dsa-3587.wml delete mode 100644 danish/security/2016/dsa-3588.wml delete mode 100644 danish/security/2016/dsa-3589.wml delete mode 100644 danish/security/2016/dsa-3590.wml delete mode 100644 danish/security/2016/dsa-3591.wml delete mode 100644 danish/security/2016/dsa-3592.wml delete mode 100644 danish/security/2016/dsa-3593.wml delete mode 100644 danish/security/2016/dsa-3594.wml delete mode 100644 danish/security/2016/dsa-3595.wml delete mode 100644 danish/security/2016/dsa-3596.wml delete mode 100644 danish/security/2016/dsa-3597.wml delete mode 100644 danish/security/2016/dsa-3598.wml delete mode 100644 danish/security/2016/dsa-3599.wml delete mode 100644 danish/security/2016/dsa-3600.wml delete mode 100644 danish/security/2016/dsa-3601.wml delete mode 100644 danish/security/2016/dsa-3602.wml delete mode 100644 danish/security/2016/dsa-3603.wml delete mode 100644 danish/security/2016/dsa-3604.wml delete mode 100644 danish/security/2016/dsa-3605.wml delete mode 100644 danish/security/2016/dsa-3606.wml delete mode 100644 danish/security/2016/dsa-3607.wml delete mode 100644 danish/security/2016/dsa-3608.wml delete mode 100644 danish/security/2016/dsa-3609.wml delete mode 100644 danish/security/2016/dsa-3610.wml delete mode 100644 danish/security/2016/dsa-3611.wml delete mode 100644 danish/security/2016/dsa-3612.wml delete mode 100644 danish/security/2016/dsa-3613.wml delete mode 100644 danish/security/2016/dsa-3614.wml delete mode 100644 danish/security/2016/dsa-3615.wml delete mode 100644 danish/security/2016/dsa-3616.wml delete mode 100644 danish/security/2016/dsa-3617.wml delete mode 100644 danish/security/2016/dsa-3618.wml delete mode 100644 danish/security/2016/dsa-3619.wml delete mode 100644 danish/security/2016/dsa-3620.wml delete mode 100644 danish/security/2016/dsa-3621.wml delete mode 100644 danish/security/2016/dsa-3622.wml delete mode 100644 danish/security/2016/dsa-3623.wml delete mode 100644 danish/security/2016/dsa-3624.wml delete mode 100644 danish/security/2016/dsa-3625.wml delete mode 100644 danish/security/2016/dsa-3626.wml delete mode 100644 danish/security/2016/dsa-3627.wml delete mode 100644 danish/security/2016/dsa-3628.wml delete mode 100644 danish/security/2016/dsa-3629.wml delete mode 100644 danish/security/2016/dsa-3630.wml delete mode 100644 danish/security/2016/dsa-3631.wml delete mode 100644 danish/security/2016/dsa-3632.wml delete mode 100644 danish/security/2016/dsa-3633.wml delete mode 100644 danish/security/2016/dsa-3634.wml delete mode 100644 danish/security/2016/dsa-3635.wml delete mode 100644 danish/security/2016/dsa-3636.wml delete mode 100644 danish/security/2016/dsa-3637.wml delete mode 100644 danish/security/2016/dsa-3638.wml delete mode 100644 danish/security/2016/dsa-3639.wml delete mode 100644 danish/security/2016/dsa-3640.wml delete mode 100644 danish/security/2016/dsa-3641.wml delete mode 100644 danish/security/2016/dsa-3642.wml delete mode 100644 danish/security/2016/dsa-3643.wml delete mode 100644 danish/security/2016/dsa-3644.wml delete mode 100644 danish/security/2016/dsa-3645.wml delete mode 100644 danish/security/2016/dsa-3646.wml delete mode 100644 danish/security/2016/dsa-3647.wml delete mode 100644 danish/security/2016/dsa-3648.wml delete mode 100644 danish/security/2016/dsa-3649.wml delete mode 100644 danish/security/2016/dsa-3650.wml delete mode 100644 danish/security/2016/dsa-3651.wml delete mode 100644 danish/security/2016/dsa-3652.wml delete mode 100644 danish/security/2016/dsa-3653.wml delete mode 100644 danish/security/2016/dsa-3654.wml delete mode 100644 danish/security/2016/dsa-3655.wml delete mode 100644 danish/security/2016/dsa-3656.wml delete mode 100644 danish/security/2016/dsa-3657.wml delete mode 100644 danish/security/2016/dsa-3658.wml delete mode 100644 danish/security/2016/dsa-3659.wml delete mode 100644 danish/security/2016/dsa-3660.wml delete mode 100644 danish/security/2016/dsa-3661.wml delete mode 100644 danish/security/2016/dsa-3662.wml delete mode 100644 danish/security/2016/dsa-3663.wml delete mode 100644 danish/security/2016/dsa-3664.wml delete mode 100644 danish/security/2016/dsa-3665.wml delete mode 100644 danish/security/2016/dsa-3666.wml delete mode 100644 danish/security/2016/dsa-3667.wml delete mode 100644 danish/security/2016/dsa-3668.wml delete mode 100644 danish/security/2016/dsa-3669.wml delete mode 100644 danish/security/2016/dsa-3670.wml delete mode 100644 danish/security/2016/dsa-3671.wml delete mode 100644 danish/security/2016/dsa-3672.wml delete mode 100644 danish/security/2016/dsa-3673.wml delete mode 100644 danish/security/2016/dsa-3674.wml delete mode 100644 danish/security/2016/dsa-3675.wml delete mode 100644 danish/security/2016/dsa-3676.wml delete mode 100644 danish/security/2016/dsa-3677.wml delete mode 100644 danish/security/2016/dsa-3678.wml delete mode 100644 danish/security/2016/dsa-3679.wml delete mode 100644 danish/security/2016/dsa-3680.wml delete mode 100644 danish/security/2016/dsa-3681.wml delete mode 100644 danish/security/2016/dsa-3682.wml delete mode 100644 danish/security/2016/dsa-3683.wml delete mode 100644 danish/security/2016/dsa-3684.wml delete mode 100644 danish/security/2016/dsa-3685.wml delete mode 100644 danish/security/2016/dsa-3686.wml delete mode 100644 danish/security/2016/dsa-3687.wml delete mode 100644 danish/security/2016/dsa-3688.wml delete mode 100644 danish/security/2016/dsa-3689.wml delete mode 100644 danish/security/2016/dsa-3690.wml delete mode 100644 danish/security/2016/dsa-3691.wml delete mode 100644 danish/security/2016/dsa-3692.wml delete mode 100644 danish/security/2016/dsa-3693.wml delete mode 100644 danish/security/2016/dsa-3694.wml delete mode 100644 danish/security/2016/dsa-3695.wml delete mode 100644 danish/security/2016/dsa-3696.wml delete mode 100644 danish/security/2016/dsa-3697.wml delete mode 100644 danish/security/2016/dsa-3698.wml delete mode 100644 danish/security/2016/dsa-3699.wml delete mode 100644 danish/security/2016/dsa-3700.wml delete mode 100644 danish/security/2016/dsa-3701.wml delete mode 100644 danish/security/2016/dsa-3702.wml delete mode 100644 danish/security/2016/dsa-3703.wml delete mode 100644 danish/security/2016/dsa-3704.wml delete mode 100644 danish/security/2016/dsa-3705.wml delete mode 100644 danish/security/2016/dsa-3706.wml delete mode 100644 danish/security/2016/dsa-3707.wml delete mode 100644 danish/security/2016/dsa-3708.wml delete mode 100644 danish/security/2016/dsa-3709.wml delete mode 100644 danish/security/2016/dsa-3710.wml delete mode 100644 danish/security/2016/dsa-3711.wml delete mode 100644 danish/security/2016/dsa-3712.wml delete mode 100644 danish/security/2016/dsa-3713.wml delete mode 100644 danish/security/2016/dsa-3714.wml delete mode 100644 danish/security/2016/dsa-3715.wml delete mode 100644 danish/security/2016/dsa-3716.wml delete mode 100644 danish/security/2016/dsa-3717.wml delete mode 100644 danish/security/2016/dsa-3718.wml delete mode 100644 danish/security/2016/dsa-3719.wml delete mode 100644 danish/security/2016/dsa-3720.wml delete mode 100644 danish/security/2016/dsa-3721.wml delete mode 100644 danish/security/2016/dsa-3722.wml delete mode 100644 danish/security/2016/dsa-3723.wml delete mode 100644 danish/security/2016/dsa-3724.wml delete mode 100644 danish/security/2016/dsa-3725.wml delete mode 100644 danish/security/2016/dsa-3726.wml delete mode 100644 danish/security/2016/dsa-3727.wml delete mode 100644 danish/security/2016/dsa-3728.wml delete mode 100644 danish/security/2016/dsa-3729.wml delete mode 100644 danish/security/2016/dsa-3730.wml delete mode 100644 danish/security/2016/dsa-3731.wml delete mode 100644 danish/security/2016/dsa-3732.wml delete mode 100644 danish/security/2016/dsa-3733.wml delete mode 100644 danish/security/2016/dsa-3734.wml delete mode 100644 danish/security/2016/dsa-3735.wml delete mode 100644 danish/security/2016/dsa-3736.wml delete mode 100644 danish/security/2016/dsa-3737.wml delete mode 100644 danish/security/2016/dsa-3738.wml delete mode 100644 danish/security/2016/dsa-3739.wml delete mode 100644 danish/security/2016/dsa-3740.wml delete mode 100644 danish/security/2016/dsa-3741.wml delete mode 100644 danish/security/2016/dsa-3742.wml delete mode 100644 danish/security/2016/dsa-3743.wml delete mode 100644 danish/security/2016/dsa-3744.wml delete mode 100644 danish/security/2016/dsa-3745.wml delete mode 100644 danish/security/2016/dsa-3746.wml delete mode 100644 danish/security/2016/dsa-3747.wml delete mode 100644 danish/security/2016/dsa-3748.wml delete mode 100644 danish/security/2016/dsa-3749.wml delete mode 100644 danish/security/2016/dsa-3750.wml delete mode 100644 danish/security/2016/index.wml delete mode 100644 danish/security/2017/Makefile delete mode 100644 danish/security/2017/dsa-3751.wml delete mode 100644 danish/security/2017/dsa-3752.wml delete mode 100644 danish/security/2017/dsa-3753.wml delete mode 100644 danish/security/2017/dsa-3754.wml delete mode 100644 danish/security/2017/dsa-3755.wml delete mode 100644 danish/security/2017/dsa-3756.wml delete mode 100644 danish/security/2017/dsa-3757.wml delete mode 100644 danish/security/2017/dsa-3758.wml delete mode 100644 danish/security/2017/dsa-3759.wml delete mode 100644 danish/security/2017/dsa-3760.wml delete mode 100644 danish/security/2017/dsa-3761.wml delete mode 100644 danish/security/2017/dsa-3762.wml delete mode 100644 danish/security/2017/dsa-3763.wml delete mode 100644 danish/security/2017/dsa-3764.wml delete mode 100644 danish/security/2017/dsa-3765.wml delete mode 100644 danish/security/2017/dsa-3766.wml delete mode 100644 danish/security/2017/dsa-3767.wml delete mode 100644 danish/security/2017/dsa-3768.wml delete mode 100644 danish/security/2017/dsa-3769.wml delete mode 100644 danish/security/2017/dsa-3770.wml delete mode 100644 danish/security/2017/dsa-3771.wml delete mode 100644 danish/security/2017/dsa-3772.wml delete mode 100644 danish/security/2017/dsa-3773.wml delete mode 100644 danish/security/2017/dsa-3774.wml delete mode 100644 danish/security/2017/dsa-3775.wml delete mode 100644 danish/security/2017/dsa-3776.wml delete mode 100644 danish/security/2017/dsa-3777.wml delete mode 100644 danish/security/2017/dsa-3778.wml delete mode 100644 danish/security/2017/dsa-3779.wml delete mode 100644 danish/security/2017/dsa-3780.wml delete mode 100644 danish/security/2017/dsa-3781.wml delete mode 100644 danish/security/2017/dsa-3782.wml delete mode 100644 danish/security/2017/dsa-3783.wml delete mode 100644 danish/security/2017/dsa-3784.wml delete mode 100644 danish/security/2017/dsa-3785.wml delete mode 100644 danish/security/2017/dsa-3786.wml delete mode 100644 danish/security/2017/dsa-3787.wml delete mode 100644 danish/security/2017/dsa-3788.wml delete mode 100644 danish/security/2017/dsa-3789.wml delete mode 100644 danish/security/2017/dsa-3790.wml delete mode 100644 danish/security/2017/dsa-3791.wml delete mode 100644 danish/security/2017/dsa-3792.wml delete mode 100644 danish/security/2017/dsa-3793.wml delete mode 100644 danish/security/2017/dsa-3794.wml delete mode 100644 danish/security/2017/dsa-3795.wml delete mode 100644 danish/security/2017/dsa-3796.wml delete mode 100644 danish/security/2017/dsa-3797.wml delete mode 100644 danish/security/2017/dsa-3798.wml delete mode 100644 danish/security/2017/dsa-3799.wml delete mode 100644 danish/security/2017/dsa-3800.wml delete mode 100644 danish/security/2017/dsa-3801.wml delete mode 100644 danish/security/2017/dsa-3802.wml delete mode 100644 danish/security/2017/dsa-3803.wml delete mode 100644 danish/security/2017/dsa-3804.wml delete mode 100644 danish/security/2017/dsa-3805.wml delete mode 100644 danish/security/2017/dsa-3806.wml delete mode 100644 danish/security/2017/dsa-3807.wml delete mode 100644 danish/security/2017/dsa-3808.wml delete mode 100644 danish/security/2017/dsa-3809.wml delete mode 100644 danish/security/2017/dsa-3810.wml delete mode 100644 danish/security/2017/dsa-3811.wml delete mode 100644 danish/security/2017/dsa-3812.wml delete mode 100644 danish/security/2017/dsa-3813.wml delete mode 100644 danish/security/2017/dsa-3814.wml delete mode 100644 danish/security/2017/dsa-3815.wml delete mode 100644 danish/security/2017/dsa-3816.wml delete mode 100644 danish/security/2017/dsa-3817.wml delete mode 100644 danish/security/2017/dsa-3818.wml delete mode 100644 danish/security/2017/dsa-3819.wml delete mode 100644 danish/security/2017/dsa-3820.wml delete mode 100644 danish/security/2017/dsa-3821.wml delete mode 100644 danish/security/2017/dsa-3822.wml delete mode 100644 danish/security/2017/dsa-3823.wml delete mode 100644 danish/security/2017/dsa-3824.wml delete mode 100644 danish/security/2017/dsa-3825.wml delete mode 100644 danish/security/2017/dsa-3826.wml delete mode 100644 danish/security/2017/dsa-3827.wml delete mode 100644 danish/security/2017/dsa-3828.wml delete mode 100644 danish/security/2017/dsa-3829.wml delete mode 100644 danish/security/2017/dsa-3830.wml delete mode 100644 danish/security/2017/dsa-3831.wml delete mode 100644 danish/security/2017/dsa-3832.wml delete mode 100644 danish/security/2017/dsa-3833.wml delete mode 100644 danish/security/2017/dsa-3834.wml delete mode 100644 danish/security/2017/dsa-3835.wml delete mode 100644 danish/security/2017/dsa-3836.wml delete mode 100644 danish/security/2017/dsa-3837.wml delete mode 100644 danish/security/2017/dsa-3838.wml delete mode 100644 danish/security/2017/dsa-3839.wml delete mode 100644 danish/security/2017/dsa-3840.wml delete mode 100644 danish/security/2017/dsa-3841.wml delete mode 100644 danish/security/2017/dsa-3842.wml delete mode 100644 danish/security/2017/dsa-3843.wml delete mode 100644 danish/security/2017/dsa-3844.wml delete mode 100644 danish/security/2017/dsa-3845.wml delete mode 100644 danish/security/2017/dsa-3846.wml delete mode 100644 danish/security/2017/dsa-3847.wml delete mode 100644 danish/security/2017/dsa-3848.wml delete mode 100644 danish/security/2017/dsa-3849.wml delete mode 100644 danish/security/2017/dsa-3850.wml delete mode 100644 danish/security/2017/dsa-3851.wml delete mode 100644 danish/security/2017/dsa-3852.wml delete mode 100644 danish/security/2017/dsa-3853.wml delete mode 100644 danish/security/2017/dsa-3854.wml delete mode 100644 danish/security/2017/dsa-3855.wml delete mode 100644 danish/security/2017/dsa-3856.wml delete mode 100644 danish/security/2017/dsa-3857.wml delete mode 100644 danish/security/2017/dsa-3858.wml delete mode 100644 danish/security/2017/dsa-3859.wml delete mode 100644 danish/security/2017/dsa-3860.wml delete mode 100644 danish/security/2017/dsa-3861.wml delete mode 100644 danish/security/2017/dsa-3862.wml delete mode 100644 danish/security/2017/dsa-3863.wml delete mode 100644 danish/security/2017/dsa-3864.wml delete mode 100644 danish/security/2017/dsa-3865.wml delete mode 100644 danish/security/2017/dsa-3866.wml delete mode 100644 danish/security/2017/dsa-3867.wml delete mode 100644 danish/security/2017/dsa-3868.wml delete mode 100644 danish/security/2017/dsa-3869.wml delete mode 100644 danish/security/2017/dsa-3870.wml delete mode 100644 danish/security/2017/dsa-3871.wml delete mode 100644 danish/security/2017/dsa-3872.wml delete mode 100644 danish/security/2017/dsa-3873.wml delete mode 100644 danish/security/2017/dsa-3874.wml delete mode 100644 danish/security/2017/dsa-3875.wml delete mode 100644 danish/security/2017/dsa-3876.wml delete mode 100644 danish/security/2017/dsa-3877.wml delete mode 100644 danish/security/2017/dsa-3878.wml delete mode 100644 danish/security/2017/dsa-3879.wml delete mode 100644 danish/security/2017/dsa-3880.wml delete mode 100644 danish/security/2017/dsa-3881.wml delete mode 100644 danish/security/2017/dsa-3882.wml delete mode 100644 danish/security/2017/dsa-3883.wml delete mode 100644 danish/security/2017/dsa-3884.wml delete mode 100644 danish/security/2017/dsa-3885.wml delete mode 100644 danish/security/2017/dsa-3886.wml delete mode 100644 danish/security/2017/dsa-3887.wml delete mode 100644 danish/security/2017/dsa-3888.wml delete mode 100644 danish/security/2017/dsa-3889.wml delete mode 100644 danish/security/2017/dsa-3890.wml delete mode 100644 danish/security/2017/dsa-3891.wml delete mode 100644 danish/security/2017/dsa-3892.wml delete mode 100644 danish/security/2017/dsa-3893.wml delete mode 100644 danish/security/2017/dsa-3894.wml delete mode 100644 danish/security/2017/dsa-3895.wml delete mode 100644 danish/security/2017/dsa-3896.wml delete mode 100644 danish/security/2017/dsa-3897.wml delete mode 100644 danish/security/2017/dsa-3898.wml delete mode 100644 danish/security/2017/dsa-3899.wml delete mode 100644 danish/security/2017/dsa-3900.wml delete mode 100644 danish/security/2017/dsa-3901.wml delete mode 100644 danish/security/2017/dsa-3902.wml delete mode 100644 danish/security/2017/dsa-3903.wml delete mode 100644 danish/security/2017/dsa-3904.wml delete mode 100644 danish/security/2017/dsa-3905.wml delete mode 100644 danish/security/2017/dsa-3906.wml delete mode 100644 danish/security/2017/dsa-3907.wml delete mode 100644 danish/security/2017/dsa-3908.wml delete mode 100644 danish/security/2017/dsa-3909.wml delete mode 100644 danish/security/2017/dsa-3910.wml delete mode 100644 danish/security/2017/dsa-3911.wml delete mode 100644 danish/security/2017/dsa-3912.wml delete mode 100644 danish/security/2017/dsa-3913.wml delete mode 100644 danish/security/2017/dsa-3914.wml delete mode 100644 danish/security/2017/dsa-3915.wml delete mode 100644 danish/security/2017/dsa-3916.wml delete mode 100644 danish/security/2017/dsa-3917.wml delete mode 100644 danish/security/2017/dsa-3918.wml delete mode 100644 danish/security/2017/dsa-3919.wml delete mode 100644 danish/security/2017/dsa-3920.wml delete mode 100644 danish/security/2017/dsa-3921.wml delete mode 100644 danish/security/2017/dsa-3922.wml delete mode 100644 danish/security/2017/dsa-3923.wml delete mode 100644 danish/security/2017/dsa-3924.wml delete mode 100644 danish/security/2017/dsa-3925.wml delete mode 100644 danish/security/2017/dsa-3926.wml delete mode 100644 danish/security/2017/dsa-3927.wml delete mode 100644 danish/security/2017/dsa-3928.wml delete mode 100644 danish/security/2017/dsa-3929.wml delete mode 100644 danish/security/2017/dsa-3930.wml delete mode 100644 danish/security/2017/dsa-3931.wml delete mode 100644 danish/security/2017/dsa-3932.wml delete mode 100644 danish/security/2017/dsa-3933.wml delete mode 100644 danish/security/2017/dsa-3934.wml delete mode 100644 danish/security/2017/dsa-3935.wml delete mode 100644 danish/security/2017/dsa-3936.wml delete mode 100644 danish/security/2017/dsa-3937.wml delete mode 100644 danish/security/2017/dsa-3938.wml delete mode 100644 danish/security/2017/dsa-3939.wml delete mode 100644 danish/security/2017/dsa-3940.wml delete mode 100644 danish/security/2017/dsa-3941.wml delete mode 100644 danish/security/2017/dsa-3942.wml delete mode 100644 danish/security/2017/dsa-3943.wml delete mode 100644 danish/security/2017/dsa-3944.wml delete mode 100644 danish/security/2017/dsa-3945.wml delete mode 100644 danish/security/2017/dsa-3946.wml delete mode 100644 danish/security/2017/dsa-3947.wml delete mode 100644 danish/security/2017/dsa-3948.wml delete mode 100644 danish/security/2017/dsa-3949.wml delete mode 100644 danish/security/2017/dsa-3950.wml delete mode 100644 danish/security/2017/dsa-3951.wml delete mode 100644 danish/security/2017/dsa-3952.wml delete mode 100644 danish/security/2017/dsa-3953.wml delete mode 100644 danish/security/2017/dsa-3954.wml delete mode 100644 danish/security/2017/dsa-3955.wml delete mode 100644 danish/security/2017/dsa-3956.wml delete mode 100644 danish/security/2017/dsa-3957.wml delete mode 100644 danish/security/2017/dsa-3958.wml delete mode 100644 danish/security/2017/dsa-3959.wml delete mode 100644 danish/security/2017/dsa-3960.wml delete mode 100644 danish/security/2017/dsa-3961.wml delete mode 100644 danish/security/2017/dsa-3962.wml delete mode 100644 danish/security/2017/dsa-3963.wml delete mode 100644 danish/security/2017/dsa-3964.wml delete mode 100644 danish/security/2017/dsa-3965.wml delete mode 100644 danish/security/2017/dsa-3966.wml delete mode 100644 danish/security/2017/dsa-3967.wml delete mode 100644 danish/security/2017/dsa-3968.wml delete mode 100644 danish/security/2017/dsa-3969.wml delete mode 100644 danish/security/2017/dsa-3970.wml delete mode 100644 danish/security/2017/dsa-3971.wml delete mode 100644 danish/security/2017/dsa-3972.wml delete mode 100644 danish/security/2017/dsa-3973.wml delete mode 100644 danish/security/2017/dsa-3974.wml delete mode 100644 danish/security/2017/dsa-3975.wml delete mode 100644 danish/security/2017/dsa-3976.wml delete mode 100644 danish/security/2017/dsa-3977.wml delete mode 100644 danish/security/2017/dsa-3978.wml delete mode 100644 danish/security/2017/dsa-3979.wml delete mode 100644 danish/security/2017/dsa-3980.wml delete mode 100644 danish/security/2017/dsa-3981.wml delete mode 100644 danish/security/2017/dsa-3982.wml delete mode 100644 danish/security/2017/dsa-3983.wml delete mode 100644 danish/security/2017/dsa-3984.wml delete mode 100644 danish/security/2017/dsa-3985.wml delete mode 100644 danish/security/2017/dsa-3986.wml delete mode 100644 danish/security/2017/dsa-3987.wml delete mode 100644 danish/security/2017/dsa-3988.wml delete mode 100644 danish/security/2017/dsa-3989.wml delete mode 100644 danish/security/2017/dsa-3990.wml delete mode 100644 danish/security/2017/dsa-3991.wml delete mode 100644 danish/security/2017/dsa-3992.wml delete mode 100644 danish/security/2017/dsa-3993.wml delete mode 100644 danish/security/2017/dsa-3994.wml delete mode 100644 danish/security/2017/dsa-3995.wml delete mode 100644 danish/security/2017/dsa-3996.wml delete mode 100644 danish/security/2017/dsa-3997.wml delete mode 100644 danish/security/2017/dsa-3998.wml delete mode 100644 danish/security/2017/dsa-3999.wml delete mode 100644 danish/security/2017/dsa-4000.wml delete mode 100644 danish/security/2017/dsa-4001.wml delete mode 100644 danish/security/2017/dsa-4002.wml delete mode 100644 danish/security/2017/dsa-4003.wml delete mode 100644 danish/security/2017/dsa-4004.wml delete mode 100644 danish/security/2017/dsa-4005.wml delete mode 100644 danish/security/2017/dsa-4006.wml delete mode 100644 danish/security/2017/dsa-4007.wml delete mode 100644 danish/security/2017/dsa-4008.wml delete mode 100644 danish/security/2017/dsa-4009.wml delete mode 100644 danish/security/2017/dsa-4010.wml delete mode 100644 danish/security/2017/dsa-4011.wml delete mode 100644 danish/security/2017/dsa-4012.wml delete mode 100644 danish/security/2017/dsa-4013.wml delete mode 100644 danish/security/2017/dsa-4014.wml delete mode 100644 danish/security/2017/dsa-4015.wml delete mode 100644 danish/security/2017/dsa-4016.wml delete mode 100644 danish/security/2017/dsa-4017.wml delete mode 100644 danish/security/2017/dsa-4018.wml delete mode 100644 danish/security/2017/dsa-4019.wml delete mode 100644 danish/security/2017/dsa-4020.wml delete mode 100644 danish/security/2017/dsa-4021.wml delete mode 100644 danish/security/2017/dsa-4022.wml delete mode 100644 danish/security/2017/dsa-4023.wml delete mode 100644 danish/security/2017/dsa-4024.wml delete mode 100644 danish/security/2017/dsa-4025.wml delete mode 100644 danish/security/2017/dsa-4026.wml delete mode 100644 danish/security/2017/dsa-4027.wml delete mode 100644 danish/security/2017/dsa-4028.wml delete mode 100644 danish/security/2017/dsa-4029.wml delete mode 100644 danish/security/2017/dsa-4030.wml delete mode 100644 danish/security/2017/dsa-4031.wml delete mode 100644 danish/security/2017/dsa-4032.wml delete mode 100644 danish/security/2017/dsa-4033.wml delete mode 100644 danish/security/2017/dsa-4034.wml delete mode 100644 danish/security/2017/dsa-4035.wml delete mode 100644 danish/security/2017/dsa-4036.wml delete mode 100644 danish/security/2017/dsa-4037.wml delete mode 100644 danish/security/2017/dsa-4038.wml delete mode 100644 danish/security/2017/dsa-4039.wml delete mode 100644 danish/security/2017/dsa-4040.wml delete mode 100644 danish/security/2017/dsa-4041.wml delete mode 100644 danish/security/2017/dsa-4042.wml delete mode 100644 danish/security/2017/dsa-4043.wml delete mode 100644 danish/security/2017/dsa-4044.wml delete mode 100644 danish/security/2017/dsa-4045.wml delete mode 100644 danish/security/2017/dsa-4046.wml delete mode 100644 danish/security/2017/dsa-4047.wml delete mode 100644 danish/security/2017/dsa-4048.wml delete mode 100644 danish/security/2017/dsa-4049.wml delete mode 100644 danish/security/2017/dsa-4050.wml delete mode 100644 danish/security/2017/dsa-4051.wml delete mode 100644 danish/security/2017/dsa-4052.wml delete mode 100644 danish/security/2017/dsa-4053.wml delete mode 100644 danish/security/2017/dsa-4054.wml delete mode 100644 danish/security/2017/dsa-4055.wml delete mode 100644 danish/security/2017/dsa-4056.wml delete mode 100644 danish/security/2017/dsa-4057.wml delete mode 100644 danish/security/2017/dsa-4058.wml delete mode 100644 danish/security/2017/dsa-4059.wml delete mode 100644 danish/security/2017/dsa-4060.wml delete mode 100644 danish/security/2017/dsa-4061.wml delete mode 100644 danish/security/2017/dsa-4062.wml delete mode 100644 danish/security/2017/dsa-4063.wml delete mode 100644 danish/security/2017/dsa-4064.wml delete mode 100644 danish/security/2017/dsa-4065.wml delete mode 100644 danish/security/2017/dsa-4066.wml delete mode 100644 danish/security/2017/dsa-4067.wml delete mode 100644 danish/security/2017/dsa-4068.wml delete mode 100644 danish/security/2017/dsa-4069.wml delete mode 100644 danish/security/2017/dsa-4070.wml delete mode 100644 danish/security/2017/dsa-4071.wml delete mode 100644 danish/security/2017/dsa-4072.wml delete mode 100644 danish/security/2017/dsa-4073.wml delete mode 100644 danish/security/2017/dsa-4074.wml delete mode 100644 danish/security/2017/dsa-4075.wml delete mode 100644 danish/security/2017/dsa-4076.wml delete mode 100644 danish/security/2017/dsa-4077.wml delete mode 100644 danish/security/2017/index.wml delete mode 100644 danish/security/2018/Makefile delete mode 100644 danish/security/2018/dsa-4078.wml delete mode 100644 danish/security/2018/dsa-4079.wml delete mode 100644 danish/security/2018/dsa-4080.wml delete mode 100644 danish/security/2018/dsa-4081.wml delete mode 100644 danish/security/2018/dsa-4082.wml delete mode 100644 danish/security/2018/dsa-4083.wml delete mode 100644 danish/security/2018/dsa-4084.wml delete mode 100644 danish/security/2018/dsa-4085.wml delete mode 100644 danish/security/2018/dsa-4086.wml delete mode 100644 danish/security/2018/dsa-4087.wml delete mode 100644 danish/security/2018/dsa-4088.wml delete mode 100644 danish/security/2018/dsa-4089.wml delete mode 100644 danish/security/2018/dsa-4090.wml delete mode 100644 danish/security/2018/dsa-4091.wml delete mode 100644 danish/security/2018/dsa-4092.wml delete mode 100644 danish/security/2018/dsa-4093.wml delete mode 100644 danish/security/2018/dsa-4094.wml delete mode 100644 danish/security/2018/dsa-4095.wml delete mode 100644 danish/security/2018/dsa-4096.wml delete mode 100644 danish/security/2018/dsa-4097.wml delete mode 100644 danish/security/2018/dsa-4098.wml delete mode 100644 danish/security/2018/dsa-4099.wml delete mode 100644 danish/security/2018/dsa-4100.wml delete mode 100644 danish/security/2018/dsa-4101.wml delete mode 100644 danish/security/2018/dsa-4102.wml delete mode 100644 danish/security/2018/dsa-4103.wml delete mode 100644 danish/security/2018/dsa-4104.wml delete mode 100644 danish/security/2018/dsa-4105.wml delete mode 100644 danish/security/2018/dsa-4106.wml delete mode 100644 danish/security/2018/dsa-4107.wml delete mode 100644 danish/security/2018/dsa-4108.wml delete mode 100644 danish/security/2018/dsa-4109.wml delete mode 100644 danish/security/2018/dsa-4110.wml delete mode 100644 danish/security/2018/dsa-4111.wml delete mode 100644 danish/security/2018/dsa-4112.wml delete mode 100644 danish/security/2018/dsa-4113.wml delete mode 100644 danish/security/2018/dsa-4114.wml delete mode 100644 danish/security/2018/dsa-4115.wml delete mode 100644 danish/security/2018/dsa-4116.wml delete mode 100644 danish/security/2018/dsa-4117.wml delete mode 100644 danish/security/2018/dsa-4118.wml delete mode 100644 danish/security/2018/dsa-4119.wml delete mode 100644 danish/security/2018/dsa-4120.wml delete mode 100644 danish/security/2018/dsa-4121.wml delete mode 100644 danish/security/2018/dsa-4122.wml delete mode 100644 danish/security/2018/dsa-4123.wml delete mode 100644 danish/security/2018/dsa-4124.wml delete mode 100644 danish/security/2018/dsa-4125.wml delete mode 100644 danish/security/2018/dsa-4126.wml delete mode 100644 danish/security/2018/dsa-4127.wml delete mode 100644 danish/security/2018/dsa-4128.wml delete mode 100644 danish/security/2018/dsa-4129.wml delete mode 100644 danish/security/2018/dsa-4130.wml delete mode 100644 danish/security/2018/dsa-4131.wml delete mode 100644 danish/security/2018/dsa-4132.wml delete mode 100644 danish/security/2018/dsa-4133.wml delete mode 100644 danish/security/2018/dsa-4134.wml delete mode 100644 danish/security/2018/dsa-4135.wml delete mode 100644 danish/security/2018/dsa-4136.wml delete mode 100644 danish/security/2018/dsa-4137.wml delete mode 100644 danish/security/2018/dsa-4138.wml delete mode 100644 danish/security/2018/dsa-4139.wml delete mode 100644 danish/security/2018/dsa-4140.wml delete mode 100644 danish/security/2018/dsa-4141.wml delete mode 100644 danish/security/2018/dsa-4142.wml delete mode 100644 danish/security/2018/dsa-4143.wml delete mode 100644 danish/security/2018/dsa-4144.wml delete mode 100644 danish/security/2018/dsa-4145.wml delete mode 100644 danish/security/2018/dsa-4146.wml delete mode 100644 danish/security/2018/dsa-4147.wml delete mode 100644 danish/security/2018/dsa-4148.wml delete mode 100644 danish/security/2018/dsa-4149.wml delete mode 100644 danish/security/2018/dsa-4150.wml delete mode 100644 danish/security/2018/dsa-4151.wml delete mode 100644 danish/security/2018/dsa-4152.wml delete mode 100644 danish/security/2018/dsa-4153.wml delete mode 100644 danish/security/2018/dsa-4154.wml delete mode 100644 danish/security/2018/dsa-4155.wml delete mode 100644 danish/security/2018/dsa-4156.wml delete mode 100644 danish/security/2018/dsa-4157.wml delete mode 100644 danish/security/2018/dsa-4158.wml delete mode 100644 danish/security/2018/dsa-4159.wml delete mode 100644 danish/security/2018/dsa-4160.wml delete mode 100644 danish/security/2018/dsa-4161.wml delete mode 100644 danish/security/2018/dsa-4162.wml delete mode 100644 danish/security/2018/dsa-4163.wml delete mode 100644 danish/security/2018/dsa-4164.wml delete mode 100644 danish/security/2018/dsa-4165.wml delete mode 100644 danish/security/2018/dsa-4166.wml delete mode 100644 danish/security/2018/dsa-4167.wml delete mode 100644 danish/security/2018/dsa-4168.wml delete mode 100644 danish/security/2018/dsa-4169.wml delete mode 100644 danish/security/2018/dsa-4170.wml delete mode 100644 danish/security/2018/dsa-4171.wml delete mode 100644 danish/security/2018/dsa-4172.wml delete mode 100644 danish/security/2018/dsa-4173.wml delete mode 100644 danish/security/2018/dsa-4174.wml delete mode 100644 danish/security/2018/dsa-4175.wml delete mode 100644 danish/security/2018/dsa-4176.wml delete mode 100644 danish/security/2018/dsa-4177.wml delete mode 100644 danish/security/2018/dsa-4178.wml delete mode 100644 danish/security/2018/dsa-4179.wml delete mode 100644 danish/security/2018/dsa-4180.wml delete mode 100644 danish/security/2018/dsa-4181.wml delete mode 100644 danish/security/2018/dsa-4182.wml delete mode 100644 danish/security/2018/dsa-4183.wml delete mode 100644 danish/security/2018/dsa-4184.wml delete mode 100644 danish/security/2018/dsa-4185.wml delete mode 100644 danish/security/2018/dsa-4186.wml delete mode 100644 danish/security/2018/dsa-4187.wml delete mode 100644 danish/security/2018/dsa-4188.wml delete mode 100644 danish/security/2018/dsa-4189.wml delete mode 100644 danish/security/2018/dsa-4190.wml delete mode 100644 danish/security/2018/dsa-4191.wml delete mode 100644 danish/security/2018/dsa-4192.wml delete mode 100644 danish/security/2018/dsa-4193.wml delete mode 100644 danish/security/2018/dsa-4194.wml delete mode 100644 danish/security/2018/dsa-4195.wml delete mode 100644 danish/security/2018/dsa-4196.wml delete mode 100644 danish/security/2018/dsa-4197.wml delete mode 100644 danish/security/2018/dsa-4198.wml delete mode 100644 danish/security/2018/dsa-4199.wml delete mode 100644 danish/security/2018/dsa-4200.wml delete mode 100644 danish/security/2018/dsa-4201.wml delete mode 100644 danish/security/2018/dsa-4202.wml delete mode 100644 danish/security/2018/dsa-4203.wml delete mode 100644 danish/security/2018/dsa-4204.wml delete mode 100644 danish/security/2018/dsa-4205.wml delete mode 100644 danish/security/2018/dsa-4206.wml delete mode 100644 danish/security/2018/dsa-4207.wml delete mode 100644 danish/security/2018/dsa-4208.wml delete mode 100644 danish/security/2018/dsa-4209.wml delete mode 100644 danish/security/2018/dsa-4210.wml delete mode 100644 danish/security/2018/dsa-4211.wml delete mode 100644 danish/security/2018/dsa-4212.wml delete mode 100644 danish/security/2018/dsa-4213.wml delete mode 100644 danish/security/2018/dsa-4214.wml delete mode 100644 danish/security/2018/dsa-4215.wml delete mode 100644 danish/security/2018/dsa-4216.wml delete mode 100644 danish/security/2018/dsa-4217.wml delete mode 100644 danish/security/2018/dsa-4218.wml delete mode 100644 danish/security/2018/dsa-4219.wml delete mode 100644 danish/security/2018/dsa-4220.wml delete mode 100644 danish/security/2018/dsa-4221.wml delete mode 100644 danish/security/2018/dsa-4222.wml delete mode 100644 danish/security/2018/dsa-4223.wml delete mode 100644 danish/security/2018/dsa-4224.wml delete mode 100644 danish/security/2018/dsa-4225.wml delete mode 100644 danish/security/2018/dsa-4226.wml delete mode 100644 danish/security/2018/dsa-4227.wml delete mode 100644 danish/security/2018/dsa-4228.wml delete mode 100644 danish/security/2018/dsa-4229.wml delete mode 100644 danish/security/2018/dsa-4230.wml delete mode 100644 danish/security/2018/dsa-4231.wml delete mode 100644 danish/security/2018/dsa-4232.wml delete mode 100644 danish/security/2018/dsa-4233.wml delete mode 100644 danish/security/2018/dsa-4234.wml delete mode 100644 danish/security/2018/dsa-4235.wml delete mode 100644 danish/security/2018/dsa-4236.wml delete mode 100644 danish/security/2018/dsa-4237.wml delete mode 100644 danish/security/2018/dsa-4238.wml delete mode 100644 danish/security/2018/dsa-4239.wml delete mode 100644 danish/security/2018/dsa-4240.wml delete mode 100644 danish/security/2018/dsa-4241.wml delete mode 100644 danish/security/2018/dsa-4242.wml delete mode 100644 danish/security/2018/dsa-4243.wml delete mode 100644 danish/security/2018/dsa-4244.wml delete mode 100644 danish/security/2018/dsa-4245.wml delete mode 100644 danish/security/2018/dsa-4246.wml delete mode 100644 danish/security/2018/dsa-4247.wml delete mode 100644 danish/security/2018/dsa-4248.wml delete mode 100644 danish/security/2018/dsa-4249.wml delete mode 100644 danish/security/2018/dsa-4250.wml delete mode 100644 danish/security/2018/dsa-4251.wml delete mode 100644 danish/security/2018/dsa-4252.wml delete mode 100644 danish/security/2018/dsa-4253.wml delete mode 100644 danish/security/2018/dsa-4254.wml delete mode 100644 danish/security/2018/dsa-4255.wml delete mode 100644 danish/security/2018/dsa-4256.wml delete mode 100644 danish/security/2018/dsa-4257.wml delete mode 100644 danish/security/2018/dsa-4258.wml delete mode 100644 danish/security/2018/dsa-4259.wml delete mode 100644 danish/security/2018/dsa-4260.wml delete mode 100644 danish/security/2018/dsa-4261.wml delete mode 100644 danish/security/2018/dsa-4262.wml delete mode 100644 danish/security/2018/dsa-4263.wml delete mode 100644 danish/security/2018/dsa-4264.wml delete mode 100644 danish/security/2018/dsa-4265.wml delete mode 100644 danish/security/2018/dsa-4266.wml delete mode 100644 danish/security/2018/dsa-4267.wml delete mode 100644 danish/security/2018/dsa-4268.wml delete mode 100644 danish/security/2018/dsa-4269.wml delete mode 100644 danish/security/2018/dsa-4270.wml delete mode 100644 danish/security/2018/dsa-4271.wml delete mode 100644 danish/security/2018/dsa-4272.wml delete mode 100644 danish/security/2018/dsa-4273.wml delete mode 100644 danish/security/2018/dsa-4274.wml delete mode 100644 danish/security/2018/dsa-4275.wml delete mode 100644 danish/security/2018/dsa-4276.wml delete mode 100644 danish/security/2018/dsa-4277.wml delete mode 100644 danish/security/2018/dsa-4278.wml delete mode 100644 danish/security/2018/dsa-4279.wml delete mode 100644 danish/security/2018/dsa-4280.wml delete mode 100644 danish/security/2018/dsa-4281.wml delete mode 100644 danish/security/2018/dsa-4282.wml delete mode 100644 danish/security/2018/dsa-4283.wml delete mode 100644 danish/security/2018/dsa-4284.wml delete mode 100644 danish/security/2018/dsa-4285.wml delete mode 100644 danish/security/2018/dsa-4286.wml delete mode 100644 danish/security/2018/dsa-4287.wml delete mode 100644 danish/security/2018/dsa-4288.wml delete mode 100644 danish/security/2018/dsa-4289.wml delete mode 100644 danish/security/2018/dsa-4290.wml delete mode 100644 danish/security/2018/dsa-4291.wml delete mode 100644 danish/security/2018/dsa-4292.wml delete mode 100644 danish/security/2018/dsa-4293.wml delete mode 100644 danish/security/2018/dsa-4294.wml delete mode 100644 danish/security/2018/dsa-4295.wml delete mode 100644 danish/security/2018/dsa-4296.wml delete mode 100644 danish/security/2018/dsa-4297.wml delete mode 100644 danish/security/2018/dsa-4298.wml delete mode 100644 danish/security/2018/dsa-4299.wml delete mode 100644 danish/security/2018/dsa-4300.wml delete mode 100644 danish/security/2018/dsa-4301.wml delete mode 100644 danish/security/2018/dsa-4302.wml delete mode 100644 danish/security/2018/dsa-4303.wml delete mode 100644 danish/security/2018/dsa-4304.wml delete mode 100644 danish/security/2018/dsa-4305.wml delete mode 100644 danish/security/2018/dsa-4306.wml delete mode 100644 danish/security/2018/dsa-4307.wml delete mode 100644 danish/security/2018/dsa-4308.wml delete mode 100644 danish/security/2018/dsa-4309.wml delete mode 100644 danish/security/2018/dsa-4310.wml delete mode 100644 danish/security/2018/dsa-4311.wml delete mode 100644 danish/security/2018/dsa-4312.wml delete mode 100644 danish/security/2018/dsa-4313.wml delete mode 100644 danish/security/2018/dsa-4314.wml delete mode 100644 danish/security/2018/dsa-4315.wml delete mode 100644 danish/security/2018/dsa-4316.wml delete mode 100644 danish/security/2018/dsa-4317.wml delete mode 100644 danish/security/2018/dsa-4318.wml delete mode 100644 danish/security/2018/dsa-4319.wml delete mode 100644 danish/security/2018/dsa-4320.wml delete mode 100644 danish/security/2018/dsa-4321.wml delete mode 100644 danish/security/2018/dsa-4322.wml delete mode 100644 danish/security/2018/dsa-4323.wml delete mode 100644 danish/security/2018/dsa-4324.wml delete mode 100644 danish/security/2018/dsa-4325.wml delete mode 100644 danish/security/2018/dsa-4326.wml delete mode 100644 danish/security/2018/dsa-4327.wml delete mode 100644 danish/security/2018/dsa-4328.wml delete mode 100644 danish/security/2018/dsa-4329.wml delete mode 100644 danish/security/2018/dsa-4330.wml delete mode 100644 danish/security/2018/dsa-4331.wml delete mode 100644 danish/security/2018/dsa-4332.wml delete mode 100644 danish/security/2018/dsa-4333.wml delete mode 100644 danish/security/2018/dsa-4334.wml delete mode 100644 danish/security/2018/dsa-4335.wml delete mode 100644 danish/security/2018/dsa-4336.wml delete mode 100644 danish/security/2018/dsa-4337.wml delete mode 100644 danish/security/2018/dsa-4338.wml delete mode 100644 danish/security/2018/dsa-4339.wml delete mode 100644 danish/security/2018/dsa-4340.wml delete mode 100644 danish/security/2018/dsa-4341.wml delete mode 100644 danish/security/2018/dsa-4343.wml delete mode 100644 danish/security/2018/dsa-4344.wml delete mode 100644 danish/security/2018/dsa-4345.wml delete mode 100644 danish/security/2018/dsa-4346.wml delete mode 100644 danish/security/2018/dsa-4347.wml delete mode 100644 danish/security/2018/dsa-4348.wml delete mode 100644 danish/security/2018/dsa-4349.wml delete mode 100644 danish/security/2018/dsa-4350.wml delete mode 100644 danish/security/2018/dsa-4351.wml delete mode 100644 danish/security/2018/dsa-4352.wml delete mode 100644 danish/security/2018/dsa-4353.wml delete mode 100644 danish/security/2018/dsa-4354.wml delete mode 100644 danish/security/2018/dsa-4355.wml delete mode 100644 danish/security/2018/dsa-4356.wml delete mode 100644 danish/security/2018/dsa-4357.wml delete mode 100644 danish/security/2018/dsa-4358.wml delete mode 100644 danish/security/2018/dsa-4359.wml delete mode 100644 danish/security/2018/dsa-4360.wml delete mode 100644 danish/security/2018/dsa-4361.wml delete mode 100644 danish/security/2018/index.wml delete mode 100644 danish/security/2019/Makefile delete mode 100644 danish/security/2019/dsa-4362.wml delete mode 100644 danish/security/2019/dsa-4363.wml delete mode 100644 danish/security/2019/dsa-4364.wml delete mode 100644 danish/security/2019/dsa-4365.wml delete mode 100644 danish/security/2019/dsa-4366.wml delete mode 100644 danish/security/2019/dsa-4367.wml delete mode 100644 danish/security/2019/dsa-4368.wml delete mode 100644 danish/security/2019/dsa-4369.wml delete mode 100644 danish/security/2019/dsa-4370.wml delete mode 100644 danish/security/2019/dsa-4371.wml delete mode 100644 danish/security/2019/dsa-4372.wml delete mode 100644 danish/security/2019/dsa-4373.wml delete mode 100644 danish/security/2019/dsa-4374.wml delete mode 100644 danish/security/2019/dsa-4375.wml delete mode 100644 danish/security/2019/dsa-4376.wml delete mode 100644 danish/security/2019/dsa-4377.wml delete mode 100644 danish/security/2019/dsa-4378.wml delete mode 100644 danish/security/2019/dsa-4379.wml delete mode 100644 danish/security/2019/dsa-4380.wml delete mode 100644 danish/security/2019/dsa-4381.wml delete mode 100644 danish/security/2019/dsa-4382.wml delete mode 100644 danish/security/2019/dsa-4383.wml delete mode 100644 danish/security/2019/dsa-4384.wml delete mode 100644 danish/security/2019/dsa-4385.wml delete mode 100644 danish/security/2019/dsa-4386.wml delete mode 100644 danish/security/2019/dsa-4387.wml delete mode 100644 danish/security/2019/dsa-4388.wml delete mode 100644 danish/security/2019/dsa-4389.wml delete mode 100644 danish/security/2019/dsa-4390.wml delete mode 100644 danish/security/2019/dsa-4391.wml delete mode 100644 danish/security/2019/dsa-4392.wml delete mode 100644 danish/security/2019/dsa-4393.wml delete mode 100644 danish/security/2019/dsa-4394.wml delete mode 100644 danish/security/2019/dsa-4395.wml delete mode 100644 danish/security/2019/dsa-4396.wml delete mode 100644 danish/security/2019/dsa-4397.wml delete mode 100644 danish/security/2019/dsa-4398.wml delete mode 100644 danish/security/2019/dsa-4399.wml delete mode 100644 danish/security/2019/dsa-4400.wml delete mode 100644 danish/security/2019/dsa-4401.wml delete mode 100644 danish/security/2019/dsa-4402.wml delete mode 100644 danish/security/2019/dsa-4403.wml delete mode 100644 danish/security/2019/dsa-4404.wml delete mode 100644 danish/security/2019/dsa-4405.wml delete mode 100644 danish/security/2019/dsa-4406.wml delete mode 100644 danish/security/2019/dsa-4407.wml delete mode 100644 danish/security/2019/dsa-4408.wml delete mode 100644 danish/security/2019/dsa-4409.wml delete mode 100644 danish/security/2019/dsa-4410.wml delete mode 100644 danish/security/2019/dsa-4411.wml delete mode 100644 danish/security/2019/dsa-4412.wml delete mode 100644 danish/security/2019/dsa-4413.wml delete mode 100644 danish/security/2019/dsa-4414.wml delete mode 100644 danish/security/2019/dsa-4415.wml delete mode 100644 danish/security/2019/dsa-4416.wml delete mode 100644 danish/security/2019/dsa-4417.wml delete mode 100644 danish/security/2019/dsa-4418.wml delete mode 100644 danish/security/2019/dsa-4419.wml delete mode 100644 danish/security/2019/dsa-4420.wml delete mode 100644 danish/security/2019/dsa-4421.wml delete mode 100644 danish/security/2019/dsa-4422.wml delete mode 100644 danish/security/2019/dsa-4423.wml delete mode 100644 danish/security/2019/dsa-4424.wml delete mode 100644 danish/security/2019/dsa-4425.wml delete mode 100644 danish/security/2019/dsa-4426.wml delete mode 100644 danish/security/2019/dsa-4427.wml delete mode 100644 danish/security/2019/dsa-4428.wml delete mode 100644 danish/security/2019/dsa-4429.wml delete mode 100644 danish/security/2019/dsa-4430.wml delete mode 100644 danish/security/2019/dsa-4431.wml delete mode 100644 danish/security/2019/dsa-4432.wml delete mode 100644 danish/security/2019/dsa-4433.wml delete mode 100644 danish/security/2019/dsa-4434.wml delete mode 100644 danish/security/2019/dsa-4435.wml delete mode 100644 danish/security/2019/dsa-4436.wml delete mode 100644 danish/security/2019/dsa-4437.wml delete mode 100644 danish/security/2019/dsa-4438.wml delete mode 100644 danish/security/2019/dsa-4439.wml delete mode 100644 danish/security/2019/dsa-4440.wml delete mode 100644 danish/security/2019/dsa-4441.wml delete mode 100644 danish/security/2019/dsa-4442.wml delete mode 100644 danish/security/2019/dsa-4443.wml delete mode 100644 danish/security/2019/dsa-4444.wml delete mode 100644 danish/security/2019/dsa-4445.wml delete mode 100644 danish/security/2019/dsa-4446.wml delete mode 100644 danish/security/2019/dsa-4447.wml delete mode 100644 danish/security/2019/dsa-4448.wml delete mode 100644 danish/security/2019/dsa-4449.wml delete mode 100644 danish/security/2019/dsa-4450.wml delete mode 100644 danish/security/2019/dsa-4451.wml delete mode 100644 danish/security/2019/dsa-4452.wml delete mode 100644 danish/security/2019/dsa-4453.wml delete mode 100644 danish/security/2019/dsa-4454.wml delete mode 100644 danish/security/2019/dsa-4455.wml delete mode 100644 danish/security/2019/dsa-4456.wml delete mode 100644 danish/security/2019/dsa-4457.wml delete mode 100644 danish/security/2019/dsa-4458.wml delete mode 100644 danish/security/2019/dsa-4459.wml delete mode 100644 danish/security/2019/dsa-4460.wml delete mode 100644 danish/security/2019/dsa-4461.wml delete mode 100644 danish/security/2019/dsa-4462.wml delete mode 100644 danish/security/2019/dsa-4463.wml delete mode 100644 danish/security/2019/dsa-4464.wml delete mode 100644 danish/security/2019/dsa-4465.wml delete mode 100644 danish/security/2019/dsa-4466.wml delete mode 100644 danish/security/2019/dsa-4467.wml delete mode 100644 danish/security/2019/dsa-4468.wml delete mode 100644 danish/security/2019/dsa-4469.wml delete mode 100644 danish/security/2019/dsa-4470.wml delete mode 100644 danish/security/2019/dsa-4471.wml delete mode 100644 danish/security/2019/dsa-4472.wml delete mode 100644 danish/security/2019/dsa-4473.wml delete mode 100644 danish/security/2019/dsa-4474.wml delete mode 100644 danish/security/2019/dsa-4475.wml delete mode 100644 danish/security/2019/dsa-4476.wml delete mode 100644 danish/security/2019/dsa-4477.wml delete mode 100644 danish/security/2019/dsa-4478.wml delete mode 100644 danish/security/2019/dsa-4479.wml delete mode 100644 danish/security/2019/dsa-4480.wml delete mode 100644 danish/security/2019/dsa-4481.wml delete mode 100644 danish/security/2019/dsa-4482.wml delete mode 100644 danish/security/2019/dsa-4483.wml delete mode 100644 danish/security/2019/dsa-4484.wml delete mode 100644 danish/security/2019/dsa-4485.wml delete mode 100644 danish/security/2019/dsa-4486.wml delete mode 100644 danish/security/2019/dsa-4487.wml delete mode 100644 danish/security/2019/dsa-4488.wml delete mode 100644 danish/security/2019/dsa-4489.wml delete mode 100644 danish/security/2019/dsa-4490.wml delete mode 100644 danish/security/2019/dsa-4491.wml delete mode 100644 danish/security/2019/dsa-4492.wml delete mode 100644 danish/security/2019/dsa-4493.wml delete mode 100644 danish/security/2019/dsa-4494.wml delete mode 100644 danish/security/2019/dsa-4495.wml delete mode 100644 danish/security/2019/dsa-4496.wml delete mode 100644 danish/security/2019/dsa-4497.wml delete mode 100644 danish/security/2019/dsa-4498.wml delete mode 100644 danish/security/2019/dsa-4499.wml delete mode 100644 danish/security/2019/dsa-4500.wml delete mode 100644 danish/security/2019/dsa-4501.wml delete mode 100644 danish/security/2019/dsa-4502.wml delete mode 100644 danish/security/2019/dsa-4503.wml delete mode 100644 danish/security/2019/dsa-4504.wml delete mode 100644 danish/security/2019/dsa-4505.wml delete mode 100644 danish/security/2019/dsa-4506.wml delete mode 100644 danish/security/2019/dsa-4507.wml delete mode 100644 danish/security/2019/dsa-4508.wml delete mode 100644 danish/security/2019/dsa-4509.wml delete mode 100644 danish/security/2019/dsa-4510.wml delete mode 100644 danish/security/2019/dsa-4511.wml delete mode 100644 danish/security/2019/dsa-4512.wml delete mode 100644 danish/security/2019/dsa-4513.wml delete mode 100644 danish/security/2019/dsa-4514.wml delete mode 100644 danish/security/2019/dsa-4515.wml delete mode 100644 danish/security/2019/dsa-4516.wml delete mode 100644 danish/security/2019/dsa-4517.wml delete mode 100644 danish/security/2019/dsa-4518.wml delete mode 100644 danish/security/2019/dsa-4519.wml delete mode 100644 danish/security/2019/dsa-4520.wml delete mode 100644 danish/security/2019/dsa-4521.wml delete mode 100644 danish/security/2019/dsa-4522.wml delete mode 100644 danish/security/2019/dsa-4523.wml delete mode 100644 danish/security/2019/dsa-4524.wml delete mode 100644 danish/security/2019/dsa-4525.wml delete mode 100644 danish/security/2019/dsa-4526.wml delete mode 100644 danish/security/2019/dsa-4527.wml delete mode 100644 danish/security/2019/dsa-4528.wml delete mode 100644 danish/security/2019/dsa-4529.wml delete mode 100644 danish/security/2019/dsa-4530.wml delete mode 100644 danish/security/2019/dsa-4531.wml delete mode 100644 danish/security/2019/dsa-4532.wml delete mode 100644 danish/security/2019/dsa-4533.wml delete mode 100644 danish/security/2019/dsa-4534.wml delete mode 100644 danish/security/2019/dsa-4535.wml delete mode 100644 danish/security/2019/dsa-4536.wml delete mode 100644 danish/security/2019/dsa-4537.wml delete mode 100644 danish/security/2019/dsa-4538.wml delete mode 100644 danish/security/2019/dsa-4539.wml delete mode 100644 danish/security/2019/dsa-4540.wml delete mode 100644 danish/security/2019/dsa-4541.wml delete mode 100644 danish/security/2019/dsa-4542.wml delete mode 100644 danish/security/2019/dsa-4543.wml delete mode 100644 danish/security/2019/dsa-4544.wml delete mode 100644 danish/security/2019/dsa-4545.wml delete mode 100644 danish/security/2019/dsa-4546.wml delete mode 100644 danish/security/2019/dsa-4547.wml delete mode 100644 danish/security/2019/dsa-4548.wml delete mode 100644 danish/security/2019/dsa-4549.wml delete mode 100644 danish/security/2019/dsa-4550.wml delete mode 100644 danish/security/2019/dsa-4551.wml delete mode 100644 danish/security/2019/dsa-4552.wml delete mode 100644 danish/security/2019/dsa-4553.wml delete mode 100644 danish/security/2019/dsa-4554.wml delete mode 100644 danish/security/2019/dsa-4555.wml delete mode 100644 danish/security/2019/dsa-4556.wml delete mode 100644 danish/security/2019/dsa-4557.wml delete mode 100644 danish/security/2019/dsa-4558.wml delete mode 100644 danish/security/2019/dsa-4559.wml delete mode 100644 danish/security/2019/dsa-4560.wml delete mode 100644 danish/security/2019/dsa-4561.wml delete mode 100644 danish/security/2019/dsa-4562.wml delete mode 100644 danish/security/2019/dsa-4563.wml delete mode 100644 danish/security/2019/dsa-4564.wml delete mode 100644 danish/security/2019/dsa-4565.wml delete mode 100644 danish/security/2019/dsa-4566.wml delete mode 100644 danish/security/2019/dsa-4567.wml delete mode 100644 danish/security/2019/dsa-4568.wml delete mode 100644 danish/security/2019/dsa-4569.wml delete mode 100644 danish/security/2019/dsa-4570.wml delete mode 100644 danish/security/2019/dsa-4571.wml delete mode 100644 danish/security/2019/dsa-4572.wml delete mode 100644 danish/security/2019/dsa-4573.wml delete mode 100644 danish/security/2019/dsa-4574.wml delete mode 100644 danish/security/2019/dsa-4575.wml delete mode 100644 danish/security/2019/dsa-4576.wml delete mode 100644 danish/security/2019/dsa-4577.wml delete mode 100644 danish/security/2019/dsa-4578.wml delete mode 100644 danish/security/2019/dsa-4579.wml delete mode 100644 danish/security/2019/dsa-4580.wml delete mode 100644 danish/security/2019/dsa-4581.wml delete mode 100644 danish/security/2019/dsa-4582.wml delete mode 100644 danish/security/2019/dsa-4583.wml delete mode 100644 danish/security/2019/dsa-4584.wml delete mode 100644 danish/security/2019/dsa-4585.wml delete mode 100644 danish/security/2019/dsa-4586.wml delete mode 100644 danish/security/2019/dsa-4587.wml delete mode 100644 danish/security/2019/dsa-4588.wml delete mode 100644 danish/security/2019/dsa-4589.wml delete mode 100644 danish/security/2019/dsa-4590.wml delete mode 100644 danish/security/2019/dsa-4591.wml delete mode 100644 danish/security/2019/dsa-4592.wml delete mode 100644 danish/security/2019/dsa-4593.wml delete mode 100644 danish/security/2019/dsa-4594.wml delete mode 100644 danish/security/2019/dsa-4595.wml delete mode 100644 danish/security/2019/dsa-4596.wml delete mode 100644 danish/security/2019/index.wml delete mode 100644 danish/security/2020/Makefile delete mode 100644 danish/security/2020/dsa-4597.wml delete mode 100644 danish/security/2020/dsa-4598.wml delete mode 100644 danish/security/2020/dsa-4599.wml delete mode 100644 danish/security/2020/dsa-4600.wml delete mode 100644 danish/security/2020/dsa-4601.wml delete mode 100644 danish/security/2020/dsa-4602.wml delete mode 100644 danish/security/2020/dsa-4603.wml delete mode 100644 danish/security/2020/dsa-4604.wml delete mode 100644 danish/security/2020/dsa-4605.wml delete mode 100644 danish/security/2020/dsa-4606.wml delete mode 100644 danish/security/2020/dsa-4607.wml delete mode 100644 danish/security/2020/dsa-4608.wml delete mode 100644 danish/security/2020/dsa-4609.wml delete mode 100644 danish/security/2020/dsa-4610.wml delete mode 100644 danish/security/2020/dsa-4611.wml delete mode 100644 danish/security/2020/dsa-4612.wml delete mode 100644 danish/security/2020/dsa-4613.wml delete mode 100644 danish/security/2020/dsa-4614.wml delete mode 100644 danish/security/2020/dsa-4615.wml delete mode 100644 danish/security/2020/dsa-4616.wml delete mode 100644 danish/security/2020/dsa-4617.wml delete mode 100644 danish/security/2020/dsa-4618.wml delete mode 100644 danish/security/2020/dsa-4619.wml delete mode 100644 danish/security/2020/dsa-4620.wml delete mode 100644 danish/security/2020/dsa-4621.wml delete mode 100644 danish/security/2020/dsa-4622.wml delete mode 100644 danish/security/2020/dsa-4623.wml delete mode 100644 danish/security/2020/dsa-4624.wml delete mode 100644 danish/security/2020/dsa-4625.wml delete mode 100644 danish/security/2020/dsa-4626.wml delete mode 100644 danish/security/2020/dsa-4627.wml delete mode 100644 danish/security/2020/dsa-4628.wml delete mode 100644 danish/security/2020/dsa-4629.wml delete mode 100644 danish/security/2020/dsa-4630.wml delete mode 100644 danish/security/2020/dsa-4631.wml delete mode 100644 danish/security/2020/dsa-4632.wml delete mode 100644 danish/security/2020/dsa-4633.wml delete mode 100644 danish/security/2020/dsa-4634.wml delete mode 100644 danish/security/2020/dsa-4635.wml delete mode 100644 danish/security/2020/dsa-4636.wml delete mode 100644 danish/security/2020/dsa-4637.wml delete mode 100644 danish/security/2020/dsa-4638.wml delete mode 100644 danish/security/2020/dsa-4639.wml delete mode 100644 danish/security/2020/dsa-4640.wml delete mode 100644 danish/security/2020/dsa-4641.wml delete mode 100644 danish/security/2020/dsa-4642.wml delete mode 100644 danish/security/2020/dsa-4643.wml delete mode 100644 danish/security/2020/dsa-4644.wml delete mode 100644 danish/security/2020/dsa-4645.wml delete mode 100644 danish/security/2020/dsa-4646.wml delete mode 100644 danish/security/2020/dsa-4647.wml delete mode 100644 danish/security/2020/dsa-4648.wml delete mode 100644 danish/security/2020/dsa-4649.wml delete mode 100644 danish/security/2020/dsa-4650.wml delete mode 100644 danish/security/2020/dsa-4651.wml delete mode 100644 danish/security/2020/dsa-4652.wml delete mode 100644 danish/security/2020/dsa-4653.wml delete mode 100644 danish/security/2020/dsa-4654.wml delete mode 100644 danish/security/2020/dsa-4655.wml delete mode 100644 danish/security/2020/dsa-4656.wml delete mode 100644 danish/security/2020/dsa-4657.wml delete mode 100644 danish/security/2020/dsa-4658.wml delete mode 100644 danish/security/2020/dsa-4659.wml delete mode 100644 danish/security/2020/dsa-4660.wml delete mode 100644 danish/security/2020/dsa-4661.wml delete mode 100644 danish/security/2020/dsa-4662.wml delete mode 100644 danish/security/2020/dsa-4663.wml delete mode 100644 danish/security/2020/dsa-4664.wml delete mode 100644 danish/security/2020/dsa-4665.wml delete mode 100644 danish/security/2020/dsa-4666.wml delete mode 100644 danish/security/2020/dsa-4667.wml delete mode 100644 danish/security/2020/dsa-4668.wml delete mode 100644 danish/security/2020/dsa-4669.wml delete mode 100644 danish/security/2020/dsa-4670.wml delete mode 100644 danish/security/2020/dsa-4671.wml delete mode 100644 danish/security/2020/dsa-4672.wml delete mode 100644 danish/security/2020/dsa-4673.wml delete mode 100644 danish/security/2020/dsa-4674.wml delete mode 100644 danish/security/2020/dsa-4675.wml delete mode 100644 danish/security/2020/dsa-4676.wml delete mode 100644 danish/security/2020/dsa-4677.wml delete mode 100644 danish/security/2020/dsa-4678.wml delete mode 100644 danish/security/2020/dsa-4679.wml delete mode 100644 danish/security/2020/dsa-4680.wml delete mode 100644 danish/security/2020/dsa-4681.wml delete mode 100644 danish/security/2020/dsa-4682.wml delete mode 100644 danish/security/2020/dsa-4683.wml delete mode 100644 danish/security/2020/dsa-4684.wml delete mode 100644 danish/security/2020/dsa-4685.wml delete mode 100644 danish/security/2020/dsa-4686.wml delete mode 100644 danish/security/2020/dsa-4687.wml delete mode 100644 danish/security/2020/dsa-4688.wml delete mode 100644 danish/security/2020/dsa-4689.wml delete mode 100644 danish/security/2020/dsa-4690.wml delete mode 100644 danish/security/2020/dsa-4691.wml delete mode 100644 danish/security/2020/dsa-4692.wml delete mode 100644 danish/security/2020/dsa-4693.wml delete mode 100644 danish/security/2020/dsa-4694.wml delete mode 100644 danish/security/2020/dsa-4695.wml delete mode 100644 danish/security/2020/dsa-4696.wml delete mode 100644 danish/security/2020/dsa-4697.wml delete mode 100644 danish/security/2020/dsa-4698.wml delete mode 100644 danish/security/2020/dsa-4699.wml delete mode 100644 danish/security/2020/dsa-4700.wml delete mode 100644 danish/security/2020/dsa-4701.wml delete mode 100644 danish/security/2020/dsa-4702.wml delete mode 100644 danish/security/2020/dsa-4703.wml delete mode 100644 danish/security/2020/dsa-4704.wml delete mode 100644 danish/security/2020/dsa-4705.wml delete mode 100644 danish/security/2020/dsa-4706.wml delete mode 100644 danish/security/2020/dsa-4707.wml delete mode 100644 danish/security/2020/dsa-4708.wml delete mode 100644 danish/security/2020/dsa-4709.wml delete mode 100644 danish/security/2020/dsa-4710.wml delete mode 100644 danish/security/2020/dsa-4711.wml delete mode 100644 danish/security/2020/dsa-4712.wml delete mode 100644 danish/security/2020/dsa-4713.wml delete mode 100644 danish/security/2020/dsa-4714.wml delete mode 100644 danish/security/2020/dsa-4715.wml delete mode 100644 danish/security/2020/dsa-4716.wml delete mode 100644 danish/security/2020/dsa-4717.wml delete mode 100644 danish/security/2020/dsa-4718.wml delete mode 100644 danish/security/2020/dsa-4719.wml delete mode 100644 danish/security/2020/dsa-4720.wml delete mode 100644 danish/security/2020/dsa-4721.wml delete mode 100644 danish/security/2020/dsa-4722.wml delete mode 100644 danish/security/2020/dsa-4723.wml delete mode 100644 danish/security/2020/dsa-4724.wml delete mode 100644 danish/security/2020/dsa-4725.wml delete mode 100644 danish/security/2020/dsa-4726.wml delete mode 100644 danish/security/2020/dsa-4727.wml delete mode 100644 danish/security/2020/dsa-4728.wml delete mode 100644 danish/security/2020/dsa-4729.wml delete mode 100644 danish/security/2020/dsa-4730.wml delete mode 100644 danish/security/2020/dsa-4731.wml delete mode 100644 danish/security/2020/dsa-4732.wml delete mode 100644 danish/security/2020/dsa-4733.wml delete mode 100644 danish/security/2020/dsa-4734.wml delete mode 100644 danish/security/2020/dsa-4735.wml delete mode 100644 danish/security/2020/dsa-4736.wml delete mode 100644 danish/security/2020/dsa-4737.wml delete mode 100644 danish/security/2020/dsa-4738.wml delete mode 100644 danish/security/2020/dsa-4739.wml delete mode 100644 danish/security/2020/dsa-4740.wml delete mode 100644 danish/security/2020/dsa-4741.wml delete mode 100644 danish/security/2020/dsa-4742.wml delete mode 100644 danish/security/2020/dsa-4743.wml delete mode 100644 danish/security/2020/dsa-4744.wml delete mode 100644 danish/security/2020/dsa-4745.wml delete mode 100644 danish/security/2020/dsa-4746.wml delete mode 100644 danish/security/2020/dsa-4747.wml delete mode 100644 danish/security/2020/dsa-4748.wml delete mode 100644 danish/security/2020/dsa-4749.wml delete mode 100644 danish/security/2020/dsa-4750.wml delete mode 100644 danish/security/2020/dsa-4751.wml delete mode 100644 danish/security/2020/dsa-4752.wml delete mode 100644 danish/security/2020/dsa-4753.wml delete mode 100644 danish/security/2020/dsa-4754.wml delete mode 100644 danish/security/2020/dsa-4755.wml delete mode 100644 danish/security/2020/dsa-4756.wml delete mode 100644 danish/security/2020/dsa-4757.wml delete mode 100644 danish/security/2020/dsa-4758.wml delete mode 100644 danish/security/2020/dsa-4759.wml delete mode 100644 danish/security/2020/dsa-4760.wml delete mode 100644 danish/security/2020/dsa-4761.wml delete mode 100644 danish/security/2020/dsa-4762.wml delete mode 100644 danish/security/2020/dsa-4763.wml delete mode 100644 danish/security/2020/dsa-4764.wml delete mode 100644 danish/security/2020/dsa-4765.wml delete mode 100644 danish/security/2020/dsa-4766.wml delete mode 100644 danish/security/2020/dsa-4767.wml delete mode 100644 danish/security/2020/dsa-4768.wml delete mode 100644 danish/security/2020/dsa-4769.wml delete mode 100644 danish/security/2020/dsa-4770.wml delete mode 100644 danish/security/2020/dsa-4771.wml delete mode 100644 danish/security/2020/dsa-4772.wml delete mode 100644 danish/security/2020/dsa-4773.wml delete mode 100644 danish/security/2020/dsa-4774.wml delete mode 100644 danish/security/2020/dsa-4775.wml delete mode 100644 danish/security/2020/dsa-4776.wml delete mode 100644 danish/security/2020/dsa-4777.wml delete mode 100644 danish/security/2020/dsa-4778.wml delete mode 100644 danish/security/2020/dsa-4779.wml delete mode 100644 danish/security/2020/dsa-4780.wml delete mode 100644 danish/security/2020/dsa-4781.wml delete mode 100644 danish/security/2020/dsa-4782.wml delete mode 100644 danish/security/2020/dsa-4783.wml delete mode 100644 danish/security/2020/dsa-4784.wml delete mode 100644 danish/security/2020/dsa-4785.wml delete mode 100644 danish/security/2020/dsa-4786.wml delete mode 100644 danish/security/2020/dsa-4787.wml delete mode 100644 danish/security/2020/dsa-4788.wml delete mode 100644 danish/security/2020/dsa-4789.wml delete mode 100644 danish/security/2020/dsa-4790.wml delete mode 100644 danish/security/2020/dsa-4791.wml delete mode 100644 danish/security/2020/dsa-4792.wml delete mode 100644 danish/security/2020/dsa-4793.wml delete mode 100644 danish/security/2020/dsa-4794.wml delete mode 100644 danish/security/2020/dsa-4795.wml delete mode 100644 danish/security/2020/dsa-4796.wml delete mode 100644 danish/security/2020/dsa-4797.wml delete mode 100644 danish/security/2020/dsa-4798.wml delete mode 100644 danish/security/2020/dsa-4799.wml delete mode 100644 danish/security/2020/dsa-4800.wml delete mode 100644 danish/security/2020/dsa-4801.wml delete mode 100644 danish/security/2020/dsa-4802.wml delete mode 100644 danish/security/2020/dsa-4803.wml delete mode 100644 danish/security/2020/dsa-4804.wml delete mode 100644 danish/security/2020/dsa-4805.wml delete mode 100644 danish/security/2020/dsa-4806.wml delete mode 100644 danish/security/2020/dsa-4807.wml delete mode 100644 danish/security/2020/dsa-4808.wml delete mode 100644 danish/security/2020/dsa-4809.wml delete mode 100644 danish/security/2020/dsa-4810.wml delete mode 100644 danish/security/2020/dsa-4811.wml delete mode 100644 danish/security/2020/dsa-4812.wml delete mode 100644 danish/security/2020/dsa-4813.wml delete mode 100644 danish/security/2020/dsa-4814.wml delete mode 100644 danish/security/2020/dsa-4815.wml delete mode 100644 danish/security/2020/dsa-4816.wml delete mode 100644 danish/security/2020/dsa-4817.wml delete mode 100644 danish/security/2020/dsa-4818.wml delete mode 100644 danish/security/2020/dsa-4819.wml delete mode 100644 danish/security/2020/dsa-4820.wml delete mode 100644 danish/security/2020/dsa-4821.wml delete mode 100644 danish/security/2020/index.wml delete mode 100644 danish/security/2021/Makefile delete mode 100644 danish/security/2021/dsa-4822.wml delete mode 100644 danish/security/2021/dsa-4823.wml delete mode 100644 danish/security/2021/dsa-4824.wml delete mode 100644 danish/security/2021/dsa-4825.wml delete mode 100644 danish/security/2021/dsa-4826.wml delete mode 100644 danish/security/2021/dsa-4827.wml delete mode 100644 danish/security/2021/dsa-4828.wml delete mode 100644 danish/security/2021/dsa-4829.wml delete mode 100644 danish/security/2021/dsa-4830.wml delete mode 100644 danish/security/2021/dsa-4831.wml delete mode 100644 danish/security/2021/dsa-4832.wml delete mode 100644 danish/security/2021/dsa-4833.wml delete mode 100644 danish/security/2021/dsa-4834.wml delete mode 100644 danish/security/2021/dsa-4835.wml delete mode 100644 danish/security/2021/dsa-4836.wml delete mode 100644 danish/security/2021/dsa-4837.wml delete mode 100644 danish/security/2021/dsa-4838.wml delete mode 100644 danish/security/2021/dsa-4839.wml delete mode 100644 danish/security/2021/dsa-4840.wml delete mode 100644 danish/security/2021/dsa-4841.wml delete mode 100644 danish/security/2021/dsa-4842.wml delete mode 100644 danish/security/2021/dsa-4843.wml delete mode 100644 danish/security/2021/dsa-4844.wml delete mode 100644 danish/security/2021/dsa-4845.wml delete mode 100644 danish/security/2021/dsa-4846.wml delete mode 100644 danish/security/2021/dsa-4847.wml delete mode 100644 danish/security/2021/dsa-4848.wml delete mode 100644 danish/security/2021/dsa-4849.wml delete mode 100644 danish/security/2021/dsa-4850.wml delete mode 100644 danish/security/2021/dsa-4851.wml delete mode 100644 danish/security/2021/dsa-4852.wml delete mode 100644 danish/security/2021/dsa-4853.wml delete mode 100644 danish/security/2021/dsa-4854.wml delete mode 100644 danish/security/2021/dsa-4855.wml delete mode 100644 danish/security/2021/dsa-4856.wml delete mode 100644 danish/security/2021/dsa-4857.wml delete mode 100644 danish/security/2021/dsa-4858.wml delete mode 100644 danish/security/2021/dsa-4859.wml delete mode 100644 danish/security/2021/dsa-4860.wml delete mode 100644 danish/security/2021/dsa-4861.wml delete mode 100644 danish/security/2021/dsa-4862.wml delete mode 100644 danish/security/2021/dsa-4863.wml delete mode 100644 danish/security/2021/dsa-4864.wml delete mode 100644 danish/security/2021/dsa-4865.wml delete mode 100644 danish/security/2021/dsa-4866.wml delete mode 100644 danish/security/2021/dsa-4867.wml delete mode 100644 danish/security/2021/dsa-4868.wml delete mode 100644 danish/security/2021/dsa-4869.wml delete mode 100644 danish/security/2021/dsa-4870.wml delete mode 100644 danish/security/2021/dsa-4871.wml delete mode 100644 danish/security/2021/dsa-4872.wml delete mode 100644 danish/security/2021/dsa-4873.wml delete mode 100644 danish/security/2021/dsa-4874.wml delete mode 100644 danish/security/2021/dsa-4875.wml delete mode 100644 danish/security/2021/dsa-4876.wml delete mode 100644 danish/security/2021/dsa-4877.wml delete mode 100644 danish/security/2021/dsa-4878.wml delete mode 100644 danish/security/2021/dsa-4879.wml delete mode 100644 danish/security/2021/dsa-4880.wml delete mode 100644 danish/security/2021/dsa-4881.wml delete mode 100644 danish/security/2021/dsa-4882.wml delete mode 100644 danish/security/2021/dsa-4883.wml delete mode 100644 danish/security/2021/dsa-4884.wml delete mode 100644 danish/security/2021/dsa-4885.wml delete mode 100644 danish/security/2021/dsa-4886.wml delete mode 100644 danish/security/2021/dsa-4887.wml delete mode 100644 danish/security/2021/dsa-4888.wml delete mode 100644 danish/security/2021/dsa-4889.wml delete mode 100644 danish/security/2021/dsa-4890.wml delete mode 100644 danish/security/2021/dsa-4891.wml delete mode 100644 danish/security/2021/dsa-4892.wml delete mode 100644 danish/security/2021/dsa-4893.wml delete mode 100644 danish/security/2021/dsa-4894.wml delete mode 100644 danish/security/2021/dsa-4895.wml delete mode 100644 danish/security/2021/dsa-4896.wml delete mode 100644 danish/security/2021/dsa-4897.wml delete mode 100644 danish/security/2021/dsa-4898.wml delete mode 100644 danish/security/2021/dsa-4899.wml delete mode 100644 danish/security/2021/dsa-4900.wml delete mode 100644 danish/security/2021/dsa-4901.wml delete mode 100644 danish/security/2021/dsa-4902.wml delete mode 100644 danish/security/2021/dsa-4903.wml delete mode 100644 danish/security/2021/dsa-4904.wml delete mode 100644 danish/security/2021/dsa-4905.wml delete mode 100644 danish/security/2021/dsa-4906.wml delete mode 100644 danish/security/2021/dsa-4907.wml delete mode 100644 danish/security/2021/dsa-4908.wml delete mode 100644 danish/security/2021/dsa-4909.wml delete mode 100644 danish/security/2021/dsa-4910.wml delete mode 100644 danish/security/2021/dsa-4911.wml delete mode 100644 danish/security/2021/dsa-4912.wml delete mode 100644 danish/security/2021/dsa-4913.wml delete mode 100644 danish/security/2021/dsa-4914.wml delete mode 100644 danish/security/2021/dsa-4915.wml delete mode 100644 danish/security/2021/dsa-4916.wml delete mode 100644 danish/security/2021/dsa-4917.wml delete mode 100644 danish/security/2021/dsa-4918.wml delete mode 100644 danish/security/2021/dsa-4919.wml delete mode 100644 danish/security/2021/dsa-4920.wml delete mode 100644 danish/security/2021/dsa-4921.wml delete mode 100644 danish/security/2021/dsa-4922.wml delete mode 100644 danish/security/2021/dsa-4923.wml delete mode 100644 danish/security/2021/dsa-4924.wml delete mode 100644 danish/security/2021/dsa-4925.wml delete mode 100644 danish/security/2021/dsa-4926.wml delete mode 100644 danish/security/2021/dsa-4927.wml delete mode 100644 danish/security/2021/dsa-4928.wml delete mode 100644 danish/security/2021/dsa-4929.wml delete mode 100644 danish/security/2021/dsa-4930.wml delete mode 100644 danish/security/2021/dsa-4931.wml delete mode 100644 danish/security/2021/dsa-4932.wml delete mode 100644 danish/security/2021/dsa-4933.wml delete mode 100644 danish/security/2021/dsa-4934.wml delete mode 100644 danish/security/2021/dsa-4935.wml delete mode 100644 danish/security/2021/dsa-4936.wml delete mode 100644 danish/security/2021/dsa-4937.wml delete mode 100644 danish/security/2021/dsa-4938.wml delete mode 100644 danish/security/2021/dsa-4939.wml delete mode 100644 danish/security/2021/dsa-4940.wml delete mode 100644 danish/security/2021/dsa-4941.wml delete mode 100644 danish/security/2021/dsa-4942.wml delete mode 100644 danish/security/2021/dsa-4943.wml delete mode 100644 danish/security/2021/dsa-4944.wml delete mode 100644 danish/security/2021/dsa-4945.wml delete mode 100644 danish/security/2021/dsa-4946.wml delete mode 100644 danish/security/2021/dsa-4947.wml delete mode 100644 danish/security/2021/dsa-4948.wml delete mode 100644 danish/security/2021/dsa-4949.wml delete mode 100644 danish/security/2021/dsa-4950.wml delete mode 100644 danish/security/2021/dsa-4951.wml delete mode 100644 danish/security/2021/dsa-4952.wml delete mode 100644 danish/security/2021/dsa-4953.wml delete mode 100644 danish/security/2021/dsa-4954.wml delete mode 100644 danish/security/2021/dsa-4955.wml delete mode 100644 danish/security/2021/dsa-4956.wml delete mode 100644 danish/security/2021/dsa-4957.wml delete mode 100644 danish/security/2021/dsa-4958.wml delete mode 100644 danish/security/2021/dsa-4959.wml delete mode 100644 danish/security/2021/dsa-4960.wml delete mode 100644 danish/security/2021/dsa-4961.wml delete mode 100644 danish/security/2021/dsa-4962.wml delete mode 100644 danish/security/2021/dsa-4963.wml delete mode 100644 danish/security/2021/dsa-4964.wml delete mode 100644 danish/security/2021/dsa-4965.wml delete mode 100644 danish/security/2021/dsa-4966.wml delete mode 100644 danish/security/2021/dsa-4967.wml delete mode 100644 danish/security/2021/dsa-4968.wml delete mode 100644 danish/security/2021/dsa-4969.wml delete mode 100644 danish/security/2021/dsa-4970.wml delete mode 100644 danish/security/2021/dsa-4971.wml delete mode 100644 danish/security/2021/dsa-4972.wml delete mode 100644 danish/security/2021/dsa-4973.wml delete mode 100644 danish/security/2021/dsa-4974.wml delete mode 100644 danish/security/2021/dsa-4975.wml delete mode 100644 danish/security/2021/dsa-4976.wml delete mode 100644 danish/security/2021/dsa-4977.wml delete mode 100644 danish/security/2021/dsa-4978.wml delete mode 100644 danish/security/2021/dsa-4979.wml delete mode 100644 danish/security/2021/dsa-4980.wml delete mode 100644 danish/security/2021/dsa-4981.wml delete mode 100644 danish/security/2021/dsa-4982.wml delete mode 100644 danish/security/2021/dsa-4983.wml delete mode 100644 danish/security/2021/dsa-4984.wml delete mode 100644 danish/security/2021/dsa-4985.wml delete mode 100644 danish/security/2021/dsa-4986.wml delete mode 100644 danish/security/2021/dsa-4987.wml delete mode 100644 danish/security/2021/dsa-4988.wml delete mode 100644 danish/security/2021/dsa-4989.wml delete mode 100644 danish/security/2021/dsa-4990.wml delete mode 100644 danish/security/2021/dsa-4991.wml delete mode 100644 danish/security/2021/dsa-4992.wml delete mode 100644 danish/security/2021/dsa-4993.wml delete mode 100644 danish/security/2021/dsa-4994.wml delete mode 100644 danish/security/2021/dsa-4995.wml delete mode 100644 danish/security/2021/dsa-4996.wml delete mode 100644 danish/security/2021/dsa-4997.wml delete mode 100644 danish/security/2021/dsa-4998.wml delete mode 100644 danish/security/2021/dsa-4999.wml delete mode 100644 danish/security/2021/dsa-5000.wml delete mode 100644 danish/security/2021/dsa-5001.wml delete mode 100644 danish/security/2021/dsa-5002.wml delete mode 100644 danish/security/2021/dsa-5003.wml delete mode 100644 danish/security/2021/dsa-5004.wml delete mode 100644 danish/security/2021/dsa-5005.wml delete mode 100644 danish/security/2021/dsa-5006.wml delete mode 100644 danish/security/2021/dsa-5007.wml delete mode 100644 danish/security/2021/dsa-5008.wml delete mode 100644 danish/security/2021/dsa-5009.wml delete mode 100644 danish/security/2021/dsa-5010.wml delete mode 100644 danish/security/2021/dsa-5011.wml delete mode 100644 danish/security/2021/dsa-5012.wml delete mode 100644 danish/security/2021/dsa-5013.wml delete mode 100644 danish/security/2021/dsa-5014.wml delete mode 100644 danish/security/2021/dsa-5015.wml delete mode 100644 danish/security/2021/dsa-5016.wml delete mode 100644 danish/security/2021/dsa-5017.wml delete mode 100644 danish/security/2021/dsa-5018.wml delete mode 100644 danish/security/2021/dsa-5019.wml delete mode 100644 danish/security/2021/dsa-5020.wml delete mode 100644 danish/security/2021/dsa-5021.wml delete mode 100644 danish/security/2021/dsa-5022.wml delete mode 100644 danish/security/2021/dsa-5023.wml delete mode 100644 danish/security/2021/dsa-5024.wml delete mode 100644 danish/security/2021/dsa-5025.wml delete mode 100644 danish/security/2021/dsa-5026.wml delete mode 100644 danish/security/2021/dsa-5027.wml delete mode 100644 danish/security/2021/dsa-5028.wml delete mode 100644 danish/security/2021/dsa-5029.wml delete mode 100644 danish/security/2021/dsa-5030.wml delete mode 100644 danish/security/2021/dsa-5031.wml delete mode 100644 danish/security/2021/dsa-5032.wml delete mode 100644 danish/security/2021/dsa-5033.wml delete mode 100644 danish/security/2021/index.wml delete mode 100644 danish/security/2022/Makefile delete mode 100644 danish/security/2022/dsa-5034.wml delete mode 100644 danish/security/2022/dsa-5035.wml delete mode 100644 danish/security/2022/dsa-5036.wml delete mode 100644 danish/security/2022/dsa-5037.wml delete mode 100644 danish/security/2022/dsa-5038.wml delete mode 100644 danish/security/2022/dsa-5039.wml delete mode 100644 danish/security/2022/dsa-5040.wml delete mode 100644 danish/security/2022/dsa-5041.wml delete mode 100644 danish/security/2022/dsa-5042.wml delete mode 100644 danish/security/2022/dsa-5043.wml delete mode 100644 danish/security/2022/dsa-5044.wml delete mode 100644 danish/security/2022/dsa-5045.wml delete mode 100644 danish/security/2022/dsa-5046.wml delete mode 100644 danish/security/2022/dsa-5047.wml delete mode 100644 danish/security/2022/dsa-5048.wml delete mode 100644 danish/security/2022/dsa-5049.wml delete mode 100644 danish/security/2022/dsa-5050.wml delete mode 100644 danish/security/2022/dsa-5051.wml delete mode 100644 danish/security/2022/dsa-5052.wml delete mode 100644 danish/security/2022/dsa-5053.wml delete mode 100644 danish/security/2022/dsa-5054.wml delete mode 100644 danish/security/2022/dsa-5055.wml delete mode 100644 danish/security/2022/dsa-5056.wml delete mode 100644 danish/security/2022/dsa-5057.wml delete mode 100644 danish/security/2022/dsa-5058.wml delete mode 100644 danish/security/2022/dsa-5059.wml delete mode 100644 danish/security/2022/dsa-5060.wml delete mode 100644 danish/security/2022/dsa-5061.wml delete mode 100644 danish/security/2022/dsa-5062.wml delete mode 100644 danish/security/2022/dsa-5063.wml delete mode 100644 danish/security/2022/dsa-5064.wml delete mode 100644 danish/security/2022/dsa-5065.wml delete mode 100644 danish/security/2022/dsa-5066.wml delete mode 100644 danish/security/2022/dsa-5067.wml delete mode 100644 danish/security/2022/dsa-5068.wml delete mode 100644 danish/security/2022/dsa-5069.wml delete mode 100644 danish/security/2022/dsa-5070.wml delete mode 100644 danish/security/2022/dsa-5071.wml delete mode 100644 danish/security/2022/dsa-5072.wml delete mode 100644 danish/security/2022/dsa-5073.wml delete mode 100644 danish/security/2022/dsa-5074.wml delete mode 100644 danish/security/2022/dsa-5075.wml delete mode 100644 danish/security/2022/dsa-5076.wml delete mode 100644 danish/security/2022/dsa-5077.wml delete mode 100644 danish/security/2022/dsa-5078.wml delete mode 100644 danish/security/2022/dsa-5079.wml delete mode 100644 danish/security/2022/dsa-5080.wml delete mode 100644 danish/security/2022/dsa-5081.wml delete mode 100644 danish/security/2022/dsa-5082.wml delete mode 100644 danish/security/2022/dsa-5083.wml delete mode 100644 danish/security/2022/dsa-5084.wml delete mode 100644 danish/security/2022/dsa-5085.wml delete mode 100644 danish/security/2022/dsa-5086.wml delete mode 100644 danish/security/2022/dsa-5087.wml delete mode 100644 danish/security/2022/dsa-5088.wml delete mode 100644 danish/security/2022/dsa-5089.wml delete mode 100644 danish/security/2022/dsa-5090.wml delete mode 100644 danish/security/2022/dsa-5091.wml delete mode 100644 danish/security/2022/dsa-5092.wml delete mode 100644 danish/security/2022/dsa-5093.wml delete mode 100644 danish/security/2022/dsa-5094.wml delete mode 100644 danish/security/2022/dsa-5095.wml delete mode 100644 danish/security/2022/dsa-5096.wml delete mode 100644 danish/security/2022/dsa-5097.wml delete mode 100644 danish/security/2022/dsa-5098.wml delete mode 100644 danish/security/2022/dsa-5099.wml delete mode 100644 danish/security/2022/dsa-5100.wml delete mode 100644 danish/security/2022/dsa-5101.wml delete mode 100644 danish/security/2022/dsa-5102.wml delete mode 100644 danish/security/2022/dsa-5103.wml delete mode 100644 danish/security/2022/dsa-5104.wml delete mode 100644 danish/security/2022/dsa-5105.wml delete mode 100644 danish/security/2022/dsa-5106.wml delete mode 100644 danish/security/2022/dsa-5107.wml delete mode 100644 danish/security/2022/dsa-5108.wml delete mode 100644 danish/security/2022/dsa-5109.wml delete mode 100644 danish/security/2022/dsa-5110.wml delete mode 100644 danish/security/2022/dsa-5111.wml delete mode 100644 danish/security/2022/dsa-5112.wml delete mode 100644 danish/security/2022/dsa-5113.wml delete mode 100644 danish/security/2022/dsa-5114.wml delete mode 100644 danish/security/2022/dsa-5115.wml delete mode 100644 danish/security/2022/dsa-5116.wml delete mode 100644 danish/security/2022/dsa-5117.wml delete mode 100644 danish/security/2022/dsa-5118.wml delete mode 100644 danish/security/2022/dsa-5119.wml delete mode 100644 danish/security/2022/dsa-5120.wml delete mode 100644 danish/security/2022/dsa-5121.wml delete mode 100644 danish/security/2022/dsa-5122.wml delete mode 100644 danish/security/2022/dsa-5123.wml delete mode 100644 danish/security/2022/dsa-5124.wml delete mode 100644 danish/security/2022/dsa-5125.wml delete mode 100644 danish/security/2022/dsa-5126.wml delete mode 100644 danish/security/2022/dsa-5127.wml delete mode 100644 danish/security/2022/dsa-5128.wml delete mode 100644 danish/security/2022/dsa-5129.wml delete mode 100644 danish/security/2022/dsa-5130.wml delete mode 100644 danish/security/2022/dsa-5131.wml delete mode 100644 danish/security/2022/dsa-5132.wml delete mode 100644 danish/security/2022/dsa-5133.wml delete mode 100644 danish/security/2022/dsa-5134.wml delete mode 100644 danish/security/2022/dsa-5135.wml delete mode 100644 danish/security/2022/dsa-5136.wml delete mode 100644 danish/security/2022/dsa-5137.wml delete mode 100644 danish/security/2022/dsa-5138.wml delete mode 100644 danish/security/2022/dsa-5139.wml delete mode 100644 danish/security/2022/dsa-5140.wml delete mode 100644 danish/security/2022/dsa-5141.wml delete mode 100644 danish/security/2022/dsa-5142.wml delete mode 100644 danish/security/2022/dsa-5143.wml delete mode 100644 danish/security/2022/dsa-5144.wml delete mode 100644 danish/security/2022/dsa-5145.wml delete mode 100644 danish/security/2022/dsa-5146.wml delete mode 100644 danish/security/2022/dsa-5147.wml delete mode 100644 danish/security/2022/dsa-5148.wml delete mode 100644 danish/security/2022/dsa-5149.wml delete mode 100644 danish/security/2022/dsa-5150.wml delete mode 100644 danish/security/2022/dsa-5151.wml delete mode 100644 danish/security/2022/dsa-5152.wml delete mode 100644 danish/security/2022/dsa-5153.wml delete mode 100644 danish/security/2022/dsa-5154.wml delete mode 100644 danish/security/2022/dsa-5155.wml delete mode 100644 danish/security/2022/dsa-5156.wml delete mode 100644 danish/security/2022/dsa-5157.wml delete mode 100644 danish/security/2022/dsa-5158.wml delete mode 100644 danish/security/2022/dsa-5159.wml delete mode 100644 danish/security/2022/dsa-5160.wml delete mode 100644 danish/security/2022/dsa-5161.wml delete mode 100644 danish/security/2022/dsa-5162.wml delete mode 100644 danish/security/2022/dsa-5163.wml delete mode 100644 danish/security/2022/dsa-5164.wml delete mode 100644 danish/security/2022/dsa-5165.wml delete mode 100644 danish/security/2022/dsa-5166.wml delete mode 100644 danish/security/2022/dsa-5167.wml delete mode 100644 danish/security/2022/dsa-5168.wml delete mode 100644 danish/security/2022/dsa-5169.wml delete mode 100644 danish/security/2022/dsa-5170.wml delete mode 100644 danish/security/2022/dsa-5171.wml delete mode 100644 danish/security/2022/dsa-5172.wml delete mode 100644 danish/security/2022/dsa-5173.wml delete mode 100644 danish/security/2022/dsa-5174.wml delete mode 100644 danish/security/2022/dsa-5177.wml delete mode 100644 danish/security/2022/dsa-5178.wml delete mode 100644 danish/security/2022/dsa-5179.wml delete mode 100644 danish/security/2022/dsa-5180.wml delete mode 100644 danish/security/2022/dsa-5181.wml delete mode 100644 danish/security/2022/dsa-5182.wml delete mode 100644 danish/security/2022/dsa-5183.wml delete mode 100644 danish/security/2022/dsa-5184.wml delete mode 100644 danish/security/2022/dsa-5185.wml delete mode 100644 danish/security/2022/dsa-5186.wml delete mode 100644 danish/security/2022/dsa-5187.wml delete mode 100644 danish/security/2022/dsa-5188.wml delete mode 100644 danish/security/2022/dsa-5189.wml delete mode 100644 danish/security/2022/dsa-5190.wml delete mode 100644 danish/security/2022/dsa-5191.wml delete mode 100644 danish/security/2022/dsa-5192.wml delete mode 100644 danish/security/2022/dsa-5193.wml delete mode 100644 danish/security/2022/dsa-5194.wml delete mode 100644 danish/security/2022/dsa-5195.wml delete mode 100644 danish/security/2022/dsa-5196.wml delete mode 100644 danish/security/2022/dsa-5197.wml delete mode 100644 danish/security/2022/dsa-5198.wml delete mode 100644 danish/security/2022/dsa-5199.wml delete mode 100644 danish/security/2022/dsa-5200.wml delete mode 100644 danish/security/2022/dsa-5201.wml delete mode 100644 danish/security/2022/dsa-5202.wml delete mode 100644 danish/security/2022/dsa-5203.wml delete mode 100644 danish/security/2022/dsa-5204.wml delete mode 100644 danish/security/2022/dsa-5205.wml delete mode 100644 danish/security/2022/dsa-5206.wml delete mode 100644 danish/security/2022/dsa-5207.wml delete mode 100644 danish/security/2022/dsa-5208.wml delete mode 100644 danish/security/2022/dsa-5209.wml delete mode 100644 danish/security/2022/dsa-5210.wml delete mode 100644 danish/security/2022/dsa-5211.wml delete mode 100644 danish/security/2022/dsa-5212.wml delete mode 100644 danish/security/2022/dsa-5213.wml delete mode 100644 danish/security/2022/dsa-5214.wml delete mode 100644 danish/security/2022/dsa-5215.wml delete mode 100644 danish/security/2022/dsa-5216.wml delete mode 100644 danish/security/2022/dsa-5217.wml delete mode 100644 danish/security/2022/dsa-5218.wml delete mode 100644 danish/security/2022/dsa-5219.wml delete mode 100644 danish/security/2022/dsa-5220.wml delete mode 100644 danish/security/2022/dsa-5221.wml delete mode 100644 danish/security/2022/dsa-5222.wml delete mode 100644 danish/security/2022/dsa-5223.wml delete mode 100644 danish/security/2022/dsa-5224.wml delete mode 100644 danish/security/2022/dsa-5225.wml delete mode 100644 danish/security/2022/dsa-5226.wml delete mode 100644 danish/security/2022/dsa-5227.wml delete mode 100644 danish/security/2022/dsa-5228.wml delete mode 100644 danish/security/2022/dsa-5229.wml delete mode 100644 danish/security/2022/dsa-5230.wml delete mode 100644 danish/security/2022/dsa-5231.wml delete mode 100644 danish/security/2022/dsa-5232.wml delete mode 100644 danish/security/2022/dsa-5233.wml delete mode 100644 danish/security/2022/dsa-5234.wml delete mode 100644 danish/security/2022/dsa-5235.wml delete mode 100644 danish/security/2022/dsa-5236.wml delete mode 100644 danish/security/2022/dsa-5237.wml delete mode 100644 danish/security/2022/dsa-5238.wml delete mode 100644 danish/security/2022/dsa-5239.wml delete mode 100644 danish/security/2022/dsa-5240.wml delete mode 100644 danish/security/2022/dsa-5241.wml delete mode 100644 danish/security/2022/dsa-5242.wml delete mode 100644 danish/security/2022/dsa-5243.wml delete mode 100644 danish/security/2022/dsa-5244.wml delete mode 100644 danish/security/2022/dsa-5245.wml delete mode 100644 danish/security/2022/dsa-5246.wml delete mode 100644 danish/security/2022/dsa-5247.wml delete mode 100644 danish/security/2022/index.wml delete mode 100644 danish/security/2023/Makefile delete mode 100644 danish/security/2023/index.wml delete mode 100644 danish/security/undated/Makefile delete mode 100644 danish/security/undated/index.wml (limited to 'danish') diff --git a/danish/lts/security/2014/Makefile b/danish/lts/security/2014/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/lts/security/2014/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/lts/security/2014/index.wml b/danish/lts/security/2014/index.wml deleted file mode 100644 index 631c5f0dd4e..00000000000 --- a/danish/lts/security/2014/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" -LTS-sikkerhedsbulletiner fra 2014 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/lts/security/2014' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-lts-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/lts/security/2015/Makefile b/danish/lts/security/2015/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/lts/security/2015/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/lts/security/2015/dla-374.wml b/danish/lts/security/2015/dla-374.wml deleted file mode 100644 index 46212f1f1e2..00000000000 --- a/danish/lts/security/2015/dla-374.wml +++ /dev/null @@ -1,12 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at der var SQL-indsprøjtningssårbarheder i cacti, en -webgrænseflade til graftegning af overvågningssystemer.

- -

I Debian 6 Squeeze, er dette problem rettet i cacti version -0.8.7g-1+squeeze9+deb6u11.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2015/dla-374.data" diff --git a/danish/lts/security/2015/dla-375.wml b/danish/lts/security/2015/dla-375.wml deleted file mode 100644 index 50f1e5c5bac..00000000000 --- a/danish/lts/security/2015/dla-375.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - - -
    - -
  • CVE-2015-8472 - -

    Opdatering af ufuldstændig rettelse af - \ - CVE-2015-8126

    • - -
  • CVE-2015-8540 - -

    Underløbslæsning i png_check_keyword i pngwutil.c

    • - -
  • CVE-2012-3425 - -

    Funktionen png_push_read_zTXt i pngpread.c i libpng 1.0.x før 1.0.58, - 1.2.x før 1.2.48, 1.4.x før 1.4.10 samt 1.5.x før 1.5.10, gjorde det muligt - for fjernangribere at forårsage et lammelsesangreb (læsning uden for - grænserne) gennem en stor avail_in-feltværdi i PNG-billede.

    • - -
- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2015/dla-375.data" diff --git a/danish/lts/security/2015/dla-376.wml b/danish/lts/security/2015/dla-376.wml deleted file mode 100644 index 4827d6d1db9..00000000000 --- a/danish/lts/security/2015/dla-376.wml +++ /dev/null @@ -1,12 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Monos string-to-double-fortolker kunne gå ned ved særligt fabrikerede inddata. -Det kunne teoretisk føre til udførelse af vilkårlig kode.

- -

Problemet er rettet i Debian 6 Squeeze med version 2.6.7-5.1+deb6u2 af mono. -Vi anbefaler at du opgraderer dine mono-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2015/dla-376.data" diff --git a/danish/lts/security/2015/index.wml b/danish/lts/security/2015/index.wml deleted file mode 100644 index 6ee3ebef344..00000000000 --- a/danish/lts/security/2015/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" -LTS-sikkerhedsbulletiner fra 2015 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/lts/security/2015' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-lts-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/lts/security/2016/Makefile b/danish/lts/security/2016/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/lts/security/2016/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/lts/security/2016/dla-374.wml b/danish/lts/security/2016/dla-374.wml deleted file mode 100644 index c51cabc4239..00000000000 --- a/danish/lts/security/2016/dla-374.wml +++ /dev/null @@ -1,13 +0,0 @@ -#use wml::debian::translation-check translation="ce41d997301872adfc27a79ea546429856226b67" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at der var en regression i den patch, der skulle rette -CVE-2015-8369 -i den nylige upload af cacti 0.8.7g-1+squeeze9+deb6u12.

- -

I Debian 6 Squeeze, er dette problem rettet i cacti version -0.8.7g-1+squeeze9+deb6u13.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2015/dla-374.data" diff --git a/danish/lts/security/2016/dla-375.wml b/danish/lts/security/2016/dla-375.wml deleted file mode 100644 index e015020c56e..00000000000 --- a/danish/lts/security/2016/dla-375.wml +++ /dev/null @@ -1,12 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - - -

Pakken ia32-libs indeholder 32 bit-udgaver af forskellige biblioteker til -brug på 64 bit-systemer. Denne opdatering udruller alle sikkerhedsrettelser -foretaget i disse biblioteker siden den foregående opdatering af ia32-libs i -Squeeze LTS.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2015/dla-375.data" diff --git a/danish/lts/security/2016/dla-378.wml b/danish/lts/security/2016/dla-378.wml deleted file mode 100644 index 1098e696f78..00000000000 --- a/danish/lts/security/2016/dla-378.wml +++ /dev/null @@ -1,50 +0,0 @@ -#use wml::debian::translation-check translation="ce41d997301872adfc27a79ea546429856226b67" mindelta="1" -LTS-sikkerhedsopdatering - -

Denne opdatering retter de herunder beskrevne CVE'er.

- -
    - -
  • CVE-2015-7550 - -

    Dmitry Vyukov opdagede en kapløbstilstand i keyring-undersystemet, - hvilket gjorde det muligt for en lokal bruger at forårsage et - lammelsesangreb (nedbrud).

    • - -
  • CVE-2015-8543 - -

    Man opdagede at en lokal bruger havde rettigheder til at oprette rå - sockets, kunne medføre et lammelsesangreb ved at angive en ugyldigt - protokolnummer til en socket. Angriberen skulle have muligheden - CAP_NET_RAW.

    • - -
  • CVE-2015-8575 - -

    David Miller opdagede en fejl i implementeringen af Bluetooth SCO-sockets, - hvilket førte til en informationslækage til lokale brugere.

    • - -
- -

Desuden retter denne opdatering en regression fra den foregående opdatering:

- -
    - -
  • #808293 - -

    En regression i UDP-implementeringen forhindrede freeradius og nogle - andre applikationer i at modtage data.

    • - -
- -

I den gamle, gamle stabile distribution (squeeze), er disse problemer -rettet i version 2.6.32-48squeeze18.

- -

I den gamle stabile distribution (wheezy), er disse problemer -rettet i version 3.2.73-2+deb7u2.

- -

I den stabile distribution (jessie), er disse problemer rettet -i version 3.16.7-ckt20-1+deb8u2 eller tidligere.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-378.data" diff --git a/danish/lts/security/2016/dla-379.wml b/danish/lts/security/2016/dla-379.wml deleted file mode 100644 index f8cb92682a5..00000000000 --- a/danish/lts/security/2016/dla-379.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Flere sårbarheder blev fundet i Samba, en SMB-/CIFS-implementering, som -leverer en fil-, print- og loginserver.

- -
    - -
  • CVE-2015-5252 - -

    Jan Yenya Kasprzak og Computer Systems Unit-holdet ved Faculty of - Informatics, Masaryk University, rapporterede at samba på ukorrekt vis - kontrollerede symlinks, gørende det muligt at tilgå ressourcer uden for den - delte sti, under visse omstændigheder.

    • - -
  • CVE-2015-5296 - -

    Stefan Metzmacher fra SerNet og Samba Team opdagede at samba ikke sikrede - at signering blev forhandlet når en klient etablerede en krypteret - forbindelse mod en samba-server.

    • - -
  • CVE-2015-5299 - -

    Samba var sårbar over for et manglende adgangskontroltjek i VFS-modulet - shadow_copy2, hvilket kunne gøre det muligt for uautoriserede brugere at - tilgå snapshots.

    • - -
- -

I Debian 6 Squeeze, er dette problem rettet i samba version -2:3.5.6~dfsg-3squeeze13. Vi anbefaler at du opgraderer dine -samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-379.data" diff --git a/danish/lts/security/2016/dla-380.wml b/danish/lts/security/2016/dla-380.wml deleted file mode 100644 index 157bca57d9c..00000000000 --- a/danish/lts/security/2016/dla-380.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - - -

Et problem er opdaget og løst i libvncserver af opstrømsudvikler Karl Runge, -der håndterer trådsikkerhed i libvncserver når libvncserver anvendes til -håndtering af mange VNC-forbindelser [1].

- -

Desværre er det ikke trivielt let (på grund af ABI-ændringer) at tilbageføre -den \ -relaterede rettelse til libvncserver 0.9.7, som leveres i Debian -squeeze(-lts).

- -

Dog løste den nævnte trådsikkerhedsrettelse et relateret problem med -hukommelseskorruption, forårsaget af frigivelse af globale variabler uden at -null'e dem, når de genbruges i en anden tråd, særligt noget der opstod -når libvncserver blev anvendt til at håndtere mange VNC-forbindelser.

- -

Det beskrevne problem er løst med denne version af libvncserver, og det -anbefales at brugere af VNC opgraderer til denne version af pakken.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-380.data" diff --git a/danish/lts/security/2016/dla-381.wml b/danish/lts/security/2016/dla-381.wml deleted file mode 100644 index 10222355dc4..00000000000 --- a/danish/lts/security/2016/dla-381.wml +++ /dev/null @@ -1,13 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

En sårbarhed blev fundet i ICU, et sæt biblioteker der leverer Unicode- og -internationaliseringsunderstøttelse. Heltalsoverløb i ICU-layoutmaskinen gjorde -det muligt af afsløre oplysninger.

- -

I Debian 6 Squeeze, er dette problem rettet i icu version -4.4.1-8+squeeze5. Vi anbefaler at du opgraderer dine icu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-381.data" diff --git a/danish/lts/security/2016/dla-382.wml b/danish/lts/security/2016/dla-382.wml deleted file mode 100644 index 3150486f988..00000000000 --- a/danish/lts/security/2016/dla-382.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Når sudo er opsat til at tillade at en bruger redigerer filer under en mappe, -som de allerede kan skrive til uden at bruge sudo, kan vedkommende faktisk -redigere (læse og skrive) vilkårlige filer. Daniel Svartman rapporterede at en -opsætning som denne, kunne blive indført utilsigtigt, hvis de redigerbare filer -angives ved hjælp af wildcards, eksempelvis:

- -
-    operator ALL=(root) sudoedit /home/*/*/test.txt
-
- -

Sudos standardvirkemåde er ændret således, at den ikke tillader redigering af -en fil i en mappe, som brugeren kan skrive til, eller som der navigeres hen til -ved at følge et symlink i en mappe, som brugeren kan skrive til. Begrænsningerne -kan deaktiveres, men det frarådes kraftigt.

- -

I den gamle, gamle stabile distribution (squeeze), er dette rettet i version -1.7.4p4-2.squeeze.6.

- -

I den gamle stabile distribution (wheezy) og i den stabile distribution -(jessie), vil dette snart blive rettet.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-382.data" diff --git a/danish/lts/security/2016/dla-383.wml b/danish/lts/security/2016/dla-383.wml deleted file mode 100644 index 5129b5752f4..00000000000 --- a/danish/lts/security/2016/dla-383.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

DrWhax fra Tails-projektet rapporterede at Claws Mail manglende -grænsekontroller i nogle tekstkonverteringsfunktioner. En fjernangriber kunne -udnytte det til at afvikle vilkårlig kode under kontoen tilhørende den bruger, -som modtager en meddelelser fra vedkommende ved hjælp af Claws Mail.

- -
    - -
  • CVE-2015-8614 - -

    Der var ingen kontroller af uddatalængden på konverteringer mellem JIS - JIS (ISO-2022-JP) og EUC-JP, mellem JIS og UTF-8, samt fra Shift_JIS til - EUC-JP.

    • - -
  • CVE-2015-8708 - -

    Den oprindelige rettelse af - CVE-2015-8614 - var ufuldstændig.

    • - -
- -

I den gamle, gamle stabile distribution (squeeze), er disse problemer -rettet i version 3.7.6-4+squeeze2.

- -

I den gamle stabile distribution (wheezy) og i den stabile distribution -(jessie), vil dette snart blive rettet. Disse versioner blev opbygget med -hardening-funktionalitet, som gør det sværere at udnytte problemet.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-383.data" diff --git a/danish/lts/security/2016/dla-384.wml b/danish/lts/security/2016/dla-384.wml deleted file mode 100644 index d28896014c8..00000000000 --- a/danish/lts/security/2016/dla-384.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at InspIRCd ikke validerede navnene i DNS-svar før de blev -anvendt i inter-serverkommunikation. En fjernangriber, med kontrol over -reverse DNS-serveren for en IRC-klient, kunne udnytte det til et -lammelsesangreb eller muligvis til rettighedsforøgelse på IRC-netværket.

- -

InspIRCd lader til at have været fuldstændig ubrugelig siden version -1.1.22+dfsg-4+squeeze1 på grund af en fejl i dets opbygningssystem udløst af -(e)glibc-versioner nyere end 2.9. Det er også rettet.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-384.data" diff --git a/danish/lts/security/2016/dla-385.wml b/danish/lts/security/2016/dla-385.wml deleted file mode 100644 index 4580ec229f8..00000000000 --- a/danish/lts/security/2016/dla-385.wml +++ /dev/null @@ -1,13 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at en ondsindet fabrikeret pakke kunne få enhver -isc-dhcp-applikation til at gå ned. Herunder DHCP-klient, -relay o -g serverapplikationer. Kun IPv4-opsætninger er påvirket.

- -

Vi anbefaler at du opgraderer dine isc-dhcp-pakker til version -4.1.1-P1-15+squeeze9 (Debian squeeze LTS).

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-385.data" diff --git a/danish/lts/security/2016/dla-386.wml b/danish/lts/security/2016/dla-386.wml deleted file mode 100644 index 219f0f4760d..00000000000 --- a/danish/lts/security/2016/dla-386.wml +++ /dev/null @@ -1,12 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at der var endnu en SQL-indsprøjtningssårbarhed i cacti, en -webgrænseflade til graftegning af overvågningsystemer.

- -

I Debian 6 Squeeze, er dette problem rettet i cacti version -0.8.7g-1+squeeze9+deb6u14.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-386.data" diff --git a/danish/lts/security/2016/dla-387.wml b/danish/lts/security/2016/dla-387.wml deleted file mode 100644 index ac221461bf3..00000000000 --- a/danish/lts/security/2016/dla-387.wml +++ /dev/null @@ -1,50 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Qualys Security Team opdagede to sårbarheder i roamingkoden i OpenSSH-klientne -(en implementering af SSH-protokolsuiten).

- -

SSH-roaming gør det muligt for en klient, i tilfælde af en SSH-forbindelse -afbrydes uventet, at blive genoptaget på et senere tidspunkt, forudsat at -serveren også understøtter det.

- -

OpenSSH-server understøtter ikke roaming, men OpenSSH-klienten understøtter -det (selv om det ikke er dokumenteret) og det er aktiveret som standard.

- -
    - -
  • CVE-2016-0777 - -

    En informationslækage (hukommelsesafsløring) kunne udnyttes af en - skrupelløs SSH-server til at narre en klient til at lække følsomme data - fra klienthukommelsen, herunder eksempelvis private nøgler.

    • - -
  • CVE-2016-0778 - -

    Et bufferoverløb (førende til fildeskriptorlækage), kunne også udnyttes - af en skrupelløs SSH-server, men på grund af en anden fejl i koden, var det - muligvis ikke udnytbart, og kun under visse omstændigheder (ikke - standardopsætningen), når ProxyCommand, ForwardAgent eller ForwardX11 - anvendes.

    • - -
- -

Sikkerhedsopdateringen deaktiverer fuldstændig roamingkoden i -OpenSSH-klienten.

- -

Det er også muligt at deaktivere roaming ved at tilføje den (udokuementerede) -valgmulighed UseRoaming no til den globale fil /etc/ssh/ssh_config, eller -til brugeropsætningen i ~/.ssh/config, eller ved at benytte -oUseRoaming=no på -kommandolinjen.

- -

Det anbefales at brugere med private nøgle uden en passphrase, særligt i -ikke-interaktive opsætninger (automatiske jobs der anvender ssh, scp, rsync+ssh -osv.), opdaterer deres nøgler hvis de har været forbundet til en SSH-server, der -ikke er tillid til.

- -

Flere oplysninger om hvordan man identificerer et angreb og afhjælper det, -finder man i Qualys Security Advisory.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-387.data" diff --git a/danish/lts/security/2016/dla-388.wml b/danish/lts/security/2016/dla-388.wml deleted file mode 100644 index 24ef69a9fe0..00000000000 --- a/danish/lts/security/2016/dla-388.wml +++ /dev/null @@ -1,12 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at der var en NULL-deference i dwarfutils, et værktøj til at -dumpe DWARF-debugoplysninger fra ELF-objekter.

- -

I Debian 6 Squeeze, er dette problem rettet i dwarfutils version -20100214-1+deb6u1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-388.data" diff --git a/danish/lts/security/2016/dla-389.wml b/danish/lts/security/2016/dla-389.wml deleted file mode 100644 index 8868d388490..00000000000 --- a/danish/lts/security/2016/dla-389.wml +++ /dev/null @@ -1,12 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at en ondsindet fremstillet GIF kunne få værktøjet giffix, der -indgår i giflib-tools, til at gå ned.

- -

Vi anbefaler at du opgraderer din giflib-tools-pakke til version -4.1.6-9+deb6u1 (Debian squeeze LTS).

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-389.data" diff --git a/danish/lts/security/2016/dla-390.wml b/danish/lts/security/2016/dla-390.wml deleted file mode 100644 index 294619ef213..00000000000 --- a/danish/lts/security/2016/dla-390.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at dbconfig-common kunne, afhængigt af den lokale umask, -foretage PostgreSQL-databasebackup'er, som var læsbare af andre brugere end -databaseejeren. Problemet er rettet i version 1.8.46+squeeze.1. -Adgangsrettigheder til eksisterende databasebackup'er (ikke kun fra -PostgreSQL) begrænses til ejeren af backup'en under opgraderingen af -dbconfig-common til denne version. Yderligere opgraderinger vil ikke ændre -adgangsrettighederne i tilfælde af at den lokale administrator har særlige -behov.

- -

dbconfig-common er en Debian-hjælpepakke, som anvendes af en række pakker til -at håndtere den tilsvarende database.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-390.data" diff --git a/danish/lts/security/2016/dla-391.wml b/danish/lts/security/2016/dla-391.wml deleted file mode 100644 index cb934acf8d0..00000000000 --- a/danish/lts/security/2016/dla-391.wml +++ /dev/null @@ -1,12 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at i prosody, en letvægts-Jabber/XMPP-server, anvendte en svag -PRNG i modulet mod_dialback.

- -

I Debian 6 Squeeze, er dette problem rettet i prosody version -0.7.0-1squeeze1+deb6u1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-391.data" diff --git a/danish/lts/security/2016/dla-392.wml b/danish/lts/security/2016/dla-392.wml deleted file mode 100644 index 5542dcd93c1..00000000000 --- a/danish/lts/security/2016/dla-392.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

High-Tech Bridge Security Research Lab opdagede en mappegennemløbssårbarhed i -den populære webmailklient Roundcube. Sårbarheden kunne udnyttes til at få -adgang til følsomme oplysninger og under visse omstændigheder udføre vilkårlig -kode og totalt kompromittere den sårbare server.

- -

Sårbarheden fandtes på grund af utilstrækkelig fornuftighedskontrol af -_skin HTTP POST-parameteret i skriptet /index.php, når der skiftes -mellem webapplikationens forskellige temaer. En fjernautentificeret angriber -kunne udnytte mappegennemløbssekvenser (fx ../../) til at indlæse et nyt -tema fra en vilkårlig placering på systemet, som er læsbart af webserveren.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-392.data" diff --git a/danish/lts/security/2016/dla-393.wml b/danish/lts/security/2016/dla-393.wml deleted file mode 100644 index a49501b3975..00000000000 --- a/danish/lts/security/2016/dla-393.wml +++ /dev/null @@ -1,13 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Forhindrer potentielt lammelsesangreb på grund af manglende grænsekontroller -på RTP-headers CSRC-tæller og udvidelsesheaderlængde. Tak til Randell Jesup og -Firefox-holdet for rapporten om problemet.

- -

(Da der ikke var en aead-tilstand tilgængelig i versionen i Squeeze, var det -kun nødvendigt at rette only srtp_unprotect().)

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-393.data" diff --git a/danish/lts/security/2016/dla-394.wml b/danish/lts/security/2016/dla-394.wml deleted file mode 100644 index fcabdec2e43..00000000000 --- a/danish/lts/security/2016/dla-394.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - - -

agent/Core/Controller/SendRequest.cpp i Phusion Passenger før 4.0.60 og -5.0.x før 5.0.22, ved brug i Apaches integrationstilstand eller i alenestående -tilstand uden en filtrerende proxy, gjorde det muligt for fjernangribere at -forfalske headere overført til applikationer ved at benytte tegnet _ -(understrengning) i stedet for tegnet - (bindestreg) i en HTTP-header, som -demonstreret af med en X_User-header.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-394.data" diff --git a/danish/lts/security/2016/dla-395.wml b/danish/lts/security/2016/dla-395.wml deleted file mode 100644 index 135ed7977d4..00000000000 --- a/danish/lts/security/2016/dla-395.wml +++ /dev/null @@ -1,13 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

En sårbarhed blev fundet i LibRSVG, et bibliotek til rendering af SVG-grafik. -Librsvg var sårbar over for en heaplæsning uden for grænserne ved fortolkning af -SVG-filer.

- -

I Debian 6 Squeeze, er dette problem rettet i librsvg version -2.26.3-1+deb6u3. Vi anbefaler at du opgraderer dine librsvg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-395.data" diff --git a/danish/lts/security/2016/dla-396.wml b/danish/lts/security/2016/dla-396.wml deleted file mode 100644 index 095860afd6a..00000000000 --- a/danish/lts/security/2016/dla-396.wml +++ /dev/null @@ -1,10 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at specifikke APL RR-data kunne udløse en INSIST-fejl i -apl_42.c samt forårsage at BIND DNS-serveren afsluttede, førende til et -lammelsesangreb.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-396.data" diff --git a/danish/lts/security/2016/dla-397.wml b/danish/lts/security/2016/dla-397.wml deleted file mode 100644 index aadf1092c64..00000000000 --- a/danish/lts/security/2016/dla-397.wml +++ /dev/null @@ -1,11 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Jann Horn opdagede at setuid-root mount.ecryptfs_private-hjælperen i -ecryptfs-utils ville mounte over enhver målmappe, som brugeren ejer, herunder en -mappe i procfs. En lokal angriber kunne udnytte fejlen til at forsøge sine -rettigheder.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-397.data" diff --git a/danish/lts/security/2016/dla-398.wml b/danish/lts/security/2016/dla-398.wml deleted file mode 100644 index de4e9735eb6..00000000000 --- a/danish/lts/security/2016/dla-398.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - - -
    - -
  • CVE-2016-1982 -

    Forhindrer ugyldige læsninger i tilfælde af korrupt chunk-encoded - indhold.

    • - -
  • CVE-2016-1983 - -

    Fjernede tomme Host-headere i klientforespørgsler; medførende ugyldige - læsninger.

    • - -
- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-398.data" diff --git a/danish/lts/security/2016/dla-399.wml b/danish/lts/security/2016/dla-399.wml deleted file mode 100644 index 05e2a3df294..00000000000 --- a/danish/lts/security/2016/dla-399.wml +++ /dev/null @@ -1,11 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - - -

cups-filters indeholdt adskillige bufferoverløb forårsaget af manglende -størreleskontroller, når der kopieres fra miljøvariabler til lokale bruffere -(strcpy) for uden strengafkortningshandlinger (strcat).

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-399.data" diff --git a/danish/lts/security/2016/dla-400.wml b/danish/lts/security/2016/dla-400.wml deleted file mode 100644 index d8ebebf40cc..00000000000 --- a/danish/lts/security/2016/dla-400.wml +++ /dev/null @@ -1,57 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Denne opdatering retter visse kendte sårbarheder i pound i squeeze-lts ved at -tilbageføre versionen fra wheezy.

- -
    - -
  • CVE-2009-3555 - -

    TLS-protokollen og SSL-protokol 3.0 samt muligvis tidligere, som - anvendes i Microsoft Internet Information Services (IIS) 7.0, mod_ssl i - Apache HTTP Server 2.2.14 og tidligere, OpenSSL før 0.9.8l, GnuTLS 2.8.5 og - tidligere, Mozilla Network Security Services (NSS) 3.12.4 og tidligere, - adskillige Cisco-produkter, samt andre produkter, tilknyttede ikke på - korrekt vis genforhandlingshandshakes med en eksisterende forbindelse, - hvilket gjorde det muligt for manden i midten-angribere at indsætte data i - HTTPS-sessioner, og muligvis andre former for sessioner beskyttet af TLS - eller SSL, ved at sende en uautentificeret forespørgsel, som behandles med - tilbagevirkende kraft af en server i en efter genforhandlingskontekst med - relation til et plaintext injection-angreb, alias Project - Mogul-problemet.

    • - -
  • CVE-2011-3389 - -

    SSL-protokollen, som anvendes i visse opsætninger i Microsoft Windows og - Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, samt - andre produkter, krypterer data ved at anvende CBC-tilstand med kædede - initialiseringsvektorer, hvilket gjorde det muligt for manden i - midten-angribere at fat i HTTP-headere i klartekst gennem et blokvist - valgt-grænse-angreb (BCBA) på en HTTPS-session, i sammenhæng med - JavaScript-kode, som anvender (1) HTML5 WebSocket API, (2) Java - URLConnection API eller (3) Silverlight WebClient API, alias et - BEAST-angreb.

    • - -
  • CVE-2012-4929 - -

    TLS-protokol 1.2 og tidligere, som anvendes i Mozilla Firefox, Google - Chrome, Qt og andre produkter, kunne kryptere komprimerede data uden på - korrekt vis at gøre et forsøg på at skjule længden på de ukrypterede data, - hvilket gjorde det muligt for manden i midten-angribere at få adgang til - HTTP-headere i klartekst, ved at holde øje med længdeforskelle under en - række gæt, i hvilke en streng i en HTTP-forespørgsel potentielt svarer til - en ukendt streng i en HTTP-header, alias et CRIME-angreb.

    • - -
  • CVE-2014-3566 - -

    SSL protocol 3.0, som anvendes i OpenSSL til og med 1.0.1i og i andre - produkter, anvender ikke-deterministisk CBC-padding, hvilket gør det - lettere for manden i midten-angribere at få adgang til data i klartekst - gennem et padding-orakel-angreb, alias POODLE-problemet.

    • - -
- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-400.data" diff --git a/danish/lts/security/2016/dla-401.wml b/danish/lts/security/2016/dla-401.wml deleted file mode 100644 index e6259c22233..00000000000 --- a/danish/lts/security/2016/dla-401.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - - -
    - -
  • CVE-2014-9762 - -

    GIF-indlæser: Retter segv på billeder uden colormap.

    • - -
  • CVE-2014-9763 - -

    Forhindrer nedbrud som følge af division med nul.

    • - -
  • CVE-2014-9764 - -

    Retter segfault ved åbning af - input/queue/id:000007,src:000000,op:flip1,pos:51 med feh.

    • - -
- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-401.data" diff --git a/danish/lts/security/2016/dla-402.wml b/danish/lts/security/2016/dla-402.wml deleted file mode 100644 index 489dce64f05..00000000000 --- a/danish/lts/security/2016/dla-402.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

To sikkerhedsfejl er fundet i og løst i libtiff, et bibliotek som leverer -håndtering af Tag Image File Format (TIFF). Fejlene vedrører læsninger uden -for grænserne i interfacet TIFFRGBAImage, ved ikke-understøttede værdier med -relation til LogLUV og CIELab. -CVE-2015-8665 -blev rapporteret af limingxing og -CVE-2015-8683 -af zzf fra Alibaba.

- -

I Debian 6 Squeeze, er disse problemer rettet i tiff version -3.9.4-5+squeeze13. Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-402.data" diff --git a/danish/lts/security/2016/dla-403.wml b/danish/lts/security/2016/dla-403.wml deleted file mode 100644 index 213d8d2deb6..00000000000 --- a/danish/lts/security/2016/dla-403.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Flere problemer er opdaget af Unrud i Radicale, en kalender- og -adressebogsserver. En fjernangriber kunne udnytte sårbarhederne og kalde -vilkårlige funktioner ved at sende fabrikerede HTTP-forespørgsler.

- -
    - -
  • CVE-2015-8748 - -

    Forhindrer regex-indsprøjtning i rettighedshåndtering. Forhindrer - fabrikerede HTTP-forespørgsler i at kalde vilkårlige funktioner/p>

    • - -
  • CVE-2015-8747 - -

    Backend'en multifilesystem tillod tilgang til vilkårlige filer på alle - platforme. (Squeeze er ikke påvirket fordi backend'en multifilesystem ikke - findes i denne version.)

    • - -
- -

I Debian 6 Squeeze, er disse problemer rettet i version -0.3-2+deb6u1.

- -

Vi anbefaler at du opgraderer dine radicale-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-403.data" diff --git a/danish/lts/security/2016/dla-404.wml b/danish/lts/security/2016/dla-404.wml deleted file mode 100644 index 5ab897ef96f..00000000000 --- a/danish/lts/security/2016/dla-404.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at der var en ugyldig pointerdereference i nginx, en lille, -ydedygtig, skalerbar web-/proxyserver. En ugyldig pointerdereference kunne -opstå under behandlingaf svar fra DNS-server, hvilket gjorde det muligt for en -angriber, der er i stand til at forfalske UDP-pakker fra DNS-serveren, at -forårsage at workerprocessen gik ned.

- -

I Debian 6 Squeeze, er dette problem rettet i nginx version -0.7.67-3+squeeze4+deb6u1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-404.data" diff --git a/danish/lts/security/2016/dla-405.wml b/danish/lts/security/2016/dla-405.wml deleted file mode 100644 index bacffc457fb..00000000000 --- a/danish/lts/security/2016/dla-405.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Flere sikkerhedsfejl er fundet og løst i libtiff, et bibliotek som leverer -understøttelse af Tag Image File Format (TIFF). Fejlene vedrører læsninger og -skrivninger uden for grænserne i funktionerne LogL16Decode, LogLuvDecode24, -LogLuvDecode32, LogLuvDecodeTile, LogL16Encode, LogLuvEncode24, LogLuvEncode32 -og NeXTDecode.

- -

Følgende id'er er blevet tildelt problemerne: -CVE-2015-8781, -CVE-2015-8782, -CVE-2015-8783 og -CVE-2015-8784.

- -

I Debian 6 Squeeze, er disse problemer rettet i tiff version -3.9.4-5+squeeze14. Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-405.data" diff --git a/danish/lts/security/2016/dla-406.wml b/danish/lts/security/2016/dla-406.wml deleted file mode 100644 index 39049ef0a9b..00000000000 --- a/danish/lts/security/2016/dla-406.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Flere fejl blev opdaget i CSRF-autentificeringskoden i phpMyAdmin.

- -
    - -
  • CVE-2016-2039 - -

    XSRF-/CSRF-tokenet genereres med en svag algoritme, med anvendelse af - funktioner, der ikke leverer kryptografisk sikre værdier.

    • - -
  • CVE-2016-2041 - -

    Sammenligningen af XSRF-/CSRF-tokenparameteret med værdien opbevaret i - session er sårbar over for timingangreb. Desudne kunne sammenligningen - omgås hvis XSRF-/CSRF-tokenet svarer til et bestemt mønster.

    • - -
- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-406.data" diff --git a/danish/lts/security/2016/dla-407.wml b/danish/lts/security/2016/dla-407.wml deleted file mode 100644 index 960e06182da..00000000000 --- a/danish/lts/security/2016/dla-407.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Fejlen gjorde det muligt for en ondsindet server at udgive sig for at være -det sårbare domæne, over for ethvert XMPP-domæne, hvis domænenavn indeholder -angriberens domæne som et suffiks.

- -

Eksempelvis ville bber.example være i stand til at forbindese sig med -jabber.example og med succes udgive sig for at være enhver sårbar server -i netværket.

- -

Dette udgave retter også en regression opstået i den tidligere rettelse af -CVE-2016-1232: -s2s fungerer ikke hvis /dev/urandom kun er læsbar.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-407.data" diff --git a/danish/lts/security/2016/dla-408.wml b/danish/lts/security/2016/dla-408.wml deleted file mode 100644 index 8d9cfffb868..00000000000 --- a/danish/lts/security/2016/dla-408.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

GOsa er en kombination af systemadministrator- og slutbrugerwebgrænseflade, -beregnet til at håndtere LDAP-baserede opsætninger.

- -

Opstrøms-GOsa rapporterede om en kodeindsprøjtningssårbarhed i -Samba-pluginkoden i GOsa. Under Samba-adgangskodeændringer, var det muligt at -indsprøjte ondsindet Perl-kode.

- -

Denne upload til Debian Squeeze LTS retter problemerne. Men hvis man -opgraderer til denne rettede pakke, så bemærk at Samba-adgangskodeændringer ikke -vil fungere før parameteret sambaHashHook i gosa.conf er blevet opdateret til at -acceptere base64-indkapslede strenge fra GOsas PHP-kode.

- -

Læs /usr/share/doc/gosa/NEWS.gz og mansiden gosa.conf (5), efter du har -opgraderet til denne pakke, samt tilpas gosa.conf som beskrevet deri.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-408.data" diff --git a/danish/lts/security/2016/dla-409.wml b/danish/lts/security/2016/dla-409.wml deleted file mode 100644 index ddf43216a04..00000000000 --- a/danish/lts/security/2016/dla-409.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Adskillige problemer er fundet i databaseserveren MySQL. Problemerne er løst -ved at opgradere til den nyeste opstrømsudgave af MySQL, 5.5.47. Se MySQL 5.5 -Release Notes og Oracle's Critical Patch Update-bulletinen for flere -oplysninger:

- - - -

I Debian 6 Squeeze, er disse problemer rettet i mysql-5.5 version -5.5.47-0+deb6u1. Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-409.data" diff --git a/danish/lts/security/2016/dla-410.wml b/danish/lts/security/2016/dla-410.wml deleted file mode 100644 index a0fec631042..00000000000 --- a/danish/lts/security/2016/dla-410.wml +++ /dev/null @@ -1,83 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udbrud fra Java-sandkassen, informationsafsløring, -lammelsesangreb og usikker kryptografi.

- -
    - -
  • CVE-2015-7575 - -

    En fejl blev fundet i den måde TLS 1.2 kunne anvende - MD5-hashfunktionen til signering af ServerKeyExchange- og Client - Authentication-pakker under en TLS-handshake.

    • - -
  • CVE-2015-8126 - -

    Flere bufferoverløb i funktionerne (1) png_set_PLTE og (2) png_get_PLTE i - libpng før 1.0.64, 1.1.x og 1.2.x før 1.2.54, 1.3.x og 1.4.x før 1.4.17, - 1.5.x før 1.5.24 samt 1.6.x før 1.6.19, gjorde det muligt for fjernangribere - at forårsage et lammelsesangreb (applikationsnedbrud) eller muligvis have - anden ikke-angivet indvirkning via en lille bit-depth-værdi i en IHDR-chunk - (alias billedheader) i et PNG-billede.

    • - -
  • CVE-2015-8472 - -

    Bufferoverløb i funktionen png_set_PLTE i libpng før 1.0.65, 1.1.x og - 1.2.x før 1.2.55, 1.3.x, 1.4.x før 1.4.18, 1.5.x før 1.5.25 samt 1.6.x før - 1.6.20, gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - (applikationsnedbrud) eller muligvis have anden ikke-angivet indvirkning - gennem en lille bit-depth-værdi i en IHDR-chunk (alias billedheader) i et - PNG-billede. Bemærk at sårbarheden skyldes en ufuldstændig rettelse af - \ - CVE-2015-8126.

    • - -
  • CVE-2016-0402 - -

    Ikke-angivet sårbarhed i komponenterne Java SE og Java SE Embedded i - Oracles Java SE 6u105, 7u91 og 8u66 samt Java SE Embedded 8u65, gjorde det - muligt for fjernangribere at påvirke integriteten gennem ukendte - angrebsvinkler med relation til Networking.

    • - -
  • CVE-2016-0448 - -

    Ikke-angivet sårbarhed i komponenterne Java SE og Java SE Embedded i - Oracles Java SE 6u105, 7u91 og 8u66 samt Java SE Embedded 8u65, gjorde det - muligt for fjernautentificerede brugere at påvirke fortrolighed gennem - angrebsvinkler med relation til JMX.

    • - -
  • CVE-2016-0466 - -

    Man opdagede at JAXP-komponenten i OpenJDK ikke på korrekt vis - håndhævede begrænsingen i totalEntitySizeLimit. En angriber med mulighed - for at få en Java-applikation til at behandle en særligt fremstillet - XML-fil, kunne udnytte fejlen til at få applikationen til at forbruge en alt - for stor mængde hukommelse.

    • - -
  • CVE-2016-0483 - -

    Ikke-angivet sårbarhed i komponenterne Java SE, Java SE Embedded og - JRockit i Oracles Java SE 6u105, 7u91 og 8u66, samt Java SE Embedded 8u65 og - JRockit R28.3.8, gjorde det muligt for fjernangriberre at påvirke - fortrolighed, integritet og tilgængelighed gennem angrebsvinkler med - relation til AWT.

    • - -
  • CVE-2016-0494 - -

    Ikke-angivet sårbarhed i komponenterne Java SE og Java SE Embedded i - Oracles Java SE 6u105, 7u91 og 8u66 samt Java SE Embedded 8u65, gjorde det - muligt for fjernangribere at påvirke fortrolighed, integritet og - tilgængelighed gennem ukendte angrebsvinkler med relation til 2D.

    • - -
- -

I Debian 6 Squeeze, er disse problemer rettet i version -6b38-1.13.10-1~deb6u1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-410.data" diff --git a/danish/lts/security/2016/dla-411.wml b/danish/lts/security/2016/dla-411.wml deleted file mode 100644 index fe939828089..00000000000 --- a/danish/lts/security/2016/dla-411.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Flere sårbarheder er rettet i Debians GNU C Library, eglibc:

- -
    - -
  • CVE-2014-9761 - -

    Maths nan*-funktion håndterede på ukorrekt vis payloadstrenge, medførende - en unbounded stakallokering baseret på længden af parametrene. For at løse - problemet, er payloadfortolkningen flytet væk fra strtod og ind i en - separat funktion, som nan* kan kalde direkte.

    • - -
  • CVE-2015-8776 - -

    Funktionen strftime() gjorde det muligt at tilgå ugyldig hukommelse, - gørende det muligt at segfaulte den kaldende applikation.

    • - -
  • CVE-2015-8778 - -

    hcreate() var sårbar over for et heltalsoverløb, hvilket kunne medføre - heaptilgange uden for grænserne.

    • - -
  • CVE-2015-8779 - -

    Funktionen catopen() var ramt af flere unbounded - stakallokeringer.

    • - -
- -

I Debian 6 Squeeze, er disse problemer rettet i eglibc version -eglibc_2.11.3-4+deb6u9. Vi anbefaler at at opgraderer dine eglibc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-411.data" diff --git a/danish/lts/security/2016/dla-412.wml b/danish/lts/security/2016/dla-412.wml deleted file mode 100644 index fc0ba3af258..00000000000 --- a/danish/lts/security/2016/dla-412.wml +++ /dev/null @@ -1,57 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Denne opdatering retter de herunder beskrevne CVE'er.

- -
    - -
  • CVE-2015-7566 - -

    Ralf Spenneberg fra OpenSource Security rapporterede at visordriveren - gik ned når en særligt fremstillet USB-enhed uden bulk-out-endpoint blev - opdaget.

    • - -
  • CVE-2015-8767 - -

    Et SCTP-lammelsesangreb blev opdaget, hvilket kunne udløses af en lokal - angriber under en heartbeattimeoutevent efter det firesidede - handshake.

    • - -
  • CVE-2015-8785 - -

    Man opdagede at lokale brugere med rettigheder til at skrive til en fil - på et FUSE-filsystem, kunne forårsage et lammelsesangreb (ikke-dræbbar løkke - i kernen).

    • - -
  • CVE-2016-0723 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse blev opdaget i - ioctl'en TIOCGETD. En lokal angriber kunne udnytte fejlen til et - lammelsesangreb.

    • - -
  • CVE-2016-2069 - -

    Andy Lutomirski opdagede en kapløbstilstand i tømning af TLB'en når der - blev skiftet opgave. På et SMP-system kunne det muligvis føre til et - nedbrud, informationslækage eller rettighedsforøgelse.

    • - -
- -

I den gamle, gamle stabile distribution (squeeze), er disse problemer rettet -i version 2.6.32-48squeeze19. Desuden indeholder denne version opstrøms stabile -opdatering 2.6.32.70. Dette er den sidste opdatering af linux-2.6-pakken i -squeeze.

- -

I den gamle stabile distribution (wheezy), vil disse problemer snart blive -rettet.

- -

I den stabile distribution (jessie), blev -CVE-2015-7566, -CVE-2015-8767 og -CVE-2016-0723 -rettet i linux version 3.16.7-ckt20-1+deb8u3 og de tilbageværende problemer vil -snart blive rettet.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-412.data" diff --git a/danish/lts/security/2016/dla-413.wml b/danish/lts/security/2016/dla-413.wml deleted file mode 100644 index 53c787e8a6b..00000000000 --- a/danish/lts/security/2016/dla-413.wml +++ /dev/null @@ -1,11 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Påvirkede versioner af gajim tillod fjernangribere at ændre på roster'en og -opsnappe beskeder gennem en fabrikeret roster-push IQ-stanza.

- -

Dette er rettet i squeeze-lts med version 0.13.4-3+squeeze4.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-413.data" diff --git a/danish/lts/security/2016/dla-414.wml b/danish/lts/security/2016/dla-414.wml deleted file mode 100644 index 36a372a2178..00000000000 --- a/danish/lts/security/2016/dla-414.wml +++ /dev/null @@ -1,11 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

chrony før 1.31.2 og 2.x før 2.2.1 verificerede ikke peer-tilknytninger af -symetriske nøgler når pakker blev autentificeret, hvilket kunne gøre det muligt -for fjernangribere at iværksætte efterligningsangreb gennem en vilkårlig nøgle, -man har tillid til, alias en dirk (skeleton key).

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-414.data" diff --git a/danish/lts/security/2016/dla-415.wml b/danish/lts/security/2016/dla-415.wml deleted file mode 100644 index c64c38ed936..00000000000 --- a/danish/lts/security/2016/dla-415.wml +++ /dev/null @@ -1,12 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

En skrivning uden for grænserne blev opdaget i fortolkningen af cpio-filer. -I Debian 6 Squeeze, er dette problem rettet i cpio version -2.11-4+deb6u2.

- -

Vi anbefaler at du opgraderer din cpio-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-415.data" diff --git a/danish/lts/security/2016/dla-416.wml b/danish/lts/security/2016/dla-416.wml deleted file mode 100644 index 8faeaa7ce72..00000000000 --- a/danish/lts/security/2016/dla-416.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="16a228d71674819599fa1d0027d1603056286470" mindelta="1" -LTS-sikkerhedsopdatering - -

Flere sårbarheder er rettet i Debians GNU C Library, eglibc:

- -
    - -
  • CVE-2015-7547 - -

    Google Security Team og Red Hat opdagede at glibc's funktion til at - resolve værtsnavne, getaddrinfo, kunne fejlbehandle sine interne buffere, - når der blev behandlet AF_UNSPEC-forespørgsler (til dobbelte A/AAAA-opslag), - førende til et stakbaseret bufferoverløb og udførelse af vilkårlig kode. - Sårbarheden påvirker de fleste applikationer, som udfører værtsnavneopslag - ved hjælp af getaddrinfo, herunder systemservices.

    • - -
  • Følgende sårbarheder mangler pt. CVE-tildelinger - -

    Andreas Schwab rapportede om en hukommelseslækage (hukommelsesallokering - uden tilsvarende deallokering) under behandling af visse DNS-svar i - getaddrinfo, med relation til funktionen _nss_dns_gethostbyname4_r. - Sårbarheden kunne føre til et lammelsesangreb.

    • - -
- -

I Debian 6 Squeeze, er disse problemer rettet i eglibc version -eglibc_2.11.3-4+deb6u11. Desuden korrigerer denne version rettelsen af -CVE-2014-9761 -i Squeeze, der fejlagtigt markerede nogle få symboler som offentlige i stedet -for private.

- -

Selv om det kun er nødvendigt at sikre sig, at alle processer ikke længere -anvender den gamle eglibc, anbefales det alligevel at genstarte maskinen efter -at have rullet denne sikkerhedsopgradering på.

- -

Vi anbefaler at du opgraderer din eglibc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-416.data" diff --git a/danish/lts/security/2016/dla-417.wml b/danish/lts/security/2016/dla-417.wml deleted file mode 100644 index 8aafce4840a..00000000000 --- a/danish/lts/security/2016/dla-417.wml +++ /dev/null @@ -1,13 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at der var et bufferoverløb i xdelta3, et diffværktøj, der -virker med binære filer. Sårbarheden tillod at vilkårlig kode kunne udføres -fra inddatafiler.

- -

I Debian 6 Squeeze, er dette problem rettet i xdelta3 version -0y.dfsg-1+deb6u1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-417.data" diff --git a/danish/lts/security/2016/dla-418.wml b/danish/lts/security/2016/dla-418.wml deleted file mode 100644 index 096161ca7c6..00000000000 --- a/danish/lts/security/2016/dla-418.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

WordPress version 4.4.1 og tidligere var påvirket af to sikkerhedsproblemer: -en mulig Side Request Forgery Vulnerability for visse lokale URL'er, rapporteret -af Shailesh Suthar.

- -
    - -
  • CVE-2016-2221 - -

    Wordpress kunne være sårbar over for et åben viderestilling-angreb, - hvilket blev rettet ved at validere den anvendte URL i HTTP-viderestillinger - på bedre vis.

    • - -
  • CVE-2016-2222 - -

    Man opdagede at Wordpress var sårbar over for en mulig Side Request - Forgery Vulnerability, fordi det eksempelvis anså 0.1.2.3 for at være en - gyldig IP-adresse.

    • - -
- -

I Debian 6 Squeeze, er disse problemer rettet i version -3.6.1+dfsg-1~deb6u9.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-418.data" diff --git a/danish/lts/security/2016/dla-419.wml b/danish/lts/security/2016/dla-419.wml deleted file mode 100644 index 01fedfa75cb..00000000000 --- a/danish/lts/security/2016/dla-419.wml +++ /dev/null @@ -1,13 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Gtk+2.0, et bibliotek til grafiske brugerflader, var ramt af et -heltalsoverløb i dets funktion gdk_cairo_set_source_pixbuf, ved allokering af en -stor hukommelsesblok.

- -

I Debian 6 Squeeze, er dette problem rettet i gtk+2.0 version -2.20.1-2+deb6u1. Vi anbefaler at du opgraderer gtk+2.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-419.data" diff --git a/danish/lts/security/2016/dla-420.wml b/danish/lts/security/2016/dla-420.wml deleted file mode 100644 index 8a6ebc33827..00000000000 --- a/danish/lts/security/2016/dla-420.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at der var et problem med en ugyldig adresse i libmatroska, et -udvidbart containerformat til lyd og video, som er en åben standard.

- -

Ved læsning af en blokgruppe eller en simpel blok, som anvender EBML-lacing, -blev framestørrelsen indikeret i lacing'en ikke kontrolleret mod det -tilgængelige antal bytes. Hvis den indikerede framestørrelse var større end -hele blokkens størrelse, læste fortolkeren forbi slutningen af bufferen, -medførende en heapinformationslækage.

- -

I Debian 6 Squeeze, er dette problem rettet i libmatroska version -0.8.1-1.1+deb6u1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-420.data" diff --git a/danish/lts/security/2016/dla-421.wml b/danish/lts/security/2016/dla-421.wml deleted file mode 100644 index 3e58be82759..00000000000 --- a/danish/lts/security/2016/dla-421.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="ce41d997301872adfc27a79ea546429856226b67" mindelta="1" -LTS-sikkerhedsopdatering - - -
    - -
  • CVE-2015-3197 - -

    En ondsindet klient kunne forhandle SSLv2-ciphers, som er blevet deaktiveret -på serveren, og gennemføre SSLv2-handshakes på trods af at alle SSLv2-ciphers er -blevet deaktiveret, forudsat at SSLv2-protokollen ikke også var deaktiveret -gennem SSL_OP_NO_SSLv2.

    • - -
- -

Desuden, når der anvendes en DHE-ciphersuite, blev en DH-nøgle altid -genereret til hver forbindelse.

- -

Dette er den sidste sikkerhedsopdatering af squeeze-udgaven af pakken. -Versionen 0.9.8 er ikke længere understøttet og LTS-understøttelse af squeeze -ophører snart. Hvis man anvender openssl, bør man opgradere til wheezy eller -endnu bedre jessie. Versionen i disse udgaver indeholder mange -sikkerhedsforbedringer.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-421.data" diff --git a/danish/lts/security/2016/dla-422.wml b/danish/lts/security/2016/dla-422.wml deleted file mode 100644 index 6456345ea39..00000000000 --- a/danish/lts/security/2016/dla-422.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - - -

To bufferoverløb blev opdaget i python-imaging, et Python-bibliotek til -indlæsning og behandling af billedfiler, hvilke kunne føre til udførelse af -vilkårlig kode.

- - - -

Det andet bufferoverløb var i PcdDecode.c. Der er endnu ikke blevet tildelt -en CVE-registrering.

- -

I Debian 6 Squeeze, er disse problemer rettet i version -1.1.7-2+deb6u2.

- -

Vi anbefaler at du opgraderer dine python-imaging-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-422.data" diff --git a/danish/lts/security/2016/dla-423.wml b/danish/lts/security/2016/dla-423.wml deleted file mode 100644 index 27a80482d49..00000000000 --- a/danish/lts/security/2016/dla-423.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - - -
    - -
  • CVE-2015-8629 - -

    Man opdagede at en autentificeret angriber kunne få kadmind til at læse - ud over slutningen af allokeret hukommelse, ved at sende en streng uden en - afsluttende nulbyte. Informationslækage kunne være muligt for en angriber - med rettigheder til at ændre databasen.

    • - -
  • CVE-2015-8631 - -

    Man opdagede at en autentificeret angriber kunne få kadmind til at lække - hukommelse ved at levere et null-principalnavn i en forespørgsel, som - anvender et. Gentagelse af disse forespørgsler medfører på et tidspunkt, at - kadmind har opbrugt al tilgængelig hukommelse.

    • - -
- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-423.data" diff --git a/danish/lts/security/2016/dla-424.wml b/danish/lts/security/2016/dla-424.wml deleted file mode 100644 index 92ba51e5c2a..00000000000 --- a/danish/lts/security/2016/dla-424.wml +++ /dev/null @@ -1,10 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Alexander Izmailov opdagede at didiwiki, en wikiimplementering, ikke på -korrekt vis validerede brugerleverede inddata, dermed gørende det muligt for en -ondsindet bruger, at tilgå ethvert sted på filsystemet.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-424.data" diff --git a/danish/lts/security/2016/dla-425.wml b/danish/lts/security/2016/dla-425.wml deleted file mode 100644 index 75d58e22509..00000000000 --- a/danish/lts/security/2016/dla-425.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Aris Adamantiadis fra libssh team opdagede at libssh, en implementering af -SSH2-protokollen, der anvendes af mange applikationer, ikke genererede -tilstrækkeligt lange Diffie-Hellman-secrets.

- -

Sårbarheden kunne udnyttes af en smuglytter til at dekryptere og opsnappe -SSH-sessioner.

- -

I den gamle, gamle stabile distribution (squeeze), er dette rettet i version -0.4.5-3+squeeze3.

- -

I den gamle stabile distribution (wheezy) og i den stabile distributions -(jessie), vil dette snart blive rettet.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-425.data" diff --git a/danish/lts/security/2016/dla-426.wml b/danish/lts/security/2016/dla-426.wml deleted file mode 100644 index 684e2b60c66..00000000000 --- a/danish/lts/security/2016/dla-426.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Andreas Schneider rapporterede at libssh2, en implementering af -SSH2-protokollen, der anvendes af mange applikationer, ikke genererede -tilstrækkeligt lange Diffie-Hellman-secrets.

- -

Sårbarheden kunne udnyttes af en smuglytter til at dekryptere og opsnappe -SSH-sessioner.

- -

I den gamle, gamle stabile distribution (squeeze), er dette rettet i version -1.2.6-1+deb6u2. Selvom changelog'en refererer til sha256, understøtter -denne version kun udveksling af DH SHA-1-nøgler, og det er denne metode til -nøgleudveksling, der er rettet.

- -

I den gamle stabile distribution (wheezy) og i den stabile distribution -(jessie), vil dette snart blive rettet.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-426.data" diff --git a/danish/lts/security/2016/dla-427.wml b/danish/lts/security/2016/dla-427.wml deleted file mode 100644 index 72b597f92a0..00000000000 --- a/danish/lts/security/2016/dla-427.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Funktionen s_mp_div i Mozilla Network Security Services (NSS) før 3.21, -dividerede tal på ukorrekt vis, hvilket kunne gøre det letterre for -fjernangribere at overmande kryptografiske beskyttelsesmekanismer ved at -udnytte funktionerne (1) mp_div eller (2) mp_exptmod.

- -

I den gamle, gamle stabile distribution (squeeze), er disse problemer rettet -i version 3.12.8-1+squeeze14.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-427.data" diff --git a/danish/lts/security/2016/dla-428.wml b/danish/lts/security/2016/dla-428.wml deleted file mode 100644 index 7e4680f158c..00000000000 --- a/danish/lts/security/2016/dla-428.wml +++ /dev/null @@ -1,13 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at der var en sårbarhed i forbindelse med udførelse af skripter -på tværs af websteder i websvn, en webbaseret browser til -Subversion-arkiver.

- -

I Debian 6 Squeeze, er dette problem rettet i websvn version -2.3.1-1+deb6u2.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-428.data" diff --git a/danish/lts/security/2016/dla-429.wml b/danish/lts/security/2016/dla-429.wml deleted file mode 100644 index 602ccbd51d1..00000000000 --- a/danish/lts/security/2016/dla-429.wml +++ /dev/null @@ -1,12 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at der var et bufferoverløb i pixman, et bibliotek til -pixelmanipulation til X og cairo.

- -

I Debian 6 Squeeze, er dette problem rettet i pixman version -0.16.4-1+deb6u2.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-429.data" diff --git a/danish/lts/security/2016/dla-430.wml b/danish/lts/security/2016/dla-430.wml deleted file mode 100644 index bb6440cdb28..00000000000 --- a/danish/lts/security/2016/dla-430.wml +++ /dev/null @@ -1,12 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at der var en fjernudnytbar lammelsesangrebssårbarhed i libfcgi, -et bibliotek til implementering af webserverprotokollen FastCGI.

- -

I Debian 6 Squeeze, er dette problem rettet i libfcgi version -2.4.0-8+deb6u1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-430.data" diff --git a/danish/lts/security/2016/dla-431.wml b/danish/lts/security/2016/dla-431.wml deleted file mode 100644 index 085427b60dd..00000000000 --- a/danish/lts/security/2016/dla-431.wml +++ /dev/null @@ -1,13 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Man opdagede at der var en fjernudnytbar lammelsesangrebssårbarhed i -libfcgi-perl, et bibliotek til implementering af webserverprotokollen -FastCGI i Perl.

- -

I Debian 6 Squeeze, er dette problem rettet i libfcgi-perl version -0.71-1+squeeze1+deb6u1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-431.data" diff --git a/danish/lts/security/2016/dla-432.wml b/danish/lts/security/2016/dla-432.wml deleted file mode 100644 index a9ee14cd68c..00000000000 --- a/danish/lts/security/2016/dla-432.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="ce41d997301872adfc27a79ea546429856226b67" mindelta="1" -LTS-sikkerhedsopdatering - -

Flere fejl blev opdaget i PostgreSQL, et relationsdatabasesystem. -8.4-forgreningen understøttes ikke længere af opstrømsudviklerne, men er stadig -til stede i Debian squeeze. Denne nye mindre LTS-version indeholder rettelser, -som blev udrullet af opstrøm i version 9.1.20, tilbageført til 8.4.22, som var -den sidste officielt understøttede version udgivet af PostgreSQL-udviklere. -Dette LTS-arbejde vedrørende squeeze-lts, er et fællesskabsprojekt sponseret af -credativ GmbH.

- -

Denne udgave er den sidste LTS-opdatering af PostgreSQL 8.4. Brugerne bør -migrere til en nyere PostgreSQL så snart som muligt.

- -

Migrering til version 8.4.22lts6

- -

En dump/restore er ikke krævet for dem, der kører 8.4.X. Men hvis man -opgraderer fra en version tidligere end 8.4.22, så de de relevante -udgivelsesbemærkninger.

- -

Rettelser

- -
    - -
  • Retter problemer med uendelige løkker og bufferoverløb i regulære udtryk (Tom -Lane) - -

    Meget store tegnsætspænd i bracket-udtryk kunne medføre uendelige løkker - under nogle omstændigheder, og hukommelsesoverskrivninger i andre tilfælde. - (CVE-2016-0773)

    • - -
  • Udfører en omgående nedlukning hvis filen postmaster.pid er fjernet (Tom -Lane) - -

    Postmaster kontrollerer nu hvert minut eller så, om postmaster.pid stadig - findes og stadig indeholder sin egen PID. Hvis det ikke er tilfældet, - udføres en omgående nedlukning, som om der er modtaget en SIGQUIT. Den - primære årsag til ændringen er at sikre, at fejlende buildfarm-kørsler - bliver ryddet op, uden manuel indblanding; men det tjener også til at - begrænse bivirkningerne, hvis en DBA med magt fjerner postmaster.pid og - dernæst starter en ny postmaster.

    • - -
- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-432.data" diff --git a/danish/lts/security/2016/dla-433.wml b/danish/lts/security/2016/dla-433.wml deleted file mode 100644 index 59821913df4..00000000000 --- a/danish/lts/security/2016/dla-433.wml +++ /dev/null @@ -1,13 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Gustavo Grieco opdagede at xerces-c, et XML-fortolkningsbibliotek til -validering til C++, fejlbehandlede visse former for misdannede -inddatadokumenter, medførende bufferoverløb under behandling samt -fejlrapportering. Fejlene kunne føre til et lammelsesangreb i applikationer, -der anvender biblioteket xerces-c library, eller potentielt til udførelse af -vilkårlig kode.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-433.data" diff --git a/danish/lts/security/2016/dla-434.wml b/danish/lts/security/2016/dla-434.wml deleted file mode 100644 index 31eb19ef20f..00000000000 --- a/danish/lts/security/2016/dla-434.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Gustavo Grieco opdagede forskellige sikkerhedsproblemer i Gtk+2.0's -gdk-pixbuf.

- -
    - -
  • CVE-2015-4491 - -

    Heapoverløb ved behandling af BMP-billeder, hvilket kunne gøre det muligt - at udføre vilkårlig kode gennem misdannede billeder.

    • - -
  • CVE-2015-7673 - -

    Heapoverløb ved behandling af TGA-billeder, hvilket kunne gøre det muligt - at udføre vilkårlig kode eller medføre lammelsesangreb (procesnedbrud) - gennem misdannede billeder.

    • - -
  • CVE-2015-7674 - -

    Heltalsoverløb ved behandling af GIF-billeder, hvilket kunne gøre det - muligt at udføre vilkårlig kode eller medføre lammelsesangreb - (procesnedbrud) gennem misdannet billede.

    • - -
- -

I Debian 6 Squeeze, er disse problemer rettet i gtk+2.0 version -2.20.1-2+deb6u2. Vi anbefaler at du opgraderer dine gtk+2.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-434.data" diff --git a/danish/lts/security/2016/dla-435.wml b/danish/lts/security/2016/dla-435.wml deleted file mode 100644 index b3c765ee584..00000000000 --- a/danish/lts/security/2016/dla-435.wml +++ /dev/null @@ -1,74 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Tomcat 6, en implementering af specifikationerne af Java Servlet og -JavaServer Pages (JSP) og et rent Java-webservermiljø, var påvirket af flere -sikkerhedsproblemer før version 6.0.45.

- -
    - -
  • CVE-2015-5174 - -

    Mappegennemløbssårbarhed i RequestUtil.java i Apache Tomcat 6.x før - 6.0.45, 7.x før 7.0.65 samt 8.x før 8.0.27, gjorde det muligt for - fjernautentificerede brugere at omgå tilsigtede - SecurityManager-begrænsninger og se en forældermappe gennem en /.. - (slash dot dot) i et stinavn, der anvendes af en webapplikation i et - getResource-, getResourceAsStream- eller getResourcePaths-kald, som - demonstreret med mappen $CATALINA_BASE/webapps.

    • - -
  • CVE-2015-5345 - -

    Mapper-komponenten i Apache Tomcat 6.x før 6.0.45, 7.x før 7.0.67, - 8.x før 8.0.30 samt 9.x før 9.0.0.M2, behandlede viderestillinger før der - blev taget stilling til sikkerhedsbegrænsninger og Filters, hvilket gjorde - det muligt for fjernangribere at afgøre hvorvidt en mappe findes, gennem - en URL, der mangler en afsluttede skråstreg.

    • - -
  • CVE-2015-5351 - -

    Manager- og Host Manager-applikationer i Apache Tomcat, oprettede - sessioner og sendte CSRF-tokens til vilkårlige nye forespørgsler, hvilket - gjorde det muligt for fjernangribere at omgå en CSRF-beskyttelsesmekanisme, - ved at anvende et token.

    • - -
  • CVE-2016-0706 - -

    Apache Tomcat 6.x før 6.0.45, 7.x før 7.0.68, 8.x før 8.0.31 samt 9.x før - 9.0.0.M2, indsatte ikke org.apache.catalina.manager.StatusManagerServlet i - listen org/apache /catalina/core/RestrictedServlets.properties, hvilket - gjorde det muligt for fjernautentificerede brugere, at omgå tilsigtede - SecurityManager-begrænsninger samt læse vilkårlige HTTP-forespørgsler, og - dermed opdage session-ID-værdier, gennem en fabrikeret - webapplikation.

    • - -
  • CVE-2016-0714 - -

    Implemteringen af sessionpersistens i Apache Tomcat 6.x før 6.0.45, 7.x - før 7.0.68, 8.x før 8.0.31 samt 9.x før 9.0.0.M2, fejlbehandlede - sessionsattributter, hvilket gjorde det muligt for fjernautentificerede - brugere at omgå tilsigtede SecurityManager-begrænsninger samt udføre - vilkårlig kode i en priviligeret kontekst gennem en webapplikation, som - indsætter et fabrikeret objekt i en session.

    • - -
  • CVE-2016-0763 - -

    Metoden setGlobalContext i org/apache/naming/factory - /ResourceLinkFactory.java i Apache Tomcat, tog ikke i betragtning hvorvidt - kaldere af ResourceLinkFactory.setGlobalContext var autoriseret, hvilket - gjorde det muligt for fjernautentificerede brugere at omgå tilsigtede - SecurityManager-begrænsninger samt læse eller skrive til vilkårlige - applikationsdata, eller forårsage et lammelsesangreb - (applikationsforstyrrelse), gennem en webapplikation, som opsætter en - fabrikeret, global kontekst.

    • - -
- -

I Debian 6 Squeeze, er disse problemer rettet i version -6.0.45-1~deb6u1.

- -

Vi anbefaler at du opgraderer dine tomcat6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-435.data" diff --git a/danish/lts/security/2016/dla-436.wml b/danish/lts/security/2016/dla-436.wml deleted file mode 100644 index 8eee5f77aab..00000000000 --- a/danish/lts/security/2016/dla-436.wml +++ /dev/null @@ -1,11 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Pakkerne ia32-libs og ia32-libs-gtk indeholder 32 bit-versioner af -forskellige liblioteker til anvendelse på 64 bit-systemer. Opdateringen -udruller alle sikkerhedsrettelser udført på disse biblioteker siden -begyndelsen på Squeeze LTS.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-436.data" diff --git a/danish/lts/security/2016/dla-437.wml b/danish/lts/security/2016/dla-437.wml deleted file mode 100644 index 755ed66514a..00000000000 --- a/danish/lts/security/2016/dla-437.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Opstrøm udgav version 0.99. Opdateringen opdaterer sqeeze-lts til den -seneste opstrømsudgave, på linje med fremgangsmåden anvendt i andre -Debian-udgivelser.

- -

Ændringerne er ubetinget krævet for at kunne køre, men brugere af den -tidligere version i Squeeze, vil måske ikke være i stand til at benytte alle -aktuelle virussignaturer, og vil måske modtage advarsler.

- -

På grund af en soname-ændring indeholdt i denne udgave, er libclamav -opgraderet til libclamav7. Det kræver opdateringer af eksterne brugere af -libclamav. Hvad angår python-clamav, klamav og libclamunrar, er eller vil -disse ændringer være tilgængelige om kort tid.

- -

Desuden, for dansguardian, blev den udgive i squeeze med latente problemer, -som forhindrer genopbygning af pakken. Hvis man anvender dansguardian, så -forsøg ikke at opgradere til den nye clamav.

- -

Ellers, hvis man anvender clamav, anbefaler vi kraftigt at opgradere til -denne version.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-437.data" diff --git a/danish/lts/security/2016/dla-438.wml b/danish/lts/security/2016/dla-438.wml deleted file mode 100644 index 13aa08e6255..00000000000 --- a/danish/lts/security/2016/dla-438.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

To sikkerhedsrelaterede problemer er rettet i libebml, et bibliotek beregnet -til at tilgå EBML-formatet:

- -
    - -
  • CVE-2015-8790 - -

    Funktionen EbmlUnicodeString::UpdateFromUTF8 i libEBML før 1.3.3, tillod - at kontekstafhængige angribere kunne få adgang til følsomme oplysninger fra - procesheaphukommelse gennem en fabrikeret UTF-8-streng, hvilket udløser en - ugyldig hukommelsestilgang.

    • - -
  • CVE-2015-8791 - -

    Funktionen EbmlElement::ReadCodedSizeValue i libEBML før 1.3.3, tillod - at kontekstafhængige angribere kunne få adgang til følsomme oplysninger fra - procesheaphukommelse gennem en fabrikeret længdeværdi i en EBML-id, hvilket - udløse en ugyldig hukommelsestilgang.

    • - -
- -

I Debian 6 squeeze, er disse problemer rettet i libebml version -0.7.7-3.1+deb6u1. Vi anbefaler at du opgraderer dine libebml-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-438.data" diff --git a/danish/lts/security/2016/dla-439.wml b/danish/lts/security/2016/dla-439.wml deleted file mode 100644 index b5975786867..00000000000 --- a/danish/lts/security/2016/dla-439.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Denne opdatering retter CVE'erne beskrevet herunder.

- -
    - -
  • CVE-2015-8812 - -

    En fejl blev fundet i iw_cxgb3 Infiniband-driveren. Altid, når den ikke - kunne sende en pakke fordi netværket var overbelastet, frigav den pakken fra - bufferen, men prøvede senere at sende den igen. Denne anvendelse efter - frigivelse kunne medføre et lammelsesangreb (nedbrud eller hængende proces), - datatab eller rettighedsforøgelse.

    • - -
  • CVE-2016-0774 - -

    Man opdagede at rettelsen af - CVE-2015-1805 - i kerneversioner ældre end Linux 3.16, ikke på korrekt vis håndterede - situationen med en delvist fejlet atomisk læsning. En lokal, upriviligeret - brugere kunne udnytte fejlen til at få systemet til at gå ned eller lække - kernehukommelse til brugerrummet.

    • - -
  • CVE-2016-2384 - -

    Andrey Konovalov opdagede at en USB MIDI-enhed med en ugyldig - USB-descriptor kunne udløse en dobbelt frigivelse. Det kunne anvendes af en - fysisk tilstedeværende bruger til rettighedsforøgelse.

    • - -
- -

Desuden rettes nogle gamle sikkerhedsproblemer uden CVE-id:

- -

Flere kerne-API'er tillod læsning eller skrivning af 2 GiB data eller - mere i en enkelt chunk, hvilket kunne føre til et heltalsoverløb, når - udført på visse filsystemer, sockets eller enhedstyper. Den fuldstændige - sikkerhedspåvirkning er ikke blevet evalueret.

- -

Slutteligt rettes en regression i 2.6.32-48squeeze17, som medføre at Samba -hang i nogle situationer.

- -

I den gamle, gamle stabile distribution (squeeze), er disse problemer -rettet i version 2.6.32-48squeeze20. Her er der *virkelig* tale om den sidste -opdatering af linux-2.6-pakken i squeeze.

- -

I den gamle stabile distribution (wheezy), var kernen ikke påvirket af -heltalsoverløbsproblemet, og de øvrige problemer vil blive rettet i version -3.2.73-2+deb7u3.

- -

I den stabile distribution (jessie), var kernen ikke påvirket af -heltalsoverløbsproblemet eller -CVE-2016-0774, -og de øvrige problemer vil blive rettet i version 3.16.7-ckt20-1+deb8u4.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-439.data" diff --git a/danish/lts/security/2016/dla-440.wml b/danish/lts/security/2016/dla-440.wml deleted file mode 100644 index 180f763c591..00000000000 --- a/danish/lts/security/2016/dla-440.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Som beskrevet i DLA-437-1, er clamav blevet opdateret -til den nyeste opstrømsversion, 0.99. På grund af en soname-ændring i -libclamav, var det nødvendigt at rekompilere pakker som er afhængige af -libclamav, for at kunne fungere med den nye libclamav7. Da DLA-437-1 blev -udsendt, var opdaterede dansguardian-pakker ikke tilgængelige.

- -

En opdatering af dansguardian er nu uploadet, og pakker skulle snarest være -tilgængelige. Anbefalingen i DLA-437-1 om ikke at opgradere clamav, hvis den -anvendes sammen med dansguardian, gælder ikke længere.

- -

Opgradering af clamav og dansguardian er anbefalet af de årsager, som er -beskrevet i DLA-437-1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-440.data" diff --git a/danish/lts/security/2016/dla-441.wml b/danish/lts/security/2016/dla-441.wml deleted file mode 100644 index 82fc1d38d32..00000000000 --- a/danish/lts/security/2016/dla-441.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

HP's Zero Day Initiative har registreret en sårbarhed, der påvirker -pcre3-pakken. Den er blevet tildelt ZDI-id ZDI-CAN-3542. En CVE-registrering -er endnu ikke blevet tildelt.

- -

PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code -Execution Vulnerability.

- -

PCRE validerede ikke, at håndtering af (*ACCEPT)-verbet ville opstå indenfor -grænserne af cworkspace-stakbufferen, førende til et stakbufferoverløb.

- -

I Debian 6 Squeeze, er disse problemer rettet i version -8.02-1.1+deb6u1.

- -

Vi anbefaler at du opgraderer dine pcre3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-441.data" diff --git a/danish/lts/security/2016/dla-442.wml b/danish/lts/security/2016/dla-442.wml deleted file mode 100644 index 7872f764853..00000000000 --- a/danish/lts/security/2016/dla-442.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -
    - -
  • CVE-2013-6441 - -

    Skabelonskriptet lxc-sshd, som anvendes til at mounte sig selv - /sbin/init i containeren ved hjælp af en skrivbar bind-mount.

    - -

    Denne opdatering løser ovennævnte problem ved i stedet at anvende en kan - læsbar bind-mount, hvilket forhindrer enhver form for potentiel utilsigtet - beskadigelse.

    • - -
  • CVE-2015-1335 - -

    Ved containerstart opsætter lxc containerens indlende filsystemstræ, ved - at foretage et antal mounts, vejledt af containerens opsætningsfil.

    - -

    Containerens opsætningsfil ejes af administratoren eller brugeren på - værten, så der gøres ikke forsøg på at sikre sig mod fejlbehæftede - forekomster. Men da mountmålet dog er i containeren, er det muligt at - containeradministratoren kan have viderestillet mount'en med symbolske - links. Det kunne omgå korrekt containerstart (dvs. indespærring af en - rootejet container med den restriktive apparmor-policy, ved at - viderestille den krævede skrivning til /proc/self/attr/current), eller - omgå (den stibaserede) apparmor-policy ved at viderestille eksempelvis - /proc til /mnt i containeren.

    - -

    Opdateringen implementerer en safe_mount()-funktion, som forhindrer lxc - i at foretage mounts på symbolske links.

    • - -
- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-442.data" diff --git a/danish/lts/security/2016/dla-443.wml b/danish/lts/security/2016/dla-443.wml deleted file mode 100644 index 058d82fb825..00000000000 --- a/danish/lts/security/2016/dla-443.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="ce41d997301872adfc27a79ea546429856226b67" mindelta="1" -LTS-sikkerhedsopdatering - -

En sårbarhed i forbindelse med fjernudførelse af kode, blev fundet i -BeanShell, en embedbar Java-kodefortolker med -objektskripsprogfunktionalitet.

- -
    - -
  • CVE-2016-2510 - -

    En applikation, som medtager BeanShell på classpath, kunne være sårbar, - hvis en anden del af applikationen anvender Java-serialisering eller - XStream til at deserialisere data fra en kilde, der ikke er tillid til. En - sårbar applikation kunne udnyttes til fjernudførelse af kode, herunder - udførelse af vilkårlige shell-kommandoer.

    • - -
- -

I Debian 6 Squeeze, er disse problemer rettet i version -2.0b4-12+deb6u1.

- -

Vi anbefaler at du opgraderer dine bsh-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-443.data" diff --git a/danish/lts/security/2016/dla-444.wml b/danish/lts/security/2016/dla-444.wml deleted file mode 100644 index b7bae571dfc..00000000000 --- a/danish/lts/security/2016/dla-444.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - - -
    - -
  • CVE-2015-2305 - -

    Heltalsoverløb i regcomp-implementeringen i regexbiblioteket Henry - Spencer BSD (alias rxspencer) alpha3.8.g5 på 32 bit-platforme, som anvendes - i NetBSD til og med 6.1.5 og andre produkter, kunne gøre det muligt for - kontekstafhængige angribere at udføre vilkårlig kode gennem et stort - regulært udtryk, som førte til et heapbaseret bufferoverløb.

    • - -
  • CVE-2015-2348 - -

    Implementeringen af move_uploaded_file i ext/standard/basic_functions.c i - PHP før 5.4.39, 5.5.x før 5.5.23 samt 5.6.x før 5.6.7, trunkerede stinavne - når der blev mødt et \x00-tegn, hvilket gjorde det muligt for fjernangribere - at omgå tilsigtede udvidelsesbegrænsninger og oprette filer med uventede - navne gennem et fabrikeret, andet parameter.

    - -

    Bemærk: Sårbarheden findes på grund af en ufuldstændig rettelse af - \ - CVE-2006-7243.

    • - -
  • CVE-2016-tmp, fejl nummer 71039 -

    exec-funktioner ignorerer længde, men kigger efter - NULL-terminering.

    • - -
  • CVE-2016-tmp, fejl nummer 71089 -

    Ingen kontrol af duplikeret zend_extension.

    • - -
  • CVE-2016-tmp, fejl nummer 71201 -

    round()-segfault i 64 bit-builds.

    • - -
  • CVE-2016-tmp, fejl nummer 71459 -

    Heltalsoverløb i iptcembed().

    • - -
  • CVE-2016-tmp, fejl nummer 71354 -

    Heapkorruption i fortolker af tar/zip/phar.

    • - -
  • CVE-2016-tmp, fejl nummer 71391 -

    NULL-pointerdereference i phar_tar_setupmetadata().

    • - -
  • CVE-2016-tmp, fejl nummer 70979 -

    Nedbrud ved dårlig SOAP-forespørgsel.

    • - -
- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-444.data" diff --git a/danish/lts/security/2016/dla-445.wml b/danish/lts/security/2016/dla-445.wml deleted file mode 100644 index 1dbee5cd5c5..00000000000 --- a/danish/lts/security/2016/dla-445.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" mindelta="1" -LTS-sikkerhedsopdatering - -

Den tilbageførte patch til løsning af -CVE-2016-2569 -medførte fejlende assertions, som fik squid3 til at gå ned, når forbindelser -lukkes. Rettelsen af CVE er stærkt afhængig af exceptionhåndtering, som er til -stede i nyere versioner af squid3, som jeg ikke var opmærksom på i den -foregående opdatering. Jeg har tilbagerullet patch'en, for at gå tilbage til -det sikreste udgangspunkt, taget i betragtning at Squeeze-brugere bør migrere -til en understøttet version af Debian. Denne opdatering, efter understøttelsen -er ophørt, har til hensigt at bevare en fungerende squid3-pakke i arkivet.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/lts/security/2016/dla-445.data" diff --git a/danish/lts/security/2016/index.wml b/danish/lts/security/2016/index.wml deleted file mode 100644 index ad914d39c87..00000000000 --- a/danish/lts/security/2016/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" -LTS-sikkerhedsbulletiner fra 2016 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/lts/security/2016' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-lts-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/lts/security/2017/Makefile b/danish/lts/security/2017/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/lts/security/2017/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/lts/security/2017/index.wml b/danish/lts/security/2017/index.wml deleted file mode 100644 index ec5ed4460aa..00000000000 --- a/danish/lts/security/2017/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" -LTS-sikkerhedsbulletiner fra 2017 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/lts/security/2017' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-lts-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/lts/security/2018/Makefile b/danish/lts/security/2018/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/lts/security/2018/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/lts/security/2018/index.wml b/danish/lts/security/2018/index.wml deleted file mode 100644 index 447e65f3105..00000000000 --- a/danish/lts/security/2018/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" -LTS-sikkerhedsbulletiner fra 2018 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/lts/security/2018' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-lts-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/lts/security/2019/Makefile b/danish/lts/security/2019/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/lts/security/2019/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/lts/security/2019/index.wml b/danish/lts/security/2019/index.wml deleted file mode 100644 index cb3fff8a0ef..00000000000 --- a/danish/lts/security/2019/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="1d1c1ba842e225bf68a6fed5744786cc779234f7" -LTS-sikkerhedsbulletiner fra 2019 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/lts/security/2019' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-lts-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/lts/security/2020/Makefile b/danish/lts/security/2020/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/lts/security/2020/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/lts/security/2020/index.wml b/danish/lts/security/2020/index.wml deleted file mode 100644 index 3fca9a3690a..00000000000 --- a/danish/lts/security/2020/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="c869670c5270acc99824a50b5149ac8fea1611f7" -LTS-sikkerhedsbulletiner fra 2020 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/lts/security/2020' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-lts-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/1997/Makefile b/danish/security/1997/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/1997/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/1997/index.wml b/danish/security/1997/index.wml deleted file mode 100644 index 945de01fb43..00000000000 --- a/danish/security/1997/index.wml +++ /dev/null @@ -1,6 +0,0 @@ -#use wml::debian::template title="Sikkerhedsbulletiner fra 1997" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="118bbba7772258864cea0391dc2fcecd44b8f358" - -<:= get_recent_list('.', '0', '$(ENGLISHDIR)/security/1997', 'list', '\d+\w*' ) :> - diff --git a/danish/security/1998/Makefile b/danish/security/1998/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/1998/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/1998/index.wml b/danish/security/1998/index.wml deleted file mode 100644 index 3567649d1d7..00000000000 --- a/danish/security/1998/index.wml +++ /dev/null @@ -1,7 +0,0 @@ -Sikkerhedsbulletiner fra 1998 -#use wml::debian::template title="Sikkerhedsbulletiner fra 1998" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="118bbba7772258864cea0391dc2fcecd44b8f358" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/1998', 'list', '\d+\w*' ) :> - diff --git a/danish/security/1999/Makefile b/danish/security/1999/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/1999/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/1999/index.wml b/danish/security/1999/index.wml deleted file mode 100644 index 041e350c5c9..00000000000 --- a/danish/security/1999/index.wml +++ /dev/null @@ -1,7 +0,0 @@ -Sikkerhedsbulletiner 1999 -#use wml::debian::template title="Sikkerhedsbulletiner fra 1999" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="118bbba7772258864cea0391dc2fcecd44b8f358" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/1999', 'list', '\d+\w*' ) :> - diff --git a/danish/security/2000/Makefile b/danish/security/2000/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2000/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2000/index.wml b/danish/security/2000/index.wml deleted file mode 100644 index 59d1caeaf1c..00000000000 --- a/danish/security/2000/index.wml +++ /dev/null @@ -1,13 +0,0 @@ -Sikkerhedsbulletiner fra 2000 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2000', '', '\d+\w*' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores -\ -debian-security-announce-postliste. -Du kan også \ -kigge i listens arkiv. diff --git a/danish/security/2001/Makefile b/danish/security/2001/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2001/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2001/dsa-011.wml b/danish/security/2001/dsa-011.wml deleted file mode 100644 index 1588b0457ed..00000000000 --- a/danish/security/2001/dsa-011.wml +++ /dev/null @@ -1,10 +0,0 @@ -usikker håndtering af midlertidige filer -Immunix rapporterer at mgetty ikke opretter midlertidige -filer på en sikker måde, hvilket kan medføre et symlink-angreb. Dette er -rettet i mgetty 1.1.21-3potato1. - -

Vi anbefaler at du omgående opgraderer din mgetty-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-011.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-012.wml b/danish/security/2001/dsa-012.wml deleted file mode 100644 index 4c93d5b4b52..00000000000 --- a/danish/security/2001/dsa-012.wml +++ /dev/null @@ -1,11 +0,0 @@ -fjern-buffer-overløb -PkC har rapporteret at der er et buffer-overløb i -sprintf() i micq version 0.4.6 og tidligere, som giver en fjernangriber -mulighed for at "snuse" til pakker til ICQ-serveren for at kunne udføre -vilkårlige kode på offerets system. - -

Vi anbefaler at du omgående opgraderer din micq-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-012.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-013.wml b/danish/security/2001/dsa-013.wml deleted file mode 100644 index 89519c90a3e..00000000000 --- a/danish/security/2001/dsa-013.wml +++ /dev/null @@ -1,10 +0,0 @@ -fjern-buffer-overløb -Nicolas Gregoire har rapporteret et buffer-overløb i -mysql-serveren, der kan medføre et fjernangreb. En angriber kunne få -mysqld-rettigheder (og dermed få adgang til alle databaser). - -

Vi anbefaler at du omgående opgraderer din mysql-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-013.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-014.wml b/danish/security/2001/dsa-014.wml deleted file mode 100644 index f70f013ebc1..00000000000 --- a/danish/security/2001/dsa-014.wml +++ /dev/null @@ -1,10 +0,0 @@ -buffer-overløb og format-streng-angreb -Det blev for nylig rapporteret at splitvt er sårbar -overfor adskillige buffer-overløbsangreb og et format-streng-angreb. En -angriber kunne få adgang til root-brugerid'en. - -

Vi anbefaler at du omgående opgraderer din splitvt-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-014.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-015.wml b/danish/security/2001/dsa-015.wml deleted file mode 100644 index 1a6b7c4501a..00000000000 --- a/danish/security/2001/dsa-015.wml +++ /dev/null @@ -1,13 +0,0 @@ -ikke-fungerende vedligeholderscript -sash-version før 3.4-4 klonede ikke /etc/shadow korrekt, -og gjorde den læsbar for alle. - -

Denne pakke findes kun i stable, så hvis du kører unstable vil du ikke se -en fejlrettelse med mindre anvender ressourcerne nederst i denne meddelelse -til en korrekt opsætning. - -

Vi anbefaler at du omgående opgraderer din sash-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-015.data' -#use wml::debian::translation-check translation="e06047902e8e0f43aa4ad3690c93bde4063dff5c" \ No newline at end of file diff --git a/danish/security/2001/dsa-016.wml b/danish/security/2001/dsa-016.wml deleted file mode 100644 index 81ad2bd951f..00000000000 --- a/danish/security/2001/dsa-016.wml +++ /dev/null @@ -1,11 +0,0 @@ -oprettelse af midlertidig fil og format-streng -Sikkerhedsfolk hos WireX har opdaget en fejl ved -oprettelse af midlertidige filer og WU-FTPD-udviklerne har opdaget en mulig -format-strengfejl i wu-ftpd. Begge kunne udnyttes af en fjernbruger, selvom -der ikke pt. er nogen angreb. - -

Vi anbefaler at du omgående opgraderer din wu-ftpd-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-016.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-017.wml b/danish/security/2001/dsa-017.wml deleted file mode 100644 index a0de87ebd3b..00000000000 --- a/danish/security/2001/dsa-017.wml +++ /dev/null @@ -1,12 +0,0 @@ -buffer-overløb -I ældre version af jazip kunne en bruger opnå root-adgang -for medlemmer af floppy-gruppen på den lokale maskine. Brugerfladen kører ikke -længere som root og lige netop dette angreb blev forhindret. Programmet -trunkerer nu også DISPLAY til 256 tegn hvis det er større, hvilket forhindrer -buffer-overløbet (i xforms). - -

Vi anbefaler at du omgående opgraderer din jazip-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-017.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-018.wml b/danish/security/2001/dsa-018.wml deleted file mode 100644 index 9b6a6b66834..00000000000 --- a/danish/security/2001/dsa-018.wml +++ /dev/null @@ -1,10 +0,0 @@ -fjernangreb mod "nobody" -PkC har fundet et heap-overløb i tinyproxy der kunne -udnyttes af en fjernbruger. En angriber kunne få adgang til en shell (som -brugeren nobody). - -

Vi anbefaler at du omgående opgraderer din tinyproxy-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-018.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-019.wml b/danish/security/2001/dsa-019.wml deleted file mode 100644 index 1dc2d840d91..00000000000 --- a/danish/security/2001/dsa-019.wml +++ /dev/null @@ -1,13 +0,0 @@ -usikker håndtering af midlertidige filer -WireX opdagede en potentiel "kapløbsfejl" i forbindelse -med midlertidige filer, på grund af den måde squid sender e-mail-besked til -administratoren om at programmet bør opdateres. Dette kunne medføre at -vilkårlige filer blev overskrevet. Men koden ville kun blive udført hvis man -kørte den allernyeste udgave af squid, på en server hvis ur var sat nogle -måneder tilbage i tiden og squid gik ned. Med andre ord svært at udnytte. -Denne version indeholder også flere opstrøms-fejlrettelser angående -punktummer i hostnavne og forkert HTML-citering. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-019.data' -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" \ No newline at end of file diff --git a/danish/security/2001/dsa-020.wml b/danish/security/2001/dsa-020.wml deleted file mode 100644 index bf6372a1674..00000000000 --- a/danish/security/2001/dsa-020.wml +++ /dev/null @@ -1,15 +0,0 @@ -fjern-overbelastningsangreb og fjern-informationslæk -Zend-folkene har fundet en sårbarhed i ældre versioner af -PHP4 (det originale bulletin nævner 4.0.4 mens fejlene også findes i version -4.0.3). Det er muligt at angive PHP-direktiver pr. mappe, hvilket kan -resultere i at en fjernangriber fremstiller en HTTP-forespørgsel der kan få -den næste side der vises, til at blive sendt med de forkerte direktivværdier. -Desuden, hvis PHP er installeret, kan det slås fra eller til pr. mappe -eller pr. virtuel host ved hjælp af direktiverne "engine=on" og "engine=off". -Denne indstilling kan lækkes til andre virtuelle hosts på den samme maskine, -og dermed slå PHP fra i disse hosts, med det resultat at PHP-kildekoden sendes -til klienten i stedet for at blive udført af serveren. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-020.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-021.wml b/danish/security/2001/dsa-021.wml deleted file mode 100644 index 2789e473f1b..00000000000 --- a/danish/security/2001/dsa-021.wml +++ /dev/null @@ -1,11 +0,0 @@ -usikker midlertidig fil-fejl, ikke-fungerende mod_rewrite -WireX har fundet nogle forekomster af usikre åbninger af -midlertidige filer i htdigest og htpasswd. Begge programmer installeres ikke -setuid eller setgid og effekten skulle dermed være minimal. Apache-gruppen har -frigivet en ny sikkerhedsfejlrettelse der retter en sårbarhed i mod_rewrite, -som kan resultere i at en fjernangriber får adgang til vilkårlige filer på -web-serveren. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-021.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-022.wml b/danish/security/2001/dsa-022.wml deleted file mode 100644 index 8b2b220ed73..00000000000 --- a/danish/security/2001/dsa-022.wml +++ /dev/null @@ -1,15 +0,0 @@ -lokal usikker oprettelse af midlertidige filer -Tidligere versionaf exmh-programmet anvendte /tmp til at -gemme midlertidige filer i. Ingen kontroller blev udført for at sikre sig, at -ingen i mellemtiden havde placeret et symlink med det samme navn i /tmp, og -dermed var sårbar overfor et symlink-angreb. Dette kunne resultere i at en -ondskabsfuld lokal bruger havde mulighed for at overskrive en hvilken som -helst fil som var skrivbar af brugeren der udførte exmh. "Opstrøms"-udviklerne -har rapporteret og rettet dette. exmh-programmet anvender nu /tmp/login, med -mindre TMPDIR eller EXMHTMPDIR er sat. - -

Vi anbefaler at du omgående opgraderer dine exmh-pakker. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-022.data' -#use wml::debian::translation-check translation="4f9f6862b19e7b0c7a9d8cfd16ecd8186131ff19" \ No newline at end of file diff --git a/danish/security/2001/dsa-023.wml b/danish/security/2001/dsa-023.wml deleted file mode 100644 index 8baa73bf4d0..00000000000 --- a/danish/security/2001/dsa-023.wml +++ /dev/null @@ -1,21 +0,0 @@ -lokale sårbarheder ved midlertidige filer - -

    -
  • Folkene hos WireX har fundet flere potentielle problemer ved brugen af -midlertidige filer i programmer der følger med INN2. Nogle af dem kan kun -resultere i sårbarhed overfor symlink-angreb hvis den midlertidige mappe -er sat til /tmp eller /var/tmp, hvilket er tilfældet på mange installationer, -i hvert fald med Debian-pakker. En angriber kunne overskrive en hvilken som -helst fil ejet af news-systemadministratoren, f.eks. ejet af news.news. -
  • Michal Zalewski fandt en mulighed for buffer-overløbsangreb i forbindelse -med annulleringsmeddelelser (cancel) og kontrollen af disse. Denne fejl viste -sig kun hvis "verifycancels" var slået til i inn.conf, hvilket er ikke -standard og frarådes af "opstrøms"-vedligeholderne. -
  • Andi Kleen fandt en fejl i INN2 der får innd til at gå ned ved -2-byte-headere. Der er risiko for at dette kan udnyttes via uucp. -
-Vi anbefaler at du omgående opgraderer dine inn2-pakker. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-023.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-024.wml b/danish/security/2001/dsa-024.wml deleted file mode 100644 index db3a907781d..00000000000 --- a/danish/security/2001/dsa-024.wml +++ /dev/null @@ -1,13 +0,0 @@ -lokal usikker crontab-håndtering -FreeBSD-teamet har fundet en fejl i den måde nye -crontab'er bliver håndteret på, hvilket kunne give ondskabsfulde brugere -mulighed for at se vilkårlige crontab-filer på det lokale system. Dette -påvirker kun valide crontab-filer, så det kan ikke anvendes til at få adgang -til /etc/shadow eller lignende. crontab-filer er ikke specielt sikre, da der -er andre måder hvorpå de kan blive lækket. Gem ikke adgangskoder eller andre -følsomme oplysninger i dem. Vi anbefaler at du opgraderer dine cron-pakker. - - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-024.data' -#use wml::debian::translation-check translation="98c7ecaade34b007f309964ad4de8638677324d3" \ No newline at end of file diff --git a/danish/security/2001/dsa-025.wml b/danish/security/2001/dsa-025.wml deleted file mode 100644 index c632967f573..00000000000 --- a/danish/security/2001/dsa-025.wml +++ /dev/null @@ -1,9 +0,0 @@ -Manglende PAM-understøttelse -En tidligere sikkerhedsopdatering af OpenSSH manglende -support for PAM, hvilket kunne forhindre folk i at få adgang til deres servere. -Dette var kun et problem under sparc-arkitekturen. -Vi anbefaler at du opgraderer din ssh-pakke under sparc. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-025.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-026.wml b/danish/security/2001/dsa-026.wml deleted file mode 100644 index ace4e51ae4f..00000000000 --- a/danish/security/2001/dsa-026.wml +++ /dev/null @@ -1,12 +0,0 @@ -buffer-overløb og informationslæk -BIND 8 har flere buffer-overløb. Et omvendt forespørgsel -kan konstrueres således at det er mulig at læse stakken fra en fjernmaskine og -dermed se environment-variablerne. CERT har offentliggjort oplysninger om -disse problemer. En ny "upstrøms"-version rette dette. På grund af BINDs -kompleksitet har vi besluttet at fravige vores regler, ved at frigive den nye -"upstrøms"-kildekode i vores stabile distribution (stable). Vi anbefaler at -du omgående opgraderer dine bind-pakker. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-026.data' -#use wml::debian::translation-check translation="9917551b09d08e494c219ae1855cb06e9ada1ae2" \ No newline at end of file diff --git a/danish/security/2001/dsa-027.wml b/danish/security/2001/dsa-027.wml deleted file mode 100644 index 58ffca0a3e6..00000000000 --- a/danish/security/2001/dsa-027.wml +++ /dev/null @@ -1,16 +0,0 @@ -fjern-angreb - -
    -
  1. Versioner af OpenSSH før 2.3.0 er sårbare overfor et fjernangreb hvor -vilkårlig hukommelse bliver overskrevet, hvilket kan resultere i et -root-angreb. -
  2. CORE-SDI har beskrevet problemet med hensyn til RSA-nøgleudveksling og et -Bleichenbacher-angreb der opfanger sessionsnøglen fra en SSH-session. -
-Begge disse problemer er rettet i vores ssh-pakke 1.2.3-9.2. - -Vi anbefaler at du omgående opgraderer din openssh-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-027.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-028.wml b/danish/security/2001/dsa-028.wml deleted file mode 100644 index 04a44b9820e..00000000000 --- a/danish/security/2001/dsa-028.wml +++ /dev/null @@ -1,12 +0,0 @@ -format-streng-sårbarhed -Styx rapporterer at programmet `man' fejlagtigt sender -ondskabsfuldte strenge (f.eks. indeholdende formateringstegn) gennem rutiner -som det ikke var meningen, skulle anvende format-strenge. Da dette kan -resultere i segmenteringsfejl og rettighederne ikke blev afgivet, kan dette -føre til et angreb med 'man'-brugeren. - -

Vi anbefaler at du omgående opgradererdin man-db-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-028.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-029.wml b/danish/security/2001/dsa-029.wml deleted file mode 100644 index 42ed9376e13..00000000000 --- a/danish/security/2001/dsa-029.wml +++ /dev/null @@ -1,22 +0,0 @@ -fjern-overbelastningsangreb og potentielt buffer-overløb -Følgende problemer er blevet rapporteret vedrørende den -version af proftpd som er i Debian 2.2 (potato): -

    -
  1. Der er en hukommelseslæk i SIZE-kommandoen hvilket kan resultere i et -overbelastningsangreb ("denial of service"), rapporterer Wojciech Purczynski. -Det er kun et problem hvis proftpd ikke kan skrive til sin "scoreboard"-fil; -Debians standard-installation af proftpd er ikke sårbar. -
  2. Et lignende hukommelseslæk påvirker USER-kommandoen, rapporterer -Wojciech Purczynski også. proftpd i Debian 2.2 er sårbar overfor dette -problem; en angriber kan få proftpd-daemon'en til at gå ned ved at opbruge -programmets tilgængelige hukommelse. -
  3. Der blev også rapporteret nogle format-streng-svagheder af Przemyslaw -Frasunek. Disse har ingen kendte angreb, men er for en sikkerheds skyld blevet -rettet. -
-Alle tre ovennævnte sårbarheder er rettet i proftpd-1.2.0pre10-2potato1. -Vi anbefaler at du omgående opgraderer din proftpd-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-029.data' -#use wml::debian::translation-check translation="c371429c7a2c0e812d09977961ce80d0838cc8ef" \ No newline at end of file diff --git a/danish/security/2001/dsa-030.wml b/danish/security/2001/dsa-030.wml deleted file mode 100644 index f2475bef740..00000000000 --- a/danish/security/2001/dsa-030.wml +++ /dev/null @@ -1,81 +0,0 @@ -buffer-overløb, usikker håndtering af midlertidige filer, overbelastningsangreb -Chris Evans, Joseph S. Myers, Michal Zalewski, Alan Cox, -og andre har bemærket et antal problemer i forskellige komponenter af X -Window Systemets eksempelimplementation (på hvilken XFree86 er baseret). -Mens der ikke er kendte rapporter om ondskabsfulde angreb baseret på nogen af -disse problemer, foreslår vi ikke desto mindre at du omgående opgraderer dine -XFree86-pakker. - -

-Denne bulletin drejer sig kun om XFree86 3.3.6, da det er denne version der er -frigivet sammen med Debian GNU/Linux 2.2 ("potato"); Debian-pakker af XFree86 -4.0 og senere er ikke blevet frigivet som del af en Debian-distribution. - -

-Flere personer er ansvarlige for rettelserne af disse problemer, blandt andre -Aaron Campbell, Paulo Cesar Pereira de Andrade, Keith Packard, David Dawes, -Matthieu Herrb, Trevor Johnson, Colin Phipps og Branden Robinson. - -

    -
  • X-servere er sårbare overfor overbelastningsangreb ("denial of service") -ved forhandlinger med XC-SECURITY-protokollen. -
  • X-klienter baseret på Xlib (hvilket er de fleste) kan udsættes for -potentielle buffer-overløb i _XReply()- og _XAsyncReply()-funktionerne, hvis -de forbinder sig til en ondskabsfuldt kodet X-server som placerer falske -data i sine X-protokol-svar. -BEMÆRK: Dette er kun et effektivt angreb mod X-klienter der kører med -forhøjede rettigheder (setuid- eller setgid-programmer) og giver kun potentiel -adgang til de forhøjede rettigheder. For eksempel er den mest udbredte -setuid-X-klient formentlig xtrem. På mange Unix-systemer er xtrem setuid root; -i Debian 2.2 er xtrem kun setgid utmp, hvilket betyder at et effektivt angreb -er begrænset til ødelæggelse af lastlog-, utmp- og wtmp-filer -- -ikke general root-adgang. Bemærk også at en angriber på -forhånd skal have tilstrækkelige rettigheder, for at kunne starte en sådan -X-klient og med succes forbinde sig til en X-server. -
  • Der er et buffer-overløb (ikke stack-baseret) i xdms XDMCP-kode. -
  • Der er et 1-byte-overløb i Xtrans.c. -
  • Der er også mulige buffer-overløbsproblemer i Xtranssock.c. -
  • Der er et buffer-overløb i forbindelse med -xkbmap X-server-flaget. -
  • MultiSrc-widget'et i Athena-widget-biblioteket håndterer midlertidige filer -usikkert. -
  • imake-programmet håndterer midlertidige filer usikkert når der udføres -install-regler. -
  • ICE-biblioteket er sårbart overfor buffer-overløbsangreb. -
  • xauth-programmet håndterer midlertidige filer usikkert. -
  • XauLock()-funktionen i Xau-biblioteket håndterer midlertidige filer -usikkert. -
  • gccmakedep- og makedepend-programmerne håndterer midlertidige filer -usikkert. -
-Alle ovenstående problemer er løst i forbindelse med denne -sikkerhedsfrigivelse. - -

Der er flere andre sikkerhedsproblemer i XFree86 som ofte diskuteres i -forbindelse med ovenstående, men som et ajourført Debian 2.2-system -IKKE er sårbart overfor: - -

    -
  • Der er fire forskellige problemer med Xlibs XOpenDisplay()-funktion, hvor -en ondskabsfuldt kodet X-server kan forsage et overbelastningsangreb ("denial -of service") eller buffer-overløb. Som tidligere er det kun et effektivt angreb mod -X-klienter der kører med forhøjede rettigheder, og angriberen skal på forhånd -have tilstrækkelige rettigheder til at starte en sådan X-klient og med -succes forbinde sig til en X-server. -Debian 2.2 og 2.2r1 er kun sårbare til et af disse problemer, fordi vi -tilføjede ændringer (patches) til XFree86 3.3.6 for at rette de andre tre. -En ekstra ændring føjet til Debian 2.2r2 rettede det fjerde problem. -
  • AsciiSrc-widget'en i Athena-widget-biblioteket håndterer midlertidige -filer usikkert. Debian 2.2r2 er ikke sårbar overfor dette problem fordi vi -tilføjede en ændring for at fjerne problemet. -
  • imake-programmet anvender mktemp() i stedet for mkstemp(). Dette problem -findes ikke i XFree86 3.3.6 og derfor er ingen frigivelse af Debian 2.2 -påvirket. -
- -Disse problemer er rettet i version 3.3.6-11potato32 og vi anbefaler at du -omgående opgraderer dine X-pakker. - - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-030.data' -#use wml::debian::translation-check translation="1e50ac3d41b5e280b3bfeec438669c049126f9d6" \ No newline at end of file diff --git a/danish/security/2001/dsa-031.wml b/danish/security/2001/dsa-031.wml deleted file mode 100644 index 24d09ec0a91..00000000000 --- a/danish/security/2001/dsa-031.wml +++ /dev/null @@ -1,9 +0,0 @@ -buffer-overløb -Todd Miller annoncerede en ny version af sudo som -retter et buffer-overløb der potentielt kunne anvendes til at få -root-rettigheder på det lokale system. Rettelsen i sudo 1.6.3p6 er -tilgængelig i sudo 1.6.2p2-1potato1 til Debian 2.2 (potato). - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-031.data' -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" \ No newline at end of file diff --git a/danish/security/2001/dsa-032.wml b/danish/security/2001/dsa-032.wml deleted file mode 100644 index a1b0d638c0f..00000000000 --- a/danish/security/2001/dsa-032.wml +++ /dev/null @@ -1,20 +0,0 @@ -proftpd kører med forkert brugerid, fejlagtig fjernelse af fil -Følgende problemer er blevet rapporteret vedrørende den -version af proftpd som er i Debian 2.2 (potato): - -
    -
  1. Der er en opsætningsfejl i postinst-scriptet, når brugeren svarer 'yes' -til om anonym adgang skal slås til. postinst-scriptet efterlader fejlagtigt -'run as uid/gid root'-indstillingen i /etc/proftpd.conf og tilføjer en -'run as uid/gid nobody'-indstillinger, der ikke har nogen effekt. -
  2. Der opstår en fejl når /var er et symlink og proftpd genstartes, -Når proftpd stoppes, bliver /var-symlink'et fjernet; når programmet startes -igen oprettes en fil med navnet /var. -
- -Ovenstående problemer er rettet i proftpd-1.2.0pre10-2.0potato1. -Vi anbefaler at du omgående opgraderer din proftpd-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-032.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-033.wml b/danish/security/2001/dsa-033.wml deleted file mode 100644 index 11ef459a25d..00000000000 --- a/danish/security/2001/dsa-033.wml +++ /dev/null @@ -1,17 +0,0 @@ -buffer-overløb -Forfatteren af analog, Stephen Turner, har opdaget en -buffer-overløbsfejl i alle version af analog, bortset fra version 4.16. En -ondskabsfuld bruger kunne bruge en ALIAS-kommando til at fremstille meget -lange strenge, som ikke blev kontrolleret for længde og grænser. Denne fejl -er specielt farlig hvis formular-brugerfladen (der tillader ukendte brugere -at køre programmet via et CGI-script) er installeret. Der lader ikke til at -være et kendt angreb. - -

Fejlrettelsen er overført til den version af analog som er i Debian 2.2. -Version 4.01-1potato1 er rettet. - -

Vi anbefaler at du omgående opgraderer din analog-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-033.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-034.wml b/danish/security/2001/dsa-034.wml deleted file mode 100644 index 1dc56c15790..00000000000 --- a/danish/security/2001/dsa-034.wml +++ /dev/null @@ -1,17 +0,0 @@ -root-fjernangreb -Fumitoshi Ukai og Denis Barbier har opdaget flere -potentielle buffer-overløbsfejl i vores version af ePerl som distribueres i -alle vore distributioner. - -

Når ePerl er installeret setuid root, kan programmet skifte til -scriptets ejers UID/GID. Selvom Debian ikke distribuerer programmet setuid -root, er dette en nyttig funktion som folk kan have slået til lokalt. -Når programmet anvendes om /usr/lib/cgi-bin/nph-eperl kan fejlene desuden -medføre en fjern-sårbarhed. - -

Version 2.2.14-0.7potato2 retter dette; vi anbefaler at du omgående -opgraderer din ePerl-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-034.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-035.wml b/danish/security/2001/dsa-035.wml deleted file mode 100644 index 1231167beaf..00000000000 --- a/danish/security/2001/dsa-035.wml +++ /dev/null @@ -1,10 +0,0 @@ -fjern-overbelastningsangreb -Det er blevet rapporteret at en fjern-bruger kan få -man2html at bruge al tilgængelig hukommelse. Dette er rettet af Nicolás -Lichtmaier med hjælp fra Stephan Kulow. - -

Vi anbefaler at du omgående opgraderer din man2html-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-035.data' -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" \ No newline at end of file diff --git a/danish/security/2001/dsa-036.wml b/danish/security/2001/dsa-036.wml deleted file mode 100644 index f9346b8d637..00000000000 --- a/danish/security/2001/dsa-036.wml +++ /dev/null @@ -1,10 +0,0 @@ -vilkårlig programudførelse -Det er blevet rapporteret at en lokal bruger kan få en -anden brugers Midnight Commander til at udføre vilkårlige programmer under -denne brugers id. Dette er blevet rettet af Andrew V. Samoilov. - -

Vi anbefaler at du opgraderer din mc-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-036.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-037.wml b/danish/security/2001/dsa-037.wml deleted file mode 100644 index d3489ab8437..00000000000 --- a/danish/security/2001/dsa-037.wml +++ /dev/null @@ -1,10 +0,0 @@ -usikker håndtering af midlertidige filer -Det er blevet rapporteret af AsciiSrc- og -MultiSrc-widget'erne i Athena-widget-biblioteket håndterer midlertidige filer -usikkert. Joey Hess har overført rettelsen fra XFree86 til disse -Xaw-erstatningsbiblioteker. Rettelserne er tilgængelige i nextaw -0.5.1-34potato1, xaw3d 1.3-6.9potato1 og xaw95 1.1-4.6potato1. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-037.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-038.wml b/danish/security/2001/dsa-038.wml deleted file mode 100644 index b485efe6262..00000000000 --- a/danish/security/2001/dsa-038.wml +++ /dev/null @@ -1,9 +0,0 @@ -usikre midlertidige filer -Tidligere versionaf sgml-tools oprettede midlertidige -filer direkte i /tmp, på en usikker måde. Version 1.0.9-15 og højere opretter -først en undermappe og åbner midlertidige filer i dén mappe. Dette er -rettet i sgml-tools 1.0.9-15 - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-038.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-039.wml b/danish/security/2001/dsa-039.wml deleted file mode 100644 index c1bc9891efc..00000000000 --- a/danish/security/2001/dsa-039.wml +++ /dev/null @@ -1,23 +0,0 @@ -lokal overskrivning af fil -Den version af GNU libc som distribueres med Debian -GNU/Linux 2.2 har to sikkerhedsproblemer: - -

    -
  • Det var muligt at anvende LD_PRELOAD til at indlæse biblioteker der er -angivet i /etc/ld.so.cache, også suid-programmer. Dette kunne anvendes til at -oprette (og overskrive) filer som brugeren ikke skulle have adgang til. -
  • Ved anvendelse af LD_PROFILE skrev suid-programmer data til en fil i -/var/tmp, hvilket ikke blev gjort sikkert. Igen, dette kunne anvendes til at -oprette (og overskrive) filer som brugeren ikke skulle have adgang til. -
- -Begge problemer er rettet i version 2.1.3-17 og vi anbefaler at du omgående -opgraderer din glibc-pakke. - -

Bemærk at en følgevirkning af denne opgraderering er, at ldd ikke længere -vil fungere på suid programs, med mindre du er logget ind som root. - - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-039.data' -#use wml::debian::translation-check translation="0f4f9f636f1555ba9e970e62578a9fd200d9e975" \ No newline at end of file diff --git a/danish/security/2001/dsa-040.wml b/danish/security/2001/dsa-040.wml deleted file mode 100644 index c534efe08b9..00000000000 --- a/danish/security/2001/dsa-040.wml +++ /dev/null @@ -1,15 +0,0 @@ -buffer-overløb -Bill Nottingham rapporterede et problem i -wrapping/unwrapping-funktionerne i slrn-newslæseren. En lang header i en -artikel kunne få bufferen til at løbe over, hvilket kunne resultere i at -vilkårlig, kodet (encoded) programkode i artiklen kunne udføres. - -

Wrapping er slået fra i standard-opsætningen, men den kan nemt slås til ved -enten at ændre opsætningen eller ved at trykke på W mens man læser en artikel. - -

Dette er rettet i 0.9.6.2-9potato1 og vi anbefaler at du omgående opgraderer -din slrn-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-040.data' -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" \ No newline at end of file diff --git a/danish/security/2001/dsa-041.wml b/danish/security/2001/dsa-041.wml deleted file mode 100644 index ba9677c0481..00000000000 --- a/danish/security/2001/dsa-041.wml +++ /dev/null @@ -1,15 +0,0 @@ -lokalt angreb -Christer Öberg fra Wkit Security AB fandt et problem i -joe (Joe's Own Editor). joe kiggede efter en opsætningsfil tre forskellige -steder: i den aktuelle mappe, brugeres hjemmemappe ($HOME) og i -/etc/joe. Da opsætningsfilen kan definere kommandoer, som joe kan afvikle -(for eksempel stavekontrol), er det farligt at læse den fra den aktuelle -mappe: En angriber kan efterlade en .joerc-fil i en skrivbar mappe, -som kunne blive læst når en intetanende bruger startede joe i den mappe. - -

Dette er blevet rettet i version 2.8-15.3 og vi anbefaler at du omgående -opgraderer din joe-pakke. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-041.data' -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" \ No newline at end of file diff --git a/danish/security/2001/dsa-042.wml b/danish/security/2001/dsa-042.wml deleted file mode 100644 index b46838ec03c..00000000000 --- a/danish/security/2001/dsa-042.wml +++ /dev/null @@ -1,24 +0,0 @@ -buffer-overløb, svag sikkerhed -Klaus Frank har fundet en svaghed i den måde gnuserv -behandlede forbindelse fra fjernbrugere. Gnuserv er en -fjernstyrings-kontrolfacilitet til Emacsen, der er tilgængelige som -separat program så vel som indeholdt i XEmacs21. -Gnuserv har en buffer hvortil der blev udført utilstrækkelig overløbskontrol. -Desværre påvirkede denne bruger adgangskontrol til gnuserv, der anvender et -MIT-MAGIC-COOCKIE-baseret system. Det er muligt at få bufferen indeholdende -cookie'en til at løbe over, og dermed ødelægge cookie-sammenligninger. - -

Gnuserv er baseret på emacsserver som er en del af GNU Emacs. Den er -blevet skrevet helt om og der er ikke meget tilbage fra den gang, den var en -del af GNU Emacs. Derfor lader det ikke til at versionerne af emacssserver i -både Emacs19 og Emacs20 ikke til at være sårbare i forbindelse med denne fejl, -de har ikke engang en MIT-MAGIC-COOKIE-baseret mekanisme. -based mechanism. - -

Dette kunne give en fjernbruger adgang til at udføre kommander under UID'en -på den bruger, der kørte gnuserv. - - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-042.data' -#use wml::debian::translation-check translation="0f4f9f636f1555ba9e970e62578a9fd200d9e975" \ No newline at end of file diff --git a/danish/security/2001/dsa-043.wml b/danish/security/2001/dsa-043.wml deleted file mode 100644 index afe487747e7..00000000000 --- a/danish/security/2001/dsa-043.wml +++ /dev/null @@ -1,52 +0,0 @@ -fjern-angreb -Den følgende bulletin dækker flere sårbarheder i Zope, -som er blevet rettet. - -

-
Hotfix 08_09_2000 "Zope security alert and hotfix product" -
- Problemet involverer det faktum at getRoles-metoden hørende til - brugerobjekter, indeholdt i standard-UserFolder-implementeringen - returnerer en Python-type som er "mutable". Fordi mutable-objekter - stadig er forbundet med det blivende User-objekt kan bruger med - mulighed for at rette DTML give sig selv ekstra roller mens en - forespørgsel udføres, ved at mutere rollelisten som en del af - behandlingen af forespørgslen. - -
Hotfix 2000-10-02 "ZPublisher security update" -
- Via en URL er det nogle gange muligt at tilgå objekter, som er - beskyttet af en rolle som en bruger har i visse sammenhænge, men - ikke i forbindelse med det objekt der tilgås. - -
Hotfix 2000-10-11 "ObjectManager subscripting" -
- Dette problem involverer det faktum at 'subscript notation' der - kan anvendes til at tilgå ObjectManagers-elementer (Folders) ikke - begrænsede det returværdierne korrekt til kun de egentlige - del-elementer. Dette gjorde det muligt at tilgå navne der skulle - være private fra DTML (objekter med navne begyndende med - understregningstegnet '_'). Dette kunne give DTML-forfattere - mulighed for at se private implementationsdatastrukturer og i - specielle tilfælde muligvis kalde metoder, som de ikke skulle have - adgang til fra DTML. - -
Hotfix 2001-02-23 "Class attribute access" -
- Dette problem er relateret til ZClasses på den måde, at en bruger - med mulighed for at udføre scripts via WWW på et Zope-websted kan - se og tildele klasse-attributter til ZClasses, og måske muliggøre - malplacerede ændringer til instanser af ZClass. -
- En anden del retter problemer i ObjectManager-, PropertyManager- - og PropertySheet-klasserne i forbindelse med "mutability" af - metoders returværdier, der kunne opfattes som sikkerhedsproblemer. -
- -Disse rettelser er indeholdt i zope 2.1.6-7-pakken i Debian 2.2 (potato). -Vi anbefaler at du omgående opgraderer din zope-pakke. - - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-043.data' -#use wml::debian::translation-check translation="1936841f002ca29a0bf824712cb9bb1072141914" \ No newline at end of file diff --git a/danish/security/2001/dsa-044.wml b/danish/security/2001/dsa-044.wml deleted file mode 100644 index 65d869f24dc..00000000000 --- a/danish/security/2001/dsa-044.wml +++ /dev/null @@ -1,21 +0,0 @@ -buffer-overløb -Mail-programmet (et simpelt værktøj til at læse og sende -e-mails) der distribueres med Debian GNU/Linux 2.2 indeholder et buffer-overløb -i koden der fortolker inddata. Da mail som standard installeres setgid mail, -gav dette lokale brugere mulighed for at få adgang til mail-gruppen. - -

Da mail-koden aldrig var skrevet med det formål at være sikker, vil en -rettelse formentlig betyde at det meste af programmet skal skrives om. Vi har -i stedet besluttet ikke at installere programmet med setgid. Dette betyder at -programmet ikke længere kan låse indbakken ordentligt på systemer der kræver -at du tilhører gruppen mail for at kunne skrive til postkøen, men det vil -stadig være muligt at sende e-mails. - -

Dette er rettet i mailx version 8.1.1-10.1.5. Hvis du har installeret -suidmanager kan du også gøre dette manuelt med den følgende kommando: -suidregister /usr/bin/mail root root 0755 - - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-044.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-045.wml b/danish/security/2001/dsa-045.wml deleted file mode 100644 index cc5d07afbc4..00000000000 --- a/danish/security/2001/dsa-045.wml +++ /dev/null @@ -1,12 +0,0 @@ -fjern root-angreb -Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL> -rapporterede at ntp-daemoner som den der frigives med Debian GNU/Linux er -sårbare med hensyn til buffer-overløb, der kan føre til at udefrakommende kan -få root-adgang. -En tidligere bulletin (DSA-045-1) rettede delvist dette problem, men -introducerede et potentielt overbelastningsangreb ("Denial of Service"). Dette -er rettet i Debian 2.2 (potato) i ntp version 4.0.99g-2potato2. - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-045.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-046.wml b/danish/security/2001/dsa-046.wml deleted file mode 100644 index 887d931bbf5..00000000000 --- a/danish/security/2001/dsa-046.wml +++ /dev/null @@ -1,13 +0,0 @@ -usikre midlertidige filer - -Colin Phipps opdagede at exuberant-ctags-pakken der distribueres med -Debian GNU/Linux 2.2 opretter midlertidige filer usikkert. Detter er rettet -i Debians version 1:3.2.4-0.1 af pakken, og "upstream" i version 3.5. - -p>Bemærk: DSA-046-1 indeholdt en fejlagtigt kompilceret sparc-pakke, som er -rettet i den anden udgave. - - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-046.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-047.wml b/danish/security/2001/dsa-047.wml deleted file mode 100644 index 3a69c4c81b4..00000000000 --- a/danish/security/2001/dsa-047.wml +++ /dev/null @@ -1,43 +0,0 @@ -adskillige sikkerhedsproblemer - -Man har opdaget at kernerne som anvendes i Debian GNU/Linux 2.2 har -adskillige sikkerhedsproblemer. Dette er en liste over problemer, baseret på -frigivelsesbemærkningenre til version 2.2.19, fundet på -http://www.linux.org.uk/: - -

    -
  • binfmt_misc anvendte brugersider direkte -
  • CPIA-styreprogrammet indeholdt en 1-offset-fejl i buffer-koden, der gjorde - det muligt for brugere at skrive i kernens hukommelse -
  • CPUID- og MSR-styreprogrammerne har et problem i koden der fjerner et - module fra hukommelsen, hvilket kunne få systemet til at gå ned hvis de var - sat op til automatisk at blive indlæst og fjernet (bemærk at Debian ikke - automatisk fjerner kerne-moduler fra hukommelsen) -
  • Der var en mulig fejl i klassificeringskoden, der kunne få den til at hænge. -
  • Systemkaldene getsockopt og setsockopt håndterede ikke signalbits korrekt, - hvilket muliggjorde lokale overbelastningsangreb ("Denial of Service") og - andre angreb. -
  • Systemkaldet sysctl håndterede ikke signalbits korrekt, hvilket gav en - bruger mulighed for at skrive i kernens hukommelse. -
  • Dyster mellem ptrace og exec kunne give en lokal bruger ekstra rettigheder. -
  • Muligt misbrug af et grænsetilfælde i sockfilter-koden. -
  • Delt hukommelseskoden i SYSV kunne overskrive frigivet hukommelse, hvilket - kunne give problemer. -
  • Pakkelængdekontrollerne i masquerading-koden var lidt for afslappet - (formenlig ikke så den kunne misbruges). -
  • Nogle x86-assemblerfejl forsagede et forkert antal bytes blev kopieret. -
  • En lokal bruger kunne få kernen til at gå i en "deadlock" på grund af fejl - i UDP-portallokeringen. -
- -

Alle disse problemer er rettet i 2.2.19-kernen og vi anbefaler kraftigt at -du opgraderer dine maskiner til at køre med denne kerne. - -

Bemærk at kerne-opdateringerne ikke foretages automatisk. Du skal eksplicit -fortælle pakkesystemet at det skal installere en kerne passende til dit system. - - - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-047.data' -#use wml::debian::translation-check translation="d889a8268860815cc622a3680b5db5e63af61185" diff --git a/danish/security/2001/dsa-048.wml b/danish/security/2001/dsa-048.wml deleted file mode 100644 index 1f83623e56c..00000000000 --- a/danish/security/2001/dsa-048.wml +++ /dev/null @@ -1,30 +0,0 @@ -symlink-angreb - -Marcus Meissner opdagede at Samba to steder ikke oprettede midlertidige filer -på en sikker måde: - -

    -
  • når en fjernbruger kiggede på printerkøen, oprettede Samba en midlertidig - fil som kø-oplysningerne blev skrevet til. Dette blev gjort med et - forudsigeligt filnavn, og usikkert, hvilket gjorde det muligt for en - lokal bruger at snyde Samba til at overskrive tilfældige filer. -
  • kommandoerne "more" og "mput" i smbclient oprettede også midlertidige - filer på en usikker måde i /tmp. -
- -

Begge problemer er blevet rettet i version 2.0.7-3.2 og vi anbefaler at du -omgående opgraderer din Samba-pakke. (Dette problem er også rettet i Samba -version 2.2-koden.) - -

Bemærk: DSA-048-1 indeholdt en fejlagtigt kompileret Sparc-pakke, som den -anden udgave rettede. - -

Den tredie udgave af dette bulletin blev skrevet fordi Marc Jacobsen fra HP -opdatede at sikkerhedsrettelserne fra Samba 2.0.8 ikke fuldstændigt rettede -/tmp-symlink-angrebet. Samba-teamet frigav version 2.0.9 for at rette det, -og disse rettelser er blevet føjet til version 2.0.7-3.3 af Debians Samba-pakke. - - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-048.data' -#use wml::debian::translation-check translation="cda6c5b3b9c40c2e777b713615d3e45ab49ffe78" \ No newline at end of file diff --git a/danish/security/2001/dsa-049.wml b/danish/security/2001/dsa-049.wml deleted file mode 100644 index 10e53b52dbb..00000000000 --- a/danish/security/2001/dsa-049.wml +++ /dev/null @@ -1,18 +0,0 @@ -fjern printf-format-angreb - -Megyer Laszlo rapporterede på Bugtraq at cfingerd-daemonen der distribueres -med Debian GNU/Linux 2.2 ikke var forsigtig i sin logningskode. Ved at -kombinere dette med en 1-offset-fejl i koden der kopierede brugernavnet fra -et ident-svar, kunne cfingerd udnyttes af en fjernbruger. Da cfingerd ikke -afgiver sine root-rettigheder før den har afgjort hvilken bruger det drejer -sig om, kan en angriber få root-rettigheder. - -

Dette er rettet i version 1.4.1-1.1 og vi anbefaler at du omgående -opgraderer din cfingerd-pakke. - -

Bemærk: denne bulletin blev tidligere postet som DSA-048-1 ved en fejl. - - -# do not modify the following line -#include '$(ENGLISHDIR)/security/2001/dsa-049.data' -#use wml::debian::translation-check translation="a344c983d62e0f902caa8d31afb51481f4b569ad" \ No newline at end of file diff --git a/danish/security/2001/dsa-050.wml b/danish/security/2001/dsa-050.wml deleted file mode 100644 index e90f4ededf1..00000000000 --- a/danish/security/2001/dsa-050.wml +++ /dev/null @@ -1,14 +0,0 @@ -fejlagtig afgivelse af rettigheder, fejlagtig midlertidig fil - -Colin Phipps og Daniel Kobras opdagede og rettede flere alvorlige fejl i -saft-daemonen `sendfiled' som fik den til at afgive rettigheder forkert. -En lokal bruger kan nemt udnytte dette til at få programmet til at udføre -tilfældig kode med root-rettigheder. - -

Vi anbefaler at du omgående opgraderer din sendfile-pakke. - - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-050.data" -#use wml::debian::translation-check translation="26745afd4737c05a2cf0189948cbd8c30bf32a8a" \ No newline at end of file diff --git a/danish/security/2001/dsa-051.wml b/danish/security/2001/dsa-051.wml deleted file mode 100644 index 2c0eabc77e6..00000000000 --- a/danish/security/2001/dsa-051.wml +++ /dev/null @@ -1,20 +0,0 @@ -uventet udførelse af javascript - -Florian Wesch har opdaget et problem (rapporteret til bugtraq) med den måde -Netscape behandler kommentarer i GIF-filer. Netscape-browseren ændrer ikke -GIF-filkommentaren på siden med oplysninger om billeder. Dette giver mulighed -for udførelse af javascript i "about:"-protokollen og kan for eksempel anvendes -til at uploade historikken (about:global) til en webserver, og på den måde -lække oplysninger af privat karakter. Dette problem er rettet i Netscape 4.77. - -

Da vi ikke har modtaget kildekoden til disse paker, er de ikke en del af -Debian GNU/Linux-distributionen, men er for nemheds skyld pakket som -`.deb'-filer, så det er nemmere at installere dem. - -

Vi anbefaler at du omgående opgraderer din Netscape-pakke og fjerne -gamle versioner. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-051.data" -#use wml::debian::translation-check translation="94e73c6eaceec0a531b9e86ea690d48f604bb02b" \ No newline at end of file diff --git a/danish/security/2001/dsa-052.wml b/danish/security/2001/dsa-052.wml deleted file mode 100644 index f11f23b9013..00000000000 --- a/danish/security/2001/dsa-052.wml +++ /dev/null @@ -1,13 +0,0 @@ -fejlagtig afgivelse af rettigheder - -Daniel Kobras har opdaget og rettet et problem i sendfiled, der kunne få -daemon-programmet til ikke at afgive sine rettigheder som forventet når der -sendes bekendtgørelsesbreve. En lokal bruger kan udnytte dette til nemt at -afvikle tilfældig kode med root-rettigheder. - -

Vi anbefalder at du omgående opgraderer din sendfile-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-052.data" -#use wml::debian::translation-check translation="71fb0da6aba283067a58286292fd34f79c72dcd9" \ No newline at end of file diff --git a/danish/security/2001/dsa-053.wml b/danish/security/2001/dsa-053.wml deleted file mode 100644 index 99c50695df7..00000000000 --- a/danish/security/2001/dsa-053.wml +++ /dev/null @@ -1,15 +0,0 @@ -usikker midlertidig fil - -nedit-pakken (Nirvana editor) der findes i non-free-afsnittet af -Debian GNU/Linux 2.2/potato indeholdt en fejl i udskriftskoden: -ved udskrift af tekst blev der oprettet en midlertidig fil indeholdende -teksten der skulle udskrives, og denne blev sendt videre til udskriftssystemet. -Den midlertidige fil blev ikke oprettet sikkert, hvilket kunne udnyttes af en -angriber til at få nedit til at overskrive tilfældige filer. - -

Dette er rettet i version 5.02-7.1. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-053.data" -#use wml::debian::translation-check translation="d0092040813e0aabae31c034dccdd0b0704afd21" \ No newline at end of file diff --git a/danish/security/2001/dsa-054.wml b/danish/security/2001/dsa-054.wml deleted file mode 100644 index 7596f5621b7..00000000000 --- a/danish/security/2001/dsa-054.wml +++ /dev/null @@ -1,14 +0,0 @@ -lokalt root-angreb - -En nylig (efteråret 2000) sikkerhedsrettelse af cron introducerede en fejl ved -frigivelsen af rettigheder før editoren blev startet. Dette blev opdaget af -Sebastian Krahmer fra SuSE. En ondskabsfuld bruger kunne nemt få root-adgang. - -

Dette er rettet i version 3.0pl1-57.3 (eller 3.0pl1-67 i unstable). -Der er ingen kendte udnyttelser af dette, men vi anbefalder at du omgående -opgraderer din cron-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-054.data" -#use wml::debian::translation-check translation="896b1833f01aaa47068fa1842d74da3d4646e541" \ No newline at end of file diff --git a/danish/security/2001/dsa-055.wml b/danish/security/2001/dsa-055.wml deleted file mode 100644 index ef38c353376..00000000000 --- a/danish/security/2001/dsa-055.wml +++ /dev/null @@ -1,15 +0,0 @@ -uautoriseret fjernadgang - -Et nyt "hotfix" til Zope er blevet frigivet, det retter et problem i ZClasses. -README-filen til hotfix'et fra 2001-05-01 beskriver problemet som `enhver -bruger kan se en ZClass-erklæring og ændre ZClass-rettighedsindstillingerne -for metoder og andre objekter der er defineret i ZClass'en, og måske give -mulighed for uautoriseret adgang indenfor Zope-instansen.' - -

Dette hotfix er blevet tilføjet i version 2.1.6-10 og vi anbefaler kraftigt, -at du omgående opgraderer din Zope-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-055.data" -#use wml::debian::translation-check translation="d1306e634845b9ed277edeb78cd1cc1a37335513" \ No newline at end of file diff --git a/danish/security/2001/dsa-056.wml b/danish/security/2001/dsa-056.wml deleted file mode 100644 index addf92478c9..00000000000 --- a/danish/security/2001/dsa-056.wml +++ /dev/null @@ -1,29 +0,0 @@ -lokal fil-overskrivning - -Ethan Benson fandt en fejl i man-db-pakken der distribueres i -Debian GNU/Linux 2.2. man-db indeholder et mandb-værktøj som anvendes til -at opbygge et indeks over de installerede håndbogssider på systemet. Når --u eller -o parameteret blev angivet på kommandolinien, for at fortælle -programmet at det skulle skrive sin database et andet sted, lykkedes det ikke -at afgive rettighederne inden der blev oprettet en midlertidig fil. -Dette gør det muligt for en angriber at foretage et almindeligt -symlink-angreb, der snyder mandb til at overskrive en hvilken som helst fil -som uid man kan skrive til, blandt andre de binære filer man og mandb. - -

Dette er rettet i version 2.3.16-3 og vi anbefaler at du omgående -opgraderer din man-db-pakke. Hvis du bruger suidmanager kan du også bruge det -til at sikre dig, at man og mandb ikke er installeret suid, hvilket beskytter -dig mod dette problem. Dette kan også gøres med de følgende kommandoer: - -

-  suidregister /usr/lib/man-db/man root root 0755
-  suidregister /usr/lib/man-db/mandb root root 0755
-
- -

Selvom du bruger suidmanager, anbefaler vi naturligvis stadig kraftigt at du -opgraderer. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-056.data" -#use wml::debian::translation-check translation="1f087b48a943d8c7022e35e59d30369e20ce6c75" \ No newline at end of file diff --git a/danish/security/2001/dsa-057.wml b/danish/security/2001/dsa-057.wml deleted file mode 100644 index 0903a304493..00000000000 --- a/danish/security/2001/dsa-057.wml +++ /dev/null @@ -1,16 +0,0 @@ -printf-format-angreb - -gftp-pakken der distribueres med Debian GNU/Linux 2.2 har et problem i -logningskoden: den logger data modtaget fra netværket, men den beskyttede -ikke sig selv mod printf-format-angreb. En angriber kan anvende problemet til -at få en ftp-server til at returnere specielle svar der udnytter dette. - -

Dette er rettet i version 2.0.6a-3.1 og vi anbefaler at du opgraderer din -gftp-pakke. - -

Bemærkning: denne bulletin blev ved en fejl udsendt som DSA-055-1. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-057.data" -#use wml::debian::translation-check translation="1936841f002ca29a0bf824712cb9bb1072141914" \ No newline at end of file diff --git a/danish/security/2001/dsa-058.wml b/danish/security/2001/dsa-058.wml deleted file mode 100644 index ddcbe770691..00000000000 --- a/danish/security/2001/dsa-058.wml +++ /dev/null @@ -1,15 +0,0 @@ -lokalt printf-format-angreb - -Megyer Laszlo fandt en printf-format-fejl i postoverførselsagenten exim. -Koden der kontrollerer en e-mails header-syntaks logger en fejl uden at -beskytte sig selv mod printf-format-angreb. Fejlen kan kun udnyttes lokalt -med parameteret -bS (i "batch SMTP"-tilstand). - -

Dette problem er rettet i version 3.12-10.1. Da koden ikke er slået til -som standard, er standard-installationer ikke sårbare, men vi anbefaler -stadig at du opgraderer din exim-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-058.data" -#use wml::debian::translation-check translation="e17774880210f44e0f35f3d149197f63f96d463e" \ No newline at end of file diff --git a/danish/security/2001/dsa-059.wml b/danish/security/2001/dsa-059.wml deleted file mode 100644 index fdeb3c071d4..00000000000 --- a/danish/security/2001/dsa-059.wml +++ /dev/null @@ -1,25 +0,0 @@ -symlink-angreb - -Luki R. rapporterede en fejl i man-db: det håndterede ikke nestede kald af -drop_effective_privs() og regain_effective_privs() -korrekt, hvilket kunne give det rettighederne tilbage for tidligt. Dette -kunne misbruges til at lade "man" oprette filer som brugeren "man". - -

Dette er rettet i version 2.3.16-4 og vi anbefaler at du omgående -opgraderer din man-db-pakke. Hvis du bruger suidmanager kan du også bruge det -til at sikre dig, at man og mandb ikke er installeret suid, hvilket beskytter -dig mod dette problem. Dette kan også gøres med de følgende kommandoer: - -

-   suidregister /usr/lib/man-db/man root root 0755
-   suidregister /usr/lib/man-db/mandb root root 0755
-
- -

-Selvom du bruger suidmanager, anbefaler vi naturligvis stadig kraftigt at du -opgraderer. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-059.data" -#use wml::debian::translation-check translation="5a6dc5697e152d3853f90b188a6fc83ea3adf235" \ No newline at end of file diff --git a/danish/security/2001/dsa-060.wml b/danish/security/2001/dsa-060.wml deleted file mode 100644 index 6504d4bed8b..00000000000 --- a/danish/security/2001/dsa-060.wml +++ /dev/null @@ -1,13 +0,0 @@ -buffer-overløb - -Wolfram Kleff fandt et problem i fetchmail: programmet gik ned ved -behandlingen af e-mails med ekstremt lange headere. Problemet var et -buffer-overløb i header-fortolkeren, der kunne udnyttes. - -

Dette er rettet i version 5.3.3-1.2 og vi anbefalder at du omgående -opgraderer din fetchmail-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-060.data" -#use wml::debian::translation-check translation="8e425863ccd6f0497d14d178d29ceddf830cb93b" \ No newline at end of file diff --git a/danish/security/2001/dsa-061.wml b/danish/security/2001/dsa-061.wml deleted file mode 100644 index 888805b321c..00000000000 --- a/danish/security/2001/dsa-061.wml +++ /dev/null @@ -1,25 +0,0 @@ -printf-format-angreb - -Den version af GnuPG (GNU Privacy Guard, en OpenPGP-implementering) -som distributeres i Debian GNU/Linux 2.2 har to problemer: - -

    -
  1. fish stiqz rapporterede på bugtraq at der var et printf-format-problem -i do_get()-funktionen: den skrev en prompt som indeholdt navnet på den fil -den dekrypterede, uden at kontrollere for mulige printf-format-angreb. -Dette kunne udnyttes ved at snyde nogen til at dekryptere en fil med et -specialfremstillet filnavn. - -
  2. Den anden fejl er i forbindelse med importering af hemmelige nøgler: -når gnupg importerede en hemmelig nøgle gjorde den omgående den tilknyttede -offentlige nøgle fuldstændig betroet, hvilket ændrer dit "web of trust" uden -at bede om bekræftelse. For at rette dette skal du nu anvende et specielt flag -for at importere en hemmelig nøgle. -
- -

Begge problemer er blevet rettet i version 1.0.6-0potato1. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-061.data" -#use wml::debian::translation-check translation="0157ea5d3a211b732fb02be8d748ecc3f9558242" \ No newline at end of file diff --git a/danish/security/2001/dsa-062.wml b/danish/security/2001/dsa-062.wml deleted file mode 100644 index fe9ac677902..00000000000 --- a/danish/security/2001/dsa-062.wml +++ /dev/null @@ -1,20 +0,0 @@ -buffer-overløb - -Samuel Dralet rapporterede på bugtraq at version 2.6.2 af rxvt (en -VT102-terminalemulator til X) har et buffer-overløb i -tt_printf()-funktionen. En lokal bruger kunne misbruge dette -ved at få rxvt til at skrive en speciel streng ved hjælp af denne funktion, -for eksempel ved at anvende kommandolinieparameteret -T eller --name. Denne streng ville forsage et stack-overløb og indeholde -kode som rxvt ville udføre. - -

Da rxvt er installeret sgid utmp kunne en angriber bruge dette til at få -adgang utmp-rettighed, hvilket ville give ham lov til at ændre utmp-filen. - -

Dette er rettet i version 2.6.2-2.1 og vi anbefaler at du opgraderer din -rxvt-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-062.data" -#use wml::debian::translation-check translation="36eea2b986041ec2e2e2462d7f7d216e793ec6eb" \ No newline at end of file diff --git a/danish/security/2001/dsa-063.wml b/danish/security/2001/dsa-063.wml deleted file mode 100644 index 53b3ac5c848..00000000000 --- a/danish/security/2001/dsa-063.wml +++ /dev/null @@ -1,16 +0,0 @@ -ændr standard umask - -zen-parse rapporterede på bugtraq at der er et muligt buffer-overløb i -logningskoden i xinetd. Dette kunne udløses ved at anvende en falsk identd som -returerer specielle svar når xinetd foretager en ident-forespørgsel. - -

Et andet problem er at xinetd sætter sin umask til 0, hvilket medfører at -at alle programmer som xinetd starter, og som ikke er forsigtige med -filrettigheder, kan resultere i skrivbare filer for alle. - -

Begge problemer er rettet i version 2.1.8.8.p3-1.1. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-063.data" -#use wml::debian::translation-check translation="2e9648e703321331fd0056e32d12313488c80be6" \ No newline at end of file diff --git a/danish/security/2001/dsa-064.wml b/danish/security/2001/dsa-064.wml deleted file mode 100644 index 602b194a2ac..00000000000 --- a/danish/security/2001/dsa-064.wml +++ /dev/null @@ -1,14 +0,0 @@ -buffer-overløb - -SecureNet Service rapporterer at w3m (en konsol-webbrowser) har et -buffer-overløb i den kode som fortolker MIME-headere. Dette kan udnyttes af en -angriber ved at få en webserver som brugeren besøger til at returnere -omhyggeligt fremstillede MIME-headere. - -

Dette er rettet i version 0.1.10+0.1.11pre+kokb23-4, og vi anbefaler at du -opgraderer din w3m-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-064.data" -#use wml::debian::translation-check translation="47dab89886b1a634b9c1913fa847ab2affa7022a" diff --git a/danish/security/2001/dsa-065.wml b/danish/security/2001/dsa-065.wml deleted file mode 100644 index 45435cad33a..00000000000 --- a/danish/security/2001/dsa-065.wml +++ /dev/null @@ -1,29 +0,0 @@ -fjern-filtilføjelse/oprettelse - -Michal Zalewski opdagede at Samba ikke validerer NetBIOS-navne korrekt fra -fjern-maskiner. - -

I sig selv er det ikke et problem, bortset fra hvis Samba er sat op til -at skrive log-filer til en fil der indeholder NetBIOS-navnet på den fjerne -maskine ved at anvende `%m'-makroen `log file'-kommandoen. I det tilfælde -kunne en angriber anvende et NetBIOS-navn som '../tmp/evil'. Hvis log-filen -var sat til "/var/log/samba/%s" ville Samba da skrive i /var/tmp/evil. - -

Da NetBIOS-navnet er begrænset til 15 tegn og `log file'-kommandoen kunne -have en extension til filnavnet er resultatet af dette begrænset. Men hvis -angriberen også er i stand til at oprette symbolske links på Samba-serveren, -så ville vedkommende kunne snyde Samba til at tilføje valgfrie data til alle -filer i filsystemet, som Samba har skriveadgang til. - -

Debian GNU/Linux' Samba-pakke har en sikker opsætning og er ikke sårbar. - -

På systemer der er såbare kan man som en midlertidig løsning ændre alle -forekomster af `%m'-makroen i smb.conf til `%l' og genstarte Samba. - -

Dette er rettet i version 2.0.7-3.4 og vi anbefaler at du omgående -opgraderer din Samba-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-065.data" -#use wml::debian::translation-check translation="36eea2b986041ec2e2e2462d7f7d216e793ec6eb" diff --git a/danish/security/2001/dsa-066.wml b/danish/security/2001/dsa-066.wml deleted file mode 100644 index bdf4dfe6fbb..00000000000 --- a/danish/security/2001/dsa-066.wml +++ /dev/null @@ -1,27 +0,0 @@ -fjernangreb - -Steven van Acker rapporterede på bugtraq at versionen af cfingerd (en -konfigurérbar finger-daemon) der distriberes i Debian GNU/Linux 2.2 -har følgende to problemer: - -

    -
  1. Koden der læser konfigurationfiler (filer hvor $-kommandoen udvides) - kopierede sine inddata til en buffer uden at kontollere om der var - buffer-overløb. Når ALLOW_LINE_PARSING-funktionen er slået til anvendes - den pågældende kode også til at læse brugerfiler, således at lokale - brugere kunne udnytte denne svaghed. - -
  2. Der var også et printf-kald i den samme rutine, som ikke var beskyttet - mod printf-format-angreb. -
- -

Da ALLOW_LINE_PARSING er slået til i standardudgaven af /etc/cfingerd.conf -kunne lokale brugere udnytte dette til at få root-adgang. - -

Dette er rettet i version 1.4.1-1.2 og vi anbefaler at du omgående -opgraderer din cfingerd-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-066.data" -#use wml::debian::translation-check translation="d7dd6ef96881030b054613d7765772b369333946" diff --git a/danish/security/2001/dsa-067.wml b/danish/security/2001/dsa-067.wml deleted file mode 100644 index 145d19c1e14..00000000000 --- a/danish/security/2001/dsa-067.wml +++ /dev/null @@ -1,40 +0,0 @@ -fjernangreb - - -Vi har modtaget rapporter om at den version af 'apache'-pakken, som er -indeholdt i Debians 'stable'-distribution, er sårbar overfor problemet med -kunstigt lange stinavne indeholdende skråstreger ('artificially long -slash path directory listing vulnerability') som beskrevet hos -SecurityFocus. - -

Denne sårbarhed blev annonceret på bagtraq af Dan Harkless. - -

Citat fra SecurityFocus' indlæg om denne sårbarhed: - -

-

Et problem i pakken kunne give mulighed for mappeindeksering og - fremfinding af stinavne. I standard-opsætningen slår Apache mod_dir, - mod_autoindex og mod_negotiation til. Men ved at sende en specielfremstillet - forspørgsel til Apache-serveren, bestående af lange stinavne kunstigt - fremstillet ved hjælp af utallige skråstreger kan dette få de pågældende - moduler til at opføre sig forkert, hvilket gør det muligt at omgå fejlsiden - og få en liste over indholdet i mappen. - -

Med denne sårbarhed kan en ondskabsfuld fjernbruger iværksætte et - oplysningsindsamlingsangreb, der potentielt kan resultere i at systemet - kompromitteres. Denne sårbarhed påvirker alle frigivelser af Apache før - version 1.3.19. -

- -

Dette problem er rettet i apache-ssl 1.3.9-13.3 og apache 1.3.9-14. -Vi anbefaler at du omgående opgraderer dine pakker. - -

Advarsel: .dsc- og .diff.gz-filernes MD5Sum stemmer ikke overens, da de -bagefter blev kopieret fra den stabile udgivelse, indholdet af filen -.diff.gz er dog det samme, og er kontrolleret.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-067.data" -#use wml::debian::translation-check translation="4e24061190d31f80509d49a1aaf22333a7c0f957" diff --git a/danish/security/2001/dsa-068.wml b/danish/security/2001/dsa-068.wml deleted file mode 100644 index 098e436ab54..00000000000 --- a/danish/security/2001/dsa-068.wml +++ /dev/null @@ -1,19 +0,0 @@ -fjern-overbelastningsangreb - -CERT-bulletinen opremser et antal sårbarheder i forskellige implementeringer af -LDAP, baseret på resultaterne af PROTOS LDAPv3-testsuite. Disse test fandt et -problem i OpenLDAP, en fri LDAP-implementering der distribueres som en del af -Debian GNU/Linux 2.2. - -

Problemet er at slapd ikke kunne håndtere pakker som havde -BER-felter med en ugyldig længe og gik ned hvis det modtog dem. En angriber -kunne benytte dette til at sætte et fjern-overbelastningsangreb ("denial of -service") i gang. - -

Dette problem er rettet i version 1.2.12-1, og vi anbefaler at du -omgående opgraderer din slapd-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-068.data" -#use wml::debian::translation-check translation="7661580dae5bf4b72bf4fe924e85cb3c41b89153" \ No newline at end of file diff --git a/danish/security/2001/dsa-069.wml b/danish/security/2001/dsa-069.wml deleted file mode 100644 index f392a8612e1..00000000000 --- a/danish/security/2001/dsa-069.wml +++ /dev/null @@ -1,15 +0,0 @@ -buffer-overløb - -Den version af xloadimage (en billedfremviser til X) som blev -distribueret med Debian GNU/Linux 2.2 har et buffer-overløb i den kode der -håndterer billeder i FACES-format. Dette kunne udnyttes af en angriber ved -at snyde nogen til at kigge på et specielt fremstillet billede vha. -xloadimage hvilket kan give angriberen mulighed for at udføre -vilkårlig kode. - -

Dette problem er rettet i version 4.1-5potato1. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-069.data" -#use wml::debian::translation-check translation="36eea2b986041ec2e2e2462d7f7d216e793ec6eb" diff --git a/danish/security/2001/dsa-070.wml b/danish/security/2001/dsa-070.wml deleted file mode 100644 index 1389bf11895..00000000000 --- a/danish/security/2001/dsa-070.wml +++ /dev/null @@ -1,28 +0,0 @@ -fjernangreb - -netkit-telnet-daemon'en i telnetd-pakken med version -0.16-4potato1, som distribueres med den "stabile" (2.2 potato) distribution -af Debian GNU/Linux, er sårbar overfor et angreb mod dens uddatahåndtering. - -

-Den oprindelige fejl blev fundet af <scut@nb.in-berlin.de>, og annonceret -på bugtraq den 18. juli 2001. På det tidspunkt troede man ikke at netkit-telnet -versioner eter 0.14 var sårbare. - -

-Den 10. august 2001 postede zen-parse et bulletin baseret på det samme problem -gældende for alle netkit-telnet version under 0.17. - -

-Flere detaljer findes på http://online.securityfocus.com/archive/1/203000. -Da Debian anvender `telnetd'-brugeren til at køre in.telnetd, er -dette ikke et fjernangreb mod root på Debian-systemer; men brugeren `telnetd' -kan kompromitteres. - -

Vi anbefaler kraftigt at du opdaterer din telnetd-pakke til -versionen listet herunder. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-070.data" -#use wml::debian::translation-check translation="798bc9dfd53e93584118f925df3aee1d8c991645" diff --git a/danish/security/2001/dsa-071.wml b/danish/security/2001/dsa-071.wml deleted file mode 100644 index 20b776e09f6..00000000000 --- a/danish/security/2001/dsa-071.wml +++ /dev/null @@ -1,17 +0,0 @@ -hukommelseskorruption - -Under en sikkerhedsaudit fandt Salvatore Sanfilippo to problemer i -fetchmail som kan udnyttes. I både IMAP- og POP3-koden, bliver -inddata ikke kontrolleret, selvom det anvendes til at gemme et nummer i et -array. Da 'bounds' ikke kontrolleres kan dette udnyttes af en angriber til -at skrive vilkårlige data i hukommelsen. En angriber kan anvende dette hvis -vedkommende kan få en bruger til at overføre post fra en tilpasset IMAP- eller -POP3-server som angriberen kontrollerer. - -

Dette er rettet i version 5.3.3-3, vi anbefaler at du omgående opgraderer -din fetchmail-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-071.data" -#use wml::debian::translation-check translation="5da6de64152d996ff3869a0a6d634ec36b3bf8f6" \ No newline at end of file diff --git a/danish/security/2001/dsa-072.wml b/danish/security/2001/dsa-072.wml deleted file mode 100644 index ba521931c8b..00000000000 --- a/danish/security/2001/dsa-072.wml +++ /dev/null @@ -1,14 +0,0 @@ -printf-format-angreb - -Zenith Parse fandt et sikkerhedsproblem i groff (GNU-udgaven af -troff). pic-kommandoen var sårbar overfor et -printf-format-angreb der gjorde det muligt at omgå `-S'-parameteret og -udføre vilkårlig kode. - -

Dette er rettet i version 1.15.2-2 og vi anbefaler at du omgående -opgraderer din groff-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-072.data" -#use wml::debian::translation-check translation="5da6de64152d996ff3869a0a6d634ec36b3bf8f6" \ No newline at end of file diff --git a/danish/security/2001/dsa-073.wml b/danish/security/2001/dsa-073.wml deleted file mode 100644 index 65a5a57da2f..00000000000 --- a/danish/security/2001/dsa-073.wml +++ /dev/null @@ -1,36 +0,0 @@ -tre fjernangreb - -Horde-teamet har frigivet version 2.2.6 af IMP (et web-baseret -IMAP-postprogram) der retter tre sikkerhedsproblemer. Deres annoncering -beskriver problemerne som følger: - -

    -
  1. En sårbarhed i PHPLIB gjorde det muligt for en angriber at lægge en - værdi i array-elementet $_PHPLIB[libdir], og på den måde hente og - udføre scripts fra en anden server. Denne sårbarhed kan udnyttes af en - fjernangriber. (Horde 1.2.x distribueres med sin egen tilpassede udgave - af PHPLIB, som nu er blevet rettet for at undgå dette problem.) - -
  2. Ved at anvende snedige "javascript:"-kodninger kan en angriber få - udført ondsindet JavaScript-kode i en brugers browser mens brugeren - læser e-mail sendt af angriberen. (IMP 2.2.x bortfiltrerer allerede - mange sådanne tegnkombinationer; flere nye som slap igennem filtrene - bliver nu blokeret.) - -
  3. En fjendtligt indstillet bruger kan et eller andet sted på - Apache/PHP-serveren oprette en fil ved navn "prefs.lang" som alle kan læse, - hvilket kan medføre at filen udføres som PHP-kode. IMP-konfigurationsfilerne - kunne dermed læses, og Horde-databasens kodeord benyttes til at læse og ændre - databasen der bruges til at gemme kontakter og indstillinger, osv. Vi mener - ikke at dette muliggør et fjernangreb direkte gennem Apache/PHP/IMP; men - shell-adgang til serveren, eller andre muligheder (f.eks. ftp) kan benyttes - til at oprette denne fil. -
- -

Dette er rettet i version 2:2.2.6-0.potato.1. Bemærk at du også er nødt til -at opgradere horde-pakke til samme version. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-073.data" -#use wml::debian::translation-check translation="9a99575c062127918f3281c8b6dae250900185a5" diff --git a/danish/security/2001/dsa-074.wml b/danish/security/2001/dsa-074.wml deleted file mode 100644 index 298eecc9e77..00000000000 --- a/danish/security/2001/dsa-074.wml +++ /dev/null @@ -1,17 +0,0 @@ -buffer-overløb - -Alban Hertroys fandt et buffer-overløb i Window Maker (en populær -window-manager til X). Koden der håndterer titler i vinduelistemenuen -kontrollerede ikke titlens længde når den blev kopieret til en buffer. -Da programmer opsætter titlen ved hjælp af data der ikke kan stoles på -(de fleste web-browsere viser f.eks. titlen på den web-side der vises i -browserens vindue), dette kunne udnyttes ved et fjernangreb. - -

Dette er rettet i version 0.61.1-4.1 af Debian-pakken, og i -opstrømsversion 0.65.1. Vi anbefaler at du omgående opgraderer din Window -Maker-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-074.data" -#use wml::debian::translation-check translation="9cfc5a4bdbe66da595999dc9e633fff98ddf85cb" \ No newline at end of file diff --git a/danish/security/2001/dsa-075.wml b/danish/security/2001/dsa-075.wml deleted file mode 100644 index ab67f56a590..00000000000 --- a/danish/security/2001/dsa-075.wml +++ /dev/null @@ -1,23 +0,0 @@ -fjernangreb - -telnet-daemon'en i pakken netkit-telnet-ssl_0.16.3-1 i Debian GNU/Linux' -'stabile' distribution (potato) er sårbar overfor et overløb i -uddatahåndteringen. Fejlen blev fundet af <scut@nb.in-berlin.de> og -annonceret på bugtraq den 18. juli 2001. På det tidspunkt troede man ikke at -versioner af netkit-telnet efter 0.14 var sårbare. - -

Den 10. august 2001 postede zan-parse et bulletin baseret på det samme -problem, vedrørende alle versioner af netkit-telnet under 0.17. - -

Flere oplysninger fås hos SecurityFocus. -Da Debian anvender brugeren 'telnetd' til at køre in.telnetd er dette ikke -et fjernangreb mod root-brugeren på Debian-systemer; men 'telnetd'-brugeren -kan angribes. - -

Vi anbefaler kraftigt at du opdaterer dine netkit-telnet-ssl-pakker til -versionerne angivet herunder. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-075.data" -#use wml::debian::translation-check translation="9b2fa68c310911f212a25989be4d0235ad54f3af" diff --git a/danish/security/2001/dsa-076.wml b/danish/security/2001/dsa-076.wml deleted file mode 100644 index 131b4830ce5..00000000000 --- a/danish/security/2001/dsa-076.wml +++ /dev/null @@ -1,18 +0,0 @@ -buffer-overløb - -Pavel Machek har fundet et buffer-overløb i sidevisningsprogrammet `most'. -Problemet er i mosts tabulatorudvidelse hvor programmet kunne skrive ud over -grænserne i to array-variabler ved visning af en 'ondskabsfuld' fil. Dette -kunne føre til at andre datastrukturer blev overskrevet, hvilket i sidste ende -kunne få `most' til at udføre vilkårlig kode og dermed kompromittere brugerens -miljø. - -

Dette er rettet i opstrømsversion 4.9.2 og en opdateret udgave af version -4.9.0 i Debian GNU/Linux 2.2. - -

Vi anbefaler at du omgående opgraderer din most-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-076.data" -#use wml::debian::translation-check translation="21b1db9e2d37144f0e19c50970a2146628cf167e" diff --git a/danish/security/2001/dsa-077.wml b/danish/security/2001/dsa-077.wml deleted file mode 100644 index f02b0fcea97..00000000000 --- a/danish/security/2001/dsa-077.wml +++ /dev/null @@ -1,15 +0,0 @@ -fjern-overbelastningsangreb - -Vladimir Ivaschenko fandt et problem i squid (en populær proxy-cache). -He opdagede at der var en fejl i koden der håndterer "FTP PUT"-kommandoer: -når en "mkdir-only"-forespørgsel blev udført, opfangede squid en intern fejl -og stoppede. Da squid er opsat til at genstarte sig selv ved problemer, er -dette ikke noget stort problem. - -

Problemet er rettet i version 2.2.5-3.2, og er logget som fejl nummer 233 i -squid-fejlsystemet, og vil også blive rettet i fremtidige udgaver af squid. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-077.data" -#use wml::debian::translation-check translation="1a4e5aef4c871716b9294d3f3f66afa1f7f32bf8" \ No newline at end of file diff --git a/danish/security/2001/dsa-078.wml b/danish/security/2001/dsa-078.wml deleted file mode 100644 index 6c8ad1902f0..00000000000 --- a/danish/security/2001/dsa-078.wml +++ /dev/null @@ -1,20 +0,0 @@ -fjenudførelse af kommandoer - -Byrial Jensen fandt et alvorligt problem i slrn (en nyhedsgruppelæser med -tråde). Notitsen på slrn-announce beskriver det som følger: - -

-

- Ved forsøg på at dekode binære filer udfører den indbyggede kode et - hvilket som helst script som artiklen måtte indeholde, tilsyneladende - i den formodning at det er en eller anden form for selvudpakkende arkiv. -

-
- -

Problemet er rettet i version 0.9.6.2-9potato2 ved fjernelse af denne -funktionalitet. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-078.data" -#use wml::debian::translation-check translation="6ab326dfd505ca821077c5edce399f2c0f801b86" diff --git a/danish/security/2001/dsa-079.wml b/danish/security/2001/dsa-079.wml deleted file mode 100644 index f427ff4d36b..00000000000 --- a/danish/security/2001/dsa-079.wml +++ /dev/null @@ -1,29 +0,0 @@ -adgang til uucp's uid/gid - -

Zenith Parsec har opdaget i sikkerhedshuk i Taylor UUCP 1.06.1. Det -tillader at en lokal bruger kan kopiere en hvilken som helst fil til et hvilket -som helst sted, som uucp uid'en har skriverettigheder til, der rent praktisk -betyder at en lokal bruger helt kan omstyrte UUCP-undersystemet, inklusive at -stjæle post, osv.

- -

Hvis en fjernbruger med UUCP-adgang har mulighed for at oprette filer på det -lokale system, og med held kan gætte specifikke ting om den lokale -mappestruktur, så kan fjernbrugeren også omstyrte UUCP-systemet. En -standardinstallation af UUCP tillader at en fjernbruger kan oprette filer på -det lokale system, hvis den offentlige UUCP-mappe er oprettet med -skriverettigheder til alle.

- -

Naturligvis er dette sikkerhedshul alvorligt for alle der bruger UUCP på et -flerbrugersystemet med brugere man ikke kan stole på, eller alle der bruger -UUCP og tillader forbindelser med fjernsystemer som man ikke kan stole på.

- -

Man troede at problemet var løst med DSA 079-1, men alle variationer af -problemet var ikke løst. Problemet er rettet i version 1.06.1-11potato2 af -uucp som bruger en rettelse fra opstrømsforfatteren Ian Lance Taylor.

- -

Vi anbefaler at du omgående opgraderer din uucp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-079.data" -#use wml::debian::translation-check translation="953c5b433a7726472cff70c853f9f44ac2a7608c" diff --git a/danish/security/2001/dsa-080.wml b/danish/security/2001/dsa-080.wml deleted file mode 100644 index 2e42918fe79..00000000000 --- a/danish/security/2001/dsa-080.wml +++ /dev/null @@ -1,22 +0,0 @@ -uautoriseret adgang til data - -Nergal rapporterede en \ -særbarhed i htsearch-programmet der distribueres som en del af -ht://Dig-pakken, et indekserings og søgningssystem til små domæner og intranet. -Ved at anvende tidligere versioner, var det muligt at kalde cgi-programmet -med parameteret -c for at benytte en anden konfigurationsfil. - -

En ondsindet bruger kunne få htsearch til at bruge en fil som -/dev/zero og dermed få serveren til at gå i en endeløs løkke, mens -den prøvede at læse opsætningsparametre. Hvis brugeren har skriveadgang på -serveren, kan vedkommende få programmet til at pege på filen, og hente enhver -fil som webserverens brugerid har adgang til. - -

Problemet er rettet i version 3.1.5-2.0potato.1 i Debian GNU/Linux 2.2. - -

Vi anbefaler at du omgående opgraderer din htdig-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-080.data" -#use wml::debian::translation-check translation="1936841f002ca29a0bf824712cb9bb1072141914" diff --git a/danish/security/2001/dsa-081.wml b/danish/security/2001/dsa-081.wml deleted file mode 100644 index acf45b49e4e..00000000000 --- a/danish/security/2001/dsa-081.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

I \ -SNS Advisory No. 32 blev der rapporteret om en sårbarhed i form af et -bufferoverløb, i rutinen som fortolker MIME-headere returneret fra webservere. -En ondsindet webserver-administrator kunne udnytte dette og få webbrowseren til -at udføre vilkårlig kode.

- -

w3m håndterer MIME-headere indeholdt i forspørgsels- og svarmeddelelser i -HTTP-kommunikation som enhver anden webbrowser. Et bufferoverløb kan opstå -når w3m modtager en MIME-indpakket header i base64-format.

- -

Vedligeholderen har rettet problemet i version 0.1.10+0.1.11pre+kokb23-4 af -w3m og w3m-ssl (udgaven med SSL-understøttelse), i Debian GNU/Linux 2.2.

- -

Vi anbefaler at du omgående opgraderer dine w3m-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-081.data" -#use wml::debian::translation-check translation="e30667d7071e2fa0f2894bd237d16d4989d911b5" diff --git a/danish/security/2001/dsa-082.wml b/danish/security/2001/dsa-082.wml deleted file mode 100644 index 0e24daf67ca..00000000000 --- a/danish/security/2001/dsa-082.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -Christophe Bailleux rapporterede på -bugtraq at Xvt er -sårbar overfor et bufferoverløb i dets håndtering af parametre. Da Xvt -installeres som "setuid root", var det muligt for en almindelig bruger at -starte Xvt med nøje fremstillede parametre, således at Xvt kørte en root-shell. - -

Vedligeholderen har rettet problemet i version 2.1-13 aff Xvt i -Debian-unstable og 2.1-13.0potato.1 den stabile Debian GNU/Linux 2.2. - -

Vi anbefaler at du omgående opgraderer din xvt-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-082.data" -#use wml::debian::translation-check translation="9b2fa68c310911f212a25989be4d0235ad54f3af" diff --git a/danish/security/2001/dsa-083.wml b/danish/security/2001/dsa-083.wml deleted file mode 100644 index c0161daf978..00000000000 --- a/danish/security/2001/dsa-083.wml +++ /dev/null @@ -1,16 +0,0 @@ -usikker signalhåndtering - -Det var muligt at få procmail til at gå ned ved at anvende ældre versioner af -programmet, og sende signaler til det. På systemer hvor procmail er -installeret setuid kunne dette udnyttes til at opnå uautoriserede rettigheder. - -

Opstrømsvedligeholderen har rettet problemet i version 3.20, som er at -finde i Debian-unstable. Rettelsen er blevet foretaget i version 3.15.2 som -er tilgængelig i den stabile Debian GNU/Linux 2.2. - -

Vi anbefaler at du omgående opgraderer din procmail-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-083.data" -#use wml::debian::translation-check translation="a4b9edeb0512b131d96a2dfec1c4effcd75855a2" diff --git a/danish/security/2001/dsa-084.wml b/danish/security/2001/dsa-084.wml deleted file mode 100644 index 3c3d62e6838..00000000000 --- a/danish/security/2001/dsa-084.wml +++ /dev/null @@ -1,16 +0,0 @@ -informationshentning - -Stephane Gaudreault fortalte os at -version 2.0.6a af gftp viser kodeordet i ren tekst på skærmen i log-vinduet, -når der logges på en ftp-server. En ondsindet kollega kunne ved at kigge på -skærmen opnå adgang til brugerens shell på fjernmaskinen. - -

Sikkerhedsteamet har rettet problemet i version 2.0.6a-3.2 i den stabile -Debian GNU/Linux 2.2. - -

Vi anbefaler at du opgraderer din gftp-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-084.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" diff --git a/danish/security/2001/dsa-085.wml b/danish/security/2001/dsa-085.wml deleted file mode 100644 index 8c4810e6fe0..00000000000 --- a/danish/security/2001/dsa-085.wml +++ /dev/null @@ -1,18 +0,0 @@ -sårbarhed overfor format-streng - -Takeshi Uno fandt en meget tåbelig format-streng-sårbarhed i alle versioner af -nvi (i begge, den almindelige og den flersprogede version). Når et filnavn -gemmes, vises det på skærmen. Rutinen som tager sig af dette, håndterede det -ikke korrekt. - -

Problemet er rettet i version 1.79-16a.1 af nvi og version 1.79+19991117-2.3 -af nvi-m17n i den stabile Debian GNU/Linux 2.2. - -

Selvom vi ikke tror at dette kunne give nogen adgang til en anden brugers -konto, med mindre vedkommende er gået fra forstanden, så anbefaler vi at du -opgraderer dine nvi-pakker. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-085.data" -#use wml::debian::translation-check translation="36eea2b986041ec2e2e2462d7f7d216e793ec6eb" diff --git a/danish/security/2001/dsa-086.wml b/danish/security/2001/dsa-086.wml deleted file mode 100644 index 4e3ff328dc6..00000000000 --- a/danish/security/2001/dsa-086.wml +++ /dev/null @@ -1,27 +0,0 @@ -fjenudnyttelse af root - -

Vi har modtaget rapporter om at "sårbarheden med opfangelse af angreb mod -SSH CRC-32-kompensering" aktivt udnyttes. Dette er den samme heltalstypefejl -som er rettet i OpenSSH i DSA-027-1. OpenSSH (Debians ssh-pakke) blev rettet -på det tidspunkt, men ssh-nonfree og ssh-socks blev det ikke.

- -

Selvom pakker i den ikke-frie (non-free) del af arkivet ikke officielt -understøttes af Debian-projektet, har vi helt usædvanligt frigivet en opdateret -ssh-nonfree-/ssh-socks-pakke til brugere der endnu ikke har skiftet til -OpenSSH. Vi anbefaler dog at vores brugere begynder skifter til den almindeligt -understøttede, DFSG-frie "ssh"-pakke så snart som muligt. ssh 1.2.3-9.3 er den -OpenSSH-pakke som er tilgængelig i Debian 2.2r4.

- -

De rettede ssh-nonfree-/ssh-socks-pakker er tilgængelige som version -1.2.27-6.2 til anvendelse med Debian 2.2 (potato) og version 1.2.27-8 til -anvendelse med Debians unstabile-/testdistribution. Bemærk at de nye -ssh-nonfree-/ssh-socks-pakker fjerne setuid-bit'en fra den binære ssh-fil, -hvilket slår rhosts-rsa autentification fra. Har du brug for denne -funktionalitet, kan du køre

-

chmod u+s /usr/bin/ssh1

-

efter at have installeret den nye pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-086.data" -#use wml::debian::translation-check translation="f64bdea77b070e5c611b3d02b0f6eba317100b08" diff --git a/danish/security/2001/dsa-087.wml b/danish/security/2001/dsa-087.wml deleted file mode 100644 index 4e7a2dba22d..00000000000 --- a/danish/security/2001/dsa-087.wml +++ /dev/null @@ -1,13 +0,0 @@ -fjernudnyttelse af root - -CORE ST rapporterer at der er fundet en fejl i wu-ftpds "glob"-kode som kan -udnyttes (dette er koden som håndterer udvidelse af filnavne ved hjælp af -"wildcards"). Enhver bruger som er logget ind (inklusive anonyme ftp-brugere) -kan udnytte fejlen til at få root-adgang til serveren. - -

Dette er rettet i version 2.6.0-6 af wu-ftpd-pakken. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-087.data" -#use wml::debian::translation-check translation="d9936be5b6634cdf82735e3c74c6d7a798e84c0d" diff --git a/danish/security/2001/dsa-088.wml b/danish/security/2001/dsa-088.wml deleted file mode 100644 index c858c1491e1..00000000000 --- a/danish/security/2001/dsa-088.wml +++ /dev/null @@ -1,15 +0,0 @@ -forkert brug af escape-tegn - -fml (en postliste-pakke) som distribueres med Debian GNU/Linux 2.2 lider af et -"cross-site"-scriptproblem. Ved generering af indekssider til listearkivet -bliver escapetegn ikke anvendt korrekt i forbindelse med tegnene `<' og -`>' i emnelinier. - -

Dette er rettet i version 3.0+beta.20000106-5, og vi anbefaler at du -opgraderer din fml-pakke til den version. Opgraderingen vil automatisk -generere indekssiderne på ny. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-088.data" -#use wml::debian::translation-check translation="5bfd48981d4bd08b5a05d01bddffae5bb155a199" diff --git a/danish/security/2001/dsa-089.wml b/danish/security/2001/dsa-089.wml deleted file mode 100644 index 6688c770249..00000000000 --- a/danish/security/2001/dsa-089.wml +++ /dev/null @@ -1,25 +0,0 @@ -fjernudnyttelse af root (og andre problemer) - -

Pakken icecast-server (en "streaming music"-server) som distribueres med -Debian GNU/Linux 2.2 har flere sikkerhedsproblemer:

- -
    -
  • hvis en klient tilføjede / efter navnet på en fil der skulle downloades, - kunne serveren gå ned
    • -
  • ved at bruge %2E som foranstillede punktummer var det muligt at omgå - sikkerhedsforanstaltningerne og downloade vilkårlige filer
    • -
  • der var flere bufferoverløb som kunne udnyttes til at opnå - root-adgang
    • -
- -

Disse problemer er rettet i version 1.3.10-1, og vi anbefaler kraftigt at du -omgående opgraderer din icecast-server-pakke. - -

i386-pakken omtalt i bulletinen DSA-089-1 blev ikke kompilet korrekt og -fungerer ikke på maskiner med Debian GNU/Linux' potato. Dette er rettet i -version 1.3.10-1.1. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-089.data" -#use wml::debian::translation-check translation="bbee56b8439219ab61abedae84c557d18f42baf9" diff --git a/danish/security/2001/dsa-090.wml b/danish/security/2001/dsa-090.wml deleted file mode 100644 index 33f6054b9f4..00000000000 --- a/danish/security/2001/dsa-090.wml +++ /dev/null @@ -1,18 +0,0 @@ -symlink-angreb - -

Pakken xtel (en X-emulator til minitel) der distributeres med Debian -GNU/Linux 2.2 har to mulige symlink-angreb:

- -
    -
  • xteld oprettede en midlertidig fil /tmp/.xtel-<user> - uden at undersøge om der var symlinks.
    • -
  • ved udskrift oprettede xtel en midlertidig fil uden at beskytte sig selv - mod symlink-angreb.
    • -
- -

Begge problemer er blevet rettet i version 3.2.1-4.potato.1. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-090.data" -#use wml::debian::translation-check translation="dc3baf57db823133101ebe2f79d512fea6a6ceae" diff --git a/danish/security/2001/dsa-091.wml b/danish/security/2001/dsa-091.wml deleted file mode 100644 index dc27e28b73a..00000000000 --- a/danish/security/2001/dsa-091.wml +++ /dev/null @@ -1,14 +0,0 @@ -påvirking af login - -Hvis UseLogin-funktionen var slået til i ssh kunne lokale brugere overføre -environment-variable (inklusive variable som LD_PRELOAD) til login-proceduren. -Dette er rettet ved ikke at kopiere environment'et hvis UseLogin er slået til. - -

Bemærk at i Debians standardkonfiguration er UseLogin ikke slået til. - -

Dette er rettet i version 1:1.2.3-9.4. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-091.data" -#use wml::debian::translation-check translation="77d9f87a3d967102c04b88784818a67ec8a9e3e0" diff --git a/danish/security/2001/dsa-092.wml b/danish/security/2001/dsa-092.wml deleted file mode 100644 index a6e5916180f..00000000000 --- a/danish/security/2001/dsa-092.wml +++ /dev/null @@ -1,19 +0,0 @@ -lokal root-udnyttelse - -Nicolas Boullis fandt et alvorligt sikkerhedsproblem i wmtv-pakken (en -"dockable" video4linux-tv-afspiller til WindowMaker) som distribueres med -Debian GNU/Linux 2.2. - -

wmtv kan valgfrit udføre en kommando hvis du dobbeltklikker på tv-vinduet. -Denne kommando kan angives ved hjælp af kommandolinieparameteret "-e". Men da -wmtv installeres suid root, blev kommandoen også kørt som root, hvilket gav -lokale brugere en meget enkel måde at få root-adgang på. - -

Dette er blevet rettet i version 0.6.5-2potato1 ved at smide -root-rettighederne væk før kommandoen udføres. Vi anbefaler at du omgående -opgraderer din wmtv-pakke. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-092.data" -#use wml::debian::translation-check translation="f9efc9a3fa35e1c6d9ab31a07e6b6b7e674a28db" diff --git a/danish/security/2001/dsa-093.wml b/danish/security/2001/dsa-093.wml deleted file mode 100644 index 0484cbf4ffa..00000000000 --- a/danish/security/2001/dsa-093.wml +++ /dev/null @@ -1,12 +0,0 @@ -fjern-overbelastningsangreb - -Wietse Venema rapporterede at han har fundet en overbelastningssårbarhed -("denial of service"). i postfix. SMTP-forbindelsesloggen som postfix skriver -til i debug-øjemed kunne vokse til en urimelig størrelse. - -

Dette er rettet i version 0.0.19991231pl11-2. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-093.data" -#use wml::debian::translation-check translation="672cac75afd4600367a37deed4d04012c757a8b2" diff --git a/danish/security/2001/dsa-094.wml b/danish/security/2001/dsa-094.wml deleted file mode 100644 index 28bda870966..00000000000 --- a/danish/security/2001/dsa-094.wml +++ /dev/null @@ -1,13 +0,0 @@ -'cross-site scripting'-hul - -Barry A. Warsaw har rapporteret flere sikkerhedshuller i forbindelse med -"cross-site scripting" i Mailman, på grund af manglende brug af escape-tegn -af CGI-variabler. - -

Dette er rettet opstrøms i version 2.0.8 og de relevante rettelser er -blevet tilbageført til version 1.1-10 i Debian. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-094.data" -#use wml::debian::translation-check translation="92b92dcb2cc472365cd013b61db6340a82fc7b3d" diff --git a/danish/security/2001/dsa-095.wml b/danish/security/2001/dsa-095.wml deleted file mode 100644 index 0b8071c3843..00000000000 --- a/danish/security/2001/dsa-095.wml +++ /dev/null @@ -1,14 +0,0 @@ -lokal rod-sårbarhed - -Pakken 'gpm' indeholder programmet gpm-root, som kan anvendes til -at oprette museaktiverede menuer på konsollen. Blandt andre problemer -indeholder programmet gpm-root en formatstreng-sårbarhed, som -giver en angriber mulighed for at få rod-rettigheder. - -

Dette er rettet i version 1.17.8-18.1 og vi anbefaler at du omgående -opgraderer din 1.17.8-18-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2001/dsa-095.data" -#use wml::debian::translation-check translation="8ff384f7cb57f8ce7f9d1fed969c2aa0d4f628b3" diff --git a/danish/security/2001/index.wml b/danish/security/2001/index.wml deleted file mode 100644 index ed83b297efe..00000000000 --- a/danish/security/2001/index.wml +++ /dev/null @@ -1,13 +0,0 @@ -Sikkerhedsbulletiner fra 2001 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2001', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores -\ -debian-security-announce-postliste. -Du kan også \ -kigge i listens arkiv. diff --git a/danish/security/2002/Makefile b/danish/security/2002/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2002/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2002/dsa-096.wml b/danish/security/2002/dsa-096.wml deleted file mode 100644 index 41a49d179b3..00000000000 --- a/danish/security/2002/dsa-096.wml +++ /dev/null @@ -1,13 +0,0 @@ -buffer-overløb - -Joost Pol har fundet et buffer-overløb i den kode i mutt (et populært -e-mail-læsningsprogram) som håndterer adresser. Selvom der kun er tale om en -enkelt byte kan overløbet alligevel udnyttes. - -

Dette er opstrøms' version 1.2.5.1 og 1.3.25. Den relevante rettelse er -blevet føjet til version 1.2.5-5 i Debians pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-096.data" -#use wml::debian::translation-check translation="8a8ad61629b59f18d5bcaefb1610615ff76fa8bc" diff --git a/danish/security/2002/dsa-097.wml b/danish/security/2002/dsa-097.wml deleted file mode 100644 index d6e83ab6727..00000000000 --- a/danish/security/2002/dsa-097.wml +++ /dev/null @@ -1,24 +0,0 @@ -ukontrolleret programudførelse - -

Patrice Fournier har fundet en fejl i alle versioner af Exim som er ældre -end 3.34 og 3.952.

- -

Exim-vedligeholderen, Philip Hazel, -\ -skriver om dette problem: -"Problemet forekommer kun i tilfælde hvor konfigurationer dirigerer en adresse -til en pipe-transport unden at kontrollere den lokale del af adressen på nogen -måde. Dette gælder for eksempel ikke pipes der kører fra alias- eller -forward-filer, fordi den lokale del af adressen kontrolleres for at sikre at -den svarer til et navn på et alias eller en lokal bruger. Fejlen optræder på -den måde, at en defekt Exim i stedet for at adlyde den korrekte pipe-kommando, -udfører kommandoen som er kodet ind i den lokale del af adressen."

- -

Dette problem er rettet i Exim version 3.12-10.2 i den stabile distribution -af Debian GNU/Linux 2.2 og i version 3.33-1.1 i distributionerne testing og -unstable. Vi anbefaler at du opgraderer din exim-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-097.data" -#use wml::debian::translation-check translation="83bbdaca47faf6e5a1249a8be8bf6b2fd7bad78f" diff --git a/danish/security/2002/dsa-098.wml b/danish/security/2002/dsa-098.wml deleted file mode 100644 index 8352abbb099..00000000000 --- a/danish/security/2002/dsa-098.wml +++ /dev/null @@ -1,23 +0,0 @@ -formatstrengssårbarhed og bufferoverløb - -

To forskellige problemer er blevet fundet i libgtop-daemon:

- -
    -
  • Laboratoriet intexxia har fundet et formatstrengsproblem i logningskoden i - libgtop_daemon. Der var to logningsfunktioner som blev kaldt når en klient - skulle autoriseres, hvilket kunne udnyttes af en fjernbruger.
    • - -
  • Flavio Veloso fandt et bufferoverløb i funktionen som autoriserer - klienter
    • -
- -

Da libgtop_daemon kører som brugeren nobody kunne begge fejl benyttes til at -få adgang som brugeren nobody, til et system som kører libgtop_daemon.

- -

Begge problemer er blevet rettet i version 1.0.6-1.1 og vi anbefaler at du -omgående opgraderer din libgtop-daemon-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-098.data" -#use wml::debian::translation-check translation="7b32c3703a94baceb03e81c056a1888d722ff7e7" diff --git a/danish/security/2002/dsa-099.wml b/danish/security/2002/dsa-099.wml deleted file mode 100644 index 8d4ff14e16e..00000000000 --- a/danish/security/2002/dsa-099.wml +++ /dev/null @@ -1,24 +0,0 @@ -kapring af IRC-session - -

zen-parse har fundet en \ -sårbarhed i IRC-klienten XChat som giver en angriber mulighed for at -overtage brugernes IRC-sessioner.

- -

Det er muligt at snyde XChat IRC-klienter til at sende vilkårlige kommandoer -til IRC-serveren de er tilsluttet, hvilket potentielt kan åbne for angreb ved -at narre andre til at give fortrolige oplysninger om deres system ("social -engineering attack"), og overbelastningsangreb ("denial of service"). Dette -problem findes i versionerne 1.4.2 og 1.4.3. Senere versioner af XChat er også -sårbare, men adfærd kontrolleres af konfigurationsvariablen "percascii", der -som standard er sat til 0. Hvis den er sat til 1 viser problemet sig også i -version 1.6/1.8.

- -

Problemet er rettet i opstrømsversion 1.8.7 og i version 1.4.3-1 i den -aktuelle, stabile Debian udgivelse (2.2) med en rettelse stillet til rådighed -af opstrømsforfatteren, Peter Zelezny. Vi anbefaler at du omgående opgraderer -dine XChat-pakker, da dette problem allerede bliver udnyttet.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-099.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" diff --git a/danish/security/2002/dsa-100.wml b/danish/security/2002/dsa-100.wml deleted file mode 100644 index 34083467981..00000000000 --- a/danish/security/2002/dsa-100.wml +++ /dev/null @@ -1,19 +0,0 @@ -potentielt bufferoverløb - -

GOBBLES har fundet et bufferoverløb i gzip som opstår ved komprimering af -filer med rigtigt lange filnavne. Selvom GOBBLES hævder at have udviklet en -udnyttelse af denne fejl, siger andre at dette -problem sandsynligvis ikke -vil blive udnyttet som som andre sikkerhedsproblemer.

- -

Desuden segfault'er Debians udgave af gzip fra den stabile udgivelse ikke, -og derfor arver den heller ikke direkte problemet. Men vi vil hellere være på -den sikre side og har derfor gjort en opdatering klar.

- -

Kontrollér at du kører en ajourført udgave fra stable/unstable/testing som -er mindst version 1.2.4-33.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-100.data" -#use wml::debian::translation-check translation="53bf82f3a92612287a30149abda57760f0abddc6" diff --git a/danish/security/2002/dsa-101.wml b/danish/security/2002/dsa-101.wml deleted file mode 100644 index f350c0134bc..00000000000 --- a/danish/security/2002/dsa-101.wml +++ /dev/null @@ -1,14 +0,0 @@ -lokal rod-udnyttelse - -

Sebastian Krahmer fra SuSE har fundet en sårbarhed i sudo som -let kunne føre til en lokal rod-udnyttelse.

- -

Dette problem er blevet rettet i opstrøms version 1.6.4 og version -1.6.2p2-2.1 i den stabile udgave af Debian GNU/Linux.

- -

Vi anbefaler at du omgående opgraderer din sudo-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-101.data" -#use wml::debian::translation-check translation="3e04347844f1889b0e3e77ca62857b31e05b5119" \ No newline at end of file diff --git a/danish/security/2002/dsa-102.wml b/danish/security/2002/dsa-102.wml deleted file mode 100644 index 99b967eec56..00000000000 --- a/danish/security/2002/dsa-102.wml +++ /dev/null @@ -1,17 +0,0 @@ -daemon-udnyttelse - -

zen-parse har fundet en fejl i den aktuelle implementering af "at" som fører -til en sårbarhed i forbindelse med ødelæggelse af stakken (heap), som -potentielt kan føre til udnyttelse af en daemon-bruger.

- -

Vi anbefaler at du opgraderer dine at-pakker.

- -

Desværre blev fejlrettelsen fra DSA-102-1 ikke udbedret korrekt på grund af -en pakningsfejl. Selvom filen parsetime.y blev rettet, og yy.tab.c skulle -genereres ud fra den, blev yy.tab.c fra den originale kildekode alligevel -anvendt. Dette er rettet i DSA-102-2.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-102.data" -#use wml::debian::translation-check translation="c1e4dd7cf3425d7a284ebb019095ad8cbf0133c7" \ No newline at end of file diff --git a/danish/security/2002/dsa-103.wml b/danish/security/2002/dsa-103.wml deleted file mode 100644 index 35be63015dc..00000000000 --- a/danish/security/2002/dsa-103.wml +++ /dev/null @@ -1,13 +0,0 @@ -buffer-overløb - -

Et buffer-overløb er blevet fundet i glibcs "globbing"-kode. Denne kode -anvendes til et globalisere mønstre til filnavne og anvendes sædvanligvis i -programmer som shells og ftp-servere.

- -

Dette er blevet rettet i version 2.1.3-20 og vi anbefaler at du omgående -opgraderer din libc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-103.data" -#use wml::debian::translation-check translation="1c68ff4e617748edd68f3562f2da53b3a7138a59" \ No newline at end of file diff --git a/danish/security/2002/dsa-104.wml b/danish/security/2002/dsa-104.wml deleted file mode 100644 index f03311b0707..00000000000 --- a/danish/security/2002/dsa-104.wml +++ /dev/null @@ -1,17 +0,0 @@ -overbelastningsangreb - -

Larry McVoy har fundet en fejl pakkehåndteringskoden i CIPE VPN-pakken: -den kunne gå ned fordi den ikke kontrollerede om en modtaget pakke var for -kort.

- -

Dette er blevet rettet i version 1.3.0-3, og vi anbefaler at du omgående -opgraderer dine CIPE-pakker.

- -

Bemærk at pakken kun indeholder den nødvendige kerne-rettelse (patch), du -skal manuelt generere kerne-modulerne til din kerne med den opdaterede -kildekode fra pakken cipe-source.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-104.data" -#use wml::debian::translation-check translation="f77dcec74045c09894712fc60c9fa2a617752580" \ No newline at end of file diff --git a/danish/security/2002/dsa-105.wml b/danish/security/2002/dsa-105.wml deleted file mode 100644 index c14555ebf94..00000000000 --- a/danish/security/2002/dsa-105.wml +++ /dev/null @@ -1,12 +0,0 @@ -usikre midlertidige filer - -

Det er blevet konstateret at versionen af enscript (et værktøj til -konvertering af ASCII-tekst til forskellige formater) i Potato opretter -midlertidige filer på en usikker måde.

- -

Dette er rettet i version 1.6.2-4.1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-105.data" -#use wml::debian::translation-check translation="def5a0a076dd7ff2aac05b88181c7cc8b8772034" \ No newline at end of file diff --git a/danish/security/2002/dsa-106.wml b/danish/security/2002/dsa-106.wml deleted file mode 100644 index a91802d05cb..00000000000 --- a/danish/security/2002/dsa-106.wml +++ /dev/null @@ -1,21 +0,0 @@ -fjern-udnyttelse - -Sebastian Krahmer har fundet flere steder i -rsync (et populært værktøj til -synkronisering af filer mellem maskiner) hvor tal med og uden fortegn blev -blandet, hvilket resulterede i usikker kode -(se securityfocus.com). -Dette kunne udnyttes af fjernbrugere til at skrive 0-bytes i rsyncs hukommelse -og narre rsync til at udføre vilkårlig kode. - -

Dette er rettet i version 2.3.2-1.3 og vi anbefaler at du omgående -opgraderer din rsync-pakke.

- -

Desværre gjorde rettelsen af dette problem, at rsync holdt op med at virke. -Dette er rettet i version 2.3.2-1.5 og vi anbefaler at du omgående -opgraderer til den version

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-106.data" -#use wml::debian::translation-check translation="3dd6714bfa3884367436b3a46cc38ff96fce5a3c" diff --git a/danish/security/2002/dsa-107.wml b/danish/security/2002/dsa-107.wml deleted file mode 100644 index 998a2a2ebef..00000000000 --- a/danish/security/2002/dsa-107.wml +++ /dev/null @@ -1,20 +0,0 @@ -format print-sårbarhed - -Basalt er dette den samme sikkerhedsbulletin som -DSA 072-1, men vedrørende jgroff i -stedet for groff. Pakken jgroff indeholder en version baseret på groff hvor -japanske tegnsæt er slået til. Denne pakke er kun tilgængelig i Debians -stabile udgave, i den primære groff-pakke er der blevet tilføjet understøttelse -af japansk. - -

Det gamle bulletin lød:

- -

Zenith Parse fandt et sikkerhedsproblem i groff (GNU-udgaven af -troff). pic-kommandoen var sårbar overfor et -printf-format-angreb der gjorde det muligt at omgå `-S'-parameteret og -udføre vilkårlig kode. - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-107.data" -#use wml::debian::translation-check translation="6781ab57b56a0c8e1175e0e661eae9933c423849" \ No newline at end of file diff --git a/danish/security/2002/dsa-108.wml b/danish/security/2002/dsa-108.wml deleted file mode 100644 index 36b21799e5c..00000000000 --- a/danish/security/2002/dsa-108.wml +++ /dev/null @@ -1,20 +0,0 @@ -symlink-sårbarhed - -

Nicolas Boullis har fundet nogle sikkerhedsproblemer i pakken wmtv (en -dock-bar video4linux-tv-afspiller til WindowMaker) som distribueres i Debian -GNU/Linux 2.2. Med den aktuelle version af wmtv, tilbageskrives -opsætningsfilen som superbruger, og uden andre kontroller. En ondsindet bruger -kan bruge det til at ødelægge vigtige filer.

- -

Dette problem er rettet i version 0.6.5-2potato2 i den stabile distribution, -ved at droppe rettigheder så snart som muligt og kun bibeholde dem hvor det er -nødvendigt. I den aktuelle test/unstabile distribution er problemet rettet i -version 0.6.5-9 og højere ved ikke længere at kræve rettigheder. Begge -indeholder desuden rettelser af to potentielle buffer-overløb.

- -

Vi anbefaler at du omgående opgraderer dine wmtv-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-108.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2002/dsa-109.wml b/danish/security/2002/dsa-109.wml deleted file mode 100644 index 2c857648a82..00000000000 --- a/danish/security/2002/dsa-109.wml +++ /dev/null @@ -1,22 +0,0 @@ -"cross-site scripting"-sårbarhed - -

På grund af ukorrekt HTML-kode returnerer Faq-O-Matic ukontrolleret -scriptkode til browseren. Med nogen tilpasning givet det en angriber mulighed -for stjæle "cookies" fra en af Faq-O-Matic-moderatorerne eller -administratoren.

- -

"Cross-Site Scripting" er et problem der giver en ondsindet person mulighed -for at få en anden person til at køre noget JavaScript i dennes browser. -JavaScript'et udføres på offerets maskine og sker indenfor webstedet som kører -vedligeholdelsesprogrammet til Faq-O-Matic Frequently Asked Question.

- -

Dette problem er rettet i version 2.603-1.2 i den stabile distribution af -Debian og i version 2.712-2 i den aktuelle test/unstabile distribution.

- -

Vi anbefaler at du opgraderer faqomatic-pakken, hvis du har installeret -den.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-109.data" -#use wml::debian::translation-check translation="6678c1dff7786db40b2b3b267875555883a33315" diff --git a/danish/security/2002/dsa-110.wml b/danish/security/2002/dsa-110.wml deleted file mode 100644 index eb183f41893..00000000000 --- a/danish/security/2002/dsa-110.wml +++ /dev/null @@ -1,16 +0,0 @@ -bufferoverløb - -

Forfatterne af CUPS, Common UNIX Printing System (almindeligt printsystem -til UNIX), har fundet et potentielt bufferoverløbsfejl i CUPS-daemon'ens kode -hvor den læser attributters navne. Dette påvirker alle versioner af CUPS.

- -

Dette problem er rettet i version 1.0.4-10 i den stabile distribution af -Debian og i version 1.1.13-2 i den aktuelle test/ustabile distribution.

- -

Vi anbefaler at du omgående opgraderer CUPS-pakkerne, hvis du har -installeret dem.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-110.data" -#use wml::debian::translation-check translation="ee24937fbfcb986923c55864c3ff9ced5b7823e3" diff --git a/danish/security/2002/dsa-111.wml b/danish/security/2002/dsa-111.wml deleted file mode 100644 index 500e2d263c9..00000000000 --- a/danish/security/2002/dsa-111.wml +++ /dev/null @@ -1,30 +0,0 @@ -fjern-udnyttelse - -

Secure Programming Group på Oulu University har gennemgået forskellige -implementeringer af SNMP og afslørende adskillige problemer som kan medføre -alt fra overbelastningsangreb ("Denial of Service") til fjern-angreb.

- -

Nye UCD-SNMP-pakker er gjort klar, hvor disse problemer og et par andre er -rettet. Den komplette liste over rettede problemer:

- -
    -
  • Når snmpd kørte eksterne programmer, blev midlertidige filer brugt på en - usikker måde
    • -
  • snmpd nulstillede ikke supplementerede grupper korrekt, efter at have - ændret uid og gid
    • -
  • Det meste af koden er ændret til at anvende buffere i stedet for strenge - med en bestemt længde, for at forhindre bufferoverløb
    • -
  • ASN.1-fortolkeren kontrollerede ikke for negative længder
    • -
  • IFINDEX-svarhåndteringen i snmpnetstat udførte ikke en kontrol af om dens - inddata var fornuftige
    • -
- -

(tak til Caldera for det meste af arbejdet på disse rettelser)

- -

Den nye version er 4.1.1-2.1 og vi anbefaler at du omgående opgraderer dine -snmp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-111.data" -#use wml::debian::translation-check translation="25df86f6bf5e9b7b65813791c15863b5f6a108b0" diff --git a/danish/security/2002/dsa-112.wml b/danish/security/2002/dsa-112.wml deleted file mode 100644 index 618e5f5ad95..00000000000 --- a/danish/security/2002/dsa-112.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Der er fundet et antal bufferoverløbsproblemer i hanterm, en Hangul-terminal -til X11 baseret på xterm, som kan læse og vise koreanske tegn i sit -terminalvindue. Koden til tegnsætshåndtering i hanterm brugte "hard -limited"-strengvariable, men kontrollerede ikke for længdeoverskridelser.

- -

Problemet kan udnyttes af en ondsindet bruger, til at få adgang til gruppen -utmp, som kan skrive wtmp- og utmp-filer. Disse filer registrerer login- og -logout-aktiviteter.

- -

Problemet er rettet i version 3.3.1p17-5.2 i Debians stabile distribution. -En rettet pakket til den aktuelle test/ustabile distribution er endnu ikke -tilgængelig, men vil have et versionsnummer som er højere end 3.3.1p18-6.1.

- -

Vi anbefaler at du omgående opgraderer dine hanterm-pakker, hvis du har -installeret dem. Kendte udnyttelser er allerede tilgængelige.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-112.data" -#use wml::debian::translation-check translation="7613d83e8542de4837c4fb151bcacc3fb9805c1e" diff --git a/danish/security/2002/dsa-113.wml b/danish/security/2002/dsa-113.wml deleted file mode 100644 index 201019e2387..00000000000 --- a/danish/security/2002/dsa-113.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

I november 2000 blev flere bufferoverløb i biblioteket "ncurcses". Desværre -blev en overset. Dette kan være til nedbrud når man ncurses-programmet -anvendes i store vinduer.

- -

Projektet "Common Vulnerabilities and -Exposures" har tildelt navnet -\ -CAN-2002-0062 til dette problem.

- -

Problemet er rettet i version 5.0-6.0potato2 i Debians stabile udgivelse. -Test og den ustabile distribution indeholder ncurses 5.2, der ikke er påvirket -af problemet.

- -

Der er ingen kendte udnyttelser af problemet, men vi anbefaler at alle -brugere omgående opgraderer ncurses.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-113.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" - diff --git a/danish/security/2002/dsa-114.wml b/danish/security/2002/dsa-114.wml deleted file mode 100644 index f4aa0cf210f..00000000000 --- a/danish/security/2002/dsa-114.wml +++ /dev/null @@ -1,22 +0,0 @@ -uautoriseret adgang til filer - -

Thomas Springer har fundet en sårbarhed i GNUJSP, et Java-servlet som gør -det muligt at indsætte Java-kildekode i HTML-filer. Problemet kan udnyttes til -at omgå adgangsbegræsninger på webserveren. En angriber kan se indholdet af -mapper og hente filer direkte, i stedet for at modtage deres HTML-uddata. -Dette betyder at scripts kildekode også kan afsløres.

- -

Stefan Gybas, der vedligeholder Debians GNUJSP-pakke, rettede problemet. Det -er rettet i version 1.0.0-5 i den stabile udgivelse af Debian GNU/Linux.

- -

Versionerne i 'testing' og 'unstable' er de samme som i 'stable', og er -derfor også sårbare. For at løse problemet på disse systemer, kan du -installere den rettede version, som dette bulletin refererer til, da pakken er -arkitektur-uafhængig.

- -

Vi anbefaler at du omgående opgraderer din gnujsp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-114.data" -#use wml::debian::translation-check translation="748db6e403ebcfbbf2d23f6055689d5ef1fb3258" diff --git a/danish/security/2002/dsa-115.wml b/danish/security/2002/dsa-115.wml deleted file mode 100644 index aa428a29978..00000000000 --- a/danish/security/2002/dsa-115.wml +++ /dev/null @@ -1,27 +0,0 @@ -ikke-fungerende grænsetjek og mere - -

Stefan Esser, som også er medlem af PHP-teamet, har fundet flere -fejl i den -måde som PHP håndterer POST-forespørgsler af typen multipart-/form-data (som -beskrevet i RFC1867) kendt som POST-filoverførsler. Alle fejlene kunne give en -angriber mulighed for at udføre vilkårlig kode på offerets system.

- -

I PHP3 består fejlene af et ikke-fungerende grænsetjek og et tilfældigt -stak-overløb. I PHP4 består fejlene af et ikke-fungerende grænsetjek -og en fejl hvor stakken er forskudt med én.

- -

I Debians stabile distribution er problemerne rettet i version -3.0.18-0potato1.1 af PHP3 og version 4.0.3pl1-0potato3 af PHP4.

- -

I Debians ustabile og test-distributioner er problemerne rettet i version -3.0.18-22 af PHP3 og version 4.1.2-1 af PHP4.

- -

Der er ingen PHP4 i den stabile og ustabile distribution til -arm-arkitekturen på grund af en compiler-fejl.

- -

Vi anbefaler at du omgående opgraderer dine PHP-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-115.data" -#use wml::debian::translation-check translation="765f538c8153ec02bfed3f807356ba2e7b4eb854" diff --git a/danish/security/2002/dsa-116.wml b/danish/security/2002/dsa-116.wml deleted file mode 100644 index 1652f32904c..00000000000 --- a/danish/security/2002/dsa-116.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Zorgon har fundet flere bufferoverløb i cfsf, en daemon som leverer -krypertingstjenester til Unix' filsystem. Vi er endnu ikke sikre på om disse -overløb kan udnyttes med succes, til at få rod-adgang på maskinen som kører -CFS-daemonen. Men da cfsd let kan tvinges til at dø, kan en ondsindet bruger -nemt udføre et overbelastningsangreb ("denial of service") mod den.

- -

Problemet er rettet i version 1.3.3-8.1 i Debians stabile distribution, og -i version 1.4.1-5 i Debians test- og ustabile distributioner.

- -

Vi anbefaler at du omgående opgraderer din cfs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-116.data" -#use wml::debian::translation-check translation="8ffe0c51006afed570c6053e07a1a8da1cb826a0" diff --git a/danish/security/2002/dsa-117.wml b/danish/security/2002/dsa-117.wml deleted file mode 100644 index c63a8ebb176..00000000000 --- a/danish/security/2002/dsa-117.wml +++ /dev/null @@ -1,19 +0,0 @@ -ukorrekt initialisering af variabel - -

Kim Nielsen fandt for nylig et internt problem i CVS-serveren og -rapporterede det på postlisten vuln-dev mailing list. Problemet udløses af -en ukorrekt initialiseret global variabel. En bruger kan udnytte dette til at -få CVS-serveren til at gå ned, serveren kan tilgås via pserver-tjenesten og -kører under en fjern brugerid. Det er dog endnu ikke afklaret om en -fjern-konto kan være i farezonen.

- -

Problemet er rettet i version 1.10.7-9 i Debians stabile distribution med -hjælp fra Niels Heinen og i versioner nyere end 1.11.1p1debian-3 i Debians -test- og ustabile distributiner (er dog endnu ikke overført).

- -

Vi anbefaler at du opgraderer din CVS-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-117.data" -#use wml::debian::translation-check translation="aee33e673fa636f3bbea34f5edee0e75fdfb9755" diff --git a/danish/security/2002/dsa-118.wml b/danish/security/2002/dsa-118.wml deleted file mode 100644 index d93600f8d52..00000000000 --- a/danish/security/2002/dsa-118.wml +++ /dev/null @@ -1,16 +0,0 @@ -usikre midlertidige filer - -

Tim Waugh har fundet flere usikre håndteringer af midlertidige filer i -programmet xsane, som anvendes til scanning. I Debians stabile distribution -blev det rettet ved at flytte de pågældende filer til en sikkert oprettet -mappe i mappen /tmp.

- -

Problemet er rettet i version 0.50-5.1 i Debians stabile distribution og i -version 0.84-0.1 i Debians test- og ustabile distributioner.

- -

Vi anbefaler at du opgraderer din xsane-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-118.data" -#use wml::debian::translation-check translation="901514405f912cb313fb30ed1a3704d1143e7cfa" diff --git a/danish/security/2002/dsa-119.wml b/danish/security/2002/dsa-119.wml deleted file mode 100644 index 4cea7adf2af..00000000000 --- a/danish/security/2002/dsa-119.wml +++ /dev/null @@ -1,20 +0,0 @@ -lokal rod-udnyttelse, fjern klient-udnyttelse - -

Joost Pol rapporterer at OpenSSH version -2.0 til 3.0.2 har en forskudt med én-fejl i koden til allokering af kanaler. -Denne sårbarhed kan udnyttes af godkendte brugere til at få rod-rettigheder, -eller af en ondsindet server til at udnytte en klient med fejlen.

- -

Da Debian 2.2 (potato) blev udgivet med OpenSSH ("ssh"-pakken) version -1.2.3, er den ikke sårbar overfor denne udnyttelse. Ingen rettelse er nødvendig -til Debian 2.2 (potato).

- -

Debians unstabile og test-distributioner indeholder en nyere OpenSSH -(ssh)-pakke. Hvis du kører med de disse før-udgivelesesdistributioner bør du -sikre dig at du bruger version 3.0.2p1-8, en rettet version som i dag blev -føjet til den ustabile distributions arkiv, eller en senere version.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-119.data" -#use wml::debian::translation-check translation="8d37ef50b0f1cd1d0cd0e8a651f1b6a719fde006" diff --git a/danish/security/2002/dsa-120.wml b/danish/security/2002/dsa-120.wml deleted file mode 100644 index b474a9be08b..00000000000 --- a/danish/security/2002/dsa-120.wml +++ /dev/null @@ -1,27 +0,0 @@ -bufferoverløb - -

Ed Moyle -\ -fandt for nylig et bufferoverløb i Apache-SSL og mod_ssl. -Med "session caching" slået til serialisere mod_ssl SSL-sessionsvariable, for -at gemme dem til senere brug. Disse variable blev gemt i en buffer med en -bestemt størrelse, uden korrekt kontrol for overskridelse af bufferens -grænser.

- -

For at udnytte overløbet skal serveren være sat op til at kræve -klientcertifikater, og en angriber skal have fat i et omhyggeligt udformet -klientcertifikat, signeret af certificeringsmyndighed som serveren stoler på. -Hvis disse betingelser er opfyldt, er det muligt for angriberen at udføre -vilkårlig kode på serveren.

- -

Problemet er rettet i version 1.3.9.13-4 af Apache-SSL og version -2.4.10-1.3.9-1potato1 af libapache-mod-ssl i Debians stabile distribution, -foruden version 1.3.23.1+1.47-1 af Apache-SSL og version 2.8.7-1 af -libapache-mod-ssl i Debians test- og ustabile distribution.

- -

Vi anbefaler at du opgraderer dine Apache-SSL- og mod_ssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-120.data" -#use wml::debian::translation-check translation="e3a0682a4360857d18b4fc69a7353cbfc22635f8" diff --git a/danish/security/2002/dsa-121.wml b/danish/security/2002/dsa-121.wml deleted file mode 100644 index a00f82fdb6a..00000000000 --- a/danish/security/2002/dsa-121.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb, symlink-problem, ".."-mappegennemløb - -

Der er fundet flere sikkerhedsrelaterede problemer i xtell-pakken, en simpel -postklient og -server. Specifikt er problemerne flere bufferoverløb, et -problem i forbindelse med symbolske links, uautoriseret mappegennemløb når -stien indeholder "..". Problemerne kunne føre til, at en angriber fik mulighed -for at udføre vilkårlig kode på serveren. Som standard kører serveren med -"nobody" som rettighed, og denne konto kunne altså udnyttes.

- -

Problemerne er blevet rettet af Debians vedligeholder af xtell, ved at -tilbageføre ændringer fra en nyere opstrømsversion. Problemerne er rettet i -version 1.91.1 i Debians stabile distribution og i version 2.7 i Debians test- -og ustabile distributioner.

- -

Vi anbefaler at du omgående opgraderer dine xtell-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-121.data" -#use wml::debian::translation-check translation="9161e1484da2b08816136306de69db56e18b9e14" diff --git a/danish/security/2002/dsa-122.wml b/danish/security/2002/dsa-122.wml deleted file mode 100644 index c892efe00c1..00000000000 --- a/danish/security/2002/dsa-122.wml +++ /dev/null @@ -1,42 +0,0 @@ -malloc-fejl (dobbelt frigivelse) - -

Kompressionsbiblioteket zlib indeholder en fejl hvor det prøver at frigive -hukommelse mere end en gang under visse omstændigheder. Dette kan muligvis -udnyttes til at udføre vilkårlig kode i et program som indeholder zlib. Hvis -et netværksprogram der kører som "root" er link'et til zlib, kunne dette -potentielt føre til en fjernudnyttelse af root. Der er ikke kendskab til -udnyttelser på nuværende tidspunkt. Sårbarheden har fået tildelt -CVE-kandidatenavnet -\ -CAN-2002-0059.

- -

zlib-sårbarheden er rettet i Debians zlib-pakke version 1.1.3-5.1. Et antal -programmer link'er enten statisk til zlib, eller indeholder en privat kopi af -zlib-koden. Disse programmer skal også opgraderes for at fjerne sårbarheden i -zlib. Berørte pakker og rettede versioner følger:

- -
    -
  • amaya 2.4-1potato1 -
  • dictd 1.4.9-9potato1 -
  • erlang 49.1-10.1 -
  • freeamp 2.0.6-2.1 -
  • mirrordir 0.10.48-2.1 -
  • ppp 2.3.11-1.5 -
  • rsync 2.3.2-1.6 -
  • vrweb 1.5-5.1 -
- -

Dem der bruger Debians før-udgivelse (test) bør opgradere til zlib -1.1.3-19.1 eller en senere version. Bemærk, da denne version af Debian ikke er -udgivet endnu, vil det opgraderede program måske ikke være tilgængeligt til -alle arkitekturer. Debian 2.2 (potato) er den nyeste, supporterede -udgivelse.

- -

Vi anbefaler at du omgående opgraderer dine pakker. Bemærk, at du bør -genstarte alle programmer som anvender det delte zlib-bibliotek, for at -rettelsen kan træde i kraft. Det gøres lettest ved at genstarte systemet.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-122.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" diff --git a/danish/security/2002/dsa-123.wml b/danish/security/2002/dsa-123.wml deleted file mode 100644 index 0a827301743..00000000000 --- a/danish/security/2002/dsa-123.wml +++ /dev/null @@ -1,12 +0,0 @@ -fjern-udnyttelse - -

Janusz Niewiadomski og Wojciech Purczynski har rapporteret et bufferoverløb -i address_match i listar (et program til håndtering af postlister på -listserv-manér).

- -

Dette er rettet i version 0.129a-2.potato1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-123.data" -#use wml::debian::translation-check translation="0e1ff0a8c1db51043d573e238fc4cee010f3a2f2" diff --git a/danish/security/2002/dsa-124.wml b/danish/security/2002/dsa-124.wml deleted file mode 100644 index 38f04fcf69a..00000000000 --- a/danish/security/2002/dsa-124.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Forfatterne af mtr har udgivet en ny opstrømsversion, med en kommentar i -ændringsloggen om at der er rettet et bufferoverløb, som ikke kunne udnyttes. -Przemyslaw Frasunek har dog fundet en \ -nem måde at udnytte denne fejl på. Fejlen giver en angriber adgang til en -"rå" socket-forbindelse, hvilket gør IP-forfalskning og andre ondsindede -netværksaktiviteter mulige.

- -

Problemet er rettet af Debians vedligeholder i version 0.41-6 i den stabile -distribution ved at tilbageføre opstrøms rettelse, og i Debians test- og -unstabile distributioner er fejlen rettet i version 0.48-1.

- -

Vi anbefaler at du omgående opgraderer din mtr-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-124.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" diff --git a/danish/security/2002/dsa-125.wml b/danish/security/2002/dsa-125.wml deleted file mode 100644 index ee8bd209dbc..00000000000 --- a/danish/security/2002/dsa-125.wml +++ /dev/null @@ -1,22 +0,0 @@ -udførelse af scripts på et andet netsted -# http://www.analog.cx/security4.html - -

Yuji Takahashi har fundet en fejl i analog der giver mulighed for angreb af -typen "cross-site scripting", dvs. udførelse af scripts på et andet netsted. Det -er nemt for en angriber at tilføje vilkårlige strenge i en hvilken som helst -webservers logfil. Hvis strengene dernæst analyseres af analog, kan de vises -sig i rapporten. På den måde kan angriberen føje vilkårlig JavaScript-kode til -for eksempel andres analog-rapporter, og gøre den læsbar for andre. I analog -har man allerede forsøgt at indkapsle usikre tegn for at undgå denne form for -angreb, men konverteringen var ufuldstændig.

- -

Problemet er rettet i opstrøms version 5.22 af analog. Desværre er det et -meget større arbejde end vi kan overkomme, at rette den gamle version af analog -i Debians stabile distribution.

- -

Vi anbefaler at du omgående opgraderer din analog-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-125.data" -#use wml::debian::translation-check translation="12022c9b5ed3b90ab893c8e17490567430523e27" diff --git a/danish/security/2002/dsa-126.wml b/danish/security/2002/dsa-126.wml deleted file mode 100644 index 1fcb158146b..00000000000 --- a/danish/security/2002/dsa-126.wml +++ /dev/null @@ -1,18 +0,0 @@ -udførelse af scripts på et andet netsted - - -

Et problem med udførelse af scripts på et andet netsted ("cross-site -scripting" (CSS)) er blevet opdaget i Horde og IMP (en webbaseret -IMAP-post-pakke). Dette er rettet opstrøms i Horde version 1.2.8 og IMP version -2.2.8. De relevante rettelser er også ført tilbage til horde-pakken med version -1.2.6-0.potato.5 og imp-pakken med version 2.2.6-0.potato.5.

- -

Denne udgivelse retter også en fejl som blev introduceret i forbindelse med -PHP-sikkerhedsrettelsen i DSA-115-1: -Postgres-understøttelse i PHP blev ændret en lille smule, hvilket ødelage -Postgres-understøttelsen i IMP.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-126.data" -#use wml::debian::translation-check translation="463077fd27ece5cc31348879643324e68a3c8e73" diff --git a/danish/security/2002/dsa-127.wml b/danish/security/2002/dsa-127.wml deleted file mode 100644 index a838b5b73bb..00000000000 --- a/danish/security/2002/dsa-127.wml +++ /dev/null @@ -1,14 +0,0 @@ -fjern-bufferoverløb - -

En intern kodegennemgang af vedligeholderne af xpilot (et taktisk -manøvreringsspil til flere personer under X) afslørede et bufferoverløb i -xpilot-serveren. Dette overløb kan misbruges af fjernangribere til at skaffe -sig adgang til serveren, som xpilot-serveren kører på.

- -

Dette er rettet i opstrøms version 4.5.1 og Debian-pakken med version -4.1.0-4.U.4alpha2.4.potato1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-127.data" -#use wml::debian::translation-check translation="6403ab8b4d5803abd84f2c458aac314ee33d08d6" diff --git a/danish/security/2002/dsa-128.wml b/danish/security/2002/dsa-128.wml deleted file mode 100644 index 2d30f69e19d..00000000000 --- a/danish/security/2002/dsa-128.wml +++ /dev/null @@ -1,15 +0,0 @@ -bufferoverløb - -

fc har fundet et bufferoverløb i koden til udfyldning af variable som -anvendes af sudo i forbindelse med dens "prompt". Da det er nødvendigt at -sudo installeres som suid root, kan en lokal bruger udnytte dette til at få -root-rettigheder.

- -

Dette er rettet i version 1.6.2-2.2 i Debians stabile distribution og i -version 1.6.6-1 i test og den ustabile distribution. Vi anbefaler at du -omgående opgraderer din sudo-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-128.data" -#use wml::debian::translation-check translation="74742b2d709a96da79c5e7d342696e9dac4b04e3" diff --git a/danish/security/2002/dsa-129.wml b/danish/security/2002/dsa-129.wml deleted file mode 100644 index f4897284cf1..00000000000 --- a/danish/security/2002/dsa-129.wml +++ /dev/null @@ -1,13 +0,0 @@ -fjern-overbelastningsangreb - -

Det rapporteres at in.uucpd, en autoriseringsagent i uucp-pakken, ikke -afslutter visse lange inddatastrenge korrekt. Dette er rettet i uucp-pakken -med version 1.06.1-11potato3 til Debian 2.2 (potato) og version 1.06.1-18 i den -kommende udgivelse (woody)

- -

Vi anbefaler at du omgående opgraderer din uucp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-129.data" -#use wml::debian::translation-check translation="49a7fdf4f6cd7a3e200a03ef2d4ca7346171037c" diff --git a/danish/security/2002/dsa-130.wml b/danish/security/2002/dsa-130.wml deleted file mode 100644 index d17f6e043a3..00000000000 --- a/danish/security/2002/dsa-130.wml +++ /dev/null @@ -1,22 +0,0 @@ -fjernudløst hukommelsesallokeringsfejl - -

Versioner af ethereal før 0.9.3 var sårbare overfor en allokeringsfejl i -ASN.1-fortolkeren. Dette kan udløses ved analysering af trafik der anvender -protokollerne SNMP, LDAP, COPS eller Kerberos i ethereal. Denne sårbarhed blev -annonceret i ethereals sikkerhedsbulletin -enpa-sa-00003. -Problemet er rettet i ethereal version 0.8.0-3potato i Debian 2.2 (potato).

- -

Desuden er et antal sårbarheder blevet omtalt i ethereals sikkerhedsbulletin -enpa-sa-00004; -versionen af ethereal i Debian 2.2 (potato) er ikke sårbar overfor problemerne -omtalt i dette senere bulletin. Brugere af den endnu ikke udgivne -woody-distribution bør sikre sig at de kører ethereal 0.9.4-1 eller en senere -version.

- -

Vi anbefaler at du omgående opgraderer din ethereal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-130.data" -#use wml::debian::translation-check translation="827ff392fe84fdd8b558605cd87e1c418f267a53" diff --git a/danish/security/2002/dsa-131.wml b/danish/security/2002/dsa-131.wml deleted file mode 100644 index b3030178078..00000000000 --- a/danish/security/2002/dsa-131.wml +++ /dev/null @@ -1,21 +0,0 @@ -fjern-overbelastning/udnyttelse - -

Mark Litchfield har fundet et overbelastningsangreb ("denial of service") i -webserveren Apache. Mens Apache Software Foundation undersøgte problemet, -opdatede de at koden til håndtering af forkerte forespørgsler som anvender -"chunked encoding" også kunne give mulighed for udførelse af vilkårlig kode på -64-bits arkitekturer.

- -

Dette er rettet i version 1.3.9-14.1 i Debians apache-pakke, foruden i -opstrømsversionerne 1.3.26 og 2.0.37. Vi anbefaler kraftigt at du omgående -opgraderer din apache-pakke.

- -

Pakkeopgraderingen genstarter ikke automatisk apache-serveren, dette skal -gøres manuelt. Kontrollér at din opsætning er korrekt ("apachectl -configtest" kontrollerer det for dig) og genstart den ved hjælp af -"/etc/init.d/apache restart".

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-131.data" -#use wml::debian::translation-check translation="40ce2126ebd87d862207b8d6d96677e0b1338a36" diff --git a/danish/security/2002/dsa-132.wml b/danish/security/2002/dsa-132.wml deleted file mode 100644 index b35ce909bd1..00000000000 --- a/danish/security/2002/dsa-132.wml +++ /dev/null @@ -1,23 +0,0 @@ -fjern-overbelastning/udnyttelse - -

Mark Litchfield har fundet et overbelastningsangreb ("denial of service") i -webserveren Apache. Mens Apache Software Foundation undersøgte problemet, -opdatede de at koden til håndtering af forkerte forespørgsler som anvender -"chunked encoding" også kunne give mulighed for udførelse af vilkårlig kode på -64-bits arkitekturer.

- -

Dette er rettet i version 1.3.9.13-4.1 i Debians apache-ssl-pakke, foruden i -opstrømsversionerne 1.3.26 og 2.0.37. Vi anbefaler kraftigt at du omgående -opgraderer din apache-ssl-pakke.

- -

En opdatering til Debian GNU/Linux 3.0-distributionen (woody) som snart -bliver udgivet, er for øjeblikket ikke tilgængelig.

- -

Flere oplysninger: -CVE-2002-0392, -VU#944335.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-132.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" diff --git a/danish/security/2002/dsa-133.wml b/danish/security/2002/dsa-133.wml deleted file mode 100644 index 68750245799..00000000000 --- a/danish/security/2002/dsa-133.wml +++ /dev/null @@ -1,20 +0,0 @@ -fjern-overbelastningsangreb/udnyttelse - -

Mark Litchfield har fundet et overbelastningsangreb ("denial of service") i -webserveren Apache. Mens Apache Software Foundation undersøgte problemet, -opdatede de at koden til håndtering af forkerte forespørgsler som anvender -"chunked encoding" også kunne give mulighed for udførelse af vilkårlig -kode.

- -

Dette er rettet i version 1.3.9-14.1-1.21.20000309-1 i Debians -apache-perl-pakke og vi anbefaler kraftigt at du omgående opgraderer din -apache-perl-pakke.

- -

En opdatering til Debian GNU/Linux 3.0-distributionen (woody) som snart -bliver udgivet, er snart blive gjort tilgængelig.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-133.data" -#use wml::debian::translation-check translation="ba9ff6c874832e7516a161947942b8c7a1a9aff1" diff --git a/danish/security/2002/dsa-134.wml b/danish/security/2002/dsa-134.wml deleted file mode 100644 index 3c3cc9be3d9..00000000000 --- a/danish/security/2002/dsa-134.wml +++ /dev/null @@ -1,138 +0,0 @@ -fjernudnyttelse - -

ISS X-Force udsendte en bulletin om en "Remote Challenge"-sårbarhed i -OpenSSH. Desværre var bulletinen forkert på nogle områder, hvilket medførte -udbredt forvirring om hvor alvorlig denne sårbarhed var. Ingen version af -OpenSSH i Debian er påvirket godkendelsesmetoderne SKEY og BSD_AUTH som -beskrevet i ISS-bulletinen. Men Debians distributioner indeholder -OpenSSH-servere hvor PAM-funktionen beskrevet som sårbar i den senere bullutin -som OpenSSH-teamet udsendte. (Den sårbar funktion er godkendelse ved hjælp af -PAM via en tastaturinteraktiv mekanisme [kbdint].) Sårbarheden påvirker -OpenSSH versionerne 2.3.1 til 3.3. Der er pt. ingen kendt udnyttelse af -PAM/kbdint-sårbarheden, men oplysningerne om den er offentligt kendt. Alle -disse sårbarheder er rettet i OpenSSH 3.4.

- -

Ud over de rettede sårbarheder nævnt ovenfor, understøtter vore -OpenSSH-pakker fra version 3.3 og højere den nye rettighedsseparationsfunktion -(privilege separation) fra Niels Provos, som ændrer SSH til at bruge en -separat upriviligeret proces til at håndtere det meste af arbejdet. -Sårbarheder i de upriviligerede dele af OpenSSH vil føre til kompromittering af -en upriviligeret konto som er begrænset til en tom chroot, fremfor en direkte -root-udnyttelse. Rettighedsseparation skulle hjælpe med at minimere risikoen -for evt. fremtidige kompromitteringer af OpenSSH.

- -

Debian 2.2 (potato) blev udgivet med en ssh-pakke baseret på OpenSSH 1.2.3, -og er ikke sårbar overfor sårbarhederne beskrevet i denne bulletin. Brugere -som stadig kører med version 1.2.3 af ssh-pakken behøver ikke, omgående at -opgradere til OpenSSH 3.4. Brugere som opgraderede til OpenSSH 3.3-pakkerne -der blev udgivet i forbindelse med tidligere udgaver af DSA-134, bør opgradere -til de nye version 3.4 af OpenSSH-pakkerne, da version 3.3-pakkerne er sårbare. -Vi foreslår at brugere som kører med OpenSSH 1.2.3 overvejer at skifte til -OpenSSH 3.4, for at drage nytte af rettighedsseparationsfunktionen. (Dog skal -vi igen nævne at vi ikke har kendskab til nogen sårbarheder i OpenSSH 1.2.3. -Læs venligst advarslerne herunder grundigt før du opgraderer fra OpenSSH -1.2.3.). Vi anbefaler at alle brugere som kører med en tilbageført version af -OpenSSH version 2.0 eller højere på potato skifter til OpenSSH 3.4.

- -

Den aktuelle prøveudgave af Debian Debian (woody) indeholder OpenSSH -3.0.2p1-pakken (ssh) som er særbar overfor PAM/kbdint-problemet beskrevet -ovenfor. Vi anbefaler at brugerne opgraderer til OpenSSH 3.4 og slår -rettighedsseparation til. Læs venligst udgivelsesbemærkningerne nedenfor -omhyggeligt, før du opgraderer. Opdaterede pakker af ssh-krb5 (en -OpenSSH-pakke som understøtter kerberos-godkendelse) er pt. under udvikling. -Brugere som ikke kan opgradere deres OpenSSH-pakker kan omgå de kendte -sårbarheder ved at slå de sårbare funktioner fra: sørg for at de følgende -linier er ukommenterede og tilstede i /etc/ssh/sshd_config og genstart ssh

- -
-  PAMAuthenticationViaKbdInt no
-  ChallengeResponseAuthentication no
-
- -

Der bør ikke være andre PAMAuthenticationViaKbdInt- eller -ChallengeResponseAuthentication-linier i sshd_config.

- -

Hermed slutter særbarhedsafsnittet i denne bulletin. Herunder er -udgivelsesbemærkninger vedrørende OpenSSH 3.4-pakken og -rettighedsseparationsfunktionen. URL'er til OpenSSH 3.4-pakkerne finder du -nederst.

- -

Nogle bemærkninger om mulige problemer i forbindelse med denne -opgradering:

- -
    -
  • Pakken introducerer en ny konto kaldet "sshd" som anvendes i koden til - rettighedsseparationen. Hvis der ikke findes en sshd-konto, vil pakken - forsøge at oprette en. Hvis kontoen allerede findes, vil den blive - genbrugt. Hvis du ikke ønsker dette, er du nødt til manuelt at klare - dette.
    • - -
  • (kun relevant vedrørende potato) Denne opdatering tilføjer en - tilbageførelse af SSL-bibliotekets version 0.9.6c. Dette betyder at du - også skal opgradere libssl0.9.6-pakken.
    • - -
  • (kun relevant vedrørende potato) Denne opdatering bruger SSH-protokollen - i version 2 som standard (også hvis den er sat op til at understøtte - SSH-protokollens version 1). Dette kan betyde at eksisternde opsætninger - holder op med at virke, hvis RSA-adgangskontrol anvendes. Du skal enten: -
      -
    • tilføje -1 til ssh-kaldet for at fortsætte med at bruge - SSH-protokol 1 og dine eksisterende nøgler, eller
      • -
    • ændre Protocol-linien i /etc/ssh/ssh_config og/eller - /etc/ssh/sshd_config til "Protocol 1,2" for at prøve - protokol 1 før 2, eller
      • -
    • oprette nye RSA- eller DSA-nøgler til SSH-protokol 2
      • -
    • - -
  • Som standard er rettighedsseparation slået til, også selvom du ikke - eksplicit slår det til i /etc/ssh/sshd_config.
    • - -
  • falden tilbage fra ssh til rsh er ikke længere tilgængelig.
    • - -
  • (kun relevant vedrørende potato) Rettighedsseparation fungerer ikke pt. - sammen med Linux 2.0-kerner.
    • - -
  • Rettighedsseparation virker ikke pt. med PAM-godkendelse via den - tastaturinteraktive mekanisme.
    • - -
  • Rettighedsseparation får nogle PAM-moduler som forventer at køre som root, - til at holde op med at virke.
    • - -
  • Hvis du af en eller anden grund ikke kan anvende rettighedsseparation for - øjeblikket på grund af et af problemerne beskrevet ovenfor, kan du slå det - fra ved at tilføje "UsePrivilegeSeparation no" til din - /etc/ssh/sshd_config-fil. -
- -

Nogle problemer fra tidligere OpenSSH 3.3p1-pakker, som er rettet ved -udsendelsen af denne bulletin (ikke en fuldstændig ændringslog):

- -
    -
  • (kun relevant vedrørende potato) standardsvaret til - installationsspørgsmålet, "do you want to allow protocol 2 only" ("ønsker - du kun at tillade protokol 2"), er ikke længere "yes" i potato-pakker. - Bruger som svarede ja til dette spørgsmål og også valgte at genopbygge - deres sshd_config-fil, har opdaget at de ikke længere kunne få forbindelse - til deres server via protokol 1. Se /usr/doc/ssh/README.Debian for - en vejledning i hvordan man slår protokol 1 til, hvis man er havnet i denne - situation. Da standard i potato-pakkerne nu er "no", skulle det ikke være - et problem for folk som opgraderer fra version 1.2.3 i fremtiden.
    • - -
  • (kun relevant vedrørende potato) ssh-package er ikke længere i konflikt med - rsh-server, og den er heller ikke et alternativ til rsh
    • - -
  • installationen vil ikke længere mislykkes, hvis brugerne vælger at generere - nøgler til protokol 1.
    • -
- -

Vi beklager igen at det mod sædvane har været nødvendigt at udgive pakker -med større ændringer og mindre aftestning; men den potentielle risiko og det -ikke nærmere beskrevne oprindelige problem taget i betragtning, besluttede vi -at vore brugere ville være bedst tjent med så hurtigt som muligt at få adgang -til pakkerne. Vi vil udsende flere oplysninger så snart vi modtager dem, og vi -vil fortsat arbejde på at løse de tilbageværende problemer.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-134.data" -#use wml::debian::translation-check translation="6822acd35ad6eb7044786082d7d0deb96747c492" diff --git a/danish/security/2002/dsa-135.wml b/danish/security/2002/dsa-135.wml deleted file mode 100644 index daabd6f9201..00000000000 --- a/danish/security/2002/dsa-135.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb / DoS-angreb - -

Pakken libapache-mod-ssl giver Apache-webserveren SSL-funktionalitet. -Nyligt er der fundet et problem i håndteringen af .htaccess-filer, som giver -mulighed for at udføre vilkårlig kode som webserver-brugeren (ligegyldigt -hvordan ExecCGI/suexec er sat op), overbelastningsangreb (lukning af -apache-underprocesser), og give mulighed for at overtage kontrollen af en -underproces - det hele gennem specielt fremstillede .htaccess-filer.

- -

Dette er rettet i pakken libapache-mod-ssl_2.4.10-1.3.9-1potato2 (til -potato) og pakken libapache-mod-ssl_2.8.9-2 (til woody). Vi anbefaler at du -opgraderer så snart som muligt.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-135.data" -#use wml::debian::translation-check translation="417401162dc13ca0f9e6474e512347d4c0481696" diff --git a/danish/security/2002/dsa-136.wml b/danish/security/2002/dsa-136.wml deleted file mode 100644 index ad183678a88..00000000000 --- a/danish/security/2002/dsa-136.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere fjernudnyttelser - -

OpenSSL-udviklingsteamet har annonceret at en sikkerhedsgennemgang foretaget -af A.L. Digital Ltd og The Bunker, under progammet DARPA CHATS, har afsløret -buffer-overløbsbetingelser som kan fjernudnyttes i OpenSSL-koden. Desuden er -der mulighed for et potentielt overbelastningsangreb ("DoS") i ASN1-fortolkeren -i OpenSSL, det blev uafhængigt opdaget af Adi Stav og James Yonan.

- -

CAN-2002-0655 refererer til overløb i buffere som anvendes til opbevaring -ASCII-værdier af heltal på 64-bits platforme. CAN-2002-0656 refererer til -bufferoverløb i SSL2-server-implementationen (ved at sende en ugyldig nøgle til -serveren) og SSL3-klient-implemtationen (ved at sende en stor sessions-id til -klienten). SSL2-problemet blev også bemærket af Neohapsis, som privat har -demonstreret kode til udnyttelse af problemet. CAN-2002-0659 refererer til -problemet med overbelasningsproblemet ASN1-fortolkeren.

- -

Disse sårbarheder er blevet rettet med hensyn til Debian 3.0 (woody) i -openssl094_0.9.4-6.woody.2, openssl095_0.9.5a-6.woody.1 og -openssl_0.9.6c-2.woody.1.

- -

Sårbarhederne er også til stede i Debian 2.2 (potato). Rettede pakker er -tilgængelige som openssl094_0.9.4-6.potato.2 og openssl_0.9.6c-0.potato.4.

- -

En orm udnytter aktivt dette problem på Internet-forbundne værtsmaskiner; vi -anbefaler at du opgraderer din OpenSSL så snart som muligt. Bemærk at du skal -genstarte alle dæmoner som anvender SSL. (For eksempel ssh eller apache hvor -ssl anvendes.) Hvis du er usikker på, hvilke programmer der anvender SSL, kan -du vælge at genstarte maskinen for at sikre dig, at alle kørende dæmoner -anvender de nye biblioteker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-136.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2002/dsa-137.wml b/danish/security/2002/dsa-137.wml deleted file mode 100644 index 0df307bb5e2..00000000000 --- a/danish/security/2002/dsa-137.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikre midlertidige filer - -

Marcus Meissner og Sebastian Krahmer har opdaget og rettet et -sårbarhedsproblem med midlertidige problemer i det delte hukommelsesbibliotek -mm. Problemet kan udnyttes til at få root-adgang til en maskine som kører -Apache som er linket til dette bibliotek, hvis shell-adgang til brugeren -"www-data" allerede er tilgængelig (hvilket nemt kunne ske via PHP).

- -

Problemet er rettet i opstrøms version 1.2.0 af mm, som vil blive uploadet -til Debians ustabile distribution mens denne bulletin frigives. Der er links -til rettede pakker til potato (Debian 2.2) og woody (Debian 3.0) nedenfor.

- -

Vi anbefaler at du omgående opgraderer dine libmm-pakker og genstarter din -Apache-server.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-137.data" -#use wml::debian::translation-check translation="3bf429a9cb930437fd7a2cdfdbcb0ed3aad51497" diff --git a/danish/security/2002/dsa-138.wml b/danish/security/2002/dsa-138.wml deleted file mode 100644 index 486fbcaad56..00000000000 --- a/danish/security/2002/dsa-138.wml +++ /dev/null @@ -1,13 +0,0 @@ -fjernudnyttelse - -

Der er blevet fundet et problem i gallery (et webbaseret fotoalbumsværktøj): -det var muligt at for en fjernbruger at angive variablen GALLERY_BASEDIR, -hvilket gjorde det muligt at udføre kommandoer under webserverens uid.

- -

Dette er rettet i version 1.2.5-7 af Debian-pakken og opstrøms version -1.3.1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-138.data" -#use wml::debian::translation-check translation="4f7cabc58e2e8775aa994f0ae2de81e1f3149a89" diff --git a/danish/security/2002/dsa-139.wml b/danish/security/2002/dsa-139.wml deleted file mode 100644 index 6379a0cd64e..00000000000 --- a/danish/security/2002/dsa-139.wml +++ /dev/null @@ -1,18 +0,0 @@ -format-strengssårbarhed - -

GOBBLES har fundet en forkomest af usikker anvendelse af format-strenge i -pakken super. Det inkluderede program super er beregnet til at give brugere og -programmer adgang til visse systembrugere, i lighed med programmet sudo. Ved -at udnytte denne format-strengssårbarhed kan en lokal bruger opnå uautoriseret -rood-adgang.

- -

Dette problem er rettet i version 3.12.2-2.1 i den gamle stabile -distribution (potato), i version 3.16.1-1.1 i den aktuelle stabile distribution -(woody) og i version 3.18.0-3 i den ustabile distribution (sid).

- -

Vi anbefaler at du omgående opgraderer din super-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-139.data" -#use wml::debian::translation-check translation="baa65bb58d59eef1a078b5b7a133fc96c3c2ac4c" diff --git a/danish/security/2002/dsa-140.wml b/danish/security/2002/dsa-140.wml deleted file mode 100644 index 65855fd4ebf..00000000000 --- a/danish/security/2002/dsa-140.wml +++ /dev/null @@ -1,36 +0,0 @@ -bufferoverløb - -

Udviklere af PNG-biblioteket har rettet bufferoverløb i den progressive -læsningsrutine når PNG-datastrømmen indeholder flere IDAT-data end der er -angivet i IHDR-chunk'en. Sådanne overlagt misdannede datastrømme kunne få -programmer til at gå ned, hvilket potentielt kunne give en angriber mulighed -for at udføre ondsindet kode. Programmer som Galeon, Konqueror og forskellige -andre anvender disse biblioteker.

- -

Desuden retter pakkerne nedenfor et andet potentielt bufferoverløb. Der er -implementeret en sikkerhedsmargen i PNG-bibliotekerne, som også er indeholdt i -en nyere opstrømsudgave. Tak til Glenn Randers-Pehrson for at give os -besked.

- -

For at finde ud af hvilket pakker som er afhængige af dette bibliotek, kan -du udføre kommandoerne:

- -
-    apt-cache showpkg libpng2
-    apt-cache showpkg libpng3
-
- -

Dette problem er rettet i version 1.0.12-3.woody.2 af libpng og i -version 1.2.1-1.1.woody.2 af libpng3 i den aktuelle stabile distribution -(woody), samt i version 1.0.12-4 af libpng og i version 1.2.1-2 af libpng3 i -den ustabile distribution (sid). Debians potato-udgave lader ikke til at være -sårbar.

- -

Vi anbefaler at du omgående opgraderer dine libpng-pakker og genstarter -programmer og dæmoner som link'er til disse biblioteker og læser eksterne data, -som for eksempel webbrowsere.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-140.data" -#use wml::debian::translation-check translation="13c452a4e1790e20bd9ca8396296691eadf9703d" diff --git a/danish/security/2002/dsa-141.wml b/danish/security/2002/dsa-141.wml deleted file mode 100644 index cfa680716b3..00000000000 --- a/danish/security/2002/dsa-141.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb - -

Eckehard Berns har opdaget et bufferoverløb i programmet munpack, som -anvendes til dekodning af binære filer i e-mails i MIME-format (Multipurpose -Internet Mail Extensions). Hvis munpack køres på en passende misdannet e-mail -(eller indlæg i en nyhedsgruppe) vil programmet gå ned, og måske kan det fås -til at køre vilkårlig kode.

- -

Herbert Xu har rapporteret en sårbarhed mere som påvirker misdannede -filnavne, der refererer til filer i overliggende mapper som "../a". -Sikkerhedsrisikoen er dog begrænset, fordi kun et enkelt foranstillet "../" -accepteres og der kun kun oprettes nye filer (dvs. ingen filer kan -overskrives).

- -

Begge problemer er rettet i version 1.5-5potato2 i den gamle stabile -distribution (potato), i version 1.5-7woody2 i den aktuelle stabile -distribution (woody) og i version 1.5-9 i den ustabile distribution (sid).

- -

Vi anbefaler at du omgående opgraderer din mpack-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-141.data" -#use wml::debian::translation-check translation="9732e586e1ba28dae1242fa915f0506d2eda84ad" diff --git a/danish/security/2002/dsa-142.wml b/danish/security/2002/dsa-142.wml deleted file mode 100644 index 807a310f9d5..00000000000 --- a/danish/security/2002/dsa-142.wml +++ /dev/null @@ -1,22 +0,0 @@ -heltalsoverløb - -

En heltalsoverløbsfejl er opdaget i RPC-biblioteket som anvendes af -database-serveren OpenAFS, der er afledt fra SunRPC-biblioteket. Fejlen kunne -udnyttes til at få visse af OpenAFS' servere til at gå ned (volserver, -vlserver, ptserver, buserver) eller til at opnå uautoriseret root-adgang til en -værtsmaskine som kørte en af disse processer. Ingen er endnu ingen kendte -udnyttelser.

- -

Dette problem er rettet i version 1.2.3final2-6 i den aktuelle stabile -distribution (woody) og i version 1.2.6-1 i den ustabile distribution (sid). -Debian 2.2 (potato) er ikke påvirket da den ikke indeholder OpenAFS-pakker.

- -

OpenAFS er kun tilgængelig til arkitekturerne alpha, i386, powerpc, s390 og -sparc, hvorfor vi kun stiller rettede pakker til rådighed til disse.

- -

Vi anbefaler at du opgraderer dine openafs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-142.data" -#use wml::debian::translation-check translation="414a665abfe83a45a1f26980ac5eab1ec35917a1" diff --git a/danish/security/2002/dsa-143.wml b/danish/security/2002/dsa-143.wml deleted file mode 100644 index c6186c1a113..00000000000 --- a/danish/security/2002/dsa-143.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

En heltalsoverløbsfejl er opdaget i RPC-biblioteket som anvendes af -administrationssystemet til Kerberos 5, der er afledt af SunRPC-biblioteket. -Fejlen kunne udnyttes til at opnå uautoriseret root-adgang til en KDC-vært. -Man mener at en angriber skal være i stand til at blive autentificeret af -kadmin-dæmonen for at dette angreb skal lykkes. Der er endnu ingen kendte -udnyttelser.

- -

Dette problem er rettet i version 1.2.4-5woody1 i den aktuelle stabile -distribution (woody) og i version 1.2.5-2 i den ustabile distribution (sid). -Debian 2.2 (potato) er ikke påvirket da den ikke indeholder krb5-pakker.

- -

Vi anbefaler at du omgående opgraderer dine kerberos-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-143.data" -#use wml::debian::translation-check translation="f06d0e399e44a5a00fe38f405c3197a345bb2b28" diff --git a/danish/security/2002/dsa-144.wml b/danish/security/2002/dsa-144.wml deleted file mode 100644 index 27e954df43b..00000000000 --- a/danish/security/2002/dsa-144.wml +++ /dev/null @@ -1,23 +0,0 @@ -uhensigtsmæssig håndtering af inddata - -

Der er opdaget er problem i wwwoffle. Webproxy'en håndterede ikke inddata -med negative "Content-Length"-indstillinger på en hensigtsmæssigmåde, hvilket -fik den behandlende underproces til at gå ned.

- -

Desuden bliver tomme adgangskoder behandlet som forkerte i woody-versionen, -når man prøver at blive autentificeret. I woody-versionen erstattede vi også -CanonicaliseHost() med den seneste rutine fra 2.7d, som stilles til rådighed af -opstrømsudvikleren. Dette forhindrer dårlige IP-adresser i IPv6-format i -URL'er i at give problemer (hukommelsesoverskrivelse, potentielle -udnyttelser).

- -

Dette problem er rettet i version 2.5c-10.4 i den gamle stabile distribution -(potato), i version 2.7a-1.2 i den aktuelle stabile distribution (woody) og i -version 2.7d-1 i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer dine wwwoffle-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-144.data" -#use wml::debian::translation-check translation="a5c75317f556eef873742423188f6cd21a549e88" diff --git a/danish/security/2002/dsa-145.wml b/danish/security/2002/dsa-145.wml deleted file mode 100644 index cf340f874d4..00000000000 --- a/danish/security/2002/dsa-145.wml +++ /dev/null @@ -1,18 +0,0 @@ -dobbelt-frigivelse af hukommelse - -

Forfatterne af tinyproxy, en letvægts-HTTP-proxy, opdagede en fejl i -håndteringen af nogle ukorrekte proxy-forespørgsler. Under nogle -omstændigheder kunne en ukorrekt forespørgsel resultere i at allokeret -hukommelse blev frigivet to gange. Dette kunne potentielt føre til afvikling -af vilkårlig kode.

- -

Dette problem er rettet i version 1.4.3-2woody2 i den aktuelle stabile -distribution (woody) og i version 1.4.3-3 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket af dette problem.

- -

Vi anbefaler at du omgående opgraderer dine tinyproxy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-145.data" -#use wml::debian::translation-check translation="1936841f002ca29a0bf824712cb9bb1072141914" diff --git a/danish/security/2002/dsa-146.wml b/danish/security/2002/dsa-146.wml deleted file mode 100644 index 79bde65a7e6..00000000000 --- a/danish/security/2002/dsa-146.wml +++ /dev/null @@ -1,21 +0,0 @@ -heltalsoverløb - -

En heltalsoverløbsfejl er opdaget i RPC-biblioteket som anvendes af -dietlibc, et libc optimeret til at fylde mindre, som er afledt af -SunRPC-biblioteket. Denne fejl kunne udnyttes til at opnå uautoriseret -root-adgang til programmer som linker til denne kode. Pakkerne nedenfor retter -også heltalsoverløb i koden til calloc, fread og fwrite. Der er også mere -strikse med hensyn til fjendtlige DNS-pakker som ellers kunne føre til en -sårbarhed.

- -

Disse problemer er rettet i version 0.12-2.4 i den aktuelle stabile -distribution (woody) og i version 0.20-0cvs20020808 i den ustabile distribution -(sid). Debian 2.2 (potato) er ikke påvirket da den ikke indeholder -dietlibc-pakker.

- -

Vi anbefaler at du omgående opgraderer dine dietlibc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-146.data" -#use wml::debian::translation-check translation="8b42e1150c36058439d0d39d8f62352b3d2ae990" diff --git a/danish/security/2002/dsa-147.wml b/danish/security/2002/dsa-147.wml deleted file mode 100644 index d328798ec8d..00000000000 --- a/danish/security/2002/dsa-147.wml +++ /dev/null @@ -1,20 +0,0 @@ -"cross-site scripting"-sårbarhed - -

En "cross-site scripting"-sårbarhed er opdaget i mailman, et program til -håndtering af postlister. Når en URL fremstillet på den rette måde tilgås med -Internet Explorer (andre browsere lader ikke til at være påvirket), vises -websiden på samme måde som den rigtige, men JavaScript-komponentent udføres -også, hvilket kunne anvendes af en angriber til at få adgang til følsomme -oplysninger. Den nye version i Debian 2.2 indeholder også en tilbageførsel af -sikkerhedsrelaterede rettelser fra mailman 2.0.11.

- -

Dette problem er rettet i version 2.0.11-1woody4 i den aktuelle stabile -distribution (woody), i version 1.1-10.1 i den gamle stabile distribution -(potato) og i version 2.0.12-1 i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer din mailman-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-147.data" -#use wml::debian::translation-check translation="43ceb80284a736733653d01a001e86f4d94f3f8b" diff --git a/danish/security/2002/dsa-148.wml b/danish/security/2002/dsa-148.wml deleted file mode 100644 index 8e30395173a..00000000000 --- a/danish/security/2002/dsa-148.wml +++ /dev/null @@ -1,43 +0,0 @@ -bufferoverløb og format-strengssårbarheder - -

Et antal problemer er opdateret i Hylafax, et fleksibelt -klient-/server-faxprogram som distribueres med mange GNU/Linux-distributioner. -Et citat fra SecurityFocus uddyber problemerne:

- -
    -
  • En format-strengssårbarhed gør det muligt for brugere potentielt at udføre - vilkårlig kode på nogle systemer. På grund af utilstrækkelig kontrol af - inddata, er det muligt at udføre et format-strengsangreb. Da det kun - påvirker systemer hvor programmerne faxrm og faxalter er installeret setuid, - er Debian ikke sårbar.
    • - -
  • Et bufferoverløb i Hylafax er rapporeret. En ondsindet faxoverførsel kan - indeholde en lang scan-linie som får hukommelsesbufferen til at løbe over, - og dermed ødelægge tilstødende hukommelse. En udnyttelse kan resultere i - et overbelastningsangreb ("denial of service"), eller muligvis i udførelse - af vilkårlig kode med root-rettigheder.
    • - -
  • En format-strengssårbarhed er opdaget i faxgetty. Indkommende faxmeddelelser - indeholder en Transmitting Subscriber Identification (TSI)-streng, som - bruges til at identificere den afsendende faxmaskine. Hylafax anvender - disse data som del af en format-streng, uden på tilstrækkelig vis at rense - inddataene. Ondsindede faxdata kan forsage at serveren går ned, - resulterende i et overbelastningsangreb.
    • - -
  • Marcin Dawcewicz har opdaget en format-strengssårbarhed i hfaxd, hvilket får - hfaxd til at gå ned under visse betingelser. Da Debian ikke installerer - hfaxd som setuid root, kan problemet ikke direkte føre til en sårbarhed. - Dette er rettet af Darren Nickerson, og er allerede til stede i nyere - versioner, men ikke den i potato.
    • -
- -

Disse problemer er rettet i version 4.0.2-14.3 i den gamle stabile -distribution (potato), i version 4.1.1-1.1 i den aktuelle stabile distribution -(woody) og i version 4.1.2-2.1 i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer dine hylafax-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-148.data" -#use wml::debian::translation-check translation="2bd18a67682540fb7c79d49a858ca9bcfaa704ed" diff --git a/danish/security/2002/dsa-149.wml b/danish/security/2002/dsa-149.wml deleted file mode 100644 index 31290073179..00000000000 --- a/danish/security/2002/dsa-149.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

En heltalsoverløbsfejl er opdaget i RPC-biblioteket som anvendes af -GNU libc, der er afledt af SunRPC-biblioteket. Denne fejl kunne udnyttes til at -opnå uautoriseret root-adgang til programmer som linker til denne kode. Pakkerne -nedenfor retter også heltalsoverløb i malloc-koden. De indeholder også en -rettelse fra Andreas Schwab til reducering af linebuflen samtidig med at den -øger bufferpointeren i NSS DNS-koden.

- -

Dette problem er rettet i version 2.1.3-23 i den gamle stabile distribution -(potato), i version 2.2.5-11.1 i den aktuelle stabile distribution (woody) og i -version 2.2.5-13 i den unstabile distribution (sid).

- -

Vi anbefaler at du omgående opgraderer dine libc6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-149.data" -#use wml::debian::translation-check translation="552816a6040161e20725b9cb48238a60a97e2e47" diff --git a/danish/security/2002/dsa-150.wml b/danish/security/2002/dsa-150.wml deleted file mode 100644 index a52d5ad54f2..00000000000 --- a/danish/security/2002/dsa-150.wml +++ /dev/null @@ -1,22 +0,0 @@ -illegal fil-blottelse - -

Der er opdaget et problem i Interchange, en system til elektronisk handel og -generel HTTP-databasevisning, som kan føre til at en angriber kan læse alle -filer som brugeren af Interchange-systemet har tilstrækkelige rettigheder til, -når Interchange kører i "INET"-tilstand (internet domain socket). Det er ikke -standardindstillingen i Debian-pakker, men kan sættes op med Debconf og via -opsætningsfilen. Vi mener også at fejlen ikke kan udnyttes på et almindeligt -Debian-system.

- -

Dette problem er rettet af pakkens vedligeholder i version -4.8.3.20020306-1.woody.1 i den aktuelle stabile distribution (woody) og i -version 4.8.6-1 i den ustabile distribution (sid). Den gamle stabile -distribution (potato) er ikke påvirket, da den ikke indeholder -Interchange-systemet.

- -

Vi anbefaler at du opgraderer dine interchange-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-150.data" -#use wml::debian::translation-check translation="f6ae9c6fa541c206c8d12c29b0ac8abac42c3c60" diff --git a/danish/security/2002/dsa-151.wml b/danish/security/2002/dsa-151.wml deleted file mode 100644 index 2bf6a1bb7a9..00000000000 --- a/danish/security/2002/dsa-151.wml +++ /dev/null @@ -1,19 +0,0 @@ -pipe-blottelse - -

Solar Designer har fundet en sårbarhed i xinetd, en erstatning for den -BSD-afledte inetd. Signal-pipe'enes fildeskriptorer som blev indført i version -2.3.4 lækker ind i tjeneste som startes fra xinetd. Deskriptorene kan bruges -til at kommunikere med xinetd, resulterende i at få programmet til at gå helt -ned. Dette kaldes normalt overbelastning ("denial of service").

- -

Dette problem er rettet af pakkes vedligeholder i version 2.3.4-1.2 i den -aktuelle stabile distribution (woody) og i version 2.3.7-1 i den ustabile -distribution (sid). Den gamle stabile distribution (potato) er ikke påvirket, -da den ikke indeholder signal-pipe'n.

- -

Vi anbefaler at du opgraderer dine xinetd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-151.data" -#use wml::debian::translation-check translation="746a4c24b87d3e19f91bcd864c9cc097f25c71ea" diff --git a/danish/security/2002/dsa-152.wml b/danish/security/2002/dsa-152.wml deleted file mode 100644 index 54ce71941e5..00000000000 --- a/danish/security/2002/dsa-152.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende "random seed" - -

Aktuelle versioner af l2tpd, et "layer 2 tunneling"-klient/server-program, -glemte at initialisere tilfældighedsgeneratoren, hvilket gjorde den sårbar, da -alle genererede tilfældige tal kunne gættes med hundrede procents sikkerhed. -Ved håndtering af værdien i et sæt af attributværdier, kunne for mange bytes -kopieres, hvilket kunne føre til at feltet "vendor" blev overskrevet.

- -

Disse problemer er rettet i version 0.67-1.1 i den aktuelle stabile -distribution (woody) og i version 0.68-1 i den ustabile distribution (sid). Den -gamle stabile distribution (potato) er ikke påvirket, da den ikke indeholder -pakken l2tpd.

- -

Vi anbefaler at du opgraderer dine l2tpd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-152.data" -#use wml::debian::translation-check translation="b777090c7e5f56aeff16395d586da588f139e7a8" diff --git a/danish/security/2002/dsa-153.wml b/danish/security/2002/dsa-153.wml deleted file mode 100644 index 2a0b9c51cb5..00000000000 --- a/danish/security/2002/dsa-153.wml +++ /dev/null @@ -1,51 +0,0 @@ -"cross site"-udførelse af kode - -

Joao Gouveia har opdaget en uninitialiseret variabel som blev anvendt -usikkert med fil-indbefatninger i pakken mantis, et PHP-baseret -fejlhåndteringssystem. Debians sikkerhedsteam fandt flere lignende problemer. -Når disse tilfælde udnyttes, kan en fjern-bruger udføre vilkårlig kode under -webserverens bruger-id på den webserver som mantis er installeret på.

- -

Jeroen Latour har opdaget at Mantis ikke kontrollerede alle en brugers -inddata, specielt hvis de ikke kommer direkte fra formularfelter. Dette åber -for en hel række SQL-forgiftningssårbarheder på systemer hvor magic_quotes_gpc -ikke er slået til. De fleste af disse sårbarheder kan kun udnyttes i begrænset -omfang, da det ikke længere er muligt at udføre flere forespørgsler ved hjælp -af et kald til mysql_query(). Der er en forespørgsel som kan snydes til at -ændre en kontos adgangsniveau.

- -

Jeroen Latour fortæller også at det er muligt at få Mantis til kun at vise -rapportører de fejl, de har rapporteret, ved at sætte indstillingen -limit_reporters til ON. Dog kontrollerede programmet ikke indstillingen -limit_reporters når uddata blev formateret så de kunne udskrives, og gav dermed -rapportører mulighed for at se et resume af fejl som de ikke har -rapporteret.

- -

Jeroen Latour opdagede at siden der sørger for at vise en liste over fejl i -et bestemt projekt, ikke kontrollerer hvorvidt brugeren rent faktisk har adgang -til projektet, som overføres i en cookie-variabel. Ved en fejl stolede -programmet på det faktum, at kun projekter som brugeren har adgang til blev -anført i en drop-down-menu. Dette giver en ondsindet bruger mulighed for at -vise fejl i private projekter.

- -

Disse problemer er rettet i version 0.17.1-2.2 i den aktuelle stabile -distribution (woody) og i version 0.17.4a-2 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da den ikke indeholder -mantis-pakken.

- -

Yderligere oplysninger:

- - - -

Vi anbefaler at du omgående opgraderer dine mantis-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-153.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2002/dsa-154.wml b/danish/security/2002/dsa-154.wml deleted file mode 100644 index 50d3f23c32f..00000000000 --- a/danish/security/2002/dsa-154.wml +++ /dev/null @@ -1,19 +0,0 @@ -rettighedsforøgelse - -

Der er opdaget en \ -svaghed i FAMs gruppehåndtering. Effekten er at brugere ikke kan læse -FAM-mapper som de har gruppelæsnings- og gruppeudførelsesrettigheder til. -Dog kan brugere uden rettigheder potentielt finde frem til navne på filer som -kun brugere i gruppen root skulle kunne se.

- -

Dette problem er rettet i version 2.6.6.1-5.2 i den aktuelle stabile -distribution (woody) og i version 2.6.8-1 (og alle senere versioner) i den -ustabile distribution (sid). Den gamle stabile distribution (potato) er ikke -påvirket, da den ikke indeholder fam-pakker.

- -

Vi anbefaler at du opgraderer dine fam-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-154.data" -#use wml::debian::translation-check translation="ce4405c9fba1f7ab746e490b1e208d42d35b4e7f" diff --git a/danish/security/2002/dsa-155.wml b/danish/security/2002/dsa-155.wml deleted file mode 100644 index 3ba4643b6eb..00000000000 --- a/danish/security/2002/dsa-155.wml +++ /dev/null @@ -1,29 +0,0 @@ -privatlivsindbrud med Konqueror - -

På grund af en forglemmelse ved implementeringen af sikkerhed, kontrollerer -SSL-biblioteket fra KDE, som Konqueror bruger, ikke hvorvidt et mellemliggende -certifikat til en forbindelse er signeret af certificeringsmyndigheden som -værende sikker til formålet, men accepterer certifikatet hvis det er signeret. -Dette gør det muligt for enhver med et gyldigt websteds-SSL-certifikat fra -VeriSign at forfalske ethvert andet websteds-SSL-certifikat fra VeriSign, og -dermed udnytte brugere af Konqueror.

- -

En lokal root-udnyttelse ved hjælp af artsd er opdaget, den udnytter -en usikker brug af en format-streng. Udnyttelsen fungerer ikke på -Debian-systemer, da artsd ikke kører setuid root. Hverken artsd eller -artswrapper behøver at være setuid root mere, da nuværende computersystemer er -hurtige nok til at håndtere lyddataene uden vanskeligheder.

- -

Disse problemer er rettet i version 2.2.2-13.woody.2 i den aktuelle stabile -distribution (woody). Den gamle stabile distribution (potato) er ikke -påvirket, da den ikke indeholder KDE-pakker. I den ustabile distribution -(sid), er problemet ikke rettet endnu, men nye pakker forventes senere og den -rettede version vil være 2.2.2-14 eller højere.

- -

Vi anbefaler at du opgraderer dine kdelibs og libarts-pakker og genstarter -Konqueror.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-155.data" -#use wml::debian::translation-check translation="fbd7af7d4edfd4cf5cd8dc79ac4548e406bbf29d" diff --git a/danish/security/2002/dsa-156.wml b/danish/security/2002/dsa-156.wml deleted file mode 100644 index 0f4775231f4..00000000000 --- a/danish/security/2002/dsa-156.wml +++ /dev/null @@ -1,19 +0,0 @@ -vilkårlig udførelse af script - -

Alle versioner af EPIC-scriptet Light før version 2.7.30p5 (på 2.7-grenen) -og før version 2.8pre10 (på 2.8-grenen) kørende på en hvilken som helst -platform, er sårbar overfor en fejl som kan fjern-udnyttes, hvilket kan føre -til næsten vilkårlig udførelse af kode.

- -

Dette problem er rettet i version 2.7.30p5-1.1 i den aktuelle stabile -distribution (woody) og i version 2.7.30p5-2 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder Light-pakken.

- -

Vi anbefaler at du opgraderer din epic4-script-light-pakke og genstarter -din IRC-klient.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-156.data" -#use wml::debian::translation-check translation="4ce2f1ea053de49d2adede9a58d9bf648e6f229f" diff --git a/danish/security/2002/dsa-157.wml b/danish/security/2002/dsa-157.wml deleted file mode 100644 index 58e4dd4040a..00000000000 --- a/danish/security/2002/dsa-157.wml +++ /dev/null @@ -1,19 +0,0 @@ -overbelasningsangreb - -

IRC-klienten irssi er sårbar overfor et overbelasningsangreb ("denial of -service"). Problemet opstår når en bruger forsøger at tilslutte sig en kanal -som har en ekstra lang emnebeskrivelse. Når en bestemt streng tilføjes til -emnet, går irssi ned.

- -

Dette problem er rettet i version 0.8.4-3.1 i den aktuelle stabie -distribution (woody) og i version 0.8.5-2 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da tilsvarende steder -i kildekoden ikke findes. Det samme gælder irssi-gnome og irssi-gtk, der -heller ikke lader til at være påvirket.

- -

Vi anbefaler at du opgraderer din irssi-text-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-157.data" -#use wml::debian::translation-check translation="6d50331f8498754d60f2015d21f8e15ed06fbf38" diff --git a/danish/security/2002/dsa-158.wml b/danish/security/2002/dsa-158.wml deleted file mode 100644 index 5dcca3bc9a0..00000000000 --- a/danish/security/2002/dsa-158.wml +++ /dev/null @@ -1,29 +0,0 @@ -vilkårlig programudførelse - -

Udviklerne af Gaim, en klient til omgående udveksling af beskeder, der -kombinerer flere forskellige netværk, har fundet en sårbarhed i koden som -håndterer hyperlinks. Browser-kommandoen "Manual" overfører en utroværdig -streng til kommandofortolkeren uden at anvende undvigesekvenser eller pålidelig -anvendelse af anførselstegn, hvilket giver en angriber mulighed for at udføre -vilkårlige kommandoer på brugerens maskine. Desværre viser Gaim ikke -hyperlink'et før brugeren klikker på det. Bruger der anvender indbyggede -browser-kommandoer er ikke sårbare.

- -

Dette problem er rettet i version 0.58-2.2 i den aktuelle stabile -distribution (woody) og i version 0.59.1-2 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder programmet Gaim.

- -

Den rettede version af Gaim overfører ikke længere brugerens manuelle -browser-kommando til kommandofortolkeren. Kommandoer som indeholder %s i -anførselstegn skal ændres, så de ikke nogen anførselstegn. Browser-kommandoen -"Manual" kan ændres på fanebladet "General" i dialogen "Preferencens", som -fremkommer når man klikker på "Options" i login-vinduet, eller på "Tools" og -dernæst "Preferences" i menubjælken i buddy-list-vinduet.

- -

Vi anbefaler at du omgående opgraderer din gaim-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-158.data" -#use wml::debian::translation-check translation="b683fd461d031035624a738a969d37fb4d260052" diff --git a/danish/security/2002/dsa-159.wml b/danish/security/2002/dsa-159.wml deleted file mode 100644 index 64b6d755627..00000000000 --- a/danish/security/2002/dsa-159.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikre midlertidige filer - -

Zack Weinberg har opdaget usikker anvendelse af midlertidige filer i -os._execvpe from os.py. Der anvendes et forudsigeligt navn, hvilket kunne føre -til udførelse af vilkårlig kode.

- -

Dette problem er rettet i flere versioner af Python: I den aktuelle stabile -distribution (woody) er det rettet i version 1.5.2-23.1 af Python 1.5, i -version 2.1.3-3.1 af Python 2.1 og i version 2.2.1-4.1 af Python 2.2. I den -gamle stabile distribution (potato) er det blevet rettet i version -1.5.2-10potato12 af Python 1.5. I den ustabile distribution (sid) er det -blevet rettet i version 1.5.2-24 af Python 1.5, i version 2.1.3-6a af Python -2.1 og i version 2.2.1-8 af Python 2.2. Python 2.3 er ikke påvirket af dette -problem.

- -

Vi anbefaler at du omgående opgraderer dine Python-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-159.data" -#use wml::debian::translation-check translation="0a16238978f5a74e5e453dc0960cbae462d8b4fe" diff --git a/danish/security/2002/dsa-160.wml b/danish/security/2002/dsa-160.wml deleted file mode 100644 index bc9bfea76cd..00000000000 --- a/danish/security/2002/dsa-160.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker oprettelse af midlertidige filer - -

Spybreak har opdaget et problem i scrollkeeper, et frit elektronisk system -til katalogisering af dokumentation. Programmet scrollkeeper-get-cl opretter -midlertidige filer på en usikker måde i /tmp, ved anvendelse af filnavne som -kan gættes. Da scrollkeeper startes automatisk når en bruger aktiverer en -Gnome-session, kan en angriber med lokal adgang nemt udgive sig som en anden -bruger ved oprettelse og overskrivelse af filer.

- -

Dette problem er rettet i version 0.3.6-3.1 i den aktuelle stabile -distribution (woody) og i version 0.3.11-2 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder pakken scrollkeeper.

- -

Vi anbefaler at du omgående opgraderer dine scrollkeeper-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-160.data" -#use wml::debian::translation-check translation="5d267c0764bc80766193a9540f065a54ddfc9f84" diff --git a/danish/security/2002/dsa-161.wml b/danish/security/2002/dsa-161.wml deleted file mode 100644 index 4e21f8f563c..00000000000 --- a/danish/security/2002/dsa-161.wml +++ /dev/null @@ -1,29 +0,0 @@ -rettighedsforøgelse - -

Der er opdaget et problem med brugerrettigheder i pakken Mantis, et -PHP-baseret fejlhåndteringssystem. Mantis-systemet kontrollerede ikke hvorvidt -en bruger har lov til at se en fejl, men viser den med det samme hvis brugeren -indtastede en gyldig fejl-identifikation.

- -

En anden fejl i Mantis fik 'View Bugs'-siden til at vise fejl fra både -offentlige og private projekter, når den aktuelle bruger ikke havde adgang til -nogen projekter.

- -

Disse problemer er rettet i version 0.17.1-2.5 i den aktuelle stabile -distribution (woody) og i version 0.17.5-2 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder mantis-pakken.

- -

Yderligere oplysninger

- - - -

Vi anbefaler at du opgraderer din mantis-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-161.data" -#use wml::debian::translation-check translation="f57c8a58d075a95019fa91ec673df38f845d6200" diff --git a/danish/security/2002/dsa-162.wml b/danish/security/2002/dsa-162.wml deleted file mode 100644 index 1a6323a6f9c..00000000000 --- a/danish/security/2002/dsa-162.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Udviklerne af Ethereal har opdaget et bufferoverløb i rutinen til -dissekering af ISIS-protokollen. Det kan være muligt at få Ethereal til at gå -ned eller hænge ved at indsprøjte en med vilje misdannet pakke i -forbindelsen, eller ved at få nogen til at læse en misdannet pakkesporingsfil. -Det kan være muligt at få Ethereal til at udføre vilkårlig kode ved at udnytte -buffer- og pointer-problemerne.

- -

Dette problem er rettet i version 0.9.4-1woody2 i en aktuelle stabile -distribution (woody), i version 0.8.0-4potato.1 i den gamle stabile -distribution (potato) og i version 0.9.6-1 i den ustabile distribution -(sid).

- -

Vi anbefaler at du opgraderer dine ethereal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-162.data" -#use wml::debian::translation-check translation="64d52f702a87d1ebdc358715fca8fa6e4062b743" diff --git a/danish/security/2002/dsa-163.wml b/danish/security/2002/dsa-163.wml deleted file mode 100644 index ae82c2d5f8d..00000000000 --- a/danish/security/2002/dsa-163.wml +++ /dev/null @@ -1,49 +0,0 @@ -"cross site"-udførelse af script - -

Jason Molenda og Hiromitsu Takagi har -fundet nogle -måder hvorpå man kan udnytte "cross site"-scriptfejl i mhonarc, et e-mail til -HTML-konverteringsprogram. Når ondsindet udformede e-mails af typen text/html -behandles, deaktiverer mhonarc ikke alle script-dele korrekt. Dette er rettet -i opstrøms version 2.5.3.

- -

Hvis du bekymrer dig om sikkerhed, anbefales det at du slår understøttelsen -af text/html-breve fra i dine e-mail-arkiver. Der er ingen garanti for at -biblioteket mhtxthtml.pl er robust nok til at udrydde alle mulige udnyttelser -som kan ske med HTML-data.

- -

For at udelukke HTML-data, kan du bruge ressourcen MIMEEXCS. For -eksemepl:

- -
    
-    <MIMEExcs>
-    text/html
-    text/x-html
-    </MIMEExcs>
-
- -

Typen "text/x-html" anvendes nok ikke mere, men det er godt at tage den med, -bare for en sikkerheds skyld.

- -

Hvis du er bange for at dette kan blokere hele indholdet i nogle breve, kan -du i stedet gøre som følger:

- -
-    <MIMEFilters>
-    text/html; m2h_text_plain::filter; mhtxtplain.pl
-    text/x-html; m2h_text_plain::filter; mhtxtplain.pl
-    </MIMEFilters>
-
- -

Dette behandler HTML-kode som text/plain.

- -

Ovennævnte problemer er rettet i version 2.5.2-1.1 i den aktuelle stabile -distribution (woody), i version 2.4.4-1.1 i den gamle stabile distribution -(potato) og i version 2.5.11-1 i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer dine mhonarc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-163.data" -#use wml::debian::translation-check translation="9bd83223bd6c25b1bc3a5151273a69ff17ffd8ef" diff --git a/danish/security/2002/dsa-164.wml b/danish/security/2002/dsa-164.wml deleted file mode 100644 index bf718cc2e65..00000000000 --- a/danish/security/2002/dsa-164.wml +++ /dev/null @@ -1,20 +0,0 @@ -udførelse af vilkårlig kode - -

Der er opdaget et problem i cacti, en PHP-baseret overbygning til rrdtool -der bruges til overvågning af systemer og tjenester. Problemet kunne føre til -at cacti udførte vilkårlig programkode under webserverens brugerid. Problemet -gælder dog kun for brugere, som allerede har administratorrettigheder i -cacti-systemet.

- -

Dette problem er rettet ved at fjerne alle dollar- og accent grave-tegn fra -titel-strengen i version version 0.6.7-2.1 i den aktuelle stabile distribution -(woody) og i version 0.6.8a-2 i den ustabile distribution (sid). Den gamle -stabile distribution (potato) er ikke påvirket, da den ikke indeholder pakken -cacti.

- -

Vi anbefaler at du omgående opgraderer din cacti-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-164.data" -#use wml::debian::translation-check translation="16753e055fc35625a7a66288e1bd1d3a1eed9617" diff --git a/danish/security/2002/dsa-165.wml b/danish/security/2002/dsa-165.wml deleted file mode 100644 index 09862b7facd..00000000000 --- a/danish/security/2002/dsa-165.wml +++ /dev/null @@ -1,44 +0,0 @@ -bufferoverløb - -

Mordred Labs og andre har fundet flere sårbarheder i PostgreSQL, en -objektrelations-SQL-database. Sårbarhederne stammer fra flere bufferoverløb -og heltalsoverløb. Specielt fremstillede lange dato- og klokkesletsinddata, -beløb, gentagne data og lange tidszonenavne kunne få PostgreSQL-serveren til at -gå ned, det samme gælder specielt fremstillede inddata til lpad() og rpad(). -Flere buffer-/heltalsoverløb blev fundet i circle_poly(), path_encode() og -path_addr().

- -

Bortset fra de sidste tre, er disse problemer rettet i opstrøms version -7.2.2 af PostgreSQL, som er den version det anbefales at bruge.

- -

De fleste af disse problemer findes ikke den den version af PostgreSQL som -Debian leverer i potato-udgaven, da den tilsvarende funktionalitet ikke er -implementeret. Men PostgreSQL 6.5.3 er ganske gammel og kan indeholde flere -risici end vi er bekendt med, hvilket kan være flere bufferoverløb, og helt -sikkert fejl der kan true de datas integritet.

- -

Vi anbefaler kraftigt at du ikke bruger den udgave, men i stedet opgraderer -dit system til Debian 3.0 (stable) inklusive PostgreSQL version 7.2.1, hvor -mange fejl er rettet og nye funktioner tilføjet, for at øge kompatibiliteten -med SQL-standarderne.

- -

Hvis du overvejer at opgradere, så sørg for at dump'e hele databasesystemet -ved hjælp af værktøjet pg_dumpall. Vær opmærksom på at nyere udgaver af -PostgreSQL håndterer sine inddata mere strikst. Dette betyder at tests som -"foo = NULL" som ikke er korrekt, ikke længere vil blive accepteret. Det -betyder også at når man anvender UNICODE-indkapsling, er ISO 8859-1 og ISO -8859-15 ikke længere lovlige indkapslinger ved tilføjelse af data til en -relation. I sådanne tilfælde anbefales det at konvertere det pågældende dump -ved hjælp af recode latin1..utf-16.

- -

Disse problemer er rettet i version 7.2.1-2woody2 i den aktuelle stabile -distribution (woody) og i version 7.2.2-2 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er delvist påvirket og vi leverer en -rettet version 6.5.3-27.2 til den.

- -

Vi anbefaler at du opgraderer dine PostgreSQL-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-165.data" -#use wml::debian::translation-check translation="a087948ecd4b3d7de2a1c29ef95becc2f44d4097" diff --git a/danish/security/2002/dsa-166.wml b/danish/security/2002/dsa-166.wml deleted file mode 100644 index 12c3ebdf851..00000000000 --- a/danish/security/2002/dsa-166.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Der er opdaget to bufferoverløb i purity, et spil til nørder og hackere, der -installeres "setgid games" på Debian-systemer. Problemerne kunne udnyttes til -at opnå uautoriseret adgang til gruppen games. En onsindet bruger kunne ændre -på flere spils highscore.

- -

Disse problemer er rettet i version 1-14.2 i den aktuelle stabile -distribution (woody), i version 1-9.1 i den gamle stabile distribution (potato) -og i version 1-16 i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer dine purity-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-166.data" -#use wml::debian::translation-check translation="597062fb50c44c251eb9991ec3292a5aeb0b5931" diff --git a/danish/security/2002/dsa-167.wml b/danish/security/2002/dsa-167.wml deleted file mode 100644 index ae3181c20fc..00000000000 --- a/danish/security/2002/dsa-167.wml +++ /dev/null @@ -1,24 +0,0 @@ -"cross site"-udførelse af script - -

Der er fundet et problem med "cross site"-udførelse af scripts i Konqueror, -en kendt browser til KDE og andre programmer som bruger KHTML. KDE-holdet -\ -rapporterer at Konquerors beskyttelse mod "cross site"-udførelse af scripts -ikke får initialiseret domæner på under-(i)frames korrekt. Som resultat kan -JavaScripts få adgang til enhver fremmed under-frame som er defineret i -HTML-koden. Brugere af Konqueror og andre KDE-programmer som anvender -KHTML-fortolksningsmaskinen kan blive ofre for et angreb hvor "cookies" stjæles -og der udføres "cross site"-scripts.

- -

Dette problem er rettet i version 2.2.2-13.woody.3 i den aktuelle stabile -distribution (woody) og i version 2.2.2-14 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da den ikke indeholdt -KDE.

- -

Vi anbefaler at du opgraderer dine kdelibs-pakker og genstarter -Konqueror.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-167.data" -#use wml::debian::translation-check translation="5f138a7be1d2647b78d40676578d6cf82af9320f" diff --git a/danish/security/2002/dsa-168.wml b/danish/security/2002/dsa-168.wml deleted file mode 100644 index fc4810382bb..00000000000 --- a/danish/security/2002/dsa-168.wml +++ /dev/null @@ -1,51 +0,0 @@ -omgåelse af safe_mode, CRLF-indsættelse - -

Wojciech Purczynski har opdaget er det er muligt for scripts at overføre -vilkårlig tekst til sendmail som en kommandolinieudvidelse, når man sender en -e-mail gennem PHP, også selvom safe_mode ("sikker tilstand") er slået til. -Overførslen af det femte parameter burde være slået fra når PHP er opsat til at -køre i safe_mode, hvilket er tilfældet for nyere PHP-versioner og for -versionerne nævnt nedenfor. Dette påvirker dog ikke PHP3.

- -

Wojciech Purczynski opdagede også at vilkårlige ASCII-kontroltegn kan -indsættes i mail()-funktionens strengparametre. Hvis mail()-parametre kommer -fra brugerens uddata, kan det give brugeren mulighed for at ændre på indholdet -af meddelelsen, blandt andre header-linierne.

- -

Ulf Härnhammar har opdaget af file() og fopen() er sårbare overfor -CRLF-indsættelse. En angriber kan bruge det til at omgå visse restriktioner og -tilføje vilkårlig tekst til hvad der ser ud som HTTP-forespørgsler, der slippes -igennem.

- -

Dette sker dog kun hvis noget overføres til disse funktioner, noget der -hverken er et gyldigt filnavn eller en gyldig URL. Enhver streng som -indeholder kontroltegn kan ikke være en gyldig URL. Før man overfører en -streng, som skulle være en URL, til en hvilken som helst funktion, skal man -først anvende urlencode() for at indkapsle det pågældende.

- -

Tre problemer er blevet identificeret i PHP:

- -
    -
  1. Funktionen mail() tillader at vilkårlige e-mail-headere kan angives som - en modtageradresse eller emne indeholdende CR/LF-tegn.
    2. - -
  2. Funktionen mail() slår ikke på korrekt vis overførlsen af vilkårlige - kommandolinie-parametre til sendmail fra, når man kører i "Safe Mode".
    3. - -
  3. Funktionen fopen() tillader, når den henter en URL, at der manipuleres - med forespørgslen efter ressourcen gennem en URL indeholdende CR/LF-tegn. - For eksempel kan headere blive føjet til HTTP-forespørgslen.
    4. -
- -

Disse problemer er rettet i PHP3 version 3.0.18-23.1woody1 og PHP4 4.1.2-5 i -den aktuelle stabile distribution (woody), i PHP3 version 3.0.18-0potato1.2 og -PHP4 4.0.3pl1-0potato4 i den gamle stabile distribution (potato) og i PHP3 -version 3.0.18-23.2 og PHP4 4.2.3-3 i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer dine PHP-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-168.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" - diff --git a/danish/security/2002/dsa-169.wml b/danish/security/2002/dsa-169.wml deleted file mode 100644 index b13cca66818..00000000000 --- a/danish/security/2002/dsa-169.wml +++ /dev/null @@ -1,20 +0,0 @@ -"cross site"-udførelse af script - -

Ulf Härnhammar har -\ -opdaget et problem i PHP-grænsefladen til ht://Check. PHP-grænsefladen -viser ukontrollerede oplysninger som er opsamlet ved at "kravle" rundt på -eksterne webservere. Dette kan føre til et "cross site"-udførelse af -script-angreb, hvis nogen har kontrol over hvad der sendes tilbage fra en -fjern-server som ht://Check "kravler" rundt på.

- -

Dette problem er løst i version 1.1-1.1 i den aktuelle stabile distribution -(woody) og i version 1.1-1.2 i den ustabile udgave (sid). Den gamle stabile -udgave (potato) indeholder ikke pakken htcheck.

- -

Vi anbefaler at du omgående opgraderer din htcheck-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-169.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" diff --git a/danish/security/2002/dsa-170.wml b/danish/security/2002/dsa-170.wml deleted file mode 100644 index c580ac4579f..00000000000 --- a/danish/security/2002/dsa-170.wml +++ /dev/null @@ -1,20 +0,0 @@ -afsløring af kildekode - -

En sikkerhedssårbarhed er blevet opdaget i alle Tomcat 4.x-udgaver. -Problemet tillader en angriber at bruge en specielt fremstillet URL til at -returnere den ubehandlede kildekode fra en JSP-side, eller under særlige -omstændigheder, en statisk ressource som ellers ville have været beskyttet af -sikkerhedsbegrænsninger, uden at det er nødvendigt at være autentificeret på -korrekt vis.

- -

Problemet er rettet i version 4.0.3-3woody1 i den aktuelle stabile -distribution (woody) og i version 4.1.12-1 i den ustabile udgave (sid). -Den gamle udgave (potato) indeholder ikke tomcat-pakker. tomcat3-pakkerne er -desuden ikke sårbare overfor dette problem.

- -

Vi anbefaler at du omgående opgraderer din tomcat-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-170.data" -#use wml::debian::translation-check translation="bf945389e258ddef21e7ed102a7e0ebd0081ccca" diff --git a/danish/security/2002/dsa-171.wml b/danish/security/2002/dsa-171.wml deleted file mode 100644 index b32f6c6afda..00000000000 --- a/danish/security/2002/dsa-171.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

Stefan Esser \ -har opdaget flere bufferoverløb og en ikke-fungerende grænsekontrol i -fetchmail. Hvis fetchmail kører i "multidrop"-tilstand, kan disse fejl -udnyttes af fjernangribere til at få programmet til at gå end, eller til at -udføre vilkårlig kode under den brugerid hørende til den bruger som kører -fetchmail. Afhængigt af opsætningen kan dette medfør en -fjern-root-udnyttelse.

- -

Disse problemer er rettet i version 5.9.11-6.1 i både fetchmail og -fetchmail-ssl i den aktuelle stabile distribution (woody), i version 5.3.3-4.2 -af fetchmail i den gamle stabile distribution (potato) og i version 6.1.0-1 af -både fetchmail og fetchmail-ssl i den ustabile distribution (sid). Der er -ingen fetchmail-ssl-pakker til den gamle stabile distribution (potato) og -derfor ingen opdateringer.

- -

Vi anbefaler at du omgående opgraderer dine fetchmail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-171.data" -#use wml::debian::translation-check translation="269c4b5e0f47d3cd59635308d79780725eaa9d7d" diff --git a/danish/security/2002/dsa-172.wml b/danish/security/2002/dsa-172.wml deleted file mode 100644 index d8cb2420eb8..00000000000 --- a/danish/security/2002/dsa-172.wml +++ /dev/null @@ -1,16 +0,0 @@ -usikre midlertidige filer - -

Man har opdaget at tkmail opretter midlertidige filer på en usikker måde. -En angriber med lokal adgang kan udnytte dette til nemt at oprette og -overskrive filer som en anden bruger.

- -

Dette problem er rettet i version 4.0beta9-8.1 i den aktuelle stabile -distribution (woody), i version 4.0beta9-4.1 i den gamle stabile distribution -(potato) og version 4.0beta9-9 i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer dine tkmail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-172.data" -#use wml::debian::translation-check translation="6e68ed20e3107b0590c5753b26942fc8f7232fb7" diff --git a/danish/security/2002/dsa-173.wml b/danish/security/2002/dsa-173.wml deleted file mode 100644 index c63d84375e9..00000000000 --- a/danish/security/2002/dsa-173.wml +++ /dev/null @@ -1,22 +0,0 @@ -rettighedsforøgelse - -

Udviklerne af Bugzilla, et webbaseret system til fejlhåndtering, har opdaget -et problem i håndtering af mere end 47 grupper. Når et nyt produkt føjes til -en installation med mere end 47 grupper og "usebuggroups" er slået til, vil den -nye gruppe få tildelt en groupset-bit ved hjælp af Perl-matematik som ikke er -helt nøjagtigt over 248. Dette medfører at den nye gruppe defineres -med en "bit" hvor flere bits er sat. Når brugere får adgang til den nye -gruppe, får de også adgang til tilfældige grupper med lavere grupperettigheder. -Desuden bliver gruppebits ikke altid genbrugt, når grupper slettes.

- -

Dette problem er rettet i version 2.14.2-0woody2 i den aktuelle stabile -distribution (woody) og vil snart være rettet i den ustabile distribution -(sid). Den gamle stabile distribution (potato) indeholder ikke pakken -bugzilla.

- -

Vi anbefaler at du opgraderer din bugzilla-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-173.data" -#use wml::debian::translation-check translation="0ee5580662d2529a7ef88543c861de4397b6fd1f" diff --git a/danish/security/2002/dsa-174.wml b/danish/security/2002/dsa-174.wml deleted file mode 100644 index 1f5c86ae917..00000000000 --- a/danish/security/2002/dsa-174.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Nathan Wallwork har \ -opdaget et bufferoverløb i heartbeat, et undersystem til High-Availability -Linux. En fjernangriber kunne sende specielt fremstillede UDP-pakker som fik -bufferen til at løbe over, og dermed få heartbeat til at udføre vilkårlig kode -som root.

- -

Dette problem er rettet i version 0.4.9.0l-7.2 i den aktuelle stabile -distribution (woody) og version 0.4.9.2-1 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) indeholder ikke pakken heartbeat.

- -

Vi anbefaler at du omgående opgraderer din heartbeat-pakke hvis du kører -servere som er forbundet med Internet og overvåges af heartbeat.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-174.data" -#use wml::debian::translation-check translation="b20114ac24612d4491ea4981de2ccff9c3f95d90" diff --git a/danish/security/2002/dsa-175.wml b/danish/security/2002/dsa-175.wml deleted file mode 100644 index 58fa942925f..00000000000 --- a/danish/security/2002/dsa-175.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Balazs Scheidler har -opdaget et -problem med den måde syslog-ng håndterer makroudvidelser. Når en makro -udvides, anvendes en buffer hvis længde er statisk sammen med en tæller. Men -når konstante tegn tilføjes, opdateres tælleren ikke korrekt, hvilket fører til -en ukorrekt grænsekontrol ("boundary checking"). En angriber kan måske anvende -specielt fremstillede logmeddelelser som er indsat via UDP, som får bufferen -til at løbe over.

- -

Dette problem er rettet i version 1.5.15-1.1 i den aktuelle stabile -distribution (woody), i version 1.4.0rc3-3.2 i den gamle stabile distribution -(potato) og version 1.5.21-1 i den ustabile distribution (sid).

- -

Vi anbefaler at du omgående opgraderer din syslog-ng-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-175.data" -#use wml::debian::translation-check translation="e85141ac1c6f4d0e84afa75b735869a9823c34ec" diff --git a/danish/security/2002/dsa-176.wml b/danish/security/2002/dsa-176.wml deleted file mode 100644 index 3b2e26b9242..00000000000 --- a/danish/security/2002/dsa-176.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Zen-parse har opdaget et bufferoverløb i gv, en program til fremvisning af -PostScript- og PDF-filer til X11. Problemet opstår når PostScript-filen -scannes og kan udnyttes af en angriber ved at sende en misdannet PostScript- -eller PDF-fil. Angriberen kan få afviklet vilkårlig kode med offerets -rettigheder.

- -

Dette problem er rettet i version 3.5.8-26.1 i den aktuelle stabile -distribution (woody), i version 3.5.8-17.1 i den gamle stabile distribution -(potato) og i version 3.5.8-27 i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer din gv-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-176.data" -#use wml::debian::translation-check translation="d2a7faa5a95e9b5f3dbe5b3f1f47e578b3ffe103" diff --git a/danish/security/2002/dsa-177.wml b/danish/security/2002/dsa-177.wml deleted file mode 100644 index e4642440230..00000000000 --- a/danish/security/2002/dsa-177.wml +++ /dev/null @@ -1,27 +0,0 @@ -alvorligt sikkerhedsbrud - -

Et alvorligt sikkerhedsbrud er opdaget i PAM. Adgangskoder som er slået fra -(dvs. dem med "*" i adgangskodefilen) blev klassificeret som tomme adgangskoder -og adgang til sådanne konti gives via den almindelige login-procedure (getty, -telnet, ssh). Det fungerer sådan for alle sådanne konti hvis shell-felt i -adgangskodefilen ikke peger på /bin/false. Kun version 0.76 af -PAM lader til at være påvirket af dette problem.

- -

Dette problem er rettet i version 0.76-6 i den aktuelle ustabile -distribution (sid). Den stabile distribution (woody), den gamle stabile -distribution (potato) og test-distributionen (sarge) er ikke påvirket af dette -problem.

- -

Som beskrevet i Debians sikkerhedsteams \ -OSS, "testing" og "unstable" ændrer sig hele tiden og sikkerhedsteamet har -ikke de nødvendige ressourcer til at understøtte disse på den rigtige måde. -Denne sikkerhedsbulletin er en undtagelse fra denne regel, på grund af -problemets alvor.

- -

Vi anbefaler at du omgående opgraderer dine PAM-pakker hvis du kører -Debian/unstable.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-177.data" -#use wml::debian::translation-check translation="b1aa8859413be94d7d462a95019ab1ccbf3d21e2" diff --git a/danish/security/2002/dsa-178.wml b/danish/security/2002/dsa-178.wml deleted file mode 100644 index fed82775cb3..00000000000 --- a/danish/security/2002/dsa-178.wml +++ /dev/null @@ -1,19 +0,0 @@ -fjernudførelse af kommandoer - -

SuSEs sikkerhedsteam har gennemgået kritiske dele af Heimdal-pakken, såsom -kadmind- og kdc-serveren. Ved den lejlighed blev flere potentielle -bufferoverløb og andre fejl blotlagt og rettet. Fjernangribere kan formentlig -få rootadgang på systemer uden rettelserne. Da disse service-programmer -normalt kører på autetifikationsservere, betragtes disse fejl som værende meget -alvorlige.

- -

Disse problemer er rettet i version 0.4e-7.woody.4 i den aktuelle stabile -distribution (woody), i version 0.2l-7.4 i den gamle stabile distribution -(potato) og i version 0.4e-21 i den ustabile distribution (sid).

- -

Vi anbefaler at du omgående opgraderer dine Heimdal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-178.data" -#use wml::debian::translation-check translation="81ccd64b803dba5dae67d98dc92eb0abe181fc2a" diff --git a/danish/security/2002/dsa-179.wml b/danish/security/2002/dsa-179.wml deleted file mode 100644 index aaa65d2138a..00000000000 --- a/danish/security/2002/dsa-179.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Zen-parse har opdaget et bufferoverløb i gv, en program til fremvisning af -PostScript- og PDF-filer til X11. Den samme kode er i gnome-gv. Problemet -opstår når PostScript-filen scannes og kan udnyttes af en angriber ved at sende -en misdannet PostScript- eller PDF-fil. Angriberen kan få afviklet vilkårlig -kode med offerets rettigheder.

- -

Dette problem er rettet i version 1.1.96-3.1 i den aktuelle stabile -distribution (woody), i version 0.82-2.1 i den gamle stabile distribution -(potato) og i version 1.99.7-9 i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer din gnome-gv-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-179.data" -#use wml::debian::translation-check translation="ed5b6ab36961551ca28eafe9318b487fe5bad84c" diff --git a/danish/security/2002/dsa-180.wml b/danish/security/2002/dsa-180.wml deleted file mode 100644 index 6ac174aaa21..00000000000 --- a/danish/security/2002/dsa-180.wml +++ /dev/null @@ -1,18 +0,0 @@ -informationslækage - -

Thorsten Kukuck har opdaget et problem ypserv-programmet som er en del af -Network Information Services (NIS). Et hukommelseslæk i alle versioner af -ypserv før 2.5 kan fjernudnyttes. Når en ondsindet bruger bad om et -ikke-eksisterende 'map', lækkede serveren dele af et gammelt domænenavn og -'map'-navnet.

- -

Dette problem er rettet i version 3.9-6.1 i den aktuelle stabile -distribution (woody), i version 3.8-2.1 i den gamle stabile distribution -(potato) og i version 3.9-6.2 i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer din nis-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-180.data" -#use wml::debian::translation-check translation="bdc65ad5e58e52e7274b510f163648562efbe0ee" diff --git a/danish/security/2002/dsa-181.wml b/danish/security/2002/dsa-181.wml deleted file mode 100644 index f45f91ee36e..00000000000 --- a/danish/security/2002/dsa-181.wml +++ /dev/null @@ -1,30 +0,0 @@ -"cross site"-udførelse af script - -

Joe Orton har opdaget et problem med "cross site"-udførelse af scripts i -mod_ssl, et Apache-modul som føjer stærk kryptografering (dvs. -HTTPS-understøttelse) til webserveren. Modulet returnerer servernavnet uden -at det er indkapslet, som svar på HTTP-forespørgsler på en SSL-port.

- -

Som de andre nylige Apache XSS-fejl, påvirker dette kun servere som anvender -en kombination af "UseCanonicalName off" (standard i Debians Apache-pakke) og -wildcard-DNS. Det er dog ikke sandsynligt, at det vil ske. Apache 2.0/mod_ssl -er ikke sårbar, da allerede indkapsler denne HTML-kode.

- -

Med denne indstilling slået til, vil Apache hver gang det er nødt til at -fremstille en selvrefererende URL (en URL som peger tilbage til serveren som -svaret kommer fra), anvende ServerName og Port til at danne et "kanonisk" navn. -Med denne indstilling slået fra, vil Apache anvende den hostname:port som -klienten leverede, når det er muligt. Dette påvirker også SERVER_NAME og -SERVER_PORT i CGI-scripts.

- -

Dette problem er rettet i version 2.8.9-2.1 i den aktuelle stabile -distribution (woody), i version 2.4.10-1.3.9-1potato4 i den gamle stabile -distribution (potato) og i version 2.8.9-2.3 i den ustabile distribution -(sid).

- -

Vi anbefaler at du opgraderer din libapache-mod-ssl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-181.data" -#use wml::debian::translation-check translation="6ab4efd6aef9d515c9ab56323e046eae02181c82" diff --git a/danish/security/2002/dsa-182.wml b/danish/security/2002/dsa-182.wml deleted file mode 100644 index c2bf8796c93..00000000000 --- a/danish/security/2002/dsa-182.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Zen-parse har opdaget et bufferoverløb i gv, en PostScript- og -PDF-fremviser til X11. Den samme kode findes i kghostview som er en del af -pakken KDE-Graphics. Problemet opstår når PostScript-filen scannes og kan -udnyttes af en angriber der sender en misdannet PostScript- eller PDF-fil. -Angriberen kan få afviklet vilkårlig kode med offerets rettigheder.

- -

Dette problem er rettet i version 2.2.2-6.8 i den aktuelle stabile -distribution (woody) og i version 2.2.2-6.9 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da KDE ikke er -indeholdt i den.

- -

Vi anbefaler at du opgraderer din kghostview-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-182.data" -#use wml::debian::translation-check translation="b77a9ed31d1624d5e59b5b4ac87262c7e61d1673" diff --git a/danish/security/2002/dsa-183.wml b/danish/security/2002/dsa-183.wml deleted file mode 100644 index 919d7884a97..00000000000 --- a/danish/security/2002/dsa-183.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Tom Yu og Sam Hartman fra MIT har opdaget et stack-bufferoverløb mere i -funktionen kadm_ser_wrap_in i Kerberos v4-administrationsserveren. Der er -fungerende kode til udnyttelse af kadmind-fejlen i omløb, hvorfor den betragtes -som alvorlig. MIT krb5-implementationen har understøttelse af version 4, -inklusive det komplette v4-bibliotek, serverunderstøttelse af krb4 og -begrænset klientunderstøttelse af v4.

- -

Dette problem er rettet i version 1.2.4-5woody3 af den aktuelle stabile -distribution (woody) og i version 1.2.6-2 af den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder krb5-pakker.

- -

Vi anbefaler at du omgående opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-183.data" -#use wml::debian::translation-check translation="04794a05ea28a8a3a9d99c0e40aa0fa64b8d2eb9" diff --git a/danish/security/2002/dsa-184.wml b/danish/security/2002/dsa-184.wml deleted file mode 100644 index bb2f3c3ef1e..00000000000 --- a/danish/security/2002/dsa-184.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Tom Yu og Sam Hartman fra MIT har opdaget et stack-bufferoverløb mere i -funktionen kadm_ser_wrap_in i Kerberos v4-administrationsserveren. Der er -fungerende kode til udnyttelse af kadmind-fejlen i omløb, hvorfor den betragtes -som alvorlig.

- -

Dette problem er rettet i version 1.1-8-2.2 af den aktuelle stabile -distribution (woody), i version 1.0-2.2 af den gamle stabile distribution -(potato), og i version 1.1-11-8 i den ustabile distribution (sid).

- -

Vi anbefaler at du omgående opgraderer dine krb4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-184.data" -#use wml::debian::translation-check translation="7eb156815524934ebdb41925c21bf627e1e9d219" diff --git a/danish/security/2002/dsa-185.wml b/danish/security/2002/dsa-185.wml deleted file mode 100644 index a511513ee17..00000000000 --- a/danish/security/2002/dsa-185.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - - -

Et stack-bufferoverløb er opdaget i funktionen kadm_ser_wrap_in i Kerberos -v4-administrationsserveren, som desuden følger med Heimdal. Der er allerede -fungerende kode til udnyttelse af kadmind-fejlen i omløb, hvorfor fejlen -betragtes som alvorlig. Det defekte biblioteket indeholder også en sårbarhed -som kan føre til en anden root-udnyttelse.

- -

Disse problemer er rettet i version 0.4e-7.woody.5 i den aktuelle stabile -distribution (woody), i version 0.2l-7.6 i den gamle stabile distribution -(potato) og i version 0.4e-22 i den ustabile distribution (sid).

- -

Vi anbefaler at du omgående opgraderer din heimdal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-185.data" -#use wml::debian::translation-check translation="a15338d260bec7f6eaddec5ddc88d750416cd45c" diff --git a/danish/security/2002/dsa-186.wml b/danish/security/2002/dsa-186.wml deleted file mode 100644 index 47b37d4eef6..00000000000 --- a/danish/security/2002/dsa-186.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Enrico Zini har opdaget et bufferoverløb i log2mail, en dæmon til at holde -øje med logfiler og sende linier der svarer til mønstre via e-mail. -log2mail-dæmonen sættes i gang når systemet startes og kører som root. En -specielt (fjern-)fremstillet logmeddelelse kan få den statiske buffer til at -løbe over, hvilket potentielt kan få log2mail til at udføre vilkårlig kode som -root.

- -

Dette problem er rettet i version 0.2.5.1 i den aktuelle stabile -distribution (woody) og i version 0.2.6-1 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder en log2mail-pakke.

- -

Vi anbefaler at du opgraderer din log2mail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-186.data" -#use wml::debian::translation-check translation="9352ec59e0e9dd762ad3efd8615df22906c02491" diff --git a/danish/security/2002/dsa-187.wml b/danish/security/2002/dsa-187.wml deleted file mode 100644 index 204a203ab73..00000000000 --- a/danish/security/2002/dsa-187.wml +++ /dev/null @@ -1,52 +0,0 @@ -flere sårbarheder - -

Ifølge David Wagner, iDEFENSE og Apache HTTP Server-projektet, er der -fundet flere sårbarheder som kan fjernudnyttes i Apache-pakken, en udbredt -webserver. Disse sårbarheder kan give en angriber mulighed for at sætte et -"denial of service"-angreb mod serveren i gang, eller udføre et "cross site -scripting"-angreb. Projektet "Common Vulnerabilities and Exposures" (CVE) har -fundet frem til følgende sårbarheder:

- -
    - -
  1. CAN-2002-0839: Der er en sårbarhed på platforme som anvender - System V-scoreboards baseret på delt hukommelse. Denne sårbarhed giver en - angriber mulighed for at udføre programmer under Apaches UID for at - udnytte Apaches delt hukommelse-scoreboardformat og signalere til en - vilkårlig anden proces som root, eller forsage et lokalt "denial of - service"-angreb.
    2. - -
  2. CAN-2002-0840: Apache er modtagelig overfor en "cross site - scripting"-sårbarhed i standard 404-siden på en webserver som befinder sig - på et domæne, der tillader wildcard-DNS-opslag.
    3. - -
  3. CAN-2002-0843: Der var nogle mulige overløb i værktøjet ApacheBench (ab) - som kunne udnyttes af en ondsindet server.
    4. - -
  4. CAN-2002-1233: En "race condition" i programmerne htpasswd og htdigest - giver en ondsindet lokal bruger mulighed for at læse eller endda ændre på - indholdet af adgangskodefilen, eller mulighed for let at oprette og - overskrive filer som den bruger, der kører htpasswd- (eller henholdsvis - htdigest-)programmet.
    5. - -
  5. CAN-2001-0131: htpasswd og htdigest i Apache 2.0a9, 1.3.14, og andre - tillader lokale brugere at overskrive vilkårlige filer via et - symlink-angreb. -

    Dette er den samme sårbarhed som CAN-2002-1233, der allerede er rettet i - potato, men senere forsvandt og aldrig blev tilføjet af opstrøm.

    6. - -
  6. Ingen-CAN: Der er fundet flere bufferoverløb i værktøjet ApacheBench, - der kunne udnyttes af en fjernserver som returnerer meget lange - strenge.
    7. -
- -

Disse problemer er rettet i version 1.3.26-0woody3 i den aktuelle stabile -distribution (woody) og i 1.3.9-14.3 i den gamle stabile distribution (potato). -Rettede pakker til den ustabile distribution (sid) forventes snart.

- -

Vi anbefaler at du omgående opgraderer din Apache-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-187.data" -#use wml::debian::translation-check translation="891ef4d5e1068c7947c1642f919f6caef4132d17" diff --git a/danish/security/2002/dsa-188.wml b/danish/security/2002/dsa-188.wml deleted file mode 100644 index 9ddb1f48325..00000000000 --- a/danish/security/2002/dsa-188.wml +++ /dev/null @@ -1,60 +0,0 @@ -flere sårbarheder - -

Ifølge David Wagner, iDEFENSE og Apache HTTP Server-projektet, er der -fundet flere sårbarheder som kan fjernudnyttes i Apache-pakken, en udbredt -webserver. Det meste af koden er delt mellem Apache- og Apache-SSL-pakkerne, -hvorfor de også deles om sårbarhederne. Disse sårbarheder kan give en angriber -mulighed for at sætte et "denial of service"-angreb mod serveren i gang, eller -udføre et "cross site scripting"-angreb, eller stjæle cookies fra andre af -webstedets brugere. Sårbarheder i de medfølgende programmer htdigest, -htpassword og ApacheBench kan udnyttes når de kaldes via CGI. Desuden kan den -usikre oprettelse af midlertidige filer i htdigest og htpassword også udnyttes -lokalt. Projektet "Common Vulnerabilities and Exposures" (CVE) har fundet frem -til følgende sårbarheder:

- -
    - -
  1. CAN-2002-0839: Der er en sårbarhed på platforme som anvender - System V-scoreboards baseret på delt hukommelse. Denne sårbarhed giver en - angriber mulighed for at udføre programmer under Apaches UID for at - udnytte Apaches delt hukommelse-scoreboardformat og signalere til en - vilkårlig anden proces som root, eller forsage et lokalt "denial of - service"-angreb.
    2. - -
  2. CAN-2002-0840: Apache er modtagelig overfor en "cross site - scripting"-sårbarhed i standard 404-siden på en webserver som befinder sig - på et domæne, der tillader wildcard-DNS-opslag.
    3. - -
  3. CAN-2002-0843: Der var nogle mulige overløb i værktøjet ApacheBench (ab) - som kunne udnyttes af en ondsindet server.
    4. - -
  4. CAN-2002-1233: En "race condition" i programmerne htpasswd og htdigest - giver en ondsindet lokal bruger mulighed for at læse eller endda ændre på - indholdet af adgangskodefilen, eller mulighed for let at oprette og - overskrive filer som den bruger, der kører htpasswd- (eller henholdsvis - htdigest-)programmet. (Der følger dog ikke binære filer med - apache-ssl.)
    5. - -
  5. CAN-2001-0131: htpasswd og htdigest i Apache 2.0a9, 1.3.14, og andre - tillader lokale brugere at overskrive vilkårlige filer via et - symlink-angreb. -

    Dette er den samme sårbarhed som CAN-2002-1233, der allerede er rettet i - potato, men senere forsvandt og aldrig blev tilføjet af opstrøm. - (Der følger dog ikke binære filer med apache-ssl.)

    6. - -
  6. Ingen-CAN: Der er fundet flere bufferoverløb i værktøjet ApacheBench, - der kunne udnyttes af en fjernserver som returnerer meget lange - strenge. (Der følger dog ikke en binær fil med apache-ssl.)
    7. -
- -

Disse problemer er rettet i version 1.3.26.1+1.48-0woody3 i den aktuelle -stabile distribution (woody) og i 1.3.9.13-4.2 i den gamle stabile distribution -(potato). Rettede pakker til den ustabile distribution (sid) forventes -snart.

- -

Vi anbefaler at du omgående opgraderer din Apache-SSL-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-188.data" -#use wml::debian::translation-check translation="ba8fdddc9e6cca16be38a6f60d1b61a79f80fc04" diff --git a/danish/security/2002/dsa-189.wml b/danish/security/2002/dsa-189.wml deleted file mode 100644 index 9c65dc1dcef..00000000000 --- a/danish/security/2002/dsa-189.wml +++ /dev/null @@ -1,21 +0,0 @@ -lokal root-udnyttelse - -

iDEFENSE \ -rapporterer om en sårbarhed i LuxMan, et labyrintspil til -GNU/Linux svarende til PacMan-spillet. Udnyttes sårbarheden med succes, kan en -lokal angriber få læse- og skriveadgang til hukommelsen, hvilket fører til en -lokal root-udnyttelse på mange forskellige måder, eksempelvis scanning af filen -efter dele af den primære adgangskodefil og tilpasning af kernehukommelse til -omdirigering af systemkald.

- -

Dette problem er rettet i version 0.41-17.1 i den aktuelle stabile -distribution (woody) og i version 0.41-19 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder en luxman-pakke.

- -

Vi anbefaler at du omgående opgraderer din luxman-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-189.data" -#use wml::debian::translation-check translation="36cf7de56713c5101e60ee8a34e607ebf01286ef" diff --git a/danish/security/2002/dsa-190.wml b/danish/security/2002/dsa-190.wml deleted file mode 100644 index 64364c8a704..00000000000 --- a/danish/security/2002/dsa-190.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Al Viro har fundet i koden til billedbehandling i Window Maker, en populær -windowmanager der ligner NEXTSTEP. Når der blev oprettet et billede, blev der -reserveret en buffer ved at gange billedets bredde med højden, men der blev -ikke kontrolleret for overløb. Dette gjorde det muligt at få bufferen til at -løbe over, hvilket kunne udnyttes ved at anvende specielt fremstillet -billedfiler (for eksempel ved forhåndsvisninger af temaer).

- -

Dette problem er rettet i version 0.80.0-4.1 i den aktuelle stabile -distribution (woody). Pakker til mipsel-arkitekturen er endnu ikke -tilgængelige.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-190.data" -#use wml::debian::translation-check translation="e28c1c1137728c3ac08641d539d939db849183fb" diff --git a/danish/security/2002/dsa-191.wml b/danish/security/2002/dsa-191.wml deleted file mode 100644 index 68a48d63906..00000000000 --- a/danish/security/2002/dsa-191.wml +++ /dev/null @@ -1,31 +0,0 @@ -"cross site"-udførelse af script - -

Flere sårbarheder i forbindelse med "cross site"-udførelse af scripts er -fundet i squirrelmail, en omfattende webmail-pakke skrevet i PHP4. Projektet -"Common Vulnerabilities and Exposures" (CVE) har fundet frem til følgende -sårbarheder:

- -
    -
  1. CAN-2002-1131: Brugeres inddata gennemgås ikke altid, hvorfor det kan være - muligt at udføre vilkårlig kode på klientcomputeren. Dette kan ske efter - at have fulgt en ondsindet URL eller ved at kigge på en ondsindet post i en - adressebog.
    2. - -
  2. CAN-2002-1132: Et andet problem kunne gøre det muligt for en angriber at få - adgang til følsomme oplysninger under visse betingelser. Når er misdannet - parameter føjes til et link, genereres en fejlside som indeholder scriptets - absolutte stinavn. Dog er denne oplysning under alle omstændigheder - tilgængelig via Contents-filen i distributionen.
    3. -
- -

Disse problemer er rettet i version 1.2.6-1.1 i den aktuelle stabile -distribution (woody) og i version 1.2.8-1.1 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder en squirrelmail-pakke.

- -

Vi anbefaler at du opgraderer din squirrelmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-191.data" -#use wml::debian::translation-check translation="01f94cf5aa504f52450ff07a077c65574745571d" diff --git a/danish/security/2002/dsa-192.wml b/danish/security/2002/dsa-192.wml deleted file mode 100644 index 8df6b43a8f2..00000000000 --- a/danish/security/2002/dsa-192.wml +++ /dev/null @@ -1,18 +0,0 @@ -udførelse af vilkårlig kode - -

SuSEs sikkerhedsteam har fundet en sårbarhed i html2ps, et program til -konvertering fra HTML til PostScript, som åbnede filer baseret på -ukontrollerede inddata, på en usikker måde. Problemet kan udnyttes når html2ps -er installeret som et filter i lprng og angriberen tidligere har fået adgang -til lp-kontoen.

- -

Disse problemer er rettet i version 1.0b3-1.1 i den aktuelle stabile -distribution (woody), i version 1.0b1-8.1 i den gamle stabile distribution -(potato) og i version 1.0b3-2 i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer din html2ps-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-192.data" -#use wml::debian::translation-check translation="1936841f002ca29a0bf824712cb9bb1072141914" diff --git a/danish/security/2002/dsa-193.wml b/danish/security/2002/dsa-193.wml deleted file mode 100644 index c820a7561af..00000000000 --- a/danish/security/2002/dsa-193.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

iDEFENSE \ -rapporterer om en sikkerhedssårbarhed i pakken klisa, som stiller en -LAN-oplysningstjeneste svarende til "Andre computere" til rådighed, som er -opdaget af Texonet. Det er muligt for en lokal angriber at udnytte en -bufferoverløbstilstand i resLISa, en begrænset udgave af KLISa. Sårbarheden -findes i fortolkningen af environmentvariablen LOGNAME, hvor en for lang værdi -overskriver instruktionspointeren og dermed giver en angriber mulighed for at -overtage kontrollen over den ekskverbare fil.

- -

Dette problem er rettet i version 2.2.2-14.2 i den aktuelle stabile -distribution (woody) og i version 2.2.2-14.3 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder en kdenetwork-pakke.

- -

Vi anbefaler at du omgående opgraderer din klisa-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-193.data" -#use wml::debian::translation-check translation="36cf7de56713c5101e60ee8a34e607ebf01286ef" diff --git a/danish/security/2002/dsa-194.wml b/danish/security/2002/dsa-194.wml deleted file mode 100644 index dbf0f616525..00000000000 --- a/danish/security/2002/dsa-194.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Et antal bufferoverløb er opdaget i masqmail, et posttransportprogram til -systemer uden permanent Internet-forbindelse. Derudover blev rettighederne -først smidt væk efter at have læst en opsætningsfil leveret af brugeren. -Sammen kunne dette udnyttes til at opnå uautoriseret root-adgang til maskinen -hvor masqmail er installeret.

- -

Disse problemer er rettet i version 0.1.16-2.1 i den aktuelle stabile -distribution (woody) og i version 0.2.15-1 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder masqmail-pakken.

- -

Vi anbefaler at du omgående opgraderer din masqmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-194.data" -#use wml::debian::translation-check translation="2b994564ae88e48cdce659efa21f0d4ba137edf3" diff --git a/danish/security/2002/dsa-195.wml b/danish/security/2002/dsa-195.wml deleted file mode 100644 index 391b5d482cd..00000000000 --- a/danish/security/2002/dsa-195.wml +++ /dev/null @@ -1,59 +0,0 @@ -flere sårbarheder - -

Ifølge David Wagner, iDEFENSE og Apache HTTP Server-projektet, er der -fundet flere sårbarheder i Apache-pakken, en udbredt webserver. Det meste af -koden er delt mellem pakkerne Apache og Apache-Perl, hvorfor sårbarhederne også -er delt. - -

Disse sårbarheder kan give en angriber mulighed for at sætte et -"denial of service"-angreb mod en server i gang, udføre et "cross site -scripting"-angreb, eller stjæle cookies fra andre af webstedets brugere. -Projektet "Common Vulnerabilities and Exposures" (CVE) har fundet frem til -følgende sårbarheder:

- -
    - -
  1. CAN-2002-0839: Der er en sårbarhed på platforme som anvender - System V-scoreboards baseret på delt hukommelse. Denne sårbarhed giver en - angriber mulighed for at udføre programmer under Apaches UID for at - udnytte Apaches delt hukommelse-scoreboardformat og signalere til en - vilkårlig anden proces som root, eller forsage et lokalt "denial of - service"-angreb.
    2. - -
  2. CAN-2002-0840: Apache er modtagelig overfor en "cross site - scripting"-sårbarhed i standard 404-siden på en webserver som befinder sig - på et domæne, der tillader wildcard-DNS-opslag.
    3. - -
  3. CAN-2002-0843: Der var nogle mulige overløb i værktøjet ApacheBench (ab) - som kunne udnyttes af en ondsindet server. Dette binære program - distribueres dog ikke i Apache-Perl-pakken.
    4. - -
  4. CAN-2002-1233: En "race condition" i programmerne htpasswd og htdigest - giver en ondsindet lokal bruger mulighed for at læse eller endda ændre på - indholdet af adgangskodefilen, eller mulighed for let at oprette og - overskrive filer som den bruger, der kører htpasswd- (eller henholdsvis - htdigest-)programmet. Disse binære programmer distribueres dog ikke i - Apache-Perl-pakken.
    5. - -
  5. CAN-2001-0131: htpasswd og htdigest i Apache 2.0a9, 1.3.14, og andre - tillader lokale brugere at overskrive vilkårlige filer via et - symlink-angreb. Disse binære programmer distribueres dog ikke i - Apache-Perl-pakken.
    6. - -
  6. Ingen-CAN: Der er fundet flere bufferoverløb i værktøjet ApacheBench (ab), - der kunne udnyttes af en fjernserver som returnerer meget lange - strenge. Dette binære program distribueres dog ikke i - Apache-Perl-pakken.
    7. -
- -

Disse problemer er rettet i version 1.3.26-1-1.26-0woody2 i den aktuelle -stabile distribution (woody), i version 1.3.9-14.1-1.21.20000309-1.1 i den -gamle stabile distribution (potato) og i version 1.3.26-1.1-1.27-3-1 i den -ustabile distribution (sid).

- -

Vi anbefaler at du omgående opgraderer din Apache-Perl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-195.data" -#use wml::debian::translation-check translation="891ef4d5e1068c7947c1642f919f6caef4132d17" diff --git a/danish/security/2002/dsa-196.wml b/danish/security/2002/dsa-196.wml deleted file mode 100644 index 3b825ec4c46..00000000000 --- a/danish/security/2002/dsa-196.wml +++ /dev/null @@ -1,75 +0,0 @@ -flere sårbarheder - -

-[Bind version 9, bind9-pakken, er ikke påvirket af disse problemer.] -

- -

-ISS X-Force har opdaget flere alvorlige sårbarheder i Berkeley -Internet Name Domain Server (BIND). BIND er den mest udbredte -implementering af DNS-protokollen (Domain Name Service) -og anvendes af de allefleste DNS-servere på Internet. DNS er en livsvigtig -Internet-protokol som stiller en database over lette at huske-domænenavne -(værtsnavne) til rådighed og deres tilsvarende IP-adresser.

- -

Indicier tyder på at Internet Software Consortium -(ISC), som vedligeholder BIND, blev gjort bekendt med disse problemer i midten -af oktober. Distributører af Open Source-styresystemer, blandt andre Debian, -blev via CERT cirka tolv timer før bulletinen blev udsendt den 12. november, -underrettet om disse sårbarheder. Denne meddelelse indeholdt ingen detaljer -som gjorde det muligt for os at finde frem til den sårbare kode, og dermed -havde vi ikke mulighed for at forberede rettelser i tide.

- -

Desværre udsendte ISS og ISC deres sikkerhedsbulletiner, som kun indeholdt -beskrivelser af sårbarhederne, uden rettelser (patches). På trods af at der -ikke var tegn på disse sårbarheder er kendt i miljøet af ondsindede mennesker -og der heller ikke er nogen rapporter om aktive angreb, kunne sådanne angreb i -mellemtiden være blevet sat i gang - ud at der var tilgængelige rettelser.

- -

Vi kan kun beklage det ironisk navngivne Internet Software -Consortiums manglende evne til at samarbejde med Internet-fællesskabet i -håndteringen af dette problem. Forhåbentlig vil fremtidige sikkerhedsproblemer -ikke blive håndteret på sammemåde.

- -

Projektet Common Vulnerabilities and Exposures (CVE) -har fundet frem til følgende sårbarheder:

- -
    -
  1. - CAN-2002-1219: - Et bufferoverløb i BIND 8 version 8.3.3 og tidligere gør det muligt for en - fjernangriber at udføre vilkårlig kode via specifikke DNS-servere som svarer - på SIG-ressourceposter (RR). Dette bufferoverløb kan udnyttes til at få - adgang til offerets maskine med den brugerkonto som named-processen kører - under, normalt root. -
    2. - -
  2. - CAN-2002-1220: - BIND 8 i versionerne 8.3.x til 8.3.3 gør det muligt for en fjernangriber at - forsage en overbelastningsangreb (afslutning på grund af en assertion-fejl) - via en forespørgsel på et underdomæne som ikke eksisterer, med en - OPT-ressourcepost med en stor UPD-nyttelast. -
    3. - -
  3. - CAN-2002-1221: - BIND 8 i versionerne 8.x til 8.3.3 gør det muligt for en fjernangriber at - forsage et overbelastningsangreb (crash) via SIG RR-elementer med ugyldige - udløbstider, som fjernes fra den interne BIND-database og senere forsager en - NULL-reference. -
    4. -
- -

Disse problemer er rettet i version 8.3.3-2.0woody1 i den aktuelle stabile -distribution (woody), i version 8.2.3-0.potato.3 i den gamle stabile -distribution (potato) og i version 8.3.3-3 i den ustabile distribution (sid). -De rettede pakker vil blive overført til arkivet i dag.

- -

Vi anbefaler at du omgående opgraderer din bind-pakke, opgraderer til bind9, -eller skifter til en anden implementering af DNS-serveren.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-196.data" -#use wml::debian::translation-check translation="e12c94c1bd26a24ae67d1359239e6c2d7a6c8f75" diff --git a/danish/security/2002/dsa-197.wml b/danish/security/2002/dsa-197.wml deleted file mode 100644 index 5af42874103..00000000000 --- a/danish/security/2002/dsa-197.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Der er opdaget et problem i Courier sqwebmail-pakken, et CGI-program til -tildeling af autentifikationsadgang til lokale postkasser. Programmet smed -ikke sine rettigheder hurtigt nok under starten, under visse betingelser, så en -lokal bruger kunne udføre den binære fil sqwebmail og læse en vilkårlig fil på -det lokale filsystem.

- -

Dette problem er rettet i version 0.37.3-2.3 i den aktuelle stabile -distribution (woody) og i version 0.40.0-1 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) indeholder ikke Courier sqwebmail-pakker -courier-ssl-pakker er heller ikke påvirket, da stiller en -sqwebmail-pakke til rådighed.

- -

Vi anbefaler at du omgående opgraderer din sqwebmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-197.data" -#use wml::debian::translation-check translation="3d3908a97777c39b4ff6b8457295f222163c479e" diff --git a/danish/security/2002/dsa-198.wml b/danish/security/2002/dsa-198.wml deleted file mode 100644 index c23b3fecacf..00000000000 --- a/danish/security/2002/dsa-198.wml +++ /dev/null @@ -1,22 +0,0 @@ -overbelastningsangreb - -

Der er opdaget et problem i nullmailer, et simpelt read -only-e-mailoverførselsprogram, til værtsmaskiner som videresender e-mails -(relay'er) til et bestemt antal "smart relays". Når en e-mail skal leveres -lokalt til en bruger som ikke eksisterer, prøver nullmailer at levere den, -modtager en "user unknown"-fejl og stopper leveringen. Desværre holder den -helt op med at levere, og altså ikke kun leveringen af den pågældende e-mail. -Derfor er det meget nemt at udføre et overbelastningsangreb ("denial of -service").

- -

Dette problem er rettet i version 1.00RC5-16.1woody2 i den aktuelle stabile -distribution (woody) og i version 1.00RC5-17 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) indeholder ikke en -nullmailer-pakke.

- -

Vi anbefaler at du opgraderer din nullmailer-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-198.data" -#use wml::debian::translation-check translation="e6ed305b85f77db8e8f70bb62eb7c447b5598ab9" diff --git a/danish/security/2002/dsa-199.wml b/danish/security/2002/dsa-199.wml deleted file mode 100644 index 295256627bc..00000000000 --- a/danish/security/2002/dsa-199.wml +++ /dev/null @@ -1,20 +0,0 @@ -"cross site"-udførelse af scripts - -

Steven Christey har opdaget en sårbarhed der gør det muligt at udføre -scripts på andre netsteder i mhonarc, et program til konvertering fra e-mail -til HTML. Omhyggeligt fremstillede headere i en e-mail kunne sætte en udførsel -af scripts på et andet netsted i gang, når mhonarc er opsat til at vise alle -headerlinier på en webside. Dog er det ofte nyttigt at begrænse de viste -linier til To, From og Subject, hvorfor sårbarheden ikke kan udnyttes i disse -tilfælde.

- -

Dette problem er rettet i version 2.5.2-1.2 i den aktuelle stabile -distribution (woody), i version 2.4.4-1.2 i den gamle stabile distribution -(potato) og i version 2.5.13-1 i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer din mhonarc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-199.data" -#use wml::debian::translation-check translation="842068a4370b1af77e0e2138bb9b73b8ff28c4c4" diff --git a/danish/security/2002/dsa-200.wml b/danish/security/2002/dsa-200.wml deleted file mode 100644 index 432f86f7e92..00000000000 --- a/danish/security/2002/dsa-200.wml +++ /dev/null @@ -1,16 +0,0 @@ -fjernudnyttelse - -

Steve Langasek har fundet en fejl i koden til håndtering adgangskoder i -samba, som kan udnyttes: når der konverteres fra en DOS-codepage til little -endian UCS2 unicode, kontrolleredes en bufferlængde ikke og en buffer kunne -løbe over. Der er ingen kendte udnyttelser af dette, men det anbefales -kraftigt at opgradere.

- -

Dette problem er rettet i version 2.2.3a-12 af Debians samba-pakke og -opstrøms 2.2.7.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-200.data" -#use wml::debian::translation-check translation="889dc8a1259b47ea6bdda9a1d8702e98782b2ee5" diff --git a/danish/security/2002/dsa-201.wml b/danish/security/2002/dsa-201.wml deleted file mode 100644 index 49ccfb95471..00000000000 --- a/danish/security/2002/dsa-201.wml +++ /dev/null @@ -1,20 +0,0 @@ -overbelastningsangreb - -

Bindview har -\ -opdaget et problem i flere implementeringer af IPSEC, som ikke -håndterer meget korte pakker på en korrekt måde. IPSEC er en samling af -sikkerhedsudvidelser til IP, som stiller autentificering og kryptering til -rådighed. Free/SWan i Debian er påvirket af dette og siges at kunne forsage -panik i kernen (kernel panic).

- -

Dette problem er rettet i version 1.96-1.4 i den aktuelle stabile -distribution (woody) og i version 1.99-1 i den ustabile distribution (sid). -Den gamle stabile distribution (potato) indeholder ikke Free/SWan-pakker.

- -

Vi anbefaler at du opgraderer din freeswan-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-201.data" -#use wml::debian::translation-check translation="73898fa14fae4862813c59ba871518a356e84039" diff --git a/danish/security/2002/dsa-202.wml b/danish/security/2002/dsa-202.wml deleted file mode 100644 index 0f7f05d4168..00000000000 --- a/danish/security/2002/dsa-202.wml +++ /dev/null @@ -1,27 +0,0 @@ -usikre midlertidige filer - -

Tatsuya Kinoshita har opdaget at IM, der indeholder interfacekommandoer og -Perl-biblioteker til e-mail og Usenet-nyhedsgrupper, opretter midlertidige -filer på en usikker måde.

- -
    -
  • Programmet impwagent opretter en midlertidig mappe på en usikker måde i - /tmp, ved at anvende et forudsigeligt mappenavn, unden at kontrollere - mkdirs returkode, hvorfor det er muligt at overtage rettighederne til den - midlertidige mappe ved lokal adgang som en anden bruger.
    • - -
  • Programmet immknmz opretter en midlertidig fil på en usikker måde i /tmp, - ved at anvende et forudsigeligt filnavn, så en angriber med lokal adgang - nemt kan oprette og overskrive filer som en anden bruger.
    • -
- -

Disse problemer er rettet i version 141-18.1 i den aktuelle stabile -distribution (woody), i version 133-2.2 i den gamle stabile distribution -(potato) og i version 141-20 i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer din IM-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-202.data" -#use wml::debian::translation-check translation="bfe0f70f38a6a393244a7c7f24482dff616eb5ec" diff --git a/danish/security/2002/dsa-203.wml b/danish/security/2002/dsa-203.wml deleted file mode 100644 index 18f48e57e69..00000000000 --- a/danish/security/2002/dsa-203.wml +++ /dev/null @@ -1,17 +0,0 @@ -vilkårlig kommandoudførelse - -

Robert Luberda har fundet et sikkerhedsproblem i smb2www, en -Windows-netværksklient som er tilgængelig gennem en webbrowser. Dette kunne -føre til at en fjernangriber kunne udføre vilkårlige programmer under -brugerid'en www-data på den værtsmaskine hvor smb2www kører.

- -

Dette problem er rettet i version 980804-16.1 i den aktuelle stabile -distribution (woody), i version 980804-8.1 i den gamle stabile distribution -(potato) og i version 980804-17 i den ustabile distribution (sid).

- -

Vi anbefaler at du omgående opgraderer din smb2www-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-203.data" -#use wml::debian::translation-check translation="39e4bee06fdab8b723c7e77db178c08e7b4f74b8" diff --git a/danish/security/2002/dsa-204.wml b/danish/security/2002/dsa-204.wml deleted file mode 100644 index f770337baea..00000000000 --- a/danish/security/2002/dsa-204.wml +++ /dev/null @@ -1,21 +0,0 @@ -vilkårlig programudførelse - -

KDE-teamet har \ -opdaget en sårbarhed i understøttelsen af forskellige netværksprotokoller -via KIO'en. Implementeringerne af rlogin- og telnet-protokollerne tillader at -en omhyggeligt fremstillet URL på en HTML-side, en HTML-e-mail eller andre -programmer som anvender KIO at udføre vilkårlige kommandoer under offerets -konto på den sårbare maskine.

- -

Dette problem er rettet ved at slå rlogin og telnet fra i version -2.2.2-13.woody.5 i den aktuelle stabile distribution (woody). Den gamle -stabile distribution (potato) er ikke påvirket, da den ikke indeholder KDE. -En rettelse til pakken i den ustabile distribution (sid) er endnu ikke -tilgængelig.

- -

Vi anbefaler at du omgående opgraderer din kdelibs3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-204.data" -#use wml::debian::translation-check translation="c64c044c914c257b90ff19ddc3ae3d9e1204b72d" diff --git a/danish/security/2002/dsa-205.wml b/danish/security/2002/dsa-205.wml deleted file mode 100644 index f9db6e4c209..00000000000 --- a/danish/security/2002/dsa-205.wml +++ /dev/null @@ -1,13 +0,0 @@ -bufferoverløb - -

Steve Kemp og James Antill har fundet flere bufferoverløb i pakken gtetrinet -(et tetris-lignende spil til flere spillere) som udsendes med Debian GNU/Linux -3.0, der kan udnyttes af en ondsindet server.

- -

Dette er rettet i opstrøms version 0.4.4 og version 0.4.1-9woody1.1 af -Debians pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-205.data" -#use wml::debian::translation-check translation="2261cd325d9f26ff6d8b3bf65e48ac8493b73716" diff --git a/danish/security/2002/dsa-206.wml b/danish/security/2002/dsa-206.wml deleted file mode 100644 index 6a8cac3e2c6..00000000000 --- a/danish/security/2002/dsa-206.wml +++ /dev/null @@ -1,13 +0,0 @@ -overbelastningsangreb - -

BGP-dekodningsrutinen i tcpdump brugte forkerte grænsekontroller ved -kopiering af data. Dette kunne udnyttes ved at introducere ondsindet trafik -på et "sniffet" netværk, resulterende i et overbelastningsangreb ("denial of -service") mod tcpdump, eller måske endda fjern udførelse af kode.

- -

Dette er rettet i version 3.6.2-2.2.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-206.data" -#use wml::debian::translation-check translation="2261cd325d9f26ff6d8b3bf65e48ac8493b73716" diff --git a/danish/security/2002/dsa-207.wml b/danish/security/2002/dsa-207.wml deleted file mode 100644 index fc1ee510cc2..00000000000 --- a/danish/security/2002/dsa-207.wml +++ /dev/null @@ -1,24 +0,0 @@ -vilkårlig kommandoudførelse - -

SuSE's sikkerhedsteam har opdaget en sårbarhed i biblioteket kpathsea -(libkpathsea) som anvendes af xdvi og dvips. Begge programmer kalder -system() på en usikker måde, hvilket tillader en angriber at udføre vilkårlige -kommandoer via behændigt udformede DVI-filer.

- -

Hvis dvips anvendes i et udskriftsfilter, tillader det en lokal eller -fjernangriber med udskriftsrettigheder, at udføre vilkårlig kode som brugeren -printer (normalt lp).

- -

Dette problem er rettet i version 1.0.7+20011202-7.1 i den aktuelle stabile -distribution (woody), i version 1.0.6-7.3 i den gamle stabile distribution -(potato) og i version 1.0.7+20021025-4 i den ustabile distribution (sid). -xdvik-ja og dvipsk-ja er ligeledes sårbare, men linker dynamisk til -kpathsea-biblioteket og vil derfor automatisk blive rettet når en ny -libkpathsea er blevet installeret.

- -

Vi anbefaler at du omgående opgraderer din tetex-lib-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-207.data" -#use wml::debian::translation-check translation="eb6faa110429df9789911b30a778266b4e096da4" diff --git a/danish/security/2002/dsa-208.wml b/danish/security/2002/dsa-208.wml deleted file mode 100644 index f968d58e64c..00000000000 --- a/danish/security/2002/dsa-208.wml +++ /dev/null @@ -1,22 +0,0 @@ -ødelagt sikkerhedsaflukke - -

Et sikkerhedshul er blevet opdaget i Safe.pm som anvendes i alle versioner -af Perl. Udvidelsesmodulet Safe tillader oprettelsen af sikre aflukker hvori -perlkode kan evalueres i et nyt navnerum ("namespace") og koden som evalueres -i aflukket kan ikke referere til variabler udenfor navnerummet. Men når et -aflukke i Safe allerede har været i brug, er der ingen garanti for at det -stadig er sikkert, fordi der er en måde hvorved kode der afvikles indenfor et -aflukke i Safe, kan ændre sit handlingsmønster. Dermed er programmer som kun -bruger aflukker i Safe en gang ikke påvirket af denne fejl.

- -

Dette problem er rettet i version 5.6.1-8.2 i den aktuelle stabile -distribution (woody), i version 5.004.05-6.2 og 5.005.03-7.2 i den gamle -stabile distribution (potato) og i version 5.8.0-14 i den ustabile distribution -(sid).

- -

Vi anbefaler at du opgraderer dine Perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-208.data" -#use wml::debian::translation-check translation="e6dec969579c178a1db9c74c8de45ecb2196bbd2" diff --git a/danish/security/2002/dsa-209.wml b/danish/security/2002/dsa-209.wml deleted file mode 100644 index dba70ba28f0..00000000000 --- a/danish/security/2002/dsa-209.wml +++ /dev/null @@ -1,23 +0,0 @@ -mappegennemløb - -

Der er fundet to problemer i pakken wget som distribueres med Debian -GNU/Linux:

- -
    -
  • Stefano Zacchiroli har fundet et bufferoverløb i funktionen url_filename, - der kunne få wget til at gå ned med en segfault ved meget lange - URL'er.
    • - -
  • Steven M. Christey har opdaget at wget ikke kontrollerede FTP-serversvar - på en NLST-kommando: den må ikke indeholder mappeoplysninger, da disse - kan bruges til at få en FTP-klient til at overskrive vilkårlige - filer.
    • -
- -

Begge problems er rettet i version 1.5.3-3.1 i Debian GNU/Linux 2.2/potato -og version 1.8.1-6.1 i Debian GNU/Linux 3.0/woody.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-209.data" -#use wml::debian::translation-check translation="1936841f002ca29a0bf824712cb9bb1072141914" diff --git a/danish/security/2002/dsa-210.wml b/danish/security/2002/dsa-210.wml deleted file mode 100644 index 7cce9840fdd..00000000000 --- a/danish/security/2002/dsa-210.wml +++ /dev/null @@ -1,16 +0,0 @@ -CRLF-indsættelse - -

lynx (en tekst-webbrowser) kontrollerede ikke alle steder korrekt for -ulovlige tegn, blandt andre ved behandlingen af kommandolinieindstillinger, -hvilket kunne bruges til at indsætte ekstra HTTP-headere i en forespørgsel.

- -

I Debian GNU/Linux 2.2/potato er dette rettet i version 2.8.3-1.1 af -lynx-pakken og version 2.8.3.1-1.1 af lynx-ssl-pakken.

- -

I Debian GNU/Linux 3.0/woody er dette rettet i version 2.8.4.1b-3.2 af -lynx-pakken og version 1:2.8.4.1b-3.1 af lynx-ssl-pakken.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-210.data" -#use wml::debian::translation-check translation="08895f3ef12ef09e6ba458efde39aed3f81eff44" diff --git a/danish/security/2002/dsa-211.wml b/danish/security/2002/dsa-211.wml deleted file mode 100644 index 7dc56a8fee6..00000000000 --- a/danish/security/2002/dsa-211.wml +++ /dev/null @@ -1,21 +0,0 @@ -overbelastningsangreb - -

Rüdiger Kuhlmann, opstrømsudvikler af mICQ, en tekstbaseret ICQ-klient, har -opdaget et problem i mICQ. Modtagelse af visse ICQ-meddelelsestyper som ikke -indeholder den krævede 0xFE-separator får alle versioner til at gå ned.

- -

I den aktuelle stabile distribution (woody) er dette problem rettet i -version 0.4.9-0woody3.

- -

I den gamle stabile distribution (potato) er dette problem rettet i -version 0.4.3-4.1.

- -

I den aktuelle ustabile distribution (sid) er dette problem rettet i -version 0.4.9.4-1.

- -

Vi anbefaler at du opgraderer din micq-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-211.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" diff --git a/danish/security/2002/dsa-212.wml b/danish/security/2002/dsa-212.wml deleted file mode 100644 index aa1c8ed1ff8..00000000000 --- a/danish/security/2002/dsa-212.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere problemer - -

Ved en gennemgang af MySQL fandt e-matters flere problemer:

- -
-
fortegnsproblem i COM_TABLE_DUMP
-
To størrelser blev betragtet som heltalsværdier med fortegn fra en - forespørgsel og dernæst typekonverteret til et heltal uden fortegn, uden at - kontrollere for negative tal. Da det resulterende tal blev brugt i en - memcpy()-handling, kunne det føre til ødelæggelse af hukommelsen.
- -
Håndtering af adgangskodelængde i COM_CHANGE_USER
-
Ved genautentifikation til en anden bruger, udførte MySQL ikke alle - kontroller som udføres ved den indledende autentifikation. Dette medførte to - problemer: -
    -
  • det var muligt ved hjælp af "brute force"-metoden, et tegn ad gangen at - finde frem til adgangskoden (det rettede vi ved den indledende login i - februar 2000), hvilket kunne anvendes af en normal bruger til at opnå - root-rettigheder til databasen
    • -
  • det var muligt at få adgangskodebufferen til at løbe over og tvinge - serveren til at udføre vilkårlig kode.
    • -
- -
read_rows()-overløb i libmysqlclient
-
Ved behandling af rækker returneret af en SQL-server, var der ingen kontrol - af unormalt store rækker eller afsluttende NUL-tegn. Dette kunne anvendes til - at udnytte SQL-klienter, hvis de forbandt sig til udnyttede - MySQL-server.
- -
read_one_row()-overløb i libmysqlclient
-
Ved behandling af en række returneret af en SQL-server, blev de returnerede - feltstørrelser ikke kontrolleret. Dette kunne anvendes til at udnytte - SQL-klienter, hvis de forbandt sig til den udnyttede MySQL-server.
-
- -

I Debian GNU/Linux 3.0/woody er dette rettet i version 3.23.49-8.2 og -version 3.22.32-6.3 i Debian GNU/Linux 2.2/potato.

- -

Vi anbefaler at du opgraderer dine mysql-pakker så hurtigt som muligt.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-212.data" -#use wml::debian::translation-check translation="e2c1d2853ce3c1c7b0ca04f878788e32498bfaf3" diff --git a/danish/security/2002/dsa-213.wml b/danish/security/2002/dsa-213.wml deleted file mode 100644 index cecc9c3123e..00000000000 --- a/danish/security/2002/dsa-213.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

Glenn Randers-Pehrson har opdaget et problem med 16-bitsprøver fra libpng, -en snitflade til læsning og skrivning af filer i PNG-formatet (Portable Network -Graphics). Begyndelsesoffsettene til løkkerne beregnes forkert, hvilket får en -buffer til at løbe ud over begyndelsen af rækkebufferen.

- -

I den aktuelle stabile distribution (woody) er dette problem rettet i -version 1.0.12-3.woody.3 af libpng og i version 1.2.1-1.1.woody.3 af -libpng3.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -1.0.5-1.1 af libpng. Der er ingen andre libpng-pakker.

- -

I den unstabile distribution (sid) er dette problem rettet i version -1.0.12-7 af libpng og i version 1.2.5-8 af libpng3.

- -

Vi anbefaler at du opgraderer dine libpng-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-213.data" -#use wml::debian::translation-check translation="43ab067ed67ae3fdbc2cbb42f9e56c151d9f6f3d" diff --git a/danish/security/2002/dsa-214.wml b/danish/security/2002/dsa-214.wml deleted file mode 100644 index ac8af76dffa..00000000000 --- a/danish/security/2002/dsa-214.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Olaf Kirch fra SuSE Linux AG har opdaget en sårbarhed mere i pakken klisa, -som er en LAN-oplysningstjeneste svarende til "Andre computere". Lisa-dæmonen -indeholder en bufferoverløbssårbarhed som potentielt giver enhver lokal bruger, -såvel som enhver fjernangriber på netværket, som har mulighed for at opnå -kontrol over LISa-porten (7741 som standard), at få root-rettigheder. Desuden -kan en fjernangriber potentielt opnå adgang til et offers konto ved at benytte -en "rlan://"-adresse på en HTML-side eller via et andet KDE-program.

- -

Dette problem er rettet i version 2.2.2-14.5 i den aktuelle stabile -distribution (woody) og i version 2.2.2-14.20 i den ustabile distribution -(sid). Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder en kdenetwork-pakke.

- -

Vi anbefaler at du omgående opgraderer din klisa-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-214.data" -#use wml::debian::translation-check translation="c057cc79f884fb42b2be8070f5e868d5e17d8eeb" diff --git a/danish/security/2002/dsa-215.wml b/danish/security/2002/dsa-215.wml deleted file mode 100644 index e1c01d5d277..00000000000 --- a/danish/security/2002/dsa-215.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Timo Sirainen har opdaget et bufferoverløb i Cyrus IMAP-serveren, som kunne -udnyttes af en fjernangriber før login. En ondsindet bruger kunne fremstille -en forespørgsel til udførelse af kommandoer på serveren, under UID'en og GID'en -hørende til cyrus-serveren.

- -

I den aktuelle stabile distribution (woody) er dette problem rettet i -version 1.5.19-9.1.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -1.5.19-2.2.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.5.19-9.10. Pt. er cyrus21-imapd-pakkerne er ikke sårbare.

- -

Vi anbefaler at du opgraderer din cyrus-imapd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-215.data" -#use wml::debian::translation-check translation="f1ec4f64a065e50009b31fe90c8a954bef502d54" diff --git a/danish/security/2002/dsa-216.wml b/danish/security/2002/dsa-216.wml deleted file mode 100644 index b31bc876ea9..00000000000 --- a/danish/security/2002/dsa-216.wml +++ /dev/null @@ -1,26 +0,0 @@ -bufferoverløb - -

Stefan Esser fra e-matters har opdaget et bufferoverløb i fetchmail, et -indsamlings-/videredesendelseprogram til e-mail, med mulighed for SSL og -understøttelse af POP3, APOP og IMAP. Når fetchmail henter en e-mail, -gennemsøges alle headerlinier for lokale adresser. Hvis et værtsnavn -(hostname) mangler, tilføjer fetchmail det, men reserverer ikke plads nok til -det. Dette stakoverløb kan anvendes af fjernangribere til at få programmet til -at gå ned, eller til at udføre vilkårlig kode med rettighederne tilhørende den -bruger, som anvender fetchmail.

- -

I den aktuelle stabile distribution (woody) er dette problem rettet i -version 5.9.11-6.2 af fetchmail og fetchmail-ssl.

- -

I den gamle stabile distribution (potato) er dette problem rettet version -5.3.3-4.3.

- -

I den ustabile distribution (sid) er dette problem rettet i version 6.2.0-1 -af fetchmail og fetchmail-ssl.

- -

Vi anbefaler at du opgraderer dine fetchmail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-216.data" -#use wml::debian::translation-check translation="d38b6c8f3f51be5865ceb7a47dc24ce2e40d424d" diff --git a/danish/security/2002/dsa-217.wml b/danish/security/2002/dsa-217.wml deleted file mode 100644 index 86f3704d52a..00000000000 --- a/danish/security/2002/dsa-217.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Der er opdaget et problem i typespeed, et spil som giver dig mulighed for at -måle din skrivehastighed. Ved at få en buffer til at løbe over, kunne en lokal -angriber udføre vilkårlige kommandoer under gruppeid'en games.

- -

I den aktuelle stabile distribution (woody) er dette problem rettet i -version 0.4.1-2.1.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -0.4.0-5.1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.4.2-2.

- -

Vi anbefaler at du opgraderer din typespeed-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-217.data" -#use wml::debian::translation-check translation="c38b7354e2e3985b5e78c05461ebfa2977adbc22" diff --git a/danish/security/2002/dsa-218.wml b/danish/security/2002/dsa-218.wml deleted file mode 100644 index 7b0d58b5fbe..00000000000 --- a/danish/security/2002/dsa-218.wml +++ /dev/null @@ -1,29 +0,0 @@ -udførelse af scripts på tværs af websteder - -

En sårbarhed i forbindelse med udførelse af scripts på tværs af websteder er -rapporteret i Bugzilla, et webbaseret fejlrapporteringssystem. Bugzilla -kontrollerer ikke korrekt for gyldigheden af data som indsendes af brugerne til -anvendelse i quips. Som følge deraf, er det muligt for en fjernangriber at -fremstille et ondsindet link indeholdende scriptkode, som udføres i en legitim -brugers browser, indenfor det websted som anvender Bugzilla. Dette problem kan -udnyttes til at stjæle cookie-baseret autentifikationsoplysninger fra legitime -brugere af det websted som anvender det sårbare program.

- -

Denne sårbarhed påvirker kun brugere som har slået funktionen "quips" til og -som har opgraderet fra version 2.10, som ikke findes i Debian. Debians -Bugzilla-pakkehistorie begynder med version 1.13 og hopper til 2.13. Dog kan -brugere have installeret version 2.10 før der kom en Debian-pakke.

- -

I den aktuelle stabile distribution (woody) er dette problem rettet i -version 2.14.2-0woody3.

- -

Den gamle distribution (potato) indeholder ikke en Bugzilla-pakke.

- -

Problemet vil snart blive rettet i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer din bugzilla-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-218.data" -#use wml::debian::translation-check translation="bac0e67f421554edea5609a46fb7d115efbe5707" diff --git a/danish/security/2002/dsa-219.wml b/danish/security/2002/dsa-219.wml deleted file mode 100644 index c19dab37f7e..00000000000 --- a/danish/security/2002/dsa-219.wml +++ /dev/null @@ -1,20 +0,0 @@ -fjernudførelse af kommandoer - -

Simon Kelly har opdaget en sårbarhed i dhcpcd, en DHCP-klientdæmon som lever -op til RFC2131 og RFC1541, der kører med root-rettigheder på klientmaskiner. -En ondsindet administrator på den regulære server eller en DHCP-server man ikke -har tillid til, kan udføre alle kommandoer med root-rettigheder på -DHCP-klientmaskinen, ved at sende kommandoen indkapslet i shell-metategn i en af -indstillingerne som stilles til rådighed af DHCP-serveren.

- -

Dette problem er rettet i version 1.3.17pl2-8.1 i den gamle stabile -distribution (potato) og i version 1.3.22pl2-2 i distributionerne testing -(sarge) og unstable (sid). Den aktuelle stabile distribution (woody) -indeholder ikke en dhcpcd-pakke.

- -

Vi anbefaler at du opgraderer din dhcpcd-pakke (på klientmaskinen).

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2002/dsa-219.data" -#use wml::debian::translation-check translation="76a324c61bb4667b0a06505f93e9e3afd3da53d2" diff --git a/danish/security/2002/index.wml b/danish/security/2002/index.wml deleted file mode 100644 index 6c085b58c47..00000000000 --- a/danish/security/2002/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2002 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2002', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores -\ -debian-security-announce-postliste. -Du kan også -\ -kigge i listens arkiv. diff --git a/danish/security/2003/Makefile b/danish/security/2003/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2003/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2003/dsa-220.wml b/danish/security/2003/dsa-220.wml deleted file mode 100644 index bb4d3ff3ba3..00000000000 --- a/danish/security/2003/dsa-220.wml +++ /dev/null @@ -1,21 +0,0 @@ -udførelse af scripts på tværs af websteder - -

Sårbarhed i forbindelse med udførelse af scripts på tværs af websteder er -blevet opdaget i squirrelmail, en omfattende webmail-pakke skrevet i PHP4. -Squirrelmail kontroller ikke alle steder for gyldigheden af brugerleverede -variabler, hvilket gør den sårbar for et udførelse af scripts på tværs af -websteder-angreb.

- -

I den aktuelle stabile distribution (woody) er dette problem rettet i -version 1.2.6-1.3. Den gamle stabile distribution (potato) er ikke påvirket, -da den ikke indeholder en squirrelmail-pakke.

- -

En opdateret pakke til den unstabile distribution (sid) forventes snart -at blive klar.

- -

Vi anbefaler at du opgraderer din squirrelmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-220.data" -#use wml::debian::translation-check translation="25d9591f4c70fb794d64922eef3b8940449d2009" diff --git a/danish/security/2003/dsa-221.wml b/danish/security/2003/dsa-221.wml deleted file mode 100644 index 76d720da887..00000000000 --- a/danish/security/2003/dsa-221.wml +++ /dev/null @@ -1,22 +0,0 @@ -udførelse af scripts på tværs af websteder - -

Earl Hood, forfatter af mhonarc, et e-mail til HTML konverteringsprogram, -har opdaget en sårbarhed i forbindelse med udførelse af scripts på tværs af -websteder i denne pakke. En specielt fremstillet HTML-e-mail kan få fremmed -script-indhold med i arkivet og dermed omgå MHonArcs HTML-scriptfiltrering.

- -

I den aktuelle stabile distribution (woody) er dette problem rettet i -version 2.5.2-1.3.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -2.4.4-1.3.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.5.14-1.

- -

Vi anbefaler at du opgraderer din mhonarc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-221.data" -#use wml::debian::translation-check translation="86e0bec820f9d99dc7fe20330f8b868c82943d9c" diff --git a/danish/security/2003/dsa-222.wml b/danish/security/2003/dsa-222.wml deleted file mode 100644 index 160896019a5..00000000000 --- a/danish/security/2003/dsa-222.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

iDEFENSE har \ -opdaget et heltalsoverløb i pdftops-filteret fra xpdf-pakken, som kan -udnyttes til at få offerets rettigheder. Dette kan medføre uautoriseret -adgang til "lp"-brugeren hvis pdftops-programmet er en del af -udskriftsfilteret.

- -

I den akutelle stabile distribution (woody) er dette problem rettet i -version 1.00-3.1.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -0.90-8.1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.01-2.

- -

Vi anbefaler at du opgraderer din xpdf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-222.data" -#use wml::debian::translation-check translation="237e6a273f7a4e5f3e218682d6dfed03e5c6fe8f" diff --git a/danish/security/2003/dsa-223.wml b/danish/security/2003/dsa-223.wml deleted file mode 100644 index 92e4bd5b688..00000000000 --- a/danish/security/2003/dsa-223.wml +++ /dev/null @@ -1,22 +0,0 @@ -informationsafsløring - -

Et sikkerhedsproblem er opdaget af Daniel de Rauglaudre, opstrømsforfatter -af geneweb, et slægtsforskningsprogram med webgrænseflade. Som standard kører -det som dæmon på port 2317. Stier kontrolleres ikke korrekt, hvorfor en -omhyggeligt fremstillet URL fører til, at geneweb læser og viser vilkårlige -filer på det system, programmet kører på.

- -

I den aktuelle stabile distribution (woody) er dette problem rettet i -version 4.06-2.

- -

Den gamle stabile distribution (potato) er ikke påvirket.

- -

I den ustabile distribution (sid) er dette problem rettet i version -4.09-1.

- -

Vi anbefaler at du opgraderer din geneweb-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-223.data" -#use wml::debian::translation-check translation="1eecc5cc1832ee0777f3a53edb8aba1c32232328" diff --git a/danish/security/2003/dsa-224.wml b/danish/security/2003/dsa-224.wml deleted file mode 100644 index ceda514308d..00000000000 --- a/danish/security/2003/dsa-224.wml +++ /dev/null @@ -1,31 +0,0 @@ -bufferoverløb med mere - -

Flere sårbarheder er blevet opdaget i canna, et japansk inddatasystem. -Projektet Common Vulnerabilities and Exposures (CVE) har fundet frem til at -følgende sårbarheder:

- -
    -
  • CAN-2002-1158 (BugTraq Id 6351): "hsj" fra Shadow Penguin Security opdagede - en stakoverløbssårbarhed i canna-serverens irw_through-funktion.
    • - -
  • CAN-2002-1159 (BugTraq Id 6354): Shinra Aida fra Canna-projektet har - opdaget, at canna ikke kontrollerer forespørgsler korrekt, hvilket giver - fjernangribere mulighed for at starte et overbelastningsangreb eller en - informationslækage.
    • -
- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 3.5b2-46.2.

- -

I den gamle stabile distribution (potato) er disse problemer rettet i -version 3.5b2-25.2.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -3.6p1-1.

- -

Vi anbefaler at du opgraderer dine canna-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-224.data" -#use wml::debian::translation-check translation="2a691b5541b0f6d9fdd80cc8bb3ab3803aff66a2" diff --git a/danish/security/2003/dsa-225.wml b/danish/security/2003/dsa-225.wml deleted file mode 100644 index 2279dc3b85d..00000000000 --- a/danish/security/2003/dsa-225.wml +++ /dev/null @@ -1,26 +0,0 @@ -kildekodeafsløring - -

Eksistensen af en sikkerhedssårbarhed er blevet bekræftet i Apache Tomcat -4.0.x-udgaven, som gør det muligt at anvende en specielt fremstillet URL til at -returnere den ubehandlede kildekode fra en JSP-side, eller under specielle -omstændigheder, en statisk ressource som ellers ville have været beskyttet af -en sikkerhedsbegrænsning, uden det er nødvendigt at blive autentificeret. -Dette er baseret på en variation af udnyttelsen som blev identificeret som -\ -CAN-2002-1148.

- -

I den aktuelle stabile distribution (woody) er dette problem rettet i -version 4.0.3-3woody2.

- -

Den gamle stabile distribution (potato) indeholder ikke tomcat-pakker.

- -

Problemet er ikke til stede i den ustabile distributions (sid) aktuelle -version 4.1.16-1 af pakken.

- -

Vi anbefaler at du opgraderer dine tomcat-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-225.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" diff --git a/danish/security/2003/dsa-226.wml b/danish/security/2003/dsa-226.wml deleted file mode 100644 index 7995e5ef0c1..00000000000 --- a/danish/security/2003/dsa-226.wml +++ /dev/null @@ -1,22 +0,0 @@ -heltalsoverløb - -

iDEFENSE har opdaget et heltalsoverløb i pdftops-filteret i pakkerne xpdf og -xpdf-i, som kan udnyttes til at opnå offeret brugerrettigheder. Dette kan føre -til opnåelse af uautoriseret adgang til brugeren "lp", hvis pdftops-programmet -er en del af udskriftsfilteret.

- -

I den aktuelle stabile distribution (woody) er xpdf-i kun en "dummy"-pakke -og problemet er allerede rettet i xpdf.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -0.90-8.1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.01-2.

- -

Vi anbefaler at du opgraderer din xpdf-i-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-226.data" -#use wml::debian::translation-check translation="237e6a273f7a4e5f3e218682d6dfed03e5c6fe8f" diff --git a/danish/security/2003/dsa-227.wml b/danish/security/2003/dsa-227.wml deleted file mode 100644 index 4884499d1d5..00000000000 --- a/danish/security/2003/dsa-227.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb og andre fejl - -

SuSE Security Team har gennemgået kritiske dele i openldap2, en -implementering af Lightweight Directory Access Protocol (LDAP) version 2 og 3, -og har fundet flere bufferoverløb og andre fejl, som fjernangribere kunne -udnytte til at opnå adgang til systemer som anvender de sårbare LDAP-servere. -Foruden disse fejl er der rettet flere fejl i OpenLDAP2-bibliotekerne, som -kunne udnyttes lokalt.

- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 2.0.23-6.3.

- -

Den gamle stabile distribution (potato) indeholder ikke -OpenLDAP2-pakker.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -2.0.27-3.

- -

Vi anbefaler at du opgraderer dine openldap2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-227.data" -#use wml::debian::translation-check translation="e1f5f617f456b2c966c15caab145cdbaa45f7178" diff --git a/danish/security/2003/dsa-228.wml b/danish/security/2003/dsa-228.wml deleted file mode 100644 index 3a210e71b08..00000000000 --- a/danish/security/2003/dsa-228.wml +++ /dev/null @@ -1,32 +0,0 @@ -bufferoverløb og hukommelseslækage - -

Ilia Alshanetsky har opdaget flere bufferoverløb i libmcrypt, et bibliotek -til dekryptering og kryptering, som stammer fra ukorrekt eller manglende -validering af inddata. Ved at sende inddata som er længere end forventet til -et antal funktioner (flere funktioner er påvirkede), kan brugeren med held -få libmcrypt til at gå ned og kan indsætte vilkårlig, ondsindet kode der vil -blive udført under den bruger, libmcrypt kører som, for eksempel som en -webserver.

- -

Der er en anden sårbarhed i den måde libmcrypt henter algoritmer via -libtool. Når forskellige algoritmer hentes dynamisk, vil en lille smule af -hukommelsen blive lækket hver gang en algoritme hentes. I et blivende miljø -(webserver), kan dette føre til et hukommelsesudmattelsesangreb, som vil -udnytte al tilgængelige hukommelse ved at sende gentagne forespørgsler til et -program der anvender mcrypt-biblioteket.

- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 2.5.0-1woody1.

- -

Den gamle stabile distribution (potato) indeholder ikke -libmcrypt-pakker.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -2.5.5-1.

- -

Vi anbefaler at du opgraderer dine libmcrypt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-228.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-229.wml b/danish/security/2003/dsa-229.wml deleted file mode 100644 index 04669c34980..00000000000 --- a/danish/security/2003/dsa-229.wml +++ /dev/null @@ -1,37 +0,0 @@ -SQL-indsprøjtning - -

Jouko Pynnonen har opdaget et problem med IMP, et webbaseret -IMAP-postprogram. Ved hjælp af omhyggeligt fremstillede URL'er, kan en -fjernangriber indsprøjte SQL-kode ind i SQL-forspørgsler uden korrekt -brugerautentifikation. Selvom resultaterne af SQL-forespørgslerne ikke -er direkte læsbare på skærmen, kan en angriber opdateres sin e-mail-signatur -til at indeholde de ønskede forespørgselsresultater, og dernæst se dem på -sin indstillingsside i IMP.

- -

Omfanget af SQL-indsprøjtningen er kraftigt afhængig af den underliggende -database og dens opsætning. Hvis PostgreSQL anvendes, er det muligt at udføre -flere komplette SQL-forespørgsler adskilt af semikoloner. Databasen indeholder -session-id'er, så angriberen kan kapre sessioner tilhørende folk der logget på -for at læse deres post. I værste fald, hvis hordemgr-brugeren har de fornødne -rettigheder til at anvende COPY SQL-kommandoen (der i hvert fald findes i -PostgreSQL), kan en fjernbruger læse eller skrive til alle filer som -databasebrugeren (postgres) kan. Angriberen kan dernæst få mulighed for at -udføre vilkårlige shell-kommandoer, ved at skrive dem til postgres-brugerens -~/.psqlrc; de blive udført når brugeren starter psql-kommandoen, hvilket i -nogle opsætninger sker jævnligt fra et cron-script.

- -

I den aktuelle stabile distribution (woody) er dette problem rettet i -version 2.2.6-5.1.

- -

I den gamle stabile distribution (potato) er dette problem rettet i -version 2.2.6-0.potato.5.1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.2.6-7.

- -

Vi anbefaler at du opgraderer dine IMP-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-229.data" -#use wml::debian::translation-check translation="36eea2b986041ec2e2e2462d7f7d216e793ec6eb" diff --git a/danish/security/2003/dsa-230.wml b/danish/security/2003/dsa-230.wml deleted file mode 100644 index 949aa6d3292..00000000000 --- a/danish/security/2003/dsa-230.wml +++ /dev/null @@ -1,44 +0,0 @@ -usikre rettigheder, adgang til backupfiler - -

Forfatterne til Bugzilla, et webbaseret fejlsporingssystem, har opdaget to -fejl i programmet. Projektet Common Vulnerabilities and Exposures Project har -fundet frem til følgende sårbarheder:

- -
-
CAN-2003-0012 (BugTraq-ID 6502)
-
-

Det medfølgende dataopsamlingsscript, som det er meningen skal køre som - et natligt cronjob, ændrer rettighederne på mappen data/mining hver gang - scriptet kører til at være skrivbart af alle. Dette kan give lokale brugere - mulighed for at ændre eller slette de opsamlede data.

-
- -
CAN-2003-0013 (BugTraq-ID 6501)
-
-

Standardudgaverne af .htaccess-scriptene der kommer via checksetup.pl, - blokerer ikke for adgang til backup'er af filen localconfig, som blandt - andre kan oprettes af editorer som "vi" og "emacs" (normalt vil disse filer - slutte på .swp eller ~). Dette giver en slutbruger mulighed for at hente en - af backupkopierne og potentielt få fat i adgangskoden til databasen.

- -

Dette påvirker ikke Debian-installationen, fordi der ikke er en - .htaccess-fil og fordi ingen datafiler befinder sig på CGI-stien, da de er - i standard-Bugzilla-pakken. Desuden er opsætningen i - /etc/bugzilla/localconfig og derfor udenfor webmappen.

-
-
- -

I den akuelle stabile distribution (woody) er disse problemer rettet i -version 2.14.2-0woody4.

- -

Den gamle stabile distribution (potato) indeholder ikke en -Bugzilla-pakke.

- -

Problemet vil snart blive rettet i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer dine bugzilla-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-230.data" -#use wml::debian::translation-check translation="307b4102df78ee50d5fe2062ecd3e5f5e086e52e" diff --git a/danish/security/2003/dsa-231.wml b/danish/security/2003/dsa-231.wml deleted file mode 100644 index 64b926a6a5c..00000000000 --- a/danish/security/2003/dsa-231.wml +++ /dev/null @@ -1,23 +0,0 @@ -stakoverløb - -

Internet Software Consortium har opdaget flere sårbarheder ved en gennemgang -af ISC DHCP Daemon. Sårbarhederne befinder sig i fejlhåndteringsrutinerne i -minires-biblioteket og kan udnyttes som et stakoverløb. Dette kunne give en -fjernangriber mulighed for at udføre vilkårlig kode under den bruger-id, som -dhcpd kører under, normalt root. Andre DHCP-servere end dhcp3 lader ikke til -at være påvirket.

- -

I den stabile distribution (woody) er dette problem rettet i version -3.0+3.0.1rc9-2.1.

- -

Den gamle stabile distribution (potato) indeholder ikke dhcp3-pakker.

- -

I den ustabile distribution (sid) er dette problem rettet i version -3.0+3.0.1rc11-1.

- -

Vi anbefaler at du opgraderer din dhcp3-server-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-231.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-232.wml b/danish/security/2003/dsa-232.wml deleted file mode 100644 index c0e1c9a86d6..00000000000 --- a/danish/security/2003/dsa-232.wml +++ /dev/null @@ -1,72 +0,0 @@ -flere sårbarheder - -

Flere \ -sårbarheder er fundet i Common Unix Printing System (CUPS). Flere af disse -problemer kan potentielt udnyttes af en fjernbruger eller ved et -overbelastningsangreb (denial of service). Projektet Common Vulnerabilities -and Exposures har fundet frem til følgende problemer:

- -
    -
  • \ - CAN-2002-1383: Flere heltalsoverløb gør det muligt for en fjernangriber - at udføre vilkårlig kode via CUPSd HTTP-grænsefladen og - billedhåndteringskoden i CUPS-filtrene.
    • - -
  • \ - CAN-2002-1366: "Race conditions" i forbindelse med - /etc/cups/certs/ gør det muligt for lokale brugere med - lp-rettigheder, at oprette eller overskrive vilkårlige filer. Dette - problem findes ikke i potato-udgaven.
    • - -
  • \ - CAN-2002-1367: Denne sårbarhed gør det muligt for en fjernangriber, at - tilføje printere uden autentifikation via en bestemt UDP-pakke, hvilket - dermed kan udnyttes til at udføre uautoriserede aktiviteter såsom at stæjle - det lokale root-certifikat til administrationsserveren via en "kræver - autorisation"-side.
    • - -
  • \ - CAN-2002-1368: Negative længde overført til memcpy() kan forårsage et - overbelastningsangreb og måske også udførelse af vilkårlig kode.
    • - -
  • \ - CAN-2002-1369: Et usikkert strncat()-funktionskald til behandling af - indstillingsstrengen, giver en fjernangriber mulighed for at udføre - vilkårlig kode via et bufferoverløb.
    • - -
  • \ - CAN-2002-1371: Billeder med en bredde på nul, gør det muligt for en - fjernangriber at udføre vilkårlig kode via tilpassede chunk-headere.
    • - -
  • \ - CAN-2002-1372: CUPS kontrollerer ikke på korrekt vis, returværdierne fra - forskellige fil- og socket-handlinger, hvilket kan give en fjernangriber - mulighed for at forårsage et overbelastningsangreb.
    • - -
  • \ - CAN-2002-1384: Pakken cupsys indeholder noget kode fra pakken xpdf, der - anvendes til at konvertere PDF-filer til udskrift, hvilket indeholder en - heltalsoverløbsfejl, der kan udnyttes. Dette problem findes ikke i - potato-udgaven.
    • -
- -

Selvom vi har gjort os stor umage med, også at rette alle disse problemer -i pakkerne til potato, kan pakkerne stadig indeholder andre -sikkerhedsrelaterede problemer. Derfor opfordrer vi brugere af potato-systemer -hvor CUPS anvendes, til snart at opgradere til woody.

- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 1.1.14-4.3.

- -

I den gamle stabile distribution (potato) er disse problemer rettet i -version 1.0.4-12.1.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -1.1.18-1.

- -

Vi anbefaler at du omgående opgraderer dine CUPS-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-232.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" diff --git a/danish/security/2003/dsa-233.wml b/danish/security/2003/dsa-233.wml deleted file mode 100644 index 0cec4119dd6..00000000000 --- a/danish/security/2003/dsa-233.wml +++ /dev/null @@ -1,23 +0,0 @@ -dobbelt frigivelse af hukommelse - -

Stefan Esser \ -har opdaget et problem i cvs, et versionsstyringssystem der anvendes af -mange fri software-projektet. Den aktuelle version indeholder en fejl, der kan -udnyttes af en fjernangriber til at udføre vilkårlig kode på CVS-serveren, -under den brugerid som CVS-serveren kører som. Anonym læseadgang er nok til at -udnytte dette problem.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.11.1p1debian-8.1.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -1.10.7-9.2.

- -

Problemet vil snart blive rettet i den ustabile distribution (sid).

- -

Vi anbefaler at du omgående opgraderer din cvs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-233.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-234.wml b/danish/security/2003/dsa-234.wml deleted file mode 100644 index f3e372ff336..00000000000 --- a/danish/security/2003/dsa-234.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

KDE-teamet har -opdaget -flere sårbarheder i K Desktop Environment. I nogle tilfælde får KDE ikke -indsat citationstegn omkring instuktionsparametre som overføres til -kommandoshell'en til udførelse. Disse parametre kan indeholde data såsom -URL'er, filnavne og e-mail-adresser, og disse data kan blive leveret udefra til -offeret i en e-mail, en webside, filer på et netværksfilsystem eller en anden -kilde man ikke kan stole på.

- -

Ved omhyggeligt at fremstille sådanne data, kan en angriber opnå mulighed -for at udføre vilkårlige kommandoer på et sårbart system, ved hjælp af offerets -konto og rettigheder. KDE-projektet kender ikke til udnyttelser af disse -sårbarheder. Rettelserne sørger også for bedre sikkerhedsforanstaltninger, og -udfører mange steder grundigere kontroller af data, der er modtaget fra kilder -man ikke kan stole på.

- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 2.2.2-7.2.

- -

Den gamle stabile distribution (potato) indeholder ikke KDE-pakker.

- -

I den ustabile distribution (sid) er det overvejende sandsynligt at disse -problemer ikke vil blive rettet, men der forventes nye KDE 3.1-pakker i sid i -år.

- -

Vi anbefaler at du opgraderer dine KDE-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-234.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-235.wml b/danish/security/2003/dsa-235.wml deleted file mode 100644 index 77ff02d045b..00000000000 --- a/danish/security/2003/dsa-235.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

KDE-teamet har -opdaget -flere sårbarheder i K Desktop Environment. I nogle tilfælde får KDE ikke -indsat citationstegn omkring instuktionsparametre som overføres til -kommandoshell'en til udførelse. Disse parametre kan indeholde data såsom -URL'er, filnavne og e-mail-adresser, og disse data kan blive leveret udefra til -offeret i en e-mail, en webside, filer på et netværksfilsystem eller en anden -kilde man ikke kan stole på.

- -

Ved omhyggeligt at fremstille sådanne data, kan en angriber opnå mulighed -for at udføre vilkårlige kommandoer på et sårbart system, ved hjælp af offerets -konto og rettigheder. KDE-projektet kender ikke til udnyttelser af disse -sårbarheder. Rettelserne sørger også for bedre sikkerhedsforanstaltninger, og -udfører mange steder grundigere kontroller af data, der er modtaget fra kilder -man ikke kan stole på.

- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 2.2.2-6.10.

- -

Den gamle stabile distribution (potato) indeholder ikke KDE-pakker.

- -

I den ustabile distribution (sid) er det overvejende sandsynligt at disse -problemer ikke vil blive rettet, men der forventes nye KDE 3.1-pakker i sid i -år.

- -

Vi anbefaler at du opgraderer dine KDE-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-235.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-236.wml b/danish/security/2003/dsa-236.wml deleted file mode 100644 index cf8fe2a9098..00000000000 --- a/danish/security/2003/dsa-236.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

KDE-teamet har -opdaget -flere sårbarheder i K Desktop Environment. I nogle tilfælde får KDE ikke -indsat citationstegn omkring instuktionsparametre som overføres til -kommandoshell'en til udførelse. Disse parametre kan indeholde data såsom -URL'er, filnavne og e-mail-adresser, og disse data kan blive leveret udefra til -offeret i en e-mail, en webside, filer på et netværksfilsystem eller en anden -kilde man ikke kan stole på.

- -

Ved omhyggeligt at fremstille sådanne data, kan en angriber opnå mulighed -for at udføre vilkårlige kommandoer på et sårbart system, ved hjælp af offerets -konto og rettigheder. KDE-projektet kender ikke til udnyttelser af disse -sårbarheder. Rettelserne sørger også for bedre sikkerhedsforanstaltninger, og -udfører mange steder grundigere kontroller af data, der er modtaget fra kilder -man ikke kan stole på.

- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 2.2.2-13.woody.6.

- -

Den gamle stabile distribution (potato) indeholder ikke KDE-pakker.

- -

I den ustabile distribution (sid) er det overvejende sandsynligt at disse -problemer ikke vil blive rettet, men der forventes nye KDE 3.1-pakker i sid i -år.

- -

Vi anbefaler at du opgraderer dine KDE-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-236.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-237.wml b/danish/security/2003/dsa-237.wml deleted file mode 100644 index b57b47429b3..00000000000 --- a/danish/security/2003/dsa-237.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

KDE-teamet har -opdaget -flere sårbarheder i K Desktop Environment. I nogle tilfælde får KDE ikke -indsat citationstegn omkring instuktionsparametre som overføres til -kommandoshell'en til udførelse. Disse parametre kan indeholde data såsom -URL'er, filnavne og e-mail-adresser, og disse data kan blive leveret udefra til -offeret i en e-mail, en webside, filer på et netværksfilsystem eller en anden -kilde man ikke kan stole på.

- -

Ved omhyggeligt at fremstille sådanne data, kan en angriber opnå mulighed -for at udføre vilkårlige kommandoer på et sårbart system, ved hjælp af offerets -konto og rettigheder. KDE-projektet kender ikke til udnyttelser af disse -sårbarheder. Rettelserne sørger også for bedre sikkerhedsforanstaltninger, og -udfører mange steder grundigere kontroller af data, der er modtaget fra kilder -man ikke kan stole på.

- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 2.2.2-14.6.

- -

Den gamle stabile distribution (potato) indeholder ikke KDE-pakker.

- -

I den ustabile distribution (sid) er det overvejende sandsynligt at disse -problemer ikke vil blive rettet, men der forventes nye KDE 3.1-pakker i sid i -år.

- -

Vi anbefaler at du opgraderer dine KDE-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-237.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-238.wml b/danish/security/2003/dsa-238.wml deleted file mode 100644 index 4185fd0f4dc..00000000000 --- a/danish/security/2003/dsa-238.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

KDE-teamet har -opdaget -flere sårbarheder i K Desktop Environment. I nogle tilfælde får KDE ikke -indsat citationstegn omkring instuktionsparametre som overføres til -kommandoshell'en til udførelse. Disse parametre kan indeholde data såsom -URL'er, filnavne og e-mail-adresser, og disse data kan blive leveret udefra til -offeret i en e-mail, en webside, filer på et netværksfilsystem eller en anden -kilde man ikke kan stole på.

- -

Ved omhyggeligt at fremstille sådanne data, kan en angriber opnå mulighed -for at udføre vilkårlige kommandoer på et sårbart system, ved hjælp af offerets -konto og rettigheder. KDE-projektet kender ikke til udnyttelser af disse -sårbarheder. Rettelserne sørger også for bedre sikkerhedsforanstaltninger, og -udfører mange steder grundigere kontroller af data, der er modtaget fra kilder -man ikke kan stole på.

- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 2.2.2-5.2.

- -

Den gamle stabile distribution (potato) indeholder ikke KDE-pakker.

- -

I den ustabile distribution (sid) er det overvejende sandsynligt at disse -problemer ikke vil blive rettet, men der forventes nye KDE 3.1-pakker i sid i -år.

- -

Vi anbefaler at du opgraderer dine KDE-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-238.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-239.wml b/danish/security/2003/dsa-239.wml deleted file mode 100644 index e35d1856a25..00000000000 --- a/danish/security/2003/dsa-239.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

KDE-teamet har -opdaget -flere sårbarheder i K Desktop Environment. I nogle tilfælde får KDE ikke -indsat citationstegn omkring instuktionsparametre som overføres til -kommandoshell'en til udførelse. Disse parametre kan indeholde data såsom -URL'er, filnavne og e-mail-adresser, og disse data kan blive leveret udefra til -offeret i en e-mail, en webside, filer på et netværksfilsystem eller en anden -kilde man ikke kan stole på.

- -

Ved omhyggeligt at fremstille sådanne data, kan en angriber opnå mulighed -for at udføre vilkårlige kommandoer på et sårbart system, ved hjælp af offerets -konto og rettigheder. KDE-projektet kender ikke til udnyttelser af disse -sårbarheder. Rettelserne sørger også for bedre sikkerhedsforanstaltninger, og -udfører mange steder grundigere kontroller af data, der er modtaget fra kilder -man ikke kan stole på.

- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 2.2.2-3.2.

- -

Den gamle stabile distribution (potato) indeholder ikke KDE-pakker.

- -

I den ustabile distribution (sid) er det overvejende sandsynligt at disse -problemer ikke vil blive rettet, men der forventes nye KDE 3.1-pakker i sid i -år.

- -

Vi anbefaler at du opgraderer dine KDE-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-239.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-240.wml b/danish/security/2003/dsa-240.wml deleted file mode 100644 index 1a6c1eeda96..00000000000 --- a/danish/security/2003/dsa-240.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

KDE-teamet har -opdaget -flere sårbarheder i K Desktop Environment. I nogle tilfælde får KDE ikke -indsat citationstegn omkring instuktionsparametre som overføres til -kommandoshell'en til udførelse. Disse parametre kan indeholde data såsom -URL'er, filnavne og e-mail-adresser, og disse data kan blive leveret udefra til -offeret i en e-mail, en webside, filer på et netværksfilsystem eller en anden -kilde man ikke kan stole på.

- -

Ved omhyggeligt at fremstille sådanne data, kan en angriber opnå mulighed -for at udføre vilkårlige kommandoer på et sårbart system, ved hjælp af offerets -konto og rettigheder. KDE-projektet kender ikke til udnyttelser af disse -sårbarheder. Rettelserne sørger også for bedre sikkerhedsforanstaltninger, og -udfører mange steder grundigere kontroller af data, der er modtaget fra kilder -man ikke kan stole på.

- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 2.2.2-2.2.

- -

Den gamle stabile distribution (potato) indeholder ikke KDE-pakker.

- -

I den ustabile distribution (sid) er det overvejende sandsynligt at disse -problemer ikke vil blive rettet, men der forventes nye KDE 3.1-pakker i sid i -år.

- -

Vi anbefaler at du opgraderer dine KDE-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-240.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-241.wml b/danish/security/2003/dsa-241.wml deleted file mode 100644 index c42e38dfd45..00000000000 --- a/danish/security/2003/dsa-241.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

KDE-teamet har -opdaget -flere sårbarheder i K Desktop Environment. I nogle tilfælde får KDE ikke -indsat citationstegn omkring instuktionsparametre som overføres til -kommandoshell'en til udførelse. Disse parametre kan indeholde data såsom -URL'er, filnavne og e-mail-adresser, og disse data kan blive leveret udefra til -offeret i en e-mail, en webside, filer på et netværksfilsystem eller en anden -kilde man ikke kan stole på.

- -

Ved omhyggeligt at fremstille sådanne data, kan en angriber opnå mulighed -for at udføre vilkårlige kommandoer på et sårbart system, ved hjælp af offerets -konto og rettigheder. KDE-projektet kender ikke til udnyttelser af disse -sårbarheder. Rettelserne sørger også for bedre sikkerhedsforanstaltninger, og -udfører mange steder grundigere kontroller af data, der er modtaget fra kilder -man ikke kan stole på.

- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 2.2.2-9.2.

- -

Den gamle stabile distribution (potato) indeholder ikke KDE-pakker.

- -

I den ustabile distribution (sid) er det overvejende sandsynligt at disse -problemer ikke vil blive rettet, men der forventes nye KDE 3.1-pakker i sid i -år.

- -

Vi anbefaler at du opgraderer dine KDE-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-241.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-242.wml b/danish/security/2003/dsa-242.wml deleted file mode 100644 index fbf8a12dba8..00000000000 --- a/danish/security/2003/dsa-242.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

KDE-teamet har -opdaget -flere sårbarheder i K Desktop Environment. I nogle tilfælde får KDE ikke -indsat citationstegn omkring instuktionsparametre som overføres til -kommandoshell'en til udførelse. Disse parametre kan indeholde data såsom -URL'er, filnavne og e-mail-adresser, og disse data kan blive leveret udefra til -offeret i en e-mail, en webside, filer på et netværksfilsystem eller en anden -kilde man ikke kan stole på.

- -

Ved omhyggeligt at fremstille sådanne data, kan en angriber opnå mulighed -for at udføre vilkårlige kommandoer på et sårbart system, ved hjælp af offerets -konto og rettigheder. KDE-projektet kender ikke til udnyttelser af disse -sårbarheder. Rettelserne sørger også for bedre sikkerhedsforanstaltninger, og -udfører mange steder grundigere kontroller af data, der er modtaget fra kilder -man ikke kan stole på.

- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 2.2.2-14.2.

- -

Den gamle stabile distribution (potato) indeholder ikke KDE-pakker.

- -

I den ustabile distribution (sid) er det overvejende sandsynligt at disse -problemer ikke vil blive rettet, men der forventes nye KDE 3.1-pakker i sid i -år.

- -

Vi anbefaler at du opgraderer dine KDE-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-242.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-243.wml b/danish/security/2003/dsa-243.wml deleted file mode 100644 index 2c7178d5c26..00000000000 --- a/danish/security/2003/dsa-243.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

KDE-teamet har -opdaget -flere sårbarheder i K Desktop Environment. I nogle tilfælde får KDE ikke -indsat citationstegn omkring instuktionsparametre som overføres til -kommandoshell'en til udførelse. Disse parametre kan indeholde data såsom -URL'er, filnavne og e-mail-adresser, og disse data kan blive leveret udefra til -offeret i en e-mail, en webside, filer på et netværksfilsystem eller en anden -kilde man ikke kan stole på.

- -

Ved omhyggeligt at fremstille sådanne data, kan en angriber opnå mulighed -for at udføre vilkårlige kommandoer på et sårbart system, ved hjælp af offerets -konto og rettigheder. KDE-projektet kender ikke til udnyttelser af disse -sårbarheder. Rettelserne sørger også for bedre sikkerhedsforanstaltninger, og -udfører mange steder grundigere kontroller af data, der er modtaget fra kilder -man ikke kan stole på.

- -

I den aktuelle stabile distribution (woody) er disse problemer rettet i -version 2.2.2-8.2. Bemærk, at vi ikke er i stand til at levere opdaterede -pakker til de to MIPS-arkitekturer, da oversættelse af kdemultimedia udløser en -intern kompilerfejl på disse maskiner.

- -

Den gamle stabile distribution (potato) indeholder ikke KDE-pakker.

- -

I den ustabile distribution (sid) er det overvejende sandsynligt at disse -problemer ikke vil blive rettet, men der forventes nye KDE 3.1-pakker i sid i -år.

- -

Vi anbefaler at du opgraderer dine KDE-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-243.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-244.wml b/danish/security/2003/dsa-244.wml deleted file mode 100644 index 4b4bc2a90ce..00000000000 --- a/danish/security/2003/dsa-244.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Dan Jacobson har bemærket et problem i noffle, en newsserver til -offline-brug, som fører til en segment-fejl. Det er endnu ikke afklaret om -problemet kan udnyttes. Dog, hvis det er tilfældet, vil en fjernangriber kunne -igangsætte udførelse af vilkårlig kode under den bruger, der kalder noffle, -formentlig news.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.0.1-1.1.

- -

Den gamle stabile distribution (potato) indeholder ikke en noffle-pakke.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.1.2-1.

- -

Vi anbefaler at du opgraderer din noffle-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-244.data" -#use wml::debian::translation-check translation="a28543e380542019eea02093eb6cda9413663676" diff --git a/danish/security/2003/dsa-245.wml b/danish/security/2003/dsa-245.wml deleted file mode 100644 index 5c7303276f7..00000000000 --- a/danish/security/2003/dsa-245.wml +++ /dev/null @@ -1,40 +0,0 @@ -ignoreret tællergrænse - -

Florian Lohoff har opdaget en fejl i dhcrelay, der får programmet til at -sende en fortløbende pakkestorm mod den eller de opsatte DHCP-servere i -forbindelse med ondsindede BOOTP-pakker, som kan sendes fra fejlbehæftede -Cisco-switche.

- -

Når DHCP-relay'et modtager en BOOTP-forespørgsel, sender programmet -forespørgslen videre til DHCP-serveren ved hjælp af broadcast-MAC-adressen -ff:ff:ff:ff:ff:ff, hvilket får netværksgrænsefladen til at spejle pakken -tilbage til socket'en. For at forhindre løkker, kontrollerer dhcrelay hvorvidt -relay-adressen er dens egen, er det tilfældet bliver pakken smidt væk. -Kombinereret med en manglende kontrol af en øvre grænse til hop-tælleren, kan -en angriber tvinge DHCP-relay'et til at sende en fortløbende pakkestorm til den -eller de opsatte DHCP-servere.

- -

Denne rettelse bibringer et nyt kommandolinieparameter, --c maxcount, og man rådes til at starte DHCP-relay'et med -dhcrelay -c 10 eller et mindre nummer, hvilket kun opretter det -pågældende antal pakker.

- -

Programmet dhcrelay fra "dhcp"-pakken, lader ikke til at være påvirket, da -DHCP-pakker smides væk, hvis de lader til allerede at have været igennem et -relay.

- -

I den stabile distribution (woody) er dette problem rettet i version -3.0+3.0.1rc9-2.2.

- -

Den gamle stabile distribution (potato) indeholder ikke dhcp3-pakker.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.1.2-1.

- -

Vi anbefaler at du opgraderer dine dhcp3-pakker, hvis du bruger -dhcrelay-serveren.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-245.data" -#use wml::debian::translation-check translation="51bae65756922a29f9b405e6cc9425dc6eaa265c" diff --git a/danish/security/2003/dsa-246.wml b/danish/security/2003/dsa-246.wml deleted file mode 100644 index d6efda0af17..00000000000 --- a/danish/security/2003/dsa-246.wml +++ /dev/null @@ -1,39 +0,0 @@ -informationsafsløring, udførelse af scripts på tværs af websteder - -

Udviklerne af tomcat har opdaget flere problemer i tomcat version 3.x. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    -
  • \ - CAN-2003-0042: En ondsindet fremstillet forespørgsel kunne returnere en - mappeliste, også selvom index.html, index.jsp eller andre velkomstfiler - fandtes. Filindhold kunne også returneres.
    • - -
  • \ - CAN-2003-0043: En ondsindet webapplikation kunne læse indholdet af nogle - filer udenfor webapplikationen via dens web.xml-fil, på trods af at der var - en sikkerhedsmanager. Indholdet af filer som kan læses som en del af et - XML-dokument, ville være tilgængeligt.
    • - -
  • \ - CAN-2003-0044: En sårbarhed i forbindelse med udførelse af scripts på - tværs af websteder (cross-site scripting) er opdaget i det medfølgende - eksempel på en webapplikation, sårbarheden giver en fjernangribere mulighed - for at udføre vilkårlig scriptkode.
    • -
- -

I den stabile distribution (woody) er dette problem rettet i version -3.3a-4woody.1.

- -

Den gamle stabile distribution (potato) indeholder ikke tomcat-pakker.

- -

I den ustabile distribution (sid) er dette problem rettet i version -3.3.1a-1.

- -

Vi anbefaler at du opgraderer din tomcat-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-246.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" diff --git a/danish/security/2003/dsa-247.wml b/danish/security/2003/dsa-247.wml deleted file mode 100644 index c43c9c5430f..00000000000 --- a/danish/security/2003/dsa-247.wml +++ /dev/null @@ -1,22 +0,0 @@ -manglende kontrol af inddata - -

Udviklerne af courier, en integreret mailserver til brugere, har opdaget et -problem i PostgreSQL-autentifikationsmodulet. Alle potentielt farlige tegn -blev ikke kontrolleret før brugernavnet blev overført til PostgreSQL-maskinen. -En angriber kunne indsprøjte vilkårlige SQL-kommandoer og forespørgsler som -udnyttede denne sårbarhed. MySQL-autentifikationsmodulet er ikke påvirket.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.37.3-3.3.

- -

Den gamle stabile distribution (potato) indeholder ikke courier-pakker.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.40.2-3.

- -

Vi anbefaler at du opgraderer din courier-authpostgresql-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-247.data" -#use wml::debian::translation-check translation="b220fd30b00329f5d913f4e573261bff12f24c96" diff --git a/danish/security/2003/dsa-248.wml b/danish/security/2003/dsa-248.wml deleted file mode 100644 index 0b5bbd6681d..00000000000 --- a/danish/security/2003/dsa-248.wml +++ /dev/null @@ -1,33 +0,0 @@ -bufferoverløb - -

Ulf Härnhammar har opdaget to problemer i hypermail, et program til -oprettelse af HTML-arkiver af postlister.

- -

En angriber kunne fremstille et langt filnavn til vedhæftet fil, som kunne -få to buffere til at løbe over når et bestemt parameter til interaktiv brug var -angivet, hvilket gav mulighed for at indsprøjte vilkårlig kode. Denne kode -kunne udføres under den brugerid hypermail kører som, primært som en lokal -bruger. Automatisk og 'silent' anvendelse af hypermail lader ikke til at være -påvirket.

- -

CGI-programmet mail, som ikke installeres af Debian-pakken, foretager et -omvendt opslag af brugerens IP-nummer og kopierer det fundne værtsnavn ind i -en buffer af en bestemt størrelse. Et særligt fremstillet DNS-svar kunne få -denne buffer til at løbe over, hvilket gjorde det muligt at foretage en -udnyttelse mod programmet.

- -

I den stabile distribution (woody) er dette problem rettet i version -2.1.3-2.0.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -2.0b25-1.1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.1.6-1.

- -

Vi anbefaler at du opgraderer dine hypermail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-248.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" diff --git a/danish/security/2003/dsa-249.wml b/danish/security/2003/dsa-249.wml deleted file mode 100644 index 7045420e38a..00000000000 --- a/danish/security/2003/dsa-249.wml +++ /dev/null @@ -1,25 +0,0 @@ -manglende HTML-indkapsling - -

Hironori Sakamoto, en af w3m-udviklerne, har opdaget to -sikkerhedssårbarheder i w3m og tilknyttede programmer. w3m-browseren inkapsler -ikke HTML-mærker (tags) korrekt i frame-indhold og img alt-attributter. En -ondsindet HTML-frame eller img alt-attribut kan snyde en bruger til at sende -sine lokale cookies, der anvendes til opsætningen. Oplysningerne lækkes dog -ikke automatisk.

- -

I den stabile distribution (woody) er disse problemer rettet i version -0.3.p23.3-1.5. Bemærk, at opdateringen også indeholder en vigtig rettelse, der -igen får programmet til at fungere på powerpc-platformen.

- -

Den gamle stabile distribution (potato) er ikke påvirket af disse -problemer.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -0.3.p24.17-3 og senere.

- -

Vi anbefaler at du opgraderer dine w3mmee-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-249.data" -#use wml::debian::translation-check translation="36eea2b986041ec2e2e2462d7f7d216e793ec6eb" diff --git a/danish/security/2003/dsa-250.wml b/danish/security/2003/dsa-250.wml deleted file mode 100644 index 92f1709c272..00000000000 --- a/danish/security/2003/dsa-250.wml +++ /dev/null @@ -1,25 +0,0 @@ -manglende HTML-indkapsling - -

Hironori Sakamoto, en af w3m-udviklerne, har opdaget to -sikkerhedssårbarheder i w3m og tilknyttede programmer. w3m-browseren inkapsler -ikke HTML-mærker (tags) korrekt i frame-indhold og img alt-attributter. En -ondsindet HTML-frame eller img alt-attribut kan snyde en bruger til at sende -sine lokale cookies, der anvendes til opsætningen. Oplysningerne lækkes dog -ikke automatisk.

- -

I den stabile distribution (woody) er disse problemer rettet i version -0.3.p23.3-1.5. Bemærk, at opdateringen også indeholder en vigtig rettelse, der -igen får programmet til at fungere på powerpc-platformen.

- -

Den gamle stabile distribution (potato) er ikke påvirket af disse -problemer.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -0.3.p24.17-3 og senere.

- -

Vi anbefaler at du opgraderer dine w3mmee-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-250.data" -#use wml::debian::translation-check translation="36eea2b986041ec2e2e2462d7f7d216e793ec6eb" diff --git a/danish/security/2003/dsa-251.wml b/danish/security/2003/dsa-251.wml deleted file mode 100644 index cf1a9d3b0d0..00000000000 --- a/danish/security/2003/dsa-251.wml +++ /dev/null @@ -1,24 +0,0 @@ -manglende HTML-indkapsling - -

Hironori Sakamoto, en af w3m-udviklerne, har opdaget to -sikkerhedssårbarheder i w3m og tilknyttede programmer. w3m-browseren inkapsler -ikke HTML-mærker (tags) korrekt i frame-indhold og img alt-attributter. En -ondsindet HTML-frame eller img alt-attribut kan snyde en bruger til at sende -sine lokale cookies, der anvendes til opsætningen. Oplysningerne lækkes dog -ikke automatisk.

- -

I den stabile distribution (woody) er disse problemer rettet i version -0.3-2.4.

- -

Den gamle stabile distribution (potato) er ikke påvirket af disse -problemer.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -0.3.2.2-1 og senere.

- -

Vi anbefaler at du opgraderer dine w3mmee-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-251.data" -#use wml::debian::translation-check translation="36eea2b986041ec2e2e2462d7f7d216e793ec6eb" diff --git a/danish/security/2003/dsa-252.wml b/danish/security/2003/dsa-252.wml deleted file mode 100644 index 0dc478c02b9..00000000000 --- a/danish/security/2003/dsa-252.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Der er opdaget et problem i slocate, en sikker erstatning til locate. Et -bufferoverløb i setgid-programmet slocate kan udnyttes til at udføre vilkårlig -kode som gruppen slocate. Dette kan anvendes til at ændre -slocate-databasen.

- -

I den stabile distribution (woody) er dette problem rettet i version -2.6-1.3.1.

- -

Den gamle stabile distribution (potato) er ikke påvirket af dette -problem.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.7-1.

- -

Vi anbefaler at du omgående opgraderer din slocate-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-252.data" -#use wml::debian::translation-check translation="8334b574c91ec25b2a3a14ef0a57c59eb2fdd4f2" diff --git a/danish/security/2003/dsa-253.wml b/danish/security/2003/dsa-253.wml deleted file mode 100644 index b500a740734..00000000000 --- a/danish/security/2003/dsa-253.wml +++ /dev/null @@ -1,24 +0,0 @@ -informationslækage - -

En sårbarhed er opdaget i OpenSSL, en implementation af Secure Socket Layer -(SSL). I et kommende dokument beskriver og demonstrerer Brice Canvel (EPFL), -Alain Hiltgen (UBS), Serge Vaudenay (EPFL) og Martin Vuagnoux (EPFL, Ilion) et -tidsindstillet angreb på CBC cipher-suiterne som anvendes i SSL og TLS. -OpenSSL har vist sig at være sårbar overfor dette angreb.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.9.6c-2.woody.2.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -0.9.6c-0.potato.5. Bemærk, at dette opdaterer versionen fra -potato-proposed-updates, som erstatter versionen i potato.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.9.7a-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-253.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" diff --git a/danish/security/2003/dsa-254.wml b/danish/security/2003/dsa-254.wml deleted file mode 100644 index 3c6cc0c159a..00000000000 --- a/danish/security/2003/dsa-254.wml +++ /dev/null @@ -1,50 +0,0 @@ -bufferoverløb - -

En sårbarhed er opdaget i NANOG-traceroute, en udvidet udgave af programmet -Van Jacobson/BSD-traceroute. Et bufferoverløb opstår i funktionen -'get_origin()'. På grund af utilstrækkelig grænsekontrol i whois-fortolkeren, -kan det være muligt at korrumpere systemstakkens hukommelse. Denne sårbarhed -kan udnyttes af en fjernangriber til at opnå root-rettigheder på en -værtsmaskine. Dog sandsynligvis ikke i Debian.

- -

Projektet Common Vulnerabilities and Exposures (CVE) har desuden fundet frem -til følgende sårbarheder, som allerede er rettet i Debians stabile udgave -(woody) og den gamle stabile udgave (potato), men som omtales her for -fuldstændighedens skyld (og fordi andre distributioner var nødt til at udgive -separate bulletiner om dem):

- -
    -
  • CAN-2002-1364 (BugTraq-ID 6166) omtaler et bufferoverløb i funktionen - get_origin, hvilket giver angribere mulighed for at udføre vilkårlig kode - via lange WHOIS-svar.
    • - -
  • CAN-2002-1051 (BugTraq-ID 4956) omtaler en formatstreng-sårbarhed, der - giver lokale brugere mulighed for at udføre vilkårlig kode via - kommandolinieparametret -T (terminator).
    • - -
  • CAN-2002-1386 nævner et bufferoverløb, der kan give lokale brugere mulighed - for at udføre vilkårlig kode via et langt værtsnavn-parameter.
    • - -
  • CAN-2002-1387 nævner "spray"-tilstanden, der kan give lokale brugere - mulighed for at overskrive vilkårlige hukommelsesområder.
    • -
- -

Heldigvis smider Debians pakke rettighederne væk ganske hurtigt efter -starten, hvorfor disse problemer sandsynligvis ikke vil resultere i udnyttelser -på Debian-maskiner.

- -

I den aktuelle stabile distribution (woody) er ovennævnte problemer rettet i -version 6.1.1-1.2.

- -

I den gamle stabile distribution (potato) er ovennævnte problemer rettet i -version 6.0-2.2.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -6.3.0-1.

- -

Vi anbefaler at du opgraderer din traceroute-nanog-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-254.data" -#use wml::debian::translation-check translation="421f2075349590201c403c21bf545e4577937a94" \ No newline at end of file diff --git a/danish/security/2003/dsa-255.wml b/danish/security/2003/dsa-255.wml deleted file mode 100644 index cf647149d91..00000000000 --- a/danish/security/2003/dsa-255.wml +++ /dev/null @@ -1,26 +0,0 @@ -uendelig løkke - -

Andrew Griffiths og iDEFENSE Labs har opdaget et problem i tcpdump, et -nyttigt værktøj til netværksovervågning og dataerhvervelse. En angriber har -mulighed for at sende en særligt fremstillet netværkspakke, hvilket får tcpdump -til at gå i en uendelig løkke.

- -

Udover det ovennævnte problem, har udviklerne af tcpdump opdaget en -potentiel uendelig løkke ved fortolkning af misdannede BGP-pakker. De opdagede -også et bufferoverløb, som kunne udnyttes med visse misdannede NFS-pakker.

- -

I den stabile distribution (woody) er disse problemer rettet i version -3.6.2-2.3.

- -

Den gamle stabile distribution (potato) lader ikke til at være påvirket af -disse problemer.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -3.7.1-1.2.

- -

Vi anbefaler at du opgraderer dine tcpdump-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-255.data" -#use wml::debian::translation-check translation="0ba0f1a88a6a768ec4226717864cd5f59e98f12c" \ No newline at end of file diff --git a/danish/security/2003/dsa-256.wml b/danish/security/2003/dsa-256.wml deleted file mode 100644 index cda71e7dece..00000000000 --- a/danish/security/2003/dsa-256.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker midlertidig fil - -

Der er opdaget en fejl i adb2mhc fra pakken mhc-utils. Standardmappen til -midlertidige filer anvender et forudsigeligt navn. Dette medfører en sårbarhed -som giver en lokal angriber mulighed for at overskrive vilkårlige filer, som -brugerne har skriveadgang til.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.25+20010625-7.1.

- -

Den gamle stabile distribution (potato) indeholder ikke mhc-pakker.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.25+20030224-1.

- -

Vi anbefaler at du opgraderer dine mhc-utils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-256.data" -#use wml::debian::translation-check translation="5506deb18007d1fa53fd01d77f27998656e23235" diff --git a/danish/security/2003/dsa-257.wml b/danish/security/2003/dsa-257.wml deleted file mode 100644 index b8995815616..00000000000 --- a/danish/security/2003/dsa-257.wml +++ /dev/null @@ -1,20 +0,0 @@ -fjernudnyttelse - -

Mark Dowd fra ISS X-Force har fundet en fejl i sendmails rutiner til -fortolkning af headere: Den buffer kunne løbe over, når rutinen stødte på -adresser med meget lange kommentarer. Da sendmail også fortolker headere, når -e-mails videresendes, kan denne sårbarhed også ramme mail-servere, der ikke -leverer e-mail'en.

- -

Dette er rettet i opstrøms version 8.12.8, version 8.12.3-5 af pakken i -Debian GNU/Linux 3.0/woody og version 8.9.3-25 af pakken i Debian GNU/Linux -2.2/potato.

- -

DSA-257-2: Opdaterede sendmail-wide-pakker er tilgængelige i pakkerne med -version 8.9.3+3.2W-24 til Debian 2.2 (potato) og version 8.12.3+3.5Wbeta-5.2 -til Debian 3.0 (woody).

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-257.data" -#use wml::debian::translation-check translation="d72ec9af3906d5f8e6e7d7a7d5704bbdd708ba74" diff --git a/danish/security/2003/dsa-258.wml b/danish/security/2003/dsa-258.wml deleted file mode 100644 index 3da75c8975b..00000000000 --- a/danish/security/2003/dsa-258.wml +++ /dev/null @@ -1,21 +0,0 @@ -format-strengssårbarhed - -

Georgi Guninski har opdaget et problem ethereal, et program til analysering -af netværkstrafik. Programmet indeholder en format-strengssårbarhed som kan -føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.9.4-1woody3.

- -

Den gamle stabile distribution (potato) lader ikke til at være påvirket af -dette problem.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.9.9-2.

- -

Vi anbefaler at du opgraderer dine ethereal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-258.data" -#use wml::debian::translation-check translation="a7ef648b85e80077fddebc04b711aff11a64211f" diff --git a/danish/security/2003/dsa-259.wml b/danish/security/2003/dsa-259.wml deleted file mode 100644 index 4785622673d..00000000000 --- a/danish/security/2003/dsa-259.wml +++ /dev/null @@ -1,19 +0,0 @@ -rettighedsforøgelse af mail-brugeren - -

Florian Heinz har på postlisten Bugtraq skrevet om -en udnyttelse i qpopper, baseret på en fejl i den indeholdte implementering af -snprintf. Prøveudnyttelsen kræver en gyldig brugerkonto og adgangskode, og får -en streng i funktionen pop_msg() til at løbe over, hvilket giver brugeren "mail" -grupperettigheder og shell-adgang på systemet. Da funktionen Qvsnprintf -anvendes andre steder i qpopper, kan der flere udnyttelser være mulige.

- -

qpopper-pakken i Debian 2.2 (potato) indeholder ikke den sårbare -implementering af snprintf. I Debian 3.0 (woody) er en opdateret pakke -tilgængelig som version 4.0.4-2.woody.3. Brugere den kører en uudgiven udgave -af Debian bør opgradere til 4.0.4-9 eller nyere. Vi anbefaler at du omgående -opgraderer din qpopper-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-259.data" -#use wml::debian::translation-check translation="eb802383e972013e2be59e88e35cfa088968a164" \ No newline at end of file diff --git a/danish/security/2003/dsa-260.wml b/danish/security/2003/dsa-260.wml deleted file mode 100644 index d15edd1305c..00000000000 --- a/danish/security/2003/dsa-260.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

iDEFENSE har opdaget et bufferoverløb i ELF-formatets tolkning af kommandoen -"file", en sårbarhed der kan udnyttes til at udføre vilkårlig kode med -rettighederne hørende til den bruger, der kører kommandoen. Sårbarheden kan -udnyttes ved at fremstille et specielt ELF-program, der dernæst anvendes som -inddata til "file". Dette kan gøres ved at efterlade programmet på filsystemet -og vente på at nogen anvender "file" til at identificere det, eller ved at -overføre det til en service, der anvender "file" til at klassificere inddata. -(For eksempel kører nogle printerfiltre "file" for at afgøre hvordan inddata -til printeren skal behandles.)

- -

Rettede pakker er tilgængelige i version 3.28-1.potato.1 til Debian 2.2 -(potato) og version 3.37-3.1.woody.1 til Debian 3.0 (woody). Vi anbefaler at du -omgående opgraderer din file-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-260.data" -#use wml::debian::translation-check translation="408e424c15b6babd225308baa30683f613bdbffb" \ No newline at end of file diff --git a/danish/security/2003/dsa-261.wml b/danish/security/2003/dsa-261.wml deleted file mode 100644 index 2b188cebc06..00000000000 --- a/danish/security/2003/dsa-261.wml +++ /dev/null @@ -1,21 +0,0 @@ -uendelig løkke - -

Der er opdaget et problem tcpdump, et stærkt værktøj til netværksovervågning -og datahentning. En angriber kan sende en særligt fremstillet -RADIUS-netværkspakke, som får tcpdump til at gå i en uendelig løkke.

- -

I den stabile distribution (woody) er dette problem rettet i version -3.6.2-2.4.

- -

Den gamle stabile distribution (potato) lader ikke til at være påvirket af -dette problem.

- -

Den ustabile distribution (sid) er ikke længere påvirket af dette -problem.

- -

Vi anbefaler at du opgraderer din tcpdump-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-261.data" -#use wml::debian::translation-check translation="3c13f2e596f6bb169eaa05fae5a66e6d1860b87d" \ No newline at end of file diff --git a/danish/security/2003/dsa-262.wml b/danish/security/2003/dsa-262.wml deleted file mode 100644 index 898d0356465..00000000000 --- a/danish/security/2003/dsa-262.wml +++ /dev/null @@ -1,21 +0,0 @@ -fjernudnyttelse - -

Sebastian Krahmer fra SuSEs sikkerhedskontrolteam har fundet to problemer -i samba, en populær SMB/CIFS-implementering. Problemerne er:

- -
    -
  • Et bufferoverløb i koden til gendannelse af SMB/CIFS-pakkefragmenter som - anvendes af smbd. Da smbd kører som root, kan en angriber benytte dette - til at få root-adgang til en maskine som kører smbd.
    • - -
  • Koden til at skrive reg-filer var sårbar overfor et "chown race", hvilket - gjorde det muligt for en lokal bruger at overskrive systemfiler.
    • -
- -

Begge problemer er rettet i opstrøms version 2.2.8 og i version -2.2.3a-12.1 af pakkerne i Debian GNU/Linux 3.0/woody.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-262.data" -#use wml::debian::translation-check translation="03be4e124eb885e906d28006cf4bf10fb15aa45e" \ No newline at end of file diff --git a/danish/security/2003/dsa-263.wml b/danish/security/2003/dsa-263.wml deleted file mode 100644 index 6cd17398468..00000000000 --- a/danish/security/2003/dsa-263.wml +++ /dev/null @@ -1,23 +0,0 @@ -matematiske overløbsfejl - -

Al Viro og Alan Cox har opdaget flere matematiske overløbsfejl i NetPBM, -en samling værktøjer til konvertering af grafik. Disse programmer er ikke -installeret setuid root, men installeres ofte for at forberede data til -behandling. Disse sårbarheder kan også give fjernangribere mulighed for at -blive skyld i et lammelsesangreb eller udføre vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i version -9.20-8.2.

- -

Den gamle stabile distribution (potato) lader ikke til at være påvirket af -dette problem.

- -

I den ustabile distribution (sid) er dette problem rettet i version -9.20-9.

- -

Vi anbefaler at du opgraderer din netpbm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-263.data" -#use wml::debian::translation-check translation="e5df5e4bf0db944aa620504db5d39bd722263ba8" \ No newline at end of file diff --git a/danish/security/2003/dsa-264.wml b/danish/security/2003/dsa-264.wml deleted file mode 100644 index 2022195a32d..00000000000 --- a/danish/security/2003/dsa-264.wml +++ /dev/null @@ -1,23 +0,0 @@ -manglende kontrol af filnavn - -

Opstrømsudviklerne af lxr, en generelt værktøj til -hypertekst-krydsreferering, er blevet gjort opmærksomme på en sårbarhed, der -giver en fjernangriber mulighed for at læse vilkårlige filer på værtssystemet -som brugeren www-data. Dette kunne blotlægge lokale filer, som det ikke var -meningen skulle deles med offentligheden.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.3-3.

- -

Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder en lxr-pakke.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.3-4.

- -

Vi anbefaler at du opgraderer din lxr-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-264.data" -#use wml::debian::translation-check translation="62dce0bf1839d5618f463a0fa59546a30f570873" \ No newline at end of file diff --git a/danish/security/2003/dsa-265.wml b/danish/security/2003/dsa-265.wml deleted file mode 100644 index 574d6e8165d..00000000000 --- a/danish/security/2003/dsa-265.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

Rémi Perrot har rettet flere sikkerhedsrelaterede fejl i bonsai, Mozillas -værktøj til CVS-forespørgsler via en webgrænseflade. Sårbarhederne er blandt -andre udførelse af vilkårlig kode, udførelse af skripter på tværs af -websteder og adgang til opsætningsparametre. Projektet Common -Vulnerabilities and Exposures har fundet følgende problemer:

- -
    -
  • CAN-2003-0152 - Fjernudførelse af vilkårlige kommandoer som www-data
    • - -
  • CAN-2003-0153 - Blotlæggelse af absolutte stier
    • - -
  • CAN-2003-0154 - Angreb der udfører skripter på tværs af websteder
    • - -
  • CAN-2003-0155 - Uautoriseret adgang til parameterside
    • -
- -

I den stabile distribution (woody) er disse problemer rettet i version -1.3+cvs20020224-1woody1.

- -

Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder bonsai.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -1.3+cvs20030317-1.

- -

Vi anbefaler at du opgraderer din bonsai-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-265.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" \ No newline at end of file diff --git a/danish/security/2003/dsa-266.wml b/danish/security/2003/dsa-266.wml deleted file mode 100644 index a23be48e62f..00000000000 --- a/danish/security/2003/dsa-266.wml +++ /dev/null @@ -1,51 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i krb5, en implementation af MIT Kerberos.

- -
    -
  • En kryptograferingssårbarhed i version 4 af Kerberos-protokollen tillader - en angriber at anvende et "chosen-plaintext"-angreb til at give sig ud for - en principal i et "realm". Yderligere kryptografiske svagheder i - krb4-implementationen som findes i MITs krb5-distribution, giver mulighed - for klippe-klistre-angreb til fabrikation af krb4-"tickets" til - uautoriserede klient-principaler, hvis tredobbelte DES-nøgler anvendes - til at fæste ("key") krb4-tjenester. Disse angreb kan undergrave et steds - komplette infrastruktur til autentifikation. - -

    Kerberos version 5 indeholder ikke denne kryptografiske sårbarhed. - Steder er ikke sårbare hvis Kerberos v4 er slået helt fra, deriblandt også - har slået alle krb5 til krb5-oversættelsestjenester fra.

    • - -
  • MITs Kerberos 5-implementation indeholder et RPC-bibliotek afledt af - SUNRPC. Implementationen indeholder længdekontroller, som er sårbare - overfor et heltalsoverløb, som det kan være muligt at udnytte til at - fremstille lammelsesangreb (denial of service) eller opnå uautoriseret - adgang til følsomme oplysninger.
    • - -
  • Problemer med bufferoverløb og -underløb findes i Kerberos håndtering af - principal-navne under usædvanlige omstændigheder, såsom navne med - nul-komponenter, navne med et tomt komponent eller værtsbaserede - principal-navne uden værtsnavnekomponent på tjenester.
    • -
- -

Denne version af krb5-pakken, ændrer standardmåden programmet opfører sig -på og tillader ikke "cross-realm"-autentifikation for Kerberos version 4.   -På grund af det fundamentale ved problemet, kan "cross-realm"-autentifikation -i Kerberos version 4 ikke gøres sikker og man bør undgå at bruge det. En ny -indstilling (-X) stilles til rådighed for kommandoerne krb5kdc og krb524d, for -at slå version 4-"cross-realm"-autentifikaation til for de steder, som skal -bruge denne funktionalitet, men ønsker de andre sikkerhedsrettelser.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.2.4-5woody4.

- -

Den gamle stabile distribution (potato) indeholder ikke krb5-pakker.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din krb5-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-266.data" -#use wml::debian::translation-check translation="ff536b78404e9cbbbac72a0340bd65e4c0441b72" \ No newline at end of file diff --git a/danish/security/2003/dsa-267.wml b/danish/security/2003/dsa-267.wml deleted file mode 100644 index 20de6e67a49..00000000000 --- a/danish/security/2003/dsa-267.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i lpr, et BSD-spoolsystem til -lpr/lpd-linieprintere. Problemet kan udnyttes af en lokal bruger til at opnå -root-rettigheder, også selvom printersystemet er opsat korrekt.

- -

I den stabile distribution (woody) er dette problem rettet i version -2000.05.07-4.3.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -0.48-1.1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2000.05.07-4.20.

- -

Vi anbefaler at du omgående opgraderer din lpr-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-267.data" -#use wml::debian::translation-check translation="62c72dd065e29af674c101185c7217c5eeee3538" \ No newline at end of file diff --git a/danish/security/2003/dsa-268.wml b/danish/security/2003/dsa-268.wml deleted file mode 100644 index 7d0dd92b5ae..00000000000 --- a/danish/security/2003/dsa-268.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

Core Security Technologies har opdaget et bufferoverløb i IMAP-koden i -Mutt, et tekstbaseret postlæsningsprogram som understøtter IMAP, MIME, GPG, -PGP og tråde. Dette problem giver en fjern, ondsindet IMAP-server mulighed -for at forsage et lammelsesangreb (programmet går ned) og muligvis udføre -vilkårlig kode via en specielt fremstillet postmappe.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.3.28-2.1.

- -

Den gamle stabile distribution (potato) er ikke påvirket af dette -problem.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.5.4-1.

- -

Vi anbefaler at du opgraderer din mutt-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-268.data" -#use wml::debian::translation-check translation="2bff0d74c9b68122d7a811bef4daf1e95b9de4a9" \ No newline at end of file diff --git a/danish/security/2003/dsa-269.wml b/danish/security/2003/dsa-269.wml deleted file mode 100644 index 7925f651841..00000000000 --- a/danish/security/2003/dsa-269.wml +++ /dev/null @@ -1,33 +0,0 @@ -kryptografisk svaghed - -

En kryptografisk svaghed i version 4 af Kerberos-protokollen tillader en -angriber at anvende et "chosen-plaintext"-angreb til at give sig ud for en -principal i et "realm". Yderligere kryptografiske svagheder i -krb4-implementationen giver mulighed for klippe-klistre-angreb til fabrikation -af krb4-"tickets" til uautoriserede klient-principaler, hvis tredobbelte -DES-nøgler anvendes til at fæste ("key") krb4-tjenester. Disse angreb kan -undergrave et steds komplette infrastruktur til Keberos-autentifikation. - -

Denne version af heimdal-pakken, ændrer standardmåden programmet opfører sig -på og tillader ikke "cross-realm"-autentifikation for Kerberos version 4.   -På grund af det fundamentale ved problemet, kan "cross-realm"-autentifikation -i Kerberos version 4 ikke gøres sikker og man bør undgå at bruge det. En ny -indstilling (--kerberos4-cross-realm) stilles til rådighed for kommandoen kdc, -for at slå version 4-"cross-realm"-autentifikaation til for de steder, som skal -bruge denne funktionalitet, men ønsker de andre sikkerhedsrettelser.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.4e-7.woody.8.

- -

Den gamle stabile distribution (potato) er ikke påvirket af dette problem, -da den ikke er oversat mod kerberos 4.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.5.2-1.

- -

Vi anbefaler at du omgående opgraderer dine heimdal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-269.data" -#use wml::debian::translation-check translation="712a8cbe3f034df549b7ae68e7a873587f0f6018" diff --git a/danish/security/2003/dsa-270.wml b/danish/security/2003/dsa-270.wml deleted file mode 100644 index 79bd198ea32..00000000000 --- a/danish/security/2003/dsa-270.wml +++ /dev/null @@ -1,27 +0,0 @@ -lokal rettighedsforøgelse - -

Linux 2.2- og Linux 2.4-kernernes program til hentning af kernemoduler har -en fejl i ptrace. Dette hul tillader lokale brugere at opnå root-rettigheder -ved at anvende ptrace til at hæfte sig på en underproces, som startes af -kernen. Fjernudnyttelse af dette hul er ikke muligt.

- -

Denne bulletin dækker kun kernepakker til MIPS-arkitekturens store og lille -endian. Andre arkitekturer vil blive dækket af separate bulletiner.

- -

I den stabile distribution (woody) er dette problem rettet i version -2.4.17-0.020226.2.woody1 af kernel-patch-2.4.17-mips (mips+mipsel) og i version -2.4.19-0.020911.1.woody1 af kernel-patch-2.4.19-mips (kun mips).

- -

Den gamle stabile distribution (potato) er ikke påvirket af dette problem i -forbindelse med disse arkitekturer, da mips og mipsel først blev udgivet med -Debian GNU/Linux 3.0 (woody).

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.4.19-0.020911.6 af kernel-patch-2.4.19-mips (mips+mipsel).

- -

Vi anbefaler at du omgående opgraderer dine kernel-images-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-270.data" -#use wml::debian::translation-check translation="87d8ca0fba0e326572a539211a93d459291bb755" \ No newline at end of file diff --git a/danish/security/2003/dsa-271.wml b/danish/security/2003/dsa-271.wml deleted file mode 100644 index d0f6ceaf5f9..00000000000 --- a/danish/security/2003/dsa-271.wml +++ /dev/null @@ -1,22 +0,0 @@ -uautoriseret ændring af adgangskode - -

Der er opdaget et problem i ecartis, et program til håndtering af -postlister, tidligere kendt som listar. Denne sårbarhed gør det muligt for en -angriber at nulstille en brugers adgangskode, som er defineret på -listeserveren, deriblandt også listeadministratorene.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.129a+1.0.0-snap20020514-1.1 af ecartis.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -0.129a-2.potato3 af listar.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.0.0+cvs.20030321-1 af ecartis.

- -

Vi anbefaler at du opgraderer dine ecartis- og listar-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-271.data" -#use wml::debian::translation-check translation="6ff0e0e23e8e238982ba6f42dce5d7a7544e72cc" \ No newline at end of file diff --git a/danish/security/2003/dsa-272.wml b/danish/security/2003/dsa-272.wml deleted file mode 100644 index b3d06d61c72..00000000000 --- a/danish/security/2003/dsa-272.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

eEye Digital Security har opdaget et heltalsoverløb i glibc-funktionen -xdrmem_getbytes(), som også findes i dietlibc, et lille libc som er specielt -nyttigt i små og indkapslede systemer. Denne funktion er en del af -XDR-koderen/-afkoderen som er afledt af Suns RPC-implementation. Afhængigt af -programmet kan denne sårbarhed få en buffer til at løbe over og kan muligvis -udnyttes til udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.12-2.5.

- -

Den gamle stabile distribution (potato) indeholder i dietlibc-pakker.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.22-2.

- -

Vi anbefaler at du opgraderer dine dietlibc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-272.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" \ No newline at end of file diff --git a/danish/security/2003/dsa-273.wml b/danish/security/2003/dsa-273.wml deleted file mode 100644 index 51ecb57b15d..00000000000 --- a/danish/security/2003/dsa-273.wml +++ /dev/null @@ -1,25 +0,0 @@ -kryptografisk svaghed - -

En kryptografisk svaghed i version 4 af Kerberos-protokollen tillader en -angriber at anvende et "chosen-plaintext"-angreb til at give sig ud for en -principal i et "realm". Yderligere kryptografiske svagheder i -krb4-implementationen giver mulighed for klippe-klistre-angreb til fabrikation -af krb4-"tickets" til uautoriserede klient-principaler, hvis tredobbelte -DES-nøgler anvendes til at fæste ("key") krb4-tjenester. Disse angreb kan -undergrave et steds komplette infrastruktur til Keberos-autentifikation. - -

I den stabile distribution (woody) er dette problem rettet i version -1.1-8-2.3.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -1.0-2.3.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.2.2-1.

- -

Vi anbefaler at du omgående opgraderer dine krb4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-273.data" -#use wml::debian::translation-check translation="6cc2922c8710f3e7d410ee831cd52b7e7b2c7783" diff --git a/danish/security/2003/dsa-274.wml b/danish/security/2003/dsa-274.wml deleted file mode 100644 index 17eb0258fa8..00000000000 --- a/danish/security/2003/dsa-274.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

Byrial Jensen har opdaget et par forskudt med en-bufferoverløb i Mutts -IMAP-kode, et tekstbaseret postlæsningsprogram som understøtter IMAP, MIME, -GPG, PGP og tråde. Dette problem giver en fjern, ondsindet IMAP-server -mulighed for at forsage et lammelsesangreb (programmet går ned) og muligvis -udføre vilkårlig kode via en specielt fremstillet postmappe.

- -

I Den stabile distribution (woody) er dette problem rettet i version -1.3.28-2.2.

- -

Den gamle stabile distribution (potato) er også påvirket af dette problem, -og der vil komme en opdatering.

- -

I den ustabile distribution (sid) er dette problem rettet i version 1.4.0 -og derover.

- -

Vi anbefaler at du opgraderer din mutt-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-274.data" -#use wml::debian::translation-check translation="d15ea2b06e7bffc711e747e60fc8ed7f30fc2773" \ No newline at end of file diff --git a/danish/security/2003/dsa-275.wml b/danish/security/2003/dsa-275.wml deleted file mode 100644 index 82bd6c69295..00000000000 --- a/danish/security/2003/dsa-275.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

En bufferoverløb er opdaget i lpr, et BSD-spoolsystem til -lpr/lpd-linieprintere. Problemet kan udnyttes af en lokal bruger til at opnå -root-rettigheder, også selvom printer-systemet er opsat korrekt.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.72-2.1.

- -

Den gamle stabile distribution (potato) indeholder ikke lpr-ppd-pakker.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.72-3.

- -

Vi anbefaler at du omgående opgraderer dine lpr-ppd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-275.data" -#use wml::debian::translation-check translation="b2db128b1c1aedfea85014427385efa259c63bbb" \ No newline at end of file diff --git a/danish/security/2003/dsa-276.wml b/danish/security/2003/dsa-276.wml deleted file mode 100644 index 647087ce7e9..00000000000 --- a/danish/security/2003/dsa-276.wml +++ /dev/null @@ -1,31 +0,0 @@ -lokal rettighedsforøgelse - - -

Linux 2.2- og Linux 2.4-kernernes program til hentning af kernemoduler har -en fejl i ptrace. Dette hul tillader lokale brugere at opnå root-rettigheder -ved at anvende ptrace til at hæfte sig på en underproces, som startes af -kernen. Fjernudnyttelse af dette hul er ikke muligt.

- -

Denne bulletin dækker kun kernepakker til S/390-arkitekturen. Andre -arkitekturer vil blive dækket af separate bulletiner.

- -

I den stabile distribution (woody) er dette problem rettet i følgende -versions:

-
    -
  • kernel-patch-2.4.17-s390: version 0.0.20020816-0.woody.1.1
    • -
  • kernel-image-2.4.17-s390: version 2.4.17-2.woody.2.2
    • -
- -

Den gamle stabile distribution (potato) er ikke påvirket af dette problem -for denne arkitekturs vedkommende, da s390 første gang blev udgivet med -Debian GNU/Linux 3.0 (woody).

- -

I den ustabile distribution (sid) vil dette problem snart blive -rettet.

- -

Vi anbefaler at du omgående opgraderer dine kernel-images-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-276.data" -#use wml::debian::translation-check translation="8b53fd05f191cb6bc6c920a103b2f2502e22689e" \ No newline at end of file diff --git a/danish/security/2003/dsa-277.wml b/danish/security/2003/dsa-277.wml deleted file mode 100644 index 85f2a4dab3c..00000000000 --- a/danish/security/2003/dsa-277.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferløb, format-streng - -

Dæmonen til kontrol og administration, apcupsd til APC's Unbreakable -Power Supplies (UPS'er) er sårbar overfor flere bufferoverløb og -format-strengsangreb. Disse fejl kan fjernudnyttes af en angriber til at opnå -root-adgang til den maskine, som apcupsd kører på.

- -

I den stabile distribution (woody) er dette problem rettet i version -3.8.5-1.1.1.

- -

Problemet lader ikke til at findes i den gamle stabile distribution -(potato).

- -

I den ustabile distribution (sid) er dette problem rettet i version -3.8.5-1.2.

- -

Vi anbefaler at du omgående opgraderer dine apcupsd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-277.data" -#use wml::debian::translation-check translation="5061ad2f45b4126c7edc6ecd42633418598db5a6" \ No newline at end of file diff --git a/danish/security/2003/dsa-278.wml b/danish/security/2003/dsa-278.wml deleted file mode 100644 index d08ffc77e23..00000000000 --- a/danish/security/2003/dsa-278.wml +++ /dev/null @@ -1,22 +0,0 @@ -char til int-konvertering - -

Michal Zalewski har opdaget et bufferoverløb, der bliver aktiveret ved en -char til int-konvertering i adressefortolkningskoden i sendmail, et vidt -udbredt, ydedygtigt, effektivt og skalerbart program til transport af post. -Problemet kan potentielt fjernudnyttes.

- -

I den stabile distribution (woody) er dette problem rettet i version -8.12.3-6.3.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -8.9.3-26.

- -

I den ustabile distribution (sid) er dette problem rettet i version -8.12.9-1.

- -

Vi anbefaler at du opgraderer dine sendmail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-278.data" -#use wml::debian::translation-check translation="cd3d158a24eaaa1ec431d1729dcfb5a0a166bcb4" \ No newline at end of file diff --git a/danish/security/2003/dsa-279.wml b/danish/security/2003/dsa-279.wml deleted file mode 100644 index 96162e3943c..00000000000 --- a/danish/security/2003/dsa-279.wml +++ /dev/null @@ -1,25 +0,0 @@ -usikker oprettelse af midlertidig fil - -

Paul Szabo og Matt Zimmerman har opdaget to ens problemer i metrics, et -værktøj til softwaremetrik. Two skripter i denne pakke, "halstead" og -"gather_stats", åbner midlertidige filer uden de nødvendige -sikkerhedsforanstaltninger. "halstead" installeres som et brugerprogram, mens -"gather_stats" anvendes kun som et hjælpeskript vedlagt kildekoden. Disse -sårbarheder kunne give en lokal angriber mulighed for at overskrive filer, ejet -af den bruger, som kører skripterne, deriblandt root.

- -

Den stabile distribution (woody) er ikke påvirket, da den ikke længere -indeholder en metrics-pakke.

- -

I gamle stabile distribution (potato) er dette problem rettet i version -1.0-1.1.

- -

Den ustabile distribution (sid) er ikke påvirket, da den ikke længere -indeholder en metrics-pakke.

- -

Vi anbefaler at du opgraderer din metrics-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-279.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" \ No newline at end of file diff --git a/danish/security/2003/dsa-280.wml b/danish/security/2003/dsa-280.wml deleted file mode 100644 index adf1c1f99b1..00000000000 --- a/danish/security/2003/dsa-280.wml +++ /dev/null @@ -1,32 +0,0 @@ -bufferoverløb - -

Digital Defense, Inc. har gjort Samba-teamet opmærksom på en alvorlig -sårbarhed i Samba, en LanManager-lignende fil- og printerserver til Unix. -Denne sårbarhed kan føre til at en anonym bruger får root-adgang på et -system med Samba. En udnyttelse af dette problem er allerede i omløb og -i brug.

- -

Da pakkerne i potato er ganske gamle, er det muligt at de indeholder -flere sikkerhedsrelevate fejl, end vi har kendskab til. Det anbefales -derfor snart at opgraderer systemer hvor Samba kører til, til woody.

- -

Uofficielle pakke med tilbageførte rettelser fra Samba-vedligeholderne -til version 2.2.8 af Samba i woody er tilgængelige på -~peloy og -~vorlon.

- -

I den stabile distribution (woody) er dette problem rettet i version -2.2.3a-12.3.

- -

I den gamle stabile distribution (potato) er dette problem rettet i -version 2.0.7-5.1.

- -

Den ustabile distribution (sid) er ikke påvirket, da den allerede -indeholder version 3.0-pakker.

- -

Vi anbefaler at du omgående opgraderer dine Samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-280.data" -#use wml::debian::translation-check translation="534d1b782cfb92f46dc41fd064f779fffc329b12" \ No newline at end of file diff --git a/danish/security/2003/dsa-281.wml b/danish/security/2003/dsa-281.wml deleted file mode 100644 index b04fbff21c9..00000000000 --- a/danish/security/2003/dsa-281.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Knud Erik Højgaard har opdaget en sårbarhed i moxftp (henholdsvis xftp), en -Athena X-grænseflade til ftp. Utilstrækkelig grænsekontrol kunne føre til -udførelse af vilkårlig kode, tilgængelig på en ondsindet ftp-server. Erik Tews -har rettet dette.

- -

I den stabile distribution (woody) er dette problem rettet i version -2.2-18.1.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -2.2-13.1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.2-18.20.

- -

Vi anbefaler at du opgraderer din xftp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-281.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" \ No newline at end of file diff --git a/danish/security/2003/dsa-282.wml b/danish/security/2003/dsa-282.wml deleted file mode 100644 index 3968a5b08cd..00000000000 --- a/danish/security/2003/dsa-282.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

eEye Digital Security har opdaget et heltalsoverløb i funktionen -xdrmem_getbytes() som også findes i GNU libc. Denne funktion er en del af -XDR-koderen/-afkoderen (ekstern datarepræsentation) som er afledt af Suns -RPC-implementation. Afhængigt af programmet kan denne sårbarhed få en buffer -til at løbe over og kan muligvis udnyttes til udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i version -2.2.5-11.5.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -2.1.3-25.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.3.1-16.

- -

Vi anbefaler at du opgraderer dine libc6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-282.data" -#use wml::debian::translation-check translation="1b3139b9743cfe4b6a178dd59effdf413e6b575c" \ No newline at end of file diff --git a/danish/security/2003/dsa-283.wml b/danish/security/2003/dsa-283.wml deleted file mode 100644 index 225716182d2..00000000000 --- a/danish/security/2003/dsa-283.wml +++ /dev/null @@ -1,28 +0,0 @@ -usikker oprettelse af fil - -

Ethan Benson har opdaget et problem i xfsdump, som indeholder administrative -værktøjer til XFS-filsystemet. Når kvoter (quotas) er slået til i filsystemet, -bliver xfsdq kørt af xfsdump for at gemme kvoteoplysningerne i en fil i roden -af det filsystem, som dump'es. Denne fil oprettes på en usikker måde.

- -

I forbindelse med denne rettelse, er et nyt parameter, "-f path" blevet -føjet til xfsdq(8), til angivelse af en uddatafil, i stedet for at anvende en -standard-uddatastrøm. Filen oprettes af xfsdq og xfsdq kan ikke udføres, hvis -filen allerede findes. Filen oprettes også med en mere passende "mode" end -hvad umask tilfældigvis var, da xfsdump(8) blev kørt.

- -

I den stabile distribution (woody) er dette problem rettet i version -2.0.1-2.

- -

Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder xfsdump-pakker.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.2.8-1.

- -

Vi anbefaler at du omgående opgraderer din xfsdump-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-283.data" -#use wml::debian::translation-check translation="3bf429a9cb930437fd7a2cdfdbcb0ed3aad51497" \ No newline at end of file diff --git a/danish/security/2003/dsa-284.wml b/danish/security/2003/dsa-284.wml deleted file mode 100644 index 1d05fbf7603..00000000000 --- a/danish/security/2003/dsa-284.wml +++ /dev/null @@ -1,31 +0,0 @@ -usikker udførelse - -

KDE-teamet har \ -opdaget en sårbarhed ved den måde, KDE anvender Ghostscript-programmet til -behandling af PostScript- (PS) og PDF-filer. En angriber kan via e-email eller -websteder levere en ondsindet PostScript- eller PDF-fil, hvilket kan føre til -udførelse af vilkårlige kommandoer med rettighederne hørende til den bruger, -der kigger på filen, eller når en browser genererer en liste over en mappes -indhold sammen med "thumbnails".

- -

I den stabile distribution (woody) er dette problem rettet i version -2.2.2-6.11 af kdegraphics og tilknyttede pakker.

- -

Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder KDE.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

I den uofficielle tilbageførelse af KDE 3.1.1 til woody af Ralf Nolden på -download.kde.org, er dette problem rettet i version 3.1.1-0woody2 af -kdegraphics. Ved hjælp af den sædvanlige tilbageførelseslinie til apt-get, vil -man modtage opdateringen:

- -

deb http://download.kde.org/stable/latest/Debian stable main

- -

Vi anbefaler at du opgraderer dine kdegraphics- og tilknyttede pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-284.data" -#use wml::debian::translation-check translation="7e86d6363ab8bf9d0860d9787d7d2a9bcd814133" \ No newline at end of file diff --git a/danish/security/2003/dsa-285.wml b/danish/security/2003/dsa-285.wml deleted file mode 100644 index f5084677690..00000000000 --- a/danish/security/2003/dsa-285.wml +++ /dev/null @@ -1,24 +0,0 @@ -usikker midlertidig fil - -

Karol Lewandowski har opdaget at psbanner, et printerfilter som laver -bannere i PostScript-format og er en del af LPRng, opretter en midlertidig -fil på en usikker måde til aflusningsformål, når den er opsat som filter. -Programmet kontrollerer ikke hvorvidt denne fil allerede findes eller et -peget hen et andet sted, men skriver sit aktuelle miljø og de parametre det -blev kaldt med, betingelsesløst til en fil med brugerid'en daemon.

- -

I den stabile distribution (woody) er dette problem rettet i version -3.8.10-1.2.

- -

Den gamle stabile distribution (potato) er ikke påvirket af dette -problem.

- -

I den ustabile distribution (sid) er dette problem rettet i version -3.8.20-4.

- -

Vi anbefaler at du opgraderer din lprng-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-285.data" -#use wml::debian::translation-check translation="040ee804b0e488792c58ab41d5154b95c44aecc0" \ No newline at end of file diff --git a/danish/security/2003/dsa-286.wml b/danish/security/2003/dsa-286.wml deleted file mode 100644 index 4ace0f4ae60..00000000000 --- a/danish/security/2003/dsa-286.wml +++ /dev/null @@ -1,24 +0,0 @@ -usikker midlertidig fil - -

Paul Szabo har opdaget en usikker oprettelse af en midlertidig fil i -ps2epsi, et skript der distribueres som en del af gs-common, der indeholder -filer der er fælles for forskellige Ghostscript-udgaver. ps2epsi anvender en -midlertidig fil ved start af ghostscript. Filen bliver oprettet på en usikker -måde, hvilket kunne give en lokal angriber mulighed for at overskrive filer -ejet af brugeren, der kører ps2epsi.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.3.3.0woody1.

- -

Den gamle stabile distribution (potato) er ikke påvirket af dette -problem.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.3.3.1.

- -

Vi anbefaler at du opgraderer din gs-common-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-286.data" -#use wml::debian::translation-check translation="3210e9e77317058b1db073810a63eb17c61799c9" \ No newline at end of file diff --git a/danish/security/2003/dsa-287.wml b/danish/security/2003/dsa-287.wml deleted file mode 100644 index d23c23d80bf..00000000000 --- a/danish/security/2003/dsa-287.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

Timo Sirainen har opdaget flere problemer i EPIC, en populær klient til -Internet Relay Chat (IRC). En ondsindet server kan lave særlige svarstrenge, -der kan få klienten til at skrive ud over buffergrænser. Dette kan føre til et -lammelsesangreb hvis klienten kun går ned, men kan også føre til udførelse af -vilkårlig kode under den brugerid, som den chattende bruger har.

- -

I den stabile distribution (woody) er disse problemer rettet i version -3.004-17.1.

- -

I den gamle stabile distribution (potato) er disse problemer rettet i -version 3.004-16.1.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -3.004-19.

- -

Vi anbefaler at du opgraderer din EPIC-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-287.data" -#use wml::debian::translation-check translation="7dc01c25991c05059e76e3af78071ccb908f828f" \ No newline at end of file diff --git a/danish/security/2003/dsa-288.wml b/danish/security/2003/dsa-288.wml deleted file mode 100644 index 0c0fba90d98..00000000000 --- a/danish/security/2003/dsa-288.wml +++ /dev/null @@ -1,57 +0,0 @@ -flere sårbarheder - -

Man har fundet to fejl i OpenSSL, et Secure Socket Layer (SSL)-bibliotek og -relaterede værktøjer til krypografi. Programmer som er lænket mod dette -bibliotek, er generelt sårbare overfor angreb, hvilket kan føre til en lækage -af en servers private nøgle eller ellers gøre det muligt at dekryptere den -krypterede session. Projektet Common Vulnerabilities and Exposures (CVE) har -fundet fremt til følgende sårbarheder:

- -
-
CAN-2003-0147
- -
- OpenSSL anvender ikke "RSA blinding" som standard, hvilket gør det muligt - for lokale og fjerne angribere at få fat i serverens private nøgle.
- -
CAN-2003-0131
- -
- SSL giver fjernangribere mulighed for at udføre en uautoriseret RSA-privat - nøgle-operation, der får OpenSSL til at lække oplysninger om forholdet - mellem ciphertext og tilhørende plaintext.
-
- -

I den stabile distribution (woody) er disse problemer rettet i version -0.9.6c-2.woody.3.

- -

I den gamle stabile distribution (potato) er disse problemer rettt i -version 0.9.6c-0.potato.6.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -version 0.9.7b-1 af openssl og version 0.9.6j-1 af openssl096.

- -

Vi anbefaler at du omgående opgraderer dine openssl-pakker og genstarter -programmer, som anvender OpenSSL.

- -

Desværre er "RSA blinding" ikke thread-safe og vil få programmer, der -anvender tråde (threads) og OpenSSL, såsom stunnel, til at gå ned. Men da den -foreslåede rettelse vil ændre den binære grænseflade (ABI), vil programmer der -er lænket dynamisk mod OpenSSL, ikke køre mere. Dette er et dilemma vi ikke -kan løse.

- -

Du er nødt til at beslutte hvorvidt du ønsker sikkerhedsopdateringen, som -ikke er "thread-safe" og genoversætte alle programmer, der lader til ikke at -fungere efter opgraderingen, eller hente de ekstra kildekodepakker nævnt i -slutningen af dette bulletin, genoversætte dem og anvende et "thread-safe" -OpenSSL-bibliotek igen, men også genoversætte alle programmer der anvender det -(såsom apache-ssl, mod_ssl, ssh osv.).

- -

Da kun meget få pakker anvender tråde og er lænket mod OpenSSL-biblioteket, -vil de fleste brugere dog uden problemer kunne anvende pakkerne fra denne -opdatering.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-288.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" \ No newline at end of file diff --git a/danish/security/2003/dsa-289.wml b/danish/security/2003/dsa-289.wml deleted file mode 100644 index 2da5fe017de..00000000000 --- a/danish/security/2003/dsa-289.wml +++ /dev/null @@ -1,23 +0,0 @@ -ukorrekt ændring hukommelsesstørrelse - -

Sam Hocevar har opdaget et sikkerhedsproblem i rinetd, en server til -omdirigering af IP-forbindelser. Når forbindelseslisten er fyldt op, ændrer -rinetd størrelsen på listen, for at få plads til nye indkommende forbindelser. -Men dette gøres på en forkert måde, hvilket resulterer i et lammelsesangreb og -udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.61-1.1.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -0.52-2.1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.61-2

- -

Vi anbefaler at du opgraderer din rinetd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-289.data" -#use wml::debian::translation-check translation="8bf3531048a034670269cb787d10b871b1a16925" \ No newline at end of file diff --git a/danish/security/2003/dsa-290.wml b/danish/security/2003/dsa-290.wml deleted file mode 100644 index cbf0c12bae9..00000000000 --- a/danish/security/2003/dsa-290.wml +++ /dev/null @@ -1,22 +0,0 @@ -tegn til heltal-konvertering - -

Michal Zalewski har opdaget et bufferoverløb, sat i gang af en tegn til -heltal-konvertering, i adressetolkningskoden i sendmail, et vidt udbredt, -ydedygtigt, effektivt og skalerbart program til posttransport. Dette problem -kan potentielt udnyttes af en fjernangriber.

- -

I den stabile distribution (woody) er dette problem rettet i version -8.12.3+3.5Wbeta-5.4

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -8.9.3+3.2W-25

- -

I den ustabile distribution (sid) er dette problem rettet i version -8.12.9+3.5Wbeta-1

- -

Vi anbefaler at du opgraderer dine sendmail-wide-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-290.data" -#use wml::debian::translation-check translation="b0729cb4d784cb3f2895f682b67be6e030f369fa" \ No newline at end of file diff --git a/danish/security/2003/dsa-291.wml b/danish/security/2003/dsa-291.wml deleted file mode 100644 index bbb146e747b..00000000000 --- a/danish/security/2003/dsa-291.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb - -

Timo Sirainen har opdaget flere problemer i ircII, en populær klient til -Internet Relay Chat (IRC). På en ondsindet server kunne der laves særlige -svarstrenge, der kunne få klienten til at skrive ud over buffergrænser. -Dette kunne føre til et lammelsesangreb, hvis klienten kun gik ned, men kunne -også føre til udførelse af vilkårlig kode under den chattende brugers -brugerid.

- -

I den stabile distribution (woody) er disse problemer rettet i version -20020322-1.1.

- -

I den gamle stabile distribution (potato) er disse problemer rettet i -version 4.4M-1.1.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -20030315-1.

- -

Vi anbefaler at du opgraderer din ircII-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-291.data" -#use wml::debian::translation-check translation="1f763393216585898233c8de696f37a6e630184e" \ No newline at end of file diff --git a/danish/security/2003/dsa-292.wml b/danish/security/2003/dsa-292.wml deleted file mode 100644 index 2fa8e6cb9f3..00000000000 --- a/danish/security/2003/dsa-292.wml +++ /dev/null @@ -1,29 +0,0 @@ -usikker oprettelse af midlertidig fil - -

Colin Phipps har opdaget flere problemer i mime-support, der indeholder -hjælpeprogrammer til MIME-kontrolfilerne 'mime.types' og 'mailcap'. -Når en midlertidig fil skal anvendes, oprettes den usikker, hvilket giver en -angriber mulighed for vilkårlige overskrivelser under brugerid'en hørende til -den person, der udfører executing run-mailcap.

- -

Når run-mailcap udføres på en fil med et potentielt problematisk filnavn, -oprettes en midlertidig fil (ikke længere usikkert), slettet igen og en -symbolsk lænke til dette filnavn oprettes. En angriber kunne genoprette filen -før før den symbolske lænke oprettes og dermed tvinge det visningsprogrammet -til at vise et andet indhold.

- -

I den stabile distribution (woody) er disse problemer rettet i version -3.18-1.3.

- -

I den gamle stabile distribution (potato) er disse problemer rettet i -version 3.9-1.3.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -3.23-1.

- -

Vi anbefaler at du opgraderer dine mime-support-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-292.data" -#use wml::debian::translation-check translation="bf6349d88e9ffdb09f5e2cc0ae6bda3da7685920" \ No newline at end of file diff --git a/danish/security/2003/dsa-293.wml b/danish/security/2003/dsa-293.wml deleted file mode 100644 index 74eda73a561..00000000000 --- a/danish/security/2003/dsa-293.wml +++ /dev/null @@ -1,30 +0,0 @@ -usikker udførelse - -

KDE-teamet har opdaget en sårbarhed ved den måde, KDE anvender -Ghostscript-programmet til behandling af PostScript- (PS) og PDF-filer. -En angriber kan via e-email eller websteder levere en ondsindet PostScript- -eller PDF-fil, hvilket kan føre til udførelse af vilkårlige kommandoer med -rettighederne hørende til den bruger, der kigger på filen, eller når en -browser genererer en liste over en mappes indhold sammen med "thumbnails".

- -

I den stabile distribution (woody) er dette problem rettet i version -2.2.2-13.woody.7 af kdelibs og tilknyttede pakker.

- -

Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder KDE.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

I den uofficielle tilbageførelse af KDE 3.1.1 til woody af Ralf Nolden på -download.kde.org, er dette problem rettet i version 3.1.1-0woody3 af -kdelibs. Ved hjælp af den sædvanlige tilbageførelseslinie til apt-get, vil -man modtage opdateringen:

- -

deb http://download.kde.org/stable/latest/Debian stable main

- -

Vi anbefaler at du opgraderer dine kdelibs- og tilknyttede pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-293.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" \ No newline at end of file diff --git a/danish/security/2003/dsa-294.wml b/danish/security/2003/dsa-294.wml deleted file mode 100644 index 905830a8256..00000000000 --- a/danish/security/2003/dsa-294.wml +++ /dev/null @@ -1,37 +0,0 @@ -manglende citationstegn, ufuldstændig fortolker - -

Brian Campbell har opdaget to sikkerhedsrelaterede problemer i -gkrellm-newsticker, et indstik (plugin) til systemovervågelsesprogrammet -gkrellm, der leverer en "news ticker" fra RDF-kilder. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
-
CAN-2003-0205
-
- En brugervalgt webbrowser kan åbnes på URI, som leveres af nyhedskilden, når - der klikkes på linket. Dog er særlige shell-tegn ikke indkapslet korrekt, - hvilket gør det muligt for en ondsindet kilde, at udføre vilkårlige - shell-kommandoer på klient-maskinen.
- -
CAN-2003-0206
-
- Programmet får hele gkrellm-systemet til at gå ned, ved kilder hvor link- - eller titel-elementer ikke helt er på en linie. En ondsindet server kunne - derfor igangsætte et lammelsesangreb.
- -
- -

I den stabile distribution (woody) er disse problemer rettet i version -version 0.3-3.1.

- -

Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder gkrellm-newsticker-pakker.

- -

I den ustabile distribution (sid) er disse problemer endnu ikke rettet.

- -

Vi anbefaler at du opgraderer din gkrellm-newsticker-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-294.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" \ No newline at end of file diff --git a/danish/security/2003/dsa-295.wml b/danish/security/2003/dsa-295.wml deleted file mode 100644 index 3ab535649dc..00000000000 --- a/danish/security/2003/dsa-295.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb - -

Timo Sirainen har opdaget en sårbarhed i pptpd, en "Point to Point -Tunneling Server", som implementerer PPTP-over-IPSEC og normalt anvendes -til at oprette virtuelle private netværk (VPN). Ved angivelse af en lille -pakkelængde, kunne en angriber få en buffer til at løbe over og udføre kode -under den brugerid, som kører pptpd, formentlig root. En udnyttelse af dette -problem er allerede i omløb.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.1.2-1.4.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -1.0.0-4.2.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.1.4-0.b3.2.

- -

Vi anbefaler at du omgående opgraderer din pptpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-295.data" -#use wml::debian::translation-check translation="30e8a2406c7ccd2f93124749a3d2fe34efd482c4" \ No newline at end of file diff --git a/danish/security/2003/dsa-296.wml b/danish/security/2003/dsa-296.wml deleted file mode 100644 index a9fdd99b14e..00000000000 --- a/danish/security/2003/dsa-296.wml +++ /dev/null @@ -1,30 +0,0 @@ -usikker udførelse - -

KDE-teamet har opdaget en sårbarhed ved den måde, KDE anvender -Ghostscript-programmet til behandling af PostScript- (PS) og PDF-filer. -En angriber kan via e-email eller websteder levere en ondsindet PostScript- -eller PDF-fil, hvilket kan føre til udførelse af vilkårlige kommandoer med -rettighederne hørende til den bruger, der kigger på filen, eller når en -browser genererer en liste over en mappes indhold sammen med "thumbnails".

- -

I den stabile distribution (woody) er dette problem i version 2.2.2-14.4 af -kdebase og tilknyttede pakker.

- -

Den gamle stabile distribution (potato) er ikke påvirket, da den ikke -indeholder KDE.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

I den uofficielle tilbageførelse af KDE 3.1.1 til woody af Ralf Nolden på -download.kde.org, er dette problem rettet i version 3.1.1-0woody3 af -kdelibs. Ved hjælp af den sædvanlige tilbageførelseslinie til apt-get, vil -man modtage opdateringen:

- -

deb http://download.kde.org/stable/latest/Debian stable main

- -

Vi anbefaler at du opgraderer kdebase og tilknyttede pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-296.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" \ No newline at end of file diff --git a/danish/security/2003/dsa-297.wml b/danish/security/2003/dsa-297.wml deleted file mode 100644 index ac11c093a20..00000000000 --- a/danish/security/2003/dsa-297.wml +++ /dev/null @@ -1,57 +0,0 @@ -heltalsoverløb, bufferoverløb - -

To sårbarheder er opdaget i Snort, et populært system til opdagelse af -netværksindtrængen. Der følger moduler og indstik (plugins) med Snort, som -kan udføre forskellige funktioner såsom protokolanalyse. Man har fundet frem -til følgende problemer:

- -
-
Stakoverløb i Snorts "stream4" præ-processor
- (VU#139129, CAN-2003-0209, Bugtraq Id 7178)
- -
Forskere hos CORE Security Technologies har opdaget et heltalsoverløb der - kan fjernudnyttes og som resulterer i overskrivelse af stakken i - præprocessormodulet "stream4" preprocessor module. Dette modul gør det - muligt for Snort at genopbygge TCP-pakkefragmenter til nærmere analyse. - En angriber kunne indsætte vilkårlig kode, der kunne udføres som brugeren, - der kørte Snort, formentlig root.
- -
Bufferoverløb i Snorts RPC-præprocessor
- (VU#916785, CAN-2003-0033, Bugtraq Id 6963)
- -
Forskere hos Internet Security Systems X-Force har opdaget et bufferoverløb - i Snorts RPC-præprocessor, som kan fjernudnyttes. Snort kontrollerer - ukorrekt længden af, hvad der normaliseres mod den aktuelle pakkestørrelse. - En angriber kunne udnytte dette til at udføre vilkårlig kode med rettighederne - hørende til Snort-processen, formentlig root.
-
- -

I den stabile distribution (woody) er disse problemer rettet i version -1.8.4beta1-3.1.

- -

Den gamle stabile distribution (potato) er ikke påvirket af disse problemer, -da den ikke indeholder den problematiske kode.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -2.0.0-1.

- -

Vi anbefaler at du omgående opgraderer din snort-pakke.

- -

Det anbefales at opgradere til den seneste version af Snort, da Snort, som -ethvert system til opdagelse af indtrængen, er mere eller mindre ubrugelig, -hvis den er baseret på gamle og forældede oplysninger, og ikke er føres ajour. -Sådanne installationer vil ikke kunne opdage indtrængen ved hjælp af moderne -metoder. Den aktuelle version af Snort er 2.0.0, mens versionen i den stabile -distribution (1.8) er ganske gammel og versionen i den gamle stabile -distribution er håbløst forældet.

- -

Da Debian ikke opdaterer vilkårlige pakker i stabile udgaver, vil ikke engang -Snort blive opdateret i andre sammenhænge, end i forbindelse med rettelse af -sikkerhedsproblemer, anbefales det, at du opgraderer til den seneste version -fra en trediepartskilde.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-297.data" -#use wml::debian::translation-check translation="ee2eab7b1c4468c21b3b4631a10b0257b3221ca9" diff --git a/danish/security/2003/dsa-298.wml b/danish/security/2003/dsa-298.wml deleted file mode 100644 index b22e29ddfc5..00000000000 --- a/danish/security/2003/dsa-298.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb - -

Timo Sirainen har opdaget flere problemer i EPIC4, en populær klient til -Internet Relay Chat (IRC). På en ondsindet server kunne der laves særlige -svarstrenge, der kunne få klienten til at skrive ud over buffergrænser. -Dette kunne føre til et lammelsesangreb, hvis klienten kun gik ned, men kunne -også føre til udførelse af vilkårlig kode under den chattende brugers -brugerid.

- -

I den stabile distribution (woody) er disse problemer rettet i version -1.1.2.20020219-2.1.

- -

I den gamle stabile distribution (potato) er disse problemer rettet i version -pre2.508-2.3.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -1.1.11.20030409-1.

- -

Vi anbefaler at du opgraderer din EPIC4-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-298.data" -#use wml::debian::translation-check translation="8a25c7efee2b657b84dc9c3ec1aa453334eee62d" \ No newline at end of file diff --git a/danish/security/2003/dsa-299.wml b/danish/security/2003/dsa-299.wml deleted file mode 100644 index 4096d4a157f..00000000000 --- a/danish/security/2003/dsa-299.wml +++ /dev/null @@ -1,21 +0,0 @@ -ukorrekt setuid-root-udførelse - -

Maurice Massar har opdaget, at på grund af en pakningsfejl, blev programmet -/usr/bin/KATAXWR ukorrekt installeret setuid root. Programmet er ikke designet -til at køre setuid og indeholdt adskillige sårbarheder, der kunne udnyttes til -at opnå root-rettigheder.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.2-3.1.

- -

Den gamle stabile distribution (potato) indeholder ikke en leksbot-pakke.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.2-5.

- -

Vi anbefaler at du opgraderer din leksbot-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-299.data" -#use wml::debian::translation-check translation="5147acfa910f8396a8784cc2d30a52496d138019" \ No newline at end of file diff --git a/danish/security/2003/dsa-300.wml b/danish/security/2003/dsa-300.wml deleted file mode 100644 index 8c47797d10c..00000000000 --- a/danish/security/2003/dsa-300.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

Byrial Jensen har opdaget et par forskudt med en-bufferoverløb i Mutts -IMAP-kode, et tekstbaseret postlæsningsprogram som understøtter IMAP, MIME, -GPG, PGP og tråde. Denne kode importeres i Balsa-pakken. Dette problem giver -en fjern, ondsindet IMAP-server mulighed for at forsage et lammelsesangreb -(programmet går ned) og muligvis udføre vilkårlig kode via en specielt -fremstillet postmappe.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.2.4-2.2.

- -

Den gamle stabile distribution (potato) lader ikke til at være påvirket af -dette problem.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din balsa-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-300.data" -#use wml::debian::translation-check translation="59be485ff95de3c2d07ba9a090535555f4ed2d8c" \ No newline at end of file diff --git a/danish/security/2003/dsa-301.wml b/danish/security/2003/dsa-301.wml deleted file mode 100644 index f700ba0c2e0..00000000000 --- a/danish/security/2003/dsa-301.wml +++ /dev/null @@ -1,25 +0,0 @@ -bufferoverløb - -

gtop-dæmonen, der anvendes til overvågning af fjerne maskiner, indeholder et -bufferoverløb, hvilket kunne udnyttes af en angriber til at udføre vilkårlig -kode med dæmon-processens rettigheder. Hvis dæmon-processen startes som root, -smide den root-rettighederne væk, og forventer uid og gid 99 som standard.

- -

Denne fejl blev tidligere rettet i DSA-098, -men en af rettelserne blev ikke overført til senere versioner af libgtop.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.0.13-3.1.

- -

I den gamle stabile distribution (potato) blev dette problem rettet i -DSA-098.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.0.13-4.

- -

Vi anbefaler at du opgraderer din libgtop-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-301.data" -#use wml::debian::translation-check translation="d5b337a8be5bf366b0b05b18b72648f1bbb0e6ff" \ No newline at end of file diff --git a/danish/security/2003/dsa-302.wml b/danish/security/2003/dsa-302.wml deleted file mode 100644 index ed3f4eb5af4..00000000000 --- a/danish/security/2003/dsa-302.wml +++ /dev/null @@ -1,21 +0,0 @@ -rettighedsforøgelse - -

Joey Hess har opdaget at fuzz, et værktøj til strestestning af programmel, -opretter midlertidige filer uden at fortage passende sikkerhedsforanstaltninger. -Denne fejl kunne give en angriber mulighed for at få rettighederne hørende til -den bruger, som udfører fuzz, bortset fra root (fuzz tillader ikke sig selv at -blive udført som root).

- -

I den stabile distribution (woody) er dette problem rettet i version -0.6-6woody1.

- -

Den gamle stabile distribution (potato) indeholder ikke en fuzz-pakke.

- -

I den ustabile distribution (sid) vil dette blive snart blive rettet.

- -

Vi anbefaler at du opgraderer din fuzz-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-302.data" -#use wml::debian::translation-check translation="ee567afb1b94624f13e9e74a2f2396eae4093a54" \ No newline at end of file diff --git a/danish/security/2003/dsa-303.wml b/danish/security/2003/dsa-303.wml deleted file mode 100644 index 4ef0aff1a26..00000000000 --- a/danish/security/2003/dsa-303.wml +++ /dev/null @@ -1,28 +0,0 @@ -rettighedsforøgelse - -

CAN-2003-0073: Pakken mysql indeholder en fejl, hvor dynamisk allokeret -hukommelse frigives mere end en gang, hvilket kunne iværksættes med vilje af -en angriber og dermed få systemet til at gå ned, medførende at lammelsesangreb. -For at udnytte denne sårbarhed, er en gyldig kombination af brugernavn og -adgangskode krævet, for at få adgang til MySQL-serveren.

- -

CAN-2003-0150: Pakken mysql indeholder en fejl, hvor en ondsindet bruger, -der har visse rettigheder i mysql, kunne oprette en opsætningsfil, hvilket -kunne få mysql-serveren til at køre som root, eller enhver anden bruger, i -stedet for mysql-brugeren.

- -

I den stabile distribution (woody) er begge problemer rettet i version -3.23.49-8.4.

- -

Den gamle stabile distribution (potato) er kun påvirket af CAN-2003-0150 og -dette er rettet i version 3.22.32-6.4.

- -

I den ustabile distribution (sid), er CAN-2003-0073 rettet i version -4.0.12-2 og CAN-2003-0150 vil snart blive rettet.

- -

Vi anbefaler at du opdaterer din mysql-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-303.data" -#use wml::debian::translation-check translation="231957aa99583e56176b504db5ff6a5ddc7502ec" \ No newline at end of file diff --git a/danish/security/2003/dsa-304.wml b/danish/security/2003/dsa-304.wml deleted file mode 100644 index b2b0070e9ad..00000000000 --- a/danish/security/2003/dsa-304.wml +++ /dev/null @@ -1,24 +0,0 @@ -rettighedsforøgelse - -

Leonard Stiles har opdaget, at lv, et flersproget program til visning af -filer, indlæser indstillingerne fra en opsætningsfil i den aktuelle mappe. -Fordi en sådan fil kunne være placeret der, af en ondsindet bruger og lv's -opsætningsindstillinger kan anvendes til at udføre kommandoer, var dette et -sikkerhedsproblem. En angriber kunne få rettighederne hørende til den bruger, -der startede lv, deriblandt root.

- -

I den stabile distribution (woody) er dette problem rettet i version -4.49.4-7woody2.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -4.49.3-4potato2.

- -

I den ustabile distribution (sid) er dette problem rettet i version -4.49.5-2.

- -

Vi anbefaler at du opdaterer din lv-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-304.data" -#use wml::debian::translation-check translation="231957aa99583e56176b504db5ff6a5ddc7502ec" \ No newline at end of file diff --git a/danish/security/2003/dsa-305.wml b/danish/security/2003/dsa-305.wml deleted file mode 100644 index 5f9ed988bd3..00000000000 --- a/danish/security/2003/dsa-305.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikre midlertidige filer - -

Paul Szabo har opdaget fejl skripterne, der følger med pakken sendmail, hvor -midlertidige filer blev oprettet på en usikker måde (expn, checksendmail og -doublebounce.pl). Disse fejl gav en angriber de rettigheder, som hører til -brugeren, der udfører skriptet (deriblandt root).

- -

I den stabile distribution (woody) er disse problemer rettet i version -8.12.3-6.4.

- -

I den gamle stabile distribution (potato) er disse problemer rettet i -version 8.9.3-26.1.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -8.12.9-2.

- -

Vi anbefaler at du opdaterer din sendmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-305.data" -#use wml::debian::translation-check translation="231957aa99583e56176b504db5ff6a5ddc7502ec" \ No newline at end of file diff --git a/danish/security/2003/dsa-306.wml b/danish/security/2003/dsa-306.wml deleted file mode 100644 index ae591d128f6..00000000000 --- a/danish/security/2003/dsa-306.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb, heltalsoverløb - -

Timo Sirainen har opdaget flere problemer i BitchX, en populær klient til -Internet Relay Chat (IRC). På en ondsindet server kunne der fremstilles -særlige svarstrenge, der kunne få klienten til at skrive ud over buffergrænser -eller allokere en negativ mængde hukommelse. Dette kunne føre til et -lammelsesangreb, hvis klienten kun gik ned, men kunne også føre til udførelse -af vilkårlig kode under den chattende brugers brugerid.

- -

I den stabile distribution (woody) er disse problemer rettet i version -1.0-0c19-1.1.

- -

I den gamle stabile distribution (potato) er disse problemer rettet i -version 1.0-0c16-2.1.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -1.0-0c19-8.

- -

Vi anbefaler at du opgraderer din BitchX-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-306.data" -#use wml::debian::translation-check translation="40d80b49542f29ec5e0dfac464e362069a94d837" \ No newline at end of file diff --git a/danish/security/2003/dsa-307.wml b/danish/security/2003/dsa-307.wml deleted file mode 100644 index 112d19963b4..00000000000 --- a/danish/security/2003/dsa-307.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

gPS er et grafisk program til overvågning af systemprocesser. I version -1.1.0 af gps-pakken, er der rettet flere sikkerhedssårbarheder, som beskrevet i -ændringsloggen:

- -
    -
  • Fejlrettelse i reglen til rgpsp-kildeforbindelsesaccept (den tillod enhver - vært at tilslutte sig, selv når filen /etc/rgpsp.conf sagde noget andet). - Det fungerer nu, men i et rigtigt ("produktions-") netværk, anbefaler jeg - at man anvender IP-filtrering til overholdelse af reglen (såsom ipchains - eller iptables).
    • -
  • Flere muligheder for bufferoverløb er blevet rettet. Tak til Stanislav - Ievlev fra ALT-Linux, for at gøre opmærksom på mange af dem.
    • -
  • Rettet fejlformattering af kommandolinieparametre i rgpsp-protokollen - (kommandolinieparametre med linieskift, kunne ødelægge protokollen).
    • -
  • Rettet bufferoverløbsfejl, da fik rgpsp til at SIGSEGV'e, når en processer - med store kommandolinier (mere end 128 tegn) blev startet (kun under Linux).
    • -
- - -

Alle disse problemer påvirker Debians gps-pakke med version 0.9.4-1 i -Debian-woody. Debian-potato indeholder også en gps-pakke (version 0.4.1-2), -men den er ikke påvirket af problemerne, den den relevante funktionalitet ikke -er implementeret i den version.

- -

I den stabile distribution (woody) er disse problemer rettet i version -0.9.4-1woody1.

- -

Den gamle stabile distribution (potato) er ikke påvirket af disse -problemer.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -1.1.0-1.

- -

Vi anbefaler at du opdaterer din gps-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-307.data" -#use wml::debian::translation-check translation="43951ab8a6b959d285b04871474f2a9b13309751" \ No newline at end of file diff --git a/danish/security/2003/dsa-308.wml b/danish/security/2003/dsa-308.wml deleted file mode 100644 index 41fd7392448..00000000000 --- a/danish/security/2003/dsa-308.wml +++ /dev/null @@ -1,24 +0,0 @@ -usikre midlertidige filer - -

Paul Szabo har opdaget at znew, et skript der ligger i gzip-pakken, opretter -sine midlertidiger filer uden at tage de nødvendige forholdsregler, til at -forhindre et symlink-angreb (CAN-2003-0367).

- -

Skriptet gzexe har en lignende sårbarhed, der blev rettet i en tidligere -udgave, men ved fejl blev tilbageført til sit oprindelige udseende.

- -

I den stabile distribution (woody) er begge problemer rettet i version -1.3.2-3woody1.

- -

I den gamle stabile distribution (potato) er CAN-2003-0367 rettet i version -1.2.4-33.2. Denne version er ikke sårbar overfor CVE-1999-1332 på grund af en -tidligere rettelse.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer dine gzip-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-308.data" -#use wml::debian::translation-check translation="bb3388d16ecf54be25b0d6de6b5c2df24e6db2e0" \ No newline at end of file diff --git a/danish/security/2003/dsa-309.wml b/danish/security/2003/dsa-309.wml deleted file mode 100644 index 8e7dae4d5bb..00000000000 --- a/danish/security/2003/dsa-309.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

"bazarr" har opdaget at eterm er sårbar overfor et bufferoverløb i -miljøvariablen ETERMPATH. Denne fejl kan udnyttes til at opnå rettighederne -hørende til gruppen "utmp" på et system hvor eterm er installleret.

- -

I den stabile distribution (woody), er dette problem rettet i version -0.9.2-0pre2002042903.1.

- -

Den gamle stabile distribution (potato) er ikke påvirket af denne fejl.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din eterm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-309.data" -#use wml::debian::translation-check translation="ba72da99ddb0f2308d2c8938e79b4285d388d1e6" \ No newline at end of file diff --git a/danish/security/2003/dsa-310.wml b/danish/security/2003/dsa-310.wml deleted file mode 100644 index d9647590e9e..00000000000 --- a/danish/security/2003/dsa-310.wml +++ /dev/null @@ -1,29 +0,0 @@ -ukorrekt setuid-root-udførelse - -

XaoS, et program til visning af fraktale billeder, installeres setuid-root -på visse arkitekturer for at kunne anvende svgalib, der kræver adgang til -grafikhardware. Dog er det ikke designet til sikker setuid-udførelse og kan -udnyttes til at opnå root-rettigheder.

- -

I disse opdaterede pakker er setuid-bitten fjernet fra den binære xaos-fil. -Brugere, der kræver funktionaliteten fra svgalib, bør kun give disse -rettigheder til en betroet gruppe.

- -

Denne sårbarhed kan udnyttes i version 3.0-18 (potato) på i386- og -alpha-arkitekturerne, og i version 3.0-23 (woody) kun på i386-arkitekturen.

- -

I den stabile distribution (woody) er dette problem rettet i version -3.0-23woody1.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -3.0-18potato1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -3.1r-4.

- -

Vi anbefaler at du opdaterer din xaos-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-310.data" -#use wml::debian::translation-check translation="fd613688ef24df0ee5d84a77bc6a77a3638482bc" \ No newline at end of file diff --git a/danish/security/2003/dsa-311.wml b/danish/security/2003/dsa-311.wml deleted file mode 100644 index e473e8f41be..00000000000 --- a/danish/security/2003/dsa-311.wml +++ /dev/null @@ -1,81 +0,0 @@ -flere sårbarheder - -

En række sårbarheder er opdaget i Linux-kernen.

- -

CVE-2002-0429: iBCS-rutinerne i arch/i386/kernel/traps.c til Linux-kerne -2.4.18 og tidligere på x86-systemer tillader lokale brugere at dræbe vilkårlige -processer via en grænseflade til binære kompatibilitet (lcall).

- -

CAN-2003-0001: Flere ethernet-netværkskorts (NIC) styreprogrammer udfylder -ikke rammer med null-bytes, hvilket gør det muligt for fjern angribere at -indhente oplysninger fra tidligere pakker eller kernehukommelse ved hjælp af -misdannede pakker.

- -

CAN-2003-0127: Kernens program til indlæsning af moduler gør det muligt for -lokale brugere at opnå root-rettigheder ved at få ptrace til at hængte sig på -en underproces som er startet af kernen.

- -

CAN-2003-0244: Implementationen af route-mellemlager i Linux 2.4 og -Netfilter IP conntrack-modult gør det muligt for fjernangribere at igangsætte -et lammelsesangreb (forbrug af CPU-ressourcer) ved hjælp af pakker med -forfalskede kildeadresser, som medfører et stort antal hash-table-kollisioner i -forbindelse med PREROUTING-kæden.

- -

CAN-2003-0246: Systemkaldet ioperm i Linux-kerne 2.4.20 og tidligere -begrænser ikke korrekt rettigheder, hvilket gør det muligt for lokale brugere -at opnå læse- og skriveadgang til visse I/O-porte.

- -

CAN-2003-0247: Sårbarhed i TTY-laget i Linux-kerne 2.4 gør det muligt for -angribere at igangsætte et lammelsesangreb ("kernel oops").

- -

CAN-2003-0248: mxcsr-koden i Linux-kerne 2.4 gør det muligt for angribere at -ændre på CPU-state-registrene ved hjælp af en misdannet adresse.

- -

CAN-2003-0364: Håndteringen af TCP/IP-fragmentsamling i Linux-kerne 2.4 gør -det muligt for fjernangribere at igangsætte et lammelsesangreb (forbrug af -CPU-ressourcer) ved hjælp af visse pakker, der forsager et stort antal -hash-tabel-kollisioner.

- -

Denne bulletin dækker kun i386-arkitekturen (Intel IA32). Andre arkitekturer -vil blive dækket i separate bulletiner.

- -

I den stabile distribution (woody) på i386-arkitekturen er disse problemer -rettet i kernel-source-2.4.18 version 2.4.18-9, kernel-image-2.4.18-1-i386 -version 2.4.18-8 og kernel-image-2.4.18-i386bf version 2.4.18-5woody1.

- -

I den ustabile distribution (sid) er disse problemer rettet i kerne -2.4.20-serien baseret på Debian-kildekode.

- -

Vi anbefaler at du opdaterer dine kerne-pakker.

- -

Hvis du anvender kernen, som installeres af installationssystemet med valg -af "bf24" (for en 2.4.x-kerne), bør du installere pakken -kernel-image-2.4.18-bf2.4. Hvis du installerede en anden kernel-image-pakke -efter installationen, bør den installere den tilsvarende 2.4.18-1-kerne. Du -kan også anvende oversigten nedenfor til vejledning.

- -
-| Hvis "uname -r" viser: | Installer denne pakke:
-| 2.4.18-bf2.4           | kernel-image-2.4.18-bf2.4
-| 2.4.18-386             | kernel-image-2.4.18-1-386
-| 2.4.18-586tsc          | kernel-image-2.4.18-1-586tsc
-| 2.4.18-686             | kernel-image-2.4.18-1-686
-| 2.4.18-686-smp         | kernel-image-2.4.18-1-686-smp
-| 2.4.18-k6              | kernel-image-2.4.18-1-k6
-| 2.4.18-k7              | kernel-image-2.4.18-1-k7
-
- -

BEMÆRK: Denne kerne er ikke binært kompatibel med den tidligere udgave. Af -den grund har kernen et andet versionsnummer og ville ikke automatisk blive -installeret via den almindelige upgraderingsproces. Særlige moduler skal -genopbygges for at fungere med denne nye kerne. Nye PCMCIA-moduler stilles til -rådighed for alle ovennævne kerner.

- -

BEMÆRK: Det er nødvendigt at genstarte systemet umiddelbart efter -opgraderingen, for at udskifte den kørende kerne. Husk omhyggeligt at læse og -følge den vejledning, som gives under kerneopgraderingsprocessen.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-311.data" -#use wml::debian::translation-check translation="97cb96091c0d84a91bf555de66e891406da31fdc" diff --git a/danish/security/2003/dsa-312.wml b/danish/security/2003/dsa-312.wml deleted file mode 100644 index d9115f1ab65..00000000000 --- a/danish/security/2003/dsa-312.wml +++ /dev/null @@ -1,57 +0,0 @@ -flere sårbarheder - -

En række sårbarheder er opdaget i Linux-kernen.

- -

CVE-2002-0429: iBCS-rutinerne i arch/i386/kernel/traps.c til Linux-kerne -2.4.18 og tidligere på x86-systemer tillader lokale brugere at dræbe vilkårlige -processer via en grænseflade til binære kompatibilitet (lcall).

- -

CAN-2003-0001: Flere ethernet-netværkskorts (NIC) styreprogrammer udfylder -ikke rammer med null-bytes, hvilket gør det muligt for fjern angribere at -indhente oplysninger fra tidligere pakker eller kernehukommelse ved hjælp af -misdannede pakker.

- -

CAN-2003-0127: Kernens program til indlæsning af moduler gør det muligt for -lokale brugere at opnå root-rettigheder ved at få ptrace til at hængte sig på -en underproces som er startet af kernen.

- -

CAN-2003-0244: Implementationen af route-mellemlager i Linux 2.4 og -Netfilter IP conntrack-modult gør det muligt for fjernangribere at igangsætte -et lammelsesangreb (forbrug af CPU-ressourcer) ved hjælp af pakker med -forfalskede kildeadresser, som medfører et stort antal hash-table-kollisioner i -forbindelse med PREROUTING-kæden.

- -

CAN-2003-0246: Systemkaldet ioperm i Linux-kerne 2.4.20 og tidligere -begrænser ikke korrekt rettigheder, hvilket gør det muligt for lokale brugere -at opnå læse- og skriveadgang til visse I/O-porte.

- -

CAN-2003-0247: Sårbarhed i TTY-laget i Linux-kerne 2.4 gør det muligt for -angribere at igangsætte et lammelsesangreb ("kernel oops").

- -

CAN-2003-0248: mxcsr-koden i Linux-kerne 2.4 gør det muligt for angribere at -ændre på CPU-state-registrene ved hjælp af en misdannet adresse.

- -

CAN-2003-0364: Håndteringen af TCP/IP-fragmentsamling i Linux-kerne 2.4 gør -det muligt for fjernangribere at igangsætte et lammelsesangreb (forbrug af -CPU-ressourcer) ved hjælp af visse pakker, der forsager et stort antal -hash-tabel-kollisioner.

- -

Denne bulletin dækker kun powerpc-arkitekturen. Andre arkitekturer vil blive -dækket i separate bulletiner.

- -

I den stabile distribution (woody) på powerpc-arkitekturen er disse problemer -rettet i version 2.4.18-1woody1.

- -

I den ustabile distribution (sid) er disse problemer rettet i kerne -2.4.20-2.

- -

Vi anbefaler at du opdaterer dine kerne-pakker.

- -

BEMÆRK: Det er nødvendigt at genstarte systemet umiddelbart efter -opgraderingen, for at udskifte den kørende kerne. Husk omhyggeligt at læse og -følge den vejledning, som gives under kerneopgraderingsprocessen.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-312.data" -#use wml::debian::translation-check translation="97cb96091c0d84a91bf555de66e891406da31fdc" \ No newline at end of file diff --git a/danish/security/2003/dsa-313.wml b/danish/security/2003/dsa-313.wml deleted file mode 100644 index f93f031046d..00000000000 --- a/danish/security/2003/dsa-313.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb, heltalsoverløb - -

Timo Sirainen har opdaget flere sårbarheder i ethereal, et program til -analysering af netværkstrafik. Disse er blandt andre en-byte-overløb i -dissekatorerne AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, -SMPP og TSP, samt heltalsoverløb i dissekatorerne Mount og PPP.

- -

I den stabile distribution (woody) er disse problemer rettet i version -0.9.4-1woody4.

- -

Den gamle stabile distribution (potato) lader ikke til at indeholde disse -sårbarheder.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -0.9.12-1.

- -

Vi anbefaler at du opdaterer din ethereal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-313.data" -#use wml::debian::translation-check translation="0381a52f2771bb4d577c094a7f523675bf5e2c25" \ No newline at end of file diff --git a/danish/security/2003/dsa-314.wml b/danish/security/2003/dsa-314.wml deleted file mode 100644 index c9957400a42..00000000000 --- a/danish/security/2003/dsa-314.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Rick Patel har opdaget af atftpd er sårbar overfor et bufferoverløb når et -langt filnavn sendes til serveren. En angriber kunne fjernudnytte denne fejl -til at udføre vilkårlig kode på serveren.

- -

I den stabile distribution (woody) er dette problem rette i version -0.6.1.1.0woody1.

- -

Den gamle stabile distribution (potato) indeholder ikke en atftp-pakke.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din atftp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-314.data" -#use wml::debian::translation-check translation="4658fedefa6b2bdc8568436b43e99f54fd34863e" \ No newline at end of file diff --git a/danish/security/2003/dsa-315.wml b/danish/security/2003/dsa-315.wml deleted file mode 100644 index 33402fc0fcd..00000000000 --- a/danish/security/2003/dsa-315.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb, lammelsesangreb - -

Bas Wijnen har opdaget at gnocatan-serveren er sårbar overfor flere -bufferoverløb, der kunne udnyttes til udførelse af vilkårlig kode på -serversystemet.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.6.1-5woody2.

- -

Den gamle stabile distribution (potato) indeholder ikke en gnocatan-pakke.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din gnocatan-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-315.data" -#use wml::debian::translation-check translation="670adbdb23a950f63b4bd1a9ceb93d93f950e812" \ No newline at end of file diff --git a/danish/security/2003/dsa-316.wml b/danish/security/2003/dsa-316.wml deleted file mode 100644 index 5c31af80635..00000000000 --- a/danish/security/2003/dsa-316.wml +++ /dev/null @@ -1,40 +0,0 @@ -bufferoverløb, forkerte rettigheder - -

Pakkerne nethack og slashem er sårbare overfor et bufferoverløb der kan -udnyttes via et langt '-s'-kommandolinieparameter. Denne sårbarhed kunne -anvendes af en angriber til at opnå gid 'games' på et system hvor nethack er -installeret.

- -

Desuden har nogle binære setgid-filer i nethack-pakke forkerte rettigheder, -hvilke kunne give en bruger mulighed for at opnå gid 'games' ved at udskifte -disse binære filer og dermed potentielt få andre brugere til at udføre -ondsindet kode når de kører nethack.

- -

Bemærk, at slashem ikke indehold filrettighedsproblemet i CAN-2003-0359.

- -

I den stabile distribution (woody) er disse problemer rettet i version -3.4.0-3.0woody3.

- -

I den gamle stabile distribution (potato) er disse problemer rettet i version -3.3.0-7potato1.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -3.4.1-1.

- -

Vi anbefaler at du opdaterer din nethack-pakke.

- -

I den stabile distribution (woody) er disse problemer rettet i version -0.0.6E4F8-4.0woody3.

- -

I den gamle stabile distribution (potato) er disse problemer rettet i version -0.0.5E7-3potato1.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -0.0.6E4F8-6.

- -

Vi anbefaler at du opdaterer din slashem-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-316.data" -#use wml::debian::translation-check translation="dfced456302c08a13588adef698869b73c06322d" \ No newline at end of file diff --git a/danish/security/2003/dsa-317.wml b/danish/security/2003/dsa-317.wml deleted file mode 100644 index 985b368eab1..00000000000 --- a/danish/security/2003/dsa-317.wml +++ /dev/null @@ -1,20 +0,0 @@ -lammelsesangreb - -

CUPS-printerserveren i Debian er sårbar overfor et lammelsesangreb, når en -HTTP-forespørgsel modtages uden at være afsluttet korrekt.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.1.14-5.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -1.0.4-12.2.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.1.19final-1.

- -

Vi anbefaler at du opdaterer din cupsys-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-317.data" -#use wml::debian::translation-check translation="e113a1c3780feecd29a79217e9aee338209452c1" \ No newline at end of file diff --git a/danish/security/2003/dsa-318.wml b/danish/security/2003/dsa-318.wml deleted file mode 100644 index 6d717a5fd14..00000000000 --- a/danish/security/2003/dsa-318.wml +++ /dev/null @@ -1,21 +0,0 @@ -lammelsesangreb - -

Calle Dybedahl har opdaget en fejl i lyskom-server, som kunne føre til et -lammelsesangreb hvor en bruger, der ikke var autentificeret, kunne få serveren -til at holde op med at svare mens den behandlede en stor forespørgsel.

- -

I den stabile distribution (woody) er dette problem rettet i version -2.0.6-1woody1.

- -

Den gamle stabile distribution (potato) indeholder ikke pakken -lyskom-server.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.0.7-2.

- -

Vi anbefaler at du opdaterer din lyskom-server-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-318.data" -#use wml::debian::translation-check translation="4d92b0c94db9db5b80e230b88eb9caaf26b5bd90" \ No newline at end of file diff --git a/danish/security/2003/dsa-319.wml b/danish/security/2003/dsa-319.wml deleted file mode 100644 index 8efa20c7bdb..00000000000 --- a/danish/security/2003/dsa-319.wml +++ /dev/null @@ -1,21 +0,0 @@ -forfalskning af session-ID - -

miniserv.pl i pakken webmin håndterer metategn, så som nye linie og -linieskift, på en forkert måde ved Base64-indkapslede strenge der anvendes i -autentificationsformen Basic. Denne sårbarhed gør det muligt for fjernangribere -at forfalske en session-ID og på den måde opnå root-rettigheder.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.94-7woody1.

- -

Den gamle stabile distribution (potato) indeholder ikke pakken webmin.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.070-1.

- -

Vi anbefaler at du opdaterer din webmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-319.data" -#use wml::debian::translation-check translation="4d92b0c94db9db5b80e230b88eb9caaf26b5bd90" \ No newline at end of file diff --git a/danish/security/2003/dsa-320.wml b/danish/security/2003/dsa-320.wml deleted file mode 100644 index 5ab0e07aed9..00000000000 --- a/danish/security/2003/dsa-320.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Ingo Saitz har opdaget en fejl i mikmod hvor et langt filnavn inde i en -arkivfil, kan få en buffer til at løbe over når mikmod læser arkivet.

- -

I den stabile distribution (woody) er dette problem rettet i version -3.1.6-4woody3.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -3.1.6-2potato3.

- -

I den ustabile distribution (sid) er dette problem rettet i version -3.1.6-6.

- -

Vi anbefaler at du opdaterer din mikmod-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-320.data" -#use wml::debian::translation-check translation="dff10a6dc0798ee5a85f0ca5b24e1678b36628a7" \ No newline at end of file diff --git a/danish/security/2003/dsa-321.wml b/danish/security/2003/dsa-321.wml deleted file mode 100644 index 63a79ae452e..00000000000 --- a/danish/security/2003/dsa-321.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

radiusd-cistron indeholder en fejl der udløser et bufferoverløb når en lang -NAS-Port-attribut modtages. Dette kunne give en fjernangriber mulighed for at -udføre vilkårlig kode på serveren med RADIUS-dæmonens rettigheder (normalt -root).

- -

I den stabile distribution (woody) er dette problem rettet i version -1.6.6-1woody1.

- -

I den gamle stabile distribution (potato) vil dette problem blive løst i -forbindelse med et senere bulletin.

- -

I den ustabile distribution (sid) vil dette problem snart blive løst.

- -

Vi anbefaler at du opdaterer din radiusd-cistron-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-321.data" -#use wml::debian::translation-check translation="e730e2790df8d6f2d5b3970869a717ac3b84638c" \ No newline at end of file diff --git a/danish/security/2003/dsa-322.wml b/danish/security/2003/dsa-322.wml deleted file mode 100644 index 4e1ab2b8ed7..00000000000 --- a/danish/security/2003/dsa-322.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

I spillet typespeed skal spilleren indtaste ord hurtigt og korrekt. Det -indeholder en netværksspil-tilstand, der gør det muligt for spillere på -forskellige systemer at dyste mod hinanden. Netværkskoden indeholder et -bufferoverløb, der kunne give en fjernangriber mulighed for at udføre vilkårlig -kode med rettighederne tilhørende den bruger, der kører typespeed, ud over gid -games.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.4.1-2.2.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -0.4.0-5.2.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din typespeed-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-322.data" -#use wml::debian::translation-check translation="8fd8ae2786887ae8a054ae4312a4891b8ad3ba0a" \ No newline at end of file diff --git a/danish/security/2003/dsa-323.wml b/danish/security/2003/dsa-323.wml deleted file mode 100644 index d620735f672..00000000000 --- a/danish/security/2003/dsa-323.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikre midlertidige filer - -

Jakob Lell har opdaget en fejl i skriptet 'noroff', der følger med noweb, -hvor en midlertidig fil blev oprettet på en usikker måde. Under en -kodegennemgang blev flere andre forekomster af dette problem opdaget og rettet. -Alle disse fejl kunne udnyttes af en lokal bruger til at overskrive vilkårlige -filer, som ejes af brugeren der kører skriptet.

- -

I den stabile distribution (woody) er disse problemer rettet i version -2.9a-7.3.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -2.9a-5.1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at opdaterer din noweb-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-323.data" -#use wml::debian::translation-check translation="8fd8ae2786887ae8a054ae4312a4891b8ad3ba0a" \ No newline at end of file diff --git a/danish/security/2003/dsa-324.wml b/danish/security/2003/dsa-324.wml deleted file mode 100644 index e403a5a3396..00000000000 --- a/danish/security/2003/dsa-324.wml +++ /dev/null @@ -1,51 +0,0 @@ -flere sårbarheder - -

Flere af pakkedissekatorerne i ethereal indeholder strenghåndteringsfejl, -der kunne udnyttes ved hjælp af ondsindet fremstillede pakker med det formål, -at få ethereal til at anvende store mængder hukommelse, gå ned eller udføre -vilkårlig kode.

- -

Disse sårbarhed blev annonceret i følgende sikkerhedsbulletin vedrørende -Ethereal:

- -

- -

Ethereal 0.9.4 i Debian 3.0 (woody) er påvirket af de fleste problemer -beskrevet i bulletinen, blandt andre:

- -
    -
  • DCERPC-dissekatoren prøvede at allokere for meget hukommelse, når den - prøvede at dekode en NDR-streng.
    • -
  • Dårlige IPv4- eller IPv6-præfikslængder kunne medføre et overløb i - OSI-dissekatoren.
    • -
  • Rutinen tvb_get_nstringz0() håndterede på forkert vis en bufferstørrelse på - nul.
    • -
  • Dissekatorerne af BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP og ISIS - håndterede strenge på forkert vis.
    • -
- -

Følgende problemer påvirker ikke denne version:

- -
    -
  • Dissekatoren SPNEGO kunne gå ned med en "segfault" ved tolkning af en - ugyldig ASN.1-værdi.
    • -
  • RMI-dissekatoren håndterede strenge på forkert vis.
    • -
- -

- da disse moduler ikke findes.

- -

I den stabile distribution (woody) er disse problemer rettet i version -0.9.4-1woody5.

- -

I den gamle stabile distribution (potato) vil disse problem blive rettet i -forbindelse med et bulletin der udsendes senere.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -0.9.13-1.

- -

Vi anbefaler at du opdaterer din ethereal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-324.data" -#use wml::debian::translation-check translation="827ff392fe84fdd8b558605cd87e1c418f267a53" diff --git a/danish/security/2003/dsa-325.wml b/danish/security/2003/dsa-325.wml deleted file mode 100644 index c03b77fe0f4..00000000000 --- a/danish/security/2003/dsa-325.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker midlertidig fil - -

eldav, en WebDAV-klient til Emacs, opretter midlertidige filer uden at tage -de nødvendige sikkerhedsforholdsregler. Denne sårbarhed kunne udnyttes af en -lokal bruger til at oprette eller overskrive filer med rettighederne hørende -til den bruger, der kører emacs og eldav.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.0.20020411-1woody1.

- -

Den gamle stabile distribution (potato) indeholder ikke pakken eldav.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.7.2-1.

- -

Vi anbefaler at du opdaterer din eldav-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-325.data" -#use wml::debian::translation-check translation="a4d72057621c5964c17229ff7da0ab7bf592edba" \ No newline at end of file diff --git a/danish/security/2003/dsa-326.wml b/danish/security/2003/dsa-326.wml deleted file mode 100644 index acf21402174..00000000000 --- a/danish/security/2003/dsa-326.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

Orville Write, en erstatning til den standardkommandoen write(1), indeholder -et antal bufferoverløb. Disse kunne udnyttes til at opnå enten gid tty- eller -root-rettigheder, afhængigt af den valgte opsætning da pakken blev -installeret.

- -

I den stabile distribution (woody) er dette problem rettet i version -2.53-4woody1.

- -

Den gamle stabile distribution (potato) indeholder ikke pakken -orville-write.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet. -Se Debians fejlrapport nummer -170747.

- -

Vi anbefaler at opdaterer din orville-write-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-326.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" diff --git a/danish/security/2003/dsa-327.wml b/danish/security/2003/dsa-327.wml deleted file mode 100644 index c91018ed565..00000000000 --- a/danish/security/2003/dsa-327.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Steve Kemp har opdaget flere bufferoverløb i xbl, et spil, der kan udløses -af lange kommandolinieparametre. Denne sårbarhed kunne udnyttes af en lokal -angriber til at opnå gid 'games'.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.0k-3woody1.

- -

I den gamle stabile distribution (potato) er dette problem rettet i version -1.0i-7potato1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.0k-5.

- -

Vi anbefaler at du opdaterer din xbl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-327.data" -#use wml::debian::translation-check translation="a4d72057621c5964c17229ff7da0ab7bf592edba" \ No newline at end of file diff --git a/danish/security/2003/dsa-328.wml b/danish/security/2003/dsa-328.wml deleted file mode 100644 index b5668cc68c0..00000000000 --- a/danish/security/2003/dsa-328.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

webfs, en letvægts-HTTP-server til statisk indhold, indeholder et -bufferoverløb, hvorved en lang Request-URI i en HTTP-forespørgsel kunne -muliggøre udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.17.1.

- -

Den gamle stabile distribution (potato) indeholder ikke pakken webfs.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din webfs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-328.data" -#use wml::debian::translation-check translation="a4d72057621c5964c17229ff7da0ab7bf592edba" \ No newline at end of file diff --git a/danish/security/2003/dsa-329.wml b/danish/security/2003/dsa-329.wml deleted file mode 100644 index 9e850a7444f..00000000000 --- a/danish/security/2003/dsa-329.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb - -

Steve Kemp har opdaget at osh, en skal (shell) beregnet til at begrænse -brugerens aktiviteter, indeholder to bufferoverløb, ved behandling af -miljøvariable samt ved filviderestillinger. Disse sårbarheder kunne anvendes -til at udføre vilkårlig kode og dermed overtrumfe de restriktioner, skallen er -pålagt.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.7-11woody1.

- -

Den gamle stabile distribution (potato) er påvirket af dette problem og vil -måske blive rettet i forbindelse med en senere bulletin, hvis der kan findes -tid til det.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.7-12.

- -

Vi anbefaler at du opdaterer din osh-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-329.data" -#use wml::debian::translation-check translation="a183869de4af94ab7662eba9852ea23df9480b05" \ No newline at end of file diff --git a/danish/security/2003/dsa-330.wml b/danish/security/2003/dsa-330.wml deleted file mode 100644 index 176f31077be..00000000000 --- a/danish/security/2003/dsa-330.wml +++ /dev/null @@ -1,26 +0,0 @@ -manglende bortkastning af root-rettigheder - -

tcptraceroute er et setuid-root-program der smider root-rettighederne væk -efter at have hentet en fil-descriptor, som anvendes ved opsamling af rå pakker. -Dog fik programmet ikke afgivet alle rettigheder og ved en sårbarhed der kan -udnyttes, kunne root-rettighederne opnås igen.

- -

Der er pt. ingen kendt udnyttelse, men med denne sikkerhedsforanstaltning -lukkes hullet for at undgå problemer, hvis der på et tidspunkt opdages en fejl, -der kunne have udnyttet sårbarheden.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.2-2.

- -

Den gamle stabile distribution (potato) indeholder ikke pakken -tcptraceroute.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.4-4.

- -

Vi anbefaler at du opdaterer din tcptraceroute-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-330.data" -#use wml::debian::translation-check translation="f68a3d64471ade1de5051f4ae1befc6f21d0a033" diff --git a/danish/security/2003/dsa-331.wml b/danish/security/2003/dsa-331.wml deleted file mode 100644 index d79e03d36e6..00000000000 --- a/danish/security/2003/dsa-331.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker midlertidig fil - -

imagemagicks libmagick-bibliotek, opretter, i visse situationer, filer uden -at foretage de nødvendige sikkerhedsforanstaltninger. Denne sårbarhed kunne -udnyttes af en lokal bruger til at oprette eller overskrive filer, med -rettighederne tilhørende en anden bruger, der kører et program, som anvender -dette bibliotek.

- -

I den stabile distribution (woody) er dette problem rettet i version -4:5.4.4.5-1woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -4:5.5.7-1.

- -

Vi anbefaler at du opdaterer din imagemagick-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-331.data" -#use wml::debian::translation-check translation="0be381b04fdad61b582d8074378229132a16cd54" diff --git a/danish/security/2003/dsa-332.wml b/danish/security/2003/dsa-332.wml deleted file mode 100644 index ebb88637d16..00000000000 --- a/danish/security/2003/dsa-332.wml +++ /dev/null @@ -1,78 +0,0 @@ -flere sårbarheder - -

Et antal sårbarheder er opdaget i Linux-kernen.

- -
    - -
  • \ - CVE-2002-0429: iBCS-rutinerne i arch/i386/kernel/traps.c til Linux-kerne - 2.4.18 og tidligere på x86-systemer tillader lokale brugere at dræbe vilkårlige - processer via en grænseflade til binære kompatibilitet (lcall). -
    • - -
  • \ - CAN-2003-0001: Flere ethernet-netværkskorts (NIC) styreprogrammer udfylder - ikke rammer med null-bytes, hvilket gør det muligt for fjern angribere at - indhente oplysninger fra tidligere pakker eller kernehukommelse ved hjælp af - misdannede pakker. -
    • - -
  • \ - CAN-2003-0127: Kernens program til indlæsning af moduler gør det muligt for - lokale brugere at opnå root-rettigheder ved at få ptrace til at hængte sig på - en underproces som er startet af kernen. -
    • - -
  • \ - CAN-2003-0244: Implementationen af route-mellemlager i Linux 2.4 og - Netfilter IP conntrack-modult gør det muligt for fjernangribere at igangsætte - et lammelsesangreb (forbrug af CPU-ressourcer) ved hjælp af pakker med - forfalskede kildeadresser, som medfører et stort antal hash-table-kollisioner i - forbindelse med PREROUTING-kæden. -
    • - -
  • \ - CAN-2003-0246: Systemkaldet ioperm i Linux-kerne 2.4.20 og tidligere - begrænser ikke korrekt rettigheder, hvilket gør det muligt for lokale brugere - at opnå læse- og skriveadgang til visse I/O-porte. -
    • - -
  • \ - CAN-2003-0247: Sårbarhed i TTY-laget i Linux-kerne 2.4 gør det muligt for - angribere at igangsætte et lammelsesangreb ("kernel oops"). -
    • - -
  • \ - CAN-2003-0248: mxcsr-koden i Linux-kerne 2.4 gør det muligt for angribere at - ændre på CPU-state-registrene ved hjælp af en misdannet adresse. -
    • - -
  • \ - CAN-2003-0364: Håndteringen af TCP/IP-fragmentsamling i Linux-kerne 2.4 gør - det muligt for fjernangribere at igangsætte et lammelsesangreb (forbrug af - CPU-ressourcer) ved hjælp af visse pakker, der forsager et stort antal - hash-tabel-kollisioner. -
    • -
- -

Med denne bulletin leveres rettet kildekode til Linux 2.4.17 og rettet -binære kerneaftryk til arkitekturerne mips og mipsel. Andre versioner og -arkitekturer vil blive dækket i separate bulletiner.

- -

I den stabile distribution (woody) er disse problemer rettet i -kernel-source-2.4.17 version 2.4.17-1woody1 og kernel-patch-2.4.17-mips version -2.4.17-0.020226.2.woody2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -kernel-source-2.4.20 version 2.4.20-8.

- -

Vi anbefaler at du opdaterer dine kerne-pakker.

- -

BEMÆRK: Det er nødvendigt at genstarte systemet umiddelbart efter -opgraderingen, for at udskifte den kørende kerne. Husk omhyggeligt at læse og -følge den vejledning, som gives under kerneopgraderingsprocessen.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-332.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" diff --git a/danish/security/2003/dsa-333.wml b/danish/security/2003/dsa-333.wml deleted file mode 100644 index 5b025dd60f8..00000000000 --- a/danish/security/2003/dsa-333.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

acm, en luftkampssimulator for flere spillere, bruger en netværksprotokol -baseret på den samme RPC-implementation, som anvendes i mange C-biblioteker. -Denne implementation har vist sig at indeholde en heltalsoverløbssårbarhed, -der kunne udnyttes til at udføre vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i version -5.0-3.woody.1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -5.0-10.

- -

Vi anbefaler at du opdaterer din acm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-333.data" -#use wml::debian::translation-check translation="bd3aceaf0dd406210fe4d5d056b027ddba668482" \ No newline at end of file diff --git a/danish/security/2003/dsa-334.wml b/danish/security/2003/dsa-334.wml deleted file mode 100644 index 311e8cda6b6..00000000000 --- a/danish/security/2003/dsa-334.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Steve Kemp har opdaget flere bufferoverløb i xgalaga, et spil, som kan -udløses af en lang HOME-miljøvariabel. Denne sårbarhed kunne udnyttes af en -lokal angriber til at opnå gid 'games'.

- -

I den stabile distribution (woody) er dette problem rettet i version -2.0.34-19woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.0.34-22.

- -

Vi anbefaler at du opdaterer din xgalaga-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-334.data" -#use wml::debian::translation-check translation="bd3aceaf0dd406210fe4d5d056b027ddba668482" \ No newline at end of file diff --git a/danish/security/2003/dsa-335.wml b/danish/security/2003/dsa-335.wml deleted file mode 100644 index 37c244c6810..00000000000 --- a/danish/security/2003/dsa-335.wml +++ /dev/null @@ -1,21 +0,0 @@ -ukorrekte rettigheder - -

mantis, et PHP/MySQL-webbaseret fejlhåndteringssystem, opbevarer -adgangskoden, der anvendes til at tilgå databasen, i en opsætningsfil der kan -læses af alle. Dette kunne give en lokal angriber mulighed for at læse -adgangskoden og opnå læse-/skriveadgang til databasen.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.17.1-3.

- -

Den gamle stabile distribution (potato) indeholder ikke pakken mantis.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.17.5-6.

- -

Vi anbefaler at du opdaterer din mantis-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-335.data" -#use wml::debian::translation-check translation="23ae8046d8061f28eced3d1fdd465316befd1274" \ No newline at end of file diff --git a/danish/security/2003/dsa-336.wml b/danish/security/2003/dsa-336.wml deleted file mode 100644 index 0433f71e1ed..00000000000 --- a/danish/security/2003/dsa-336.wml +++ /dev/null @@ -1,86 +0,0 @@ -flere sårbarheder - -

Et antal sårbarheder er opdaget i Linux-kernen.

- -
    -
  • \ - CAN-2002-1380: Linux-kerne 2.2.x tillader lokale brugere at forårsage et - overbelastningsangreb (crash) ved at anvende funktionen mmap() med et - PROT_READ-parameter til at tilgå ikke-læsbare hukommelsessider via - grænsefladen /proc/pid/mem.
    • - -
  • \ - CVE-2002-0429: iBCS-rutinerne i arch/i386/kernel/traps.c til Linux-kerne - 2.4.18 og tidligere på x86-systemer tillader lokale brugere at dræbe vilkårlige - processer via en grænseflade til binære kompatibilitet (lcall). -
    • - -
  • \ - CAN-2003-0001: Flere ethernet-netværkskorts (NIC) styreprogrammer udfylder - ikke rammer med null-bytes, hvilket gør det muligt for fjern angribere at - indhente oplysninger fra tidligere pakker eller kernehukommelse ved hjælp af - misdannede pakker. -
    • - -
  • \ - CAN-2003-0127: Kernens program til indlæsning af moduler gør det muligt for - lokale brugere at opnå root-rettigheder ved at få ptrace til at hængte sig på - en underproces som er startet af kernen. -
    • - -
  • \ - CAN-2003-0244: Implementationen af route-mellemlager i Linux 2.4 og - Netfilter IP conntrack-modult gør det muligt for fjernangribere at igangsætte - et lammelsesangreb (forbrug af CPU-ressourcer) ved hjælp af pakker med - forfalskede kildeadresser, som medfører et stort antal hash-table-kollisioner i - forbindelse med PREROUTING-kæden. -
    • - -
  • \ - CAN-2003-0246: Systemkaldet ioperm i Linux-kerne 2.4.20 og tidligere - begrænser ikke korrekt rettigheder, hvilket gør det muligt for lokale brugere - at opnå læse- og skriveadgang til visse I/O-porte. -
    • - -
  • \ - CAN-2003-0247: Sårbarhed i TTY-laget i Linux-kerne 2.4 gør det muligt for - angribere at igangsætte et lammelsesangreb ("kernel oops"). -
    • - -
  • \ - CAN-2003-0248: mxcsr-koden i Linux-kerne 2.4 gør det muligt for angribere at - ændre på CPU-state-registrene ved hjælp af en misdannet adresse. -
    • - -
  • \ - CAN-2003-0364: Håndteringen af TCP/IP-fragmentsamling i Linux-kerne 2.4 gør - det muligt for fjernangribere at igangsætte et lammelsesangreb (forbrug af - CPU-ressourcer) ved hjælp af visse pakker, der forsager et stort antal - hash-tabel-kollisioner. -
    • -
- -

Med denne bulletin leveres rettet kildekode til Linux 2.2.20 og rettet -binært kerneaftryk til i386-arkitekturen. Andre versioner og arkitekturer vil -blive dækket i separate bulletiner.

- -

I den stabile distribution (woody) på i386-arkitekturen, er disse problemer -rettet i kernel-source-2.2.20 version 2.2.20-5woody2 og kernel-image-i386 -version 2.2.20-5woody3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -kernel-source-2.2.25 og kernel-image-2.2.25-i386 version 2.2.25-2.

- -

Vi anbefaler at du opdaterer dine kerne-pakker.

- -

BEMÆRK: Det er nødvendigt at genstarte systemet umiddelbart efter -opgraderingen, for at udskifte den kørende kerne. Husk omhyggeligt at læse og -følge den vejledning, som gives under kerneopgraderingsprocessen.

- -

BEMÆRK: Disse kerne er ikke binært kompatible med den tidligere udgave. -Særlige moduler skal genoversættes for at kunne anvendes med den nye kerne.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-336.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" \ No newline at end of file diff --git a/danish/security/2003/dsa-337.wml b/danish/security/2003/dsa-337.wml deleted file mode 100644 index fe70c0ac4db..00000000000 --- a/danish/security/2003/dsa-337.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Viliam Holub har opdaget en fejl i gtksee, hvor indlæsning af PNG-billeder -med bestemte farvedybder kunne resulutere i, at gtksee fik en stak-allokeret -buffer til at løbe over. Denne sårbarhed kunne udnyttes af en angriber, der -anvendte et omhyggeligt fremstillet PNG-billede, til at udføre vilkårlige kode -når offeret indlæste billedet i gtksee.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.5.0-6.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet. -Se Debian-fejl nummer 76346.

- -

Vi anbefaler at du opdaterer din gtksee-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-337.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" \ No newline at end of file diff --git a/danish/security/2003/dsa-338.wml b/danish/security/2003/dsa-338.wml deleted file mode 100644 index ba7afc90655..00000000000 --- a/danish/security/2003/dsa-338.wml +++ /dev/null @@ -1,21 +0,0 @@ -SQL-indsprøjtning - -

runlevel [runlevel@raregazz.org] rapporterer at ProFTPDs -PostgreSQL-autentifikationsmodul er sårbar overfor et SQL-indsprøjtningsangreb. -Denne sårbarhed kunne udnyttes af uautentificeret fjernangriber til at udføre -vilkårlige SQL-kommandoer og dermed potentielt blotlægge andre brugeres -adgangskoder eller forbinde sig til ProFTPD som en vilkårlig bruger, uden at -angive den korrekte adgangskode.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.2.4+1.2.5rc1-5woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.2.8-8.

- -

Vi anbefaler at du opgraderer din proftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-338.data" -#use wml::debian::translation-check translation="2648fa1818592812a30e91b6e25165d239ff9991" \ No newline at end of file diff --git a/danish/security/2003/dsa-339.wml b/danish/security/2003/dsa-339.wml deleted file mode 100644 index 644de7b1a6f..00000000000 --- a/danish/security/2003/dsa-339.wml +++ /dev/null @@ -1,26 +0,0 @@ -usikker midlertidig fil - -

BEMÆRK: På grund af en kombination af administrative problemer, blev dette -bulletin fejlagtigt udgivet med identifikationen "DSA-337-1". DSA-337-1 -refererer korrekt til et tidligere bulletin vedrørende gtksee.

- -

semi, et MIME-bibliotek til GNU Emacs, tager ikke de nødvendige -sikkerhedsforanstaltninger ved oprettelse af midlertidige filer. Denne fejl -kunne potentielt udnyttes til at overskrive vilkårlige filer, med de rettigheder -tilhørende den bruger, der kører Emacs og semi, potentielt med indhold leveret -af angriberen.

- -

wemi er en forgrening af semi og indeholder den samme fejl.

- -

I den stabile distribution (woody) er dette problem rettet i semi version -1.14.3.cvs.2001.08.10-1woody2 og wemi version 1.14.0.20010802wemiko-1.3.

- -

I den ustabile distribution (sid) er dette problem rettet i semi version -1.14.5+20030609-1. Den ustabile distribution indeholder ikke pakken wemi.

- -

Vi anbefaler at du opdaterer dine semi- og wemi-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-339.data" -#use wml::debian::translation-check translation="6e2bbca2d4cd3a98a37e13db5b85e544d5e25b4e" diff --git a/danish/security/2003/dsa-340.wml b/danish/security/2003/dsa-340.wml deleted file mode 100644 index 58496da7c72..00000000000 --- a/danish/security/2003/dsa-340.wml +++ /dev/null @@ -1,24 +0,0 @@ -usikker midlertidig fil - -

BEMÆRK: På grund af en kombination af administrative problemer, blev dette -bulletin fejlagtigt udgivet med identifikationen "DSA-338-1". DSA-338-1 -refererer korrekt til et tidligere bulletin vedrørende proftpd.

- -

x-face-el, en dekoder til billeder indeholdt i e-mail-headeren X-Face, tager -ikke de nødvendige sikkerhedsforanstaltninger ved oprettelse af midlertidige -filer. Denne fejl kunne potentielt udnyttes til at overskrive vilkårlige filer -med rettighederne hørende til den bruger, der kører Emacs og x-face-el, -potentielt med indhold leveret af angriberen.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.3.6.19-1woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.3.6.23-1.

- -

Vi anbefaler at du opdaterer din x-face-el-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-340.data" -#use wml::debian::translation-check translation="a27186426d8f2ab23893ddc98301006e7cd50459" diff --git a/danish/security/2003/dsa-341.wml b/danish/security/2003/dsa-341.wml deleted file mode 100644 index 9ae24b3a3f9..00000000000 --- a/danish/security/2003/dsa-341.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker midlertidig fil - -

liece, en IRC-klient til Emacs, tager ikke de nødvendige -sikkerhedsforanstaltninger ved oprettelse af midlertidige filer. Denne fejl -kunne potentielt udnyttes til at overskrive vilkårlige filer, med de rettigheder -tilhørende den bruger, der kører Emacs og liece, potentielt med indhold leveret -af angriberen.

- -

I den stabile distribution (woody) er dette problem rettet i version -2.0+0.20020217cvs-2.1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.0+0.20030527cvs-1.

- -

Vi anbefaler at du opdaterer din liece-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-341.data" -#use wml::debian::translation-check translation="6e2bbca2d4cd3a98a37e13db5b85e544d5e25b4e" diff --git a/danish/security/2003/dsa-342.wml b/danish/security/2003/dsa-342.wml deleted file mode 100644 index e786fafd75f..00000000000 --- a/danish/security/2003/dsa-342.wml +++ /dev/null @@ -1,23 +0,0 @@ -usikker mailcap-opsætning - -

mozart, en udviklingsplatform baseret på sproget Oz, indeholder -MIME-opsætningsoplysninger, der angiver at Oz-programmer skal sendes til -Oz-fortolkeren, for at blive udført. Dette betyder at filhåndteringsprogrammer, -webbrowsere og andre programmer der respekterer mailcap-filen, automatisk kunne -udføre programmer hentet fra usikre kilder. På den måde kunne et ondsindet -Oz-program udføre vilkårlig kode under den uid, der tilhører brugeren som kører -et MIME-kapablet klientprogram, hvis brugeren har valgt en fil (eksempelvis ved -at vælge et link i en webbrowser).

- -

I den stabile distribution (woody) er dette problem rettet i version -1.2.3.20011204-3woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.2.5.20030212-2.

- -

Vi anbefaler at du opdaterer din mozart-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-342.data" -#use wml::debian::translation-check translation="6e2bbca2d4cd3a98a37e13db5b85e544d5e25b4e" diff --git a/danish/security/2003/dsa-343.wml b/danish/security/2003/dsa-343.wml deleted file mode 100644 index 4a6353916d2..00000000000 --- a/danish/security/2003/dsa-343.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker midlertidig fil - -

skk, et enkelt program til konvertering mellem kana og kanji, tager ikke de -nødvendige sikkerhedsforanstaltninger ved oprettelse af midlertidige filer. -Denne fejl kunne potentielt udnyttes til at overskrive vilkårlige filer med -rettighederne hørende til den bruger, der kører Emacs og skk.

- -

ddskk er afledt fra den samme kode og indeholder den samme fejl.

- -

I den stabile distribution (woody) er dette problem rettet i skk version -10.62a-4woody1 og ddskk version 11.6.rel.0-2woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i ddskk version -12.1.cvs.20030622-1 og i skk vil det snart blive rettet.

- -

Vi anbefaler at du opdaterer dine skk- og ddskk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-343.data" -#use wml::debian::translation-check translation="a27186426d8f2ab23893ddc98301006e7cd50459" diff --git a/danish/security/2003/dsa-344.wml b/danish/security/2003/dsa-344.wml deleted file mode 100644 index b7037123aff..00000000000 --- a/danish/security/2003/dsa-344.wml +++ /dev/null @@ -1,19 +0,0 @@ -mappegennemgang - -

En mappegennemgangssårbarhed i UnZip 5.50 gør det muligt for angribere at -omgå kontrollen af relative stinavne ("../") ved at placere visse ulovlige tegn -mellem de to "."-tegn. Rettelsen, der blev implementeret i DSA-344-1, har -muligvis ikke forhindret alle former for udnyttelse af denne sårbarhed.

- -

I den stabile distribution (woody) er dette problem rettet i version -5.50-1woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i version -5.50-3.

- -

Vi anbefaler at du opdaterer din unzip-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-344.data" -#use wml::debian::translation-check translation="4e97ba7f8f378444aac5d934639be799155c655d" diff --git a/danish/security/2003/dsa-345.wml b/danish/security/2003/dsa-345.wml deleted file mode 100644 index 7603d645a4a..00000000000 --- a/danish/security/2003/dsa-345.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Et nyt bufferoverløb er opdaget i xbl, som adskiller sig fra det, der blev -rettet med DSA-327 (CAN-2003-0451) ved at involvere -kommandolinie-parameteret -display. Denne sårbarhed kunne udnyttes -af en lokal angriber til at opnå gid 'games'.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.0k-3woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.0k-6.

- -

Vi anbefaler at du opdaterer din xbl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-345.data" -#use wml::debian::translation-check translation="b1e639c9149e058f94c8d79ed076cec0748ab030" diff --git a/danish/security/2003/dsa-346.wml b/danish/security/2003/dsa-346.wml deleted file mode 100644 index 45ab5c3c15f..00000000000 --- a/danish/security/2003/dsa-346.wml +++ /dev/null @@ -1,21 +0,0 @@ -mappegennemgang - -

Albert Puigsech Galicia rapporterer at phpsysinfo, -et webbaseret program til visning af statusoplysninger om systemet, indeholder -to sårbarheder, der kunne gør det muligt at læse lokale filer eller udføre -vilkårlig PHP-kode under rettighederne hørende til webserver-processen (normalt -www-data). Disse sårbarheder kræver adgang til en skrivbar mappe på systemet, -for at kunne udnyttes.

- -

I den stabile distribution (woody) er dette problem rettet i version -2.0-3woody1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet. -Se Debian fejl nummer 200543.

- -

Vi anbefaler at du opdaterer din phpsysinfo-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-346.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" diff --git a/danish/security/2003/dsa-347.wml b/danish/security/2003/dsa-347.wml deleted file mode 100644 index 306bcd9501b..00000000000 --- a/danish/security/2003/dsa-347.wml +++ /dev/null @@ -1,20 +0,0 @@ -SQL-indsprøjtning - -

teapop, en POP3-server, indeholder modulder til autentificering af brugere -mod en PostgreSQL- eller MySQL-database. Tre moduler indkapsler ikke korrekt -brugerleverede strenge før de anvendes i SQL-forespørgsler. Denne sårbarhed -kunne udnyttes til at udføre vilkårlig SQL-kode med rettighederne hørende til -den database-bruger, som teapop har autentificeret.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.3.4-1woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.3.5-2.

- -

Vi anbefaler at du opdaterer din teapop-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-347.data" -#use wml::debian::translation-check translation="0b699a45a961642dc5134a1f6dc5d7ac4cf56489" diff --git a/danish/security/2003/dsa-348.wml b/danish/security/2003/dsa-348.wml deleted file mode 100644 index 3b67cfd02ca..00000000000 --- a/danish/security/2003/dsa-348.wml +++ /dev/null @@ -1,21 +0,0 @@ -heltalsoverløb, bufferoverløb - -

traceroute-nanog, en udvidet udgave af det udbredte traceroute-program, -indeholder et heltalsoverløbsfejl, der kunne udnyttes til at udføre vilkårlig -kode. traceroute-nanog er setuid root, men smider root-rettighederne væk -umiddelbart efter at have hentet rå ICMP- og IP-sockets. Derfor giver -udnyttelse af denne sårbarhed kun adgang til disse sockets og ikke -root-rettigheder.

- -

I den stabile distribution (woody) er dette problem rettet i version -6.1.1-1.3.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet. -Se Debian fejl nummer 200875.

- -

Vi anbefaler at du opdaterer din traceroute-nanog-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-348.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" diff --git a/danish/security/2003/dsa-349.wml b/danish/security/2003/dsa-349.wml deleted file mode 100644 index aa25df5f173..00000000000 --- a/danish/security/2003/dsa-349.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Logningskoden i nfs-utils indeholder et forskudt med en-bufferoverløb, når -der tilføjes et linieskift til den streng, der logges. Denne sårbarhed kan -give en angriber mulighed for at udføre vilkårlig kode eller igangsætte et -overbelastningsangreb ved at sende visse RPC-forespørgsler.

- -

I den stabile distribution (woody) er dette problem rettet i version -1:1.0-2woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1:1.0.3-2.

- -

Vi anbefaler at du opdaterer din nfs-utils-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-349.data" -#use wml::debian::translation-check translation="523fde476a39f78b0651d5a9bce23bcfd1c59815" \ No newline at end of file diff --git a/danish/security/2003/dsa-350.wml b/danish/security/2003/dsa-350.wml deleted file mode 100644 index 1367db7fe22..00000000000 --- a/danish/security/2003/dsa-350.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Pakken falconseye er sårbar overfor et bufferoverløb som kan udnyttes ved -hjælp af et langt -s-kommandolinieparameter. Denne sårbarhed kunne -anvendes af en angriber til at opnå gid 'games' på et system hvor falconseye er -installeret.

- -

Bemærk, at falconseye ikke indeholder filrettighedsfejlen CAN-2003-0359, der -påvirkede nogle andre nethack-pakker.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.9.3-7woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.9.3-9.

- -

Vi anbefaler at du opdaterer din falconseye-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-350.data" -#use wml::debian::translation-check translation="02d736890c059a4081d20b8724fffc631709a810" \ No newline at end of file diff --git a/danish/security/2003/dsa-351.wml b/danish/security/2003/dsa-351.wml deleted file mode 100644 index e02d23da7d8..00000000000 --- a/danish/security/2003/dsa-351.wml +++ /dev/null @@ -1,19 +0,0 @@ -udførsel af skripter på tværs af websteder - -

Funktionaliteten "transparent session ID" i php4-pakken indkapsler ikke -brugerleverede data korrekt, før disse indsættes i den genererede HTML-side. -En angriber kunne anvende denne sårbarhed til at udføre indlejrede skripter -indenfor den genererede sides kontekst.

- -

I den stabile distribution (woody) er dette problem rettet i version -4:4.1.2-6woody3.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet. -Se Debians fejl nummer 200736.

- -

Vi anbefaler at du opdaterer din php4-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-351.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" \ No newline at end of file diff --git a/danish/security/2003/dsa-352.wml b/danish/security/2003/dsa-352.wml deleted file mode 100644 index cdc1b17e53b..00000000000 --- a/danish/security/2003/dsa-352.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker midlertidig mappe - -

fdclone opretter en midlertidig mappe i /tmp, til brug som arbejdsområde. -Men hvis denne mappe allerede findes, anvendes denne i stedet, ligegyldigt hvad -dens ejerskab og rettigheder er. Dette kunne give en angriber mulighed for at -opnå adgang til fdclones midlertidige filer og deres indhold eller til at -udskifte dem med andre filer, kontrolleret af angriberen.

- -

I den stabile distribution (woody) er dette problem rettet i version -2.00a-1woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.04-1.

- -

Vi anbefaler at du opdaterer din fdclone-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-352.data" -#use wml::debian::translation-check translation="4c9f52eca4c264c310453d2f72dfd4e2a4667f3c" \ No newline at end of file diff --git a/danish/security/2003/dsa-353.wml b/danish/security/2003/dsa-353.wml deleted file mode 100644 index 77d50b5a7e7..00000000000 --- a/danish/security/2003/dsa-353.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker midlertidig fil - -

sup, en pakke der anvendes til at vedligeholde samlinger af identiske filer -på forskellige maskiner, foretager ikke de nødvendige sikkerhedsforanstaltninger -ved oprettelse af midlertidige filer. En lokal angriber kunne udnytte denne -sårbarhed til at overskrive vilkårlige filer med rettighederne hørende til den -bruger, der kører sup.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.8-8woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.8-9.

- -

Vi anbefaler at du opdaterer din sup-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-353.data" -#use wml::debian::translation-check translation="b3f0e3390b289d7aad95d9ada7a059018ebf70cb" diff --git a/danish/security/2003/dsa-354.wml b/danish/security/2003/dsa-354.wml deleted file mode 100644 index f6560e81af6..00000000000 --- a/danish/security/2003/dsa-354.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Steve Kemp har opdaget et bufferoverløb i xconq, når miljøvariablen USER -behandles. I forbindelse med rettelsen af denne fejl, blev et lignende problem -opdaget i forbindelse med miljøvariablen DISPLAY. Denne sårbarhed kunne -udnyttes af en lokal angriber til at opnå gid 'games'.

- -

I den nuværende stabile distribution (woody) er dette problem rettet i -version 7.4.1-2woody2.

- -

I den ustabile distribution (sid) vil problemet snart blive rettet. -Se Debians fejl nummer 202963.

- -

Vi anbefaler at du opdaterer din xconq-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-354.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" diff --git a/danish/security/2003/dsa-355.wml b/danish/security/2003/dsa-355.wml deleted file mode 100644 index aee07e20ab8..00000000000 --- a/danish/security/2003/dsa-355.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="9adb2fd8f5412494b458542149fbf1d9ef939cf3" mindelta="1" -cross-site scripting - -

Larry Nguyen har opdaget en sårbarhed i gallery, et webbaseret fotoalbum -skrevet i PHP, der gør det muligt at udføre skripts på tværs af websteder. -Denne sikkerhedsfejl kan gøre det muligt for en ondsindet bruger, at fremstille -en URL, der udfører JavaScript-kode på dit websted.

- -

I den nuværende stabile distribution (woody) er dette problem rettet -i version 1.25-8woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.3.4-3.

- -

Vi anbefaler at du opdaterer din gallery-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-355.data" diff --git a/danish/security/2003/dsa-356.wml b/danish/security/2003/dsa-356.wml deleted file mode 100644 index c6a575131e6..00000000000 --- a/danish/security/2003/dsa-356.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="9adb2fd8f5412494b458542149fbf1d9ef939cf3" mindelta="1" -bufferoverløb - -

Steve Kemp har opdaget to bufferoverløb i xtokkaetama, et spil, ved -behandling af kommandolinieparametret -display og miljøvariablen XTOKKAETAMADIR. -Disse sårbarheder kunne udnyttes af en lokal angriber til at opnå gid -'games'.

- -

I den nuværende stabile distribution (woody) er dette problem rettet -i version 1.0b-6woody1.

- -

I den ustabile distribution (sid) rettet dette problem i version -1.0b-8.

- -

Vi anbefaler at du opdaterer din xtokkaetama-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-356.data" diff --git a/danish/security/2003/dsa-357.wml b/danish/security/2003/dsa-357.wml deleted file mode 100644 index 8d5e24ee257..00000000000 --- a/danish/security/2003/dsa-357.wml +++ /dev/null @@ -1,19 +0,0 @@ -fjernroot-udnyttelse - -

iSEC Security Research rapporterer at wu-ftpd indeholder en forskudt med -en-fejl i funktionen fb_realpath, som kunne udnyttes af en bruger, der er logget -på (lokal eller anonym) til at opnå root-rettigheder. Efter sigende er der et -eksempel på udnyttelse tilgængelig.

- -

I den nuværende stabile distribution (woody) er dette problem rettet -i version 2.6.2-3woody1.

- -

I den ustabile distribution (sid) vil en opdatering snart blive gjort -tilgængelig.

- -

Vi anbefaler at du omgående opgraderer din wu-ftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-357.data" -#use wml::debian::translation-check translation="06070ffaa8d2babd3ba830ad8c8c25826217fe29" mindelta="1" diff --git a/danish/security/2003/dsa-358.wml b/danish/security/2003/dsa-358.wml deleted file mode 100644 index 57839857f0e..00000000000 --- a/danish/security/2003/dsa-358.wml +++ /dev/null @@ -1,110 +0,0 @@ -flere sårbarheder - -

Et antal sårbarheder er opdaget i Linux-kernen.

- -
    - -
  • \ - CAN-2003-0461: /proc/tty/driver/serial i Linux 2.4.x afslører det præcise - antal tegn, der anvedes i serielle lænker, hvilket kunne gøre det muligt for - lokale brugere, at få fat i potentielt følsomme oplysninger som eksempelvis - længden på adgangskoder. Denne fejl er rettet ved at begrænse adgangen til - /proc/tty/driver/serial.
    • - -
  • \ - CAN-2003-0462: En "race condition" ved den måde pointerne env_start og - env_end initialiseres i systemkaldet execve og anvendes i fs/proc/base.c i - Linux 2.4, gør det muligt for lokale brugere at igangsætte et lammelsesangreb - (systemnedbrud).
    • - -
  • \ - CAN-2003-0476: Systemkaldet execve i Linux 2.4.x gemmer fil-descriptorer - hørende til udførbare processer i den kaldende proces' filtabel, hvilket gør - det muligt for lokale brugere at opnå læseadgang til fil-descriptorer, som der - er begrænset adgang til.
    • - -
  • \ - CAN-2003-0501: Filsystemet /proc i Linux gør det muligt for lokale brugere - at få fat i følsomme oplysninger, ved at åbne forskellige poster i /proc/self, - før et setuid-program udføres, hvilket får programmet til at ændre på, hvem - der ejer og har rettigheder til disse poster.
    • - -
  • \ - CAN-2003-0550: STP-protokollen, som er slået til i Linux 2.4.x, indeholder - ikke tilstrækkelig sikkerhed, hvilket gør det muligt for angribere at ændre på - bridge-topologien. Denne fejl er rettet ved at slå DTP fra som standard.
    • - -
  • \ - CAN-2003-0551: STP-protokollen, som er slået til i Linux 2.4.x, indeholder - ikke tilstrækkelig sikkerhed, hvilket gør det muligt for angribere at ændre på - bridge-topologien.
    • - -
  • \ - CAN-2003-0552: Linux 2.4.x tillader fjernangribere, at udgive sig for at - være "bridge forwarding"-tabellen ved hjælp af forfalskede pakker, hvis - ophavsadresser er de samme som målet.
    • - -
  • \ - CAN-2003-0018: Linux-kerne 2.4.10 til 2.4.21-pre4 håndterer ikke - O_DIRECT-funktionen korrekt, hvilket gør det muligt for lokale angribere, med - skriverettigheder, at læse dele af tidligere slettede filer eller forsage - ødelæggelse af filsystemet. Denne fejl er rettet ved at slå O_DIRECT - fra.
    • - -
  • \ - CAN-2003-0619: Heltal med fortegnsfejl i funktionen decode_fh i nfs3xdr.c - i Linux-kerner før 2.4.21 gør det muligt for fjernangribere at forsage et - lammelelsesangreb (kernepanik) ved hjælp af en negativ størrelsesværdi i - XDR-dataene i et NFSv3-procedurekald.
    • - -
- -

Dette bulletin dækker kun arkitekturerne i386 og alpha. Andre arkitekturer -vil blive dækket i separate bulletiner.

- -

I den stabile distribution (woody) på i386-arkitekturen er disse problemer -rettet i kernel-source-2.4.18 version 2.4.18-13, kernel-image-2.4.18-1-i386 -version 2.4.18-11 og kernel-image-2.4.18-i386bf version 2.4.18-5woody4.

- -

I den stabile distribution (woody) on alpha-arkitekturen er disse problemer -rettet i kernel-source-2.4.18 version 2.4.18-13 og -kernel-image-2.4.18-1-alpha version 2.4.18-10.

- -

I den ustabile distribution (sid) er disse problemer rettet i -kernel-source-2.4.20 version 2.4.20-9.

- -

Vi anbefaler at du opdaterer dine kernel-pakker.

- -

Hvis du anvender en kerne, som installationssystemet har installeret fordi -valgmuligheden "bf24" er valgt (for at få 2n 2.4.x-kerne), skal du installere -pakken kernel-image-2.4.18-bf2.4. Hvis du har installeret en anden -kernel-image-pakke efter installationen, skal du installere den tilsvarende -2.4.18-1-kerne. Du kan bruge tabellen nedenfor som vejledning.

- -
-   | Hvis "uname -r" viser: | Installér denne pakke:
-   | 2.4.18-bf2.4           | kernel-image-2.4.18-bf2.4
-   | 2.4.18-386             | kernel-image-2.4.18-1-386
-   | 2.4.18-586tsc          | kernel-image-2.4.18-1-586tsc
-   | 2.4.18-686             | kernel-image-2.4.18-1-686
-   | 2.4.18-686-smp         | kernel-image-2.4.18-1-686-smp
-   | 2.4.18-k6              | kernel-image-2.4.18-1-k6
-   | 2.4.18-k7              | kernel-image-2.4.18-1-k7
-
- -

BEMÆRK: Denne kerne er binært kompatibel med den foregående -sikkerhedsopdatering af kernen, men ikke binært kompatibel med den tilsvarende -kerne i Debian Debian 3.0r1. Hvis du ikke allerede har den foregående -sikkerhedsopdatering (kernel-image-2.4.18-bf2.4 version 2.4.18-5woody1 eller en -af 2.4.18-1-*-kernerne), vil "hjemmelavede" moduler skulle genoversættes, for at -kunne fungere med den nye kerne. Nye PCMCIA-moduler leveres til alle ovennævnte -kerner.

- -

BEMÆRK: Det er nødvendigt at genstarte systemet umiddelbart efter -opgraderingen, for at erstatte den kørende kerne. Husk omhyggeligt at læse og -fælge vejledningen under kerneopgraderingsprocessen.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-358.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-359.wml b/danish/security/2003/dsa-359.wml deleted file mode 100644 index e167e603067..00000000000 --- a/danish/security/2003/dsa-359.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Steve Kemp har opdaget flere bufferoverløb i atari800, en Atari-emulator. -For at tilgå grafikhardwaren direkte, er et af de påvirkede programmer setuid -root. En lokal angriber kunne udnytte denne sårbarhed til at opnå -root-rettigheder.

- -

I den nuværende stabile distribution (woody) er dette problem rettet -i version 1.2.2-1woody2.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din atari800-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-359.data" -#use wml::debian::translation-check translation="b237c2d3809e316857351954f4f90e53bac39e65" mindelta="1" diff --git a/danish/security/2003/dsa-360.wml b/danish/security/2003/dsa-360.wml deleted file mode 100644 index 2c9121a2aa9..00000000000 --- a/danish/security/2003/dsa-360.wml +++ /dev/null @@ -1,29 +0,0 @@ -flere sårbarheder - -

xfstt, en TrueType-skrifttypeserver til X Window-systemet har vist sig at -indeholder to former for sårbarheder:

- -

\ - CAN-2003-0581: En fjernangriber kunne sende forespørgsler, fremstillet til - at udløse et af flere bufferoverløb, resulterende i et lammelsesangreb eller - muligvis udførelse af vilkårlig kode på serveren, med rettighederne hørende til - brugeren "nobody".

- -

\ - CAN-2003-0625: Visse ugyldige data ved et forbindelseshåndtryk, kunne gøre - det muligt for en fjernangriber at læse visse hukommelsesområder, hørende til - xfstt-processen. Disse oplysninger kunne anvendes til at tage fingeraftryk - eller som en hjælp i udnyttelsen af en anden sårbarhed.

- -

I den nuværende stabile distribution (woody) er disse problemer -rettet i version 1.2.1-3.

- -

I den ustabile distribution (sid), er CAN-2003-0581 rettet i xfstt -1.5-1 og CAN-2003-0625 snart blive rettet.

- -

Vi anbefaler at du opdaterer din xfstt-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-360.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-361.wml b/danish/security/2003/dsa-361.wml deleted file mode 100644 index 423274889a8..00000000000 --- a/danish/security/2003/dsa-361.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Der er opdaget to sårbarheder i kdelibs:

- -
    -
  • \ - CAN-2003-0459: KDE Konqueror til KDE 3.1.2 og tidligere fjerner ikke - autentifikationsoplysninger fra URI'er på formen "bruger:adgangskode@vært" i - HTTP-Referer-headeren, hvilket kunne gøre det muligt for fjerne websteder at - stjæle oplysningerne fra sider, der henviser til dem.
    • - -
  • \ - CAN-2003-0370: Konqueror Embedded samt KDE 2.2.2 og tidligere validerer - ikke Common Name-feltet (CN) til X.509-certifikater, hvilket kunne gøre det - muligt for fjernangribere at forfalske certifikaterne ved hjælp af et - "manden i midten"-angreb.
    • -
- -

Sårbarheder er beskrevet i følgende sikkerhedsbulletiner fra KDE:

- -
    -
  • http://www.kde.org/info/security/advisory-20030729-1.txt
    • -
  • http://www.kde.org/info/security/advisory-20030602-1.txt
    • -
- -

I den nuværende stabile distribution (woody) er disse problemer -rettet i version 2.2.2-13.woody.8 af kdelibs og version 2.2.2-6woody2 af -kdelibs-crypto.

- -

I den ustabile distribution (sid) er disse problemer rettet i -kdelibs version 4:3.1.3-1. Den ustabile distribution indeholder ikke en -separat kdelibs-crypto-pakke.

- -

Vi anbefaler at du opdaterer din kdelibs- og kdelibs-crypto-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-361.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-362.wml b/danish/security/2003/dsa-362.wml deleted file mode 100644 index be1839f1ae5..00000000000 --- a/danish/security/2003/dsa-362.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikker midlertidig fil - -

mindi, et program til oprettelse af boot-/root-disketter, tager ikke de -nødvendige sikkerhedsforanstaltninger ved oprettelse af midlertidige filer. -Denne fejl kunne potentielt udnyttes til at overskrive vilkårlige filer med -rettighederne hørende til den bruger, der kører mindi.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.58.r5-1woody1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet. -Se Debians fejl nummer 203825.

- -

Vi anbefaler at du opdaterer din mindi-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-362.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" mindelta="1" diff --git a/danish/security/2003/dsa-363.wml b/danish/security/2003/dsa-363.wml deleted file mode 100644 index ac7587944fe..00000000000 --- a/danish/security/2003/dsa-363.wml +++ /dev/null @@ -1,29 +0,0 @@ -lammelsesangreb, bounce-scanning - -

Posttransport-programmet postfix i Debian 3.0 indeholder to sårbarheder:

- -
    -
  • \ -CAN-2003-0468: Postfix tillod en angriber at foretage "bounce-scan" af -private netværk eller anvende dæmonen som et DDoS-værktøj, ved at tvinge den til -at tilslutte sig en vilkårlig tjenste på en vilkårlig IP-adresse og enten -modtage en bounce-meddelelse eller holde øje med kø-handlinger for at gætte sig -til status på leveringsforsøget.
    • - -
  • \ -CAN-2003-0540: En misdannet envelope-adresse kan 1) få -kø-håndteringsprogrammet til at låse indtil en post fjernes fra køen og 2) få -SMTP-lytteprogrammet til at låse, resulterende i et lammelsesangreb.
    • -
- -

I den nuværende stabile distribution (woody) er disse problemer -rettet i version 1.1.11-0.woody3.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opdaterer din postfix-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-363.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-364.wml b/danish/security/2003/dsa-364.wml deleted file mode 100644 index e474503681a..00000000000 --- a/danish/security/2003/dsa-364.wml +++ /dev/null @@ -1,41 +0,0 @@ -bufferoverløb, vilkårlig kommandoudførelse - -

man-db leverer den almindelige man(1)-kommando på Debian-systemer. Under -opsætningen af denne pakke, bliver administratoren sprugt om man(1) skal køre -setuid til en bestemt bruger ("man") for at kunne have et mellemlager af -præformatterede manualsider. Standarden for man(1) er IKKE at være setuid og -der er ingen kendte udnyttelse ved denne opsætning. Hvis bruger dog eksplicit -beder om setuid-indstillingen, kunne en lokal angriber udnytte følgende fejl til -at udføre vilkårlig kode som brugeren "man".

- -

Igen, disse sårbarheder påvirker ikke standardopsætningen hvor man ikke er -setuid.

- -
    -
  • \ - CAN-2003-0620: Flere bufferoverløb i man-db 2.4.1 og tidligere, når - installeret setuid, gør det muligt for lokale brugere at opnå rettigheder ved - hjælp af (1) argumenterne MANDATORY_MANPATH, MANPATH_MAP og MANDB_MAP til - add_to_dirlist i manp.c, (2) et langt stinavn til ult_src i ult_src.c, (3) et - langt .so-argument til test_for_include i ult_src.c, (4) en lang - MANPATH-miljøvariabel eller (5) en lang PATH-miljøvariabel.
    • - -
  • \ - CAN-2003-0645: Visse DEFINE-direktiver i ~/.manpath, der indeholdt - kommandoer der skal udføres, blev udført selvom programmet kørte setuid, - hvilket gjorde det muligt for enhver bruger at udføre kommandoer som brugeren - "man".
    • -
- -

I den nuværende stabile distribution (woody), er disse problemer -rettet i version 2.3.20-18.woody.4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.4.1-13.

- -

Vi anbefaler at du opdaterer din man-db-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-364.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-365.wml b/danish/security/2003/dsa-365.wml deleted file mode 100644 index 2a8bfc65785..00000000000 --- a/danish/security/2003/dsa-365.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Der er opdaget flere sårbarheder i phpgroupware:

- -
    -
  • \ - CAN-2003-0504: Flere sårbarheder, der gør det muligt at udføre skripter på - tværs af websteder (XSS) i Phpgroupware 0.9.14.003 (alias webdistro), tillader - fjernangribere at indsætte vilkårlig HTML- eller webskriptkode, demonstreret - med et forespørgsel til index.php i addressbook-modulet.
    • - -
  • \ - CAN-2003-0599: Ukendt sårbarhed i phpGroupWare 0.9.16preRC og versioner - før 0.9.14.004 i forbindelse med Virtual File System (VFS) med ukendte - konsekvenser, har noget at gøre med, at VFS-stien er under - webdokumentroden.
    • - -
  • \ - CAN-2003-0657: Flere sårbarheder, der gør det muligt at indsprøjte SQL i - phpgroupwares infolog-modul, hvilket gør at fjernangribere kan udføre - vilkårlige SQL-kommandoer.
    • -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 0.9.14-0.RC3.2.woody2.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet. -Se Debians fejl nummer 201980.

- -

Vi anbefaler at du opdaterer din phpgroupware-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-365.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-366.wml b/danish/security/2003/dsa-366.wml deleted file mode 100644 index b89fdd2657d..00000000000 --- a/danish/security/2003/dsa-366.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker midlertidig fil - -

eroaster, en overbygning til brænding af CD-R'er med cdrecord, tager ikke de -nødvendige sikkerhedsforanstaltninger ved oprettelse af en midlertidig fil, der -skal anvendes som låsningsfil. Denne fejl kunne potentielt udnyttes til at -overskrive vilkårlige filer med rettighederne hørende til den bruger, der kører -eroaster.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.1.0.0.3-2woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.2.0-0.5-1.

- -

Vi anbefaler at du opdaterer din eroaster-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-366.data" -#use wml::debian::translation-check translation="fc2c33ae0c1adce478e226ba4f4fa2aea8850298" mindelta="1" diff --git a/danish/security/2003/dsa-367.wml b/danish/security/2003/dsa-367.wml deleted file mode 100644 index c42bc44e4b7..00000000000 --- a/danish/security/2003/dsa-367.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Et bufferoverløb mere er opdaget i xtokkaetama, i forbindelse med -kommandolinieparameteret "-nickname". Denne sårbarhed kunne udnyttes -af en lokal angriber til at opnå gid 'games'.

- -

I den nuværende stabile distribution (woody) er dette problem rettet -i version 1.0b-6woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.0b-9.

- -

Vi anbefaler at du opdaterer din xtokkaetama-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-367.data" -#use wml::debian::translation-check translation="7d317aab879681eb36142d88f5909fe4b6e55566" mindelta="1" diff --git a/danish/security/2003/dsa-368.wml b/danish/security/2003/dsa-368.wml deleted file mode 100644 index e5b6f4948d2..00000000000 --- a/danish/security/2003/dsa-368.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Steve Kemp har opdaget et bufferoverløb i xpcd-svga, der kan udløses med en -lang HOME-miljøvariabel. Denne sårbarhed kunne udnyttes af en lokal angriber til -at opnå root-rettigheder.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.08-8woody1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din xpcd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-368.data" -#use wml::debian::translation-check translation="91a45e9fe8412860669edfc9b78549b1275a3bd7" mindelta="1" diff --git a/danish/security/2003/dsa-369.wml b/danish/security/2003/dsa-369.wml deleted file mode 100644 index b55782b3794..00000000000 --- a/danish/security/2003/dsa-369.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Steve Kemp har opdaget et bufferoverløb i zblast-svgalib, når high -score-filen gemmes. Denne sårbarhed kunne udnyttes af en lokal bruger til at -opnå gid 'games', hvis det lykkedes at komme high score-listen.

- -

I den nuværende stabile distribution (woody) er dette problem rettet -i version 1.2pre-5woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.2.1-7.

- -

Vi anbefaler at du opdaterer din zblast-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-369.data" -#use wml::debian::translation-check translation="190570227ccc093ac64465ed1d34d2d8220f44de" mindelta="1" diff --git a/danish/security/2003/dsa-370.wml b/danish/security/2003/dsa-370.wml deleted file mode 100644 index 81088a7802e..00000000000 --- a/danish/security/2003/dsa-370.wml +++ /dev/null @@ -1,20 +0,0 @@ -formatstreng - -

Florian Zumbiehl har rapporteret en sårbarhed i pam-pgsql, hvorved -brugernavnet der skal anvendes til autentifikation anvendes som en formatstreng -når en logmeddelelse skrives. Denne sårbarhed kan gøre det muligt for en -angriber at udføre vilkårlig kode med rettighederne hørende til det program, -der beder om PAM-autentifikation.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.5.2-3woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.5.2-7.

- -

Vi anbefaler at du opdaterer din pam-pgsql-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-370.data" -#use wml::debian::translation-check translation="9186b50395ef676fcfa313b08128d2b6d6a1d185" mindelta="1" diff --git a/danish/security/2003/dsa-371.wml b/danish/security/2003/dsa-371.wml deleted file mode 100644 index 996ee7a004f..00000000000 --- a/danish/security/2003/dsa-371.wml +++ /dev/null @@ -1,21 +0,0 @@ -udførelse af skript på tværs af websteder - -

Der er en sårbarhed, som gør det muligt at udføre skripter på tværs af -websteder (cross-site scripting) i funktionen start_form() i CGI.pm. -Funktionen sender brugerkontrollerede uddata til action-attributten i et -form-element uden først at gennemgå dem, hvorfor en fjern angriber kan udføre -vilkårlige webskripter indenfor den genererede side. Alle programmer, der -anvender denne funktion i CGI.pm-modulet, kan være påvirkede.

- -

I den nuværende stabile distribution (woody) er dette problem rettet -i version 5.6.1-8.3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 5.8.0-19.

- -

Vi anbefaler at du opdaterer din perl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-371.data" -#use wml::debian::translation-check translation="54f5d94e40c0797dddde79c02f79ebd75aa77afc" mindelta="1" diff --git a/danish/security/2003/dsa-372.wml b/danish/security/2003/dsa-372.wml deleted file mode 100644 index ae7e30249c7..00000000000 --- a/danish/security/2003/dsa-372.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Shaun Colley har opdaget et bufferoverløbssårbarhed i netris, en -netværksudgave af et populært spil. En netris-klient, der forbinder sig til en -en netris-server, der ikke uforbeholdent stoles på, kunne modtage en -usædvanligt lang datapakke, som blev kopieret ind i en fastlængde-buffer, uden -at kontrollere om der var plads nok. Denne sårbarhed kunne udnyttes til at -opnå rettighederne hørende til den bruger, der kører netris i klienttilstand, -hvis vedkommende forbinder sig til en fjendtligt indstillet netris-server.

- -

I den nuværende stabile distribution (woody) er dette problem rettet -i version 0.5-4woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.52-1.

- -

Vi anbefaler at du opdaterer din netris-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-372.data" -#use wml::debian::translation-check translation="ed8a278916070826c40d64dd1239b67f2281fa4c" mindelta="1" diff --git a/danish/security/2003/dsa-373.wml b/danish/security/2003/dsa-373.wml deleted file mode 100644 index 42f36252a92..00000000000 --- a/danish/security/2003/dsa-373.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Christian Jaeger har opdaget et bufferoverløb i autorespond, et program til -automatisk besvarelse af e-mail, der anvendes sammen med qmail. Denne -sårbarhed kunne potentielt udnyttes af en fjernangriber til at opnå -rettighederne tilhørende den bruger, der har opsat qmail til at videresende -meddelelser, der skal svares automatisk på. Pt. kan denne sårbarhed formentlig -ikke udnyttes, på grund af visse begrænsninger på længden af de problematiske -inddata, men der kan være situationer, hvor begræsningerne ikke træder i -kraft.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.0.2-2woody1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din autorespond-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-373.data" -#use wml::debian::translation-check translation="d76cdbb91eb0ae266437115f2e398064860ac400" mindelta="1" diff --git a/danish/security/2003/dsa-374.wml b/danish/security/2003/dsa-374.wml deleted file mode 100644 index c6b7b21c132..00000000000 --- a/danish/security/2003/dsa-374.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

libpam-smb er det PAM-autentifikationsmodul, der gør det muligt at -autentificere brugere op imod en adgangskodedatabase som håndteres af Samba -eller en Microsoft Windows-server. Hvis der angives en lang adgangskode, kan -det medføre et bufferoverløb, der kan udnyttes til at udføre vilkårlig kode med -rettighederne hørende til den proces, der kalder PAM-tjenesten.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.1.6-1.1woody1.

- -

Den ustabile distribution (sid) indeholder ikke pakken libpam-smb.

- -

Vi anbefaler at du opdaterer din libpam-smb-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-374.data" -#use wml::debian::translation-check translation="53f068c1c5fed1e4164ba74378b8a2e3076cc674" mindelta="1" diff --git a/danish/security/2003/dsa-375.wml b/danish/security/2003/dsa-375.wml deleted file mode 100644 index 8b0a9589567..00000000000 --- a/danish/security/2003/dsa-375.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb, formatstreng - -

Morgan alias SM6TKY har opdaget og rettet flere sikkerhedsrelaterede -problemer i LinuxNode, et amatørradionode-program. Det bufferoverløb han -opdagede, kan anvendes til at opnå uautoriseret root-adgang og kan iværksættes -af en fjernangriber.

- -

I den stabile distribution (woody) er dette problem -rettet i version 0.3.0a-2woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.3.2-1.

- -

Vi anbefaler at du omgående opgraderer dine node-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-375.data" -#use wml::debian::translation-check translation="e55d6711b36ead45e64e33a48cbd94044c19290c" mindelta="1" diff --git a/danish/security/2003/dsa-376.wml b/danish/security/2003/dsa-376.wml deleted file mode 100644 index e9618a8951a..00000000000 --- a/danish/security/2003/dsa-376.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Der er et bufferoverløb i exim, som er Debians standardprogram til transport -af post. Ved at levere en særligt fremstillet HELO- eller EHLO-kommando, kunne -en angriber få en strengkonstant til at blive skrevet ud over slutningen af en -buffer, der var allokeret på stakken. På nuværende tidspunkt menes denne -sårbarhed ikke at kunne udnyttes til at udføre vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -exim version 3.35-1woody2 and exim-tls version 3.35-3woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -exim version 3.36-8. Den ustabile distribution indeholder ikke pakken -exim-tls.

- -

Vi anbefaler at du opdaterer din exim- eller exim-tls-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-376.data" -#use wml::debian::translation-check translation="da5fb1046b2c8b0e67137d4d7604e06a424e2f13" mindelta="1" diff --git a/danish/security/2003/dsa-377.wml b/danish/security/2003/dsa-377.wml deleted file mode 100644 index 3c086017579..00000000000 --- a/danish/security/2003/dsa-377.wml +++ /dev/null @@ -1,25 +0,0 @@ -usikker programudførelse - -

wu-ftpd, en ftp-server, indeholder en funktion, der gør det muligt at hente -flere filer via en dynamisk fremstillet arkivfil, eksempelvis et tar-arkiv. -Navnene på de filer, der skal med i arkivet, overføres som -kommandolinieparametre til tar, uden beskyttelse mod at de bliver opfattet som -kommandolinieindstillinger. GNU tar understøtter flere -kommandolinieindstillinger, der kan misbruges ved hjælp af denne sårbarhed, til -at udføre vilkårlige programmer med rettighederne hørende til -wu-ftpd-processen.

- -

Georgi Guninski gjorde opmærksom på, at denne sårbarhed findes i Debian -woody.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.6.2-3woody2.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din wu-ftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-377.data" -#use wml::debian::translation-check translation="6141672f054b76f9f2bd8e229a5d4fe68ec90796" mindelta="1" diff --git a/danish/security/2003/dsa-378.wml b/danish/security/2003/dsa-378.wml deleted file mode 100644 index b5135d458a5..00000000000 --- a/danish/security/2003/dsa-378.wml +++ /dev/null @@ -1,32 +0,0 @@ -bufferoverløb, lammelsesangreb - -

Nicolas Boullis har opdaget to sårbarheder i mah-jong, et spil der kan -spilles over netværk.

- -
    - -
  • \ -CAN-2003-0705 (bufferoverløb) -

    Denne sårbarhed kunne udnyttes af en fjernangriber til at udføre vilkårlig -kode med rettighederne hørende til den bruger, som kørte mah-jong-serveren.

    • - -
  • \ -CAN-2003-0706 (lammelsesangreb) -

    Denne sårbarhed kunne udnyttes af en fjernangriber til at få -mah-jong-serveren til at gå ind i en "snæver løkke" og holde op med at reagere -på kommandoer.

    • - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.4-2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.5.6-2.

- -

Vi anbefaler at du opdaterer din mah-jong-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-378.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-379.wml b/danish/security/2003/dsa-379.wml deleted file mode 100644 index 83569a9e764..00000000000 --- a/danish/security/2003/dsa-379.wml +++ /dev/null @@ -1,85 +0,0 @@ -flere sårbarheder - -

Alexander Hvostov, Julien Blache og Aurelien Jarno har opdaget flere -sikkerhedsrelaterede problemer i pakken sane-backends, der indeholder et -API-bibliotek til scannere og en scanner-dæmon (i pakken libsane), som kan -fjernudnyttes. Disse problemer gør det muligt for en fjernangriber, at -forsage en segmenteringsfejl og/eller opbruge vilkårlige mængder hukommelse. -Angrebet lykkes, også selvom angriberens computer ikke er anført i -saned.conf.

- -

Man er kun sårbar, hvis man rent faktisk kører saned, for eksempel fra -xinetd eller inetd. Hvis oplysningerne i xinitds henholdsvis initds -opsætningsfil er udkommenteret eller ikke findes, er man sikker.

- -

Prøv telnet localhost 6566 på den server, hvor saned måske kører. -Får du meddelelsen "connection refused", kører saned ikke og du er sikker.

- -

Projeket Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • \ -CAN-2003-0773: - -

    saned kontrollerer kun identiteten (IP-adressen) på den fjerne maskine efter -den første kommunikation er forekommet (SANE_NET_INIT). Derfor kan alle sende -dénne RPC, også selvom den fjerne maskine ikke har tilladelse til at scanne -(dvs. ikke er anført i saned.conf).

    • - -
  • \ -CAN-2003-0774: - -

    saned mangler fejlkontroller næsten overalt i koden. Derfor opdages -afbrudte forbindelser meget sent. Hvis den afbrudte forbindelse ikke opdages, -beholder forbindelsen til den interne wire-buffer grænserne for den allokerede -hukommelse. Derfor bliver tilfældig hukommelse "efter" wire-bufferen læst, -hvilket fører til en segementeringsfejl.

    • - -
  • \ -CAN-2003-0775: - -

    Hvis saned forventer strenge, malloc'erers den nødvendige hukommelse til -opbevaring af hele strenge, efter strengens størrelse er modtaget. Hvis -forbindelsen afbrydes før størrelsen er blevet overført, reserverer malloc en -vilkårlig mængde hukommelse. Afhængigt af denne størrelse og mængden af -tilgængelig hukommelse, vil malloc gå ned (dvs. saned afbryder) eller en stor -mængde hukommelse vil blive allokeret. Swapping og OOM-tiltag kan forekomme, -afhængigt af kernen.

    • - -
  • \ -CAN-2003-0776: - -

    saned kontrollerer ikke om modtagne RPC-numre er gyldige, før den modtager -parametrene.

    • - -
  • \ -CAN-2003-0777: - -

    Hvis fejlsøgningsmeddelelser er slået til og forbindelsen afbrydes, kan -strenge der ikke er nul-afsluttede blive udskrevet og en segmenteringsfejl -opstå.

    • - -
  • \ -CAN-2003-0778: - -

    Det er muligt at allokere en vilkårlig mængde hukommelse på serveren, der -kører saned, selvom forbindelsen ikke afbrydes. For øjeblikket er det ikke -noget, som let kan rettes iflg. forfatteren. Det er bedre at begrænse den -totale mængde hukommelse, saned må bruge (ulimit).

    • - -
- -

I den stabile distribution (woody) er disse problemer -rettet i version 1.0.7-4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.0.11-1 and later.

- -

Vi anbefaler at du opgraderer dine libsane-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-379.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-380.wml b/danish/security/2003/dsa-380.wml deleted file mode 100644 index 231886bb211..00000000000 --- a/danish/security/2003/dsa-380.wml +++ /dev/null @@ -1,219 +0,0 @@ -#use wml::fmt::verbatim -bufferoverløb, lammelsesangreb - -

Der er opdaget fire sårbarheder i XFree86.

- -
    -
  • \ -CAN-2003-0063 - xterms escapesekvens til rapportering af vinduetitel kan -snyde brugeren - -

    Pakken xterm indeholder terminal-escapesekvens, som rapporterer vinduets -titel ved at "sprøjte" den i terminalvinduets inddatabuffer, som havde brugeren -selv skrevet det. En angriber kan fremstille en escapesekvens som opsætter -titlen på offerets xterm-vindue til en vilkårlig streng (eksemvel en -shell-kommando) som dernæst rapporterer den titel. Hvis offeret er i en -shell når dette sker, vil den indsprøjtede kommando vise sig på kommandolinien, -klar til at blive udført. Da det ikke er muligt at indlejre et linieskift i -vinduetitlen, er angriberen nødt til at overbevise offeret om, at der skal -trykkes på enter-tasten (eller håbe at offerets er skødesløst eller blevet -forvirret), for at shell'en eller en anden interaktiv procsen kan fortolke -vinduets titel as inddata fra brugeren. Det er dog tænkeligt, at angriberen -kan fremstille andre escapesekvenser, som kan overbevise offeret om at -acceptere om de indsprøjtede data. Projektet Common Vulnerabilities and -Exposures på cve.mitre.org har tildelt navnet -\ -CAN-2003-0063 til dette problem.

    - -

    For at afgøre om din version af xterm er sårbar mod misbrug af funktionen -til rapportering af vinduetitlen, kan du køre følgende kommando i en shell i et -xterm-vindue:

    - - - echo -e "\e[21t" - - -

    (Terminalen vil måske bippe og der vil blive indsat et "1" først i vinduets -titel.)

    - -

    Denne fejl kan udnyttes af alt, hvad der kan sende uddata til et -terminalvindue, eksempelvis et tekstdokument. Brugeren af xterm skal dog gøre -et eller andet for at escapesekvensen vil blive sendt (for eksempel kigge i et -ondsindet fremstillet tekstdokument med kommandoen "cat"). Hvorvidt der er -mulighed for, at du kan blive udsat for sårbarheden, afhænger af måden, du -bruger xterm på. Overvej følgende:

    - - - echo -e '\e]2;s && echo rm -rf *\a' > /tmp/sploit - echo -e '\e[21t' >> /tmp/sploit - cat /tmp/sploit - - -

    Debian har løst problemet ved at slå escapesekvensen til rapportering af -vinduetitler fra i xterm; den modtages men blive ignoreret. Escapesekvensen -til opsætning af et vindues titel er ikke slået fra.

    - -

    I en senere udgave af xterm-pakken vil indeholde en opsætningsvalg, der gør -det muligt for brugeren af slå escapesekvensen til rapportering af -vinduetitler til igen, men den vil som standard være slået fra.

    -
    • - -
  • \ -CAN-2003-0071 - xterm modtagelig for lammelsesangreb baseret på DEC -UDK-escapesekvens - -

    Da pakken xterm emulerer DEC VT-serien af tekstterminaler, emuleres en -funktion i DEC VT-terminaler kendt som "User-Defined Keys" (UDK forkortet). -Der er dog en fejl i xterms håndtering af DEC UDK-escapesekvenser, og en -misdannet kan få xterm-processen til at gå i en stram løkke. Dette får -processen til at gå i "spin" og bruge CPU-tid helt unødvendigt, samt nægte at -håndtere signaler (eksempelvis forsøg på at dræbe processen eller lukke -vinduet).

    - -

    For at afgøre om din version af xterm er sårbar overfor dette angreb, kan -du udføre følgende kommando i en shell i et xterm-vindue, der kan "ofres" -(dvs. et vindue der ikke har noget i tilbagerulningsbufferen, som du senere kan -få brug for):

    - - - echo -e "\eP0;0|0A/17\x9c" - - -

    Denne fejl kan udnyttes af alt, hvad der kan sende uddata til et -terminalvindue, eksempelvis et tekstdokument. Brugeren af xterm skal dog gøre -et eller andet for at escapesekvensen vil blive sendt (for eksempel kigge i et -ondsindet fremstillet tekstdokument med kommandoen "cat"). Hvorvidt der er -mulighed for, at du kan blive udsat for sårbarheden, afhænger af måden, du -bruger xterm på.

    - -

    Debian har løst dette problem ved at tilbageføre en opstrømsrettelse til -XFree86 4.1.0.

    -
    • - -
  • \ -CAN-2002-0164 - en fejl i X-serverens MIT-SHM-udvidelse, gør det muligt for -en bruger, der ejer en X-session, at læse og skrive vilkårlige delte -hukommelsessegmenter - -

    De fleste X-serverer nedstammer fra af MIT/X Consortium/X.Orgs -prøveimplementering, deriblandt XFree86s X-servere, og understøtter en -udvidelse til X-protokollen som hedder MIT-SHM, der gør det muligt for -X-klienter, som kører på den samme vært som X-serveren, at arbejde hurtigere og -mere effektivt ved at drage fordel af en funktion i styresystemet som hedder -delt hukommelse (shared memory), hvor det er tilgængeligt. Linux-kernen -understøtter for eksempel delt hukommelse.

    - -

    Fordi X-serveren kører med forøgede rettigheder, er styresystemets -indbyggede adgangskontrolmekanismer ineffektive til at overvåge X-serverens -brug af delte hukommelsessegmenter. Dette var ikke udført korrekt i tidligere -udgaver af XFree86 (og før da i MIT/X Consortium/X.Orgs prøveimplementering), -hvilket efterlader muligtheder for ondsindede X-klienter, for at læse og ændre -delte hukommelsessegmenter, som de ikke burde have adgang til. Projektet -Common Vulnerabilities and Exposures på cve.mitre.org har tildelt navnet -\ -CAN-2002-0164 til dette problem.

    - -

    Debians XFree86 4.1.0-16-pakker er udsendt med en ufuldstændig rettelse af -denne fejl, og sørger kun for korrekt adgangskontrol til X-servere, som ikke -var startet af en display-manager (som for eksempel xdm). Problemet løses af -denne opdatering.

    - -

    Debian-projektet har ikke kendskab til udnyttelser af denne sårbarhed. En -ondsindet X-klient som misbruger MIT-SHM-udvidelsen kan dog formentlig -fremstilles og udføres (bevidst eller ubevidst) af en bruger, der kan køre en -X-server på værtsmaskinen. Konsekvensen af denne fejl er afhængig af hvordan -delt hukommelse anvendes på systemet. Se manualsiden ipcs(8) for flere -oplysninger.

    - -

    Debian har løst dette problem ved at tilbageføre en opstrømsrettelse til -XFree86 4.1.0.

    -
    • - -
  • \ -CAN-2003-0730 - flere heltalsoverløb i skrifttype-bibliotekerne til XFree86 -gør det muligt for lokale eller fjernangribere at forsage et lammelsesangreb -eller at udføre vilkårlig kode via heap- og stak-baserede bufferoverløbsangreb - -

    Sikkerheds-efterforskeren "blexim" skriver [omskrevet]:

    - -
    -

    Jeg har opdaget flere fejl i den aktuelle udgave af XFree86-kildekodens -skrifttype-biblioteker. Disse fejl kunne potentielt føre til udførelse af -vilkårlig kode af en fjernbruger i enhver proces, der kalder de pågældende -funktioner. Funktionerne har med overførsel og optælling af skrifttyper fra -skrifttype-servere til klienter, hvilket begrænset omfanget af hullet, der -forsages af disse fejl.

    - -

    Nærmere bestemt kontrolleres flere størrelsesvariable, der overføres fra en -skrifttype-server, ikke tilstrækkeligt, hvilket medfører at beregninger, som er -baseret på dem, giver forkerte værdier. Disse fejlagtige beregninger kan føre -til buffere på heap og stak løber over, hvilket potentielt køre resultere i -udførelse af vilkårlig kode. Som beskrevet ovenfor er risikoen begrænset af -det faktum, at kun klienter er påvirkelige af disse fejl, men i visse -opsætninger (non-standard), kan både xfs og X-serveren fungere som klienter til -fjerne skrifttype-servere. I disse opsætninger er xfs og X-serveren potentielt -i farezonen.

    -
    - -

    Projektet Common Vulnerabilities and Exposures på cve.mitre.org har tildelt -navnet \ -CAN-2003-0730 til dette problem.

    - -

    Debian-projektet har ikke kendskab til udnyttelser af denne sårbarhed. Som -standard er X-servere i Debian opsat til kun at lytte til skrifttype-server der -kører lokalt, hvilket ikke engang anvendes hvis xfs-pakken ikke er installeret. -Debians standardopsætning af xfs bruger kun skrifttype-mapper på den lokale -maskine og forsøger ikke at tilslutte sig eksterne skrifttype-servere.

    - -

    Debian har løst dette problem ved at tilbageføre en opstrømsrettelse til -XFree86 4.1.0.

    -
    • -
- -

Alle ovennævnte problemer påvirker også xfree86v3-pakkerne (for de to første -fejls vedkommende, indeholder xterm-kildekoden fejlene, men der er ikke en -xterm-pakke). På grund af begræsede ressourcer og manglende støtte fra -opstrømsudviklerne til denne gamle kode, kan Debian ikke længere fortsætte med -at understøtte version 3.3.6 af XFree86. For at undgå, at blive udsat for de -to sidstnævnte fejl i denne bulletin, anbefaler vi at du fjerner følgende -pakker, hvis de er installeret:

- -
    -
  • xserver-3dlabs
    • -
  • xserver-8514
    • -
  • xserver-agx
    • -
  • xserver-common-v3
    • -
  • xserver-fbdev
    • -
  • xserver-i128
    • -
  • xserver-mach32
    • -
  • xserver-mach64
    • -
  • xserver-mach8
    • -
  • xserver-mono
    • -
  • xserver-p9000
    • -
  • xserver-s3
    • -
  • xserver-s3v
    • -
  • xserver-svga
    • -
  • xserver-tga
    • -
  • xserver-vga16
    • -
  • xserver-w32
    • -
- -

(Du kan også fjerne pakkerne xext, xlib6 og xlib6-altdev, da undersøttelse -af dem stoppes sammen med de andre XFree86 3.3.6-pakker, de er dog ikke -påvirkede af fejlene i denne bulletin.)

- -

I den stabile distribution (woody) er disse problemer rettet i -version 4.1.0-16woody1.

- -

I den ustabile distribution (sid) er alle problermen, bortset fra -\ -CAN-2003-0730 rettet i version 4.2.1-11. -\ -CAN-2003-0730 vil blive rettet i 4.2.1-12, der er under forberedelse.

- -

Vi anbefaler at du opdaterer din xfree86-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-380.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-381.wml b/danish/security/2003/dsa-381.wml deleted file mode 100644 index 17380338442..00000000000 --- a/danish/security/2003/dsa-381.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

MySQL, et populært relationsdatabasesystem, indeholder et bufferoverløb, der -kan udnyttes af en bruger, der har adgang til at udføre "ALTER TABLE"-kommandoer -på tabeller i "mysql"-databasen. Udnyttet med held, kunne denne sårbarhed give -angriberen mulighed for at udføre vilkårlig kode med rettighederne hørende til -mysqld-processen (som standard brugeren "mysql"). Da "mysql"-databasen anvendes -i MySQLs interne bogføring, som standard er mysql-administratoren "root", den -enste bruger med rettigheder til at ændre programmets tabeller.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.23.49-8.5.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet. -Se Debians fejl nummer 210403.

- -

Vi anbefaler at du opdaterer din mysql-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-381.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" mindelta="1" diff --git a/danish/security/2003/dsa-382.wml b/danish/security/2003/dsa-382.wml deleted file mode 100644 index f9591371c70..00000000000 --- a/danish/security/2003/dsa-382.wml +++ /dev/null @@ -1,25 +0,0 @@ -mulig fjern-sårbarhed - -

Der er opdaget en fejl i OpenSSHs bufferhåndtering, hvor en buffer kunne -blive markeret som forøget, når den faktiske gen-allokering fejlede.

- -

DSA-382-2: - -

Denne bulletin er et tillæg til den tidligere bulletin DSA-382-1: Yderligere -to bufferhåndteringsproblemer er fundet foruden det problem, som er beskrevet i -DSA-382-1. Det vides ikke om disse fejl kan udnyttes, men som en -sikkerhedsforanstaltning anbefales det at opgradere.

- -

DSA-382-3: - -

Denne bulletin er et tillæg til den tidligere bulletin DSA-382-1 og -DSA-382-2: Solar Design har fundet yderligere fire fejl i OpenSSH, som måske -kan udnyttes.

- -

I den stabile Debian-distribution er disse fejl rettet i version -1:3.4p1-1.woody.3.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-382.data" -#use wml::debian::translation-check translation="9cd30fc67cbde9071eb7f48fd07fc92a70dcf193" mindelta="1" diff --git a/danish/security/2003/dsa-383.wml b/danish/security/2003/dsa-383.wml deleted file mode 100644 index 7f5e6a5138f..00000000000 --- a/danish/security/2003/dsa-383.wml +++ /dev/null @@ -1,20 +0,0 @@ -mulig fjern-sårbarhed - -

Der er fundet flere fejl i OpenSSHs bufferhåndtering. Det vides ikke om -disse fejl kan udnyttes, men som en sikkerhedsforanstaltning anbefales det at -opgradere.

- -

DSA-383-2: - -

Denne bulletin er et tillæg til den tidligere bulletin DSA-383-1: Solar -Design har fundet yderligere fire fejl i OpenSSH, som måske kan udnyttes.

- -

I den stabile Debian-distribution er disse fejl rettet i version -1:3.4p1-0woody4.

- -

Vi anbefaler at du opdaterer din ssh-krb5-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-383.data" -#use wml::debian::translation-check translation="b1042b16690fce69511e94520a64624672dadb63" mindelta="1" diff --git a/danish/security/2003/dsa-384.wml b/danish/security/2003/dsa-384.wml deleted file mode 100644 index 416e4c211f2..00000000000 --- a/danish/security/2003/dsa-384.wml +++ /dev/null @@ -1,33 +0,0 @@ -bufferoverløb - -

Der er rapporteret to sårbarheder i sendmail.

- -
    -
  • \ - CAN-2003-0681: - -

    Et "potentielt bufferoverløb i tolkningen af regelsæt" i Sendmail 8.12.9, - når et ikke-standardregelsæt anvendes (1), modtager (2) eller slutteligt - (3) mailer-specifikke envelope-modtagere, har ukendte konsekvenser.

    • - -
  • \ - CAN-2003-0694: - -

    Funktionen prescan i Sendmail 8.12.9 gør det muligt for fjernangribere at - udføre vilkårlig kode via bufferoverløb-angreb, som demonstreret ved hjælp af - funktionen parseaddr i parseaddr.c.

    • -
- -

I den stabile distribution (woody) er disse problemer rettet i -sendmail version 8.12.3-6.6 og sendmail-wide version -8.12.3+3.5Wbeta-5.5.

- -

I den ustabile distribution (sid) er disse problemer rettet i -sendmail version 8.12.10-1.

- -

Vi anbefaler at du opdaterer din sendmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-384.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-385.wml b/danish/security/2003/dsa-385.wml deleted file mode 100644 index a80aa80c881..00000000000 --- a/danish/security/2003/dsa-385.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Jens Steube har rapporteret et par bufferoverløbs-sårbarheder i hztty, et -program til oversættelse af kinesiske tegnindkapslinger i en terminal-session. -Disse sårbarheder kunne udnyttes af en lokal angriber til at opnå -root-rettigheder på systemet, hvor hztty er installeret.

- -

Desuden blev hztty fejlagtigt installeret som setuid root, selvom det kun -kræver gruppen utmps rettigheder. Dette er også rettet i denne opdatering.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.0-5.2woody1.

- -

I den ustabile distribution (sid) vil problemet blive rettet i -version 2.0-6.

- -

Vi anbefaler at du opdaterer din hztty-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-385.data" -#use wml::debian::translation-check translation="3b9f7a6d57681623dd7daed3c42a1249abfa118c" mindelta="1" diff --git a/danish/security/2003/dsa-386.wml b/danish/security/2003/dsa-386.wml deleted file mode 100644 index d3f1aad8d03..00000000000 --- a/danish/security/2003/dsa-386.wml +++ /dev/null @@ -1,23 +0,0 @@ -inddata-valideringsfejl - -

SuSEs sikkerhedsteam har under en kodegennemgang opdaget en fejl i -Mail::Mailer, et Perl-modul som anvendes til at sende e-mail, hvorved -inddata som man ikke stoler på, potentielt videregives til et program som -eksempelvis mailx, som kan fortolke visse escape-sekvenser som kommander, der -skal udføres.

- -

Denne fejl er rettet ved at fjerne understøttelse af programmer som mailx, -fungerende som et transportmiddel ved afsendelse af e-mail. I stedet anvendes -en alternativ mekanisme.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.44-1woody1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din libmailtools-perl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-386.data" -#use wml::debian::translation-check translation="237b15e781d1769cd377fc0518929572027e1c46" mindelta="1" diff --git a/danish/security/2003/dsa-387.wml b/danish/security/2003/dsa-387.wml deleted file mode 100644 index a98b8f5546c..00000000000 --- a/danish/security/2003/dsa-387.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

gopherd, en gopher-server fra University of Minnesota, indeholder et antal -bufferoverløb, der kunne udnyttes af en fjern-angriber til at udføre vilkårlig -kode under rettighederne hørende til gopherd-processen (som standard brugeren -"gopher").

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.0.3woody1.

- -

Dette program er fjernet fra den ustabile distribution (sid). gopherd er -udgået og dets brugere anbefales at anvende PyGopherd i stedet for.

- -

Vi anbefaler at du opdaterer din gopherd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-387.data" -#use wml::debian::translation-check translation="d2338be941e3d4dc61d3c91deadc3192c3e3fe7c" mindelta="1" diff --git a/danish/security/2003/dsa-388.wml b/danish/security/2003/dsa-388.wml deleted file mode 100644 index 0215d6b7989..00000000000 --- a/danish/security/2003/dsa-388.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Der er opdaget to sårbarheder i kdebase:

- -
    -
  • \ - CAN-2003-0690: - -

    KDM i KDE 3.1.3 og tidligere kontrollerer ikke hvorvidt funktionskaldet - pam_setcred går godt, hvilket kan give angribere mulighed for at opnå - root-rettigheder, ved at udløse fejlsituationer i PAM-moduler, som - demonstreret i visse opsætninger af MIT pam_krb5-modulet.

    • - -
  • \ - CAN-2003-0692: - -

    KDM i KDE 3.1.3 og tidligere anvender en svag algoritme til generering af - sessions-cookies, som ikke leverer en 128 bits-entropi, hvilket gør det - muligt for angribere at gætte sig frem til sessions-cookies ved hjælp af rå - magt og opnå adgang til brugerens session.

    • -
- -

Disse sårbarheder er beskrevet i følgende sikkerhedsbulletiner fra KDE:

- -

- -

I den nuværende stabile distribution (woody) er disse problemer -rettet i version 4:2.2.2-14.7.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opdaterer din kdebase-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-388.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-389.wml b/danish/security/2003/dsa-389.wml deleted file mode 100644 index 7a390fce8e5..00000000000 --- a/danish/security/2003/dsa-389.wml +++ /dev/null @@ -1,24 +0,0 @@ -usikre pakkefiltreringsregler - -

ipmasq er en pakker, der letter opsætning af Linux' IP-masquerading, som er -en form for netværksadresseoversættelse, der gør det muligt for et antal -værtsmaskiner at deles om en enkelt offentlig IP-adresse. På grund af -anvendelse af visse upassende filtreringsregler, blev trafik til en intern -værtsmaskine, som ankom på et eksternt interface videresendt, uanset om den var -forbundet med en oprettet forbindelse. Denne sårbarhed kunne udnyttes af en -angriber, med mulighed for at videresende IP-trafik med en vilkårlig -modtageradresse, til det eksterne interface på et system hvor ipmasq var -installeret.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 3.5.10c.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.5.12.

- -

Vi anbefaler at du opdaterer din ipmasq-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-389.data" -#use wml::debian::translation-check translation="c4a5b59e3a18ebc6f57c09e43474b4217dc2c389" mindelta="1" diff --git a/danish/security/2003/dsa-390.wml b/danish/security/2003/dsa-390.wml deleted file mode 100644 index 3e343a73fda..00000000000 --- a/danish/security/2003/dsa-390.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Steve Kemp har opdaget et bufferoverløb i marbles, når miljøvariablen HOME -behandles. Denne sårbarhed kunne udnyttes af en lokal angriber til at opnå -gid 'games'.

- -

I den nuværende stabile distribution (woody) er dette problem rettet -i version 1.0.2-1woody1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din marbles-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-390.data" -#use wml::debian::translation-check translation="b985197f8e2819fc7410c3bb0db06fce51b2378c" mindelta="1" diff --git a/danish/security/2003/dsa-391.wml b/danish/security/2003/dsa-391.wml deleted file mode 100644 index 674fe663826..00000000000 --- a/danish/security/2003/dsa-391.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Steve Kemp har opdaget et bufferoverløb i freesweep, ved behandling af flere -miljøvariable. Denne sårbarhed kunne udnyttes af en lokal angriber til at opnå -gid 'games'.

- -

I den nuværende stabile distribution (woody) er dette problem rettet -i version 0.88-4woody1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din freesweep-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-391.data" -#use wml::debian::translation-check translation="8ee4ce0481ce06dbf9be86af4ac752ef7480e666" mindelta="1" diff --git a/danish/security/2003/dsa-392.wml b/danish/security/2003/dsa-392.wml deleted file mode 100644 index f6eed699a23..00000000000 --- a/danish/security/2003/dsa-392.wml +++ /dev/null @@ -1,31 +0,0 @@ -bufferoverløb, blotlæggelse af filer og mapper - -

Jens Steube har rapporteret to sårbarheder i webfs, en letvægts-HTTP-server -til statisk indhold.

- -

\ -CAN-2003-0832 - Når virtuel hosting er slået til, kunne en fjern klient -angive ".." som navnet i en forespørgsel, hvilket gjorde det muligt at hente -mappelister eller filer udenfor document root.

- -

\ -CAN-2003-0833 - Et langt filnavn kunne få en buffer til at løbe over, som -var allokeret på stakken, hvilket gjorde det muligt at udføre vilkårlig kode. -For at udnytte denne sårbarhed, var det nødvendigt at kunne oprette mapper på -serveren, på et sted der var tilgængeligt for webserveren. I sammenhæng med -\ -CAN-2003-0832, kunne dette være en verdensskrivbar mappe såsom -/var/tmp.

- -

I den nuværende stabile distribution (woody) er disse problemer rettet -i version 1.17.2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.20.

- -

Vi anbefaler at du opdaterer din webfs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-392.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-393.wml b/danish/security/2003/dsa-393.wml deleted file mode 100644 index ebc27daf42f..00000000000 --- a/danish/security/2003/dsa-393.wml +++ /dev/null @@ -1,26 +0,0 @@ -lammelsesangreb - -

Dr. Stephen Henson () har ved hjælp af -testværktøjer leveret af NISCC (), opdaget et -antal fejl i OpenSSL' ASN1-kode. Kombineret med en fejl, der får OpenSSL's -kode til at fortolke klientcertifikater, selvom den ikke burde, kan disse fejl -skabe en lammelsesangrebssituation (DoS) på systemet, som anvender -OpenSSL-koden, afhængigt af hvordan denne kode anvendes. Eksempelvis skulle -hverken apache-ssl eller ssh være sårbare, selvom de linker til -OpenSSL-bibliotekerne. Dog kan andre programmer der anvender SSL være sårbare -og det anbefales derfor at opgradere OpenSSL.

- -

I den nuværende stabile distribution (woody) er disse problemer -rettet i version 0.9.6c-2.woody.4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.9.7c-1.

- -

Vi anbefaler at du opdaterer din openssl-pakke. Bemærk, at det er -nødvendigt at genstarte de tjenester, som anvender libssl-biblioteket, for at -opdateringen kan træde i kraft.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-393.data" -#use wml::debian::translation-check translation="0c1c5f2db0e2331d36bc0dacc6ba3543967d3674" mindelta="1" diff --git a/danish/security/2003/dsa-394.wml b/danish/security/2003/dsa-394.wml deleted file mode 100644 index f895f710745..00000000000 --- a/danish/security/2003/dsa-394.wml +++ /dev/null @@ -1,66 +0,0 @@ -ASN.1-fortolkningssårbarhed - -

Steve Henson fra OpenSSLs kernegruppe har fundet og rettet et antal -sårbarheder i ASN1-koden i OpenSSL, som blev opdaget efter et testværktøj fra -British National Infrastructure Security Coordination Centre (NISCC) blev -kørt.

- -

En fejl i OpenSSLs SSL/TLS-protokol blev også fundet; den får OpenSSL til at -fortolke et klientcertifikat fra en SSL/TLS-klient, hvor den skulle afvise det -som en protokolfejl.

- -

Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • \ -CAN-2003-0543: - -

    Heltalsoverløb i OpenSSL, som gør det muligt for fjernangribere at forsage -et lammelsesangreb (crash) via et SSL-klientcertifikat med visse -ASN.1-mærkeværdier (tag values).

    - -
  • \ -CAN-2003-0544: - -

    OpenSSL holder ikke godt nok styr på antallet af tegn i visse former for -ASN.1-inddata, hvilket gør det muligt for fjernangribere at foresage et -lammelsesangreb (crash) via et SSL-klientcertifkat, der får OpenSSL til at læse -forbi slutningen af en buffer, når den lange form anvendes.

    - -
  • \ -CAN-2003-0545: - -

    Dobbelt frigivelses-sårbarhed, der gør det muligt for fjernangribere at -forsage et lammelsesangreb (crash) og muligvis udføre vilkårlig kode via et -SSL-klientcertifikat med en given, forkert ASN.1-indkapsling. Denne fejl -findes kun i OpenSSL 0.9.7 og er kun anført her som reference.

    - -
- -

I den stabile distribution (woody) er dette problem rettet i openssl095 -version 0.9.5a-6.woody.3.

- -

Denne pakke findes ikke i distributionerne unstable (sid) eller testing -(sarge).

- -

Vi anbefaler at du opgraderer dine libssl095a-pakker og genstarter services, -der anvender dette bibliotek. Debian distribuerer ingen pakker, som er lænket -til dette bibliotek.

- -

Med følgende kommando (tak til Ray Dassen), fremstilles en liste over navne, -der kører processer, som har libssl095 i deres hukommelsesområde:

- -
-    find /proc -name maps -exec egrep -l 'libssl095' {} /dev/null \; \
-    | sed -e 's/[^0-9]//g' | xargs --no-run-if-empty ps --no-headers -p | \
-    sed -e 's/^\+//' -e 's/ \+/ /g' | cut -d ' ' -f 5 | sort | uniq
-
- -

Du bør genstarte de tilknyttede services.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-394.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-395.wml b/danish/security/2003/dsa-395.wml deleted file mode 100644 index 1082f89e996..00000000000 --- a/danish/security/2003/dsa-395.wml +++ /dev/null @@ -1,20 +0,0 @@ -ukorrekt håndtering af inddata - -

Aldrin Martoq har opdaget et lammelsessårbarhed (DoS) i Apache Tomcat 4.0.x. -Sendes flere ikke-HTTP-forespørgsler til Tomcats HTTP-connector, får det Tomcat -til at afvise yderligere forespørgsler til denne port indtil programmet -genstartes.

- -

I den nuværende stabile distribution (woody) er dette problem rettet -i version 4.0.3-3woody3.

- -

I den ustabile distribution (sid) findes problemet ikke i den aktuelle -version 4.1.24-2.

- -

Vi anbefaler at du opgraderer dine tomcat4-pakker og genstarter -tomcat-serveren.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-395.data" -#use wml::debian::translation-check translation="bdfa3cac08cf5c97a78c34bd66002c1b5a4a8407" mindelta="1" diff --git a/danish/security/2003/dsa-396.wml b/danish/security/2003/dsa-396.wml deleted file mode 100644 index a6501adc65e..00000000000 --- a/danish/security/2003/dsa-396.wml +++ /dev/null @@ -1,36 +0,0 @@ -manglende validering af inddata, forkert beregning - -

Der er opdaget flere sårbarheder i thttpd, en lille HTTP-server.

- -

Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -sårbarheder:

- -
    -
  • \ -CAN-2002-1562: Informationslækage - -

    Marcus Breiing har opdaget, at hvis thttpd anvendes til virtuel hosting og -en angriber anvender en særligt fremstillet "Host:"-headerlinie med et stinavn -i stedet for et værtsnavn, så afslører thttpd oplysninger om værtssystemet og -angriberen kan dermed gennemse hele disken.

    • - -
  • \ -CAN-2003-0899: Udførelse af vilkårlig kode - -

    Joel Söderberg og Christer Öberg har opdaget et bufferoverløb, der gør det -muligt for en fjernangriber delvist at overskrive EBP-registeret og dermed -udføre vilkårlig kode.

    • -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.21b-11.2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.23beta1-2.3.

- -

Vi anbefaler at du omgående opgraderer din thttpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-396.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2003/dsa-397.wml b/danish/security/2003/dsa-397.wml deleted file mode 100644 index ab361e1c772..00000000000 --- a/danish/security/2003/dsa-397.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Tom Lane har opdaget et bufferoverløb i funktionen to_ascii function i -PostgreSQL. Dette gør det muligt for fjernangribere at udføre vilkårlig kode -på den værtsmaskine, hvor databasen kører.

- -

I den stabile distribution (woody) er dette problem rettet i -version 7.2.1-2woody4.

- -

Den ustabile distribution (sid) har ikke dette problem.

- -

Vi anbefaler at du opgraderer din postgresql-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-397.data" -#use wml::debian::translation-check translation="2cfdd3ad39f658e44565e6e18b3b098287e9ed44" mindelta="1" diff --git a/danish/security/2003/dsa-398.wml b/danish/security/2003/dsa-398.wml deleted file mode 100644 index 26c4c8bd908..00000000000 --- a/danish/security/2003/dsa-398.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Steve Kemp har opdaget et bufferoverløb i miljøvariabelhåndteringne i -conquest, et curses-baseret, sandtids, flerspiller-rumkrigsspil, som kunne føre -til at lokale angribere kunne opnå uautoriseret adgang til gruppen conquest.

- -

I den stabile distribution (woody) er dette problem rettet i -version 7.1.1-6woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 7.2-5.

- -

Vi anbefaler at du opgraderer din conquest-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-398.data" -#use wml::debian::translation-check translation="a8f41654dff784bbfa415dbd79c39b75301de36a" mindelta="1" diff --git a/danish/security/2003/dsa-399.wml b/danish/security/2003/dsa-399.wml deleted file mode 100644 index 0414b7c88c9..00000000000 --- a/danish/security/2003/dsa-399.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Jeremy Nelson har opdaget et fjernudnytbart bufferoverløb i EPIC4, en -populær klient til Internet Relay Chat (IRC). En ondsindet server kunne -fremstille et svar der fik klienten til at allokere en negativ mængde -hukommelse. Dette kunne føre til et lammelsesangreb hvis klienten kun gik ned, -men kunne også gøre det muligt at udføre vilkårlig kode under den chattende -brugers brugerid.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.1.2.20020219-2.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.1.11.20030409-2.

- -

Vi anbefaler at du opgraderer din epic4-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-399.data" -#use wml::debian::translation-check translation="9907359c4b61adfdd6e74644cb87c0ea4b383bd8" mindelta="1" diff --git a/danish/security/2003/dsa-400.wml b/danish/security/2003/dsa-400.wml deleted file mode 100644 index 0197e982a93..00000000000 --- a/danish/security/2003/dsa-400.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Steve Kemp har opdaget et bufferoverløb i kommandolinie- og -miljøvariabelhåndteringen i omega-rpg, et tekstbaseret rouge-spil der går ud på -huleudforskning. Sårbarheden kan medføre at en lokal angriber opnår -uautoriseret adgang til gruppen games.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.90-pa9-7woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.90-pa9-11.

- -

Vi anbefaler at du opgraderer din omega-rpg-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-400.data" -#use wml::debian::translation-check translation="3ac3a0d3e105576dfca6e652e597a904ac0407d6" mindelta="1" diff --git a/danish/security/2003/dsa-401.wml b/danish/security/2003/dsa-401.wml deleted file mode 100644 index 7c1404c51f6..00000000000 --- a/danish/security/2003/dsa-401.wml +++ /dev/null @@ -1,18 +0,0 @@ -formatstrenge - -

SuSE Security Team har opdaget flere formatstrengssårbarheder i hylafax, et -fleksibelt klient-/server-faxsystem, sårbarhederne kan udnyttes til at udføre -vilkårlig kode som brugeren root på faxserveren.

- -

I den stabile distribution (woody) er dette problem rettet i -version 4.1.1-1.3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.1.8-1.

- -

Vi anbefaler at du opgraderer dine hylafax-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-401.data" -#use wml::debian::translation-check translation="98017460c9492e85efa3e634602b65182ceba72c" mindelta="1" diff --git a/danish/security/2003/dsa-402.wml b/danish/security/2003/dsa-402.wml deleted file mode 100644 index b9ad2ebfb46..00000000000 --- a/danish/security/2003/dsa-402.wml +++ /dev/null @@ -1,18 +0,0 @@ -ukontrollerede inddata - -

Der er opdaget et sikkerhedsrelateret problem i minimalist, et program til -håndtering af postlister. Problemet gør det muligt for fjernangribere at -udføre vilkårlige kommandoer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.2-4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.4-1.

- -

Vi anbefaler at du opgraderer din minimalist-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-402.data" -#use wml::debian::translation-check translation="c02d3a582f0441fb75aaa1d8dad35190f716e609" mindelta="1" diff --git a/danish/security/2003/dsa-403.wml b/danish/security/2003/dsa-403.wml deleted file mode 100644 index 6d94663fe8c..00000000000 --- a/danish/security/2003/dsa-403.wml +++ /dev/null @@ -1,22 +0,0 @@ -lokal root-udnyttelse - -

Nyligt blev der begået indbrud i adskillige af Debian-projektets servere ved -hjælp af en Debian-udviklers konto og en ukendt root-udnyttelse. En teknisk -analyse afslørende anvendelsen af krypteret burneye-udnyttelse. Det lykkedes -Robert van der Meulen at dekryptere den binære fil, hvilket afslørende en -kerneudnyttelse. Red Hats og SuSEs kerne- og sikkerhedsholds granskning af -udnyttelsen afslørede hurtigt at udnyttelsen anvendte et heltalsoverløb i -systemkaldet "brk". Ved hjælp af denne fejl er det muligt for et -userland-program at snyde kerne til at give adgang til kernes komplette -adresserum. Dette problem blev opdaget i september af Andrew Morton, men -desværre for sent til at komme med i 2.4.22-udgaven af kernen.

- -

Denne fejl er rettet i kerne version 2.4.23 i 2.4-træet og -2.6.0-test6-kernetræet. I Debian er det rettet i version 2.4.18-14 af pakken -med kernens kildekode, version 2.4.18-12 af i386-kerneaftrykkene og version -2.4.18-11 af alpha-kerneaftrykkene.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-403.data" -#use wml::debian::translation-check translation="c853f97a9bfbbb20d61abcfde46806e96e193cd6" mindelta="1" diff --git a/danish/security/2003/dsa-404.wml b/danish/security/2003/dsa-404.wml deleted file mode 100644 index 2eb884a213c..00000000000 --- a/danish/security/2003/dsa-404.wml +++ /dev/null @@ -1,39 +0,0 @@ -stakoverløb - -

rsync-folkene har modtaget beviser på at en sårbarhed i alle versioner af -rsync, et hurtigt program til fjernkopiering af filer, før version 2.5.7, for -nylig blev benyttet i forbindelse med en Linux-kernesårbarhed til at bryde en -offentlig rsync-servers sikkerhed.

- -

Selvom denne stakoverløbssårbarhed ikke alene kunne anvendes til at få -root-adgang på en rsync-server, kunne den bruges i forbindelse med den nyligt -annoncerede do_brk()-sårbarhed i Linux-kernen til at foretage et totalt -fjernindbrud.

- -

Bemærk venligst at denne sårbarhed kun påvirker anvendelsen af rsync som en -"rsync-server". For at finde ud af om man kører en rsync-server, kan -kommandoen "netstat -a -n" anvendes til at finde ud af, om der -lyttes på TCP-port 873. Hvis der ikke lyttes på TCP-port 873, kører man ikke en -rsync-server.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.5.5-0.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.5.6-1.1.

- -

Da Debians infrastruktur endnu ikke er helt funktionsdygtig efter det nylige -indbrud, kan der ikke overføres pakker til den ustabile distribution i en -periode. Derfor er pakkerne gjort tilgængelige fra Joeys -hjemmemappe på -sikkerhedsmaskinen.

- -

Vi anbefaler at du omgående opgraderer din rsync-pakke hvis du stiller -fjernsynkroniseringstjenester til rådighed. Hvis du kører distributionen -testing og stiller fjernsynkroniseringstjenester til rådighed, så anvend pakke -til woody.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-404.data" -#use wml::debian::translation-check translation="15f5bf8cf5166694936e92d364512e81102dbc95" mindelta="1" diff --git a/danish/security/2003/dsa-405.wml b/danish/security/2003/dsa-405.wml deleted file mode 100644 index 93ec09eb74f..00000000000 --- a/danish/security/2003/dsa-405.wml +++ /dev/null @@ -1,18 +0,0 @@ -manglende frigivelse af rettigheder - -

Steve Kemp har opdaget et problem i xsok, et enkeltpersons-strategispil til -X11, i forbindelse med spillet Sokoan, der får en bruger til at udføre -vilkårlige kommandoer under GID'en games.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.02-9woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.02-11.

- -

Vi anbefaler at du opgraderer din xsok-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2003/dsa-405.data" -#use wml::debian::translation-check translation="c85f251517fb173b8c2aaa010f9ef09a1be5e6fa" mindelta="1" diff --git a/danish/security/2003/index.wml b/danish/security/2003/index.wml deleted file mode 100644 index c0dd3f0aa9d..00000000000 --- a/danish/security/2003/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2003 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2003', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv. diff --git a/danish/security/2004/CAN-2004-0077.wml b/danish/security/2004/CAN-2004-0077.wml deleted file mode 100644 index 401aa2110b1..00000000000 --- a/danish/security/2004/CAN-2004-0077.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::template title="Kerne-sårbarhedsmatrix vedr. CAN-2004-0077" GEN_TIME="yes" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" - -

Følgende sårbarhedsmatrix forklarer hvilke kerneversioner i den stabil -(woody) og ustabile (sid) distribution, som indeholder rettelser til -sårbarheden beskrevet i -\ -CAN-2004-0077. - -

- - - - - - - - -#include "$(ENGLISHDIR)/security/2004/CAN-2004-0077.data" - -
Arkitekturstabil (woody)ustabil (sid)Bulletin
-
diff --git a/danish/security/2004/CAN-2004-0109.wml b/danish/security/2004/CAN-2004-0109.wml deleted file mode 100644 index b44006ba667..00000000000 --- a/danish/security/2004/CAN-2004-0109.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::template title="Kerne-sårbarhedsmatrix vedr. CAN-2004-0109" GEN_TIME="yes" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" - -

Følgende sårbarhedsmatrix forklarer hvilke kerneversioner i den stabil -(woody) og ustabile (sid) distribution, som indeholder rettelser til -sårbarheden beskrevet i -\ -CAN-2004-0109.

- -
- - - - - - - - -#include "$(ENGLISHDIR)/security/2004/CAN-2004-0109.data" - -
Arkitekturstabil (woody)ustabil (sid)Bulletin
-
diff --git a/danish/security/2004/Makefile b/danish/security/2004/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2004/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2004/dsa-406.wml b/danish/security/2004/dsa-406.wml deleted file mode 100644 index c38949dd249..00000000000 --- a/danish/security/2004/dsa-406.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Ulf Härnhammar har opdaget et bufferoverløb i lftp, et antal sofistikerede -kommandolinie-klientprogrammer til FTP/HTTP. En angriber kunne oprette en -omhyggeligt fremstillet mappe på et websted, således at udførelsen af en "ls"- -eller "rels"-kommando ville medføre at vilkårlig kode blev udført på -klientmaskinen.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.4.9-1woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.6.10-1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-406.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2004/dsa-407.wml b/danish/security/2004/dsa-407.wml deleted file mode 100644 index d48ec3cfa62..00000000000 --- a/danish/security/2004/dsa-407.wml +++ /dev/null @@ -1,50 +0,0 @@ -bufferoverløb - -

Flere sårbarheder er opdaget af opstrøm i ethereal, et -netværksanalyseringsprogram. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    -
  • \ - CAN-2003-0925 - -

    Et bufferoverløb gør det muligt for fjernangribere at iværksætte et - lammelsesangreb og potentielt udføre vilkårlig kode via en misdannet - GTP MSISDN-streng.

    • -
  • \ - CAN-2003-0926 - -

    Ved hjælp af visse misdannede ISAKMP- eller MEGACO-pakker kan - fjernangribere iværksætte et lammelsesangreb (systemnedbrud).

    • -
  • \ - CAN-2003-0927 - -

    Et stakbaseret bufferoverløb gør det muligt for fjernangribere at - iværksætte et lammelsesangreb (systemnedbrud) og potentielt udføre - vilkårlig kode ved hjælp af SOCKS-dissector'en.

    • -
  • \ - CAN-2003-1012 - -

    SMB-dissector'en gør det muligt for fjernangribere at iværksætte et - lammelsesangreb ved hjælp af en misdannet SMB-pakke som udløser en - segmenteringsfejl under behandlingen af valgte pakker.

    • -
  • \ - CAN-2003-1013 - -

    Q.931-dissector'en gør det muligt for fjernangribere at iværksætte - et lammelsesangreb (systemnedbrud) ved hjælp af en misdannet Q.931, - hvilket udløser en nul-reference.

    • -
- -

I den stabile distribution (woody) er dette problem rettet i -version 0.9.4-1woody6.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.10.0-1.

- -

Vi anbefaler at du opgraderer dine ethereal- og tethereal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-407.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-408.wml b/danish/security/2004/dsa-408.wml deleted file mode 100644 index 1339955e2b9..00000000000 --- a/danish/security/2004/dsa-408.wml +++ /dev/null @@ -1,18 +0,0 @@ -heltalsoverløb - -

Timo Sirainen har rapporteret en sårbarhed i screen, en "terminal -multiplexor" med VT100-/ANSI-terminalemulering, som kan føre til at en angriber -får utmp-gruppens rettigheder.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.9.11-5woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.0.2-0.1.

- -

Vi anbefaler at du opgraderer din screen-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-408.data" -#use wml::debian::translation-check translation="baa65bb58d59eef1a078b5b7a133fc96c3c2ac4c" mindelta="1" diff --git a/danish/security/2004/dsa-409.wml b/danish/security/2004/dsa-409.wml deleted file mode 100644 index b6df66305ff..00000000000 --- a/danish/security/2004/dsa-409.wml +++ /dev/null @@ -1,22 +0,0 @@ -lammelesangreb - -

En sårbarhed er opdaget i BIND, en domænenavnsserver, hvorved en ondsindet -navneserver kunne returnere autoritative negative svar med store TTL-værdier -(time-to-live - levetid) og dermed gøre et domænenavn utilgængeligt. Et -succesrigt angreb ville kræve at en sårbar BIND-instans sender en forespørgsel -til en ondsindet navneserver.

- -

Pakken bind9 er ikke påvirket af denne sårbarhed.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 1:8.3.3-2.0woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1:8.4.3-1.

- -

Vi anbefaler at du opdaterer din bind-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-409.data" -#use wml::debian::translation-check translation="6b76e4816c073587e13cc45bdfab6288f916664e" mindelta="1" diff --git a/danish/security/2004/dsa-410.wml b/danish/security/2004/dsa-410.wml deleted file mode 100644 index a164ed32600..00000000000 --- a/danish/security/2004/dsa-410.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

En sårbarhed er opdaget i libnids, et bibliotek som anvendes til at -analysere IP-netværkstrafik, hvorved et omhyggeligt fremstillet TCP-datagram -kunne medføre hukommelsesødelæggelse og potentielt udføre vilkårlig kode med -rettighederne hørende til den bruger, som udfører et program der anvender -libnids (eksempelvis dsniff).

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 1.16-3woody1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din libnids-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-410.data" -#use wml::debian::translation-check translation="6b76e4816c073587e13cc45bdfab6288f916664e" mindelta="1" diff --git a/danish/security/2004/dsa-411.wml b/danish/security/2004/dsa-411.wml deleted file mode 100644 index 910267fdbf5..00000000000 --- a/danish/security/2004/dsa-411.wml +++ /dev/null @@ -1,21 +0,0 @@ -formatstrengssårbarhed - -

En sårbarhed er opdaget i mpg321, en mp3-afspiller til kommandolinien, -hvorved brugerleverede strenge blev overført til printf(3) på en usikker måde. -Denne sårbarhed kunne udnyttes af en fjernangriber til at overskrive -hukommelse og potentielt udføre vilkårlig kode. For at denne sårbarhed kunne -udnyttes, skulle mpg321 afspille en ondsindet mp3-fil (deriblandt streaming -via HTTP).

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 0.2.10.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.2.10.3.

- -

Vi anbefaler at du opdaterer din mpg321-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-411.data" -#use wml::debian::translation-check translation="db187a49a761707642e0818f85a3350d70f09b7c" mindelta="1" diff --git a/danish/security/2004/dsa-412.wml b/danish/security/2004/dsa-412.wml deleted file mode 100644 index d057276dfe2..00000000000 --- a/danish/security/2004/dsa-412.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Flere sårbarheder er opdaget i nd, en kommandoliniegrænseflade til WebDAV, -hvorved lange strenge modtaget fra fjernservere kunne få fastlængde-buffere -til at løbe over. Denne sårbarhed kunne udnyttes af en fjernangriber med -kontrol over en ondsindet WebDAV-server til at udføre vilkårlig kode, hvis -serveren blev tilgået af en sårbar udgave af nd.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 0.5.0-1woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.8.2-1.

- -

Vi anbefaler at du opdaterer din nd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-412.data" -#use wml::debian::translation-check translation="7c396e993d66e83cd721f63295084042e5ef7376" mindelta="1" diff --git a/danish/security/2004/dsa-413.wml b/danish/security/2004/dsa-413.wml deleted file mode 100644 index 6fc9cbaafb0..00000000000 --- a/danish/security/2004/dsa-413.wml +++ /dev/null @@ -1,24 +0,0 @@ -manglende grænsekontrol - -

Paul Starzetz har \ -opdaget en fejl i grænsekontrollen i mremap() i Linux-kernen (findes i -version 2.4.x og 2.6.x) hvilket kun give en lokal angriber mulighed for at opnå -root-rettigheder. Version 2.2 er ikke påvirket af denne fejl, da den ikke -understøtter flaget MREMAP_FIXED -(som det \ -senere blev forklaret).

- -

I den stabile distribution (woody) er dette problem rettet i -kernel-source version 2.4.18-14.1, samt kernel-images versionerne -2.4.18-12.1 og 2.4.18-5woody6 (bf) til i386-arkitekturen.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet med -nye pakker.

- -

Vi anbefaler at du opgraderer dine kernel-pakker. Dette problem er desuden -rettet i opstrømsversion 2.4.24.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-413.data" -#use wml::debian::translation-check translation="7ab01fc30702515943ca76621b3dab47667b7e99" mindelta="1" diff --git a/danish/security/2004/dsa-414.wml b/danish/security/2004/dsa-414.wml deleted file mode 100644 index 568ab0691cb..00000000000 --- a/danish/security/2004/dsa-414.wml +++ /dev/null @@ -1,19 +0,0 @@ -lammelsesangreb - -

En sårbarhed er opdaget i jabber, en server til omgående udveksling af -meddelelser (instant messaging), hvorved en fejl i håndteringen af -SSL-forbindelser kunne få serverprocessen til at gå ned, medførende et -lammelsesangreb.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 1.4.2a-1.1woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.4.3-1.

- -

Vi anbefaler at du opdaterer din jabber-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-414.data" -#use wml::debian::translation-check translation="77949e0b9dae672aa96f9e80185590e248093866" mindelta="1" diff --git a/danish/security/2004/dsa-415.wml b/danish/security/2004/dsa-415.wml deleted file mode 100644 index cdceb6496e4..00000000000 --- a/danish/security/2004/dsa-415.wml +++ /dev/null @@ -1,26 +0,0 @@ -lammelsesangreb - -

To sårbarheder er opdaget i zebra, en dæmon til IP-routning:

- -
    -
  • \ - CAN-2003-0795 - en fejl i telnet-CLI kunne gøre det muligt for en - fjernangriber, at få zebra-processen til at gå ned, medførende et - lammelsesangreb.
    • -
  • \ - CAN-2003-0858 - netlink-meddelelser sendt af andre brugere (fremfor - kernen) kunne blive accepteret, førende til et lammelsesangreb.
    • -
- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 0.92a-5woody2.

- -

Pakken zebra er i den ustabile distribution blevet erstattet af -GNU Quagga, hvor dette problem blev rettet i version 0.96.4x-4.

- -

Vi anbefaler at du opdaterer din zebra-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-415.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-416.wml b/danish/security/2004/dsa-416.wml deleted file mode 100644 index fac76566c5f..00000000000 --- a/danish/security/2004/dsa-416.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb, mappegennemløb - -

En sårbarhed er opdaget i fsp, klientværktøjer til File Service Protocol -(FSP), hvorved en fjernbruger både kunne smutte ud af FSPs rootmappe -(\ -CAN-2003-1022) og også få en fastlængde-buffer til at løbe over så der -kunne udføres vilkårlig kode -(\ -CAN-2004-0011).

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 2.81.b3-3.1woody1.

- -

I den ustabile distribution, er dette problem rettet i version -2.81.b18-1.

- -

Vi anbefaler at du opdaterer din fsp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-416.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-417.wml b/danish/security/2004/dsa-417.wml deleted file mode 100644 index 6fda8c125ff..00000000000 --- a/danish/security/2004/dsa-417.wml +++ /dev/null @@ -1,23 +0,0 @@ -manglende grænsekontrol - -

Paul Starzetz har opdaget en fejl i grænsekontrollen i mremap() i -Linux-kernen (findes i version 2.4.x og 2.6.x), hvilket kan give en lokal -angriber root-rettigheder. Version 2.2 er ikke påvirket af denne fejl.

- -

Andrew Morton har opdaget en manglende grænsekontrol i brk-systemkaldet, -der kan anvendes til at fremstille en lokal root-udnyttelse.

- -

I den stabile distribution (woody) er disse problemr rettet i version -2.4.18-12 til alpha-arkitekturen og i version 2.4.18-1woody3 til -powerpc-arkitekturen.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet med -nye pakker.

- -

Vi anbefaler at du opgraderer dine kernel-pakker. Disse problemer er også -rettet i opstrømsversion 2.4.24.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-417.data" -#use wml::debian::translation-check translation="9f95ea239621fc20411a9820c70c0be645651802" mindelta="1" diff --git a/danish/security/2004/dsa-418.wml b/danish/security/2004/dsa-418.wml deleted file mode 100644 index f00bb86f0ef..00000000000 --- a/danish/security/2004/dsa-418.wml +++ /dev/null @@ -1,18 +0,0 @@ -rettighedslækage - -

En fejl er opdaget i vbox3, et "voice response"-system til isdn4linux, -hvorved root-rettigheder ikke blev frigivet korrekt før udførelsen af et -brugerleveret tcl-skript. Ved udnyttelse af denne sårbarhed kunne en lokal -bruger opnå root-rettigheder.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 0.1.7.1.

- -

I den ustabile distribution, er dette problem rettet i version 0.1.8.

- -

Vi anbefaler at du opdaterer din vbox3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-418.data" -#use wml::debian::translation-check translation="03d30d46e1ee87576ab24f22043e32943a1d41e1" mindelta="1" diff --git a/danish/security/2004/dsa-419.wml b/danish/security/2004/dsa-419.wml deleted file mode 100644 index ae546dfc51e..00000000000 --- a/danish/security/2004/dsa-419.wml +++ /dev/null @@ -1,39 +0,0 @@ -manglende kontrol af filnavn, SQL-indsprøjtning - -

Forfatterne af phpgroupware, et webbaseret groupware-system skrevet i PHP, -har opdaget flere sårbarheder. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    -
  • \ - CAN-2004-0016 - -

    I "calendar"-modulet, "save extension" ikke krævet feriefiler. Som et - resultat deraf kunne server-side php-skripter placeres i mapper, der - dernæst kunne fjerntilgås og få webserveren til at udføre dem. Dette - blev løst ved at kræve filudvidelsen ".txt" på feriefiler.

    • - -
  • \ - CAN-2004-0017 - -

    Nogle SQL-indsprøjtningsproblemer i (manglende indkapsling af værdier - anvendt i SQL-strenge) modulerne "calendar" og "infolog".

    • -
- -

Desuden har Debians vedligeholder ændret rettighederne på verdensskrivbare -mapper, som ved et uheld blev oprettet af en tidligere postinst under -installeringen.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.9.14-0.RC3.2.woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.14.007-4.

- -

Vi anbefaler at du opgraderer dine phpgroupware-, phpgroupware-calendar- -og phpgroupware-infolog-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-419.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-420.wml b/danish/security/2004/dsa-420.wml deleted file mode 100644 index b8c4e72ac25..00000000000 --- a/danish/security/2004/dsa-420.wml +++ /dev/null @@ -1,22 +0,0 @@ -ukorrekt kontrol af inddata - -

Steve Kemp har opdaget et sikkerhedsrelateret problem i jitterbug, et -simpelt CGI-baseret fejlsporings- og rapporteringsværktøj. Desværre udfører -programmet ikke på korrekt vis kontroller af inddata, hvilket gør det muligt -for angriber at udføre vilkårlige kommandoer på den server, som fejldatabasen -ligger på. Som en formildende omstændighed er disse angriber kun mulige for -brugere som ikke er gæster, og kontoer for disse personer skal administratoren -have opsat som værende "trusted".

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.6.2-4.2woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.6.2-4.5.

- -

Vi anbefaler at du opgraderer din jitterbug-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-420.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" mindelta="1" diff --git a/danish/security/2004/dsa-421.wml b/danish/security/2004/dsa-421.wml deleted file mode 100644 index c384c7a6b6e..00000000000 --- a/danish/security/2004/dsa-421.wml +++ /dev/null @@ -1,21 +0,0 @@ -adgangskodeudløb - -

David B Harris har opdaget et problem med mod-auth-shadow, et Apache-modul -som autenfiticerer brugere mod systemets "shadow password"-database, hvor -udløbsstatussen på brugerens konto og adgangskode ikke blev håndhævet. -Sårbarheden gjorde det muligt for en på anden vis autoriseret bruger, med held -at blive autoriseret selvom dette skulle have været afvist på grund af -udløbsparametrene.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 1.3-3.1woody.1

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.4-1.

- -

Vi anbefaler at du opdaterer din mod-auth-shadow-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-421.data" -#use wml::debian::translation-check translation="f06f5534220af15956eed59167a676aeb03ebcf5" mindelta="1" diff --git a/danish/security/2004/dsa-422.wml b/danish/security/2004/dsa-422.wml deleted file mode 100644 index 5d192273c0a..00000000000 --- a/danish/security/2004/dsa-422.wml +++ /dev/null @@ -1,35 +0,0 @@ -fjern-sårbarhed - -

Kontohåndteringen i CVS' pserver (som anvendes til at give fjernadgang til -CVS-arkiver) anvender en CVSROOT/passwd fil i hvert arkiv, -indeholdende kontoer og deres autentifikationsoplysninger foruden navnet på den -lokale unix-konto der skal anvendes når en pserver-konto anvendes. Da CVS ikke -foretog af hvilken unix-konto der var angivet, kunne alle med angang til at -ændre CVSROOT/passwd opnå adgang til alle lokale brugere på -CVS-serveren, deriblandt root.

- -

Dette er rettet i opstrømsversion 1.11.11 ved at forhindre pserver i at køre -som root. I Debian er dette problem rettet i version 1.11.1p1debian-9 på to -forskellige måder:

- -
    -
  • pserver har ikke længere lov til at anvende root for at tilgå - arkiverne
    • -
  • En ny /etc/cvs-repouid er indført og kan anvendes af - systemadministratoren til at overtrumfe den unix-konto som anvendes til - at tilgå et arkiv. Flere oplysninger om denne ændring findes på - .
    • -
- -

Desuden havde CVS' pserver en fejl i fortolkningen af modulforespørgsler, -hvilket kunne anvendes til at oprette filer og mapper udenfor arkivet. Dette -er rettet i opstrøms version 1.11.11 og Debians version 1.11.1p1debian-9.

- -

Slutteligt er den umask som anvendes til “cvs init” og -“cvs-makerepos” ændret for at forhindre arkiver i at blive oprettet -med gruppe-skriverettigheder.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-422.data" -#use wml::debian::translation-check translation="55a70d0c0f3df8d4df237334ac6de72daaa99f73" mindelta="1" diff --git a/danish/security/2004/dsa-423.wml b/danish/security/2004/dsa-423.wml deleted file mode 100644 index 00c7a75a33f..00000000000 --- a/danish/security/2004/dsa-423.wml +++ /dev/null @@ -1,111 +0,0 @@ -flere sårbarheder - -

IA-64-vedligeholderne har rettet flere sikkerhedsrelaterede fejl i -Linux-kerne 2.4.17 som anvendes på IA-64-arkitekturen, primært ved at -tilbageføre rettelser fra 2.4.18. Rettelserne er anført nedenfor med -identifikationer fra projektet Common Vulnerabilities and Exposures (CVE):

- -
    -
  • \ - CAN-2003-0001: - -

    Flere styreprogrammer til ethernet-netværkskort (NIC) udfylder ikke - frames med null-bytes, hvilket gør det muligt for fjern-angribere at - få adgang til oplysninger fra tidligere pakker eller kernehukommelsen ved - hjælp af misdannede pakker, som demonstreret af Etherleak.

    -
    • -
  • \ - CAN-2003-0018: - -

    Linux-kerne 2.4.10 til 2.4.21-pre4 håndterer ikke korrekt funktionen - O_DIRECT, hvilket giver lokale angribere skriverettigheder til dele af - tidligere slettede filer, or forårsage ødelæggelse af filsystemet.

    -
    • -
  • \ - CAN-2003-0127: - -

    Kernemodul-henteren i Linux-kerne 2.2.x før 2.2.25, samt 2.4.x før - 2.4.21, gør det muligt for lokale brugere at opnå root-rettigheder ved - anvendelse af ptrace til at angribe en af kernens child-processer.

    -
    • -
  • \ - CAN-2003-0461: - -

    Den virtuelle fil /proc/tty/driver/serial i Linux 2.4.x afslører det - nøjagtige antal tegn som anvendes i serielle forbindelser, hvilket kunne - gøre det muligt for lokale brugere at få adgang til potentielt - følsommme oplysninger som eksempelvis længden på adgangskoder.

    -
    • -
  • \ - CAN-2003-0462: - -

    En "race condition" i den måde way env_start og env_end pointers - initialiseres på i systemkaldet execve og anvendes i fs/proc/base.c i - Linux 2.4 gør det muligt for lokale brugere at iværksætte et - lammelsesangreb (systemnedbrud).

    -
    • -
  • \ - CAN-2003-0476: - -

    Systemkaldet execve i Linux 2.4.x gemmer fil-descriptor'en af den - udførbare proces i den kaldende proces' filtabel, hvilket gør det muligt - for lokale brugere at opnå læseadgang til beskyttede fil-descriptorer.

    -
    • -
  • \ - CAN-2003-0501: - -

    Filsystemet /proc filesystem i Linux gør det muligt for lokale brugere - at få adgang til følsomme oplysninger ved at åbne forskellige poster i - /proc/self før udførslen af et setuid-program, hvilket medfører at - programmet ikke får ændret ejerskab og rettigheder på disse poster.

    -
    • -
  • \ - CAN-2003-0550: - -

    STP-protokollen, som er slået til i Linux 2.4.x, har designmæssigt - ikke tilstrækkelig sikkerhed, hvilket gør det muligt for angribere at - ændre på bridge-topologien.

    -
    • -
  • \ - CAN-2003-0551: - -

    Implementeringen af STP-protokollens i Linux 2.4.x kontrollerer ikke - på korrekt vis visse længder, hvilket kunne gøre det muligt for angribere - at iværksætte et lammelsesangreb.

    -
    • -
  • \ - CAN-2003-0552: - -

    Linux 2.4.x gør det muligt for fjern-angribere at narre - bridge-viderestillingstabellen via forfalskede pakker hvis kildeadresse - er den samme som målet.

    -
    • -
  • \ - CAN-2003-0961: - -

    Et heltalsoverløb i systemkaldet brk (funktionen do_brk) i - Linux-kerne 2.4.22 og tidligere gør det muligt for lokale brugere at få - root-rettigheder.

    -
    • -
  • \ - CAN-2003-0985: - -

    Systemkaldet mremap (do_mremap) i Linux-kernel 2.4 og 2.6 udfører ikke - på korrekt vis grænsekontroller, hvilket gør det muligt for lokale - brugere at iværksætte et lammelsesangreb og muligvis opnå flere - rettigheder ved at forårsage en "remapping" af et virtuelt - hukommelsesområde (VMA) for at oprette en nul-længde VMA.

    - -
- -

I den stabile distribution (woody) er dette problem rettet i -version kernel-image-2.4.17-ia64 til ia64-arkitekturen. Andre arkitekturer -er allerede, eller vil blive, rettet særskilt.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet med -nye pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-423.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-424.wml b/danish/security/2004/dsa-424.wml deleted file mode 100644 index e115ea9047b..00000000000 --- a/danish/security/2004/dsa-424.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

En sårbarhed er opdaget i Midnight Commander, et filhåndteringsprogram, -hvor et "ondsindet" arkiv (eksempelvis en .tar-fil) kunne medføre at vilkårlig -kode blev udført hvis arkivet blev åbnet i Midnight Commander.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 4.5.55-1.2woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1:4.6.0-4.6.1-pre1-1.

- -

Vi anbefaler at du opdaterer din mc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-424.data" -#use wml::debian::translation-check translation="cb5daadcfca2befc549c93425ea71c88518c4d60" mindelta="1" diff --git a/danish/security/2004/dsa-425.wml b/danish/security/2004/dsa-425.wml deleted file mode 100644 index 3082efe8da3..00000000000 --- a/danish/security/2004/dsa-425.wml +++ /dev/null @@ -1,31 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i tcpdump, et værktøj til inspektion af -netværkstrafik. Hvis en sårbar udgave af tcpdump forsøgte at undersøge en -ondsindet dannet pakke, ville et antal bufferoverløb kunne udnyttes til at få -tcpdump til at gå ned, eller potentielt udføre vilkårlig kode med rettighederne -hørende til tcpdump-processen.

- - - -

I den nuværende stabile distribution (woody) er disse problemer -rettet i version 3.6.2-2.7.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opdaterer din tcpdump-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-425.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-426.wml b/danish/security/2004/dsa-426.wml deleted file mode 100644 index 86e1c87c30f..00000000000 --- a/danish/security/2004/dsa-426.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikre midlertidige filer - -

netpbm er et grafikkonverteringsværktøj sammensat af et stort antal -enkeltstående programmer. Mange af disse programmer har vist sig at oprette -midlertidige filer på en usikker måde, hvilket kunne gøre det muligt for en -lokal angriber at overskrive filer med rettighederne hørende til den bruger, -som kører et sårbart netpbm-værktøj.

- -

I den nuværende stabile distribution (woody) er disse problemer -rettet i version 2:9.20-8.4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2:9.25-9.

- -

Vi anbefaler at du opdaterer din netpbm-free-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-426.data" -#use wml::debian::translation-check translation="556424400c8f7da54267b9fc922002c456d73046" mindelta="1" diff --git a/danish/security/2004/dsa-427.wml b/danish/security/2004/dsa-427.wml deleted file mode 100644 index a570f81c92b..00000000000 --- a/danish/security/2004/dsa-427.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende grænsekontrol - -

Paul Starzetz har opdaget en fejl grænsekontrollen i mremap() i -Linux-kernen (findes i version 2.4.x og 2.6.x) hvilket kan gør det muligt for -en angriber at opnå root-rettigheder. Version 2.2 er ikke påvirket af denne -fejl.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.4.17-0.020226.2.woody3 til mips- og mipsel arkitekturene.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet -med nye pakker.

- -

Vi anbefaler at du opgraderer dine kernel-pakker. Dette problem er desuden -rettet i opstrømsversion 2.4.24.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-427.data" -#use wml::debian::translation-check translation="142e2a9395d7c63a106b2b41a126f30909786f52" mindelta="1" diff --git a/danish/security/2004/dsa-428.wml b/danish/security/2004/dsa-428.wml deleted file mode 100644 index 1c6002f38e4..00000000000 --- a/danish/security/2004/dsa-428.wml +++ /dev/null @@ -1,27 +0,0 @@ -bufferoverløb - -

Der er opdaget en sårbarhed i slocate, et program til indeksering af og -søgning efter filer, hvor en særligt fremstillet database kunne få en -stakbaseret buffer til at løbe over. Denne sårbarhed kunne udnyttes af en -lokal angriber til at opnå rettighederne hørende til gruppen "slocate", som -har adgang til den globale database indeholdende en liste over stinavne over -alle filer på systemet, deriblandt filer som kun bør være synlige for -priviligerede brugere.

- -

Dette problem og et antal tilsvarende potentielle problemer, er blevet -rettet ved at ændret slocate så rettighederne smides væk før en brugerleveret -database læses.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 2.6-1.3.2.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet. -Se Debians fejl nummer 226103 for -statusoplysninger.

- -

Vi anbefaler at du opdaterer din slocate-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-428.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" mindelta="1" diff --git a/danish/security/2004/dsa-429.wml b/danish/security/2004/dsa-429.wml deleted file mode 100644 index d732876c9da..00000000000 --- a/danish/security/2004/dsa-429.wml +++ /dev/null @@ -1,21 +0,0 @@ -kryptografisk svaghed - -

Phong Nguyen har fundet en alvorlig fejl i den måde GnuPG opretter og -anvender ElGamal-nøgler til signering. Dette er væsentligt sikkerhedsbrist -der kan føre til kompromittering af næsten alle ElGamal-nøgler som anvendes -til signering.

- -

Denne opdatering slår anvendelsen af denne form for nøgler fra.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 1.0.6-4woody1.

- -

I den ustabile distribution, er dette problem rettet i version -1.2.4-1.

- -

Vi anbefaler at du opdaterer din gnupg-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-429.data" -#use wml::debian::translation-check translation="9b5b07270d85df00d77b2e58039b97b7d76a1d57" mindelta="1" diff --git a/danish/security/2004/dsa-430.wml b/danish/security/2004/dsa-430.wml deleted file mode 100644 index 41f12a0e1c7..00000000000 --- a/danish/security/2004/dsa-430.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende frigivelse af rettigheder - -

Steve Kemp har opdaget et problem i trr19, et maskinskrivningsprogram til -GNU Emacs, der er skrevet som et par binære setgid()- og "wrapper"-programmer, -der udfører kommandoer for GNU Emacs. De binære filer smider dog ikke -rettighederne væk før udførelsen af en kommando, hvilket gør det muligt for en -angriber at opnå adgang til den lokale gruppe games.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.0beta5-15woody1. Den binære fil til mipsel vil blive tilføjet -senere.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din trr19-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-430.data" -#use wml::debian::translation-check translation="71c27f2d9bad50138020836886e1fbed4a7aefac" mindelta="1" diff --git a/danish/security/2004/dsa-431.wml b/danish/security/2004/dsa-431.wml deleted file mode 100644 index 54685b6b2c7..00000000000 --- a/danish/security/2004/dsa-431.wml +++ /dev/null @@ -1,21 +0,0 @@ -informationslækage - -

Paul Szabo har opdaget en række ens fejl i suidperl, et hjælpeprogram til -afvikling af perl-skripter med setuid-rettigheder. Ved udnyttelse af disse -fejl kunne en angriber misbruge suidperl til at få oplysninger om filer -(såsom undersøge om de findes og nogle af deres rettigheder), som ikke burde -være tilgængelige for upriviligerede brugere.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 5.6.1-8.6.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet. Se -Debians fejl nummer 220486.

- -

Vi anbefaler at du opdaterer din perl-pakke, hvis pakken "perl-suid" er -installeret.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-431.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" mindelta="1" diff --git a/danish/security/2004/dsa-432.wml b/danish/security/2004/dsa-432.wml deleted file mode 100644 index 18e316a9177..00000000000 --- a/danish/security/2004/dsa-432.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Steve Kemp fra Debians sikkerhedsauditprojekt har opdaget et problem i -crawl, et konsolbaseret huleudforskningsspil, i stil med nethack og rogue. -Programmet anvender flere miljøvariable som inddata, men udfører ikke en -størrelseskontrol før en af dem kopieres ind i en buffer med en fast -størrelse.

- -

I den stabile distribution (woody) er dette problem rettet i -version 4.0.0beta23-2woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.0.0beta26-4.

- -

Vi anbefaler at du opgraderer din crawl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-432.data" -#use wml::debian::translation-check translation="9d760cbab9cfb10db0caaad570a11de8adc0314c" mindelta="1" diff --git a/danish/security/2004/dsa-433.wml b/danish/security/2004/dsa-433.wml deleted file mode 100644 index cfe3bc87d3b..00000000000 --- a/danish/security/2004/dsa-433.wml +++ /dev/null @@ -1,21 +0,0 @@ -heltalsoverløb - -

Red Hats og SuSEs kerne- og sikkerhedshold har afsløret et heltalsoverløb i -funktionen do_brk() i Linux-kernen der gør det muligt for lokale brugere at -opnå root-rettigheder.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.4.17-0.020226.2.woody4. Andre arkitekturer er allerede eller vil -blive rettet separat.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet -med nye pakker.

- -

Vi anbefaler at du opgraderer dine kernel-image-pakker til mips- og -mipsel-arkitekturerne. Dette problem er desuden rettet i opstrømsversion -2.4.23 og naturligvis også i 2.4.24.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-433.data" -#use wml::debian::translation-check translation="daab21cb2e27ff46632c85611939902f5c07b1be" mindelta="1" diff --git a/danish/security/2004/dsa-434.wml b/danish/security/2004/dsa-434.wml deleted file mode 100644 index b6d590b4ef1..00000000000 --- a/danish/security/2004/dsa-434.wml +++ /dev/null @@ -1,63 +0,0 @@ -flere sårbarhed - -

Stefan Esser har opdaget flere sikkerhedsrelaterede problemer i Gaim, en -chat-klient som understøtter flere protokoller. Ikke alle problemerne påvirker -udgaven i Debians stabile distribution, men påvirkede i hvert fald udgaven i -den ustabile distribution. Problemerne er grupperet af projektet Common -Vulnerabilities and Exposures som følger:

- -
    -
  • \ - CAN-2004-0005 - -

    Når håndteringsrutinen til Yahoo Messenger afkoder en oktal værdi til - e-mail-notifikationsfunktionerne, kan to forskellige former for overløb - udløses. Når MIME-afkoderen afkodede en streng indkapslet som "quoted - printable" kunne to andre former for overløb opstå i forbindelse med - e-mail-notifikationer. Disse problemer påvirker kun udgaven i den - ustabile distribution.

    - -
  • \ - CAN-2004-0006 - -

    Ved fortolkning af "cookies" i en HTTP-svarheader ved en - Yahoo-webforbindelse, kunne et bufferoverløb opstå. Ved fortolkning af - Yahoo Login-websiden, løber stakbufferne til YMSG-protokollen over hvis - websiden returnerer for store værdier. Ved opsplitning af en URL i dens - dele, kan det medføre et stakoverløb. Disse problemer påvirker kun udgaven - i Debians ustabile distribution.

    - -

    Når et for stort nøglenavn læses fra Yahoo Messenger-pakke, kan det - udløse et stakoverløb. Når Gaim er opsat til at anvende en HTTP-proxy til - at forbinde sig til serveren, kan en ondsindet HTTP-proxy udnytte - sårbarheden. Disse problemer alle Debians udgaver af Gaim. Dog fungerer - forbindelsen til Yahoo ikke i udgaven i Debians stabile distribution.

    - -
  • \ - CAN-2004-0007 - -

    Interne data kopieres mellem to "tokens" ind i en stakbuffer med en fast - størrelse uden at foretage en størrelseskontrol. Dette påvirker kun - udgaven af Gaim i den ustabile distribution.

    - -
  • \ - CAN-2004-0008 - -

    Ved allokering af hukommelse til AIM/Oscar DirectIM-pakker, kan et - heltalsoverløb opstå, medførende et heap-overløb. Dette påvirker kun - udgaven af Gaim i den ustabile distribution.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 0.58-2.4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.75-2.

- -

Vi anbefaler at du opgraderer dine gaim-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-434.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-435.wml b/danish/security/2004/dsa-435.wml deleted file mode 100644 index c63c826a0ac..00000000000 --- a/danish/security/2004/dsa-435.wml +++ /dev/null @@ -1,21 +0,0 @@ -heap-overløb - -

En sårbarhed er opdaget i mpg123, en mp3-afspiller til kommandolinien, -hvor et svar fra en fjern HTTP-server kunne få en buffer, allokeret på heap'en, -til at løbe over, og dermed potentielt give mulighed for udførelse af vilkårlig -kode med rettighederne hørende til brugeren der kører mpg123. For at udnytte -denne sårbarhed, skulle mpg123 bede om en mp3-strøm fra en ondsindet fjern -server via HTTP.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 0.59r-13woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.59r-15.

- -

Vi anbefaler at du opdaterer din mpg123-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-435.data" -#use wml::debian::translation-check translation="15fd395f29730d842dc03f6a195f15b2163d0ab9" mindelta="1" diff --git a/danish/security/2004/dsa-436.wml b/danish/security/2004/dsa-436.wml deleted file mode 100644 index d29dd3d9099..00000000000 --- a/danish/security/2004/dsa-436.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - -

Der er rettet flere sårbarheder i pakken mailman:

- -
    -
  • \ - CAN-2003-0038 - potentielt serveroverskridende udførelse af skripter ved - hjælp af visse CGI-parametre (kan så vidt vides ikke udnyttes i denne - version)
    • - -
  • \ - CAN-2003-0965 - serveroverskridende udførelse af skripter i den - administrative brugerflade
    • - -
  • \ - CAN-2003-0991 - visse misdannede e-mail-kommandoer kunne få - mailman-processen til at gå ned
    • -
- -

De serveroverskridende sårbarheder kunne give en angriber mulighed for at -udføre administrative handlinger uden autorisation, ved at stjæle en -sessions-cookie.

- -

I den nuværende stabile distribution (woody) er disse problemer -rettet i version 2.0.11-1woody7.

- -

I den ustabile distribution (sid) er -\ -CAN-2003-0965 rettet i version 2.1.4-1 og -\ -CAN-2003-0038 i version 2.1.1-1. -\ -CAN-2003-0991 vil snart blive rettet.

- -

Vi anbefaler at du opdaterer din mailman-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-436.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-437.wml b/danish/security/2004/dsa-437.wml deleted file mode 100644 index ae3a0bdb1f8..00000000000 --- a/danish/security/2004/dsa-437.wml +++ /dev/null @@ -1,19 +0,0 @@ -åbent postsystem - -

Der er opdaget en sårbarhed i cgiemail, et CGI-program der anvendes til at -sende indholdet af en HTML-formular via e-mail; programmet kunne anvendes til -at sende e-mails til vilkårlige adresser. Denne form for sårbarheder udnyttes -almindeligvis til at sende uønskede kommercielle e-mails (spam).

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 1.6-14woody1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6-20.

- -

Vi anbefaler at du opdaterer din cgiemail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-437.data" -#use wml::debian::translation-check translation="c01de03ecf0686d7360fd08aafe3d18c6ef9c707" mindelta="1" diff --git a/danish/security/2004/dsa-438.wml b/danish/security/2004/dsa-438.wml deleted file mode 100644 index a058afc55b5..00000000000 --- a/danish/security/2004/dsa-438.wml +++ /dev/null @@ -1,32 +0,0 @@ -manglende kontrol af funktions returværdi - -

Paul Starzetz og Wojciech Purczynski fra isec.pl har -\ -opdaget en kritisk sikkerhedssårbarhed i Linux' hukommelseshåndteringskode -i systemkaldet mremap(2). På grund af manglende kontrol af interne funktioners -returværdier kan en lokal angriber opnå root-rettigheder.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.4.18-14.2 af pakken kernel-source, version 2.4.18-14 af -image-pakkerne til alpha, version 2.4.18-12.2 af image-pakkerne til i386, -version 2.4.18-5woody7 af image-pakkerne til i386bf og version 2.4.18-1woody4 -af image-pakkerne til powerpc.

- -

Andre arkitekturer vil formentlig blive omtalt i separate bulletiner eller -er ikke påvirkede (m68k).

- -

I den ustabile distribution (sid) er dette problem rettet i version -2.4.24-3 af kildekodepakken, image-pakkerne til i386 og alpha og version -2.4.22-10 af image-pakkerne til powerpc.

- -

Dette problem er også rettet i opstrømsudgaverne af Linux 2.4.25 og -2.6.3.

- -

Vi anbefaler at du omgående opgraderer dine Linux-kerne-pakker.

- -

Sårbarhedsmatrix for CAN-2004-0077.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-438.data" -#use wml::debian::translation-check translation="f80bad83ef3e835cb82bdcd1c3f52868fc57cdea" mindelta="1" diff --git a/danish/security/2004/dsa-439.wml b/danish/security/2004/dsa-439.wml deleted file mode 100644 index abcfd5d8965..00000000000 --- a/danish/security/2004/dsa-439.wml +++ /dev/null @@ -1,55 +0,0 @@ -flere sårbarheder - -

Flere lokale root-udnyttelser er blevet opdaget for nylig i Linux-kernen. -Med dette sikkerhedsbulletin opdateres kernen til ARM i Debian GNU/Linux. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer som er rettet i forbindelse med denne opdatering:

- -
    - -
  • \ - CAN-2003-0961: - -

    Et heltalsoverløb i systemkaldet brk() (funktionen do_brk() ) til Linux - gør det muligt for en lokal angriber at opnå root-rettigheder. Rettet af - opstrøm i Linux 2.4.23.

    - -
  • \ - CAN-2003-0985: - -

    Paul Starzetz har - opdaget en - fejl i grænsekontrollen i mremap() i Linux-kernen (fejlen findes i version - 2.4.x og 2.6.x) som kan gøre det muligt for en lokal angriber at opnå - root-rettigheder. Version 2.2 er ikke påvirket af denne fejl. Rettet af - opstrøm i Linux 2.4.24.

    - -
  • \ - CAN-2004-0077: - -

    Paul Starzetz og Wojciech Purczynski fra isec.pl har - opdaget - en kritisk sikkerhedssårbarhed i Linux' hukommelseshåndteringskode i - systemkaldet mremap(2). På grund af manglende kontrol af interne - funktioners returværdier kan en lokal angriber opnå root-rettigheder. Rettet - af opstrøm i Linux 2.4.25 and 2.6.3.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.4.16-20040204 af image-pakkerne til lart, netwinder og riscpc, samt i -version 20040204 af kernel-patch-2.4.16-arm.

- -

Andre arkitekturer vil formentlig blive omtalt i separate bulletiner eller -er ikke påvirkede (m68k).

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du omgående opgraderer dine Linux-kerne-pakker.

- -

Sårbarhedsmatrix for CAN-2004-0077.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-439.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-440.wml b/danish/security/2004/dsa-440.wml deleted file mode 100644 index 34dc8355153..00000000000 --- a/danish/security/2004/dsa-440.wml +++ /dev/null @@ -1,52 +0,0 @@ -flere sårbarheder - -

Flere lokale root-udnyttelser er blevet opdaget for nylig i Linux-kernen. -Med dette sikkerhedsbulletin opdateres kernen til PowerPC/Apus i Debian -GNU/Linux. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer som er rettet i forbindelse med denne opdatering:

- -
    - -
  • \ - CAN-2003-0961: - -

    Et heltalsoverløb i systemkaldet brk() (funktionen do_brk() ) til Linux - gør det muligt for en lokal angriber at opnå root-rettigheder. Rettet af - opstrøm i Linux 2.4.23.

    - -
  • \ - CAN-2003-0985: - -

    Paul Starzetz har - opdaget en - fejl i grænsekontrollen i mremap() i Linux-kernen (fejlen findes i version - 2.4.x og 2.6.x) som kan gøre det muligt for en lokal angriber at opnå - root-rettigheder. Version 2.2 er ikke påvirket af denne fejl. Rettet af - opstrøm i Linux 2.4.24.

    - -
  • \ - CAN-2004-0077: - -

    Paul Starzetz og Wojciech Purczynski fra isec.pl har - opdaget - en kritisk sikkerhedssårbarhed i Linux' hukommelseshåndteringskode i - systemkaldet mremap(2). På grund af manglende kontrol af interne - funktioners returværdier kan en lokal angriber opnå root-rettigheder. Rettet - af opstrøm i Linux 2.4.25 and 2.6.3.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.4.17-4 af image-pakkerne til powerpc/apus.

- -

Andre arkitekturer vil formentlig blive omtalt i separate bulletiner eller -er ikke påvirkede (m68k).

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du omgående opgraderer dine Linux-kerne-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-440.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-441.wml b/danish/security/2004/dsa-441.wml deleted file mode 100644 index a7752584529..00000000000 --- a/danish/security/2004/dsa-441.wml +++ /dev/null @@ -1,28 +0,0 @@ -manglende kontrol af funktions returværdi - -

Paul Starzetz og Wojciech Purczynski fra isec.pl har -opdaget -en kritisk sikkerhedssårbarhed i Linux' hukommelseshåndteringskode i systemkaldet -mremap(2). På grund af manglende kontrol af interne funktioners returværdier -kan en lokal angriber opnå root-rettigheder.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.4.17-0.020226.2.woody5 af kerne-image-pakkerne til mips og mipsel.

- -

Andre arkitekturer vil formentlig blive omtalt i separate bulletiner eller -er ikke påvirkede (m68k).

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet med -den næste upload af et 2.4.19 kerne-image og i version 2.4.22-0.030928.3 til -2.4.22-kernen til mips- og mipsel-arkitekturene.

- -

Dette problem er også rettet i opstrøms udgaver af Linux 2.4.25 og 2.6.3.

- -

Vi anbefaler at du omgående opgraderer dine Linux-kerne-pakker.

- -

Sårbarhedsmatrix for CAN-2004-0077.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-441.data" -#use wml::debian::translation-check translation="f80bad83ef3e835cb82bdcd1c3f52868fc57cdea" mindelta="1" diff --git a/danish/security/2004/dsa-442.wml b/danish/security/2004/dsa-442.wml deleted file mode 100644 index e6120271ac7..00000000000 --- a/danish/security/2004/dsa-442.wml +++ /dev/null @@ -1,104 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er rettet i den udgave af Linux-kerne -2.4.17 som anvendes på S/390-arkitekturen, primært ved at tilbageføre rettelser -fra 2.4.18 samt tilføjelse af nylige sikkerhedsrettelser. Rettelserne er -anført nedenfor med identifikationer fra projektet Common Vulnerabilities and -Exposures (CVE):

- -
    - -
  • \ - CVE-2002-0429: - -

    iBCS-rutinerne i arch/i386/kernel/traps.c til Linux-kerne 2.4.18 og - tidligere på x86-systems gør det muligt for lokale brugere at dræbe - vilkårlige processer ved hjælp af en binær kompatibilitetsgrænseflade - (lcall).

    - -
  • \ - CAN-2003-0001: - -

    Styreprogrammer til mange ethernet-netværkskort (NIC) udfylder ikke - frames med null-byteværdier, hvilket gør det muligt for fjernangribere at - indhente oplysninger fra tidligere pakker eller kernens hukommelse ved - anvendelse af misdannede pakker, som påvist af Etherleak.

    - -
  • \ - CAN-2003-0244: - -

    Implementeringen af "route cache" i Linux 2.4, samt modulet Netfilter IP - conntrack, gør det muligt for fjernangribere at forårsage et lammelsesangreb - (CPU-forbrug) ved hjælp af pakker med forfalskede kildeadresser, hvilket - medfører et stort hash-tabel-kollisioner i forbindelse med - PREROUTING-chain'en.

    - -
  • \ - CAN-2003-0246: - -

    Systemkaldet ioperm i Linux-kerne 2.4.20 og tidligere begrænser ikke - rettigheder på korrekt vis, hvilket gør det muligt for lokale brugere at - opnå læse- eller skriveadgang til visse I/O-porte.

    - -
  • \ - CAN-2003-0247: - -

    En sårbarhed i TTY-laget i Linux-kerne 2.4 gør det muligt for angribere - at forårsage et lammelsesangreb ("kernel oops").

    - -
  • \ - CAN-2003-0248: - -

    mxcsr-koden i Linux-kerne 2.4 gør det muligt for angribere at ændre på - CPU-state-registre via en misdannet adresse.

    - -
  • \ - CAN-2003-0364: - -

    Gendannelseshåndteringen af TCP/IP-fragmenter i Linux-kerne 2.4 gør det - muligt for fjernangribere at forårsage et lammelsesangreb (CPU-forbrug) ved - hjælp af visse pakker der forårsager et stort antal hash-tabel-kollisioner.

    - -
  • \ - CAN-2003-0961: - -

    Et heltalsoverløb i systemkaldet brk() (funktionen do_brk() ) til Linux - gør det muligt for en lokal angriber at opnå root-rettigheder. Rettet af - opstrøm i Linux 2.4.23.

    - -
  • \ - CAN-2003-0985: - -

    Paul Starzetz har - opdaget en - fejl i grænsekontrollen i mremap() i Linux-kernen (fejlen findes i version - 2.4.x og 2.6.x) som kan gøre det muligt for en lokal angriber at opnå - root-rettigheder. Version 2.2 er ikke påvirket af denne fejl. Rettet af - opstrøm i Linux 2.4.24.

    - -
  • \ - CAN-2004-0077: - -

    Paul Starzetz og Wojciech Purczynski fra isec.pl har - opdaget - en kritisk sikkerhedssårbarhed i Linux' hukommelseshåndteringskode i - systemkaldet mremap(2). På grund af manglende kontrol af interne funktioners - returværdier kan en lokal angriber opnå root-rettigheder. Rettet af opstrøm - i Linux 2.4.25 and 2.6.3.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.4.17-2.woody.3 af kerne-pakkerne til s390 og i version -0.0.20020816-0.woody.2 af patch-pakkerne.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du omgående opgraderer dine Linux-kerne-pakker.

- -

Sårbarhedsmatrix for CAN-2004-0077.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-442.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-443.wml b/danish/security/2004/dsa-443.wml deleted file mode 100644 index 0a8a7e444bf..00000000000 --- a/danish/security/2004/dsa-443.wml +++ /dev/null @@ -1,70 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i XFree86. Rettelserne er anført herunder med -identifikationer fra projektet Common Vulnerabilities and Exposures (CVE):

- -
    - -
  • \ - CAN-2004-0083: - -

    Bufferoverløb i funktionen ReadFontAlias i filen dirfile.c fra XFree86 4.1.0 til - 4.3.0 gør det muligt for lokale brugere og fjernangribere at udføre - vilkårlig kode via en skrifttypealiasfil (font.alias) med et langt "token". - Dette er ikke den samme sårbarhed som CAN-2004-0084.

    - -
  • \ - CAN-2004-0084: - -

    Bufferoverløb i funktionen ReadFontAlias i XFree86 4.1.0 til 4.3.0, ved - anvendelse af funktionen CopyISOLatin1Lowered, gør det muligt for lokale og - fjernautentificerede brugere at udføre vilkårlig kode via en misdannet post - i skrifttypealiasfilen (font.alias). Dette er ikke den samme sårbarhed som - CAN-2004-0083.

    - -
  • \ - CAN-2004-0106: - -

    Forskellige yderligere fejl i XFree86s håndtering af skrifttypefiler.

    - -
  • \ - CAN-2003-0690: - -

    xdm kontroller ikke hvorvidt funktionskaldet pam_setcred lykkes, hvilket - kan gøre det muligt for angribere at opnå root-rettigheder ved at udløse - fejltilstande i PAM-moduler, som påvist i visse opsætninger af MITs - modul pam_krb5.

    - -
  • \ - CAN-2004-0093, CAN-2004-0094: - -

    Lammelsesangreb mod X-serveren begået af klienter som anvender - GLX-udvidelsen og "Direct Rendering Infrastructure" er mulige på grund af - uverificerede klientdata (array-indeks der går ud over grænserne - [CAN-2004-0093] og heltalsfortegnsfejl [CAN-2004-0094]).

    - -
- -

Udnyttelse af CAN-2004-0083, CAN-2004-0084, CAN-2004-0106, CAN-2004-0093 og -CAN-2004-0094 kræver en forbindelse til X-serveren. I Debian startes X-serveren -af display-managere som standard med en opsætning, der kun tillader lokale -tilslutninger, men hvis opsætningen er ændret for at muliggøre -fjerntilslutninger, eller X-serveren startes på anden måde, kan disse fejl -fjernudnyttes. Da X-serveren normalt kører med root-rettigheder, kan disse -fejl potentielt udnyttes til at opnå root-rettigheder.

- -

På nuværende tidspunkt er der ingen kendte angrebformer i forbindelse med -CAN-2003-0690.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 4.1.0-16woody3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.3.0-2.

- -

Vi anbefaler at du opdaterer din xfree86-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-443.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-444.wml b/danish/security/2004/dsa-444.wml deleted file mode 100644 index a1ad078a456..00000000000 --- a/danish/security/2004/dsa-444.wml +++ /dev/null @@ -1,27 +0,0 @@ -manglende kontrol af funktions returværdi - -

Paul Starzetz og Wojciech Purczynski fra isec.pl har -opdaget en -kritisk sikkerhedssårbarhed i Linux' hukommelseshåndteringskode i systemkaldet -mremap(2). På grund af manglende kontrol af interne funktioners returværdier -kan en lokal angriber opnå root-rettigheder.

- -

I den stabile distribution (woody) er dette problem rettet i -version 011226.16 af kerne- og kildekode-pakkerne til ia64.

- -

Andre arkitekturer er eller vil blive omtalt i separate bulletiner eller er -ikke påvirkede (m68k).

- -

I den ustabile distribution (sid) vil dette problem blive rettet i version -2.4.24-3.

- -

Dette problem er også rettet i opstrøms version af Linux 2.4.25 og 2.6.3.

- -

Vi anbefaler at du omgående opgraderer dine Linux kernel-pakker.

- -

Sårbarhedsmatrix for CAN-2004-0077.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-444.data" -#use wml::debian::translation-check translation="f80bad83ef3e835cb82bdcd1c3f52868fc57cdea" mindelta="1" diff --git a/danish/security/2004/dsa-445.wml b/danish/security/2004/dsa-445.wml deleted file mode 100644 index 923bae819f5..00000000000 --- a/danish/security/2004/dsa-445.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Ulf Härnhammar fra Debians sikkerhedsauditprojekt har opdaget en sårbarhed i -lbreakout2, et spil, hvor der manglede korrekt grænsekontol i forbindelse med -miljøvariabler. Denne fejl kunne udnyttes af en lokal angriber til at opnå -rettighederne hørene til gruppen "games".

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 2.2.2-1woody1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din lbreakout2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-445.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2004/dsa-446.wml b/danish/security/2004/dsa-446.wml deleted file mode 100644 index ceb585ce876..00000000000 --- a/danish/security/2004/dsa-446.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker filoprettelse - -

Ulf Härnhammar fra Debians sikkerhedsauditprojekt har opdaget en sårbarhed i -synaesthesia, et program som præsenterer lyde visuelt. synaesthesia oprettede -sin opsætningsfil mens det havde root-rettigheder, hvilket gjorde det muligt -for en lokal bruger at oprette filer ejet af root og skrivbare fra brugerens -primære gruppe. Denne form for sårbarhed kan normalt let udnyttes på -forskellig vis, til at udføre vilkårlig kode med root-rettigheder.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 2.1-2.1woody1.

- -

Den ustabile distribution (sid) er ikke påvirket af dette problem, fordi -synaesthesia er længere er setuid.

- -

Vi anbefaler at du opdaterer din synaesthesia-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-446.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2004/dsa-447.wml b/danish/security/2004/dsa-447.wml deleted file mode 100644 index fdb6df8012c..00000000000 --- a/danish/security/2004/dsa-447.wml +++ /dev/null @@ -1,24 +0,0 @@ -formatstreng - -

Ulf Härnhammar fra Debians sikkerhedsauditprojekt har opdaget en -formatstrengssårbarhed i hsftp. Denne sårbarhed kunne udnyttes af en angriber -med mulighed for at oprette filer med omhyggeligt fremstillede navne på en -fjern server, som brugeren kunne tilslutte sig ved hjælp af hsftp. Når -brugeren bad om en liste over en mappes indhold, kunne bestemte bytes i -hukommelsen blive overskrevet, potentielt gørende det muligt at udføre -vilkårlig kode med rettighederne hørende til den bruger der kørte hsftp.

- -

Bemærk at selvom hsftp installeres setuid root, anvendes disse rettigheder -til at allokere låst hukommelse, hvorefter rettighederne opgives væk.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 1.11-1woody1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din hsftp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-447.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2004/dsa-448.wml b/danish/security/2004/dsa-448.wml deleted file mode 100644 index 0b7a21c011b..00000000000 --- a/danish/security/2004/dsa-448.wml +++ /dev/null @@ -1,22 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i pwlib, et bibliotek der anvendes som et -værktøj ved udvikling af tilpasningsvenlige programmer, hvorved en -fjernangriber kunne forårsage et lammelsesangreb eller potentielt udføre -vilkårlig kode. Dette bibliotek anvendes mest bemærkelsesværdigt i flere -programmer som implementerer telekonferenceprotokollen H.323, blandt andre -OpenH323-programsamlingen, samt gnomemeeting og asterisk.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 1.2.5-5woody1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet. -Se Debians fejl nummer 233888 for -flere oplysninger.

- -

Vi anbefaler at du opdaterer din pwlib-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-448.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" mindelta="1" diff --git a/danish/security/2004/dsa-449.wml b/danish/security/2004/dsa-449.wml deleted file mode 100644 index 54384970c59..00000000000 --- a/danish/security/2004/dsa-449.wml +++ /dev/null @@ -1,26 +0,0 @@ -bufferoverløb, formatstreng-fejl - -

Ulf Härnhammar har opdaget to formatstreng-fejl -(\ -CAN-2004-0104) og two ufferoverløbsfejl -(\ -CAN-2004-0105) i metamail, en implementering af MIME. En angriber kunne -omhyggeligt fremstille en e-mail, der ville udføre vilkårlig kode med offerets -rettigheder, når det blev åbnet og fortoklet via metamail.

- -

Vi har lagt noget arbejdet i at undgå, at distribuere metamail i fremtiden. -Det er ikke muligt at vedligeholde programmet mere og disse fejl er formentlig -ikke de sidste sårbarheder i det.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.7-45woody.2.

- -

I den ustabile distribution (sid) vil disse problemer blive rettet i version -2.7-45.2.

- -

Vi anbefaler at du opgraderer din metamail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-449.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-450.wml b/danish/security/2004/dsa-450.wml deleted file mode 100644 index e9bdb14f407..00000000000 --- a/danish/security/2004/dsa-450.wml +++ /dev/null @@ -1,54 +0,0 @@ -flere sårbarheder - -

Flere lokale root-udnyttelser er blevet opdaget for nylig i Linux-kernen. -Med dette sikkerhedsbulletin opdateres kernen til mips 2.4.19 i Debian -GNU/Linux. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer som er rettet i forbindelse med denne opdatering:

- -
    - -
  • \ - CAN-2003-0961: - -

    Et heltalsoverløb i systemkaldet brk() (funktionen do_brk() ) til Linux - gør det muligt for en lokal angriber at opnå root-rettigheder. Rettet af - opstrøm i Linux 2.4.23.

    - -
  • \ - CAN-2003-0985: - -

    Paul Starzetz har - opdaget en - fejl i grænsekontrollen i mremap() i Linux-kernen (fejlen findes i version - 2.4.x og 2.6.x) som kan gøre det muligt for en lokal angriber at opnå - root-rettigheder. Version 2.2 er ikke påvirket af denne fejl. Rettet af - opstrøm i Linux 2.4.24.

    - -
  • \ - CAN-2004-0077: - -

    Paul Starzetz og Wojciech Purczynski fra isec.pl har - opdaget en - kritisk sikkerhedssårbarhed i Linux' hukommelseshåndteringskode i systemkaldet - mremap(2). På grund af manglende kontrol af interne funktioners - returværdier kan en lokal angriber opnå root-rettigheder. Rettet af opstrøm - i Linux 2.4.25 and 2.6.3.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.4.19-0.020911.1.woody3 af pakkerne til mips og version -2.4.19-4.woody1 af pakken kernel-source.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet -med den næste upload af en 2.4.19-kernepakke og i version 2.4.22-0.030928.3 -til 2.4.22.

- -

Vi anbefaler at du omgående opgraderer dine Linux kernel-pakker.

- -

Sårbarhedsmatrix for CAN-2004-0077.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-450.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-451.wml b/danish/security/2004/dsa-451.wml deleted file mode 100644 index 9049002d212..00000000000 --- a/danish/security/2004/dsa-451.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Steve Kemp har opdaget et antal bufferoverløb-sårbarheder i xboing, et spil, -der kunne udnyttes af en lokal agriber til at opnå gid "games".

- -

I den nuværende stabile distribution (woody) er disse problemer -rettet i version 2.4-26woody1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.4-26.1.

- -

Vi anbefaler at du opdaterer din xboing-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-451.data" -#use wml::debian::translation-check translation="cfd287f5068aac1e849e6a9c60f8cd18d5215c9a" mindelta="1" diff --git a/danish/security/2004/dsa-452.wml b/danish/security/2004/dsa-452.wml deleted file mode 100644 index 5e76b54670a..00000000000 --- a/danish/security/2004/dsa-452.wml +++ /dev/null @@ -1,20 +0,0 @@ -lammelsesangreb - -

Apache Software Foundation har annoncerer at nogle udgaver af mod_python -indeholder en fejl, der ved behandling af en forespørgsel med en misdannet -forespørgselsstreng, kunne få den tilsvarende Apache-childproces til at gå ned. -Fejlen kunne udnyttes af en fjernangriber til at forårsage et -lammelsesangreb.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 2:2.7.8-0.0woody2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:2.7.10-1.

- -

Vi anbefaler at du opdaterer din libapache-mod-python-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-452.data" -#use wml::debian::translation-check translation="493539ed71fe4d8034e91c5f3d9b142635c6f9ef" mindelta="1" diff --git a/danish/security/2004/dsa-453.wml b/danish/security/2004/dsa-453.wml deleted file mode 100644 index d8f767f7f83..00000000000 --- a/danish/security/2004/dsa-453.wml +++ /dev/null @@ -1,86 +0,0 @@ -fejlende funktion og TLB-tømning - -

Paul Starzetz og Wojciech Purczynski fra isec.pl har -opdaget en -kritisk sikkerhedssårbarhed i hukommelseshåndteringskoden i Linux i systemkaldet -mremap(2). På grund for tidlig tømning af TLB'en (Translation Lookaside -Buffer, et adressemellemlager) er det muligt for en angriber at iværksætte -en lokal root-udnyttelse.

- -

Angrebsparametrene gælder dog kun kerneserierne 2.4.x og 2.2.x. Før troede -vi at den udnytbare sårbarhed i 2.4.x ikke fandtes i 2.2.x, hvilket stadig er -korrekt. Dog har det vist sig at en anden men tilsvarende sårbarhed (eller -noget i den retning) faktisk kan udnyttes i 2.2.x, men ikke i 2.4.x.

- -

I den stabile distribution (woody) er dette problem rettet i følgende -versioner og arkitekturer:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
pakkearkitekturversion
kernel-source-2.2.20source2.2.20-5woody3
kernel-image-2.2.20-i386i3862.2.20-5woody5
kernel-image-2.2.20-reiserfs-i386i3862.2.20-4woody1
kernel-image-2.2.20-amigam68k2.20-4
kernel-image-2.2.20-atarim68k2.2.20-3
kernel-image-2.2.20-bvme6000m68k2.2.20-3
kernel-image-2.2.20-macm68k2.2.20-3
kernel-image-2.2.20-mvme147m68k2.2.20-3
kernel-image-2.2.20-mvme16xm68k2.2.20-3
kernel-patch-2.2.20-powerpcpowerpc2.2.20-3woody1
- -

I den ustabile distribution (sid) vil dette problem snart blive rettet hvad -angår de arkitekturer som stadig leveres med en 2.2.x-kernepakke.

- -

Vi anbefaler at du opgraderer din Linux kernepakke.

- -

Sårbarhedsmatrix for CAN-2004-0077.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-453.data" -#use wml::debian::translation-check translation="f80bad83ef3e835cb82bdcd1c3f52868fc57cdea" mindelta="1" diff --git a/danish/security/2004/dsa-454.wml b/danish/security/2004/dsa-454.wml deleted file mode 100644 index c19c2f9bfb0..00000000000 --- a/danish/security/2004/dsa-454.wml +++ /dev/null @@ -1,46 +0,0 @@ -fejlende funktion og TLB-tømning - -

Paul Starzetz og Wojciech Purczynski fra isec.pl har -opdaget en -kritisk sikkerhedssårbarhed i hukommelseshåndteringskoden i Linux i -systemkaldet mremap(2). På grund for tidlig tømning af TLB'en (Translation -Lookaside Buffer, et adressemellemlager) er det muligt for en angriber at -iværksætte en lokal root-udnyttelse.

- -

Angrebsparametrene gælder dog kun kerneserierne 2.4.x og 2.2.x. Før troede -vi at den udnytbare sårbarhed i 2.4.x ikke fandtes i 2.2.x, hvilket stadig er -korrekt. Dog har det vist sig at en anden men tilsvarende sårbarhed (eller -noget i den retning) faktisk kan udnyttes i 2.2.x, men ikke i 2.4.x.

- -

I den stabile distribution (woody) er dette problem rettet i følgende -versioner og arkitekturer:

- - - - - - - - - - - - - - - - - -
pakkearkitekturversion
kernel-source-2.2.22source2.2.22-1woody1
kernel-image-2.2.22-alphaalpha2.2.22-2
- -

I den ustabile distribution (sid) vil dette problem snart blive rettet hvad -angår arkitekturer som stadig leveres med en 2.2.x-kernepakke.

- -

Vi anbefaler at du opgraderer din Linux kernepakke.

- -

Sårbarhedsmatrix for CAN-2004-0077.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-454.data" -#use wml::debian::translation-check translation="f80bad83ef3e835cb82bdcd1c3f52868fc57cdea" mindelta="1" diff --git a/danish/security/2004/dsa-455.wml b/danish/security/2004/dsa-455.wml deleted file mode 100644 index 4c971ad7214..00000000000 --- a/danish/security/2004/dsa-455.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb - -

libxml2 er et bibliotek til behandling af XML-filer.

- -

Yuuichi Teranishi (寺西 裕一) har opdaget en fejl i -libxml, GNOMEs XML-bibliotek. Ved hentning af en fjernressource via FTP eller -HTTP, anvender biblioteket særlige fortolkningsrutiner der kan få en buffer til -at løbe over, hvis rutinerne modtager en meget lang URL. Hvis det lykkes en -angriber at finde et program som anvender libxml1 eller libxml2, og som -fortolker fjernressourcer samt tillader en angriber at fremstille URL'en, så -kan denne fejl udnytte til at udføre vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.8.17-2woody1 af libxml og version 2.4.19-4woody1 af libxml2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.8.17-5 af libxml og version 2.6.6-1 af libxml2.

- -

Vi anbefaler at du opgraderer dine libxml1- og libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-455.data" -#use wml::debian::translation-check translation="23ff658118ba35b8c7c48573709831c1f4e1ce89" mindelta="1" diff --git a/danish/security/2004/dsa-456.wml b/danish/security/2004/dsa-456.wml deleted file mode 100644 index 425cbec5395..00000000000 --- a/danish/security/2004/dsa-456.wml +++ /dev/null @@ -1,28 +0,0 @@ -fejlende funktion og TLB-tømning - -

Paul Starzetz og Wojciech Purczynski fra isec.pl har -opdaget en -kritisk sikkerhedssårbarhed i hukommelseshåndteringskoden i Linux i systemkaldet -mremap(2). På grund for tidlig tømning af TLB'en (Translation Lookaside -Buffer, et adressemellemlager) er det muligt for en angriber at iværksætte -en lokal root-udnyttelse.

- -

Angrebsparametrene gælder dog kun kerneserierne 2.4.x og 2.2.x. Før troede -vi at den udnytbare sårbarhed i 2.4.x ikke fandtes i 2.2.x, hvilket stadig er -korrekt. Dog har det vist sig at en anden men tilsvarende sårbarhed (eller -noget i den retning) faktisk kan udnyttes i 2.2.x, men ikke i 2.4.x.

- -

I den stabile distribution (woody) er dette problem rettet i -version 20040303 af 2.2 kerneaftrykkene til arm-arkitekturen.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet hvad -angår arkitekturer som stadig leveres med en 2.2.x-kernepakke.

- -

Vi anbefaler at du opgraderer din Linux-kernepakke.

- -

Sårbarhedsmatrix for CAN-2004-0077.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-456.data" -#use wml::debian::translation-check translation="f80bad83ef3e835cb82bdcd1c3f52868fc57cdea" mindelta="1" diff --git a/danish/security/2004/dsa-457.wml b/danish/security/2004/dsa-457.wml deleted file mode 100644 index 09238ac5e23..00000000000 --- a/danish/security/2004/dsa-457.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Der er optaget to sårbarheder i wu-ftpd:

- -
    -
  • \ - CAN-2004-0148 - -

    Glenn Stewart har opdaget at brugere kunne omgå de - mappeadgangsrestriktioner, som pålægges via valgmuligheden restricted-gid, - ved at ændre deres hjemmemappes rettigheder. Ved en efterfølgende login, - hvor adgang til brugerens hjemmemappe blev nægtet, brugte wu-ftpd i stedet - root-mappen.

    -
    • - -
  • \ - CAN-2004-0185 - -

    Der var et bufferoverløb i wu-ftpds kode som har med autentificering af - S/key at gøre.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.6.2-3woody4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.6.2-17.1.

- -

Vi anbefaler at du opdaterer din wu-ftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-457.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-458.wml b/danish/security/2004/dsa-458.wml deleted file mode 100644 index d679060f5e0..00000000000 --- a/danish/security/2004/dsa-458.wml +++ /dev/null @@ -1,29 +0,0 @@ -bufferoverløb - -

Denne sikkerhedsbulletin korrigerer DSA 458-2 der forårsagede a problem i -rutinen gethostbyaddr.

- -

Den oprindelige bulletins tekst var:

- -
-

Sebastian Schmidt har opdaget en bufferoverløbsfejl i Pythons -getaddrinfo-funktion, hvilket kunne muliggøre at en IPv6-adresse, leveret via -DNS af en fjernangriber, kunne hukommelse i stakken.

- -

Denne fejl findes kun i python 2.2 og 2.2.1, og kun når understøttelse af -IPv6 er slået fra. Pakken python2.2 i Debian "woody" opfylder disse -betingelser (pakken "python" gør ikke).

-
- -

I den stabile distribution (woody), er denne fejl rettet i version -2.2.1-4.6.

- -

Distributionen testing (sarge) og den ustabile distribution (sid) er ikke -påvirket af dette problem.

- -

Vi anbefaler at du opdaterer dine python2.2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-458.data" -#use wml::debian::translation-check translation="cab8d3bd891eb1055bbb9269e1705968f26c53d0" mindelta="1" diff --git a/danish/security/2004/dsa-459.wml b/danish/security/2004/dsa-459.wml deleted file mode 100644 index 3ec244ab54f..00000000000 --- a/danish/security/2004/dsa-459.wml +++ /dev/null @@ -1,21 +0,0 @@ -gennemløb af cookie-sti - -

Der er opdaget en sårbarhed i KDE hvor stibegrænsninger på cookier kunne -omgås ved hjælp af indkodede relative stikomponenter (for eksempel "/../"). -Dette betyder at hvis en cookie som kun skulle sendes af browseren til et -program der kører i /app1, så ville browseren uforvarende også sende en -forspørgsel til /app2 på den samme server.

- -

I den nuværende stabile distribution (woody) er dette problem rettet i -kdelibs version 4:2.2.2-6woody3 og kdelibs-crypto version -4:2.2.2-13.woody.9.

- -

I den ustabile distribution (sid) er dette problem rettet i kdelibs -version 4:3.1.3-1.

- -

Vi anbefaler at du opdaterer dine kdelibs- og kdelibs-crypto-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-459.data" -#use wml::debian::translation-check translation="c70680ffbd027674198b8a5b19d279e3ffe5dbd2" mindelta="1" diff --git a/danish/security/2004/dsa-460.wml b/danish/security/2004/dsa-460.wml deleted file mode 100644 index 20042a11bce..00000000000 --- a/danish/security/2004/dsa-460.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikker midlertidig fil - -

Alan Cox har opdaget at isag-værktøjet (der grafisk viser oplysninger -indsamlet af sysstat-værktøjerne), opretter en midlertidig fil uden at foretage -de nødvendige sikkerhedsforanstaltninger. Denne sårbarhed kunne give en lokal -angriber mulighed for at overskrive filer med rettighederne tilhørende den -bruger, som kørte isag.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 5.0.1-1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din sysstat-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-460.data" -#use wml::debian::translation-check translation="1b3646562c6ac50d777b87d91753a389cffad246" mindelta="1" diff --git a/danish/security/2004/dsa-461.wml b/danish/security/2004/dsa-461.wml deleted file mode 100644 index 21fd7777744..00000000000 --- a/danish/security/2004/dsa-461.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Leon Juranic har opdaget et bufferoverløb i forbindelse med -biblioteksfunktionen getpass(3) i Calife, et program som giver specifikke -brugere superbrugerrettigheder. En lokal angriber kunne potentielt udnytte -denne sårbarhed, med kendskab til en lokal brugers adgangskode og -tilstedeværelsen af mindst en forekomst i /etc/calife.auth, til at udføre -vilkårlig kode med root-rettigheder.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 2.8.4c-1woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.8.6-1.

- -

Vi anbefaler at du opdaterer din calife-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-461.data" -#use wml::debian::translation-check translation="f06976b693056726b71e86693a13b7da96ed161a" mindelta="1" diff --git a/danish/security/2004/dsa-462.wml b/danish/security/2004/dsa-462.wml deleted file mode 100644 index 87e53dda997..00000000000 --- a/danish/security/2004/dsa-462.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende frigivelse af rettigheder - -

Steve Kemp fra Debians sikkerhedsauditprojekt har opdaget et problem i -xitalk, et værktøj til X Window System der kan opfange talk-beskeder. En lokal -bruger kunne udnytte problemet til at udføre vilkårlige kommandoer under GID -utmp. Dette kunne anvendes af en angriber til at fjerne spor fra -utmp-filen.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.1.11-9.1woody1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din xitalk-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-462.data" -#use wml::debian::translation-check translation="9d760cbab9cfb10db0caaad570a11de8adc0314c" mindelta="1" diff --git a/danish/security/2004/dsa-463.wml b/danish/security/2004/dsa-463.wml deleted file mode 100644 index a823efeca70..00000000000 --- a/danish/security/2004/dsa-463.wml +++ /dev/null @@ -1,20 +0,0 @@ -rettighedsforøgelse - -

Samba, en LanManager-lignende fil- og printerserver til Unix, har vist sig -at indeholde en sårbarhed hvor en lokal bruger kunne anvende værktøjet -"smbmnt", som er setuid root, til at mount'e en fil-share fra en fjernserver -som indeholdt setuid-programmer i brugerens kontrol. Disse programmer kunne -dernæst blive kørt for at opnå rettigheder på det lokale system.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 2.2.3a-13.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.0.2-2.

- -

Vi anbefaler at du opdaterer din samba-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-463.data" -#use wml::debian::translation-check translation="68d1a7b16de584b73da2ff5389fe0013174a7770" mindelta="1" diff --git a/danish/security/2004/dsa-464.wml b/danish/security/2004/dsa-464.wml deleted file mode 100644 index fb373d63481..00000000000 --- a/danish/security/2004/dsa-464.wml +++ /dev/null @@ -1,20 +0,0 @@ -ikke-fungerende billedhåndtering - -

Thomas Kristensen har opdaget en sårbarhed i gdk-pixbuf (binær pakke -libgdk-pixbuf2), GdkPixBuf-billedbiblioteket til Gtk, som kan få de omgivende -programmer til at gå ned. For at udnytte dette problem, kunne en fjernangriber -sende en omhyggeligt fremstillet BMP-fil via e-mail, hvilket eksempelvis ville -få Evolution til at gå ned, og det samme gælder formentlig andre programmer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.17.0-2woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.22.0-3.

- -

Vi anbefaler at du opgraderer din libgdk-pixbuf2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-464.data" -#use wml::debian::translation-check translation="178c1fc5fcef8ac7560d128463690fb33188f703" mindelta="1" diff --git a/danish/security/2004/dsa-465.wml b/danish/security/2004/dsa-465.wml deleted file mode 100644 index c79b74bbe85..00000000000 --- a/danish/security/2004/dsa-465.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Der er opdaget to sårbarheder i openssl, en implementering af -SSL-protokollen, ved hjælp af Codenomicon TLS Test Tool. Flere oplysninger -findes i \ -sårbarhedsbulletinet fra NISCC og -\ -OpenSSL-bulletinen. Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende sårbarheder:

- -
    - -
  • \ - CAN-2004-0079 -

    Nul-pointer-tildeling i funktionen do_change_cipher_spec(). En - fjernangriber kunne udføre en omhyggeligt fremstillet SSL/TLS-forhandling - med en server som anvendte OpenSSL-biblioteket, på en måde der fik OpenSSL - til at gå ned. Afhængigt af programmet kunne dette medføre et - lammelsesangreb.

    - -
  • \ - CAN-2004-0081 -

    En fejl i ældre versioner OpenSSL 0.9.6, som kan føre til et - lammelsesangreb (uendelig løkke).

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -openssl version 0.9.6c-2.woody.6, openssl094 version 0.9.4-6.woody.4 -og openssl095 version 0.9.5a-6.woody.5.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opdaterer din openssl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-465.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-466.wml b/danish/security/2004/dsa-466.wml deleted file mode 100644 index 137a5bc38b0..00000000000 --- a/danish/security/2004/dsa-466.wml +++ /dev/null @@ -1,35 +0,0 @@ -fejlende funktion og TLB-tømning - - -

Paul Starzetz og Wojciech Purczynski fra isec.pl har -opdaget en -kritisk sikkerhedssårbarhed i hukommelseshåndteringskoden i Linux i -systemkaldet mremap(2). På grund for tidlig tømning af TLB'en (Translation -Lookaside Buffer, et adressemellemlager) er det muligt for en angriber at -iværksætte en lokal root-udnyttelse.

- -

Angrebsparametrene gælder dog kun kerneserierne 2.4.x og 2.2.x. Før troede -vi at den udnytbare sårbarhed i 2.4.x ikke fandtes i 2.2.x, hvilket stadig er -korrekt. Dog har det vist sig at en anden men tilsvarende sårbarhed (eller -noget i den retning) faktisk kan udnyttes i 2.2.x, men ikke i 2.4.x.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.2.10-13woody1 af 2.2 kernel-image-pakkerne til arkitekturen -powerpc/apus og i version 2.2.10-2 af Linux 2.2.10-kildekoden.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet -med version 2.4.20 kernel-image-pakken til powerpc/apus. Den gamle 2.2.10 -kernel-image-pakke vil blive fjernet fra Debian unstable.

- -

Det anbefales kraftigt at skifte til den rettede 2.4.17 kernel-image-pakke -til powerpc/apus fra woody indtil 2.4.20 kernel-image-pakken er rettet i den -ustabile distribution.

- -

Vi anbefaler at du opgraderer din Linux kernel-pakke.

- -

Sårbarhedsmatrix for CAN-2004-0077.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-466.data" -#use wml::debian::translation-check translation="f80bad83ef3e835cb82bdcd1c3f52868fc57cdea" mindelta="1" diff --git a/danish/security/2004/dsa-467.wml b/danish/security/2004/dsa-467.wml deleted file mode 100644 index 91d7e5bb020..00000000000 --- a/danish/security/2004/dsa-467.wml +++ /dev/null @@ -1,28 +0,0 @@ -flere sårbarheder - -

Timo Sirainen har opdaget to sårbarheder i ecartis, et håndteringsystem til -postlister.

- - - -

I den stabile distribution (woody) er disse problemer rettet i -version 0.129a+1.0.0-snap20020514-1.2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.0.0+cvs.20030911.

- -

Vi anbefaler at du opdaterer din ecartis-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-467.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-468.wml b/danish/security/2004/dsa-468.wml deleted file mode 100644 index a0a524cad8a..00000000000 --- a/danish/security/2004/dsa-468.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere sårbarheder - -

Ulf Härnhammar har opdaget et antal sårbarheder i emil, et filter til -konvertering af e-mail-meddelelser fra Internet. Sårbarhederne findes i to -kategorier::

- -
    - -
  • \ - CAN-2004-0152 -

    Bufferoverløb i (1) funktionen encode_mime, (2) funktione encode_uuencode - og (3) funktionen decode_uuencode. Ved hjælp af en omhyggeligt fremstillet - e-mail-meddelelse, kunne der blive udført vilkårlig kode leveret med - meddelelsen, når denne blev behandlet af emil.

    • - -
  • \ - CAN-2004-0153 -

    Formatrengsfejl i kommandoer som udskriver forskellige fejlmeddelelser. - Potentielle udnyttelser af disse fejl kendes ikke og det er sandsynligvis - afhængigt af opsætningen.

    • - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.1.0-beta9-11woody1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opdaterer din emil-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-468.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-469.wml b/danish/security/2004/dsa-469.wml deleted file mode 100644 index 48caf0671ee..00000000000 --- a/danish/security/2004/dsa-469.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende validering af inddata - -

Primoz Bratanic har opdaget en fejl i libpam-pgsql, et PAM-modul til -autentifikation ved hjælp af en PostgreSQL-database. Biblioteket indkapsler -ikke alle brugerleverede data som sendes til databasen. En angriber kunne -udnytte denne fejl til at indsætte SQL-kommandoer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.5.2-3woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.5.2-7.1.

- -

Vi anbefaler at du opgraderer din libpam-pgsql-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-469.data" -#use wml::debian::translation-check translation="ea7bd894c29fce0ef0ed2558c46e37662aeed4ad" mindelta="1" diff --git a/danish/security/2004/dsa-470.wml b/danish/security/2004/dsa-470.wml deleted file mode 100644 index 6cd28716fed..00000000000 --- a/danish/security/2004/dsa-470.wml +++ /dev/null @@ -1,48 +0,0 @@ -flere sårbarheder - -

Flere lokale root-udnyttelser er blevet opdaget for nylig i Linux-kernen. -Denne sikkerhedsbulletin opdaterer Debian GNU/Linux' kerne 2.4.17 til hppa. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer, som er rettet i forbindelse med denne opdatering:

- -
    - -
  • \ - CAN-2003-0961: - -

    Et heltalsoverløb i systemkaldet brk() (funktionen do_brk() ) til Linux - gør det muligt for en lokal angriber at opnå root-rettigheder. Rettet af - opstrøm i Linux 2.4.23.

    - -
  • \ - CAN-2003-0985: - -

    Paul Starzetz har opdaget en fejl i grænsekontrollen i mremap() i - Linux-kernen (fejlen findes i version 2.4.x og 2.6.x) som kan gøre det - muligt for en lokal angriber at opnå root-rettigheder. Version 2.2 er ikke - påvirket af denne fejl. Rettet af opstrøm i Linux 2.4.24.

    - -
  • CAN-2004-0077: - -

    Paul Starzetz og Wojciech Purczynski fra isec.pl har opdaget en kritisk - sikkerhedssårbarhed i Linux' hukommelseshåndteringskode i systemkaldet - mremap(2). På grund af manglende kontrol af interne funktioners - returværdier kan en lokal angriber opnå root-rettigheder. Rettet af opstrøm - i Linux 2.4.25 and 2.6.3.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 32.3 af kernel-image-2.4.17-hppa.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.4.25-1 af kernel-image-2.4.25-hppa.

- -

Vi anbefaler at du omgående opgraderer dine Linux kernel-pakker.

- -

Sårbarhedsmatrix for CAN-2004-0077.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-470.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-471.wml b/danish/security/2004/dsa-471.wml deleted file mode 100644 index dbfa07fc274..00000000000 --- a/danish/security/2004/dsa-471.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Der er nyligt opdaget en sårbarhed i Interchange, et e-handels- og generelt -HTTP-databasevisningssystem. Denne sårbarhed kan udnyttes af en angriber til -at vise indholdet af vilkårlige variable. En angriber kan få fat i -SQL-adgangsoplysninger til dit Interchange-program og anvende oplysningerne til -at læse og manipulere følsomme oplysninger.

- -

I den stabile distribution (woody) er dette problem rettet i -version 4.8.3.20020306-1.woody.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 5.0.1-1.

- -

Vi anbefaler at du opgraderer din interchange-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-471.data" -#use wml::debian::translation-check translation="5b50487c47ff3048ea5bc2f09a4e3270aa042204" mindelta="1" diff --git a/danish/security/2004/dsa-472.wml b/danish/security/2004/dsa-472.wml deleted file mode 100644 index 4ee1a59d7cf..00000000000 --- a/danish/security/2004/dsa-472.wml +++ /dev/null @@ -1,24 +0,0 @@ -flere sårbarheder - -

Steve Kemp og Jaguar har opdaget flere bufferoverløbssårbarheder i vfte, en -udgave af fte-editoren som kører under Linux-konsollen, i pakken fte-console. -Dette program er setuid root for at udvøre visse systemnære handlinger fra -konsollen.

- -

På grund af disse fejl, er setuid-rettigheden fjernet fra vfte, hvilket gør -at det kun er brugbart af root. Vi anbefaler i stedet at anvende -terminaludgaven (i fte-terminal-pakken), som kører på alle kapable terminaler, -deriblandt også Linux-konsollen.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 0.49.13-15woody1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.50.0-1.1.

- -

Vi anbefaler at du opdaterer din fte-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-472.data" -#use wml::debian::translation-check translation="8cc2a5470ec79874964656d8be1fbd1ab8b8c4b7" mindelta="1" diff --git a/danish/security/2004/dsa-473.wml b/danish/security/2004/dsa-473.wml deleted file mode 100644 index 13b47a03a46..00000000000 --- a/danish/security/2004/dsa-473.wml +++ /dev/null @@ -1,18 +0,0 @@ -lammelsesangreb - -

En sårbarheder er opdaget i oftpd, en anonym ftp-server, hvor en -fjernangriber kunne få oftpd-processen til at gå ned, ved at angive en stor -værdi i en PORT-kommando.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.3.6-6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 20040304-1.

- -

Vi anbefaler at du opdaterer din oftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-473.data" -#use wml::debian::translation-check translation="4b8fa197a23da6aca91efe86a11d2423a1d6239e" mindelta="1" diff --git a/danish/security/2004/dsa-474.wml b/danish/security/2004/dsa-474.wml deleted file mode 100644 index 7ea670d320d..00000000000 --- a/danish/security/2004/dsa-474.wml +++ /dev/null @@ -1,22 +0,0 @@ -ACL-omgåelse - -

En sårbarhed er opdaget i squid, et Internet-objektmellemlager (cache), -hvorved adgangskontrollister baseret på URL'er kunne omgås -(\ -CAN-2004-0189). To andre fejl blev også rettet, med rettelserne -squid-2.4.STABLE7-url_escape.patch (et bufferoverløb som ikke lader til at -kunne udnyttes) og squid-2.4.STABLE7-url_port.patch (et potentielt -lammelsesangreb).

- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.4.6-2woody2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.5.5-1.

- -

Vi anbefaler at du opdaterer din squid-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-474.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-475.wml b/danish/security/2004/dsa-475.wml deleted file mode 100644 index fd0d51f15d1..00000000000 --- a/danish/security/2004/dsa-475.wml +++ /dev/null @@ -1,50 +0,0 @@ -flere sårbarheder - -

Flere lokale root-udnyttelser er nyligt opdaget i Linux-kernen. Dette -sikkerhedsbulletin opdaterer Debian GNU/Linux' kerne 2.4.18 til PA-RISC. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer, som er rettet i forbindelse med denne opdatering:

- -
    - -
  • \ - CAN-2003-0961: - -

    Et heltalsoverløb i systemkaldet brk() (funktionen do_brk() ) til Linux - gør det muligt for en lokal angriber at opnå root-rettigheder. Rettet af - opstrøm i Linux 2.4.23.

    - -
  • \ - CAN-2003-0985: - -

    Paul Starzetz har opdaget en fejl i grænsekontrollen i mremap() i - Linux-kernen (fejlen findes i version 2.4.x og 2.6.x) som kan gøre det - muligt for en lokal angriber at opnå root-rettigheder. Version 2.2 er ikke - påvirket af denne fejl. Rettet af opstrøm i Linux 2.4.24.

    - -
  • CAN-2004-0077: - -

    Paul Starzetz og Wojciech Purczynski fra isec.pl har opdaget en kritisk - sikkerhedssårbarhed i Linux' hukommelseshåndteringskode i systemkaldet - mremap(2). På grund af manglende kontrol af interne funktioners - returværdier kan en lokal angriber opnå root-rettigheder. Rettet af opstrøm - i Linux 2.4.25 and 2.6.3.

    - -
- -

Bemærk at det er nødvendigt, at kildekode-pakken indeholder mange -opdateringer, for at kunne oversætte pakken, hvilket ikke var muligt med den -gamle kildekode-pakke.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 62.1 af kernel-image-2.4.18-hppa.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.4.25-1 af kernel-image-2.4.25-hppa.

- -

Vi anbefaler at du omgående opgraderer dine Linux kernel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-475.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-476.wml b/danish/security/2004/dsa-476.wml deleted file mode 100644 index 2dfbfdf0b5a..00000000000 --- a/danish/security/2004/dsa-476.wml +++ /dev/null @@ -1,20 +0,0 @@ -cross-realm - -

Ifølge en \ -sikkerhedsbulletin fra heimdal-projektet, har heimdal, en samling af -programmer hvori Kerberos-protokollen er implementeret, en -"en cross-realm-sårbarhed der gør det muligt for nogen med kontrol over et -realm at give sig ud for hvem som helst i den betroede cross-realm-sti."

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 0.4e-7.woody.8.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.6.1-1.

- -

Vi anbefaler at du opdaterer din heimdal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-476.data" -#use wml::debian::translation-check translation="f3657c13b97888aba1662bb99c877aae3e4965c3" mindelta="1" diff --git a/danish/security/2004/dsa-477.wml b/danish/security/2004/dsa-477.wml deleted file mode 100644 index 23aa9081c64..00000000000 --- a/danish/security/2004/dsa-477.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikker oprettelse af midlertidig fil - -

Shaun Colley har opdaget et problem i xine-ui, xine-filmafspillerens -brugergrænseflade. Et skript medleveret i pakken til en mulig problemløsning -eller fejlrapportering, opretter ikke midlertidige filer på en sikker måde. -Dette kunne gøre det muligt for en lokal angriber, at overskrive filer med -rettighederne tilhørende brugeren der kørte xine.

- -

Denne opdatering fjerner også fejlrapporteringsfunktionaliteten, da -fejlrapporter ikke længere kan behandles hos opstrøm.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.9.8-5.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din xine-ui-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-477.data" -#use wml::debian::translation-check translation="aba1ad49e7c84a9132c53b4636e9be1a1f62c9ac" mindelta="1" diff --git a/danish/security/2004/dsa-478.wml b/danish/security/2004/dsa-478.wml deleted file mode 100644 index ee1693aeffb..00000000000 --- a/danish/security/2004/dsa-478.wml +++ /dev/null @@ -1,19 +0,0 @@ -lammelsesangreb - -

tcpdump, et værktøj til netværksovervågning og dataindsamling, har vist sig -at indeholde to særbarheder, hvorved tcpdump kunne gå ned via forsøg på at læse -fra ugyldige hukommelsesområder. Denne fejl udløses af visse ugyldige -ISAKMP-pakker.

- -

I den nuværende stabile distribution (woody) er disse problemer -rettet i version 3.6.2-2.8.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.7.2-4.

- -

Vi anbefaler at du opdaterer din tcpdump-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-478.data" -#use wml::debian::translation-check translation="05a9acf0abdd99c9ab270ad69ec3eae0727b4817" mindelta="1" diff --git a/danish/security/2004/dsa-479.wml b/danish/security/2004/dsa-479.wml deleted file mode 100644 index 52c86d2d0c2..00000000000 --- a/danish/security/2004/dsa-479.wml +++ /dev/null @@ -1,104 +0,0 @@ -flere sårbarheder - -

Flere alvorlige problemer er opdaget i Linux-kernen. Denne opdatering -dækker 2.4.18 til arkitekturerne alpha, i386 og powerpc. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer som -vil blive rettet i forbindelse med denne opdatering:

- -
    - -
  • \ - CAN-2004-0003 - -

    En sårbarhed er opdaget i R128 DRI-driver i Linux-kernen, hvilket potentielt - kunne føre til at en angriber kunne opnå uautoriserede rettigheder. Alan - Cox og Thomas Biege har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0010 - -

    Arjan van de Ven har opdaget et stak-baseret bufferoverløb i funktionen - ncp_lookup til ncpfs i Linux-kernen, hvilket kunne føre til at en angriber - kunne opnå uautoriserede rettigheder. Petr Vandrovec har udviklet en - rettelse til dette problem.

    • - -
  • \ - CAN-2004-0109 - -

    zen-parse har opdaget en bufferoverløbssårbarhed i - ISO9660-filsystemkomponenten i Linux-kernen, hvilket kunne misbruges af en - angriber til at opnå uautoriseret root-adgang. Sebastian Krahmer og Ernie - Petrides har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0177 - -

    Solar Designer har opdaget en informationslækage i ext3-koden i Linux. - I værste fald kunne en angriber læse følsomme oplysninger såsom - krypografiske nøgler, der ellers aldrig ville komme i berører med - disk-baserede medier. Theodore Ts'o har udviklet en rettelse til dette - problem.

    • - -
  • \ - CAN-2004-0178 - -

    Andreas Kies har opdaget et lammelsesangreb-risiko i Sound - Blaster-driveren i Linux. Han udviklede også en rettelse.

    • - -
- -

Disse problemer vil også blive rettet af opstrøm i Linux 2.4.26 og -vil være rettet i 2.6.6.

- -

Følgende sikkerhedsmatrix forklarer hvilke kerneversioner til hvilke -arkitekturer, som allerede er rettet. Kerne-aftrykkene i Debians ustabile -distribution (sid) vil snart blive rettet.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Arkitekturstabil (woody)ustabil (sid)fjernet fra sid
kildekode2.4.18-14.32.4.25-3
alpha2.4.18-15snart
i3862.4.18-13snart
i386bf2.4.18-5woody8snart
powerpc2.4.18-1woody52.4.25-82.4.22
- -

Vi anbefaler at du omgående opgraderer dine kernel-pakker, enten med en -kerne leveret af Debian eller med en hjemmeoversat kerne.

- -

Sårbarhedsmatrix for CAN-2004-0109.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-479.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-480.wml b/danish/security/2004/dsa-480.wml deleted file mode 100644 index db382b703ea..00000000000 --- a/danish/security/2004/dsa-480.wml +++ /dev/null @@ -1,67 +0,0 @@ -flere sårbarheder - -

Flere alvorlige problemer er opdaget i Linux-kernen. Denne opdatering -dækker Linux 2.4.17 og 2.4.18 til arkitekturen hppa (PA-RISC). Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende problemer som -vil blive rettet i forbindelse med denne opdatering:

- -
    - -
  • \ - CAN-2004-0003 - -

    En sårbarhed er opdaget i R128 DRI-driver i Linux-kernen, hvilket potentielt - kunne føre til at en angriber kunne opnå uautoriserede rettigheder. Alan - Cox og Thomas Biege har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0010 - -

    Arjan van de Ven har opdaget et stak-baseret bufferoverløb i funktionen - ncp_lookup til ncpfs i Linux-kernen, hvilket kunne føre til at en angriber - kunne opnå uautoriserede rettigheder. Petr Vandrovec har udviklet en - rettelse til dette problem.

    • - -
  • \ - CAN-2004-0109 - -

    zen-parse har opdaget en bufferoverløbssårbarhed i - ISO9660-filsystemkomponenten i Linux-kernen, hvilket kunne misbruges af en - angriber til at opnå uautoriseret root-adgang. Sebastian Krahmer og Ernie - Petrides har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0177 - -

    Solar Designer har opdaget en informationslækage i ext3-koden i Linux. - I værste fald kunne en angriber læse følsomme oplysninger såsom - krypografiske nøgler, der ellers aldrig ville komme i berører med - disk-baserede medier. Theodore Ts'o har udviklet en rettelse til dette - problem.

    • - -
  • \ - CAN-2004-0178 - -

    Andreas Kies har opdaget et lammelsesangreb-risiko i Sound - Blaster-driveren i Linux. Han udviklede også en rettelse.

    • - -
- -

Disse problemer vil også blive rettet af opstrøm i Linux 2.4.26 og vil være -rettet i 2.6.6.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 32.4 til Linux 2.4.17 og i version 62.3 til Linux 2.4.18.

- -

I den ustabile distribution (sid) vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du omgående opgraderer dine kernel-pakker, enten med en -kerne leveret af Debian eller med en hjemmeoversat kerne.

- -

Sårbarhedsmatrix for CAN-2004-0109.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-480.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-481.wml b/danish/security/2004/dsa-481.wml deleted file mode 100644 index 6d3f3a7b460..00000000000 --- a/danish/security/2004/dsa-481.wml +++ /dev/null @@ -1,68 +0,0 @@ -flere sårbarheder - -

Flere alvorlige problemer er opdaget i Linux-kernen. Denne opdatering -dækker 2.4.17 til arkitekturen IA-64. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer som vil blive rettet i -forbindelse med denne opdatering:

- -
    - -
  • \ - CAN-2004-0003 - -

    En sårbarhed er opdaget i R128 DRI-driver i Linux-kernen, hvilket potentielt - kunne føre til at en angriber kunne opnå uautoriserede rettigheder. Alan - Cox og Thomas Biege har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0010 - -

    Arjan van de Ven har opdaget et stak-baseret bufferoverløb i funktionen - ncp_lookup til ncpfs i Linux-kernen, hvilket kunne føre til at en angriber - kunne opnå uautoriserede rettigheder. Petr Vandrovec har udviklet en - rettelse til dette problem.

    • - -
  • \ - CAN-2004-0109 - -

    zen-parse har opdaget en bufferoverløbssårbarhed i - ISO9660-filsystemkomponenten i Linux-kernen, hvilket kunne misbruges af en - angriber til at opnå uautoriseret root-adgang. Sebastian Krahmer og Ernie - Petrides har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0177 - -

    Solar Designer har opdaget en informationslækage i ext3-koden i Linux. - I værste fald kunne en angriber læse følsomme oplysninger såsom - krypografiske nøgler, der ellers aldrig ville komme i berører med - disk-baserede medier. Theodore Ts'o har udviklet en rettelse til dette - problem.

    • - -
  • \ - CAN-2004-0178 - -

    Andreas Kies har opdaget et lammelsesangreb-risiko i Sound - Blaster-driveren i Linux. Han udviklede også en rettelse.

    • - -
- -

Disse problemer vil også blive rettet af opstrøm i Linux 2.4.26 og vil være -rettet i 2.6.6.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 011226.17 til Linux 2.4.17.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.4.25-5 til Linux 2.4.25 og i version 2.6.5-1 til Linux -2.6.5.

- -

Vi anbefaler at du omgående opgraderer dine kernel-pakker, enten med en -kerne leveret af Debian eller med en hjemmeoversat kerne.

- -

Sårbarhedsmatrix for CAN-2004-0109.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-481.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-482.wml b/danish/security/2004/dsa-482.wml deleted file mode 100644 index 84bb537409a..00000000000 --- a/danish/security/2004/dsa-482.wml +++ /dev/null @@ -1,87 +0,0 @@ -flere sårbarheder - -

Flere alvorlige problemer er opdaget i Linux-kernen. Denne opdatering -dækker 2.4.17 til arkitekturerne PowerPC/apus and S/390. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer som -vil blive rettet i forbindelse med denne opdatering:

- -
    - -
  • \ - CAN-2004-0003 - -

    En sårbarhed er opdaget i R128 DRI-driver i Linux-kernen, hvilket potentielt - kunne føre til at en angriber kunne opnå uautoriserede rettigheder. Alan - Cox og Thomas Biege har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0010 - -

    Arjan van de Ven har opdaget et stak-baseret bufferoverløb i funktionen - ncp_lookup til ncpfs i Linux-kernen, hvilket kunne føre til at en angriber - kunne opnå uautoriserede rettigheder. Petr Vandrovec har udviklet en - rettelse til dette problem.

    • - -
  • \ - CAN-2004-0109 - -

    zen-parse har opdaget en bufferoverløbssårbarhed i - ISO9660-filsystemkomponenten i Linux-kernen, hvilket kunne misbruges af en - angriber til at opnå uautoriseret root-adgang. Sebastian Krahmer og Ernie - Petrides har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0177 - -

    Solar Designer har opdaget en informationslækage i ext3-koden i Linux. - I værste fald kunne en angriber læse følsomme oplysninger såsom - krypografiske nøgler, der ellers aldrig ville komme i berører med - disk-baserede medier. Theodore Ts'o har udviklet en rettelse til dette - problem.

    • - -
  • \ - CAN-2004-0178 - -

    Andreas Kies har opdaget et lammelsesangreb-risiko i Sound - Blaster-driveren i Linux. Han udviklede også en rettelse.

    • - -
- -

Disse problemer vil også blive rettet af opstrøm i Linux 2.4.26 og vil være -rettet i 2.6.6.

- -

Følgende sikkerhedsmatrix forklarer hvilke kerneversioner til hvilke -arkitekturer, som allerede er rettet.

- - - - - - - - - - - - - - - - - - - - - - -
Arkitekturstabil (woody)ustabil (sid)
kildekode2.4.17-1woody32.4.25-3
powerpc/apus2.4.17-52.4.25-2
s3902.4.17-2.woody.42.4.25-2 (formentlig også 2.4.21-3)
- -

Vi anbefaler at du omgående opgraderer dine kernel-pakker, enten med en -kerne leveret af Debian eller med en hjemmeoversat kerne.

- -

Sårbarhedsmatrix for CAN-2004-0109.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-482.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-483.wml b/danish/security/2004/dsa-483.wml deleted file mode 100644 index ecc4f9247cd..00000000000 --- a/danish/security/2004/dsa-483.wml +++ /dev/null @@ -1,38 +0,0 @@ -usikker oprettelse af midlertidig fil - -

To sårbarheder er opdaget i mysql, et udbredt databasesystem. To skripter -i pakken opretter ikke midlertidige filer på en sikker måde. Dette kunne give -en lokal angriber mulighed for at overskrive filer med rettighederne hørende -til den bruger, der kørte MySQL-serveren, hvilket ofte er brugeren root. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • \ - CAN-2004-0381 - -

    Skriptet mysqlbug i MySQL tillader at lokale brugere kan overskrive - vilkårlige filer med et symlink-angreb.

    • - -
  • \ - CAN-2004-0388 - -

    Skriptet mysqld_multi i MySQL tillader at lokale brugere kan overskrive - vilkårlige filer via et symlink-angreb.

    • - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 3.23.49-8.6.

- -

I den ustabile distribution (sid) vil disse problemer blive rettet i -version 4.0.18-6 of mysql-dfsg.

- -

Vi anbefaler at du opgraderer dine mysql-, mysql-dfsg- og beslægtede -pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-483.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-484.wml b/danish/security/2004/dsa-484.wml deleted file mode 100644 index cd1429502d8..00000000000 --- a/danish/security/2004/dsa-484.wml +++ /dev/null @@ -1,17 +0,0 @@ -rettigheder smides ikke væk - -

Steve Kemp har opdaget en sårbarhed i xonix, et spil, hvor et eksternt -problem blev kaldt mens setgid-rettighederne blev bibeholdt. En lokal angriber -kunne udnytte denne sårbarhed til at opnå gid "games".

- -

I den nuværende stabile distribution (woody) vil dette problem blive rettet -i version 1.4-19woody1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din xonix-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-484.data" -#use wml::debian::translation-check translation="6f265b1bfc5f646ec5888e0db4689f9e18fea9d8" mindelta="1" diff --git a/danish/security/2004/dsa-485.wml b/danish/security/2004/dsa-485.wml deleted file mode 100644 index 45278017656..00000000000 --- a/danish/security/2004/dsa-485.wml +++ /dev/null @@ -1,20 +0,0 @@ -formatstreng - -

Max Vozeler har opdaget to formatstrengssårbarheder i ssmtp, et simpelt -program til posttransport. Værdier, som man ikke havde tillid til, i -funktionerne die() og log_event() blev overført til printf-lignende funktioner -som formatstrenge. Disse sårbarheder kunne potentielt udnyttes af et -fjernt postrelæ til at opnå rettighederne hørende til ssmtp-processen -(deriblandt potentielt root).

- -

I den nuværende stabile distribution (woody) vil dette problem blive rettet -i version 2.50.6.1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din ssmtp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-485.data" -#use wml::debian::translation-check translation="4bf523d9a79c12059040afffd7de6a9b9c840cae" mindelta="1" diff --git a/danish/security/2004/dsa-486.wml b/danish/security/2004/dsa-486.wml deleted file mode 100644 index 78531a95f6a..00000000000 --- a/danish/security/2004/dsa-486.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere sårbarheder - -

To sårbarheder er opdaget og rettet i CVS:

- -
    - -
  • \ - CAN-2004-0180 - -

    Sebastian Krahmer opdagede en sårbarhed hvorved en ondsindet CVS-pserver - kunne oprette vilkårlige filer på klientsystemet under en opdaterings- eller - checkout-handling, ved at levere absolutte stinavne i RCS-diff'er.

    - -
  • \ - CAN-2004-0405 - -

    Derek Robert Price opdagede en sårbarhed hvorved en CVS-pserver kunne - misbruges af en ondsindet klient til at vise indholdet af visse filer udenfor - CVS-rootmappen ved hjælp af relative stinavne indeholdende "../".

    - -
- -

I den nuværende stabile distribution (woody) er disse problemer -rettet i version 1.11.1p1debian-9woody2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opdaterer din cvs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-486.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-487.wml b/danish/security/2004/dsa-487.wml deleted file mode 100644 index 7f9ce24698a..00000000000 --- a/danish/security/2004/dsa-487.wml +++ /dev/null @@ -1,19 +0,0 @@ -formatstreng - -

Flere formatstrengssårbarheder er opdaget i neon, et HTTP- og -WebDAV-klientbibliotek. Disse sårbarheder kunne potentielt udnyttes af en -ondsindet WebDAV-server til at udføre vilkårlig kode med rettighederne -hørende til processen som anvendte libneon.

- -

I den nuværende stabile distribution (woody) er disse problemer -rettet i version 0.19.3-2woody3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.24.5-1.

- -

Vi anbefaler at du opdaterer din neon-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-487.data" -#use wml::debian::translation-check translation="7f973f92a9099b68151cdf911e146c7ef38eacd6" mindelta="1" diff --git a/danish/security/2004/dsa-488.wml b/danish/security/2004/dsa-488.wml deleted file mode 100644 index 4b12e42f667..00000000000 --- a/danish/security/2004/dsa-488.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker midlertidig mappe - -

Christian Jaeger har rapporteret en fejl i logcheck der potentielt kunne -udnyttes af en lokal bruger til at overskrive filer med root-rettigheder. -logcheck anvendte en midlertidig mappe under /var/tmp uden at foretage -sikkerhedsforanstaltninger. Selvom denne mappe oprettes når logcheck -installeres og selvom den findes, er der ingen sårbarhed, men hvis mappen på et -vilkårlig tidspunkt fjernes, så opstår den potentielle udnyttelsesrisiko.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 1.1.1-13.1woody1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.1-13.2.

- -

Vi anbefaler at du opdaterer din logcheck-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-488.data" -#use wml::debian::translation-check translation="46d7f144de04a1fa1b68eecaf0dba2f6f447631d" mindelta="1" diff --git a/danish/security/2004/dsa-489.wml b/danish/security/2004/dsa-489.wml deleted file mode 100644 index cd8611c4364..00000000000 --- a/danish/security/2004/dsa-489.wml +++ /dev/null @@ -1,92 +0,0 @@ -flere sårbarheder - -

Flere alvorlige problemer er opdaget i Linux-kernen. Denne opdatering -dækker 2.4.17 til arkitekturerne MIPS og MIPSel. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer som -vil blive rettet i forbindelse med denne opdatering:

- -
    - -
  • \ - CAN-2004-0003 - -

    En sårbarhed er opdaget i R128 DRI-driver i Linux-kernen, hvilket potentielt - kunne føre til at en angriber kunne opnå uautoriserede rettigheder. Alan - Cox og Thomas Biege har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0010 - -

    Arjan van de Ven har opdaget et stak-baseret bufferoverløb i funktionen - ncp_lookup til ncpfs i Linux-kernen, hvilket kunne føre til at en angriber - kunne opnå uautoriserede rettigheder. Petr Vandrovec har udviklet en - rettelse til dette problem.

    • - -
  • \ - CAN-2004-0109 - -

    zen-parse har opdaget en bufferoverløbssårbarhed i - ISO9660-filsystemkomponenten i Linux-kernen, hvilket kunne misbruges af en - angriber til at opnå uautoriseret root-adgang. Sebastian Krahmer og Ernie - Petrides har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0177 - -

    Solar Designer har opdaget en informationslækage i ext3-koden i Linux. - I værste fald kunne en angriber læse følsomme oplysninger såsom - krypografiske nøgler, der ellers aldrig ville komme i berører med - disk-baserede medier. Theodore Ts'o har udviklet en rettelse til dette - problem.

    • - -
  • \ - CAN-2004-0178 - -

    Andreas Kies har opdaget et lammelsesangreb-risiko i Sound - Blaster-driveren i Linux. Han udviklede også en rettelse.

    • - -
- -

Disse problemer vil også blive rettet af opstrøm i Linux 2.4.26 og -vil være rettet i 2.6.6.

- -

Følgende sikkerhedsmatrix forklarer hvilke kerneversioner til hvilke -arkitekturer, som allerede er rettet og hvilke der i stedet vil blive -fjernet.

- - - - - - - - - - - - - - - - - - - - - - - - - - -
Arkitekturstabil (woody)ustabil (sid)fjernet i sid
kildekode2.4.17-1woody32.4.25-32.4.19-11
mips2.4.17-0.020226.2.woody62.4.25-0.040415.12.4.19-0.020911.8
mipsel2.4.17-0.020226.2.woody62.4.25-0.040415.12.4.19-0.020911.9
- -

Vi anbefaler at du omgående opgraderer dine kernel-pakker, enten med en -kerne leveret af Debian eller med en hjemmeoversat kerne.

- -

Sårbarhedsmatrix for CAN-2004-0109.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-489.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-490.wml b/danish/security/2004/dsa-490.wml deleted file mode 100644 index 06cb33cb625..00000000000 --- a/danish/security/2004/dsa-490.wml +++ /dev/null @@ -1,20 +0,0 @@ -vilkårlig udførelse af kode - -

En sårbarhed er opdaget i indeksunderstøttelsen i ZCatalog-plug-in'en i -Zope, en Open Source-webapplikationsserver. En fejl i ZCatalogs -sikkerhedsindstillinger gjorde det muligt for anonyme brugere at kalde -vilkårlige katalogindekseringsmetoder. Det samme gjaldt kode som man ikke -stoler på.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.5.1-1woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.6.0-0.1 and higher.

- -

Vi anbefaler at du opgraderer din zope-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-490.data" -#use wml::debian::translation-check translation="1075876c98a5b60a2c733400d1dc62bee222e8a8" mindelta="1" diff --git a/danish/security/2004/dsa-491.wml b/danish/security/2004/dsa-491.wml deleted file mode 100644 index 2aed22dda43..00000000000 --- a/danish/security/2004/dsa-491.wml +++ /dev/null @@ -1,86 +0,0 @@ -flere sårbarheder - -

Flere alvorlige problemer er opdaget i Linux-kernen. Denne opdatering -dækker 2.4.19 til MIPS-arkitekturen. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer som -vil blive rettet i forbindelse med denne opdatering:

- -
    - -
  • \ - CAN-2004-0003 - -

    En sårbarhed er opdaget i R128 DRI-driver i Linux-kernen, hvilket potentielt - kunne føre til at en angriber kunne opnå uautoriserede rettigheder. Alan - Cox og Thomas Biege har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0010 - -

    Arjan van de Ven har opdaget et stak-baseret bufferoverløb i funktionen - ncp_lookup til ncpfs i Linux-kernen, hvilket kunne føre til at en angriber - kunne opnå uautoriserede rettigheder. Petr Vandrovec har udviklet en - rettelse til dette problem.

    • - -
  • \ - CAN-2004-0109 - -

    zen-parse har opdaget en bufferoverløbssårbarhed i - ISO9660-filsystemkomponenten i Linux-kernen, hvilket kunne misbruges af en - angriber til at opnå uautoriseret root-adgang. Sebastian Krahmer og Ernie - Petrides har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0177 - -

    Solar Designer har opdaget en informationslækage i ext3-koden i Linux. - I værste fald kunne en angriber læse følsomme oplysninger såsom - krypografiske nøgler, der ellers aldrig ville komme i berører med - disk-baserede medier. Theodore Ts'o har udviklet en rettelse til dette - problem.

    • - -
  • \ - CAN-2004-0178 - -

    Andreas Kies har opdaget et lammelsesangreb-risiko i Sound - Blaster-driveren i Linux. Han udviklede også en rettelse.

    • - -
- -

Disse problemer vil også blive rettet af opstrøm i Linux 2.4.26 og -vil være rettet i 2.6.6.

- -

Følgende sikkerhedsmatrix forklarer hvilke kerneversioner til hvilke -arkitekturer, som allerede er rettet og hvilke der i stedet vil blive -fjernet.

- - - - - - - - - - - - - - - - - - - - -
Arkitekturstabil (woody)ustabil (sid)fjernet i sid
kildekode2.4.19-4.woody22.4.25-32.4.19-11
mips2.4.19-0.020911.1.woody42.4.25-0.040415.12.4.19-0.020911.8
- -

Vi anbefaler at du omgående opgraderer dine kernel-pakker, enten med en -kerne leveret af Debian eller med en hjemmeoversat kerne.

- -

Sårbarhedsmatrix for CAN-2004-0109.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-491.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-492.wml b/danish/security/2004/dsa-492.wml deleted file mode 100644 index 18456d38d4e..00000000000 --- a/danish/security/2004/dsa-492.wml +++ /dev/null @@ -1,19 +0,0 @@ -lammelsesangreb - -

Herbert Xu rapporterer at lokale brugere kunne forårsage et lammelsesangreb -mod iproute, et sæt værktøjer til netværkskontrol i Linux-kerner. iproute -anvender netlink-grænsefladen til at kommunikere med kernen, men fik ikke -kontrolleret om modtagne meddelelser kom fra kernen (fremfor andre -bruger-processer).

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 20010824-8woody1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din iproute-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-492.data" -#use wml::debian::translation-check translation="e136c07d60b1dc9d8bfc53515faa156e45713880" mindelta="1" diff --git a/danish/security/2004/dsa-493.wml b/danish/security/2004/dsa-493.wml deleted file mode 100644 index cd6e23c4aa7..00000000000 --- a/danish/security/2004/dsa-493.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Der er opdaget et bufferoverløb i Socks-5-proxykoden i XChat, an IRC-klient -til X som ligner AmIRC. Dette gør det muligt for en angriber at udføre -vilkårlig kode på brugerens maskine.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.8.9-0woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.8-1.

- -

Vi anbefaler at du opgraderer dine xchat- og relaterede pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-493.data" -#use wml::debian::translation-check translation="b42cb47116246fd5b87f6cbaf0c65d0e0db968a1" mindelta="1" diff --git a/danish/security/2004/dsa-494.wml b/danish/security/2004/dsa-494.wml deleted file mode 100644 index 1eb8fc7b927..00000000000 --- a/danish/security/2004/dsa-494.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Jack <> har opdaget et bufferoverløb i ident2, en -implementation af ident-protokollen (RFC1413), hvor en buffer funktionen -child_service var en smule for lille til at indeholde alle de data, som kunne -blive skrevet til den. Denne sårbarhed kunne udnyttes af en fjern angriber til -at udføre vilkårlig kode med rettighederne hørende til ident2-dæmonen (som -standard brugeren "identd").

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 1.03-3woody1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din ident2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-494.data" -#use wml::debian::translation-check translation="1ad496a0500260fa09d2dd941bf718707dec4ed6" mindelta="1" diff --git a/danish/security/2004/dsa-495.wml b/danish/security/2004/dsa-495.wml deleted file mode 100644 index b4c794d0d0b..00000000000 --- a/danish/security/2004/dsa-495.wml +++ /dev/null @@ -1,105 +0,0 @@ -flere sårbarheder - -

Flere alvorlige problemer er opdaget i Linux-kernen. Denne opdatering -dækker Linux 2.4.16 til ARM-arkitekturen. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer som -vil blive rettet i forbindelse med denne opdatering:

- -
    - -
  • \ - CAN-2003-0127 - -

    Kernemodulhenteren tillader lokale brugere at opnå root-rettigheder ved - at anvende ptrace til at hægte sig på en childprocess som er startet fra - kernen.

    • - -
  • \ - CAN-2004-0003 - -

    En sårbarhed er opdaget i R128 DRI-driver i Linux-kernen, hvilket potentielt - kunne føre til at en angriber kunne opnå uautoriserede rettigheder. Alan - Cox og Thomas Biege har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0010 - -

    Arjan van de Ven har opdaget et stak-baseret bufferoverløb i funktionen - ncp_lookup til ncpfs i Linux-kernen, hvilket kunne føre til at en angriber - kunne opnå uautoriserede rettigheder. Petr Vandrovec har udviklet en - rettelse til dette problem.

    • - -
  • \ - CAN-2004-0109 - -

    zen-parse har opdaget en bufferoverløbssårbarhed i - ISO9660-filsystemkomponenten i Linux-kernen, hvilket kunne misbruges af en - angriber til at opnå uautoriseret root-adgang. Sebastian Krahmer og Ernie - Petrides har udviklet en rettelse til dette problem.

    • - -
  • \ - CAN-2004-0177 - -

    Solar Designer har opdaget en informationslækage i ext3-koden i Linux. - I værste fald kunne en angriber læse følsomme oplysninger såsom - krypografiske nøgler, der ellers aldrig ville komme i berører med - disk-baserede medier. Theodore Ts'o har udviklet en rettelse til dette - problem.

    • - -
  • \ - CAN-2004-0178 - -

    Andreas Kies har opdaget et lammelsesangreb-risiko i Sound - Blaster-driveren i Linux. Han udviklede også en rettelse.

    • - -
- -

Disse problemer vil også blive rettet af opstrøm i Linux 2.4.26 og -vil være rettet i 2.6.6.

- -

Følgende sikkerhedsmatrix forklarer hvilke kerneversioner til hvilke -arkitekturer, som allerede er rettet og hvilke der i stedet vil blive -fjernet.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Arkitekturstabil (woody)ustabil (sid)
kildekode2.4.16-1woody22.4.25-3
arm/patch2004041920040316
arm/lart200404192.4.25-4
arm/netwinder200404192.4.25-4
arm/riscpc200404192.4.25-4
- -

Vi anbefaler at du omgående opgraderer dine kernel-pakker, enten med en -kerne leveret af Debian eller med en hjemmeoversat kerne.

- -

Sårbarhedsmatrix for CAN-2004-0109.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-495.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-496.wml b/danish/security/2004/dsa-496.wml deleted file mode 100644 index caddee1c2ca..00000000000 --- a/danish/security/2004/dsa-496.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

H.D. Moore har opdaget flere sikkerhedsproblemer i terminalemulatoren, et -af problemerne gælder escape-koder som fortolkes af terminalemulatoren. Dette -kunne udnyttes af en angriber til at indsætte ondsindede kommandoer skjult for -brugeren, der skal trykke på enter-tasten for at forsætte, hvilket også udførte -de skjulte kommandoer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.9.2-0pre2002042903.3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.2-6.

- -

Vi anbefaler at du opgraderer din eterm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-496.data" -#use wml::debian::translation-check translation="75232755915a97a2fdf3cce209244f91c56788e4" mindelta="1" diff --git a/danish/security/2004/dsa-497.wml b/danish/security/2004/dsa-497.wml deleted file mode 100644 index c84e5e5d3fb..00000000000 --- a/danish/security/2004/dsa-497.wml +++ /dev/null @@ -1,24 +0,0 @@ -flere sårbarheder - -

Jacub Jelinek har opdaget flere sårbarheder i Midnight Commander, et -avanceret filhåndteringsprogram til GNU/Linux-systemer. Problemerne er -klassificeret således:

- -

\ -CAN-2004-0226 Bufferoverløb
-\ -CAN-2004-0231 Usikker oprettelse af midlertidig fil og mappe
-\ -CAN-2004-0232 Formatstreng-problemer

- -

I den stabile distribution (woody) er dette problem rettet i -version 4.5.55-1.2woody3.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine mc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-497.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-498.wml b/danish/security/2004/dsa-498.wml deleted file mode 100644 index 1ff8e79ec64..00000000000 --- a/danish/security/2004/dsa-498.wml +++ /dev/null @@ -1,47 +0,0 @@ -adgang udenfor grænser - -

Steve Grubb har opdaget et problem i Portable Network Graphics-biblioteket -libpng, der anvendes af flere programmer. Når et defekt PNG-billede behandles, -tilgår fejlhåndteringsrutinen hukommelse som ligger udenfor grænserne, når den -skal oprette en fejlmeddelelse. Afhægigt af hardwarearkitekturen, -grænsekontrol og andre beskyttelsesforanstaltninger, kunne dette problem få -programmet til at gå ned hvis en defekt eller med overlæg defekt PNG-billedfil -håndteres af libpng.

- -

Dette kunne anvendes til et lammelsesangreb mod forskellige programmer som -linker mod biblioteket. Følgende kommandoer viser hvilke pakker som anvender -dette bibliotek og hvis programmer formentlig skal genstartes efter libpng er -blevet opgraderet:

- -
-   apt-cache showpkg libpng2
-   apt-cache showpkg libpng3
-
- -

Følgende sikkerhedsmatrix beskriver hvilke pakkeverioner der indeholder en -rettelse.

- - - - - - - - - - - - - - - - - -
Pakkestabil (woody)ustabil (sid)
libpng1.0.12-3.woody.51.0.15-5
libpng31.2.1-1.1.woody.51.2.5.0-6
- -

Vi anbefaler at du opgraderer dine libpng- og relaterede pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-498.data" -#use wml::debian::translation-check translation="0e9e17e8f85b22b30ad4a06b2e793e3305ce2374" mindelta="1" diff --git a/danish/security/2004/dsa-499.wml b/danish/security/2004/dsa-499.wml deleted file mode 100644 index 1914ebe39a3..00000000000 --- a/danish/security/2004/dsa-499.wml +++ /dev/null @@ -1,19 +0,0 @@ -mappe-gennemløb - -

En sårbarhed er opdaget i rsync, et filoverførselsprogram, hvorved en -fjernbruger kunne få en rsync-dæmon til at skrive filer udenfor korrekte -mappes træstruktur. Denne sårbarhed kan ikke udnyttes når dæmonen er opsat -med 'chroot'-indstillingen.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 2.5.5-0.5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.6.1-1.

- -

Vi anbefaler at du opdaterer din rsync-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-499.data" -#use wml::debian::translation-check translation="6eed95190dfcaa10a94d1fd54ddff793765ff467" mindelta="1" diff --git a/danish/security/2004/dsa-500.wml b/danish/security/2004/dsa-500.wml deleted file mode 100644 index c4e7f6fa085..00000000000 --- a/danish/security/2004/dsa-500.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikker midlertidig fil - -

Tatsuya Kinoshita har opdaget en sårbarhed i flim, et emacs-bibliotek til -bearbejdning af Internet-meddelelser, hvor midlertidige filer blev oprettet -uden at tage nødvendige sikkerhedsforanstaltninger. Denne sårbarhed kunne -potentielt udnyttes af en lokal bruger til at overskrive filer med -rettighederne hørende til den bruger, der kører emacs.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 1.14.3-9woody1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din flim-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-500.data" -#use wml::debian::translation-check translation="e86d24308a145243a2bf529dc4830ba36839bc14" mindelta="1" diff --git a/danish/security/2004/dsa-501.wml b/danish/security/2004/dsa-501.wml deleted file mode 100644 index a16d24a2b76..00000000000 --- a/danish/security/2004/dsa-501.wml +++ /dev/null @@ -1,36 +0,0 @@ -bufferoverløb - -

Georgi Guninski har opdaget to stakbaserede bufferoverløb. De kan dog ikke -udnyttes med standardopsætningen fra Debian-systemet. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer, som er -rettet i forbindelse med denne opdatering:

- -
    - -
  • \ - CAN-2004-0399 - -

    Når "sender_verify = true" er opsat i exim.conf kan et bufferoverløb - opstå under kontrollen af afsenderen. Dette problem er rettet i exim - 4.

    - -
  • \ - CAN-2004-0400 - -

    Når headers_check_syntax er opsat i exim.conf kan et bufferoverløb opstå - under header-kontrollen. Dette problem findes også i exim 4.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 3.35-1woody3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.36-11 til exim 3 og i version 4.33-1 til exim 4.

- -

Vi anbefaler at du opgraderer din exim-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-501.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-502.wml b/danish/security/2004/dsa-502.wml deleted file mode 100644 index 7d1d15ab525..00000000000 --- a/danish/security/2004/dsa-502.wml +++ /dev/null @@ -1,39 +0,0 @@ -bufferoverløb - -

Georgi Guninski har opdaget to stakbaserede bufferoverløb i exim og -exim-tls. De kan dog ikke udnyttes med standardopsætningen fra -Debian-systemet. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer, som er rettet i forbindelse med denne -opdatering:

- -
    - -
  • \ - CAN-2004-0399 - -

    Når "sender_verify = true" er opsat i exim.conf kan et bufferoverløb - opstå under kontrollen af afsenderen. Dette problem er rettet i exim - 4.

    • - -
  • \ - CAN-2004-0400 - -

    Når headers_check_syntax er opsat i exim.conf kan et bufferoverløb opstå - under header-kontrollen. Dette problem findes også i exim 4.

    • - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 3.35-3woody2.

- -

Den ustabile distribution (sid) indenholder ikke længere exim-tls. -Funktionaliteten er overført til de primære udgaver af exim, hvor disse -problemer er rettet i version 3.36-11 til exim 3 og i version 4.33-1 til -exim 4.

- -

Vi anbefaler at du opgraderer din exim-tls-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-502.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-503.wml b/danish/security/2004/dsa-503.wml deleted file mode 100644 index f453477394e..00000000000 --- a/danish/security/2004/dsa-503.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af parametre - -

Et problem er opdaget i mah-jong, en variant af det originale Mah-Jong-spil, -som kan udnyttes til at få spilserveren til at gå ned efter at have refereret -til en NULL-pointer. Denne fejl kan udnyttes af alle klienter som forbinder -sig til mah-jong-serveren.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.4-3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.6.2-1.

- -

Vi anbefaler at du opgraderer din mah-jong-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-503.data" -#use wml::debian::translation-check translation="57e4fd54da53f286914738770919d0368c9fd7b2" mindelta="1" diff --git a/danish/security/2004/dsa-504.wml b/danish/security/2004/dsa-504.wml deleted file mode 100644 index d1ab29b80eb..00000000000 --- a/danish/security/2004/dsa-504.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Evgeny Demidov har opdaget et potentielt bufferoverløb i en Kerberos -4-komponent i heimdal, en fri implementering af Kerberos 5. Problemet findes i -kadmind, en server til administrativ adgang til Kerberos-databasen. Dette -problem kunne måske udnyttes til at få en dæmon til at læse en negativ mængde -data, hvilket kunne føre til uventet opførsel.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.4e-7.woody.9.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.6.2-1.

- -

Vi anbefaler at du opgraderer dine heimdal- og relaterede pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-504.data" -#use wml::debian::translation-check translation="15b943442abaaff118af5edc3bbeb2aac5cc21f3" mindelta="1" diff --git a/danish/security/2004/dsa-505.wml b/danish/security/2004/dsa-505.wml deleted file mode 100644 index 8c2669e7224..00000000000 --- a/danish/security/2004/dsa-505.wml +++ /dev/null @@ -1,19 +0,0 @@ -heap-overløb - -

Stefan Esser har opdaget et heap-overløb i CVS-serveren, der driver det -populære Concurrent Versions System. Misdannede "Entry"-linier i kombination -med Is-modified og Unchanged kan anvendes til at få malloc()eret hukommelse til -at løbe over. Dette har vist sig at kunne udnyttes.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.11.1p1debian-9woody4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.12.5-6.

- -

Vi anbefaler at du omgående opgraderer din cvs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-505.data" -#use wml::debian::translation-check translation="95efaafad9736d325a539102a149f4aff09f72e1" mindelta="1" diff --git a/danish/security/2004/dsa-506.wml b/danish/security/2004/dsa-506.wml deleted file mode 100644 index 39c3626f7b1..00000000000 --- a/danish/security/2004/dsa-506.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Stefan Esser har opdaget et problem i neon, et HTTP- og -WebDAV-klientbibliotek. Brugerleverede data kopieres til variable der ikke er -store nok i alle situationer. Dette kan medføre at en statisk heap-variabel -løber over.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.19.3-2woody5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.23.9.dfsg-2 and neon_0.24.6.dfsg-1.

- -

Vi anbefaler at du opgraderer dine libneon*-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-506.data" -#use wml::debian::translation-check translation="670cb0b32537eae2091768fd5b015c576b27e561" mindelta="1" diff --git a/danish/security/2004/dsa-507.wml b/danish/security/2004/dsa-507.wml deleted file mode 100644 index ceb4cb359ad..00000000000 --- a/danish/security/2004/dsa-507.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Stefan Esser har opdaget et problem i neon, et HTTP- og -WebDAV-klientbibliotek, fejlen findes også i cadaver, en kommandolinieklient -til WebDAV-serveren. Brugerangivne data kopieres til variable som ikke er -store nok i alle situationer. Dette kan føre til at en statisk heap-variabel -løber over.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.18.0-1woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.22.1-3.

- -

Vi anbefaler at du opgraderer din cadaver-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-507.data" -#use wml::debian::translation-check translation="47dc7f978bbae572959a4cf3d5f9bb398ca4a0d5" mindelta="1" diff --git a/danish/security/2004/dsa-508.wml b/danish/security/2004/dsa-508.wml deleted file mode 100644 index a203843090a..00000000000 --- a/danish/security/2004/dsa-508.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Jaguar har opdaget discovered en sårbarhed i en komponent til xpcd, et -program til PhotoCD-visning. xpcd-svga, en del af xpcd som anvender svgalib -til visning af grafik på konsollen, kopierede brugerangivne data af vilkårlig -længde ind i en fastlængde-buffer i funktionen pcd_open.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 2.08-8woody2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din xpcd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-508.data" -#use wml::debian::translation-check translation="89500d61e57dbcb237a8b38bf42a960cd74ef2fd" mindelta="1" diff --git a/danish/security/2004/dsa-509.wml b/danish/security/2004/dsa-509.wml deleted file mode 100644 index 2f87a0400cf..00000000000 --- a/danish/security/2004/dsa-509.wml +++ /dev/null @@ -1,28 +0,0 @@ -rettighedsforøgelse - -

Steve Kemp har opdaget en sårbarhed i xatitv, et af programmerne i pakken -gatos, der anvendes til at vise grafik på visse ATI-grafikkort.

- -

xatitv installeres setuid root for at opnå direkte adgang til -grafikhardwaren. Normalt smides root-rettighederne væk, når programmet med -succes har initialiseret sig selv. Men hvis initialiseringen ikke lykkes på -grund af en manglende opsætningsfil, smides root-rettighederne ikke væk og -xatitv udfører a system(3)-funktion for at starte sit opsætningsprogram, uden -at kontrollere brugerangivne miljøvariable.

- -

Ved udnyttelse af denne sårbarhed, kunne en lokal bruger opnå -root-rettigheder hvis opsætningsfilen ikke fandtes. En standardopsætningsfil -leveres dog med pakken, hvorfor denne sårbarhed ikke kan udnyttes med mindre -administratoren har fjernet filen.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 0.0.5-6woody1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din gatos-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-509.data" -#use wml::debian::translation-check translation="5538d3c48210bed050c6a7d23dc8e0866467781d" mindelta="1" diff --git a/danish/security/2004/dsa-510.wml b/danish/security/2004/dsa-510.wml deleted file mode 100644 index 0fabf3c3fab..00000000000 --- a/danish/security/2004/dsa-510.wml +++ /dev/null @@ -1,22 +0,0 @@ -formatstreng - -

jaguar@felinemenace.org har opdaget en sårbarhed i jftpgw, et -ftp-proxyprogram, hvorved en fjernbruger potentielt kunne forårsage at -vilkårlig kode blev udført med jftpgw-serverprocessens rettigheder. Som -standard kører serveren som brugeren "nobody".

- -

\ -CAN-2004-0448: formatstrengssårbarhed via syslog(3) i log()-funktionen.

- -

I den nuværende stabile distribution (woody) er dette problem -rettet i version 0.13.1-1woody1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.13.4-1.

- -

Vi anbefaler at du opdaterer din jftpgw-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-510.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-511.wml b/danish/security/2004/dsa-511.wml deleted file mode 100644 index 2a38d781699..00000000000 --- a/danish/security/2004/dsa-511.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb - -

Flere bufferoverløbs-sårbarheder er opdaget i ethereal, et program til -analysering af netværkstrafik. Disse sårbarheder er beskrevet i -ethereal-bulletinen "enpa-sa-00013". Blandt disse påvirker kun dele af -\ -CAN-2004-0176 versionen af ethereal i Debian "woody". -\ -CAN-2004-0367 og -\ -CAN-2004-0365 gælder ikke denne version.

- -

I den nuværende stabile distribution (woody), er disse problemer -rettet i version 0.9.4-1woody7.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.10.3-1.

- -

Vi anbefaler at du opdaterer din ethereal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-511.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-512.wml b/danish/security/2004/dsa-512.wml deleted file mode 100644 index 173264e6c9f..00000000000 --- a/danish/security/2004/dsa-512.wml +++ /dev/null @@ -1,19 +0,0 @@ -ikke-autentificeret adgang - -

En sårbarhed er opdaget i gallery, et webbaseret fotoalbum skrevet i php, -hvor en fjernangriber kunne opnå adgang til gallerys "admin"-bruger uden -korrekt autentifikation. Ved udgivelsen af dette bulletin fandtes der ikke en -CVE-kandidat vedrørende sårbarheden.

- -

I den nuværende stabile distribution (woody), er disse problemer -rettet i version 1.2.5-8woody2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.4.3-pl2-1.

- -

Vi anbefaler at du opdaterer din gallery-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-512.data" -#use wml::debian::translation-check translation="e113a63d9598cf6d9c66ab1b6125ddcd0374dc50" mindelta="1" diff --git a/danish/security/2004/dsa-513.wml b/danish/security/2004/dsa-513.wml deleted file mode 100644 index b16a6653ae6..00000000000 --- a/danish/security/2004/dsa-513.wml +++ /dev/null @@ -1,24 +0,0 @@ -formatstreng - -

jaguar@felinemenace.org har opdaget en formatstrengssårbarhed i log2mail, -hvorved en bruger der har mulighed for at logge en særligt fremstillet -meddelelse til en logfil overvåget af log2mail (eksempelvis via syslog), kunne -forårsage at vilkårlig kode blev udført med log2mail-processens rettigheder. -Som standard kører denne proces som brugeren "log2mail", som er medlem af -gruppen "adm" (der har adgang til at læse systemlogfiler).

- -

\ -CAN-2004-0450: log2mail-formatstrengssårbarhed via syslog(3) i -printlog()

- -

I den nuværende stabile distribution (woody), er dette problem -rettet i version 0.2.5.2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din log2mail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-513.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-514.wml b/danish/security/2004/dsa-514.wml deleted file mode 100644 index e18b8fe87ae..00000000000 --- a/danish/security/2004/dsa-514.wml +++ /dev/null @@ -1,28 +0,0 @@ -fejlende funktion og TLB-tømning - -

Paul Starzetz og Wojciech Purczynski fra isec.pl har opdaget en kritisk -sikkerhedssårbarhed i hukommelseshåndteringskoden i Linux i systemkaldet -mremap(2). På grund for tidlig tømning af TLB'en (Translation -Lookaside Buffer, et adressemellemlager) er det muligt for en angriber at -iværksætte en lokal root-udnyttelse.

- -

Angrebsparametrene gælder dog kun kerneserierne 2.4.x og 2.2.x. Før troede -vi at den udnytbare sårbarhed i 2.4.x ikke fandtes i 2.2.x, hvilket stadig er -korrekt. Dog har det vist sig at en anden men tilsvarende sårbarhed (eller -noget i den retning) faktisk kan udnyttes i 2.2.x, men ikke i 2.4.x.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 9woody1 af Linux 2.2-kernel-image-pakkerne til sparc-arkitekturen og i -version 2.2.20-5woody3 af Linux 2.2.20-kildekoden.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 9.1 af Linux 2.2-kernel-image-pakkerne til sparc-arkitekturen.

- -

Dette problem er allerede rettet for andre arkitekturer.

- -

Vi anbefaler at du opgraderer din Linux kernel-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-514.data" -#use wml::debian::translation-check translation="a577c58298377966964384b233c404993f3d5575" mindelta="1" diff --git a/danish/security/2004/dsa-515.wml b/danish/security/2004/dsa-515.wml deleted file mode 100644 index 95637898aba..00000000000 --- a/danish/security/2004/dsa-515.wml +++ /dev/null @@ -1,32 +0,0 @@ -flere sårbarheder - -

To sårbarheder er opdaget i lha:

- -
    -
  • \ - CAN-2004-0234 - Flere stakbaserede bufferoverløb i LHA 1.14s funktion - get_header i filen header.c gør det muligt for fjernangribere eller lokale - brugere at udføre vilkårlig kode via lange mappe- eller filnavne i et - LHA-arkiv, hvilket udløser overløbet når arkivet testes eller - udpakkes.
    • - -
  • \ - CAN-2004-0235 - Flere mappegennemløbssårbarheder i LHA 1.14 gør det - muligt for fjernangribere eller lokale brugere at oprette vilkårlige filer - via et LHA-arkiv indeholdende filnavne med 1) .. sekvenser eller 2) - absolutte stinavne med dobbelt indledende skråstreger - ("//absolut/sti").
    • -
- -

I den nuværende stabile distribution (woody), er disse problemer -rettet i version 1.14i-2woody1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.14i-8.

- -

Vi anbefaler at du opdaterer din lha-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-515.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-516.wml b/danish/security/2004/dsa-516.wml deleted file mode 100644 index 66677a4ed97..00000000000 --- a/danish/security/2004/dsa-516.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i ODBC-styreprogrammet til PostgreSQL, en -SQL-database med objektrelationer og en efterkommer til POSTGRES. Det er -muligt at udnytte dette problem og få det omgivende program til at gå ned. -Derfor kan et PHP-skript som anvender php4-odbc benyttes til at få den -omgivende Apache-webserver til at gå ned. Andre dele af postgresql er ikke -påvirkede.

- -

I den stabile distribution (woody) er dette problem rettet i -version 7.2.1-2woody5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 07.03.0200-3.

- -

Vi anbefaler at du opgraderer din postgresql- og relaterede pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-516.data" -#use wml::debian::translation-check translation="5c64781b1121766b4e6cb6ac9cf16b7d3a4babcf" mindelta="1" diff --git a/danish/security/2004/dsa-517.wml b/danish/security/2004/dsa-517.wml deleted file mode 100644 index b9bff538331..00000000000 --- a/danish/security/2004/dsa-517.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Derek Robert Price har opdaget en potentiel bufferoverløbssårbarhed i -CVS-serveren (det populære Concurrent Versions System), baseret på et misdannet -"Entry".

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.11.1p1debian-9woody6.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.12.9-1.

- -

Vi anbefaler at du opgraderer din cvs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-517.data" -#use wml::debian::translation-check translation="0be581098845e603cfe91e9bafa387959e8c2c9c" mindelta="1" diff --git a/danish/security/2004/dsa-518.wml b/danish/security/2004/dsa-518.wml deleted file mode 100644 index fb9ec9814de..00000000000 --- a/danish/security/2004/dsa-518.wml +++ /dev/null @@ -1,22 +0,0 @@ -uverificerede inddata - -

iDEFENSE har fundet frem til en sårbarhed i webbrowseren Opera, denne -sårbarhed kunne anvendes af fjernangribere til at oprette eller overskrive -vilkårlige filer på offerets maskine. KDE-teamet har opdaget at en lignende -\ -sårbarhed findes i KDE.

- -

En fjernangriber kunne lokke en bruger til at åbne en ophyggeligt -fremstillet telnet-URI, der enten kunne oprette eller overskrive en fil i -offerets home-mappe. I KDE 3.2 og senere versioner, bedes brugeren først -eksplicit om at bekræfte åbningen af telnet-URI'en.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.2.2-13.woody.10.

- -

Vi anbefaler at du opgraderer dine KDE-biblioteker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-518.data" -#use wml::debian::translation-check translation="f72ecb05af157932762ce3147d679c2c66050dad" mindelta="1" diff --git a/danish/security/2004/dsa-519.wml b/danish/security/2004/dsa-519.wml deleted file mode 100644 index 209f4b943ba..00000000000 --- a/danish/security/2004/dsa-519.wml +++ /dev/null @@ -1,29 +0,0 @@ -flere sårbarheder - -

Sebastian Krahmer og Stefan Esser har opdaget flere sårbarheder i -CVS-serveren, det populære Concurrent Versions System. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- - - -

I den stabile distribution (woody) er dette problem rettet i -version 1.11.1p1debian-9woody7.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.12.9-1.

- -

Vi anbefaler at du opgraderer din cvs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-519.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-520.wml b/danish/security/2004/dsa-520.wml deleted file mode 100644 index 66716c45d7e..00000000000 --- a/danish/security/2004/dsa-520.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

I bulletinen MITKRB5-SA-2004-001 annoncerede MIT Kerberos at der er fundet -bufferoverløbs-sårbarheder i funktionen krb5_aname_to_localname. Denne funktion -anvendes kun hvis aname_to_localname er slået til i opsætningen (hvilket ikke -er tilfældet i standardopsætningen).

- -

I den nuværende stabile distribution (woody), er dette problem -rettet i version 1.2.4-5woody5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3.3-2.

- -

Vi anbefaler at du opdaterer din krb5-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-520.data" -#use wml::debian::translation-check translation="e26ee9a148d996af0d23da704f38d79480f3028b" mindelta="1" diff --git a/danish/security/2004/dsa-521.wml b/danish/security/2004/dsa-521.wml deleted file mode 100644 index 0d98fef607a..00000000000 --- a/danish/security/2004/dsa-521.wml +++ /dev/null @@ -1,23 +0,0 @@ -formatstrengssårbarhed - -

har opdaget en formatstrengssårbarhed i sup, -et sæt programmer til synkronisering af filer på tværs af et antal maskiner, -hvorved en fjernangriber potentielt kunne forårsage at vilkårlig kode blev -udført med rettighederne hørende til supfilesrv-processen (denne proces kører -som standard ikke automatisk).

- -

\ -CAN-2004-0451: formatstrengssårbarheder i sup via syslog(3) i funktionerne -logquit, logerr og loginfo

- -

I den nuværende stabile distribution (woody), er dette problem -rettet i version 1.8-8woody2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din sup-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-521.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-522.wml b/danish/security/2004/dsa-522.wml deleted file mode 100644 index 443347f4022..00000000000 --- a/danish/security/2004/dsa-522.wml +++ /dev/null @@ -1,19 +0,0 @@ -formatstrengssårbarhed - -

Max Vozeler har opdaget en formatstrengssårbarhed i super, et program der -tillader angivne brugere at udføre kommandoer med root-rettigheder. Denne -sårbarhed kunne potentielt udnytte af en lokal bruger, til at udføre vilkårlig -kode med root-rettigheder.

- -

I den nuværende stabile distribution (woody), er dette problem -rettet i version 3.16.1-1.2.

- -

I den ustabile distribution (sid), er dette problem rettet -i version 3.23.0-1.

- -

Vi anbefaler at du opdaterer din super-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-522.data" -#use wml::debian::translation-check translation="adac8c6d64fbffb33a62a73454a133c208c9c483" mindelta="1" diff --git a/danish/security/2004/dsa-523.wml b/danish/security/2004/dsa-523.wml deleted file mode 100644 index e22a9448a74..00000000000 --- a/danish/security/2004/dsa-523.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Ulf Härnhammar har opdaget en bufferoverløbssårbarhed www-sql, et -CGI-program der gør det muligt at fremstille dynamiske websider ved at -indlejre SQL-kommandoer i HTML. Ved udnyttelse af denne sårbarhed, kunne en -lokal bruger forårsage udførelsen af vilkårlig kode ved at oprette en webside -og lade den behandle af www-sql.

- -

I den nuværende stabile distribution (woody), er dette problem -rettet i version 0.5.7-17woody1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din www-sql-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-523.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2004/dsa-524.wml b/danish/security/2004/dsa-524.wml deleted file mode 100644 index a00b3b1fa5a..00000000000 --- a/danish/security/2004/dsa-524.wml +++ /dev/null @@ -1,27 +0,0 @@ -flere sårbarheder - -

har opdaget en formatstrengssårbarhed i -rlpr, et værktøj til lpd-udskrivning uden anvendelse af /etc/printcap. Mens -denne sårbarhed blev undersøgt, blev der også opdaget et bufferoverløb i -relateret kode. Ved udnyttelse af en af disse særbarheder, kunne en lokal -eller fjern bruger potentielt forårsage af vilkårlig kode enten blev udført med -rettighederne hørende til rlprd-processen (fjernt) eller root (lokalt).

- -

\ -CAN-2004-0393: formatstrengssårbarhed via syslog(3) i funktionen msg() i -rlpr

- -

\ -CAN-2004-0454: bufferoverløb i funktionen msg() i rlpr

- -

I den nuværende stabile distribution (woody), er dette problem -rettet i version 2.02-7woody1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din rlpr-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-524.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-525.wml b/danish/security/2004/dsa-525.wml deleted file mode 100644 index e0fdf00c264..00000000000 --- a/danish/security/2004/dsa-525.wml +++ /dev/null @@ -1,26 +0,0 @@ -bufferoverløb - -

Georgi Guninski har opdaget en bufferoverløbsfejl i Apaches mod_proxy-modul, -hvorved en fjern bruger potentielt kunne forårsage at vilkårlig kode blev -udført med rettighederne hørerende til en af Apaches httpd-childprocesser (som -standard brugeren www-data). Bemærk at denne fejl kun kan udnyttes hvis -modulet mod_proxy anvendes.

- -

Bemærk at denne fejl findes i et modul i pakken apache-common, som er fælles -for apache, apache-ssl og apache-perl, hvorfor denne opdatering er -tilstrækkelig til at rette fejlen for alle tre udgaver af Apache httpd. Dog -vil httpd ikke automatisk blive genstartet på systemer som anvender apache-ssl -eller apache-perl.

- -

I den nuværende stabile distribution (woody), er dette problem -rettet i version 1.3.26-0woody5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3.31-2.

- -

Vi anbefaler at du opdaterer din apache-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-525.data" -#use wml::debian::translation-check translation="3c3fcf60e38a849c94c76c44581b43304ef40513" mindelta="1" diff --git a/danish/security/2004/dsa-526.wml b/danish/security/2004/dsa-526.wml deleted file mode 100644 index cadb4cc94ec..00000000000 --- a/danish/security/2004/dsa-526.wml +++ /dev/null @@ -1,27 +0,0 @@ -flere sårbarheder - -

To sårbarheder er opdaget i webmin:

- -

\ - CAN-2004-0582: Ukendt sårbarhed i Webmin 1.140 gør det muligt for - fjernangribere at omgå adgangskontrolregler og opnå læseadgang til et moduls - opsætningsoplysninger.

- -

\ - CAN-2004-0583: Kontoudelukkelsesfunktionen i (1) Webmin 1.140 og (2) - Usermin 1.070 fortolker ikke visse strenge, hvilket gør det muligt for - fjernangribere at udføre et rå mags-angreb for at gætte brugerid'er og - -adgangskoder.

- -

I den nuværende stabile distribution (woody), er disse problemer -rettet i version 0.94-7woody2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.150-1.

- -

Vi anbefaler at du opdaterer din webmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-526.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-527.wml b/danish/security/2004/dsa-527.wml deleted file mode 100644 index 2f736288ee2..00000000000 --- a/danish/security/2004/dsa-527.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Ulf Härnhammar har opdaget en sårbarhed i pavuk, et filhentningsprogram, -hvorved et for stort HTTP 305-svar sendt af en ondsindet server kunne forårsage -at vilkårlig kode blev udført med rettighederne hørende til -pavuk-processen.

- -

I den nuværende stabile distribution (woody), er dette problem -rettet i version 0.9pl28-1woody1.

- -

pavuk findes ikke længere i Debians ustabile distribution.

- -

Vi anbefaler at du opdaterer din pavuk-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-527.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2004/dsa-528.wml b/danish/security/2004/dsa-528.wml deleted file mode 100644 index 97020091392..00000000000 --- a/danish/security/2004/dsa-528.wml +++ /dev/null @@ -1,22 +0,0 @@ -overbelastningsangreb - -

Flere overbelastningsangrebs-sårbarheder er opdaget i ethereal, et program -til analysering af netværkstrafik. Disse sårbarheder er beskrevet i ethereal -bulletin benævnt "enpa-sa-00015". Blandt disse påvirker kun et -(\ -CAN-2004-0635) versionen af ethereal i Debian-woody. Denne sårbarhed kunne -udnyttes af en fjernangriber til at få ethereal til at gå ned med, ved hjælp af -en ugyldig SNMP-pakke.

- -

I den nuværende stabile distribution (woody), er disse problemer -rettet i version 0.9.4-1woody8.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.10.5-1.

- -

Vi anbefaler at du opdaterer din ethereal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-528.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-529.wml b/danish/security/2004/dsa-529.wml deleted file mode 100644 index 5da53792856..00000000000 --- a/danish/security/2004/dsa-529.wml +++ /dev/null @@ -1,19 +0,0 @@ -formatstreng - -

"b0f" har opdaget en formatstrengssårbarhed i netkit-telnet-ssl hvilket -potentielt kunne gøre det muligt for en fjernangriber at forårsage udførelsen -af vilkårlig kode med rettighederne hørende til telnet-dæmonen (som standard -brugeren "telnetd").

- -

I den nuværende stabile distribution (woody), er dette problem -rettet i version 0.17.17+0.1-2woody1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.17.24+0.1-2.

- -

Vi anbefaler at du opdaterer din netkit-telnet-ssl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-529.data" -#use wml::debian::translation-check translation="935f444eb2d766c9cb6c477ab4fe134ce40ba5b9" mindelta="1" diff --git a/danish/security/2004/dsa-530.wml b/danish/security/2004/dsa-530.wml deleted file mode 100644 index c3da49f4c4e..00000000000 --- a/danish/security/2004/dsa-530.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Thomas Walpuski har rapporteret et bufferoverløb i l2tpd, en implementering -af lag 2-tunnelprotokollen, hvorved en fjernangriber potentielt kunne forårsage -et vilkårlig kode blev udført ved at overføre en særligt fremstillet pakke. -Udnytbarheden af denne sårbarhed er ikke blevet verificeret.

- -

I den nuværende stabile distribution (woody), er dette problem -rettet i version 0.67-1.2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.70-pre20031121-2.

- -

Vi anbefaler at du opdaterer din l2tpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-530.data" -#use wml::debian::translation-check translation="63b5a004f25ebeae9d69ce9bff3025355c4e3991" mindelta="1" diff --git a/danish/security/2004/dsa-531.wml b/danish/security/2004/dsa-531.wml deleted file mode 100644 index 36aa4200055..00000000000 --- a/danish/security/2004/dsa-531.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

To sårbarheder er opdaget i php4:

- -
    - -
  • \ - CAN-2004-0594 -

    memory_limit-funktionaliteten i PHP 4.x op til 4.3.7 og 5.x op til - 5.0.0RC3, under visse betingelser såsom når register_globals er slået til, - gør det muligt for fjernangribere at udføre vilkårlig kode ved at udløse en - memory_limit-afbrydelse under udførelsen af funktionen zend_hash_init og - overskrive en HashTable-destructorpointer før initialiseringen af - nøgledatastrukturer er udført.

    - -
  • \ - CAN-2004-0595 -

    Funktionen strip_tags i PHP 4.x op til 4.3.7 og 5.x op til 5.0.0RC3, - filtrerer ikke null-tegn (\0) i tag-navne når inddata i tilladet navne - begrænses, hvilket gør at farlige tags bliver behandlet af webbrowsere såsom - Internet Explorer og Safari, som ignorerer null-tegn og dermed muliggør - udnyttelse af sårbarheder på tværs af websteder.

    - -
- -

I den nuværende stabile distribution (woody), er disse problemer -rettet i version 4.1.2-7.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4:4.3.8-1.

- -

Vi anbefaler at du opdaterer din php4-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-531.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-532.wml b/danish/security/2004/dsa-532.wml deleted file mode 100644 index a4bc14226c0..00000000000 --- a/danish/security/2004/dsa-532.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Der er opdaget to sårbarheder i libapache-mod-ssl:

- -
    - -
  • \ - CAN-2004-0488 -

    Stak-baseret bufferoverløb i funktionen ssl_util_uuencode_binary i - ssl_util.c til Apache mod_ssl, når mod_ssl er opsat til at stole på det - udstedende CA, kan fjernangribere få mulighed for at udføre vilkårlig kode - via et klientcertifikat med et lang subject-DN.

    - -
  • \ - CAN-2004-0700 -

    Formatstrengs-sårbarhed i funktionen ssl_log i ssl_engine_log.c i mod_ssl - 2.8.19 til Apache 1.3.31 kan gøre det muligt for fjernangribere at udføre - vilkårlige meddelelser via formatstrengs-angivere i visse log-meddelelser - vedr. HTTPS.

    - -
- -

I den nuværende stabile distribution (woody), er disse problemer -rettet i version 2.8.9-2.4.

- -

I den ustabile distribution (sid), blev -\ -CAN-2004-0488 rettet i version 2.8.18 og -\ -CAN-2004-0700 vil snart blive rettet.

- -

Vi anbefaler at du opdaterer din libapache-mod-ssl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-532.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-533.wml b/danish/security/2004/dsa-533.wml deleted file mode 100644 index 7f0ed38a224..00000000000 --- a/danish/security/2004/dsa-533.wml +++ /dev/null @@ -1,20 +0,0 @@ -udførelse af skripter på tværs af websteder - -

En sårbarhed der gør det muligt at udføre skripter på tværs af websteder er -opdaget i sqwebmail, et webmailprogram der følger med postpakken Courier, -hvorved en angriber kunne forårsage at et webskript blev udført indenfor -sqwebmail-programmets sikkerhedskontekst ved at indsprøjte det via en -e-mail.

- -

I den nuværende stabile distribution (woody), er dette problem -rettet i version 0.37.3-2.5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.45.4-4.

- -

Vi anbefaler at du opdaterer din courier-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-533.data" -#use wml::debian::translation-check translation="a336d9208c61add4347f6475c3a0eee65e12bf36" mindelta="1" diff --git a/danish/security/2004/dsa-534.wml b/danish/security/2004/dsa-534.wml deleted file mode 100644 index 879552bfdca..00000000000 --- a/danish/security/2004/dsa-534.wml +++ /dev/null @@ -1,18 +0,0 @@ -mappegennemløb - -

En mappegennemløbssårbarhed er opdaget i mailreader, hvorved fjernangribere -kunne se vilkårlige filer med rettighederne hørende til processen nph-mr.cgi -(som standard www-data) via relative stier og en null-byte i parameteret -configLanguage.

- -

I den nuværende stabile distribution (woody), er dette problem -rettet i version 2.3.29-5woody1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opdaterer din mailreader-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-534.data" -#use wml::debian::translation-check translation="ac0f3bf9482fcc4691dcd8ba98f15109b73d040a" mindelta="1" diff --git a/danish/security/2004/dsa-535.wml b/danish/security/2004/dsa-535.wml deleted file mode 100644 index 37b7177d722..00000000000 --- a/danish/security/2004/dsa-535.wml +++ /dev/null @@ -1,50 +0,0 @@ -flere sårbarheder - -

Fire sårbarheder er blevet i squirrelmail:

- -
    - -
  • \ - CAN-2004-0519 -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (XSS) i SquirrelMail 1.4.2 gør det muligt for fjernangribere at - udføre et vilkårligt skript som andre brugere og muligvis stjæle - autentifikationsoplysninger via flere forskellige angrebsmetoder, blandt andre - mailbox-parameteret i compose.php.

    - -
  • \ - CAN-2004-0520 -

    Sårbarheder i forbindelse med udførelse af skripter på tværs af websteder - (XSS) i mime.php i SquirrelMail før version 1.4.3 gør det muligt for - fjernangribere at indsætte vilkårlig HTML-kode og skripter via mailheaderen - content-type, som demonstreret ved hjælp af read_body.php.

    - -
  • \ - CAN-2004-0521 -

    SQL-indsprøjtningssårbarhed i SquirrelMail før version 1.4.3 RC1 gør det - muligt for fjernangribere at udføre uautoriserede SQL-kommandoer, med ukendte - følgevirkninger, muligvis via abook_database.php.

    - -
  • \ - CAN-2004-0639 -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (XSS) i Squirrelmail 1.2.10 og tidligere gør det muligt for - fjernangribere at indsprøjte vilkårlig HTML-kode eller skripter via (1) - variablen $mailer i read_body.php, (2) variablen $senderNames_part i - mailbox_display.php og muligvis andre angrebsmetoder, blandt andre (3) - variablen $event_title eller (4) variablen $event_text.

    - -
- -

I den nuværende stabile distribution (woody), er disse problemer -rettet i version 1:1.2.6-1.4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -2:1.4.3a-0.1 og tidligere versioner.

- -

Vi anbefaler at du opdaterer din squirrelmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-535.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-536.wml b/danish/security/2004/dsa-536.wml deleted file mode 100644 index 5e60db542fc..00000000000 --- a/danish/security/2004/dsa-536.wml +++ /dev/null @@ -1,48 +0,0 @@ -flere sårbarheder - -

Chris Evans har opdaget flere sårbarheder i libpng:

- -
    - -
  • \ - CAN-2004-0597 -

    Der er flere bufferoverløb, blandt andre ved håndtering af "transparency - chunk data", der kunne udnyttes til at forårsage at vilkårlig kode blev - udført når et særligt fremstillet PNG-billede blev behandlet.

    - -
  • \ - CAN-2004-0598 -

    Flere NULL-pointerreferencer i png_handle_iCPP() og andre steder kunne - udnyttes til at få et program til at gå ned, når et særligt fremstillet - PNG-billede blev behandlet.

    - -
  • \ - CAN-2004-0599 -

    Flere heltalsoverløbs i funktionerne png_handle_sPLT(), png_read_png() og - andre steder kunne udnyttes til at få et program til at gå ned, eller - potentielt udførelse af vilkårlig kode, når et særligt fremstillet blillede - blev behandlet.

    - -

    Desuden er en fejl med relation til -\ -CAN-2002-1363 blevet rettet:

    - -
  • \ - CAN-2004-0768 -

    Et bufferoverløb kunne udløses på grund af en ukorrekt beregning eller - bufferoffset, muligvis medførende udførelse af vilkårlig kode.

    - -
- -

I den nuværende stabile distribution (woody), er disse problemer -rettet i libpng3 version 1.2.1-1.1.woody.7 og i libpng version -1.0.12-3.woody.7.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opdaterer dine libpng and libpng3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-536.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-537.wml b/danish/security/2004/dsa-537.wml deleted file mode 100644 index b04e609e4f6..00000000000 --- a/danish/security/2004/dsa-537.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikre filrettigheder - -

Andres Salomon har opdaget et problem i CGI-sessionshåndteringen i Ruby, -et objektorienteret skriptsprog. Implementationen af CGI::Sessions FileStore -(og formentlig PStore, som ikke er i Debians "woody") opbevarer -sessionsoplysninger på usikker vis. De opretter simpelthen filer uden at tage -hensyn til rettighedsproblemstillinger. Dette kan medføre at en angriber der -også har shell-adgang til webserveren, kan overtage kontrollen med -sessionen.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.6.7-3woody3.

- -

I den ustabile og test-distributionen ("sid" og "sarge") er dette problem -ettet i version 1.8.1+1.8.2pre1-4.

- -

Vi anbefaler at du opgraderer din libruby-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-537.data" -#use wml::debian::translation-check translation="6fa87e128aafc8640c0d691cc530b367cce6e91a" mindelta="1" diff --git a/danish/security/2004/dsa-538.wml b/danish/security/2004/dsa-538.wml deleted file mode 100644 index c64d8f5dfea..00000000000 --- a/danish/security/2004/dsa-538.wml +++ /dev/null @@ -1,23 +0,0 @@ -ukontrolleret inddatabehandling - -

Rsync-udviklerne har opdaget et sikkerhedsrelateret problem i rsync, et -hurtigt program til fjernkopiering af filer, hvilket gør det muligt for en -angriber at tilgå filer uden for den angivne mappe. For at udnytte denne fejl -i forbindelse med ukontrollerede stinavne, skal rsync køre som dæmon med -chroot-muligheden slået fra. Det påvirker ikke de almindelige -send/modtag-filnavne der angiver hvilke filer der skal overføres, men påvirker -dog visse valgfrit opsatte stier der gør det muligt at ekstra filer kan læses -eller skrives.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.5.5-0.6.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.6.2-3.

- -

Vi anbefaler at du opgraderer din rsync-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-538.data" -#use wml::debian::translation-check translation="f7f72e20a06b210ebc293e57ee967964d53eb463" mindelta="1" diff --git a/danish/security/2004/dsa-539.wml b/danish/security/2004/dsa-539.wml deleted file mode 100644 index 17ca57dcca5..00000000000 --- a/danish/security/2004/dsa-539.wml +++ /dev/null @@ -1,20 +0,0 @@ -midlertidig mappe-sårbarhed - -

SUSEs sikkerhedsteam blev gjort opmærksom på, at i nogle tilfælde er -integriteten af symlinks som anvendes af KDE ikke sikret, samt at disse -symlinks kan pege på ikke-eksisternde placeringer. Dette kan udnyttes af en -lokal angriber til at oprette eller overskrive vilkårlige filer, eller til at -forhindre KDE-programmer i at virke korrekt.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.2.2-13.woody.12.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.3.0-1.

- -

Vi anbefaler at du opgraderer dine kde-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-539.data" -#use wml::debian::translation-check translation="c79f39d339d827cd1bd95ea2e6b7d49b2cc7db95" mindelta="1" diff --git a/danish/security/2004/dsa-540.wml b/danish/security/2004/dsa-540.wml deleted file mode 100644 index 12e303c0032..00000000000 --- a/danish/security/2004/dsa-540.wml +++ /dev/null @@ -1,18 +0,0 @@ -usikker filoprettelse - -

Jeroen van Wolffelaar har opdaget en usikker midlertidig fil-sårbarhed i -skriptet mysqlhotcopy, når scp-metoden anvendes, denne er en del af pakken -mysql-server.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.23.49-8.7 af mysql.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.0.20-11 af mysql-dfsg.

- -

Vi anbefaler at du opgraderer din mysql-server-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-540.data" -#use wml::debian::translation-check translation="473ddf04f77aad1995ea734010ad4ad4a82337ff" mindelta="1" diff --git a/danish/security/2004/dsa-541.wml b/danish/security/2004/dsa-541.wml deleted file mode 100644 index b22b42c015c..00000000000 --- a/danish/security/2004/dsa-541.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende escape - -

Markus Wörle har opdaget et problem med udførelse på tværs af webservere i -status-display (list.cgi) i icecasts interne webserver, som er en MPEG layer -III-streaming-server. UserAgent-variablen er ikke tilstrækkeligt -html_escaped hvorfor en angriber kunne få klienten til at udføre vilkårlige -Java-scriptkommandoer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.3.11-4.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.3.12-8.

- -

Vi anbefaler at du opgraderer din icecast-server-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-541.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2004/dsa-542.wml b/danish/security/2004/dsa-542.wml deleted file mode 100644 index 95de3ead39d..00000000000 --- a/danish/security/2004/dsa-542.wml +++ /dev/null @@ -1,40 +0,0 @@ -ukontrollerde inddata - -

Flere sårbarheder er opdaget i nyere versioner af Qt, et udbredt grafisk -widget-sæt, der eksempelvis anvendes i KDE. Det første problem gør det muligt -for en angriber at udføre vilkårlig kode, mens de andre to kun lader til at -kunne udgøre en risiko for lammelsesangreb. Projektet Common Vulnerabilities -and Exposures har fundet frem til følgende sårbarheder:

- -
    -
  • \ - CAN-2004-0691: - -

    Chris Evans har opdaget et heap-baseret overløb ved håndtering af - 8-bits RLE-indkapslede BMP-filer.

    - -
  • \ - CAN-2004-0692: - -

    Marcus Meissner har opdaget en nedbrudstilstand (crash) i - XPM-håndteringskoden, som endnu ikke er rettet i Qt 3.3.

    - -
  • \ - CAN-2004-0693: - -

    Marcus Meissner har opdaget en nedbrudstilstand (crash) i - GIF-håndteringskoden, som endnu ikke er rettet i Qt 3.3.

    -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 3.0.3-20020329-1woody2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.3.3-4 of qt-x11-free.

- -

Vi anbefaler at du opgraderer dine qt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-542.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-543.wml b/danish/security/2004/dsa-543.wml deleted file mode 100644 index 9fd15338261..00000000000 --- a/danish/security/2004/dsa-543.wml +++ /dev/null @@ -1,46 +0,0 @@ -flere sårbarheder - -

MIT Kerberos Development-holdet har opdaget en række sårbarheder i MIT -Kerberos Version 5-programmellet. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • \ - CAN-2004-0642 [VU#795632] - -

    En dobbelt frigivelsesfejl kan gøre det muligt for uautoriserede - fjernangribere at udføre vilkårlig kode på KDC eller klienter.

    - -
  • \ - CAN-2004-0643 [VU#866472] - -

    Flere dobbelt frigivelsesfejl kan gøre det muligt for autentificerede - angribere at udføre vilkårlig kode på Kerberos-applicationsservere.

    - -
  • \ - CAN-2004-0644 [VU#550464] - -

    Et lammelsesangrebssårbarhed der kan udnyttes af en fjernangriber er - fundet i KDC og biblioteker.

    - -
  • CAN-2004-0772 [VU#350792] - -

    Flere dobbelt frigivelsesfejl kan gøre det muligt for fjernangribere at - udføre vilkårlig kode på serveren. Dette påvirker ikke versionen i - "woody".

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.2.4-5woody6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.3.4-3.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-543.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-544.wml b/danish/security/2004/dsa-544.wml deleted file mode 100644 index 221553c2e8c..00000000000 --- a/danish/security/2004/dsa-544.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c6a84fd28be72f30424f2b65a5bd2dfadbbe202c" mindelta="1" -usikker midlertidig mappe - -

Ludwig Nussel har opdaget et problem i webmin, et webbaseret administrativ -værktøj. En midlertidig mappe blev anvendt, men uden at kontrollere den -tidligere ejer. Denne kunne gøre det muligt for en angriber at oprette mappen -og lægge farlige symbolske lænker i den.

- -

I den stabile distribution (woody) er dette problem rettet i version -0.94-7woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i version 1.160-1 -af webmin og version 1.090-1 af usermin.

- -

Vi anbefaler at du opgraderer dine webmin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-544.data" -#use wml::debian::translation-check translation="c6a84fd28be72f30424f2b65a5bd2dfadbbe202c" mindelta="1" diff --git a/danish/security/2004/dsa-545.wml b/danish/security/2004/dsa-545.wml deleted file mode 100644 index c4d884b37f9..00000000000 --- a/danish/security/2004/dsa-545.wml +++ /dev/null @@ -1,18 +0,0 @@ -lammelsesangreb - -

Alvaro Martinez Echevarria har opdaget et problem i CUPS, Common UNIX -Printing System. En angriber kunne nemt slå browsing fra i CUPS ved at sende -et særligt fremstillet UDP-datagram til port 631 hvor cupsd kører.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.1.14-5woody6.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.1.20final+rc1-6.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-545.data" -#use wml::debian::translation-check translation="14594dbfe6ae94ab00be588b6b5f1fd7f1f54143" mindelta="1" diff --git a/danish/security/2004/dsa-546.wml b/danish/security/2004/dsa-546.wml deleted file mode 100644 index c616b2734e1..00000000000 --- a/danish/security/2004/dsa-546.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - -

Chris Evans har opdaget flere problemer i gdk-pixbuf, GdkPixBuf-biblioteket -som anvendes i Gtk. Det var muligt for en angriber at udføre vilkårlig kode på -offerets maskine. Gdk-pixbuf til Gtk+1.2 er en ekstern pakke. Med hensyn til -Gtk+2.0 er det en del af den primære gtk-pakke.

- -

Projektet Common Vulnerabilities and Exposures Project har fundet frem til -følgende sårbarheder:

- - - -

I den stabile distribution (woody) er disse problemer rettet i -version 0.17.0-2woody2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.22.0-7.

- -

Vi anbefaler at du opgraderer dine gdk-pixbuf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-546.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-547.wml b/danish/security/2004/dsa-547.wml deleted file mode 100644 index 45edc072520..00000000000 --- a/danish/security/2004/dsa-547.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Marcus Meissner fra SUSE har opdaget flere bufferoverløb i grafikbiblioteket -ImageMagick. En angriber kunne oprette en ondsindet billed- eller videofil i -AVI-, BMP- eller DIB-format, som kunne få indlæsningsprocessen til at gå ned. -Måske kunne omhyggeligt fremstillede billeder også gøre det muligt at udføre -vilkårlig kode med den kaldende proces' muligheder.

- -

I den stabile distribution (woody) er dette problem rettet i -version 5.4.4.5-1woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.0.6.2-1.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-547.data" -#use wml::debian::translation-check translation="4a8ae1177ff509d420e724cb613a2f5b9826df1b" mindelta="1" diff --git a/danish/security/2004/dsa-548.wml b/danish/security/2004/dsa-548.wml deleted file mode 100644 index f003d6a393f..00000000000 --- a/danish/security/2004/dsa-548.wml +++ /dev/null @@ -1,23 +0,0 @@ -uverificerede inddata - -

Marcus Meissner har opdaget en heap-overløbsfejl i imlib, et billedbibliotek -til X og X11, som kunne udnyttes af en angriber til at udføre vilkårlig kode på -offerets maskine. Den opdaterede pakke vi stillede til rådighed med DSA 548-1 -lod ikke til at være tilstrækkelig, hvilket skulle være rettet med denne -opdatering.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.9.14-2woody3.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.9.14-16.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.9.14-17 af imlib og i version 1.9.14-16.2 af imlib+png2.

- -

Vi anbefaler at du opgraderer dine imlib1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-548.data" -#use wml::debian::translation-check translation="c2fa9986188b29bf560a4379c131159740017ffa" mindelta="1" diff --git a/danish/security/2004/dsa-549.wml b/danish/security/2004/dsa-549.wml deleted file mode 100644 index 58c845f96b6..00000000000 --- a/danish/security/2004/dsa-549.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Chris Evans har opdaget flere problemer i gdk-pixbuf, GdkPixBuf-biblioteket -som anvendes i Gtk. Det var muligt for en angriber at udføre vilkårlig kode på -offerets maskine. Gdk-pixbuf til Gtk+1.2 er en ekstern pakke. Med hensyn til -Gtk+2.0 er det en del af den primære gtk-pakke.

- -

Projektet Common Vulnerabilities and Exposures Project har fundet frem til -følgende sårbarheder:

- - - -

I den stabile distribution (woody) er disse problemer rettet i -version 2.0.2-5woody2.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine Gtk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-549.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-550.wml b/danish/security/2004/dsa-550.wml deleted file mode 100644 index 70d81294c84..00000000000 --- a/danish/security/2004/dsa-550.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

iDEFENSE har opdaget et bufferoverløb i wv-biblioteket, som anvendes til at -konvertere og forhåndsvise Microsoft Word-dokumenter. En angriber kunne -oprette et særligt fremstillet dokument, der kunne føre til at wvHtml udførte -vilkårlig kode på offerets maskine.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.7.1+rvt-2woody3.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din wv-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-550.data" -#use wml::debian::translation-check translation="7ac7b61ae518437c0c45e55d8e28f51980b53222" mindelta="1" diff --git a/danish/security/2004/dsa-551.wml b/danish/security/2004/dsa-551.wml deleted file mode 100644 index a8a8ff99c15..00000000000 --- a/danish/security/2004/dsa-551.wml +++ /dev/null @@ -1,18 +0,0 @@ -ukorrekt håndtering af intern variabel - -

Przemyslaw Frasunek har opdaget en sårbarhed i tnftpd hhv. lukemftpd, den -udvidede ftp-dæmon fra NetBSD. En angriber kunne udnytte dette til at udføre -vilkårlig kode på serveren.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.1-1woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.1-2.2.

- -

Vi anbefaler at du opgraderer din lukemftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-551.data" -#use wml::debian::translation-check translation="d52d3f55417c9dc4dd2b60e7c12509863357bf88" mindelta="1" diff --git a/danish/security/2004/dsa-552.wml b/danish/security/2004/dsa-552.wml deleted file mode 100644 index d9d63ffe2c4..00000000000 --- a/danish/security/2004/dsa-552.wml +++ /dev/null @@ -1,18 +0,0 @@ -unsanitised input - -

Marcus Meissner har opdaget en heap-overløbsfejl i imlib2, et -billedbibliotek til X og X11 og efterfølgeren af imlib, som kan udnyttes af en -angriber til at udføre vilkårlig kode på offerets maskine.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.0.5-2woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.1.0-12.4.

- -

Vi anbefaler at du opgraderer dine imlib2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-552.data" -#use wml::debian::translation-check translation="ad5305f1eba47904aa58b303252d5f38875b0f95" mindelta="1" diff --git a/danish/security/2004/dsa-553.wml b/danish/security/2004/dsa-553.wml deleted file mode 100644 index 61e1292e53f..00000000000 --- a/danish/security/2004/dsa-553.wml +++ /dev/null @@ -1,19 +0,0 @@ -symlink-sårbarhed - -

Et sikkerhedsproblem er opdaget i getmail, et POP3- og APOP-program til -indsamling og videresendelse af e-mail. En angriber med en shell-konto på -offerets værtsmaskine kunne udnytte getmail til at overskrive vilkårlige filer -når programmet kørte som root.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.3.7-2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.2.5-1.

- -

Vi anbefaler at du opgraderer din getmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-553.data" -#use wml::debian::translation-check translation="6d061a2e3bf0ec68018dc29ab1552cce2f4d1f4c" mindelta="1" diff --git a/danish/security/2004/dsa-554.wml b/danish/security/2004/dsa-554.wml deleted file mode 100644 index 1d6cc66b82a..00000000000 --- a/danish/security/2004/dsa-554.wml +++ /dev/null @@ -1,21 +0,0 @@ -forudindstillet adgangskode - -

Hugo Espuny har opdaget et problem i sendmail, et udbredt program til -levering af elektronisk post. Ved installering af "sasl-bin" til anvendelse af -sasl i forbindelse med sendmail, anvender sendmail-opsætningsskriptet en -forudindstillet brugernavn/adgangskode-oplysning til initialisering af -sasl-databasen. Enhver spammer med kendskab til Debian-systemer kunne udnytte -en sådan sendmail-installation til at videresende spam.

- -

I den stabile distribution (woody) er dette problem rettet i -version 8.12.3-7.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 8.13.1-13.

- -

Vi anbefaler at du opgraderer din sendmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-554.data" -#use wml::debian::translation-check translation="2442ddcb90770a0bf1527dc6daf5930ff226c3b6" mindelta="1" diff --git a/danish/security/2004/dsa-555.wml b/danish/security/2004/dsa-555.wml deleted file mode 100644 index 5ee35603440..00000000000 --- a/danish/security/2004/dsa-555.wml +++ /dev/null @@ -1,19 +0,0 @@ -forkerte filrettigheder - -

Simon Josefsson har bemærket at opsætningsfilen tspc.conf i freenet6, en -klient til opsætning af en IPv6-tunnel til freenet6.net, har gjort læsbar for -alle. Denne fil kan indeholde det brugernavn og den adgangskode, der anvendes -til at kontakte IPv6-tunnelbroker freenet6.net.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.9.6-1woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0-2.2.

- -

Vi anbefaler at du opgraderer din freenet6-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-555.data" -#use wml::debian::translation-check translation="2581ce47d9d0462dfd24f8535da4ba0c8ab82860" mindelta="1" diff --git a/danish/security/2004/dsa-556.wml b/danish/security/2004/dsa-556.wml deleted file mode 100644 index d7f7aebb539..00000000000 --- a/danish/security/2004/dsa-556.wml +++ /dev/null @@ -1,22 +0,0 @@ -ugyldig free(3) - -

Michal Zalewski har opdaget en fejl i netkit-telnet-serveren (telnetd) -hvorved en fjernangriber kunne forårsage at telnetd-processen frigav en -ugyldig pointer. Dette fik telnet-serverprocessen til at gå ned, hvilket -medførte et ukompliceret lammelsesangreb (inetd slår tjenesten fra hvis -telnetd gentagne gange går ned), eller muligvis udførelse af vilkårlig kode -med rettighederne hørende til telnetd-processen (som standard brugeren -"telnetd").

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.17-18woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.17-26.

- -

Vi anbefaler at du opgraderer din netkit-telnet-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-556.data" -#use wml::debian::translation-check translation="4b2ca5e9bb4461a7af4cb9cd8fb104b521d520cb" mindelta="1" diff --git a/danish/security/2004/dsa-557.wml b/danish/security/2004/dsa-557.wml deleted file mode 100644 index e042f2ac50f..00000000000 --- a/danish/security/2004/dsa-557.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende bortkast af rettigheder - -

Max Vozeler har opdaget en sårbarhed i pppoe, PPP over -Ethernet-styreprogrammet fra Roaring Penguin. Når programmet kører som setuid -root (hvilket ikke er tilfældet i Debian standardinstallation), kunne en -angriber overskrive enhver fil i filsystemet.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.3-1.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.5-4.

- -

Vi anbefaler at du opgraderer din pppoe-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-557.data" -#use wml::debian::translation-check translation="7b31fcd8837d127519de423529bcf499c592b629" mindelta="1" diff --git a/danish/security/2004/dsa-558.wml b/danish/security/2004/dsa-558.wml deleted file mode 100644 index 916532229e3..00000000000 --- a/danish/security/2004/dsa-558.wml +++ /dev/null @@ -1,20 +0,0 @@ -dereferering af null-pointer - -

Julian Reschke har rapporteret et problem i mod_dav hørende til Apache 2 i -forbindelse med en dereferering af null-pointer. Når den kørte i en trådet -model, særligt med Apache 2, kunne en segmenteringsfejl stoppe hele processen -og dermed forårsage et lammelsesangreb på hele serveren.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.0.3-3.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.3-10 af libapache-mod-dav og i version 2.0.51-1 af -Apache 2.

- -

Vi anbefaler at du opgraderer dine mod_dav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-558.data" -#use wml::debian::translation-check translation="45a133052dae9c3da2214064efdae484da514775" mindelta="1" diff --git a/danish/security/2004/dsa-559.wml b/danish/security/2004/dsa-559.wml deleted file mode 100644 index 8e92633175c..00000000000 --- a/danish/security/2004/dsa-559.wml +++ /dev/null @@ -1,18 +0,0 @@ -usikker midlertidig fil - -

Stefan Nordhausen har fundet et lokalt sikkerhedshul i net-acct, en -IP-regnskabsdæmon der kører i brugertilstand. Ældammel og redundant kode -oprettede en midlertidig fil på en usikker måde.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.71-5woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.71-7.

- -

Vi anbefaler at du opgraderer din net-acct-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-559.data" -#use wml::debian::translation-check translation="06a685cddde21348f32a23e53510e7a1c665c048" mindelta="1" diff --git a/danish/security/2004/dsa-560.wml b/danish/security/2004/dsa-560.wml deleted file mode 100644 index 74be9f788b7..00000000000 --- a/danish/security/2004/dsa-560.wml +++ /dev/null @@ -1,17 +0,0 @@ -heltals- og stakoverløb - -

Chris Evans har opdaget flere stak- og heltalsoverløb i biblioteket libXpm, -som er indeholdt i LessTif.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.93.18-5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.93.94-10.

- -

Vi anbefaler at du opgraderer dine lesstif-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-560.data" -#use wml::debian::translation-check translation="006bb8733e4e8a4c87d41afa5f6b6bee278d1ffc" mindelta="1" diff --git a/danish/security/2004/dsa-561.wml b/danish/security/2004/dsa-561.wml deleted file mode 100644 index 1244d13d664..00000000000 --- a/danish/security/2004/dsa-561.wml +++ /dev/null @@ -1,17 +0,0 @@ -heltals- og stakoverløb - -

Chris Evans har opdaget flere stak- og heltalsoverløbs biblioteket libXpm, -som følger med X.Org, XFree86 og LessTif.

- -

I den stabile distribution (woody) er dette problem rettet i -version 4.1.0-16woody4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.3.0.dfsg.1-8.

- -

Vi anbefaler at du opgraderer dine libxpm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-561.data" -#use wml::debian::translation-check translation="eacb7e86e98cd325b4e1c2cb9c48b6d9e723031f" mindelta="1" diff --git a/danish/security/2004/dsa-562.wml b/danish/security/2004/dsa-562.wml deleted file mode 100644 index bbbf8665cf7..00000000000 --- a/danish/security/2004/dsa-562.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i MySQL, et udbredt SQL-databaseprogram på -Unix-servere. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende problemer:

- -
    - -
  • CAN-2004-0835 - -

    Oleksandr Byelkin bemærkede at ALTER TABLE ... RENAME kontrollerer - CREATE/INSERT-rettighederne på den gamle tabel, i stedet for den nye.

    -
    • - -
  • CAN-2004-0836 - -

    Lukasz Wojtow bemærkede et overløb i funktionen mysql_real_connect.

    -
    • - -
  • CAN-2004-0837 - -

    Dean Ellis bemærkede at flere tråde som ændrer (ALTER) den samme (eller - forskellige) MERGE-tabeller for UNION'en kan få serveren til at gå ned - eller gå i baglås.

    -
    • - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 3.23.49-8.8.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.0.21-1.

- -

Vi anbefaler at du opgraderer dine mysql- og relaterede pakker og genstarter -tjenester der linker mod dem (fx Apache/PHP).

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-562.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-563.wml b/danish/security/2004/dsa-563.wml deleted file mode 100644 index a8c28349b3d..00000000000 --- a/danish/security/2004/dsa-563.wml +++ /dev/null @@ -1,31 +0,0 @@ -ukorrigerede inddata - -

Denne sikkerhedsbulletin retter DSA 563-1 og DSA 563-2, der ikke var i stand -til at erstatte biblioteket til arkitekturerne sparc og arm på grund af -forskellig versionering i det stabile arkiv. Andre arkitekturer blev -opdateret korrekt. Et nyt problem blev dog rapporteret i forbindelse med -sendmail, som desuden er rettet i forbindelse med denne opdatering.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.5.27-3.1woody5.

- -

Til reference følger bulletinens tekst:

- -
-

En sårbarhed er opdaget i Cyrus-implmentationen af SASL-biblioteket, Simple -Authentication and Security Layer, en metode til tilføjelse af -autentifikationsunderstøttelse for connection-baserede protokoller. Biblioteket -adlyder blindt miljøvariablen SASL_PATH blindly, hvilket gør det muligt for en -lokal bruger at linke til et ondsindet bibliotek, for at kunne køre vilkårlig -kode med rettighederne hørende til en setuid- eller setgid-applikation.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.5.28-6.2 af cyrus-sasl og i version 2.1.19-1.3 af cyrus-sasl2.

-
- -

Vi anbefaler at du opgraderer dine libsasl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-563.data" -#use wml::debian::translation-check translation="9d49b4bfc1b8124103d05a1e9ea4fae97587f783" mindelta="1" diff --git a/danish/security/2004/dsa-564.wml b/danish/security/2004/dsa-564.wml deleted file mode 100644 index 8ad43f8ee2c..00000000000 --- a/danish/security/2004/dsa-564.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende korrektion af brugerinddata - -

Davide Del Vecchio har opdaget en sårbarhed i mpg123, et populært (men -ikke-frit) program til afspilning af MPEG layer 1/2/3-lydfiler. En ondsindet -MPEG layer 2/3-fil kunne få headerkontrollerne i mpg123 til at mislykkes, -hvilket kunne gøre det muligt at udføre vilkårlig kode med rettighederne -tilhørende brugeren, som kørte mpg123.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.59r-13woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.59r-16.

- -

Vi anbefaler at du opgraderer din mpg123-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-564.data" -#use wml::debian::translation-check translation="f4b2916bc3b514d3d613eb8adc8f5228cdfcd4eb" mindelta="1" diff --git a/danish/security/2004/dsa-565.wml b/danish/security/2004/dsa-565.wml deleted file mode 100644 index fe3578618b8..00000000000 --- a/danish/security/2004/dsa-565.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Ulf Härnhammar har rapporteret to sårbarheder i SoX, et universalt program -til konvertering af lydstumper, hvilket kunne udnyttes af ondsindede personer -til at kompromittere en brugers system med en særligt fremstilet .wav-fil.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 12.17.3-4woody2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 12.17.4-9.

- -

Vi anbefaler at du opgraderer din sox-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-565.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2004/dsa-566.wml b/danish/security/2004/dsa-566.wml deleted file mode 100644 index 66927b9ac51..00000000000 --- a/danish/security/2004/dsa-566.wml +++ /dev/null @@ -1,24 +0,0 @@ -ukontrollerede inddata - -

En informationslækage er fundet i CUPS, Common UNIX Printing System, hvilket -kunne føre til afsløring af følsomme oplysninger, såsom brugernavne og -adgangskoder som skrives til logfiler.

- -

Den anvendte rettelse fjerner kun autentifikationsoplysningerne fra -enheds-URI, der logges i filen error_log. Det fjerner ikke URI'en fra miljøet -og procestabellen, hvorfor udviklerne af CUPS anbefaler at -systemadministratorere under alle omstændigheder aldrig placerer -autentifikationsoplysninger i enheds-URI'er.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.1.14-5woody7.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.1.20final+rc1-9.

- -

Vi anbefaler at du opgraderer din CUPS-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-566.data" -#use wml::debian::translation-check translation="36fd5309560d680b2cbc26b9bc746a23e78b05e0" mindelta="1" diff --git a/danish/security/2004/dsa-567.wml b/danish/security/2004/dsa-567.wml deleted file mode 100644 index a409d4a37ea..00000000000 --- a/danish/security/2004/dsa-567.wml +++ /dev/null @@ -1,43 +0,0 @@ -heap-overløb - -

Flere problemer er opdaget i libtiff, biblioteket Tag Image File Format til -behandling af TIFF-grafikfiler. En angriber kunne forbedrede et særligt -fremstillet TIFF-billede, der fik klienten til udføre vilkårlig kode eller gå -ned. Projektet Common Vulnerabilities and Exposures Project har fundet frem -til følgende problemer:

- -
    - -
  • CAN-2004-0803 - -

    Chris Evans opdagede flere problemer i RLE-dekoderne ("run length - encoding"), hvilket kunne medføre at vilkårlig kode kunne udføres.

    -
    • - -
  • CAN-2004-0804 - -

    Matthias Clasen har opdaget en division med nul-fejl via et - heltalsoverløb.

    -
    • - -
  • CAN-2004-0886 - -

    Dmitry V. Levin har opdaget flere heltalsoverløb der medførte - mallac-problemer, som kunne ende med enten et almindelige crash eller - hukommelseskorruption.

    -
    • - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 3.5.5-6woody1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.6.1-2.

- -

Vi anbefaler at du opgraderer din libtiff-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-567.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-568.wml b/danish/security/2004/dsa-568.wml deleted file mode 100644 index 6d147d34f4e..00000000000 --- a/danish/security/2004/dsa-568.wml +++ /dev/null @@ -1,24 +0,0 @@ -ukontrollede inddata - -

En sårbarhed er opdaget i Cyrus' implementation af SASL-biblioteket, Simple -Authentication and Security Layer, en metode til at føje -autentifikationsunderstøttelse til connenction-baserede protokoller. -Biblioteket respekterer miljøvariablen SASL_PATH blindt, hvilket gjorde det -muligt for en lokal bruger at linke mod et ondsindet bibliotek, for at udføre -vilkårlig kode med rettighederne hørende til en setuid- eller -setgid-applikation.

- -

MIT-versionen af Cyrus-implementationen af SASL-biblioteket indeholder -bindinger mod MIT GSSAPI og MIT Kerberos4.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.5.24-15woody3.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libsasl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-568.data" -#use wml::debian::translation-check translation="96e4eb574dff0b5772e27574ff41ff3692e6bcfc" mindelta="1" diff --git a/danish/security/2004/dsa-569.wml b/danish/security/2004/dsa-569.wml deleted file mode 100644 index b9057baa3d5..00000000000 --- a/danish/security/2004/dsa-569.wml +++ /dev/null @@ -1,21 +0,0 @@ -ugyldig free(3) - -

Michal Zalewski har opdaget en fejl i serveren netkit-telnet (telnetd), -hvorved en fjernangriber kunne forårsage af telnetd-processen frigav en -ugyldig pointer. Dette medførte at telnet-server-processen gik ned, hvilket -førte til at typisk lammelsesangreb (inetd slår tjenesten fra hvis telnetd går -ned flere gange) eller muligvis udførelse af vilkårlig kode med rettighederne -hørende til telnetd-processen (som standard brugeren "telnetd").

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.17.17+0.1-2woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.17.24+0.1-4.

- -

Vi anbefaler at du opgraderer din netkit-telnet-ssl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-569.data" -#use wml::debian::translation-check translation="563d6184f4f3ef67d1a0c600de6f6eb1dfc17a99" mindelta="1" diff --git a/danish/security/2004/dsa-570.wml b/danish/security/2004/dsa-570.wml deleted file mode 100644 index 09dca54b712..00000000000 --- a/danish/security/2004/dsa-570.wml +++ /dev/null @@ -1,18 +0,0 @@ -heltalsoverløb - -

Flere heltalsoverløb er fundet af opstrømsudviklerne af libpng, en udbredt -bibliotek til visning af PNG-billeder. Overløbene kunne udnyttes til udførelse -af vilkårlig kode når et særligt fremstillet PNG-billede blev behandlet.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.0.12-3.woody.9.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.15-8.

- -

Vi anbefaler at du opgraderer dine libpng-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-570.data" -#use wml::debian::translation-check translation="8eeaf1cf227e27c8f24c314772e7bbcddcf451aa" mindelta="1" diff --git a/danish/security/2004/dsa-571.wml b/danish/security/2004/dsa-571.wml deleted file mode 100644 index 82a2a6ee89c..00000000000 --- a/danish/security/2004/dsa-571.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb, heltalsoverløb - -

Flere heltalsoverløb er fundet af opstrømsudviklerne af libpng, et udbredt -bibliotek til visning af PNG-billeder. Overløbene kunne udnyttes til at udføre -vilkårlig kode når et særligt fremstillet billede blev behandlet.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.2.1-1.1.woody.9.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.2.5.0-9.

- -

Vi anbefaler at du opgraderer dine libpng3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-571.data" -#use wml::debian::translation-check translation="7dd09060d84901c4ebaad0c1b3d76727f013b75d" mindelta="1" diff --git a/danish/security/2004/dsa-572.wml b/danish/security/2004/dsa-572.wml deleted file mode 100644 index 10b6b2c4184..00000000000 --- a/danish/security/2004/dsa-572.wml +++ /dev/null @@ -1,18 +0,0 @@ -flere sårbarheder - -

Et problem er opdaget i ecartis, et postlistehåndteringsprogram, hvilket -gjorde det muligt for en angriber i samme domæne som listeadministratoren, at -opnår administratorrettigheder og ændre listeindstillinger.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.129a+1.0.0-snap20020514-1.3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.0+cvs.20030911-8.

- -

Vi anbefaler at du opgraderer din ecartis-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-572.data" -#use wml::debian::translation-check translation="1f24c1600338b1fd97265d35fa1d169a4de6a025" mindelta="1" diff --git a/danish/security/2004/dsa-573.wml b/danish/security/2004/dsa-573.wml deleted file mode 100644 index 1306a55546a..00000000000 --- a/danish/security/2004/dsa-573.wml +++ /dev/null @@ -1,18 +0,0 @@ -heltalsoverløbs - -

Chris Evans har fundet flere heltalsoverløb i xpdf, som også findes i CUPS, -Common UNIX Printing System, og kan fjernudnyttes med et særligt fremstillet -PDF-dokument.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.1.14-5woody10.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.1.20final+rc1-10.

- -

Vi anbefaler at du opgraderer dine CUPS-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-573.data" -#use wml::debian::translation-check translation="2bddeaf6b331564ef64a80aff1b495ac6e041ab5" mindelta="1" diff --git a/danish/security/2004/dsa-574.wml b/danish/security/2004/dsa-574.wml deleted file mode 100644 index 774613b7f1e..00000000000 --- a/danish/security/2004/dsa-574.wml +++ /dev/null @@ -1,18 +0,0 @@ -manglende mappekontrol - -

Opstrømsudviklerne har opdaget et problem i cabextract, et værktøj til -udpakning af cabinet-filer. Programmet kunne overskrive filer i overliggende -mapper, hvilket kunne medføre at en angriber overskrev vilkårlige filer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.2-2b.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.1-1.

- -

Vi anbefaler at du opgraderer din cabextract-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-574.data" -#use wml::debian::translation-check translation="32f7f2321be5904328e9fcbb1298b8fe908a99ab" mindelta="1" diff --git a/danish/security/2004/dsa-575.wml b/danish/security/2004/dsa-575.wml deleted file mode 100644 index a05bf8a1295..00000000000 --- a/danish/security/2004/dsa-575.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker midlertidig fil - -

Et problem med en midlertidig fil er opdaget i xlsview fra -catdoc-programpakken, der indeholder konverteringsprogrammer fra Word til TeX -og ren tekst. Problemet kunne gøre det muligt for lokale brugere at overskrive -vilkårlige filer via et symlink-angreb på forudsigelige midlertidige -filnavne.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.91.5-1.woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.91.5-2.

- -

Vi anbefaler at du opgraderer din catdoc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-575.data" -#use wml::debian::translation-check translation="efa0dc8bcc67fb75951b266bad040ec796ff0a02" mindelta="1" diff --git a/danish/security/2004/dsa-576.wml b/danish/security/2004/dsa-576.wml deleted file mode 100644 index fd603388592..00000000000 --- a/danish/security/2004/dsa-576.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedssårbarheder er opdaget i Squid, et mellemlagerprogram til -Internet-filer og et populært WWW-proxy-mellemlager. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-1999-0710 - -

    Det er muligt at omgå adgangslister og scanne vilkårlige værtsmaskiner - og porte i netværket via cachemgr.cgi, der installeres som standard. Denne - opdatering slår denne mulighed fra og introducerer en opsætningsfil - (/etc/squid/cachemgr.conf) til at holde kontrol med denne funktionalitet.

    - -
  • CAN-2004-0918 - -

    Funktionen asn_parse_header (asn1.c) i SNMP-modulet til Squid gør det - muligt for fjernangribere at forårsage et lammelsesangreb via visse - SNMP-pakker med negative længdefelter, der medfører en - hukommelsesallokeringsfejl.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.4.6-2woody4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.5.7-1.

- -

Vi anbefaler at du opgraderer din squid-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-576.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-577.wml b/danish/security/2004/dsa-577.wml deleted file mode 100644 index 781253cb7ba..00000000000 --- a/danish/security/2004/dsa-577.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker midlertidig fil - -

Trustix Security Engineers har opdaget oprettelse af en usikker midlertidig -fil i et skript som følger med postgresql-programpakken, en SQL-database med -objekter og relationer. Dette kunne gøre det muligt for en angriber, at narre -en bruger til at overskrive vilkårlige filer, som vedkommende havde skrivadgang -til.

- -

I den stabile distribution (woody) er dette problem rettet i -version 7.2.1-2woody6.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 7.4.6-1.

- -

Vi anbefaler at du opgraderer dine postgresql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-577.data" -#use wml::debian::translation-check translation="28f4bd8ec17691efc55694e6a4d906097f42b03b" mindelta="1" diff --git a/danish/security/2004/dsa-578.wml b/danish/security/2004/dsa-578.wml deleted file mode 100644 index 8e1a2ff68ac..00000000000 --- a/danish/security/2004/dsa-578.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Carlos Barros har opdaget et bufferoverløb i HTTP-autentifikationsrutinen i -mpg123, en populært (men ikke-fri) MPEG layer 1/2/3-afspiller. Hvis en bruger -åbnede en ondsindet fremstillet playlist eller URL, kunne en angriber måske -udføre vilkårlig kode med rettighederne hørende til den kaldende bruger.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.59r-13woody4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.59r-17.

- -

Vi anbefaler at du opgraderer din mpg123-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-578.data" -#use wml::debian::translation-check translation="016cd4d907a7ec082df314b5e56e49dcdc9fb496" mindelta="1" diff --git a/danish/security/2004/dsa-579.wml b/danish/security/2004/dsa-579.wml deleted file mode 100644 index 2be0f247bc3..00000000000 --- a/danish/security/2004/dsa-579.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

En bufferoverløbs-sårbarhed er opdaget i wv-biblioteket, der anvendes til -konvertering og forhåndsvisning af Word-dokumenter. Ved udnyttelse kunne en -angriber udføre vilkårlig kode med rettighederne hørende til brugeren, der -kørte det sårbare program.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.0.2+cvs.2002.06.05-1woody2.

- -

Pakken i den ustabile distribution (sid) er ikke påvirket.

- -

Vi anbefaler at du opgraderer din abiword-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-579.data" -#use wml::debian::translation-check translation="d7722290e5a061b4beb25e1d3b48ee0f33d8dd18" mindelta="1" diff --git a/danish/security/2004/dsa-580.wml b/danish/security/2004/dsa-580.wml deleted file mode 100644 index 9e08f901900..00000000000 --- a/danish/security/2004/dsa-580.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende initialisering - -

Faheem Mitha har opdaget at iptables-kommandoen, et administrativt værktøj -til IPv4-pakkefiltrering og NAT, ikke altid indlæste de krævede moduler af sig -selv, som det var meningen; dette kunne medføre at firewall-regler ikke blev -indlæst ved systemstart. Dette forårsagede en fejl i forbindelse med regler -leveret af i hvert fald lokkit.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.2.6a-5.0woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.11-4.

- -

Vi anbefaler at du opgraderer din iptables-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-580.data" -#use wml::debian::translation-check translation="2527918cd5fec950bc5d2b2cafa4dcff7d117538" mindelta="1" diff --git a/danish/security/2004/dsa-581.wml b/danish/security/2004/dsa-581.wml deleted file mode 100644 index 87bf61c1b0c..00000000000 --- a/danish/security/2004/dsa-581.wml +++ /dev/null @@ -1,18 +0,0 @@ -heltalsoverløb - -

Chris Evans har opdaget flere heltalsoverløb i xpdf, et program til visning -af PDF-filer. Overløbene kan fjernudnyttes ved hjælp af et særligt fremstillet -PDF-dokument og medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.00-3.2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.00-9.

- -

Vi anbefaler at du opgraderer din xpdf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-581.data" -#use wml::debian::translation-check translation="544bbb92b516c89696c41ee16ddd678b954bebb8" mindelta="1" diff --git a/danish/security/2004/dsa-582.wml b/danish/security/2004/dsa-582.wml deleted file mode 100644 index 31f887fe20c..00000000000 --- a/danish/security/2004/dsa-582.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb - -

"infamous41md" har opdaget flere bufferoverløb i libxml og libxml2, XML -C-fortolkeren og værktøjer til GNOME. Manglende grænsekontroller kunne føre -til at flere buffere løb over, hvilket kunne få klienten til at udføre -vilkårlig kode.

- -

I den følgende sårbarhedsmatriks, er rettede versioner af bibliotekter -anført:

- -

I den stabile distribution (woody) er disse problemer rettet i version -1.8.17-2woody2 af libxml og i version 2.4.19-4woody2 af libxml2.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -1.8.17-9 af libxml og i version 2.6.11-5 af libxml2.

- -

Disse problemer er også rettet i version 2.6.15-1 af libxml2 i den -eksperimentelle distribution.

- -

Vi anbefaler at du opgraderer dine libxml-pakker.

- -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-582.data" -#use wml::debian::translation-check translation="058b926b92f7ee211f02d2194c43ea0c9612659c" mindelta="1" diff --git a/danish/security/2004/dsa-583.wml b/danish/security/2004/dsa-583.wml deleted file mode 100644 index 442224c7106..00000000000 --- a/danish/security/2004/dsa-583.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikker midlertidig mappe - -

Trustix-udviklerne har opdaget en usikker midlertidig filoprettelse i et -supplementerede skript i pakken lvm10, som ikke kontrollerede om der i forvejen -fandtes midlertidige mapper, hvilket gjorde det muligt for lokale brugere at -overskrive filer ved hjælp af et symlink-angreb.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.0.4-5woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.8-8.

- -

Vi anbefaler at du opgraderer din lvm10-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-583.data" -#use wml::debian::translation-check translation="c1b68e94a6ddcb6320022438dd4e874ed0a8b3c9" mindelta="1" diff --git a/danish/security/2004/dsa-584.wml b/danish/security/2004/dsa-584.wml deleted file mode 100644 index 5e64f061813..00000000000 --- a/danish/security/2004/dsa-584.wml +++ /dev/null @@ -1,19 +0,0 @@ -formatstrengssårbarhed - -

"infamous41md" har bemærket at logfunktionerne i dhcp 2.x, der stadig -distribueres i den stabile udgave af Debian, overførte parametre til en -funktion som anvender formatstrenge. En af dem ser ud til at kunne udnyttes i -forbindelse med en ondsindet DNS-server.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.0pl5-11woody1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.0pl5-19.1.

- -

Vi anbefaler at du opgraderer din dhcp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-584.data" -#use wml::debian::translation-check translation="c3f2fc874c4fcdf8035dfc039448cd075130537a" mindelta="1" diff --git a/danish/security/2004/dsa-585.wml b/danish/security/2004/dsa-585.wml deleted file mode 100644 index f4171e4b3c0..00000000000 --- a/danish/security/2004/dsa-585.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

En sårbarhed er opdaget i shadow-programpakken der indeholder programmer som -chfn og chsh. Det er muligt for en bruger, som er logget ind, men har en -udløbet adgangskode, at ændre sine kontooplysninger med chfn eller chsh uden at -have ændret adgangskoden. Oprindeligt troede man, at problemet var mere -alvorligt.

- -

I den stabile distribution (woody) er dette problem rettet i -version 20000902-12woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.0.3-30.3.

- -

Vi anbefaler at du opgraderer din passwd-pakke (from the shadow -suite).

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-585.data" -#use wml::debian::translation-check translation="a818aca70a99bbdfc6dbf13d723c89374a9282d5" mindelta="1" diff --git a/danish/security/2004/dsa-586.wml b/danish/security/2004/dsa-586.wml deleted file mode 100644 index 655b9ff8630..00000000000 --- a/danish/security/2004/dsa-586.wml +++ /dev/null @@ -1,19 +0,0 @@ -uendelig løkke - -

Opstrømsudviklerne af Ruby har rettet et problem i CGI-modulet til dette -sprog. Særligt fremstillede forespørgsler kunne forårsage en uendelig løkke og -dermed få programmet til at bruge CPU-tid.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.6.7-3woody4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.6.8-12 af ruby1.6 og i version 1.8.1+1.8.2pre2-4 af -ruby1.8.

- -

Vi anbefaler at du opgraderer dine ruby-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-586.data" -#use wml::debian::translation-check translation="ce41b08aab83194a31d5a0b21a14084ef84b2775" mindelta="1" diff --git a/danish/security/2004/dsa-587.wml b/danish/security/2004/dsa-587.wml deleted file mode 100644 index e844763c285..00000000000 --- a/danish/security/2004/dsa-587.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Luigi Auriemma har opdaget et bufferoverløb playliste-modulet i freeamp, der -kunne medføre at vilkårlig kode blev udført. I nyere udgaver af freeamp har -programmet skiftet navn til zinf.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.1.1.0-4woody2.

- -

I den ustabile distribution (sid) findes dette problem ikke i zinf-pakken, -da den pågældende kode er skrevet om.

- -

Vi anbefaler at du opgraderer dine freeamp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-587.data" -#use wml::debian::translation-check translation="aede714c07dc881bd5ad81da2ca3567b528dbad4" mindelta="1" diff --git a/danish/security/2004/dsa-588.wml b/danish/security/2004/dsa-588.wml deleted file mode 100644 index 86fedb7c497..00000000000 --- a/danish/security/2004/dsa-588.wml +++ /dev/null @@ -1,17 +0,0 @@ -usikre midlertidige filer - -

Trustix-udviklerne har opdaget en usikker oprettelse af midlertidige filer i -de supplerende skripter i gzip-pakken, hvilket kan gøre det muligt for lokale -brugere at overskrive filer via et symlink-angreb.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.3.2-3woody3.

- -

The ustabile distribution (sid) er ikke påvirket af disse problemer.

- -

Vi anbefaler at du opgraderer din gzip-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-588.data" -#use wml::debian::translation-check translation="6a8fc671bb2f7506fe5fdca75e8e3a3ef6fe7d64" mindelta="1" diff --git a/danish/security/2004/dsa-589.wml b/danish/security/2004/dsa-589.wml deleted file mode 100644 index a373547ce30..00000000000 --- a/danish/security/2004/dsa-589.wml +++ /dev/null @@ -1,18 +0,0 @@ -heltalsoverløb - -

"infamous41md" har opdaget flere heltalsoverløb i dekodningsrutinerne til -PNG-billeder i GD-grafikbiblioteket. Dette kunne føre til vilkårlig udførelse -af kode på offerets maskine.

- -

I den stabile distribution (woody) er disse problemer rettet i version -1.8.4-17.woody3 af libgd1 og i version 2.0.1-10woody1 af libgd2.

- -

I den ustabile distribution (sid) vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine libgd1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-589.data" -#use wml::debian::translation-check translation="a6e36e39afa08b8ed545626703c284d45fcf109c" mindelta="1" diff --git a/danish/security/2004/dsa-590.wml b/danish/security/2004/dsa-590.wml deleted file mode 100644 index cfa3c3d2a28..00000000000 --- a/danish/security/2004/dsa-590.wml +++ /dev/null @@ -1,18 +0,0 @@ -formatstrengssårbarhed - -

Khan Shirani har opdaget en formatstrengssårbarhed i gnats, -problemrapporthåndteringssystemet i GNU. Dette problem kan udnyttes til at -udføre vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.999.beta1+cvs20020303-2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.0-7.

- -

Vi anbefaler at du opgraderer din gnats-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-590.data" -#use wml::debian::translation-check translation="cd7ce16a39894a629551f97ae787d1ac1fbc56ab" mindelta="1" diff --git a/danish/security/2004/dsa-591.wml b/danish/security/2004/dsa-591.wml deleted file mode 100644 index d0911c0a3a8..00000000000 --- a/danish/security/2004/dsa-591.wml +++ /dev/null @@ -1,18 +0,0 @@ -heltalsoverløb - -

"infamous41md" har opdaget flere heltalsoverløb i dekodningsrutinerne til -PNG-billeder i GD-grafikbiblioteket. Dette kunne føre til vilkårlig udførelse -af kode på offerets maskine.

- -

I den stabile distribution (woody) er disse problemer rettet i version -1.8.4-17.woody3 af libgd1 og i version 2.0.1-10woody1 af libgd2.

- -

I den ustabile distribution (sid) vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-591.data" -#use wml::debian::translation-check translation="b083dc0c7dd0f109f192ac38e92e5f19fb32c80b" mindelta="1" diff --git a/danish/security/2004/dsa-592.wml b/danish/security/2004/dsa-592.wml deleted file mode 100644 index 832c13a8343..00000000000 --- a/danish/security/2004/dsa-592.wml +++ /dev/null @@ -1,19 +0,0 @@ -formatstreng - -

Ulf Härnhammar fra Debian Security Audit Project har opdaget en -formatstrengssårbarhed i ez-ipupdate, en klient til mange dynamisk -DNS-tjenester. Problemet kan kun udnyttes hvis ez-ipupdate kører som dæmon -(sandsynligvis) med mange, men ikke alle, tjenestetyper.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.0.11b5-1woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.0.11b8-8.

- -

Vi anbefaler at du opgraderer din ez-ipupdate-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-592.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2004/dsa-593.wml b/danish/security/2004/dsa-593.wml deleted file mode 100644 index 3d10aed328a..00000000000 --- a/danish/security/2004/dsa-593.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

En sårbarhed er blevet rapporteret i ImageMagick, et udbrudt bibliotek til -billedbehandling. På grund af en grænsefejl i rutinen der fortolker EXIF, -kunne et særligt fremstillet billede medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 5.4.4.5-1woody4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.0.6.2-1.5.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-593.data" -#use wml::debian::translation-check translation="d76177a04df2a7d1d7558b0253db36d06f629806" mindelta="1" diff --git a/danish/security/2004/dsa-594.wml b/danish/security/2004/dsa-594.wml deleted file mode 100644 index 8a73b6c6491..00000000000 --- a/danish/security/2004/dsa-594.wml +++ /dev/null @@ -1,32 +0,0 @@ -bufferoverløb - -

Two vulnerabilities have been identified in the Apache 1.3 webserver:

- -
    - -
  • CAN-2004-0940 - -

    "Crazy Einstein" har opdaget en sårbarhed i modulet "mod_include", - hvilket kunne forårsage et bufferoverløb og kunne gøre det muligt at - udføre vilkårlig kode.

    - -
  • Ingen sårbarheds-id - -

    Larry Cashdollar har opdaget et potentielt bufferoverløb i - værktøjet htpasswd, hvilket kunne udnyttes når user-supplied blev overført - til programmet via et CGI- (PHP-, ePerl- eller ...) program.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.3.26-0woody6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.3.33-2.

- -

Vi anbefaler at du opgraderer dine apache-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-594.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-595.wml b/danish/security/2004/dsa-595.wml deleted file mode 100644 index 210907ed642..00000000000 --- a/danish/security/2004/dsa-595.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Leon Juranic har opdaget at BNC, et program der gør det muligt for folk uden -IRC-adgang at benytte IRC gennem en proxy, ikke altid beskytter buffere mod at -blive overskrevet. Dette kunne udnyttes af en ondsindet IRC-server, som kunne -få en buffer med en begrænset størrelse til at løbe over, hvorved vilkårlig -kode kunne udføres på klient-værtsmaskinen.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.6.4-3.3.

- -

Denne pakke findes ikke i distributionerne "testing" og "unstable".

- -

Vi anbefaler at du opgraderer din bnc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-595.data" -#use wml::debian::translation-check translation="97a3f3c2cd2348904080e8fe0752b97ef51f91b7" mindelta="1" diff --git a/danish/security/2004/dsa-596.wml b/danish/security/2004/dsa-596.wml deleted file mode 100644 index e0fe4ffc1fa..00000000000 --- a/danish/security/2004/dsa-596.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Liam Helmer har opdaget at sudo, et program der giver begrænsede -superbrugerrettigheder til særlige brugere, renser ikke miljøvariable -tilstrækkeligt. Bash-funktioner og CDPATH-variable føres stadig videre til -programmet der kører under en priviligeret bruger, hvilket gør det muligt at -overstyre systemrutiner. Disse sårbarheder kan kun udnyttes af brugere, der -har fået tildelt midlertidige superbrugerrettigheder.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.6.6-1.3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.6.8p3.

- -

Vi anbefaler at du opgraderer din sudo-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-596.data" -#use wml::debian::translation-check translation="84c60c5e2236e18a643b7da10712d9d17f0bf9f3" mindelta="1" diff --git a/danish/security/2004/dsa-597.wml b/danish/security/2004/dsa-597.wml deleted file mode 100644 index 4c70b82fa3e..00000000000 --- a/danish/security/2004/dsa-597.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Stefan Esser har opdaget flere sikkerhedsrelaterede problemer i Cyrus -IMAP-dæmonen. På grund af en fejl i kommandofortolkeren, var det to steder -muligt at tilgå hukommelse over grænsen i den allokerede buffer, hvilket kunne -gøre det muligt at udføre vilkårlig kode.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.5.19-9.2

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.1.17-1.

- -

Vi anbefaler at du omgående opgraderer din cyrus-imapd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-597.data" -#use wml::debian::translation-check translation="7f0b2ae6167fc6c0c46e022c2cc978ed279c8cab" mindelta="1" diff --git a/danish/security/2004/dsa-598.wml b/danish/security/2004/dsa-598.wml deleted file mode 100644 index a31b05ef0f5..00000000000 --- a/danish/security/2004/dsa-598.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Max Vozeler har opdaget at yardradius, YARD-radius-autentifikations- og -regnskabsserveren, indeholdt et stakoverløb lig det i radiusd, som har fået -referencen \ -CAN-2001-0534. Denne sårbarhed kunne gøre det muligt at udføre vilkårlig -kode som root.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.0.20-2woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.20-15.

- -

Vi anbefaler at du omgående opgraderer din yardradius-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-598.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-599.wml b/danish/security/2004/dsa-599.wml deleted file mode 100644 index 461738a1c02..00000000000 --- a/danish/security/2004/dsa-599.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløbs - -

Chris Evans har opdaget flere heltalsoverløbs i xpdf, overløb som også -findes i tetex-bin, de binære filer til teTeX-distributionen, som kan udnyttes -af en fjernbruger ved hjælp af et særligt fremstillet PDF-dokument og gøre det -muligt at udføre vilkårlig kode.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 20011202-7.3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.0.2-23.

- -

Vi anbefaler at du opgraderer dine tetex-bin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-599.data" -#use wml::debian::translation-check translation="baace5045d8fdba9a5bd13ce80c1b6f2fa423fac" mindelta="1" diff --git a/danish/security/2004/dsa-600.wml b/danish/security/2004/dsa-600.wml deleted file mode 100644 index d6dbca71c6d..00000000000 --- a/danish/security/2004/dsa-600.wml +++ /dev/null @@ -1,19 +0,0 @@ -vilkårlig filadgang - -

En sårbarhed er opdadet i samba, en udbredt LanManager-lignende fil- og -printerserver til Unix. En fjernangriber kunne måske få adgang til filer der -fandtes uden for share'ens definerede sti. Sådanne filer skal dog stadig være -læsbare fra kontoen, der anvendes til forbindelsen.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.2.3a-14.1.

- -

I den ustabile distribution (sid) og test-distributionen (sarge) findes -dette problem ikke.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-600.data" -#use wml::debian::translation-check translation="0c085be2ab825f123b9a35a3450ef038bb1d51a6" mindelta="1" diff --git a/danish/security/2004/dsa-601.wml b/danish/security/2004/dsa-601.wml deleted file mode 100644 index c4500b1cc95..00000000000 --- a/danish/security/2004/dsa-601.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

Flere potentielle heltalsoverløbs er opdaget i grafikbiblioteket GD, disse -overløb var ikke dækket af vores sikkerhedsbulletin -DSA 589. Sårbarhederne -kunne udnyttes ved hjælp af en særligt fremstillet grafikfil og kunne gøre det -muligt at udføre vilkårlig kode på offerets maskine.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.8.4-17.woody4.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libgd1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-601.data" -#use wml::debian::translation-check translation="450b5dd3786d560d1d2248949ee1914543fec82c" mindelta="1" diff --git a/danish/security/2004/dsa-602.wml b/danish/security/2004/dsa-602.wml deleted file mode 100644 index 823bb875dcd..00000000000 --- a/danish/security/2004/dsa-602.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

Flere potentielle heltalsoverløbs er opdaget i grafikbiblioteket GD, disse -overløb var ikke dækket af vores sikkerhedsbulletin \ -DSA 591. Sårbarhederne kunne udnyttes ved hjælp af en særligt fremstillet -grafikfil og kunne gøre det muligt at udføre vilkårlig kode på offerets -maskine.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.0.1-10woody2.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-602.data" -#use wml::debian::translation-check translation="450b5dd3786d560d1d2248949ee1914543fec82c" mindelta="1" diff --git a/danish/security/2004/dsa-603.wml b/danish/security/2004/dsa-603.wml deleted file mode 100644 index 3a04e278463..00000000000 --- a/danish/security/2004/dsa-603.wml +++ /dev/null @@ -1,18 +0,0 @@ -usikker midlertidig fil - -

Trustix-udviklerne har opdaget en usikker oprettelse af en fil i et ekstra -skript (der_chop) i openssl-pakken, hvilket kan have gjort det muligt for -lokale brugere at overskrive filer ved hjælp af et symlink-angreb..

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.9.6c-2.woody.7.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.7e-1.

- -

Vi anbefaler at du opgraderer din openssl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-603.data" -#use wml::debian::translation-check translation="b6fe82c39289923a86f8c9dfa7969c3db98ad904" mindelta="1" diff --git a/danish/security/2004/dsa-604.wml b/danish/security/2004/dsa-604.wml deleted file mode 100644 index 6533d038d7c..00000000000 --- a/danish/security/2004/dsa-604.wml +++ /dev/null @@ -1,18 +0,0 @@ -manglende kontrol af inddata - -

"infamous41md" har opdaget en bufferoverløbstilstand i hpsockd, en -socks-server udviklet hos Hewlett-Packard. En udnyttelse kunne få programmet -til at gå ned eller have en værre effekt.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.6.woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.14.

- -

Vi anbefaler at du opgraderer din hpsockd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-604.data" -#use wml::debian::translation-check translation="ca0f712ac8e102dc911ee4a21c3a32ce36ba2847" mindelta="1" diff --git a/danish/security/2004/dsa-605.wml b/danish/security/2004/dsa-605.wml deleted file mode 100644 index 355ccbfd7d4..00000000000 --- a/danish/security/2004/dsa-605.wml +++ /dev/null @@ -1,24 +0,0 @@ -indstilinger anvendes ikke - -

Haris Sehic har opdaget flere sårbarheder i viewcvs, et værktøj til visning -af CVS- og Subversion-arkiver via HTTP. Ved eksport af et arkiv som en -tar-arkivfil, blev indstillingerne hide_cvsroot og forbidden ikke anvendt i -tilstrækkelig grad.

- -

Når pakkerne opgraderes i woody, skal man forinden tage en kopi af sin -/etc/viewcvs/viewcvs.conf-fil, hvis man manuelt har rettet i den. Ved -opgraderingen kan debconf-mekanismen måske ændre filen på en måde, så viewcvs -ikke længere kan forstå den.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 0.9.2-4woody1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.9.2+cvs.1.0.dev.2004.07.28-1.2.

- -

Vi anbefaler at du opgraderer din viewcvs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-605.data" -#use wml::debian::translation-check translation="09bb9d549a46131936f0ac5ec411977eb1bae5f7" mindelta="1" diff --git a/danish/security/2004/dsa-606.wml b/danish/security/2004/dsa-606.wml deleted file mode 100644 index abb3c250135..00000000000 --- a/danish/security/2004/dsa-606.wml +++ /dev/null @@ -1,18 +0,0 @@ -forkert signal-håndtering - -

SGI har opdaget at rpc.statd fra pakken nfs-utils, programmet til -overvågning af netværksstatus, ikke ignorerede "SIGPIPE". Dermed kunne en -klient som for tidligt terminerede TCP-forbindelsen også terminere -serverprocessen.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.0-2woody2.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din nfs-utils-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-606.data" -#use wml::debian::translation-check translation="df62401369c4b84ae11ef42d55c67bc85c7b01ad" mindelta="1" diff --git a/danish/security/2004/dsa-607.wml b/danish/security/2004/dsa-607.wml deleted file mode 100644 index 0b8afeb8ae2..00000000000 --- a/danish/security/2004/dsa-607.wml +++ /dev/null @@ -1,19 +0,0 @@ -flere sårbarheder - -

Flere udviklere har opdaget et antal problemer i biblioteket libXpm som -leveres af X.Org, XFree86 og LessTif. Disse fejl kan udnyttes af fjerne -og/eller lokale angribere til at opnå adgang til systemet eller til at forøge -deres lokale rettigheder, ved hjælp af et særligt fremstillet XPM-billede.

- -

I den stabile distribution (woody) er dette problem rettet i -version 4.1.0-16woody5.

- -

I den ustabile distribution (sid) vil dette problem blive rettet i -version 4.3.0.dfsg.1-9.

- -

Vi anbefaler at du omgående opgraderer din xlibs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-607.data" -#use wml::debian::translation-check translation="bc9ed454198c2eedd42a2b7a566501514a8945fd" mindelta="1" diff --git a/danish/security/2004/dsa-608.wml b/danish/security/2004/dsa-608.wml deleted file mode 100644 index d1475aa2fd4..00000000000 --- a/danish/security/2004/dsa-608.wml +++ /dev/null @@ -1,33 +0,0 @@ -heltalsoverløb, ukontrollerede inddata - -

Flere sårbarheder er opdaget i zgv, et SVGAlib-billedvisningsprogram til -i386-arkitekturen. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CAN-2004-1095 - -

    "infamous41md" har opdaget flere heltalsoverløbs i zgv. Fjernudnyttelse - af et heltalsoverløbssårbarhed kunne gøre det muligt at udføre vilkårlig - kode.

    - -
  • CAN-2004-0999 - -

    Mikulas Patocka har opdaget at ondsindede GIF-billedfiler som består af - flere billeder (eksempelvis animationer) kunne forårsage en - segmenteringsfejl i zgv.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 5.5-3woody1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du omgående opgraderer din zgv-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-608.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-609.wml b/danish/security/2004/dsa-609.wml deleted file mode 100644 index f696c628fd1..00000000000 --- a/danish/security/2004/dsa-609.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Adam Zabrocki har opdaget flere bufferoverløb i atari800, en Atari-emulator. -For at kunne tilgå grafikhardwaren direkte, var et af programmerne installeret -setuid root og en lokal angriber kunne udnytte denne sårbarhed til at opnå -root-rettigheder.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.2.2-1woody3.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du omgående opgraderer din atari800-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-609.data" -#use wml::debian::translation-check translation="a60e75fcd40b85f01c2ca0e77106b28cc578389d" mindelta="1" diff --git a/danish/security/2004/dsa-610.wml b/danish/security/2004/dsa-610.wml deleted file mode 100644 index 0948f3dbec2..00000000000 --- a/danish/security/2004/dsa-610.wml +++ /dev/null @@ -1,18 +0,0 @@ -usikker midlertidig fil - -

En sårbarhed er opdaget i cscope, et program der kan anvendes til -interaktivt at undersøge C-kildekode. Sårbarheden kunne gøre det muligt for -lokale brugere at overskrive filer via et symlink-angreb.

- -

I den stabile distribution (woody) er dette problem rettet i -version 15.3-1woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 15.5-1.

- -

Vi anbefaler at du opgraderer din cscope-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-610.data" -#use wml::debian::translation-check translation="91595b39343ddab71116d8471f5f5789db624810" mindelta="1" diff --git a/danish/security/2004/dsa-611.wml b/danish/security/2004/dsa-611.wml deleted file mode 100644 index 18be60c09b3..00000000000 --- a/danish/security/2004/dsa-611.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

"infamous41md" har opdaget et bufferoverløb i htget, et program der kan -hente filer fra HTTP-servere. Det var muligt at få en buffer til at løbe over -og udføre vilkårlig kode ved at tilgå en ondsindet URL.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.93-1.1woody1.

- -

Denne pakke findes ikke i distributionerne "testing" og "unstable".

- -

Vi anbefaler at du opgraderer din htget-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-611.data" -#use wml::debian::translation-check translation="a9b7bd7fe55f183a6167efe3d261d8a8d40452f4" mindelta="1" diff --git a/danish/security/2004/dsa-612.wml b/danish/security/2004/dsa-612.wml deleted file mode 100644 index 15ac5574723..00000000000 --- a/danish/security/2004/dsa-612.wml +++ /dev/null @@ -1,20 +0,0 @@ -ukontrollerede inddata - -

Rudolf Polzer har opdaget en sårbarhed i a2ps, et konverterings- og -forskønnelsesprogram for mange formater til PostScript. Programmet indkapslede -ikke shell-metategn korrekt, hvilket kunne gøre det muligt at udføre vilkårlige -kommandoer som en priviligeret bruger, hvis a2ps var installeret som et -printer-filter.

- -

I den stabile distribution (woody) er dette problem rettet i -version 4.13b-16woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1:4.13b-4.2.

- -

Vi anbefaler at du opgraderer din a2ps-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-612.data" -#use wml::debian::translation-check translation="f471b93710b6633acb468260a24e6d52c502002d" mindelta="1" diff --git a/danish/security/2004/dsa-613.wml b/danish/security/2004/dsa-613.wml deleted file mode 100644 index 51dc9b79f66..00000000000 --- a/danish/security/2004/dsa-613.wml +++ /dev/null @@ -1,17 +0,0 @@ -uendelig løkke - -

Brian Caswell har opdaget af en ukorrekt formateret SMB-pakke kunne få -ethereal til at hænge og bruge CPU-kraft uophørlig.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.9.4-1woody9.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.10.8-1.

- -

Vi anbefaler at du opgraderer dine ethereal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-613.data" -#use wml::debian::translation-check translation="73a2b6c74b656924c6b042c5c1c1f6d28bcf078c" mindelta="1" diff --git a/danish/security/2004/dsa-614.wml b/danish/security/2004/dsa-614.wml deleted file mode 100644 index a8016993cbc..00000000000 --- a/danish/security/2004/dsa-614.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

Luke "infamous41md" har opdaget flere sårbarheder i xzgv, et -billedvisningsprogram til X11 med et thumbnail-baseret valgvindue. -Fjernudnyttelse af en heltalsoverløbssårbarhed kunne gøre det muligt at udføre -vilkårlig kode.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 0.7-6woody2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.8-3.

- -

Vi anbefaler at du omgående opgraderer din xzgv-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-614.data" -#use wml::debian::translation-check translation="bc204f6383997d571ee3d1677d6aeb1a14e09839" mindelta="1" diff --git a/danish/security/2004/dsa-615.wml b/danish/security/2004/dsa-615.wml deleted file mode 100644 index 5a1715350ae..00000000000 --- a/danish/security/2004/dsa-615.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikre midlertidige filer - -

Javier Fernández-Sanguino Peña fra Debians sikkerhedsauditprojekt har -opdaget at skriptet debstd fra debmake, et udgået hjælpeværktøj til -Debian-pakning, oprettede midlertidige filer på en usikker måde. Dette kunne -udnyttes af en ondsindet bruger til at overskrive vilkårlige filer ejet af -offeret.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.6.10.woody.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.7.7.

- -

Vi anbefaler at du opgraderer din debmake-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-615.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2004/dsa-616.wml b/danish/security/2004/dsa-616.wml deleted file mode 100644 index 3883258764d..00000000000 --- a/danish/security/2004/dsa-616.wml +++ /dev/null @@ -1,17 +0,0 @@ -formatstreng - -

Joel Eriksson har opdaget en formatstrengssårbarhed i telnetd-ssl, der -måske kunne gøre det muligt at udføre vilkårlig kode på offerets maskine.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.17.17+0.1-2woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.17.24+0.1-6.

- -

Vi anbefaler at du omgående opgraderer din telnetd-ssl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-616.data" -#use wml::debian::translation-check translation="282af0eee63827c41410d4cc8a790dbb654e55d9" mindelta="1" diff --git a/danish/security/2004/dsa-617.wml b/danish/security/2004/dsa-617.wml deleted file mode 100644 index 74e943d2406..00000000000 --- a/danish/security/2004/dsa-617.wml +++ /dev/null @@ -1,19 +0,0 @@ -utilstrækkelig kontrol af inddata - -

"infamous41md" har opdaget et problem i libtiff, biblioteket Tag Image File -Format til behandling af TIFF-grafikfiler. Ved læsning af en TIFF-fil var det -muligt at allokere en buffer hvis størrelse var nul og at skrive til den, -hvilket kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.5.5-6.woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.6.1-4.

- -

Vi anbefaler at du omgående opgraderer dine libtiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-617.data" -#use wml::debian::translation-check translation="e326681ef12ae8f10617fb80cfe62805b5e0a9ff" mindelta="1" diff --git a/danish/security/2004/dsa-618.wml b/danish/security/2004/dsa-618.wml deleted file mode 100644 index 76b1a0bd7f7..00000000000 --- a/danish/security/2004/dsa-618.wml +++ /dev/null @@ -1,34 +0,0 @@ -bufferoverløb, heltalsoverløb - -

Pavel Kankovsky har opdaget at flere overløb som blev fundet i biblioteket -libXpm også findes i imlib, en billedbehandlingsbibliotek til X og X11. En -angriber kunne omhyggeligt oprette en billedfil på en måde, så den fik et -program der var linket med imlib til at udføre vilkårlig kode når filen blev -åbnet af et offer. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- - - -

I den stabile distribution (woody) er disse problemer rettet i -version 1.9.14-2woody2.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -1.9.14-17.1 af imlib og i version 1.9.14-16.1 af imlib+png2, der fremstiller -imlib1-pakken.

- -

Vi anbefaler at du omgående opgraderer dine imlib-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-618.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-619.wml b/danish/security/2004/dsa-619.wml deleted file mode 100644 index 3410d258bfa..00000000000 --- a/danish/security/2004/dsa-619.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

En sikkerhedsresearcher hos iDEFENSE har opdaget et bufferoverløb i xpdf, -en samling af programmer til brug i forbindelse med "portable document format" -(PDF). En ondsindet fremstillet PDF-fil kunne udnytte dette problem, hvilket -kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.00-3.3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.00-11.

- -

Vi anbefaler at du omgående opgraderer din xpdf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-619.data" -#use wml::debian::translation-check translation="88695a92296ff4b7dc2beecedd06d59fee400c85" mindelta="1" diff --git a/danish/security/2004/dsa-620.wml b/danish/security/2004/dsa-620.wml deleted file mode 100644 index bfee8dd7048..00000000000 --- a/danish/security/2004/dsa-620.wml +++ /dev/null @@ -1,33 +0,0 @@ -usikre midlertidige filer / mapper - -

Flere sårbarheder er opdaget i Perl, det populære skriptsprog. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CAN-2004-0452 - -

    Jeroen van Wolffelaar har opdaget at funktionen rmtree() i modulet - File::Path fjerne mappetræer på en usikker måde, hvilket kunne føre til - fjernelse af vilkårlige filer og mapper via et symlink-angreb.

    - -
  • CAN-2004-0976 - -

    Trustix-udviklerne har opdaget flere usikre anvendelse af midlertige - filer i mange moduler, hvilket gjode det muligt for en lokal angriber at - overskrive filer via et symlink-angreb.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 5.6.1-8.8.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 5.8.4-5.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-620.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2004/dsa-621.wml b/danish/security/2004/dsa-621.wml deleted file mode 100644 index 7b4c7318a9b..00000000000 --- a/danish/security/2004/dsa-621.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

En sikkerhedsresearcher hos iDEFENSE har opdaget et bufferoverløb i xpdf, -en samling af programmer til brug i forbindelse med "portable document format" -(PDF). En ondsindet fremstillet PDF-fil kunne udnytte dette problem, hvilket -kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.1.14-5woody11.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.1.22-2.

- -

Vi anbefaler at du opgraderer dine cupsys-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2004/dsa-621.data" -#use wml::debian::translation-check translation="e5c3755e723aa33398672e899ffecc06c098c832" mindelta="1" diff --git a/danish/security/2004/index.wml b/danish/security/2004/index.wml deleted file mode 100644 index a78e5e77fdc..00000000000 --- a/danish/security/2004/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2004 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2004', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2005/Makefile b/danish/security/2005/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2005/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2005/dsa-622.wml b/danish/security/2005/dsa-622.wml deleted file mode 100644 index 501f0e402df..00000000000 --- a/danish/security/2005/dsa-622.wml +++ /dev/null @@ -1,17 +0,0 @@ -usikre midlertidige filer - -

Javier Fernández-Sanguino Peña fra Debians sikkerhedsauditprojekt har -opdaget flere usikre anvendelser af midlertidige filer, som kunne føre til -overskrivelse af vilkårlige filer via et symlink-angreb.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 21.8-3.

- -

Den ustabile distribution (sid) indeholder ikke denne pakke.

- -

Vi anbefaler at du opgraderer din htmlheadline-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-622.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-623.wml b/danish/security/2005/dsa-623.wml deleted file mode 100644 index 4e9931e8d9d..00000000000 --- a/danish/security/2005/dsa-623.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Jonathan Rockway har opdaget et bufferoverløb i nasm, den generelt -anvendelige x86-assembler. Bufferoverløbet kunne gøre det muligt at udføre -vilkårlig kode ved oversættelse af en ondsindet fremstillet fil indeholdende -assembler-kildekode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.98.28cvs-1woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.98.38-1.1.

- -

Vi anbefaler at du opgraderer din nasm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-623.data" -#use wml::debian::translation-check translation="1223b935e056d48824c2e3a9258587d5d0cf38e0" mindelta="1" diff --git a/danish/security/2005/dsa-624.wml b/danish/security/2005/dsa-624.wml deleted file mode 100644 index b38ef39d9f9..00000000000 --- a/danish/security/2005/dsa-624.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i zip, arkiveringsprogrammet til .zip-filer. -Ved rekursiv komprimering af mapper, kontrollerede programmet ikke stilængden, -hvilket kunne medføre at hukommelse blev overskrevet. En ondsindet person -kunne lokke en bruger til at oprette et arkiv indeholdende et særligt -fremstillet stinavn, hvilket kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.30-5woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.30-8.

- -

Vi anbefaler at du opgraderer din zip-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-624.data" -#use wml::debian::translation-check translation="15ed6e160d98bbfdd5032757a3ee09a5623e6c27" mindelta="1" diff --git a/danish/security/2005/dsa-625.wml b/danish/security/2005/dsa-625.wml deleted file mode 100644 index d841628d3e5..00000000000 --- a/danish/security/2005/dsa-625.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Danny Lungstrom har opdaget to bufferoverløb i pcal, et program til -generering af Postscript-kalendre. Bufferoverløbene kunne gøre det -muligt at udføre vilkårlig kode når en kalender blev dannet.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 4.7-8woody1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.8.0-1.

- -

Vi anbefaler at du opgraderer din pcal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-625.data" -#use wml::debian::translation-check translation="98453cc8869027b4695d104b83f4acf9d4369b68" mindelta="1" diff --git a/danish/security/2005/dsa-626.wml b/danish/security/2005/dsa-626.wml deleted file mode 100644 index aeb3ad58168..00000000000 --- a/danish/security/2005/dsa-626.wml +++ /dev/null @@ -1,19 +0,0 @@ -ukontrollerede inddata - -

Dmitry V. Levin har opdaget et bufferoverløb i libtiff, Tag Image File -Format-biblioteket til behandling af TIFF-grafikfiler. Ved læsning af en -TIFF-fil var det muligt at få programmet til at gå ned, og måske også -udføre vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.5.5-6.woody5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.6.1-5.

- -

Vi anbefaler at du opgraderer din libtiff-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-626.data" -#use wml::debian::translation-check translation="c8530e318949df8fb1ad40e55b519f442b47461d" mindelta="1" diff --git a/danish/security/2005/dsa-627.wml b/danish/security/2005/dsa-627.wml deleted file mode 100644 index c14971def1e..00000000000 --- a/danish/security/2005/dsa-627.wml +++ /dev/null @@ -1,19 +0,0 @@ -ukontrollerede inddata - -

En sårbarhed der gør det muligt at udføre skripter på tværs af websteder -er opdaget i namazu2, en fuldtekst-søgemaskine. En angriber kunne forberede -særligt fremstillede inddata, der ikke kunne kontrolleres af namazu2 og som -dermed præsenterede inddataene ubehandlet for offeret.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.0.10-1woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.14-1.

- -

Vi anbefaler at du opgraderer din namazu2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-627.data" -#use wml::debian::translation-check translation="4d7eec21871d818163333e587fbf6238e1415048" mindelta="1" diff --git a/danish/security/2005/dsa-628.wml b/danish/security/2005/dsa-628.wml deleted file mode 100644 index 08e3d1b6c5e..00000000000 --- a/danish/security/2005/dsa-628.wml +++ /dev/null @@ -1,32 +0,0 @@ -heltalsoverløb - -

Pavel Kankovsky har opdaget at flere overløb der blev fundet i biblioteket -libXpm også fandtas i imlib og imlib2, der er billedbehandlingsbiblioteker til -X11. En angriber kunne med omhu fremstille en billedfil på en sådan måde, at -den fik et program der var linket med imlib eller imlib2 til at udføre vilkårlig -kode når filen blev åbnet af et offer. Projektet Common Vulnerabilities and -Exposures har fundet frem til følende problemer:

- -
    - -
  • CAN-2004-1025 - -

    Flere heap-baserede bufferoverløb. Denne kode findes ikke i imlib2.

    - -
  • CAN-2004-1026 - -

    Flere heltalsoverløb biblioteket imlib.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.0.5-2woody2.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine imlib2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-628.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-629.wml b/danish/security/2005/dsa-629.wml deleted file mode 100644 index 74a605d8b60..00000000000 --- a/danish/security/2005/dsa-629.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i MIT Kerberos 5-administrationsbiblioteket -(libkadm5srv), som kunne gøre det muligt at udføre vilkårlig kode ved at -udnytte en autentificeret bruger, ikke nødvendigvis en med administrative -rettigheder.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.2.4-5woody7.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.3.6-1.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-629.data" -#use wml::debian::translation-check translation="2bddeefd590fc8bf776bdc018bed81cfcca65daa" mindelta="1" diff --git a/danish/security/2005/dsa-630.wml b/danish/security/2005/dsa-630.wml deleted file mode 100644 index 15cfd051932..00000000000 --- a/danish/security/2005/dsa-630.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikker midlertidig mappe - -

Jeroen van Wolffelaar har opdaget et problem i lintian, Debians værktøj til -pakkekontrol. Programmet fjernede arbejdsmappen selvom den ikke var blevet -oprettet ved programstart, hvilket kan fjerne en urelateret fil eller mappen, -tilføjet af en ondsindet bruger via et symlink-angreb.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.20.17.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.23.6.

- -

Vi anbefaler at du opgraderer din lintian-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-630.data" -#use wml::debian::translation-check translation="544d67572eaeaf13023bf08b45c945bef293009b" mindelta="1" diff --git a/danish/security/2005/dsa-631.wml b/danish/security/2005/dsa-631.wml deleted file mode 100644 index d69e6f081ac..00000000000 --- a/danish/security/2005/dsa-631.wml +++ /dev/null @@ -1,18 +0,0 @@ -ukontrollerede inddata - -

Thiago Macieira har opdaget en sårbarhed i biblioteket kioslave, som er en -del af kdelibs. Sårbarheden gjorde det muligt for en angriber at udføre -vilkårlige ftp-kommandoer via en ftp://-URL som indeholdt et URL-indkapslet -ny linje-tegn før ftp-kommandoen.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.2.2-13.woody.13.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din kdelibs3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-631.data" -#use wml::debian::translation-check translation="5014d1679ca6a8870cdcae765b547a07c481c000" mindelta="1" diff --git a/danish/security/2005/dsa-632.wml b/danish/security/2005/dsa-632.wml deleted file mode 100644 index 2d4abb62ad8..00000000000 --- a/danish/security/2005/dsa-632.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Stephen Dranger har opdaget et bufferoverløb i linpopup, en X11-tilpasning af -winpopup, der kører over Samba og kunne gøre det muligt at udføre vilkårlig kode -ved visning af en ondsindet fremstillet meddelelse.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.2.0-2woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.0-7.

- -

Vi anbefaler at du opgraderer din linpopup-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-632.data" -#use wml::debian::translation-check translation="16548bb1fed395ed46385bf7d11face05600c033" mindelta="1" diff --git a/danish/security/2005/dsa-633.wml b/danish/security/2005/dsa-633.wml deleted file mode 100644 index 349e9abb0f9..00000000000 --- a/danish/security/2005/dsa-633.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikker midlertidig fil - -

Peter Samuelson, opstrømsvedligeholder af bmv, et PostScript-visningsprogram -til SVGAlib, har opdaget at midlertidige filer blev oprettet på en usikker -måde. En ondsindet lokal bruger kunne forårsage overskrivelse af vilkårlige -filer via et symlink-angreb.

- -

I den stabile distribution (woody) er dette problem -rettet i version 1.2-14.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2-17.

- -

Vi anbefaler at du opgraderer dine bmv-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-633.data" -#use wml::debian::translation-check translation="843ae7579621dacf26ecf0bfb83ed130bf8838b1" mindelta="1" diff --git a/danish/security/2005/dsa-634.wml b/danish/security/2005/dsa-634.wml deleted file mode 100644 index f27c602dd20..00000000000 --- a/danish/security/2005/dsa-634.wml +++ /dev/null @@ -1,48 +0,0 @@ -svag validering af værtsnavn og brugernavn - -

Patrice Fournier har opdaget en sårbarhed i undersystemet til autorisation i -hylafax, et fleksibelt klient-/server-faxsystem. En lokal eller fjern bruger -som gættede indholdet af databasen hosts.hfaxd, kunne opnå uautoriseret adgang -til faxsystemet.

- -

Nogle installationer af hylafax anvender faktisk denne svage validering af -værts- og brugernavn ved handlinger der krævede autorisation. Eksempler på -typiske linjer i hosts.hfaxd er

- -
-  192.168.0
-  brugernavn:uid:adgangskode:adminadgangskode
-  user@host
-
- -

Efter opdatering skal disse linjer ændres for fortsat at kunne fungere. De -korrekte linjer skal være

- -
-  192.168.0.[0-9]+
-  brugernavn@:uid:adgangskode:adminadgangskode
-  bruger@vært
-
- -

Med mindre en sådan sammensætning af "username" med "otherusername" og "host" -med "hostname" er ønsket, skal den korrekte udformning af disse linjer indeholde -adskillelsestegn og markører som disse

- -
-  @192.168.0.[0-9]+$
-  ^brugernavn@:uid:adgangskode:adminadgangskode
-  ^bruger@vært$
-
- -

I den stabile distribution (woody) er dette problem rettet i -version 4.1.1-3.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.2.1-1.

- -

Vi anbefaler at du opgraderer dine hylafax-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-634.data" -#use wml::debian::translation-check translation="0e248e3cc0255acdb2cac64b43e08665b631e6de" mindelta="1" diff --git a/danish/security/2005/dsa-635.wml b/danish/security/2005/dsa-635.wml deleted file mode 100644 index 0f9dd47b698..00000000000 --- a/danish/security/2005/dsa-635.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Philip Hazel har annonceret et bufferoverløb i funktioenn host_aton i exim, -Debians standardprogram til postbehandling (mail-transport-agent). Sårbarheden -kan gøre det muligt at udføre vilkårlig kode via en illegal IPv6-adresse.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.35-1woody4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.36-13 af exim og 4.34-10 af exim4.

- -

Vi anbefaler at du opgraderer dine exim- og exim4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-635.data" -#use wml::debian::translation-check translation="eb5f8965aecf1aaf04078660f323948069f83343" mindelta="1" diff --git a/danish/security/2005/dsa-636.wml b/danish/security/2005/dsa-636.wml deleted file mode 100644 index 0da4268e910..00000000000 --- a/danish/security/2005/dsa-636.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikre midlertidige filer - -

Flere usikre anvendelser af midlertidige filer er opdaget i supportskripter -i libc6-pakken, der stiller c-biblioteket til rådighed på GNU/Linux-systemer. -Trustix-udviklere har fundet ud af at skriptet catchsegv anvender midlertidige -filer på usikker vis. Openwall-udviklere har opdaget usikre midlertidige filer -i skriptet glibcbug. Disse skripter er sårbare overfor et symlink-angreb.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.2.5-11.8.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.3.2.ds1-20.

- -

Vi anbefaler at du opgraderer din libc6-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-636.data" -#use wml::debian::translation-check translation="a6d46c4175b30d9628d48f2899c039d8eac9e044" mindelta="1" diff --git a/danish/security/2005/dsa-637.wml b/danish/security/2005/dsa-637.wml deleted file mode 100644 index 23b2439a7da..00000000000 --- a/danish/security/2005/dsa-637.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Philip Hazel har annonceret et bufferoverløb i funktioenn host_aton i -exim-tls, SSL-versionen af Debians standardprogram til postbehandling -(mail-transport-agent). Sårbarheden kan gøre det muligt at udføre vilkårlig -kode via en illegal IPv6-adresse.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.35-3woody3.

- -

In the ustabile distribution (sid) this package does not exist -anymore.

- -

Vi anbefaler at du opgraderer din exim-tls-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-637.data" -#use wml::debian::translation-check translation="78874cfd27c5c77e745e811b047622644154bdee" mindelta="1" diff --git a/danish/security/2005/dsa-638.wml b/danish/security/2005/dsa-638.wml deleted file mode 100644 index 2a76d740b2e..00000000000 --- a/danish/security/2005/dsa-638.wml +++ /dev/null @@ -1,31 +0,0 @@ -flere sårbarheder - -

"jaguar" har opdaget to sikkerhedsrelevate problemer i gopherd, -Gopher-serveren i Debian som er en del af pakken gopher. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CAN-2004-0560 - -

    Et heltalsoverløb kan opstå når indhold af en særligt beregnet størrelse - offentliggøres.

    - -
  • CAN-2004-0561 - -

    En formatstrengssårbarhed er fundet i log-rutinen.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 3.0.3woody2.

- -

The ustabile distribution (sid) indeholder ikke pakken gopherd. -Den er blevet erstattet af Pygopherd.

- -

Vi anbefaler at du opgraderer din gopherd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-638.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-639.wml b/danish/security/2005/dsa-639.wml deleted file mode 100644 index 0e7ef83b954..00000000000 --- a/danish/security/2005/dsa-639.wml +++ /dev/null @@ -1,64 +0,0 @@ -flere sårbarheder - -

Andrew V. Samoilov har bemærket at flere fejlrettelser som -opstrømsudviklerne af mc, filhåndteringsprogrammet Midnight Commander, føjede -til programmet ikke blev tilbageført til den aktuelle version af mc i Debians -stabile udgave. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende sårbarheder:

- - - -

I den stabile distribution (woody) er disse problemer rettet i -version 4.5.55-1.2woody5.

- -

I den ustabile distribution (sid) skulle disse problemer allerede være -rettet, da de blev tilbageført fra aktuelle versioner.

- -

Vi anbefaler at du opgraderer din mc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-639.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-640.wml b/danish/security/2005/dsa-640.wml deleted file mode 100644 index ea5a8fca59b..00000000000 --- a/danish/security/2005/dsa-640.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Erik Sjölund har opdaget et bufferoverløb i xatitv, et af programmerne i -pakken gatos, som anvendes til at vise video med visse grafikkort fra ATI. -xatitv er installeret setuid root for at få direkte adgang til -grafikhardwaren.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.0.5-6woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.0.5-15.

- -

Vi anbefaler at du opgraderer din gatos-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-640.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-641.wml b/danish/security/2005/dsa-641.wml deleted file mode 100644 index 66fdcd80e86..00000000000 --- a/danish/security/2005/dsa-641.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Erik Sjölund har opdaget at playmidi, en MIDI-afspiller, indeholder et -setuid root-program med et bufferoverløb der kan udnyttes af en lokal -angriber.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.4-4woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.4debian-3.

- -

Vi anbefaler at du opgraderer din playmidi-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-641.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-642.wml b/danish/security/2005/dsa-642.wml deleted file mode 100644 index f58e2e35703..00000000000 --- a/danish/security/2005/dsa-642.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i gallery, et web-baseret fotoalbum skrevet i -PHP4. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende sårbarheder:

- -
    - -
  • CAN-2004-1106 - -

    Jim Paris opdagede en sårbarhed i forbindelse med udførelse af skripter - på tværs af servere, hvilket gjorde det muligt at indsætte kode ved hjælp - af særligt dannede URL'er.

    - -
  • CVE-NOMATCH - -

    Opstrømsudviklerne af gallery har rettet flere tilfælde af formodede - muligheder for at indsprøjte variable, hvilket kunne snyde gallery til at - foretage utilsigtede handlinger, for eksempel lækage af - databaseadgangskoder.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.2.5-8woody3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.4.4-pl4-1.

- -

Vi anbefaler at du opgraderer din gallery-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-642.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-643.wml b/danish/security/2005/dsa-643.wml deleted file mode 100644 index f2919b268ba..00000000000 --- a/danish/security/2005/dsa-643.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

"jaguar" fra Debians sikkerhedsauditproject har opdaget flere bufferoverløb i -queue, et transparent load balancing-system.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.30.1-4woody2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.30.1-5.

- -

Vi anbefaler at du opgraderer din queue-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-643.data" -#use wml::debian::translation-check translation="b59339f39f4e4393e4bc93011a03490b71c385b0" mindelta="1" diff --git a/danish/security/2005/dsa-644.wml b/danish/security/2005/dsa-644.wml deleted file mode 100644 index 9b28596c98f..00000000000 --- a/danish/security/2005/dsa-644.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Danny Lungstrom har opdaget en sårbarhed i chbg, et værktøj til at ændre -baggrundsbilleder med. En ondsindet fremstillet configuration/scenario-fil -kunne få en buffer til at løbe over og gøre det muligt at udføre vilkårlig -kode på offerets maskine.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.5-1woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.5-4.

- -

Vi anbefaler at du opgraderer din chbg-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-644.data" -#use wml::debian::translation-check translation="328226469086dd2b533ff74349e6dab4650e88ee" mindelta="1" diff --git a/danish/security/2005/dsa-645.wml b/danish/security/2005/dsa-645.wml deleted file mode 100644 index e3a58ac179c..00000000000 --- a/danish/security/2005/dsa-645.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

iDEFENSE har rapporteret et bufferoverløb i xpdf, en samling af programmer -til brug i forbindelse med "portable document format" (PDF). Lignende kode -findes i PDF-behandlingsdelen i CUPS. En ondsindet fremstillet PDF-fil kunne -udnytte dette problem, medførende udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.1.14-5woody12.

- -

I den ustabile distribution (sid) anvender CUPSYS ikke længere sin egen -xpdf-variant, men anvender xpdf-utils.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-645.data" -#use wml::debian::translation-check translation="9edc97aec5e5b8212703f2f6f3ecf9a46a006bbe" mindelta="1" diff --git a/danish/security/2005/dsa-646.wml b/danish/security/2005/dsa-646.wml deleted file mode 100644 index 99ecd33cdf2..00000000000 --- a/danish/security/2005/dsa-646.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Andrei Nigmatulin har opdaget et bufferoverløb i PSD-billeddekodningsmodulet -i ImageMagick, et udbredt billedbehandlingsprogram. Fjernudnyttelse med et -særlig fremstillet billede kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 5.4.4.5-1woody5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.0.6.2-2.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-646.data" -#use wml::debian::translation-check translation="d945b2184b39d6cefb87d9a6f27e1a722ce5a927" mindelta="1" diff --git a/danish/security/2005/dsa-647.wml b/danish/security/2005/dsa-647.wml deleted file mode 100644 index dc207d0b0e5..00000000000 --- a/danish/security/2005/dsa-647.wml +++ /dev/null @@ -1,20 +0,0 @@ -usiker midlertidige filer - -

Javier Fernandez-Sanguino Peña fra Debians sikkerhedsauditprojekt har opdaget -en midlertidig fil-sårbarhed i skriptet mysqlaccess i MySQL. Sårbarheden kunne -gøre det muligt for en upriviligeret bruger at lade root overskrive vilkårlige -filer via et symlink-angreb, og indholdet af en midlertidig fil, der kunne -indeholde følsomme oplysninger, kunne også afsløres.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.23.49-8.9.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.0.23-3 af mysql-dfsg og i version 4.1.8a-6 af mysql-dfsg-4.1.

- -

Vi anbefaler at du opgraderer dine mysql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-647.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-648.wml b/danish/security/2005/dsa-648.wml deleted file mode 100644 index 179ee45ebe0..00000000000 --- a/danish/security/2005/dsa-648.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a39b1cbb5aeb2b04ae4f2755926e8ff9dc55e719" mindelta="1" -bufferoverløb - -

iDEFENSE har rapporteret et bufferoverløb i xpdf, en samling af programmer -til brug i forbindelse med "portable document format" (PDF). En ondsindet -fremstillet PDF-fil kunne udnytte dette problem, medførende udførelse af -vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.00-3.4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.00-12.

- -

Vi anbefaler at du opgraderer din xpdf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-648.data" diff --git a/danish/security/2005/dsa-649.wml b/danish/security/2005/dsa-649.wml deleted file mode 100644 index b381b75db5a..00000000000 --- a/danish/security/2005/dsa-649.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i xtrlock, et minimalt program til låsning af -X-skærmen. Problemet kan udnyttes af en ondsindet lokal angriber til at få -låsningsprogrammet til at gå ned og overtage desktop-sessionen.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.0-6woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0-9.

- -

Vi anbefaler at du opgraderer din xtrlock-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-649.data" -#use wml::debian::translation-check translation="332a499ec7edb037dcd4f69f22ebc11704ab37fc" mindelta="1" diff --git a/danish/security/2005/dsa-650.wml b/danish/security/2005/dsa-650.wml deleted file mode 100644 index db243fefb61..00000000000 --- a/danish/security/2005/dsa-650.wml +++ /dev/null @@ -1,17 +0,0 @@ -manglende kontrol af inddata - -

Ulf Härnhammar har opdaget at på grund af manglende kontrol af inddata i -diatheke, et CGI-skript til fremstilling og visning af et bibel-websted, er det -muligt at udføre vilkårlige kommandoer via en særligt fremstillet URL.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.5.3-3woody2.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din diatheke-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-650.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-651.wml b/danish/security/2005/dsa-651.wml deleted file mode 100644 index 1c1dd045f65..00000000000 --- a/danish/security/2005/dsa-651.wml +++ /dev/null @@ -1,34 +0,0 @@ -bufferoverløb, heltalsoverløb - -

Flere sårbarheder er opdaget i Squid, cacheprogrammet til Internet-objekter, -den populære WWW-proxycache. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende sårbarheder:

- -
    - -
  • CAN-2005-0094 - -

    "infamous41md" har opdaget et bufferoverløb i fortolkeren af - Gopher-svar, hvilket kunne medføre hukommelsesødelæggelse og ville normalt - få Squid til at gå ned.

    - -
  • CAN-2005-0095 - -

    "infamous41md" har opdaget et heltalsoverløb i modtageren af - WCCP-meddelelser (Web Cache Communication Protocol). En angriber kunne - sende et særligt fremstillet UDP-datagram, som fik Squid til at gå ned.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.4.6-2woody5.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.5.7-4.

- -

Vi anbefaler at du opgraderer din squid-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-651.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-652.wml b/danish/security/2005/dsa-652.wml deleted file mode 100644 index fe4eda55ad3..00000000000 --- a/danish/security/2005/dsa-652.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i unarj, et ikke-frit værktøj til udpakning af -ARJ-filer. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende sårbarheder:

- -
    - -
  • CAN-2004-0947 - -

    Et bufferoverløb er opdaget i forbindelse med håndtering af lange - filnavne indeholdt i et arkiv. En angriber kunne fremstille et særligt - arkiv, der kunne få unarj til at gå ned eller muligvis udføre vilkårlig - kode når arkivet blev udpakket af et offer.

    - -
  • CAN-2004-1027 - -

    En genneløb af mapper-sårbarhed er opdaget, den gjorde det muligt for en - angriber at fremstille et sårligt arkiv, der når et offer udpakkede det, - kunne oprette filer i mappen på det overliggende niveau. Ved rekursiv - anvendelse kunne denne sårbarhed anvendes til at overskrive kritiske - systemfiler og -programmer.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.43-3woody1.

- -

I den ustabile distribution (sid) findes disse problemer ikke, da -unstable/non-free ikke indeholder unarj-pakken.

- -

Vi anbefaler at du opgraderer din unarj-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-652.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-653.wml b/danish/security/2005/dsa-653.wml deleted file mode 100644 index a0be57ab2a3..00000000000 --- a/danish/security/2005/dsa-653.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget ethereal X11-dissector, et udbredt program til -analysering af netværkstrafik. En fjernangriber kan måske få en buffer til at -løbe over ved hjælp af en særligt fremstillet IP-pakke. Flere problemer er -opdaget, men disse berører ikke versionen i woody, men er rettet i sid.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.9.4-1woody11.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.10.9-1.

- -

Vi anbefaler at du opgraderer din ethereal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-653.data" -#use wml::debian::translation-check translation="017420500dc1588aa0d09c3a08d310901ec0c8ba" mindelta="1" diff --git a/danish/security/2005/dsa-654.wml b/danish/security/2005/dsa-654.wml deleted file mode 100644 index 7a9f65f04db..00000000000 --- a/danish/security/2005/dsa-654.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Erik Sjölund har opdaget flere sikkerhedsrelaterede problemer i enscript, et -program til konvertering af ASCII-tekst til PostScript og andre formater. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -sårbarheder:

- -
    - -
  • CAN-2004-1184 - -

    Ukontrollerede inddata kan forårsage udførelse af vilkårlige kommandoer - via EPSF pipe-understøttelsen. Dette er slået fra, også hos opstrøm.

    • - -
  • CAN-2004-1185 - -

    På grund af manglende kontrol af filnavne, kunne et særligt fremstillet - filnavn måske forårsage at vilkårlige kommandoer kunne udføres.

    • - -
  • CAN-2004-1186 - -

    Flere bufferoverløb kunne få programmet til at gå ned.

    • - -
- -

Normalt kører enscript kun lokalt, men da det udføres fra viewcvs, kan nogle -af de ovenfor nævnte problemer let blive gjort til sårbarheder som en -fjernangriber kan udnytte.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.6.3-1.3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.6.4-6.

- -

Vi anbefaler at du opgraderer din enscript-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-654.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-655.wml b/danish/security/2005/dsa-655.wml deleted file mode 100644 index ebb4430213d..00000000000 --- a/danish/security/2005/dsa-655.wml +++ /dev/null @@ -1,17 +0,0 @@ -manglende frigivelse af rettigheder - -

Erik Sjölund har opdaget at zhcon, et CJK-konsolsystem som anvender Linux' -framebuffer, tilgår en brugerkontrolleret opsætningsfil med forøgede -rettigheder. Derfor var det muligt at læse vilkårlige filer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.2-4woody3.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din zhcon-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-655.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-656.wml b/danish/security/2005/dsa-656.wml deleted file mode 100644 index 6653eba448d..00000000000 --- a/danish/security/2005/dsa-656.wml +++ /dev/null @@ -1,18 +0,0 @@ -usikker filtilgang - -

Javier Fernández-Sanguino Peña fra Debians sikkerhedsauditteam har opdaget -at vdr-dæmomen, der anvendes til optage video på disk fra DVB-kort, kan -overskrive vilkårlige filer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.0.0-1woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.6-6.

- -

Vi anbefaler at du opgraderer din vdr-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-656.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-657.wml b/danish/security/2005/dsa-657.wml deleted file mode 100644 index 9f9a14a20b8..00000000000 --- a/danish/security/2005/dsa-657.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Et heapoverløb er opdaget i DVD subpicture-dekoderen i xine-lib. En -angriber kunne forårsage at vilkårlig kode blev udført på offerets værtsmaskine -ved at levere en ondsindet MPEG-fil. Ved at narre brugere til at kigge på en -ondsindet netværks-stream, kunne dette problem fjernudnyttes.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.9.8-2woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1-rc6a-1.

- -

Vi anbefaler at du opgraderer dine libxine-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-657.data" -#use wml::debian::translation-check translation="c1d96fdc4eb12f63f3a47e83a79d699908cf4bf1" mindelta="1" diff --git a/danish/security/2005/dsa-658.wml b/danish/security/2005/dsa-658.wml deleted file mode 100644 index 68f18a094f9..00000000000 --- a/danish/security/2005/dsa-658.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker midlertidig fil - -

Javier Fernández-Sanguino Peña fra Debians sikkerhedsauditprojekt har opdaget -at at DBI-biblioteket, databasegrænsefladen i Perl5, oprettede en midlertidig -PID-fil på en usikker måde. Dette kunne udnyttes af en ondsindet bruger til at -overskrive vilkårlige filer ejet af personen, der udførte koden fra -biblioteket.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.21-2woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.46-6.

- -

Vi anbefaler at du opgraderer din libdbi-perl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-658.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-659.wml b/danish/security/2005/dsa-659.wml deleted file mode 100644 index d8bf2b32ea6..00000000000 --- a/danish/security/2005/dsa-659.wml +++ /dev/null @@ -1,35 +0,0 @@ -informationslækage, heltalsunderløb - -

To problemer er opdaget i pakken libpam-radius-auth, PAM -RADIUS-autentifikationsmodulet. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CAN-2004-1340 - -

    Debian-pakken installerede fejlagtigt sin - /etc/pam_radius_auth.conf-opsætningsfil som skrivbar for alle. Den kunne - indeholde hemmeligheder, som alle lokale brugere havde mulighed for at læse - hvis administratoren ikke havde ændret på filrettighederne. Dette problem - vedrører kun Debian.

    - -
  • CAN-2005-0108 - -

    Leon Juranic har opdaget et heltalsunderløb i modulet mod_auth_radius - til Apache, samme problem findes i libpam-radius-auth.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.3.14-1.3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.3.16-3.

- -

Vi anbefaler at du opgraderer din libpam-radius-auth-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-659.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-660.wml b/danish/security/2005/dsa-660.wml deleted file mode 100644 index 0484f7c1070..00000000000 --- a/danish/security/2005/dsa-660.wml +++ /dev/null @@ -1,18 +0,0 @@ -manglende kontrol af returværdi - -

Raphaël Enrici har opdaget at KDE's screensaver kan gå ned under visse lokale -omstændigheder. Dette kunne udnyttes af en angriber med fysisk adgang til -maskinen, til at få kontrol over desktop-sessionen.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.2.2-14.9.

- -

Dette problem er rettet upstream i KDE 3.0.5 og er derfor allerede rettet i -distributionerne unstable (sid) og testing (sarge).

- -

Vi anbefaler at du opgraderer din kscreensaver-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-660.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-661.wml b/danish/security/2005/dsa-661.wml deleted file mode 100644 index 227c7962ef0..00000000000 --- a/danish/security/2005/dsa-661.wml +++ /dev/null @@ -1,35 +0,0 @@ -usikre midlertidige filer - -

Dan McMahill har opdaget at væres bulletin DSA 661-1 ikke rettede problemer -med flere usikre filer, derfor denne opdatering. For fuldstændighedens skyld -følger herunder den oprindelige tekst fra bulletinen:

- -
-

Javier Fernández-Sanguino Peña fra Debians sikkerhedsauditprojekt har opdaget -at f2c og fc, der begge befinder sig i pakken f2c, en fortran 77 til -C/C++-oversætter, åbner midlertidige filer på en usikker måde, og derfor er -sårbare overfor et symlink-angreb. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CAN-2005-0017 - -

    Flere tilfælde af usikre midlertidige filer i f2c-oversætteren.

    - -
  • CAN-2005-0018 - -

    To tilfælde af usikre midlertidige filer i shellskriptet f2.

    - -
-
- -

I den stabile distribution (woody) og alle andre, deriblandt testing, er -dette problem rettet i version 20010821-3.2.

- -

Vi anbefaler at du opgraderer din f2c-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-661.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-662.wml b/danish/security/2005/dsa-662.wml deleted file mode 100644 index 16ed8259380..00000000000 --- a/danish/security/2005/dsa-662.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Andrew Archibald har opdaget at den seneste opdatering af squirrelmail, hvis -formål var at rette flere problemer, forårsagede en regression, der blev -afsløret, når brugeren oplevede en sessionstimeout. For fuldstændighedens -skyld følger teksten fra den oprindelige bulletin herunder:

- -
-

Flere sårbarheder er opdaget i Squirrelmail, et udbredt webmailsystem. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CAN-2005-0104 - -

    Opstrømsudviklerne har opdaget at en ukontrolleret variabel kunne føre - til en sårbarhed i forbindelse med udførelse af skripter på tværs af - servere.

    - -
  • CAN-2005-0152 - -

    Grant Hollingworth har opdaget, at under visse omstændigheder kunne - URL-manipulering føre til udførelse af vilkårlig kode med www-datas - rettigheder. Dette problem findes kun i version 1.2.6 af Squirrelmail.

    - -
-
- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.2.6-3.

- -

I den ustabile distribution (sid) er problemet der påvirker unstable rettet -i version 1.4.4-1.

- -

Vi anbefaler at du opgraderer din squirrelmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-662.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-663.wml b/danish/security/2005/dsa-663.wml deleted file mode 100644 index 9678eb2795a..00000000000 --- a/danish/security/2005/dsa-663.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Flere bufferoverløb er opdaget i prozilla, en flertrådet downloadaccelerator. -Bufferoverløbene kunne udnyttes af en fjernangriber til at udføre vilkårlig -kode på offerets maskine. En udnyttelse er allerede i omløb.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.3.6-3woody1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.3.7.3-1.

- -

Vi anbefaler at du opgraderer din prozilla-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-663.data" -#use wml::debian::translation-check translation="4c5f526748e99fac0cb0b5df07ccd4a52636a142" mindelta="1" diff --git a/danish/security/2005/dsa-664.wml b/danish/security/2005/dsa-664.wml deleted file mode 100644 index 623ad6758dc..00000000000 --- a/danish/security/2005/dsa-664.wml +++ /dev/null @@ -1,18 +0,0 @@ -ødelagte filrettigheder - -

Man har opdaget at cpio, et program til håndtering af filarkiver, oprettede -uddatafiler med -O og -F med ødelagte rettigheder på grund af en nulstillet -nul-umask, hvilket gjorde det muligt for lokale brugere at læse eller overskrive -disse filer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.4.2-39woody1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din cpio-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-664.data" -#use wml::debian::translation-check translation="f6433c2bdc4126f72de7398f3aa925f1c08b6b08" mindelta="1" diff --git a/danish/security/2005/dsa-665.wml b/danish/security/2005/dsa-665.wml deleted file mode 100644 index a811682a864..00000000000 --- a/danish/security/2005/dsa-665.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende frigivelse af rettigheder - -

Erik Sjölund har opdaget flere fejl i ncpfs, som leverer værktøjer der -anvendes til at tilgå ressourcer på NetWare-servere. Mindst en af fejlene -gælder også Debians stabile distribution. Ved tilgang med root-rettigheder, -uden yderligere kontroller, til en opsætningsfil, var det muligt at læse -vilkårlige filer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.2.0.18-10woody2.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din ncpfs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-665.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-666.wml b/danish/security/2005/dsa-666.wml deleted file mode 100644 index 214a5a5f60e..00000000000 --- a/danish/security/2005/dsa-666.wml +++ /dev/null @@ -1,44 +0,0 @@ -designfejl - -

Pythons udviklerteam har opdaget en fejl i deres sprogpakke. -Biblioteksmodulet SimpleXMLRPCServer kunne gøre det muligt for fjernangribere at -få utilsigtet adgang til det registrerede objekts eller moduls indre, eller -måske andre moduler. Fejlen påvirker kun Python XML-RPC-servere som anvender -metoden register_instance() til at registrere et objekt uden metoden -_dispatch(). Servere der kun anvender register_function() er ikke påvirket.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.2.1-4.7. Ingen andre versioner af Python i woody er påvirket.

- -

For distributionerne testing (sarge) og unstable (sid), forklarer følgende -matriks hvilke versioner der indeholder rettelsen:

- - - - - - - - - - - - - - - - - - - - - - -
 testingunstable
Python 2.22.2.3-142.2.3-14
Python 2.32.3.4-202.3.4+2.3.5c1-2
Python 2.42.4-52.4-5
- -

Vi anbefaler at du opgraderer dine Python-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-666.data" -#use wml::debian::translation-check translation="c2ca9c8b1a94fece13aed04eb31349c4b5156808" mindelta="1" diff --git a/danish/security/2005/dsa-667.wml b/danish/security/2005/dsa-667.wml deleted file mode 100644 index 919d58336ec..00000000000 --- a/danish/security/2005/dsa-667.wml +++ /dev/null @@ -1,46 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i Squid, cache-programmet til Internet-objekter -og den populære WWW-proxycache. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende sårbarheder:

- -
    - -
  • CAN-2005-0173 - -

    LDAP er meget eftergivende med hensyn til mellemrum i søgefiltre, og det - kunne udnyttes til logge på ved hjælp af flere variationer af login-navnet, - og dermed muligvis omgå eksplicitte adgangskontroller eller forvirre - kontoadministrationen.

    - -
  • CAN-2005-0175 - -

    Man har opdaget cache-forurening/forgiftning via opsplittede - HTTP-svar..

    - -
  • CAN-2005-0194 - -

    Adgangskontrollernes betydning bliver noget forvirrende, hvis en eller - flere af de refererede ACL'er (adgangskontrollister) er tomme, uden nogen - medlemmer.

    - -
  • CAN-2005-0211 - -

    Længdeargumentet i WCCP recvfrom()-kaldet er større end det bør være. - En angriber kunne sende WCCP-pakke, der er større end normalt, hvilket - kunne få en buffer til at løbe over.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.4.6-2woody6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.5.7-7.

- -

Vi anbefaler at du opgraderer din squid-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-667.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-668.wml b/danish/security/2005/dsa-668.wml deleted file mode 100644 index 7bef639d83c..00000000000 --- a/danish/security/2005/dsa-668.wml +++ /dev/null @@ -1,18 +0,0 @@ -rettighedsforøgelse - -

John Heasman og andre har opdaget en fejl i PostgreSQL-enginen, hvilket -gjorde det muligt for enhver bruger at indlæse et vilkårligt lokalt bibliotek -ind i den.

- -

I den stabile distribution (woody) er dette problem rettet i -version 7.2.1-2woody7.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 7.4.7-1.

- -

Vi anbefaler at du opgraderer dine postgresql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-668.data" -#use wml::debian::translation-check translation="b2197ad353421851cec5d86d487ffaa564ca10dd" mindelta="1" diff --git a/danish/security/2005/dsa-669.wml b/danish/security/2005/dsa-669.wml deleted file mode 100644 index 53022ce0b46..00000000000 --- a/danish/security/2005/dsa-669.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

To sårbarheder er opdaget i php4, og de gælder også versionen af php3 i den -stabile Debian-distribution. Projektet Common Vulnerabilities and Exposures -har fundet frem tilfølgende problemer:

- -
    - -
  • CAN-2004-0594 - -

    Funktionaliteten memory_limit gør det muligt for fjernangribere at - udføre vilkårlig kode under visse omstændigheder.

    - -
  • CAN-2004-0595 - -

    Funktionen strip_tags bortfiltrerer ikke null-tegn (\0) fra tag-navne - når inddata til tilladte tags begrænses, hvilket muliggjorde at farlige - tags blev behandlet af nogle webbrowsere, hvilket igen kunne føre til - sårbarheder i forbindelse med udførelse af skripter på tværs af websteder - (XSS).

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 3.0.18-23.1woody2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.0.18-27.

- -

Vi anbefaler at du opgraderer dine php3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-669.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-670.wml b/danish/security/2005/dsa-670.wml deleted file mode 100644 index e3871776ac2..00000000000 --- a/danish/security/2005/dsa-670.wml +++ /dev/null @@ -1,19 +0,0 @@ -formatstreng - -

Max Vozeler har opdaget flere formatstrengssårbarheder i det velkendte -tekstredigeringsprogram Emacs' movemail-værktøj. Ved at forbinde sig til en -ondsindet POP-server, en angriber kunne udføre vilkårlig kode med rettighederne -hørende til gruppen mail.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 20.7-13.3.

- -

Den ustabile distribution (sid) indeholder ikke længere en -Emacs20-pakke.

- -

Vi anbefaler at du opgraderer dine emacs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-670.data" -#use wml::debian::translation-check translation="25597be608a98e04bdb2540333d2f669e814e84f" mindelta="1" diff --git a/danish/security/2005/dsa-671.wml b/danish/security/2005/dsa-671.wml deleted file mode 100644 index c3defd30c86..00000000000 --- a/danish/security/2005/dsa-671.wml +++ /dev/null @@ -1,19 +0,0 @@ -formatstreng - -

Max Vozeler har opdaget flere formatstrengssårbarheder i det velkendte -tekstredigeringsprogram Emacs' movemail-værktøj. Ved at forbinde sig til en -ondsindet POP-server, en angriber kunne udføre vilkårlig kode med rettighederne -hørende til gruppen mail.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 21.4.6-8woody2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 21.4.16-2.

- -

Vi anbefaler at du opgraderer dine emacs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-671.data" -#use wml::debian::translation-check translation="b5a1b13495daac93cd52ef496959816e4bf86cdb" mindelta="1" diff --git a/danish/security/2005/dsa-672.wml b/danish/security/2005/dsa-672.wml deleted file mode 100644 index 7a2ab8e55e9..00000000000 --- a/danish/security/2005/dsa-672.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Erik Sjölund har opdaget at programmer der er linket mod xview er sårbare -overfor et antal bufferoverløb i biblioteket XView. Når overløbet blev udløst -i et program, der er installeret setuid root, kunne en ondsindet bruger -muligvis udføre vilkårlig kode som en priviligeret bruger.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 3.2p1.4-16woody2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.2p1.4-19.

- -

Vi anbefaler at du opgraderer dine xview-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-672.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-673.wml b/danish/security/2005/dsa-673.wml deleted file mode 100644 index ee2d0ea10be..00000000000 --- a/danish/security/2005/dsa-673.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

Max Vozeler har opdaget et heltalsoverløb i et hjælpe-program i Evolution, -der er en frit tilgængelig samling af groupware-programmer. En lokal angriber -kunne forårsage at setuid root-hjælpeprogrammet udførte vilkårlig kode med -forøgede rettigheder.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.0.5-1woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.3-1.2.

- -

Vi anbefaler at du opgraderer din evolution-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-673.data" -#use wml::debian::translation-check translation="5d19754129fa25321fad316595d534d5ad132da9" mindelta="1" diff --git a/danish/security/2005/dsa-674.wml b/danish/security/2005/dsa-674.wml deleted file mode 100644 index c364fc98d94..00000000000 --- a/danish/security/2005/dsa-674.wml +++ /dev/null @@ -1,48 +0,0 @@ -udførelse af skript på tværs af websteder, mappegennemgang - -

På grund af en inkompatibilitet mellem Python 1.5 og 2.1, kørte den sidste -opdatering af mailman ikke længere med Python 1.5. Problem er rettet i denne -opdatering. Denne bulletin opdaterer kun de pakker, der blev opdateret i -DSA 674-2. Versionen i den ustabile distribution er ikke påvirket, da den ikke -længere skal kunne fungere med Python 1.5. For fuldstændighedens skyld følger -den oprindelige tekst herunder:

- -
-

To sikkerhedsrelaterede problemer er opdaget i mailman, det webbaserede -GNUs program til postlistehåndtering. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CAN-2004-1177 - -

    Florian Weimer har opdaget en sårbarhed i forbindelse med udførelse af - skripter på tværs af websteder i mailmans automatisk genererede - fejlmeddelelser. En angriber kunne fremstille en URL indeholdende - JavaScript (eller andet indhold indlejret i HTML), hvilket udløste en af - mailmans fejlsider, der indeholdt den ondsindede kode.

    - -
  • CAN-2005-0202 - -

    Flere listmastere har opdaget uautoriseret adgang til private listers - arkiver og listeopsætningen selv, deriblandt brugernes adgangskoder. - Administratorer opfordres til at kigge i webserverens logfiler efter - forespørgsler indeholdende "/...../" og stien til arkivet eller - opsætningen. Det lader kun til at påvirke installationer, der kører på - webservere der ikke fjerner skråstreger, eksempelvis Apache 1.3.

    - -
-
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.0.11-1woody11.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.1.5-6.

- -

Vi anbefaler at du opgraderer din mailman-pakke.

- - -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-674.data" diff --git a/danish/security/2005/dsa-675.wml b/danish/security/2005/dsa-675.wml deleted file mode 100644 index 9cd418c42d2..00000000000 --- a/danish/security/2005/dsa-675.wml +++ /dev/null @@ -1,18 +0,0 @@ -rettighedsforøgelse - -

Erik Sjölund har opdaget at hztty, et konverteringsprogram til kinesiske GB-, -Big5- og zW/HZ-tegnindkapslinger i en tty-session, kan sættes til at udføre -vilkårlige kommandoer med rettighederne hørende til gruppen utmp.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.0-5.2woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0-6.1.

- -

Vi anbefaler at du opgraderer din hztty-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-675.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-676.wml b/danish/security/2005/dsa-676.wml deleted file mode 100644 index aaf088d7238..00000000000 --- a/danish/security/2005/dsa-676.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Erik Sjölund har opdaget et bufferoverløb i pcdsvgaview, et SVGA-program til -visning af PhotoCD'er. xpcd-svga er en del af xpcd og anvender svgalib til -visning af grafik i Linux-konsollen, hvilket kræver root-rettigheder. En -ondsindet bruger kunne få en fastlængde-buffer til at løbe over, hvilket måske -kunne få programmet til at udføre vilkårlig kode med forøgede rettigheder.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.08-8woody3.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du omgående opgraderer din xpcd-svga-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-676.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-677.wml b/danish/security/2005/dsa-677.wml deleted file mode 100644 index 6c02e0784b9..00000000000 --- a/danish/security/2005/dsa-677.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Erik Sjölund har opdaget at et supportskript til sympa, et program til -håndtering af postlister, kører setuid sympa og er sårbar overfor et -bufferoverløb. Dette kunne potentielt gøre det muligt at udføre vilkårlig kode -under brugerid'en sympa.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.3.3-3woody2.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din sympa-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-677.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-678.wml b/danish/security/2005/dsa-678.wml deleted file mode 100644 index f9272f23f11..00000000000 --- a/danish/security/2005/dsa-678.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

"Vlad902" har opdaget en sårbarhed i rwhod-programmet. Sårbarheden kan -anvendes til at få det lyttende proces til at gå ned, mens den sendende -(broadcasting) proces ikke er påvirket. Sårbarheden gælder kun -lille-endian-arkitekturer (dvs. på Debian: alpha, arm, ia64, i386, mipsel, -og s390).

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.17-4woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.17-8.

- -

Vi anbefaler at du opgraderer din rwhod-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-678.data" -#use wml::debian::translation-check translation="395aecc76a4691377e9261146a3d3eafd5f93d7d" mindelta="1" diff --git a/danish/security/2005/dsa-679.wml b/danish/security/2005/dsa-679.wml deleted file mode 100644 index d7f200541f1..00000000000 --- a/danish/security/2005/dsa-679.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikre midlertidige filer - -

Sean Finney har opdaget flere anvendelser af usikre midlertidige filer i -toolchain-source, kildekode og skripter til GNU binutils GCC. Disse fejl kunne -gøre det muligt for en lokal angriber med minimalt kendskab, at narre -administratoren til at overskrive vilkårlige filer via et symlink-angreb. -Problemerne findes i de Debian-specifikke tpkg-*-skripter.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 3.0.4-1woody1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.4-5.

- -

Vi anbefaler at du opgraderer din toolchain-source-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-679.data" -#use wml::debian::translation-check translation="cfc595d67549fac493c71faa24d814c801de745d" mindelta="1" diff --git a/danish/security/2005/dsa-680.wml b/danish/security/2005/dsa-680.wml deleted file mode 100644 index d166098d311..00000000000 --- a/danish/security/2005/dsa-680.wml +++ /dev/null @@ -1,17 +0,0 @@ -ukontrollerede inddata - -

Michael Krax har en sårbarhed i forbindelse med udførelse af skripter på -tværs af servere i ht://dig, et websøgesystem til intranet og små websteder.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.1.6-3woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.1.6-11.

- -

Vi anbefaler at du opgraderer din htdig-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-680.data" -#use wml::debian::translation-check translation="ba9e252891916576643ba6f9c19f3dd78403743a" mindelta="1" diff --git a/danish/security/2005/dsa-681.wml b/danish/security/2005/dsa-681.wml deleted file mode 100644 index 307255d9b52..00000000000 --- a/danish/security/2005/dsa-681.wml +++ /dev/null @@ -1,19 +0,0 @@ -rettighedsforøgelse - -

Erik Sjölund og Devin Carraway har opdaget at synaesthesia, et program til -visuel præsentation af lyde, tilgår brugerkontrollerede opsætnings- og -mixerfiler med forøgede rettigheder. Dermed var det muligt at læse vilkårlige -filer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.1-2.1woody3.

- -

Problemet findes ikke i distributionerne testing (sarge) og unstable (sid), -da synaesthesia ikke længere installeres setuid root.

- -

Vi anbefaler at du opgraderer din synaesthesia-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-681.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-682.wml b/danish/security/2005/dsa-682.wml deleted file mode 100644 index b045e436e17..00000000000 --- a/danish/security/2005/dsa-682.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

Ud over \ -CAN-2005-0116 er der fundet flere sårbarheder i awstats, et omfattede -program til analysering af webserveres logfiler, med en CGI-frontend. Manglende -kontrol af inddata kunne gøre det muligt at udføre vilkårlige kommandoer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 4.0-0.woody.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.2-1.2.

- -

Vi anbefaler at du opgraderer din awstats-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-682.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-683.wml b/danish/security/2005/dsa-683.wml deleted file mode 100644 index 156ac1f0504..00000000000 --- a/danish/security/2005/dsa-683.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Flere bufferoverløb er opdaget i PL/PgSQL, som er del af PostgreSQL-motoren. -Bufferoverløbene kunne gøre det muligt at udføre vilkårlig kode.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 7.2.1-2woody8.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 7.4.7-2.

- -

Vi anbefaler at du opgraderer dine postgresql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-683.data" -#use wml::debian::translation-check translation="e9a10f3144c2016c5008676fd15cb7e5da999371" mindelta="1" diff --git a/danish/security/2005/dsa-684.wml b/danish/security/2005/dsa-684.wml deleted file mode 100644 index e30c1e21304..00000000000 --- a/danish/security/2005/dsa-684.wml +++ /dev/null @@ -1,17 +0,0 @@ -formatstreng - -

Ulf Härnhammar fra Debians sikkerhedsauditprojekt har opdaget et problem i -typespeed, et træningsprogram i maskinskrivning forklædt som et spil. Problemet -kunne medføre at en lokal angriber udførte vilkårlig kode som gruppen games.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.4.1-2.3.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din typespeed-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-684.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-685.wml b/danish/security/2005/dsa-685.wml deleted file mode 100644 index c0c084bc2d3..00000000000 --- a/danish/security/2005/dsa-685.wml +++ /dev/null @@ -1,18 +0,0 @@ -formatstreng - -

Max Vozeler har opdaget flere formatstrengssårbarheder i den velkendte editor -Emacs movemail-værktøj. Ved at forbinde sig til en ondsindet POP-server, kunne -en angriber udføre vilkårlig kode med rettighederne hørende til gruppen mail.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 21.2-1woody3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 21.3+1-9.

- -

Vi anbefaler at du opgraderer dine emacs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-685.data" -#use wml::debian::translation-check translation="21859435272023ba638144074b431ecd9ce08193" mindelta="1" diff --git a/danish/security/2005/dsa-686.wml b/danish/security/2005/dsa-686.wml deleted file mode 100644 index eb376797aed..00000000000 --- a/danish/security/2005/dsa-686.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Albert Puigsech Galicia har opdaget en mappegennemløbssårbarhed i en -proprietær ftp-klient (\ -CAN-2004-1376). Samme sårbarhed findes i gftp, en GTK+ ftp-klient. En -ondsindet server kunne levevere et særligt fremstillet filnavn, der kunne gøre -det muligt enten at overskrive vilkårlige filer eller få klienten til at oprette -filer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.0.11-1woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.18-1.

- -

Vi anbefaler at du opgraderer din gftp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-686.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-687.wml b/danish/security/2005/dsa-687.wml deleted file mode 100644 index 69c14a707c1..00000000000 --- a/danish/security/2005/dsa-687.wml +++ /dev/null @@ -1,20 +0,0 @@ -formatstreng - -

Ulf Härnhammar fra Debians sikkerhedsauditprojekt har opdaget en -formatstrengssårbarhed i bidwatcher, et værktøj der anvendes til at overvåge og -byde på eBay-auktioner. Problemet kan fjernudløses med en af eBays webservere -eller af nogen der giver sig ud for at være eBay, som sender bestemte data -retur. Fra og med version 1.3.17 anvender programmet cURL og er ikke længere -sårbart.

- -

I den stabile distribution (woody) er dette problem rettet i version -1.3.3-1woody1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din bidwatcher-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-687.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-688.wml b/danish/security/2005/dsa-688.wml deleted file mode 100644 index a6d27ad792a..00000000000 --- a/danish/security/2005/dsa-688.wml +++ /dev/null @@ -1,18 +0,0 @@ -manglende kontrol af inddata - -

Opstrømsudviklerne har opdaget flere problemer i squid, cache-programmet til -Internet-objekter og den populære WWW-proxycache. En fjernangriber kunne få -squid til at gå ned ved hjælp af visse DNS-svar.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.4.6-2woody7.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.5.8-3.

- -

Vi anbefaler at du opgraderer din squid-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-688.data" -#use wml::debian::translation-check translation="88b45c37ca81e6a2fd893a9db4f87924c18c229a" mindelta="1" diff --git a/danish/security/2005/dsa-689.wml b/danish/security/2005/dsa-689.wml deleted file mode 100644 index 857da35060f..00000000000 --- a/danish/security/2005/dsa-689.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Graham Dumpleton har opdaget en fejl som kan påvirke alle, der bruger -"publisher handle'n i Apache Software Foundations mod_python. Publisher -handle'n gør det muligt at udgive objekter inde i moduler, for at gøre det -muligt at kalde dem via en URL. Fejlen gør det muligt for en omhyggeligt -fremstillet URL at få adgang til oplysninger, der ikke skulle være synlige -(informationslækage).

- -

I den stabile distribution (woody) er dette problem rettet i version -2.7.8-0.0woody5.

- -

I den ustabile distribution (sid) er dette problem rettet i version 2.7.10-4 -af libapache-mod-python og i version 3.1.3-3 af libapache2-mod-python.

- -

Vi anbefaler at du opgraderer din libapache-mod-python-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-689.data" -#use wml::debian::translation-check translation="2c9f8dd32462c863f89af7c5c71f6b3790608994" mindelta="1" diff --git a/danish/security/2005/dsa-690.wml b/danish/security/2005/dsa-690.wml deleted file mode 100644 index 8c7bffa478a..00000000000 --- a/danish/security/2005/dsa-690.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

Bastian Blank har opdaget en sårbarhed i bsmtpd, et program til -SMTP-batchudsendelse af mail til brug med sendmail og postfix. Adresser der -ikke var kontrolleret, kunne gøre det muligt at udføre vilkårlige kommandoer -under hvad der lod til at være en postleverance.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.3pl8b-12woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.3pl8b-16.

- -

Vi anbefaler at du opgraderer din bsmtpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-690.data" -#use wml::debian::translation-check translation="b46e30af0bfe747fa5c3f362164f44aa706edc68" mindelta="1" diff --git a/danish/security/2005/dsa-691.wml b/danish/security/2005/dsa-691.wml deleted file mode 100644 index 7c1b1e9c1e8..00000000000 --- a/danish/security/2005/dsa-691.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i abuse, SDL-tilpasningen af actionspillet -Abuse. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • \ -CAN-2005-0098 - -

    Erik Sjölund har opdaget flere bufferoverløb i håndteringen af - kommandolinjen, hvilket kunne medføre udførelse af vilkårlig kode med - forøgede rettigheder, da programmet var installeret setuid root.

    - -
  • \ -CAN-2005-0099 - -

    Steve Kemp har opdaget at abuse opretter nogle filer uden først at smide - sine rettigheder væk, hvilket kunne føre til oprettelse og overskrivelse af - vilkårlige filer.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.00+-3woody4.

- -

Den ustabile distribution (sid) indeholder ikke længere en abuse-pakke.

- -

Vi anbefaler at du opgraderer din abuse-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-691.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-692.wml b/danish/security/2005/dsa-692.wml deleted file mode 100644 index 726c51fff79..00000000000 --- a/danish/security/2005/dsa-692.wml +++ /dev/null @@ -1,19 +0,0 @@ -designfejl - -

KDE-teamet rettede i 2002 en fejl i kppp, som iDEFENCE nu har opdaget kan -udnyttes. Ved at åbne et passende stort antal fil-descriptorer før kppp - der -er installeret setuid root - udføres, kunne en lokal angriber overtage de -priviligerede fil-descriptorer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.2.2-14.7.

- -

Distributionerne testing (sarge) og unstable (sid) er ikke påvirket, da KDE -3.2 allerede indeholdt rettelsen.

- -

Vi anbefaler at du opgraderer din kppp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-692.data" -#use wml::debian::translation-check translation="47ce9de5c21bf467950c0870b40e0e33a5ef5327" mindelta="1" diff --git a/danish/security/2005/dsa-693.wml b/danish/security/2005/dsa-693.wml deleted file mode 100644 index aacfed542a5..00000000000 --- a/danish/security/2005/dsa-693.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Kevin Finisterre har opdaget et bufferoverløb i luxman, en SVGA-baseret -PacMan-klon. Sårbarheden kunne gøre det muligt at udføre vilkårlige kommandoer -som root.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.41-17.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.41-20.

- -

Vi anbefaler at du opgraderer din luxman-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-693.data" -#use wml::debian::translation-check translation="bfe36bb70fd1c63439725965e0ca3dd4a299dd2a" mindelta="1" diff --git a/danish/security/2005/dsa-694.wml b/danish/security/2005/dsa-694.wml deleted file mode 100644 index e173e171bf7..00000000000 --- a/danish/security/2005/dsa-694.wml +++ /dev/null @@ -1,33 +0,0 @@ -manglende kontrol af inddata, heltalsoverløb - -

Flere sårbarheder har opdaget i xloadimage, et billedvisningsprogram til X11. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CAN-2005-0638 - -

    Tavis Ormandy fra Gentoo Linux Security Audit Team har rapporteret en - fejl i håndteringen af komprimerede billeder, hvor skallens meta-tegn er - blev tilstrækkeligt indkapslet.

    • - -
  • CAN-2005-0639 - -

    Utilstrækkelig validering af billedegenskaber er opdaget, det kunne - potentielt medføre fejl i bufferhåndteringen.

    • - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 4.1-10woody1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.1-14.2.

- -

Vi anbefaler at du opgraderer din xloadimage-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-694.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-695.wml b/danish/security/2005/dsa-695.wml deleted file mode 100644 index c80fd9e1a44..00000000000 --- a/danish/security/2005/dsa-695.wml +++ /dev/null @@ -1,39 +0,0 @@ -bufferoverløb, inddata kontrol, heltalsoverløb - -

Flere sårbarheder har opdaget i xli, et billedvisningsprogram til X11. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CAN-2001-0775 - -

    Et bufferoverløb i dekoderen til billeder i FACES-formatet, kunne - udnyttes af en angriber til at udføre vilkårlig kode. Problemet er allerede - rettet i xloadimage i DSA 069.

    - -
  • CAN-2005-0638 - -

    Tavis Ormandy fra Gentoo Linux Security Audit Team har rapporteret en - fejl i håndteringen af komprimerede billeder, hvor skallens meta-tegn er - blev tilstrækkeligt indkapslet.

    • - -
  • CAN-2005-0639 - -

    Utilstrækkelig validering af billedegenskaber er opdaget, det kunne - potentielt medføre fejl i bufferhåndteringen.

    • - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.17.0-11woody1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.17.0-18.

- -

Vi anbefaler at du opgraderer din xli-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-695.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-696.wml b/danish/security/2005/dsa-696.wml deleted file mode 100644 index 751a37b6471..00000000000 --- a/danish/security/2005/dsa-696.wml +++ /dev/null @@ -1,20 +0,0 @@ -designfejl - -

Paul Szabo har opdaget en sårbarhed mere i funktionen File::Path::rmtree -i Perl, det populære skriptsprog. Når en proces slettede et mappetræ, kunne -en anden bruger udnytte en "race condition" til at oprette binære setuid-filer -i det pågældende mappetræ, forudsat at brugeren allerede havde skriveadgang til -en vilkårlig undermappe i det træ.

- -

I den stabile distribution (woody) er dette problem rettet i -version 5.6.1-8.9.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 5.8.4-8.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-696.data" -#use wml::debian::translation-check translation="211ba76dadb8608aa2057e8b5e3f3dfbf1786aa6" mindelta="1" diff --git a/danish/security/2005/dsa-697.wml b/danish/security/2005/dsa-697.wml deleted file mode 100644 index c8264ccda33..00000000000 --- a/danish/security/2005/dsa-697.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Gaël Delalleau har opdaget et bufferoverløb i håndteringen af -LINEMODE-undervalgmulighederne i telnet-klienter. Dette kunne føre til -udførelse af vilkårlig kode, når man var forbundet til en ondsindet server.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.17-18woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.17-28.

- -

Vi anbefaler at du opgraderer din telnet-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-697.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-698.wml b/danish/security/2005/dsa-698.wml deleted file mode 100644 index 7a84c0a01ce..00000000000 --- a/danish/security/2005/dsa-698.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Andrew V. Samoilov har opdaget et bufferoverløb som ikke er rettet i mc, -midnight commander, et program til visning og håndtering af filer. Denne -opdatering retter også en regression fra DSA -497.

- -

I den stabile distribution (woody) er dette problem rettet i -version 4.5.55-1.2woody6.

- -

I den ustabile distribution (sid) er problemet allerede rettet.

- -

Vi anbefaler at du opgraderer dine mc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-698.data" -#use wml::debian::translation-check translation="2b7b5be18ec7b5398a5e3e3afd9904f760afa107" mindelta="1" diff --git a/danish/security/2005/dsa-699.wml b/danish/security/2005/dsa-699.wml deleted file mode 100644 index 3ac19a681cb..00000000000 --- a/danish/security/2005/dsa-699.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Gaël Delalleau har opdaget et bufferoverløb i håndteringen af -LINEMODE-undervalgmulighederne i telnet-klienter. Dette kunne føre til -udførelse af vilkårlig kode, når man var forbundet til en ondsindet server.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.17.17+0.1-2woody4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.17.24+0.1-8.

- -

Vi anbefaler at du opgraderer din telnet-ssl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-699.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-700.wml b/danish/security/2005/dsa-700.wml deleted file mode 100644 index 64154827d75..00000000000 --- a/danish/security/2005/dsa-700.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Ulf Härnhammar fra Debians sikkerhedsauditprojekt har opdaget en sårbarhed -i forbindelse med udførelse af skripter på tværs af webstedet i mailreader, et -simpelt, men ydedygtigt WWW-baseret postlæsningssystem. Sårbarheden optræder -ved visning af meddelelser indeholdende MIME-typerne text/enriched eller -text/richtext.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.3.29-5woody2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.3.29-11.

- -

Vi anbefaler at du opgraderer din mailreader-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-700.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-701.wml b/danish/security/2005/dsa-701.wml deleted file mode 100644 index 849de87e131..00000000000 --- a/danish/security/2005/dsa-701.wml +++ /dev/null @@ -1,29 +0,0 @@ -heltalsoverløbs - -

Man har opdaget at den seneste sikkerhedsopdatering af Samba, en -LanManager-lignende fil- og printerserver til GNU/Linux, fik dæmonen til at gå -ned ved genindlæsning. Dette er rettet. Til reference er herunder teksten fra -den oprindelige bulletin:

- -
-

Greg MacManus har opdaget et heltalsoverløb i smb-dæmonen i Samba, en -LanManager-lignende fil- og printerserver til GNU/Linux og Unix-lignende -systemer. Efterspørgsel af et meget stort antal adgangskontrol-descriptorer -fra en server, kunne udnytte heltalsoverløb, der kunne medføre et -bufferoverløb, der igen kunne gøre det muligt at udføre vilkårlig kode med -root-rettigheder. Opstrømsudviklerne har opdaget flere mulige heltalsoverløb, -som også rettes med denne opdatering.

-
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.2.3a-15.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.0.10-1.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-701.data" -#use wml::debian::translation-check translation="d4f996b3a39d3128b43a58d08d1e171650e895d7" mindelta="1" diff --git a/danish/security/2005/dsa-702.wml b/danish/security/2005/dsa-702.wml deleted file mode 100644 index f2614a20f39..00000000000 --- a/danish/security/2005/dsa-702.wml +++ /dev/null @@ -1,46 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i ImageMagick, en udbredt bibliotek til -billedbehandling. Problemerne kan udnyttes vha. et omhyggeligt fremstillet -billede. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CAN-2005-0397 - -

    Tavis Ormandy har opdaget en formatstrengssårbarhed i koden til - håndtering af filnavne, hvilket gjorde det muligt for en fjernangriber at - forårsage et lammelsesangreb og muligvis udføre vilkårlig kode.

    - -
  • CAN-2005-0759 - -

    Andrei Nigmatulin har opdaget et lammelsesangreb der kan forårsages af et - ugyldigt tag i et TIFF-billede.

    - -
  • CAN-2005-0760 - -

    Andrei Nigmatulin har opdaget af TIFF-dekoderen er sårbar overfor at - tilgå hukommelse udenfor grænserne, hvilket fører til en - segmenteringsfejl.

    - -
  • CAN-2005-0762 - -

    Andrei Nigmatulin har opdaget et bufferoverløb i SGI-fortolkeren, hvilket - gør det muligt for en fjernangriber at udføre vilkårlig kode via en særligt - fremstillet SGI-billedfil.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 5.4.4.5-1woody6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 6.0.6.2-2.2.

- -

Vi anbefaler at du opgraderer din imagemagick-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-702.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-703.wml b/danish/security/2005/dsa-703.wml deleted file mode 100644 index 20a0a9c063f..00000000000 --- a/danish/security/2005/dsa-703.wml +++ /dev/null @@ -1,34 +0,0 @@ -bufferoverløb - -

Flere problemer er opdaget i telnet-klienter, problemerne kunne udnyttes af -ondsindede dæmoner som klienterne forbinder sig til. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-0468 - -

    Gaël Delalleau har opdaget et bufferoverløb i funktionen env_opt_add(), - der gør det muligt for en fjernangriber at udføre vilkårlig kode.

    - -
  • CAN-2005-0469 - -

    Gaël Delalleau har opdaget et bufferoverløb i håndteringen af - LINEMODE-undervalgmulighederne i telnet-klienter. Dette kunne føre til - udførelse af vilkårlig kode, når man var forbundet til en ondsindet - server.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.2.4-5woody8.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.3.6-1.

- -

Vi anbefaler at du opgraderer din krb5-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-703.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-704.wml b/danish/security/2005/dsa-704.wml deleted file mode 100644 index 99cb97b8149..00000000000 --- a/danish/security/2005/dsa-704.wml +++ /dev/null @@ -1,34 +0,0 @@ -midlertidig fil, manglende kontrol af inddata - -

Jens Steube har opdaget flere sårbarheder i remstats, et statistiksystem der -kan betjenes fra en fjern computer. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-0387 - -

    Ved behandling af oppetidsoplysninger på Unix-serveren, åbnes en - midlertidig fil på en usikker måde, hvilket kunne anvendes i et - symlink-angreb til at oprette eller overskrive vilkårlige filer med - rettighederne hørende til remstats-brugeren.

    - -
  • CAN-2005-0388 - -

    Tjenesten remoteping kan udnyttes til at udføre vilkårlige kommandoer - på grund af manglende kontrol af inddata.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.00a4-8woody1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.0.13a-5.

- -

Vi anbefaler at du opgraderer dine remstats-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-704.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-705.wml b/danish/security/2005/dsa-705.wml deleted file mode 100644 index e08c7c3427c..00000000000 --- a/danish/security/2005/dsa-705.wml +++ /dev/null @@ -1,34 +0,0 @@ -manglende kontrol af inddata - -

Several denial of service conditions have been discovered in wu-ftpd, -the popular FTP daemon. The Common Vulnerabilities and Exposures -project identifies the following problems:

- -
    - -
  • CAN-2005-0256 - -

    Adam Zabrocki har opdaget et lammelsesangreb i wu-ftpd, som kunne - udnyttes af en fjernbruger, og få serveren sløvet ned ved at bruge mange - ressourcer.

    - -
  • CAN-2003-0854 - -

    Georgi Guninski har opdaget at /bin/ls kunne kaldes fra wu-ftpd, på en - måde der medførte et stort hukommelsesforbrug og dermed sløvede serveren - ned.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.6.2-3woody5.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.6.2-19.

- -

Vi anbefaler at du opgraderer din wu-ftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-705.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-706.wml b/danish/security/2005/dsa-706.wml deleted file mode 100644 index 0dbf3832b9a..00000000000 --- a/danish/security/2005/dsa-706.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Ulf Härnhammar fra Debians sikkerhedsauditprojekt har opdaget et -bufferoverløb i axel, et simpelt program til downloadaccelerering. Ved læsning -af inddata fra en fjern kilde, kontrollerede programmet ikke om en del af -inddataene kunne få en buffer til at løbe over og måske udløse udførelse af -vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.0a-1woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0b-1.

- -

Vi anbefaler at du opgraderer din axel-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-706.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-707.wml b/danish/security/2005/dsa-707.wml deleted file mode 100644 index 061638de4c1..00000000000 --- a/danish/security/2005/dsa-707.wml +++ /dev/null @@ -1,51 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i MySQL, et populært databaseprogram. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CAN-2004-0957 - -

    Sergei Golubchik har opdaget et problem i adgangshåndteringen af - databaser med navne der ligner hinanden. Hvis en bruger tildeles - rettigheder til en database med et navn indeholdende en understregning - ("_"), fik brugeren også rettigheder til andre databaser med lignende - navne.

    - -
  • CAN-2005-0709 - -

    Stefano Di Paola har opdaget at MySQL tillader at brugere, der er - fjernautentificeret med INSERT- og DELETE-rettigheder, udfører vilkårlig - kode ved hjælp af CREATE FUNCTION til at tilgå libc-kald.

    - -
  • CAN-2005-0710 - -

    Stefano Di Paola har opdaget at MySQL tillader at brugere, der er - fjernautentificeret med INSERT- og DELETE-rettigheder, kan omgå - begrænsninger i forbindelse med biblioteksstier, og udføre vilkårlige - bibliotekter ved at anvende INSERT INTO til at andre tabellen - mysql.func.

    - -
  • CAN-2005-0711 - -

    Stefano Di Paola har opdaget at MySQL anvender forudsigelige filnavne - ved oprettelse af midlertidige tabeller, hvilket gjorde det muligt for - lokale brugere med CREATE TEMPORARY TABLE-rettigheder, at overskrive - vilrkårlige filer via et symlink-angreb.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 3.23.49-8.11.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.0.24-5 af mysql-dfsg og i version 4.1.10a-6 af mysql-dfsg-4.1.

- -

Vi anbefaler at du opgraderer dine mysql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-707.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-708.wml b/danish/security/2005/dsa-708.wml deleted file mode 100644 index 18696b1abdc..00000000000 --- a/danish/security/2005/dsa-708.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

En efterforsker hos iDEFENSE har opdaget to problemer i funktioner til -billedbehandling i PHP, et skriptsprog der afvikles på serveren og indeholder -HTML-kode. Det ene problem var også i PHP3. Ved læsning af et JPEG-billede, -kunne PHP snydes til at gå i en uendelig løkke pga. utilstrækkelig kontrol af -inddata.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.0.18-23.1woody3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.0.18-31.

- -

Vi anbefaler at du opgraderer din php3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-708.data" -#use wml::debian::translation-check translation="4cf7853027077a4d82970cd048710f3b181d44ee" mindelta="1" diff --git a/danish/security/2005/dsa-709.wml b/danish/security/2005/dsa-709.wml deleted file mode 100644 index 44d7883819e..00000000000 --- a/danish/security/2005/dsa-709.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Sylvain Defresne har opdaget et bufferoverløb i libexif, et bibliotek som -fortolker EXIF-filer (eksempelvis JPEG-filer med ekstra oplysninger). Denne -fejl kunne udnyttes til at få programmet til at gå ned samt måske udføre -vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.5.0-1woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.6.9-5.

- -

Vi anbefaler at du opgraderer din libexif-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-709.data" -#use wml::debian::translation-check translation="ac1fbe85cffa8f3103b8243e50a2ca81612151f7" mindelta="1" diff --git a/danish/security/2005/dsa-710.wml b/danish/security/2005/dsa-710.wml deleted file mode 100644 index 9fe019356af..00000000000 --- a/danish/security/2005/dsa-710.wml +++ /dev/null @@ -1,18 +0,0 @@ -null-pointer-dereference - -

Alan Cox har opdaget et problem i gtkhtml, en widget der kan vise HTML og -anvendes i postprogrammet Evolution. Visse misdannede meddelelser kunne -forårsage et crash på grund af en null-pointer dereference.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.0.2-1.woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.4-6.2.

- -

Vi anbefaler at du opgraderer din gtkhtml-pakke og genstarter Evolution.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-710.data" -#use wml::debian::translation-check translation="942b5c301b869b49f1d7528fa79c6d728257cb67" mindelta="1" diff --git a/danish/security/2005/dsa-711.wml b/danish/security/2005/dsa-711.wml deleted file mode 100644 index 642237193c8..00000000000 --- a/danish/security/2005/dsa-711.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Nicolas Gregoire har i info2www, et program der kan konvertere info-filer -til HTML, opdaget en sårbarhed i forbindelse med udførelse af skripter på tværs -af websteder. En ondsindet person kunne placere et harmløst udseende link på -en webside, hvilket kunne muliggøre udførelse af vilkårlige kommandoer i -offerets browser.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.2.2.9-20woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.2.9-23.

- -

Vi anbefaler at du opgraderer din info2www-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-711.data" -#use wml::debian::translation-check translation="734cc84f3fe27a4a36c7ac576b0057764a1456a9" mindelta="1" diff --git a/danish/security/2005/dsa-712.wml b/danish/security/2005/dsa-712.wml deleted file mode 100644 index 12b8aa93e86..00000000000 --- a/danish/security/2005/dsa-712.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikker filhandlinger - -

Tim Dijkstra har opdaget et problem i forbindelse med opgradering af geneweb, -et slægtsforskningsprogram med en webgrænseflade. Vedligeholderskripterne -konverterede automatisk filer uden at kontrollere deres rettigheder og indhold, -hvilket kunne føre til ændringer af vilkårlige filer.

- -

I den stabile distribution (woody) er dette problem rettet i -version 4.06-2woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.10-7.

- -

Vi anbefaler at du opgraderer din geneweb-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-712.data" -#use wml::debian::translation-check translation="e6b0f874e568860ec7f8c1b72da189b1eba8e185" mindelta="1" diff --git a/danish/security/2005/dsa-713.wml b/danish/security/2005/dsa-713.wml deleted file mode 100644 index 3804636ec84..00000000000 --- a/danish/security/2005/dsa-713.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere sårbarheder - -

Flere fejl er fundet i junkbuster, en HTTP-proxy og filter. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CAN-2005-1108 - -

    James Ranson har opdaget at en angriber kunne ændre - referrer-indstillingen med en særligt fremstillet URL, ved fejlagtigt at - overskrive en global variabel.

    - -
  • CAN-2005-1109 - -

    Tavis Ormandy fra Gentoo Security Team har opdaget flere - heap-korruptioner forårsaget af inkonsekvent anvendelse af en intern - funktion, der kunne få dæmonen til at gå ned eller måske føre til - udførelse af vilkårlig kode.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.0.2-0.2woody1.

- -

Den ustabile distribution (sid) indeholder ikke længere -junkbuster-pakken.

- -

Vi anbefaler at du opgraderer din junkbuster-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-713.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-714.wml b/danish/security/2005/dsa-714.wml deleted file mode 100644 index 82ea15eea03..00000000000 --- a/danish/security/2005/dsa-714.wml +++ /dev/null @@ -1,19 +0,0 @@ -flere sårbarheder - -

KDEs sikkerhedstem har opdaget flere sårbarheder i PCX- og andre rutiner til -læsning af billedfilformater i KDEs kernebiblioteker, nogle af sårbarhederne kan -udnyttes til at udføre vilkårlig kode. Pakkerne i woody er påvirkede i mindre -grad.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.2.2-13.woody.14.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.3.2-5.

- -

Vi anbefaler at du opgraderer dine kdelibs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-714.data" -#use wml::debian::translation-check translation="35fa86050267928e001f172784774e515191e88b" mindelta="1" diff --git a/danish/security/2005/dsa-715.wml b/danish/security/2005/dsa-715.wml deleted file mode 100644 index 31a55575146..00000000000 --- a/danish/security/2005/dsa-715.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere problemer er opdaget i CVS-serveren, det populære Concurrent Versions -System. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CAN-2004-1342 - -

    Maks Polunin og Alberto Garcia har uafhængigt af hinanden opdaget, at - anvendelse af adgangsmetoden pserver sammen med repouid-rettelsen som - Debian bruger, gør det muligt at omgå adgangskoden og få adgang til - arkivet.

    - -
  • CAN-2004-1343 - -

    Alberto Garcia har opdaget at en fjernbruger kunne få cvs-serveren til - at gå ned, når filen cvs-repouids fandtes men ikke indeholdt en mapning til - det aktuelle arkiv, hvilket kunne anvendes i et lammelsesangreb.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.11.1p1debian-10.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.12.9-11.

- -

Vi anbefaler at du opgraderer din cvs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-715.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-716.wml b/danish/security/2005/dsa-716.wml deleted file mode 100644 index bc0111a380d..00000000000 --- a/danish/security/2005/dsa-716.wml +++ /dev/null @@ -1,22 +0,0 @@ -lammelsesangreb - -

Man har opdaget at visse misdannede SNAC-pakker som sendes af enten AIM- -eller ICQ-brugere, kan udløse en uendelig løkke i Gaim, en chatklient der -understøtter flere protokoller, problemet kunne medføre et lammelsesangreb i -klienten.

- -

To andre lammelsesangreb er opdaget i nyere versioner af Gaim, disse er -rettet i pakken i sid, og findes ikke i pakken i woody.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.58-2.5.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.1.3-1.

- -

Vi anbefaler at du opgraderer dine gaim-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-716.data" -#use wml::debian::translation-check translation="10a9f4b1313fe404218d52cd7a058059ca96f26b" mindelta="1" diff --git a/danish/security/2005/dsa-717.wml b/danish/security/2005/dsa-717.wml deleted file mode 100644 index 2e0581ef731..00000000000 --- a/danish/security/2005/dsa-717.wml +++ /dev/null @@ -1,31 +0,0 @@ -bufferoverløb, slåfejl - -

Flere sikkerhedsrelaterede problemer er opdaget i lsh, den alternative -secure shell v2 (SSH2)-protokolserver. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CAN-2003-0826 - -

    Bennett Todd har opdaget et heap-bufferoverløb i lshd, hvilket kunne - gøre det muligt at udføre vilkårlig kode.

    - -
  • CAN-2005-0814 - -

    Niels Möller har opdaget et lammelsesangreb i lshd.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.2.5-2woody3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.0.1-2.

- -

Vi anbefaler at du opgraderer din lsh-server-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-717.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-718.wml b/danish/security/2005/dsa-718.wml deleted file mode 100644 index 89884fad49b..00000000000 --- a/danish/security/2005/dsa-718.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

[ Denne version oplyser de korrekte pakker i afsnittet "pakker". ]

- -

Et bufferoverløb er opdaget i IAPP-dissektoren i Ethereal, et udbredt -program til analysering af netværkstrafik. En fjernangriber kunne måske få en -buffer til at løbe over ved hjælp af en særligt fremstillet pakke. Flere -problemer er opdaget, der dog ikke vedrører versionen i woody, men er rettet i -sid.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.9.4-1woody12.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.10.10-1.

- -

Vi anbefaler at du opgraderer dine ethereal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-718.data" -#use wml::debian::translation-check translation="728a63f3ffe474923b31e9edf030e6016a8beaca" mindelta="1" diff --git a/danish/security/2005/dsa-719.wml b/danish/security/2005/dsa-719.wml deleted file mode 100644 index ca5612436f5..00000000000 --- a/danish/security/2005/dsa-719.wml +++ /dev/null @@ -1,19 +0,0 @@ -formatstrengsproblemer - -

Flere formatstrengsproblemer er opdaget i prozilla, et flertrådet -downloacaccelationsprogram. Problemerne kunne udnyttes af en ondsindet server -til at udføre vilkårlig kode med rettighederne hørende til brugeren, der kørte -prozilla.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.3.6-3woody2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.3.7.4-1.

- -

Vi anbefaler at du opgraderer din prozilla-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-719.data" -#use wml::debian::translation-check translation="6f571fb9094290853a63c6d7a1d67e5724d74872" mindelta="1" diff --git a/danish/security/2005/dsa-720.wml b/danish/security/2005/dsa-720.wml deleted file mode 100644 index 23b3e3b5caa..00000000000 --- a/danish/security/2005/dsa-720.wml +++ /dev/null @@ -1,19 +0,0 @@ -forkert inddatabehandling - -

Jeroen van Wolffelaar har bemærket, at tilføjelesesprogrammet confirm i -SmartList, listehåndteringsprogrammet der anvendes på lists.debian.org, og som -desuden anvendes på samme værtsmaskine, kunne narres til at tilmelde vilkårlige -adresser til listerne.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.15-5.woody.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.15-18.

- -

Vi anbefaler at du opgraderer din smartlist-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-720.data" -#use wml::debian::translation-check translation="bd7172f126f7764a3d7821d4d4c26165d2d33a8f" mindelta="1" diff --git a/danish/security/2005/dsa-721.wml b/danish/security/2005/dsa-721.wml deleted file mode 100644 index ce11343cc05..00000000000 --- a/danish/security/2005/dsa-721.wml +++ /dev/null @@ -1,19 +0,0 @@ -designfejl - -

Michael Bhola har opdaget en fejl i squid, den populære WWW-proxycache. -Squid udløste ikke en fatal fejl, når det fandt manglende eller ugyldige ACL'er -i http_access-opsætningen, hvilket kunne medføre mindre restriktive ACL'er end -administratoren ønskede.

- -

I den stabile distribution (woody) er dette problem rettet i -version 2.4.6-2woody8.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.5.9-7.

- -

Vi anbefaler at du opgraderer dine squid-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-721.data" -#use wml::debian::translation-check translation="60605af75946463c3acbce9efbe189f7890c1c90" mindelta="1" diff --git a/danish/security/2005/dsa-722.wml b/danish/security/2005/dsa-722.wml deleted file mode 100644 index b79ef07aa5e..00000000000 --- a/danish/security/2005/dsa-722.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i Smail, et system til transport af elektronisk -post. Bufferoverløbet gjorde det muligt for fjernangribere og lokale brugere, -at udføre vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 3.2.0.114-4woody1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.2.0.115-7.

- -

Vi anbefaler at du opgraderer din smail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-722.data" -#use wml::debian::translation-check translation="c2cd173fb64e6fe8f151cae833299c88486b0268" mindelta="1" diff --git a/danish/security/2005/dsa-723.wml b/danish/security/2005/dsa-723.wml deleted file mode 100644 index b0454d7a2b3..00000000000 --- a/danish/security/2005/dsa-723.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i Xpm-biblioteket, der anvendes i XFree86. En -fjernangriber kunne levere et særligt fremstillet XPM-billede, der kunne -medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 4.1.0-16woody6.

- -

I den ustabile distribution (sid) vil problemet blive rettet i version -4.3.0.dfsg.1-13, der pt. er under forberedelse.

- -

Vi anbefaler at du opgraderer dine xfree86- og beslægtede pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-723.data" -#use wml::debian::translation-check translation="29c5b0ce9cb0d3f7e4ebbbd975ed037adfcb8e2a" mindelta="1" diff --git a/danish/security/2005/dsa-724.wml b/danish/security/2005/dsa-724.wml deleted file mode 100644 index 075f2fd0a5a..00000000000 --- a/danish/security/2005/dsa-724.wml +++ /dev/null @@ -1,18 +0,0 @@ -designfejl - -

Maksymilian Arciemowicz har opdaget flere problemer med udførelse af -scripter på tværs af servere i phpsysinfo, et PHP-baseret program der giver -oplysninger om værtsmaskinen det kører på.

- -

I den stabile distribution (woody) er disse problemer rettet i -version 2.0-3woody2.

- -

I distributionerne testing (sarge) og unstable (sid) er disse problemer -rettet i version 2.3-3.

- -

Vi anbefaler at du opgraderer din phpsysinfo-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-724.data" -#use wml::debian::translation-check translation="acfad9e19c596da7eb800c848b7074ddd86044d3" mindelta="1" diff --git a/danish/security/2005/dsa-725.wml b/danish/security/2005/dsa-725.wml deleted file mode 100644 index e6f88463219..00000000000 --- a/danish/security/2005/dsa-725.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende frigivelse af rettigheder - -

Jens Steube har opdaget at ppxp, endnu et PPP-program, ikke frigiver -root-rettighederne ved åbning af potentielt brugerleverede logfiler. Det kan -føre til åbning af en root-skal.

- -

I den gamle stabile distribution (woody) er dette problem rettet i version -0.2001080415-6woody2 (DSA 725-1).

- -

I den stabile distribution (sarge) er dette problem rettet i version -0.2001080415-10sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.2001080415-11.

- -

Vi anbefaler at du opgraderer din ppxp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-725.data" -#use wml::debian::translation-check translation="0d0a16d91593fcb0f179dbeaa23b9bac1a349e0b" mindelta="1" diff --git a/danish/security/2005/dsa-726.wml b/danish/security/2005/dsa-726.wml deleted file mode 100644 index 1bbf6376d75..00000000000 --- a/danish/security/2005/dsa-726.wml +++ /dev/null @@ -1,16 +0,0 @@ -formatstrengssårbarhed - -

En formatstrengssårbarhed er opdaget i Oops' modul til autenficiering i -MySQL/PgSQL. Oops er en HTTP-mellemlagerserver skrevet med ydeevne for øje.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.5.19.cvs.20010818-0.1woody1

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din oops-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-726.data" -#use wml::debian::translation-check translation="acfad9e19c596da7eb800c848b7074ddd86044d3" mindelta="1" diff --git a/danish/security/2005/dsa-727.wml b/danish/security/2005/dsa-727.wml deleted file mode 100644 index fa153c925af..00000000000 --- a/danish/security/2005/dsa-727.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Mark Martinec og Robert Lewis har opdaget et bufferoverløb i Convert::UUlib, -en Perl-grænseflade til uulib-biblioteket. Fejlen kunne medføre udførelse af -vilkårlig kode.

- -

I den stabile distribution (woody) er dette problem rettet i -version 0.201-2woody1.

- -

I distributionerne testing (sarge) og unstable (sid) er dette problem rettet -i version 1.0.5.1-1.

- -

Vi anbefaler at du opgraderer din libconvert-uulib-perl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-727.data" -#use wml::debian::translation-check translation="48ba54338ccecbf351024e39334494a8258bce25" mindelta="1" diff --git a/danish/security/2005/dsa-728.wml b/danish/security/2005/dsa-728.wml deleted file mode 100644 index 100e1e2c228..00000000000 --- a/danish/security/2005/dsa-728.wml +++ /dev/null @@ -1,42 +0,0 @@ -manglende frigivelse af rettigheder - -

Dette bulletin dækker kun opdaterede pakker til Debian 3.0 alias "woody". -Som reference følger herunder den oprindelige tekst fra bulletinen:

- -
-

To fejl er opdaget i qpopper, en udvidet Post Office Protocol-server (POP3). -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CAN-2005-1151 - -

    Jens Steube har opdaget, at under behandling af lokale filer ejet eller - stillet til rådighed af en normal bruger, blev rettighederne ikke smidt - væk, hvilket kunne føre til overskrivelse eller oprettelse af vilkårlige - filer som root.

    • - -
  • CAN-2005-1152 - -

    Opstrømsudviklerne har opdaget at qpopper kunne snydes til at oprette - group- eller world-skrivbare filer.

    • - -
-
- -

I den stabile distribution (woody) er disse problemer rettet i -version 4.0.4-2.woody.5.

- -

I distributionen testing (sarge) er disse problemer rettet i -version 4.0.5-4sarge1.

- -

I den ustabile distribution (sid) vil disse problemer blive rettet i -version 4.0.5-4sarge1.

- -

Vi anbefaler at du opgraderer din qpopper-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-728.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-729.wml b/danish/security/2005/dsa-729.wml deleted file mode 100644 index dbd1e5532e5..00000000000 --- a/danish/security/2005/dsa-729.wml +++ /dev/null @@ -1,23 +0,0 @@ -manglende kontrol af inddata - -

En efterforsker hos iDEFENSE har opdaget to problemer i PHP's -billedbehandlingfunktioner. PHP, der afvikles på serveren, er et skriptsprog -til HTML, en PHP-version findes i woody. Ved læsning af et JPEG-billede, kunne -PHP snydes ind i en uendelig løkke på grund af utilstrække kontrol af -inddata.

- -

I den stabile distribution (woody) er dette problem rettet i -version 4.1.2-7.woody4.

- -

I distributionen testing (sarge) er disse problemer rettet i -version 4.3.10-10.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.3.10-10.

- -

Vi anbefaler at du opgraderer dine php4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-729.data" -#use wml::debian::translation-check translation="568a2d309717ae2d8c5b7031a877a641e41b98fb" mindelta="1" diff --git a/danish/security/2005/dsa-730.wml b/danish/security/2005/dsa-730.wml deleted file mode 100644 index 0e7e99c8ccc..00000000000 --- a/danish/security/2005/dsa-730.wml +++ /dev/null @@ -1,22 +0,0 @@ -race condition - -

Imran Ghory har opdaget en "race condition" i bzip2, et bloksorterende -filkomprimeringsprogram af høj kvalitet. Ved udpakning af en fil til en mappe, -som en angriber havde adgang til, kunne bunzip2 narres til at opsætte -filrettighederne på en anden fil, som brugeren havde rettigheder til.

- -

I den stabile distribution (woody) er dette problem rettet i -version 1.0.2-1.woody2.

- -

I distributionen testing (sarge) er dette problem rettet i -version 1.0.2-6.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.2-6.

- -

Vi anbefaler at du opgraderer dine bzip2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-730.data" -#use wml::debian::translation-check translation="aec8dd4d0fb2ab62f161709b53fef1fae02d1977" mindelta="1" diff --git a/danish/security/2005/dsa-731.wml b/danish/security/2005/dsa-731.wml deleted file mode 100644 index 4ff2dcca23b..00000000000 --- a/danish/security/2005/dsa-731.wml +++ /dev/null @@ -1,37 +0,0 @@ -bufferoverløb - -

Flere problemer er opdaget i telnet-klienter. Problemerne kunne udnyttes af -ondsindede dæmonprogrammer som klienterne forbindes til. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-0468 - -

    Gaël Delalleau har opdaget et bufferoverløb i funktionen env_opt_add(), - der gør det muligt for en fjernangriber at udføre vilkårlig kode.

    - -
  • CAN-2005-0469 - -

    Gaël Delalleau har opdaget et bufferoverløb i håndteringen af - LINEMODE-underindstillingen i telnet-klienter. Dette kan føre til - udførelse af vilkårlig kode, når klienten er sluttet til en ondsindet - server.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 1.1-8-2.4.

- -

I distribution testing (sarge) er disse problemer rettet i -version 1.2.2-11.2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.2.2-11.2.

- -

Vi anbefaler at du opgraderer dine krb4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-731.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-732.wml b/danish/security/2005/dsa-732.wml deleted file mode 100644 index f0c78d616f3..00000000000 --- a/danish/security/2005/dsa-732.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere sårbarheder - -

"infamous41md" har opdaget flere sårbarheder i pakken GNU mailutils, der -indeholder værktøjer til håndtering af e-mail. Disse problemer kan medføre -lammelsesangreb eller udførelse af vilkårlig kode. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende sårbarheder.

- -
    - -
  • CAN-2005-1520 - -

    Bufferoverløb i håndteringen af mailheader kan gøre det muligt for en - fjernangriber at udføre kommandoer med rettighederne hørende til den - bruger, det går ud over.

    - -
  • CAN-2005-1521 - -

    Et kombineret heltals- og heapoverløb i fetch-rutinen kan føre til - udførelse af vilkårlig kode.

    - -
  • CAN-2005-1522 - -

    Lammelsesangreb i fetch-rutinen.

    - -
  • CAN-2005-1523 - -

    Formatstrengssårbarhed kan føre til udførelse af vilkårlig kode.

    - -
- -

I den stabile distribution (woody) er disse problemer rettet i -version 20020409-1woody2.

- -

I distributionen testing (sarge) er disse problemer rettet i -version 0.6.1-4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.6.1-4.

- -

Vi anbefaler at du opgraderer dine mailutils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-732.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-733.wml b/danish/security/2005/dsa-733.wml deleted file mode 100644 index e3e26a22fa6..00000000000 --- a/danish/security/2005/dsa-733.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikre midlertidige filer - -

Justin Rye har opdaget at crip, et terminal-baseret værktøj til ripning, -kodning og navngivning, anvender midlertidige filer på en usikker måde i sine -hjælpe-skripter.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken crip.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.5-1sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.5-1sarge2.

- -

Vi anbefaler at du opgraderer din crip-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-733.data" -#use wml::debian::translation-check translation="d6c7aeb75ba59d31ac4e05060a46aa105f4ded12" mindelta="1" diff --git a/danish/security/2005/dsa-734.wml b/danish/security/2005/dsa-734.wml deleted file mode 100644 index f0823de812f..00000000000 --- a/danish/security/2005/dsa-734.wml +++ /dev/null @@ -1,33 +0,0 @@ -lammelsesangreb - -

To lammelsesangrebsproblemer er fundet i Gaim, et klientprogram til chat der -understøtter flere protokoller. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-1269 - -

    Et misdannet Yahoo-filnavn kunne medføre et nedbrud i programmet.

    - -
  • CAN-2005-1934 - -

    En misdannet MSN-meddelelse kunne føre til ukorrekt - hukommelsesallokering, hvilket medførte et nedbrug i programmet.

    - -
- -

Den gamle stabile distribution (woody) lader ikke til at være påvirket.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.2.1-1.3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.3.1-1.

- -

Vi anbefaler at du opgraderer din gaim-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-734.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-735.wml b/danish/security/2005/dsa-735.wml deleted file mode 100644 index d913916ffa1..00000000000 --- a/danish/security/2005/dsa-735.wml +++ /dev/null @@ -1,25 +0,0 @@ -pathname validation race - -

En lokal bruger der har været rettigheder til at køre kommandoer via sudo, -kunne køre vilkårlige kommandoer som en priviligeret bruger på grund af en fejl -i sudos validering af stinavne. Denne fejl påvirker kun opsætninger der har -begrænset brugeropsætninger før et ALL-direktiv i opsætningsfilen. En omgåelse -af problemet er at flytte alle ALL-direktiver til begyndelsen af filen -sudoers; se bulletinen på -for flere oplysninger.

- -

I den gamle stabile Debian-distribution (woody), er dette problem -rettet i version 1.6.6-1.3woody1.

- -

I den nuværende stabile distribution -(sarge), er dette problem rettet i version 1.6.8p7-1.1sarge1.

- -

Bemærk at pakkerne ikke er parate til visse arkitekturer; disse vil blive -udgivet efterhånden som de bliver tilgængelige.

- -

Vi anbefaler at du opgraderer din sudo-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-735.data" -#use wml::debian::translation-check translation="17224dde6fd52dd722b881c11cfa944d4e8760fc" mindelta="1" diff --git a/danish/security/2005/dsa-736.wml b/danish/security/2005/dsa-736.wml deleted file mode 100644 index f3af751b5a5..00000000000 --- a/danish/security/2005/dsa-736.wml +++ /dev/null @@ -1,26 +0,0 @@ -fjern-lammelsesangreb - -

En sårbarhed er nyligt fundet i den måde SpamAssassin fortolker visse -e-mail-headere. Sårbarheden kunne få SpamAssassin til at bruge en stor mængde -CPU-tid ved behandling af meddelelser indeholdende disse headerlinjer, hvilket -kunne føre til et lammelsesangreb (denial of service).

- -

Versionen af SpamAssassin i den gamle stabile distribution (woody) er ikke -sårbar.

- -

I den stabile distribution (sarge), er dette problem rettet i -version 3.0.3-2. Bemærk at der endnu ikke er pakke klar til nogle -arkitekturer; disse vil blive frigivet efterhånden som de bliver -tilgængelige.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.0.4-1.

- -

Vi anbefaler at du opgraderer din spamassassin-pakke fra sarge eller -sid.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-736.data" -#use wml::debian::translation-check translation="af888a84e301412e943f1488f3fdc97db17338e2" mindelta="1" diff --git a/danish/security/2005/dsa-737.wml b/danish/security/2005/dsa-737.wml deleted file mode 100644 index fe437a620f2..00000000000 --- a/danish/security/2005/dsa-737.wml +++ /dev/null @@ -1,18 +0,0 @@ -fjern-lammelsesangreb - -

Et antal potentielle fjern-lammelsesangrebssårbarheder (denial of -service) er fundet i ClamAV. Ud over de fire problemer angivet med CVE-id -herover, er der løst problemer i libclamav/cvd.c og libclamav/message.c. -Tilsammen kunne disse problmer gøre det muligt at en særligt fremstillet -meddelelse fik ClamAV-scanningsprogrammet til at gå ned eller opbruge -forskellige ressourcer på den maskine, som scanningsprogrammet kørte på.

- -

I den stabile distribution (sarge), er disse problemer rettet i -version 0.84-2.sarge.1.

- -

Vi anbefaler at du opgraderer din clamav-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-737.data" -#use wml::debian::translation-check translation="af888a84e301412e943f1488f3fdc97db17338e2" mindelta="1" diff --git a/danish/security/2005/dsa-738.wml b/danish/security/2005/dsa-738.wml deleted file mode 100644 index 786dc22b23e..00000000000 --- a/danish/security/2005/dsa-738.wml +++ /dev/null @@ -1,17 +0,0 @@ -fjern-lammelsesangreb - -

En sårbarhed er opdaget i den måde, Razor fortolker visse headerlinjer i -e-mails. Dette kunne potentielt udnyttes til at få Razor-programmet til at gå -ned, med et lammelsesangreb (denial of service) til følge.

- -

I den stabile distribution (sarge), er dette problem rettet i -version 2.670-1sarge2.

- -

Den gamle stabile distribution (woody) er ikke påvirket af problemet.

- -

Vi anbefaler at du opgraderer din razor-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-738.data" -#use wml::debian::translation-check translation="af888a84e301412e943f1488f3fdc97db17338e2" mindelta="1" diff --git a/danish/security/2005/dsa-739.wml b/danish/security/2005/dsa-739.wml deleted file mode 100644 index 3ea3741edb7..00000000000 --- a/danish/security/2005/dsa-739.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Stefan Esser har opdaget fejl i forbindelse med kontrol af inddata i Flaw, -et wiki- og problemsporingssystem, der gør det muligt at downloade/uploade -filer, og derfor kunne føre til en fjernbrugeres udførelse af kode ved visse -opsætninger.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken trac.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.8.1-3sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.8.4-1.

- -

Vi anbefaler at du opgraderer din trac-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-739.data" -#use wml::debian::translation-check translation="2609f3bf02b7fc5807bedaffbc6cd70ff2c2fcc3" mindelta="1" diff --git a/danish/security/2005/dsa-740.wml b/danish/security/2005/dsa-740.wml deleted file mode 100644 index ea0aaa447d1..00000000000 --- a/danish/security/2005/dsa-740.wml +++ /dev/null @@ -1,20 +0,0 @@ -fjern-lammelsesangreb - -

En fejl i den både zlib håndterer udpakning af visse komprimerede filer, -kan medføre at et program som anvender zlib går ned ved åbning af en korrupt -fil.

- -

Problemet påvirker ikke den gamle stabile distribution (woody).

- -

I den stabile distribution (sarge), er dette problem rettet i -version 1.2.2-4.sarge.1.

- -

I den ustabile distribution, er dette problem rettet i version -1.2.2-7.

- -

Vi anbefaler at du opgraderer din zlib-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-740.data" -#use wml::debian::translation-check translation="af888a84e301412e943f1488f3fdc97db17338e2" mindelta="1" diff --git a/danish/security/2005/dsa-741.wml b/danish/security/2005/dsa-741.wml deleted file mode 100644 index 25961aed4c3..00000000000 --- a/danish/security/2005/dsa-741.wml +++ /dev/null @@ -1,24 +0,0 @@ -uendelig løkke - -

Chris Evans har opdaget at er særligt fremstillet arkiv kunne udløse en -uendelig løkke i bzip2, et bloksorterende filkomprimeringsprogram af høj -kvalitet. Under udpakningen af arkivet medførte det en uddatafil der blev ved -med at vokse indtil disken var fyldt op. På systemer der automatisk udpakker -bzip2-arkiver, kunne det ende med et lammelsesangreb (DoS, Denial of -Service).

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.0.2-1.woody5.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.2-7.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.2-7.

- -

Vi anbefaler at du opgraderer din bzip2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-741.data" -#use wml::debian::translation-check translation="ba8fdddc9e6cca16be38a6f60d1b61a79f80fc04" mindelta="1" diff --git a/danish/security/2005/dsa-742.wml b/danish/security/2005/dsa-742.wml deleted file mode 100644 index 9214d92f6cd..00000000000 --- a/danish/security/2005/dsa-742.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Derek Price, den nuværende vedligeholder af CVS, har opdaget et -bufferoverløb i CVS-serveren i det populære Concurrent Versions System. -Bufferoverløbet kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.11.1p1debian-12.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.12.9-13.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.12.9-13.

- -

Vi anbefaler at du opgraderer din cvs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-742.data" -#use wml::debian::translation-check translation="74b06cbe89e6b23a113e5055178fed475dc855b2" mindelta="1" diff --git a/danish/security/2005/dsa-743.wml b/danish/security/2005/dsa-743.wml deleted file mode 100644 index 71f59384b99..00000000000 --- a/danish/security/2005/dsa-743.wml +++ /dev/null @@ -1,37 +0,0 @@ -bufferoverløb, heltalsoverløb - -

Flere problemer er opdaget i ht, et program til vising, redigering og -analysering af forskellige ekskvérbare filer. Problemerne kunne medføre -udførelse af vilkårlig kode. Projektet Common Vulnerabilities and Exposure -har fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-1545 - -

    Tavis Ormandy fra Gentoo Linux Security Team har opdaget et - heltalsoverløb i ELF-fortolkerenr.

    - -
  • CAN-2005-1546 - -

    Forfatterne har opdaget et bufferoverløb i PE-fortolkeren.

    - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet -i version 0.5.0-1woody4. Hvad angår arkitekturen HP Precision, anbefales det -at du ikke længere bruger denne pakke, da vi ikke kan levere en opdateret -pakke fordi det ikke længere er muligt at oversætte den.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.8.0-2sarge4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.8.0-3.

- -

Vi anbefaler at du opgraderer din ht-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-743.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-744.wml b/danish/security/2005/dsa-744.wml deleted file mode 100644 index 018a0bff41e..00000000000 --- a/danish/security/2005/dsa-744.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

Sven Tantau har opdaget et sikkerhedsproblem i fuse, et filsystem på -brugerniveau, som kunne udnyttes af ondsindede lokale brugere til at afsløre -potentielt følsomme oplysninger.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken fuse.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.2.1-4sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.3.0-1.

- -

Vi anbefaler at du opgraderer din fuse-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-744.data" -#use wml::debian::translation-check translation="d498086c27fc1692c530ffd8132b58fea07ad246" mindelta="1" diff --git a/danish/security/2005/dsa-745.wml b/danish/security/2005/dsa-745.wml deleted file mode 100644 index bd0ac366c29..00000000000 --- a/danish/security/2005/dsa-745.wml +++ /dev/null @@ -1,20 +0,0 @@ -fejl ved kontrol af inddata - -

To fejl ved kontrol af inddata er opdaget i drupal og dets medfølgende -xmlrpc-modul. Disse fejl kune medføre udførelse af vilkårlige kommandoer på -webserveren hvor drupal kørte.

- -

drupal er ikke i den gamle stabile distribution (woody).

- -

I den nuværende stabile distribution (sarge), er disse problemer -rettet i version 4.5.3-3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.5.4-1.

- -

Vi anbefaler at du opgraderer din drupal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-745.data" -#use wml::debian::translation-check translation="95dcbcbe97887a0730e528f9021fc3cab4056a36" mindelta="1" diff --git a/danish/security/2005/dsa-746.wml b/danish/security/2005/dsa-746.wml deleted file mode 100644 index 7f2d502bf29..00000000000 --- a/danish/security/2005/dsa-746.wml +++ /dev/null @@ -1,24 +0,0 @@ -fejl ved kontrol af inddata - -

En sårbarhed er opdaget i xmlrpc-biblioteket der følger med phpgroupware, -et webbaseret program til e-mail, kalender og andre groupware-funktioner. -Sårbarheden kunne gøre det muligt at udføre vilkårlige kommandoer på serveren -der kører phpgroupware.

- -

Sikkerhedsteamet er i gang med at undersøge den version af phpgroupware, -som er i den gamle stabile distribution (woody). For øjeblikket anbefaler vi -at man enten deaktiverer phpgroupware eller opgraderer til den aktuelle stabile -stabile distribution (sarge).

- -

I den nuværende stabile distribution (sarge) er dette problem rettet -i version 0.9.16.005-3.sarge0.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.16.006-1.

- -

Vi anbefaler at du opgraderer din phpgroupware-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-746.data" -#use wml::debian::translation-check translation="cb2f5e57816102a710a9531570f81e67023f636e" mindelta="1" diff --git a/danish/security/2005/dsa-747.wml b/danish/security/2005/dsa-747.wml deleted file mode 100644 index 7dd16962fb1..00000000000 --- a/danish/security/2005/dsa-747.wml +++ /dev/null @@ -1,21 +0,0 @@ -fejl ved kontrol af inddata - -

En sårbarhed er opdaget i xmlrpc-biblioteket som findes i pakken egroupware. -Sårbarheden kunne medføre udførelse af vilkårlige kommandoer på serveren der -kørte egroupware.

- -

Den gamle stabile distribution (woody) indeholder ikke egroupware.

- -

I den nuværende stabile distribution (sarge), er dette problem rettet i -version 1.0.0.007-2.dfsg-2sarge1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.0.0.007-3.dfsg-1.

- -

Vi anbefaler at du opgraderer din egroupware-pakke.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-747.data" -#use wml::debian::translation-check translation="c7ec6d31d45b894921d443c123460b9de8087aa1" mindelta="1" diff --git a/danish/security/2005/dsa-748.wml b/danish/security/2005/dsa-748.wml deleted file mode 100644 index 782c0cef74d..00000000000 --- a/danish/security/2005/dsa-748.wml +++ /dev/null @@ -1,18 +0,0 @@ -dårlig standardværdi - -

En sårbarhed er opdaget i ruby1.8, som kunne gøre det muligt at udføre -vilkårlige kommandoer på en server der kørte ruby xmlrpc-serveren.

- -

Den gamle stabile distribution (woody) indeholder ikke ruby1.8.

- -

Dette problem er rettet i den nuværende stabile distribution (sarge) i -version 1.8.2-7sarge1.

- -

Dette problem er rettet i den ustabile distribution i version 1.8.2-8.

- -

Vi anbefaler at du opgraderer din ruby1.8-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-748.data" -#use wml::debian::translation-check translation="7015ee157604c28139577b3308ca1c49821f6215" mindelta="1" diff --git a/danish/security/2005/dsa-749.wml b/danish/security/2005/dsa-749.wml deleted file mode 100644 index f155a5ed771..00000000000 --- a/danish/security/2005/dsa-749.wml +++ /dev/null @@ -1,20 +0,0 @@ -formatstrengfejl - -

En sårbarhed er opdaget i pakken ettercap, hvilket kunne gøre det muligt for -en fjernangriber at udføre vilkårlig kode på systemet der kørte ettercap.

- -

Den gamle stabile distribution (woody) indeholder ikke ettercap.

- -

I den stabile distribution (sarge), er dette problem rettet i -version 0.7.1-1sarge1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.7.3-1.

- -

Vi anbefaler at du opgraderer din ettercap-pakke.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-749.data" -#use wml::debian::translation-check translation="0e442c640efc207e6b89ad6e23eb8ac0edc17a1f" mindelta="1" diff --git a/danish/security/2005/dsa-750.wml b/danish/security/2005/dsa-750.wml deleted file mode 100644 index 4206971de79..00000000000 --- a/danish/security/2005/dsa-750.wml +++ /dev/null @@ -1,21 +0,0 @@ -grænseoverskridende tilgang til hukommelse - -

"infamous42md" har opdaget at dhcpcd, en DHCP-klient til automatisk -opsætning af IPv4-netværk, kunne narres til at læs ud over slutningen af den -leverede DHCP-buffer, hvilket kunne føre til at dæmonen gik ned.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette -problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.3.22pl4-21sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.3.22pl4-22.

- -

Vi anbefaler at du opgraderer din dhcpcd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-750.data" -#use wml::debian::translation-check translation="947c9c7b288691adcafa70a9cb642e4ed8991ceb" mindelta="1" diff --git a/danish/security/2005/dsa-751.wml b/danish/security/2005/dsa-751.wml deleted file mode 100644 index 87cb8d1bd5f..00000000000 --- a/danish/security/2005/dsa-751.wml +++ /dev/null @@ -1,24 +0,0 @@ -IP-forfalskning - -

Opstrømsudviklerne har fundet en fejl i DNS-opslagskoden i Squid, det -populære program til mellemlagring af WWW-sider. Når DNS-klientens UDP-port -(tildelt af styresystemet ved start) er ufiltreret og netværket ikke er -beskyttet mod IP-forfalskning, kunne ondsindede brugere forfalske DNS-opslag, -hvilket kunne medføre at brugerne blev omdirigeret til vilkårlige -websteder.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.4.6-2woody9.

- -

I den stabile distribution (sarge) er dette problem allerede rettet i -version 2.5.9-9.

- -

I den ustabile distribution (sid) er dette problem allerede rettet i -version 2.5.9-9.

- -

Vi anbefaler at du opgraderer din squid-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-751.data" -#use wml::debian::translation-check translation="8045e409cf0d984e0830131382e10936d4c4da8d" mindelta="1" diff --git a/danish/security/2005/dsa-752.wml b/danish/security/2005/dsa-752.wml deleted file mode 100644 index 0d8d3d6106b..00000000000 --- a/danish/security/2005/dsa-752.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

To problemer er opdaget i gzip, GNU's komprimeringsværktøj. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende -problemer.

- -
    - -
  • CAN-2005-0988 - -

    Imran Ghory har opdaget en "race condition" i - rettighedsindstillingskoden i gzip. Ved udpakning af en fil i en mappe, - som en angriber havde adgang til, kunne gunzip narres til at opsætte - filrettighederne på en anden fil, som brugeren havde rettigheder til.

    - -
  • CAN-2005-1228 - -

    Ulf Härnhammar har opdaget en mappegennemløbssårbarhed i gunzip. Når - gunzip blev anvendt med parameteret -N, kunne en angriber bruge denne - sårbarhed til at oprette filer i en vilkårlig mappe med brugerens - rettigheder.

    - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 1.3.2-3woody5.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.3.5-10.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.3.5-10.

- -

Vi anbefaler at du opgraderer din gzip-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-752.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-753.wml b/danish/security/2005/dsa-753.wml deleted file mode 100644 index cf4aee8292f..00000000000 --- a/danish/security/2005/dsa-753.wml +++ /dev/null @@ -1,24 +0,0 @@ -formatstreng - -

En formatstrengssårbarhed er opdaget i gedit, en enkel teksteditor til -GNOME. Sårbarheden kunne gøre det muligt for angribere at forårsage et -lammelsesangreb (denial of service, programnedbrud) via en binær fil med -formatstrengskoder i filnavnet. Da gedit understøtter åbning af filer via -"http://"-URL'er (via GNOMEs VFS) og andre måder, kunne denne sårbarhed måske -fjernudnyttes.

- -

Den gamle stabile distribution (woody) er ikke sårbar over for dette -problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.8.3-4sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.10.3-1.

- -

Vi anbefaler at du opgraderer din gedit-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-753.data" -#use wml::debian::translation-check translation="cdf111328808f00dab8ee9d3fe94d372639c3742" mindelta="1" diff --git a/danish/security/2005/dsa-754.wml b/danish/security/2005/dsa-754.wml deleted file mode 100644 index 7480868d0fe..00000000000 --- a/danish/security/2005/dsa-754.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikker midlertidig fil - -

Eric Romang har opdaget at centericq, et chatprogram der understøtter flere -protokoller og kører i teksttilstand, opretter nogle midlertidige filer med -forudsigelige filnavne og derfor er sårbart for symlink-angreb foretaget af -lokale angribere.

- -

Den gamle stabile distribution (woody) er ikke påvirket at dette -problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.20.0-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.20.0-7.

- -

Vi anbefaler at du opgraderer din centericq-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-754.data" -#use wml::debian::translation-check translation="8cf2b3fbbd743758da58aa1e4b3711df9f33f96b" mindelta="1" diff --git a/danish/security/2005/dsa-755.wml b/danish/security/2005/dsa-755.wml deleted file mode 100644 index e45e7bff6ae..00000000000 --- a/danish/security/2005/dsa-755.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Frank Warmerdam har opdaget et stakbaseret bufferoverløb i libtiff, Tag -Image File Format-biblioteket til behandling af TIFF-grafikfiler, som kunne -gøre det muligt at udføre vilkårlig kode via misdannede TIFF-filer.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 3.5.5-7.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.7.2-3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.7.2-3.

- -

Vi anbefaler at du opgraderer dine libtiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-755.data" -#use wml::debian::translation-check translation="d17cf16682711864529d326b4aa98e65e6d99214" mindelta="1" diff --git a/danish/security/2005/dsa-756.wml b/danish/security/2005/dsa-756.wml deleted file mode 100644 index 4bcb2084b19..00000000000 --- a/danish/security/2005/dsa-756.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i Squirrelmail, et udbredt webmail-system. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CAN-2005-1769 - -

    Martijn Brinkers har opdaget en sårbarhed i forbindelse med udførelse af - skripter på tværs af websteder, som gjorde det muligt for fjernangribere at - indsprøjte vilkårlige webskripter eller HTML-kode i en URL og e-mails.

    - -
  • CAN-2005-2095 - -

    James Bercegay fra GulfTech Security har opdaget en sårbarhed i - håndteringen af variabler, hvilket kunne gøre det muligt for angribere at - andre andre brugeres indstillinger og muligvis læse dem, skriver filer alle - steder som www-data havde skriveadgang til samt udføre skripter på tværs af - websteder.

    - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 1.2.6-4.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.4.4-6sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.4.4-6sarge1.

- -

Vi anbefaler at du opgraderer din squirrelmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-756.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-757.wml b/danish/security/2005/dsa-757.wml deleted file mode 100644 index 5dab4df3f79..00000000000 --- a/danish/security/2005/dsa-757.wml +++ /dev/null @@ -1,41 +0,0 @@ -bufferoverløb, dobbelt frigivelse af hukommelse - -

Daniel Wachdorf har rapporteret to problemer i MIT krb5-distributionen der -anvendes til netværksautentificering. Først er der KDC-programmer i pakken -krb5-kdc, der kan ødelægge heap'en ved at forsøge at frigive hukommelse, der -allerede er blevet frigivet ved modtagelse af visse TCP-forbindelser. Denne -sårbarhed kunne medføre et nedbrud i KDC, hvilket kunne føre til et -lammelsesangreb (denial of service) -[\ -CAN-2005-1174]. Dernæst kunne visse sjældne tilfælde med forespørgsler af -denne type føre til et bufferoverløb og udførelse af fjerntliggende kode -[\ -CAN-2005-1175].

- -

Desuden har Magnus Hagander rapporteret om et andet problem, hvor funktionen -krb5_recvauth i visse situationer kunne frigive allerede frigivet hukommelse, -hvilket potentielt kunne føre til udførelse af fjerntliggende kode -[\ -CAN-2005-1689].

- -

Alle disse sårbarheder anses for vanskellige at udnytte, og ingen -udnyttelser er endnu blevet opdaget.

- -

I den gamle stabile distribution (woody), er disse problemer rettet -i version 1.2.4-5woody10. Bemærk at woodys KDC ikke har TCP-understøttelse og -ikke er sårbar over for -\ -CAN-2005-1174.

- -

I den stabile distribution (sarge), er disse problemer rettet i -version 1.3.6-2sarge2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.3.6-4.

- -

Vi anbefaler at du opgraderer din krb5-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-757.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-758.wml b/danish/security/2005/dsa-758.wml deleted file mode 100644 index 6e21b65e3a2..00000000000 --- a/danish/security/2005/dsa-758.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i telnet-serveren fra Heimdal, en frit -tilgængelig implementering af Kerberos 5. Bufferoverløbet kunne føre til -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.4e-7.woody.10.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.6.3-10sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.6.3-11.

- -

Vi anbefaler at du opgraderer dine heimdal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-758.data" -#use wml::debian::translation-check translation="f16cbd4a12402650a963361b888627b68cbc5977" mindelta="1" diff --git a/danish/security/2005/dsa-759.wml b/danish/security/2005/dsa-759.wml deleted file mode 100644 index 430bfe2e1e7..00000000000 --- a/danish/security/2005/dsa-759.wml +++ /dev/null @@ -1,22 +0,0 @@ -manglende kontrol af inddata - -

En sårbarhed er opdaget i phppgadmin, et sæt PHP-skripter til -administrering af PostgreSQL via en webbrowser. Sårbarheden kunne medføre -afsløring af følsomme oplysninger. En vellykket udnyttelse kræver at -"magic_quotes_gpc" er slået fra.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette -problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.5.2-5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.5.4.

- -

Vi anbefaler at du opgraderer din phppgadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-759.data" -#use wml::debian::translation-check translation="f1bd270aa7a1a257f95fd0ba60d6d6f8efa1d82d" mindelta="1" diff --git a/danish/security/2005/dsa-760.wml b/danish/security/2005/dsa-760.wml deleted file mode 100644 index a6496cb1273..00000000000 --- a/danish/security/2005/dsa-760.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i ekg, en Gadu Gadu-konsolklient der bruges -til chat. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende sårbarheder:

- -
    - -
  • CAN-2005-1850 - -

    Marcin Owsiany og Wojtek Kaniewski har opdaget en usikker midlertidig - filoprettelse blandt skripterne folk har bidraget med.

    - -
  • CAN-2005-1851 - -

    Marcin Owsiany og Wojtek Kaniewski har opdaget en potentiel - shell-kommandoindsprøjtning blandt skripterne folk har bidraget med.

    - -
  • CAN-2005-1916 - -

    Eric Romang har opdaget en usikker filoprettelse og vilkårlig - kommandoudførelse blandt skripterne folk har bidraget med, som kunne - udnyttes af en lokal angriber.

    - -
- -

Den gamle stabile distribution (woody) indeholder ikke en ekg-pakke.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.5+20050411-4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.5+20050712+1.6rc2-1.

- -

Vi anbefaler at du opgraderer din ekg-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-760.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-761.wml b/danish/security/2005/dsa-761.wml deleted file mode 100644 index c6572ad0bfc..00000000000 --- a/danish/security/2005/dsa-761.wml +++ /dev/null @@ -1,26 +0,0 @@ -usikre midlertidige filer - -

Sikkerhedsopdateringen DSA 761-1 til heartbeat indeholdt en fejl der forårsagede -en regression. Problemet rettes med denne bulletin. For fuldstændighedens -skyld følger herunder bulletinens oprindelige tekst:

- -
-

Eric Romang har opdaget flere usikre midlertidige filoprettelse i heartbeat, -undersystemet til High-Availability Linux.

-
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 0.4.9.0l-7.3.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.2.3-9sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.2.3-12.

- -

Vi anbefaler at du opgraderer din heartbeat-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-761.data" -#use wml::debian::translation-check translation="83801bb1f88d59acab6d62e756c56d828d1ee1b7" mindelta="1" diff --git a/danish/security/2005/dsa-762.wml b/danish/security/2005/dsa-762.wml deleted file mode 100644 index ae3e07da689..00000000000 --- a/danish/security/2005/dsa-762.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

Kevin Finisterre har opdaget to problemer i Bluetooth FTP-klienten fra -affix, der indeholder brugerværktøjer til Affix Bluetooth-protokolstakken. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -sårbarheder:

- -
    - -
  • CAN-2005-2250 - -

    Et bufferoverløb tillod fjernangribere at udføre vilkårlig kode via et - langt filnavn i en OBEX-fildeling.

    - -
  • CAN-2005-2277 - -

    Manglende kontrol af inddata før udførelse af shell-kommandoer gjorde - det muligt for en angriber at udføre vilkårlige kommandoer som root.

    - -
- -

Den gamle stabile distribution (woody) er ikke påvirket af disse -problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.1.1-2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.1.2-2.

- -

Vi anbefaler at du opgraderer din affix-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-762.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-763.wml b/danish/security/2005/dsa-763.wml deleted file mode 100644 index 2ca1f8efe74..00000000000 --- a/danish/security/2005/dsa-763.wml +++ /dev/null @@ -1,21 +0,0 @@ -fjern-DoS-angreb - -

Markus Oberhumer har opdaget en fejl i den måde zlib, et bibliotek der -anvendes til komprimering og dekomprimering af filer, håndterer ukorrekte -inddata. Fejlen kunne få programmer der anvender zlib til at gå ned når en -ugyldig fil blev åbnet.

- -

Dette problem påvirker ikke den gamle stabile distribution (woody).

- -

I den nuværende stabile distribution (sarge), er dette problem rettet -i version 1.2.2-4.sarge.2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2.3-1.

- -

Vi anbefaler at du opgraderer din zlib-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-763.data" -#use wml::debian::translation-check translation="7c52c6a848246d5cb4e4b3608d0c42425a317531" mindelta="1" diff --git a/danish/security/2005/dsa-764.wml b/danish/security/2005/dsa-764.wml deleted file mode 100644 index 0b0ca133729..00000000000 --- a/danish/security/2005/dsa-764.wml +++ /dev/null @@ -1,58 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i cacti, et "round-robin"-databaseværktøj (RRD) -som hjælper med at fremstille grafer fra databaseoplysninger. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-1524 - -

    Maciej Piotr Falkiewicz og en anonym efterforsker har opdaget en fejl - i kontrollen af inddata, der gjorde det muligt for en angriber at indlejre - vilkårlig PHP-kode fra andre websteder, hvilket tillod udførelse af - vilkårlig kode på serveren der kører cacti.

    - -
  • CAN-2005-1525 - -

    På grund af manglende kontrol af inddata tillod cacti at fjernangribere - kunne indsætte vilkårlige SQL-kommandoer.

    - -
  • CAN-2005-1526 - -

    Maciej Piotr Falkiewicz har opdaget en fejl ved kontrol af inddata, som - gjorde det muligt for en angriber at indsprøjte vilkårlig PHP-kode fra - andre websteder, hvilket tillod udførelse af vilkårlig kode på serveren - der kører cacti.

    - -
  • CAN-2005-2148 - -

    Stefan Esser har opdaget at opdateringen til de ovenfor nævnte - sårbarheder ikke udfører korrekt kontrol af inddata som beskyttelse mod - gængse angreb.

    - -
  • CAN-2005-2149 - -

    Stefan Esser har opdaget at opdateringen til - \ - CAN-2005-1525 tillader at fjernangribere ændre sessionsoplysninger for - at opnå rettigheder og slå anvendelsen af addslashes fra, der beskytter mod - indsprøjtning af SQL.

    - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 0.6.7-2.5.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.8.6c-7sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.8.6f-2.

- -

Vi anbefaler at du opgraderer din cacti-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-764.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-765.wml b/danish/security/2005/dsa-765.wml deleted file mode 100644 index c9983646af1..00000000000 --- a/danish/security/2005/dsa-765.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

Gaël Delalleau har opdaget et bufferoverløb i håndteringen af -LINEMODE-undervalgmulighederne i telnetklienter. Heimdal, en fri -implementering af Kerberos 5, indeholder også en sådan klient. Dette kunne -medføre udførelse af vilkårlig kode når man var forbundet til en ondsindet -server.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.4e-7.woody.11.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.6.3-10.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.6.3-10.

- -

Vi anbefaler at du opgraderer din heimdal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-765.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-766.wml b/danish/security/2005/dsa-766.wml deleted file mode 100644 index 9cede0d9f22..00000000000 --- a/danish/security/2005/dsa-766.wml +++ /dev/null @@ -1,20 +0,0 @@ -autorisationsfejl - -

En sårbarhed er opdaget i webcalendar, en PHP-baseret flerbruger-kalender, -der kunne medføre afsløring af følsomme oplysninger til uautoriserede -personer.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken webcalendar.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.45-4sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.45-6.

- -

Vi anbefaler at du opgraderer din webcalendar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-766.data" -#use wml::debian::translation-check translation="29ee23a04d844faa77787aa51e48c10ddd3d4db4" mindelta="1" diff --git a/danish/security/2005/dsa-767.wml b/danish/security/2005/dsa-767.wml deleted file mode 100644 index 420a349322b..00000000000 --- a/danish/security/2005/dsa-767.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

Marcin Slusarz har opdaget to heltalsoverløbssårbarheder i libgadu, et -bibliotek der leveres og anvendes af ekg, en Gadu Gadu-konsolklient og et -chatprogram. Sårbarhederne kunne medføre udførelse af vilkårlig kode.

- -

Biblioteket anvendes også af andre pakker som eksempelvis kopete, der bør -genstartes for at kunne drage nytte af denne opdatering.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken ekg.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.5+20050411-5.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.5+20050718+1.6rc3-1.

- -

Vi anbefaler at du opgraderer din ekg-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-767.data" -#use wml::debian::translation-check translation="eea38bc5d39e1a8fa3b763ecbe2cf8a4e0cfa1d6" mindelta="1" diff --git a/danish/security/2005/dsa-768.wml b/danish/security/2005/dsa-768.wml deleted file mode 100644 index c9afce8279f..00000000000 --- a/danish/security/2005/dsa-768.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

En sårbarhed i forbindelse med udførelse af skripter på tværs af websteder, -er opdaget i phpBB2, et omfattende webforumprogram der kan anvende skins. -Sårbarheden gjorde det muligt for fjernangribere at indsprøjte vilkårlige -webskripter eller HTML-kode via indlejrede tags.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken phpbb2.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.0.13-6sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.13-6sarge1.

- -

Vi anbefaler at du opgraderer dine phpbb2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-768.data" -#use wml::debian::translation-check translation="a5d6af41558dd8bf8106ed8fd92339e78c089775" mindelta="1" diff --git a/danish/security/2005/dsa-769.wml b/danish/security/2005/dsa-769.wml deleted file mode 100644 index 21701b1abff..00000000000 --- a/danish/security/2005/dsa-769.wml +++ /dev/null @@ -1,23 +0,0 @@ -hukommelsesjusteringsfejl - -

Szymon Zygmunt og Michal Bartoszkiewicz har opdaget en -hukommelsesjusteringsfejl i libgadu (fra ekg, en Gada Gadu-konsolklient til -chat), der også er indeholdt i gaim, et chat-program der understøtter flere -protokoller. Denne fejl kan ikke udnyttes på x86-arkitekturen, men på andre -som fx Sparc, og kan føre til en busfejl, dvs. med andre ord et -lammelsesangreb (DoS, denial of service).

- -

Den gamle stabile distribution (woody) lader ikke til at være påvirket af -dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.2.1-1.4.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din gaim-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-769.data" -#use wml::debian::translation-check translation="b6efdb9b284a4def8da7e043b8e598ad211fdea7" mindelta="1" diff --git a/danish/security/2005/dsa-770.wml b/danish/security/2005/dsa-770.wml deleted file mode 100644 index 578621ff05b..00000000000 --- a/danish/security/2005/dsa-770.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker oprettelse af midlertidig fil - -

John Goerzen har opdaget at gopher, en klient til Gopher Distributed -Hypertext-protokollen, opretter midlertidige filer på en usikker måde.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 3.0.3woody3.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.0.7sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.0.9.

- -

Vi anbefaler at du opgraderer din gopher-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-770.data" -#use wml::debian::translation-check translation="6c79052561208b9aa8ea466fe77d17dd94069489" mindelta="1" diff --git a/danish/security/2005/dsa-771.wml b/danish/security/2005/dsa-771.wml deleted file mode 100644 index 861d333d999..00000000000 --- a/danish/security/2005/dsa-771.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - -

Flere problemer er opdaget i pdns, en alsidig navneserver, som kunne medføre -et lammelsesangreb. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CAN-2005-2301 - -

    Norbert Sendetzky og Jan de Groot har opdaget at LDAP-backend'en ikke - indkapslede alle forespørgsler på korrekt vis, hvilket fik den til at fejle - og ikke længere besvare forespørgsler.

    - -
  • CAN-2005-2302 - -

    Wilco Baan har opdaget at forespørgsler fra klienter uden - rekursionsrettigheder, midlertidigt kunne få domæner til at forsvinde for - klienter hvor rekursion var tilladt. Dette gjorde det muligt for udefra - kommende brugere at få et domæne til at forsvinde midlertidigt for - almindelige brugere.

    - -
- -

Den gamle stabile distribution (woody) indeholder ikke pakken pdns.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.9.17-13sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.9.18-1.

- -

Vi anbefaler at du opgraderer din pdns-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-771.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-772.wml b/danish/security/2005/dsa-772.wml deleted file mode 100644 index 5616ee67ca5..00000000000 --- a/danish/security/2005/dsa-772.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="354a76afc46f79e67f01bc860c0c9ed0017acbb3" mindelta="1" -manglende kontrol af inddata - -

Eduard Bloch har opdaget en fejl i apt-cacher, et mellemlagringssystem til -Debian-pakker og kildekodefiler. Fejlen kunne gøre det muligt for -fjernangribere at udføre vilkårlige kommandoer på værtsmaskinen med -mellemlageret som brugeren www-data.

- -

Den gamle stabile distribution (woody) indeholder ikke denne pakke.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.4sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.10.

- -

Vi anbefaler at du opgraderer din apt-cacher-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-772.data" -#use wml::debian::translation-check translation="354a76afc46f79e67f01bc860c0c9ed0017acbb3" mindelta="1" diff --git a/danish/security/2005/dsa-773.wml b/danish/security/2005/dsa-773.wml deleted file mode 100644 index 80bb15112dd..00000000000 --- a/danish/security/2005/dsa-773.wml +++ /dev/null @@ -1,12 +0,0 @@ -flere sårbarheder - -

Med denne bulletin får den stabile amd64-distribution -sikkerhedsunderstøttelse. Bulletinen dækker alle opdateringer siden udgivelsen -af "sarge", som manglede opdaterede pakker til den endnu ikke officielle -tilpasning til amd64. Fremtidige sikkerhedsbulletiner vil desuden indeholde -opdateringer vedrørende denne tilpasning.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-773.data" -#use wml::debian::translation-check translation="f71b5cc85bbb44bc9126b8508d321661176721ff" mindelta="1" diff --git a/danish/security/2005/dsa-774.wml b/danish/security/2005/dsa-774.wml deleted file mode 100644 index 3a1b6581eca..00000000000 --- a/danish/security/2005/dsa-774.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Edward Shornock har opdaget en fejl i UIDL-håndteringskoden i fetchmail, et -udbredt posthentningsværktil til POP3, APOP og IMAP. En ondsindet POP3-server -kunne udnytte dette problem ved at indsprøjte vilkårlig kode, der blev udført -på offerets maskine. Hvis fetchmail kører som root, bliver dette til en -root-udnyttelse.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 6.2.5-12sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.2.5-16.

- -

Vi anbefaler at du opgraderer din fetchmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-774.data" -#use wml::debian::translation-check translation="fcb793a0892e5e334450ac310b219f9a64be1039" mindelta="1" diff --git a/danish/security/2005/dsa-775.wml b/danish/security/2005/dsa-775.wml deleted file mode 100644 index 6b9da721d1c..00000000000 --- a/danish/security/2005/dsa-775.wml +++ /dev/null @@ -1,22 +0,0 @@ -frameindsprøjtningsfup - -

En sårbarhed er opdaget i Mozilla og Mozilla Firefox. Sårbarheden gjorde det -muligt for fjernangribere at indsprøjte vilkårligt JavaScript fra en side ind i -et andet websteds framesæt. Thunderbird er ikke påvirket og Galeon vil -automatisk blive rettet da programmet anvender komponenter fra Mozilla.

- -

Den gamle stabile distribution (woody) indeholder ikke Mozilla -Firefox-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.4-2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.6-1.

- -

Vi anbefaler at du opgraderer din mozilla-firefox-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-775.data" -#use wml::debian::translation-check translation="d53a87aea619472cb81cb42232248644f244074f" mindelta="1" diff --git a/danish/security/2005/dsa-776.wml b/danish/security/2005/dsa-776.wml deleted file mode 100644 index ce494a8bc0d..00000000000 --- a/danish/security/2005/dsa-776.wml +++ /dev/null @@ -1,36 +0,0 @@ -heltalsoverløb, uendelig løkke - -

Flere fejl er opdaget i Clam AntiVirus, antivirusscanningsprogrammet til -Unix, der er designet med det formål at kunne integreres med mailservere for -at kunne scanne vedhæftede filer. Der er fundet frem til følgende -problemer:

- -
    - -
  • CAN-2005-2450 - -

    Neel Mehta og Alex Wheeler opdagede at Clam AntiVirus er sårbar over for - et heltalsoverløb ved håndtering af filformaterne TNEF, CHM og FSG.

    - -
  • CVE-NOMATCH - -

    Mark Pizzolato rettede en mulig uendelig løkke der kunne forårsage et - lammelsesangreb (denial of service).

    - -
- -

Den gamle stabile distribution (woody) er ikke påvirket da den ikke -indeholder clamav.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.84-2.sarge.2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.86.2-1.

- -

Vi anbefaler at du opgraderer din clamav-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-776.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-777.wml b/danish/security/2005/dsa-777.wml deleted file mode 100644 index 045deaa80a3..00000000000 --- a/danish/security/2005/dsa-777.wml +++ /dev/null @@ -1,19 +0,0 @@ -frameindsprøjtningsfup - -

En sårbarhed er opdaget i Mozilla og Mozilla Firefox. Sårbarheden gjorde det -muligt for fjernangribere at indsprøjte vilkårligt JavaScript fra en side ind i -et andet websteds framesæt. Thunderbird er ikke påvirket og Galeon vil -automatisk blive rettet da programmet anvender komponenter fra Mozilla.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.7.8-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.7.10-1.

- -

Vi anbefaler at du opgraderer din Mozilla-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-777.data" -#use wml::debian::translation-check translation="33752e8ccc2020312d2c01ec57fa09bb95dc9028" mindelta="1" diff --git a/danish/security/2005/dsa-778.wml b/danish/security/2005/dsa-778.wml deleted file mode 100644 index 4b49aafaae2..00000000000 --- a/danish/security/2005/dsa-778.wml +++ /dev/null @@ -1,43 +0,0 @@ -manglende kontrol af inddata - -

To sikkerhedsrelaterede problemer er opdaget i Mantis, et webbaseret -fejlsporingssystem. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CAN-2005-2556 - -

    En fjernangriber kunne levere en særligt fremstillet URL til scanning af - vilkårlige porte på vilkårlige værtsmaskiner, der måske ellers ikke var - tilgængelige.

    - -
  • CAN-2005-2557 - -

    En fjernangriber kunne indsætte vilkårlig HTML-kodefejlrapporter, - dvs. en sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder.

    - -
  • CAN-2005-3090 - -

    En fjernangriber kunne indsætte vilkårlig HTML-kodefejlrapporter, - dvs. en sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder.

    - -
- -

Den gamle stabile distribution (woody) lader ikke til at være påvirket af -disse problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.19.2-4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.19.2-4.

- -

Vi anbefaler at du opgraderer din mantis-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-778.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-779.wml b/danish/security/2005/dsa-779.wml deleted file mode 100644 index 4dea6d2c761..00000000000 --- a/danish/security/2005/dsa-779.wml +++ /dev/null @@ -1,93 +0,0 @@ -flere sårbarheder - -

Vi oplevede at opdateringen af Mozilla Firefox som følge af DSA 779-1 -desværre var en regression i flere tilfælde. Da den almindelige praksis med -tilbageførelse af ændringer ikke lader til at virke, er denne opdatering -grundlæggende version 1.0.6 hvor versionsnummeret er rullet tilbage, og derfor -stadig hedder 1.0.4-*. For fuldstændighedens skyld følger herunder bulletinens -oprindelige tekst:

- -
-

Flere problemer er opdaget i Mozilla Firefox, en letvægtswebbrowser baseret -på Mozilla. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CAN-2005-2260 - -

    Browserens brugergrænseflade skelner ikke korrekt mellem - brugergenererede begivenheder og syntetiske begivenheder som man ikke kan - stole på, hvilket gjode det nemmere for fjernagrigere at udføre farlige - handlinger som normalt kun kunne udføres manuelt af brugeren.

    - -
  • CAN-2005-2261 - -

    XML-skripter kørte selv når Javascript var slået fra.

    - -
  • CAN-2005-2262 - -

    Brugeren kunne snydes til at udføre vilkårlig JavaScript-kode ved at - bruge en JavaScript-URL som wallpaper.

    - -
  • CAN-2005-2263 - -

    Det var muligt for en fjernangriber at udføre en tilbagekaldsfunktion i - et andet domænes kontekst (dvs. fx en frame).

    - -
  • CAN-2005-2264 - -

    Ved åbning af et ondsindet link i sidebar'en var det muligt for - fjernangribere at stjæle følsomme oplysninger.

    - -
  • CAN-2005-2265 - -

    Manglende kontrol af inddata i InstallVersion.compareTo() kunne medføre - at programmet gik ned.

    - -
  • CAN-2005-2266 - -

    Fjernangribere kunne stjæle følsomme oplysninger så som cookies og - adgangskoder fra webstedet ved at tilgå data i fremmede frames.

    - -
  • CAN-2005-2267 - -

    Ved at anvende en separat applikation som fx Flash eller QuickTime til - at åbne en javascript: URL, var det muligt for en fjernangriber at stjæle - følsomme oplysninger og muligvis udføre vilkårlig kode.

    - -
  • CAN-2005-2268 - -

    Det var muligt for en Javascript-dialogboks at udgive sig for en - dialogboks fra et websted der stoles på og dermed være et instrument i et - "phishing"-angreb.

    - -
  • CAN-2005-2269 - -

    Fjernangribere kunne ændre visse tag-indstillinger hørende til - DOM-noder, hvilket kunne før til udførelse af vilkårlige skripter eller - kode.

    - -
  • CAN-2005-2270 - -

    Mozilla-browserfamilien kloner ikke baseobjekter korrekt, hvilket gjorde - det muligt for fjernangribere at udføre vilkårlig kode.

    - -
-
- -

Den gamle stabile distribution (woody) er ikke påvirket af disse -problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.4-2sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.0.6-1.

- -

Vi anbefaler at du opgraderer dine Mozilla Firefox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-779.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-780.wml b/danish/security/2005/dsa-780.wml deleted file mode 100644 index 67ca1e54018..00000000000 --- a/danish/security/2005/dsa-780.wml +++ /dev/null @@ -1,20 +0,0 @@ -forkert kontrol af inddata - -

En fejl er opdaget i skrifttypehåndteringskoden i xpdf, og denne fejl findes -også i kpdf, KDE's PDF-visningsprogram. En særligt fremstillet PDF-fil kunne -forårsage uendeligt forbrug af ressourcer, både CPU og harddiskplads.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.3.2-2sarge1.

- -

I den ustabile distribution (sid) vil dette problem blive rettet så snart de -nødvendige biblioteker har fået gennemført deres C++ ABI-overgang.

- -

Vi anbefaler at du opgraderer din kpdf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-780.data" -#use wml::debian::translation-check translation="69fbf206e427f7dd051e77659b1d9319cae6df71" mindelta="1" diff --git a/danish/security/2005/dsa-781.wml b/danish/security/2005/dsa-781.wml deleted file mode 100644 index 0a25f696e54..00000000000 --- a/danish/security/2005/dsa-781.wml +++ /dev/null @@ -1,74 +0,0 @@ -flere sårbarheder - - -

Flere problemer er opdaget i Mozilla Firefox, Mozilla-programpakkens -uafhængige e-mail-klient. Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-0989 - -

    Fjernangribere kunne læse dele af heaphukommelsen ind i en - Javascript-streng via lambda-udskiftningsmetoden.

    - -
  • CAN-2005-1159 - -

    Javascript-fortolkeren kunne narres til at fortsættelse udførelse på en - forkert hukommelsesadresse, hvilket kunne gøre det muligt for angribere at - forårsage et lammelsesangreb (denial of service, programnedbrud) og - muligvis udføre vilkårlig kode.

    - -
  • CAN-2005-1160 - -

    Fjernangribere kunne overskrive visse indstillinger eller metoder - hørende til DOM-noder og opnå rettigheder.

    - -
  • CAN-2005-1532 - -

    Fjernangribere kunne overskrive visse indstillinger eller metoder på - grund af manglende korrekt begrænsning af Javascrip-eval og - Script-objekter, og opnå rettigheder.

    - -
  • CAN-2005-2261 - -

    XML-skripter kørte selv når Javascript var slået fra.

    - -
  • CAN-2005-2265 - -

    Manglende kontrol af inddata i InstallVersion.compareTo() kunne medføre - at programmet gik ned.

    - -
  • CAN-2005-2266 - -

    Fjernangribere kunne stjæle følsomme oplysninger så som cookies og - adgangskoder fra webstedet ved at tilgå data i fremmede frames.

    - -
  • CAN-2005-2269 - -

    Fjernangribere kunne ændre visse tag-indstillinger hørende til - DOM-noder, hvilket kunne før til udførelse af vilkårlige skripter eller - kode.

    - -
  • CAN-2005-2270 - -

    Mozilla-browserfamilien kloner ikke baseobjekter korrekt, hvilket gjorde - det muligt for fjernangribere at udføre vilkårlig kode.

    - -
- -

Den gamle stabile distribution (woody) er ikke påvirket af disse problemer, -da den ikke indeholder Mozilla Thunderbird-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.2-2.sarge1.0.6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.0.6-1.

- -

Vi anbefaler at du opgraderer din Mozilla Thunderbird-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-781.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-782.wml b/danish/security/2005/dsa-782.wml deleted file mode 100644 index 3428e690553..00000000000 --- a/danish/security/2005/dsa-782.wml +++ /dev/null @@ -1,22 +0,0 @@ -manglende kontrol af inddata - -

Henryk Plötz har opdaget en sårbarhed i bluez-utils, værktøjer og dæmoner -til Bluetooth. På grund af manglende kontrol af inddata var det muligt for en -angriber at udføre vilkårlige kommandoer leveret som et devicenavn fra et -fjernt device.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem, da -den ikke indeholder bluez-utils-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.15-1.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.19-1.

- -

Vi anbefaler at du opgraderer din bluez-utils-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-782.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-783.wml b/danish/security/2005/dsa-783.wml deleted file mode 100644 index 006675352c9..00000000000 --- a/danish/security/2005/dsa-783.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikker midlertidig fil - -

Eric Romang har opdaget en sårbarhed i forbindelse med en usikker fil i et -skript der følger med MySQL, et populært databaseprogram. Sårbarheden gjorde -det muligt for en angriber at udføre vilkårlige SQL-kommandoer når serveren -blev installeret eller opdateret.

- -

Den gamle stabile distribution (woody) såvel som mysql-dfsg er ikke påvirket -af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.1.11a-4sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.1.12 af mysql-dfsg-4.1 og 5.0.11beta-3 af mysql-dfsg-5.0.

- -

Vi anbefaler at du opgraderer dine mysql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-783.data" -#use wml::debian::translation-check translation="3f90bacfd8cde334321554443fd15935c68b1a65" mindelta="1" diff --git a/danish/security/2005/dsa-784.wml b/danish/security/2005/dsa-784.wml deleted file mode 100644 index d8aafc67925..00000000000 --- a/danish/security/2005/dsa-784.wml +++ /dev/null @@ -1,23 +0,0 @@ -programmeringsfejl - -

Et problem er opdaget i Courier Mail Server. DNS-fejl blev ikke håndteret -korrekt ved opslag på Sender Policy Framework-poster (SPF), hvilket kunne gøre -det muligt for angribere at forårsage hukommelseskorruption. I Debians -standardopsætning er SPF-kontrol slået fra, hvorfor de fleste maskiner ikke er -sårbare, dette er forklaret i manualsiden til "courier", under afsnittet SENDER -POLICY FRAMEWORK KEYWORDS.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.47-4sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.47-6.

- -

Vi anbefaler at du opgraderer din courier-mta-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-784.data" -#use wml::debian::translation-check translation="8b9775f4b74ca42a0f37ae7a0753b4799d4883a6" mindelta="1" diff --git a/danish/security/2005/dsa-785.wml b/danish/security/2005/dsa-785.wml deleted file mode 100644 index 270f8e401a6..00000000000 --- a/danish/security/2005/dsa-785.wml +++ /dev/null @@ -1,20 +0,0 @@ -autentifikationsomgåelse - -

Man har opdaget at libpam-ldap, Pluggable Authentication Module der giver -mulighed for LDAP-grænseflader, ignorerer resultatet af et forsøg på at -autentificere mod en LDAP-server som ikke opsætter et valgfrit datafelt.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 178-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 178-1sarge1.

- -

Vi anbefaler at du opgraderer din libpam-ldap-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-785.data" -#use wml::debian::translation-check translation="b27d11d23c55bd839184766c856e4d6d383c8a48" mindelta="1" diff --git a/danish/security/2005/dsa-786.wml b/danish/security/2005/dsa-786.wml deleted file mode 100644 index bdcef71ddaa..00000000000 --- a/danish/security/2005/dsa-786.wml +++ /dev/null @@ -1,20 +0,0 @@ -formatstrengssårbarhed - -

Ulf Härnhammar fra Debians sikkerhedsauditprojekt har opdaget en -formatstrengssårbarhed i simpleproxy, en simpel TCP-proxy, som kan udnyttes via -svar fra fjerne HTTP-proxy'er.

- -

Den gamle stabile distribution (woody) er ikke påvirket.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.2-3sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.2-4.

- -

Vi anbefaler at du opgraderer din simpleproxy-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-786.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-787.wml b/danish/security/2005/dsa-787.wml deleted file mode 100644 index 2d074596896..00000000000 --- a/danish/security/2005/dsa-787.wml +++ /dev/null @@ -1,38 +0,0 @@ -usikre rettigheder og midlertidig fil - -

To fejl er fundet i backup-manager, et kommandolinjestyret backup-værktøj. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CAN-2005-1855 - -

    Jeroen Vermeulen har opdaget at backup-filer oprettes med - standardrettigheder, hvilket gør dem læsbare for alle, også selvom de kan - indeholde følsomme oplysninger.

    - -
  • CAN-2005-1856 - -

    Sven Joachim har opdaget at backup-managers valgfrie funktion til - brænding af cd'er anvender et hårdkodet filnavn til logning, placeret i en - mappe der er læsbar for alle. Dette kunne blive offer for et - symlink-angreb.

    - -
- -

Den gamle stabile distribution (woody) indeholder ikke pakken -backup-manager.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.5.7-1sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.5.8-2.

- -

Vi anbefaler at du opgraderer din backup-manager-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-787.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-788.wml b/danish/security/2005/dsa-788.wml deleted file mode 100644 index a39113c0aaa..00000000000 --- a/danish/security/2005/dsa-788.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i kismet, et værktøj til -overvågning af trådløse 802.11b-forbindelser. Projektet Common Vulnerabilities -and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-2626 - -

    Usikker håndtering af u-udskrivbare tegn i SSID'en.

    - -
  • CAN-2005-2627 - -

    Flere heltalsunderløb kunne gøre det muligt for fjernangribere at udføre - vilkårlig kode.

    - -
- -

Den gamle stabile distribution (woody) lader ikke til at være påvirket af -disse problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2005.04.R1-1sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2005.08.R1-1.

- -

Vi anbefaler at du opgraderer din kismet-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-788.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-789.wml b/danish/security/2005/dsa-789.wml deleted file mode 100644 index b46b493d4ad..00000000000 --- a/danish/security/2005/dsa-789.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er fundet i PHP4, -serverside-skriptsproget med indlejret HTML-kode. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-1751 - -

    Eric Romang har opdaget usikre midlertidige filer i værktøjet shtool, - der distribueres sammen med PHP. Sårbarheden kunne udnyttes af en lokal - angriber til at overskrive vilkårlige filer. Denne sårbarhed påvirker kun - pakkerne i oldstable.

    - -
  • CAN-2005-1921 - -

    GulfTech har opdaget at PEAR XML_RPC er sårbar over for en sårbarhed i - forbindelse med fjernudførelse af PHP-kode, hvilket kunne gøre det muligt - for en angriber at kompromittere en sårbar server.

    - -
  • CAN-2005-2498 - -

    Stefan Esser har opdaget en anden sårbarhed i XML-RPC-bibliotekerne, der - gjorde det muligt at indsprøjte vilkårlig PHP-kode i eval()-kommandoer.

    - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 4.1.2-7.woody5.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4.3.10-16.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.4.0-2.

- -

Vi anbefaler at du opgraderer dine PHP-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-789.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-790.wml b/danish/security/2005/dsa-790.wml deleted file mode 100644 index a5d7b7c8671..00000000000 --- a/danish/security/2005/dsa-790.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Alexander Gerasiov har opdaget at phpldapadmin, en webbaseret grænseflade -til administering af LDAP-servere, gav alle adgang til LDAP anonymt, også -selvom dette var slået fra i opsætningen med kommandoen "disable_anon_bind".

- -

Den gamle stabile distribution (woody) er ikke sårbar over for dette -problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.5-3sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.6c-5.

- -

Vi anbefaler at du opgraderer din phpldapadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-790.data" -#use wml::debian::translation-check translation="c1215405ae54de85ed1340ce6c20400512928025" mindelta="1" diff --git a/danish/security/2005/dsa-791.wml b/danish/security/2005/dsa-791.wml deleted file mode 100644 index 96666f77eea..00000000000 --- a/danish/security/2005/dsa-791.wml +++ /dev/null @@ -1,22 +0,0 @@ -manglende frigivelse af rettigheder - -

Max Vozeler har opdaget at lockmail-programmet fra maildrop, et simpelt -program til aflevering af post med filtereringsfunktionalitet, ikke smider -grupperettigheder væk før udførelsen af kommandoer angivet på kommandolinjen, -hvilket gjorde det muligt for en angriber at udføre vilkårlige kommandoer med -rettighederne hørende til gruppen mail.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.5.3-1.1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.5.3-2.

- -

Vi anbefaler at du opgraderer din maildrop-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-791.data" -#use wml::debian::translation-check translation="8d1e1e0d03ec053201411c79236fb4cd8fe924df" mindelta="1" diff --git a/danish/security/2005/dsa-792.wml b/danish/security/2005/dsa-792.wml deleted file mode 100644 index d483b899606..00000000000 --- a/danish/security/2005/dsa-792.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Max Vozeler har opdaget at pstotext, et værktøj til udtrækning af tekst fra -PostScript- og PDF-filer, kaldte ikke ghostscript med argumentet -dSAFER, -hvilket forhindrer potentielle ondsindede handlinger i at finde sted.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.8g-5woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.9-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.9-2.

- -

Vi anbefaler at du opgraderer din pstotext-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-792.data" -#use wml::debian::translation-check translation="71d630abc57bb60d7c1694659534d651f857ae15" mindelta="1" diff --git a/danish/security/2005/dsa-793.wml b/danish/security/2005/dsa-793.wml deleted file mode 100644 index 3e4d4bc8de4..00000000000 --- a/danish/security/2005/dsa-793.wml +++ /dev/null @@ -1,22 +0,0 @@ -manglende kontrol af inddata - -

Jakob Balle har opdaget en sårbarhed i håndteringen af vedhæftede filer i -sqwebmail, et webmail-program der leveres sammen med courier -mail-programpakken. Sårbarheden kunne udnyttes af en angriber til at udføre et -angreb med indsættelse af skripter.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.37.3-2.6.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.47-4sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.47-8.

- -

Vi anbefaler at du opgraderer din sqwebmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-793.data" -#use wml::debian::translation-check translation="11cad26c4a1ad9e81e2a4497866e4a044fbb9c03" mindelta="1" diff --git a/danish/security/2005/dsa-794.wml b/danish/security/2005/dsa-794.wml deleted file mode 100644 index 3ff95feefb0..00000000000 --- a/danish/security/2005/dsa-794.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

Justin Rye har opdaget at præ-oversatte grammatikobjekter genereret af -polygen var skrivbare for alle, hvilket kunne udnyttes af en lokal angriber til -mindst at fylde filsystemet op.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken polygen.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.6-7sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.6-9.

- -

Vi anbefaler at du opgraderer din polygen-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-794.data" -#use wml::debian::translation-check translation="b78df8861611b4de64ce197834969a3381d570c4" mindelta="1" diff --git a/danish/security/2005/dsa-795.wml b/danish/security/2005/dsa-795.wml deleted file mode 100644 index bc88ee93b0f..00000000000 --- a/danish/security/2005/dsa-795.wml +++ /dev/null @@ -1,26 +0,0 @@ -potentiel udførelse af kode - -

infamous42md rapporterer at proftpd er ramt af to formatstrengssårbarheder. -I den første kunne en bruger med mulighed for at oprette mapper udløse -formatstrengsfejlen hvis der var en nedlukningsmeddelelse i proftpd der var -opsat til at anvende variablerne "%C", "%R" eller "%U". I den anden sårbarhed -blev fejlen udløst hvis if mod_sql blev anvendt til at hente meddelelser fra en -database, og hvis formatstrenge var blevet indsat i databasen af en bruger med -rettigheder til at gøre dette.

- -

Den gamle stabile distribution (woody) er ikke påvirket af disse -sårbarheder.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.2.10-15sarge1. Der var en fejl i pakkerne der oprindeligt blev -forberedt til i386, som er rettet i 1.2.10-15sarge1.0.1 til i386.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.10-20.

- -

Vi anbefaler at du opgraderer din proftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-795.data" -#use wml::debian::translation-check translation="f6ecc08f664388337a70f7e7f767757c4a1f7624" mindelta="1" diff --git a/danish/security/2005/dsa-796.wml b/danish/security/2005/dsa-796.wml deleted file mode 100644 index 712733e82cd..00000000000 --- a/danish/security/2005/dsa-796.wml +++ /dev/null @@ -1,21 +0,0 @@ -fjernudførelse af kommando - -

Kevin Finisterre rapporterer at affix, en pakke der anvendes til at -håndtere bluetooth-sessioner under Linux, anvender popen-kaldet på en usikker -måde. En fjernangriber kunne udnytte sårbarheden til at udføre vilkårlige -kommandoer på et sårbart system.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken affix.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.1.1-3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.1.2-3.

- -

Vi anbefaler at du opgraderer din affix-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-796.data" -#use wml::debian::translation-check translation="c3a03448f2bf9e55f73b597b35fdf8d5e4d23f8c" mindelta="1" diff --git a/danish/security/2005/dsa-797.wml b/danish/security/2005/dsa-797.wml deleted file mode 100644 index 514c8d05fb3..00000000000 --- a/danish/security/2005/dsa-797.wml +++ /dev/null @@ -1,25 +0,0 @@ -lammelsesangreb - -

Zsync, et filoverførselsprogram, indeholder en tilrettet lokal kopi af -zlib-biblioteket, og er sårbar overfor visse fejl der tidligere er rettet i -zlib-pakken.

- -

Der var en opbygningsfejl af sarge i386s proftpd-pakker udgivet i -forbindelse med DSA 797-1. En ny opbygning, zsync_0.3.3-1.sarge.1.2, er -fremstillet for at rette denne fejl. Pakkerne til de øvrige -arkitekturer er ikke påvirket.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken zsync.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.3.3-1.sarge.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.4.0-2.

- -

Vi anbefaler at du opgraderer din zsync-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-797.data" -#use wml::debian::translation-check translation="3403cd2032d50c3c8bdf7611fc15e07a55b80ab6" mindelta="1" diff --git a/danish/security/2005/dsa-798.wml b/danish/security/2005/dsa-798.wml deleted file mode 100644 index f9ca88668a2..00000000000 --- a/danish/security/2005/dsa-798.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i phpgroupware, et webbaseret groupwaresystem -skrevet i PHP. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende problemer:

- -
    - -
  • CAN-2005-2498 - -

    Stefan Esser har opdaget en sårbarhed mere i XML-RPC-bibliotekerne, der - gjorde det muligt at sprøjte vilkårlig PHP-kode ind i eval()-kommandoer. - XMLRPC-komponenten er slået fra.

    - -
  • CAN-2005-2600 - -

    Alexander Heidenreich har opdaget et problem i forbindelse med udførelse - af skripter på tværs af websteder (cross-site scripting) i trævisningen i - FUD Forum Bulletin Board Software, der også er i phpgroupware.

    - -
  • CAN-2005-2761 - -

    En rettelse af et globalt problem med udførelse af skripter på tværs af - websteder, den beskytter mod potentielt ondsindede skripter indehold i CSS - og xmlns i forskellige dele af programmet og modulerne.

    - -
- -

Opdateringen indeholder desuden en postinst-fejlrettelse, der er blevet -godkendt til den næste opdatering af den stabile udgave.

- -

I den gamle stabile distribution (woody) gælder disse problemer ikke.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.9.16.005-3.sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.9.16.008.

- -

Vi anbefaler at du opgraderer dine phpgroupware-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-798.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-799.wml b/danish/security/2005/dsa-799.wml deleted file mode 100644 index e6671cdfce0..00000000000 --- a/danish/security/2005/dsa-799.wml +++ /dev/null @@ -1,19 +0,0 @@ -fjernudførelse af kode - -

En trivielt udnytbar fejl er opdaget i webcalendar, fejlen gjorde det muligt -for en angriber at udføre vilkårlig kode med rettighederne hørende til -HTTP-dæmonen på et system der kører en sårbar version.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken webcalendar.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.45-4sarge2.

- -

I den ustabile distribution (sid) vil problemet snarest blive rettet.

- -

Vi anbefaler at du omgående opgraderer din webcalendar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-799.data" -#use wml::debian::translation-check translation="478a94b7d21f2ff6077ae27683ec1c758849c1b4" mindelta="1" diff --git a/danish/security/2005/dsa-800.wml b/danish/security/2005/dsa-800.wml deleted file mode 100644 index 33aa7de4370..00000000000 --- a/danish/security/2005/dsa-800.wml +++ /dev/null @@ -1,25 +0,0 @@ -heltalsoverløb - -

Et heltalsoverløb med efterfølgende bufferoverløb er opdaget i PCRE, Perl -Compatible Regular Expressions-biblioteket. Overløbet gjorde det muligt for en -angriber at udføre vilkårlig kode.

- -

Da flere pakker linker dynamisk til dette bibliotek, råder vi til at du -genstarter de pågældende services og/eller programmer. Kommandoen "apt-caches -showpkg libpcre3" viser de pågældende pakker i afsnittet "Reverse Depends:".

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 3.4-1.1woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.5-1.2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.3-1.

- -

Vi anbefaler at du opgraderer din libpcre3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-800.data" -#use wml::debian::translation-check translation="10f0f5ebf654040d47240a602cd22bb74095d6ae" mindelta="1" diff --git a/danish/security/2005/dsa-801.wml b/danish/security/2005/dsa-801.wml deleted file mode 100644 index c2ee3071121..00000000000 --- a/danish/security/2005/dsa-801.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

SuSE-udviklere har opdaget at ntp forveksle den angivne gruppeid med -gruppeid'en hørende til den pågældende bruger, når gruppeid'en angives på -kommandolinjen er specifieres som en streng og ikke som en numerisk gid, -hvilket medfører at ntpd kører med andre rettigheder end ønsket.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.2.0a+stable-2sarge1.

- -

Den ustabile distribution (sid) er ikke påvirket af dette problem.

- -

Vi anbefaler at du opgraderer din ntp-server-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-801.data" -#use wml::debian::translation-check translation="421a414dc04575a5375adce728d473def0a93d7b" mindelta="1" diff --git a/danish/security/2005/dsa-802.wml b/danish/security/2005/dsa-802.wml deleted file mode 100644 index f9bdc26a701..00000000000 --- a/danish/security/2005/dsa-802.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikre midlertidige filer - -

Marcus Meissner har opdaget at programmet cvsbug fra CVS, det populære -Concurrent Versions System, bruger midlertidige filer på en usikker måde.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.11.1p1debian-13.

- -

I den stable distribution (sarge) eksponerer cvs-pakken ikke længere -programmet cvsbug.

- -

I den ustabile distribution (sid) eksponerer cvs-pakken ikke længere -programmet cvsbug.

- -

Vi anbefaler at du opgraderer din cvs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-802.data" -#use wml::debian::translation-check translation="ee14aef76a50691665fa23e346cf2b449ca4b69a" mindelta="1" diff --git a/danish/security/2005/dsa-803.wml b/danish/security/2005/dsa-803.wml deleted file mode 100644 index f87aaeadbea..00000000000 --- a/danish/security/2005/dsa-803.wml +++ /dev/null @@ -1,27 +0,0 @@ -programmeringsfejl - -

En sårbarhed er opdaget i webserveren Apache. Når den fungerede som en -HTTP-proxy var det muligt for fjernangribere at forgifte webcachen, at omgå -firewallbeskyttelse i webprogrammer og udføre et angreb i forbindelse med -udførelse af skripter på tværs af websteder, hvilket gjorde at Apache ukorrekt -håndterede og videresendte en forespørgselskrop.

- -

Fejlrettelsen er indeholdt i pakken apache-common, hvilket betyder at der -ikke er grund til en separat opdatering af pakkerne apache-perl og -apache-ssl.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.3.26-0woody7.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.3.33-6sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.3.33-8.

- -

Vi anbefaler at du opgraderer din Apache-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-803.data" -#use wml::debian::translation-check translation="acfad9e19c596da7eb800c848b7074ddd86044d3" mindelta="1" diff --git a/danish/security/2005/dsa-804.wml b/danish/security/2005/dsa-804.wml deleted file mode 100644 index 0051e981899..00000000000 --- a/danish/security/2005/dsa-804.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikre rettigheder - -

KDE-udviklerne har rapporteret om en sårbarhed i backupfilhåndteringen i -Kate og Kwrite. Backupfilerne oprettedes med standardrettigheder, også selvom -de originale filer havde mere restriktive rettigheder. Dette kunne medføre -uønsket afsløring af oplysninger.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.3.2-6.2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.4.1-1.

- -

Vi anbefaler at du opgraderer dine kdelibs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-804.data" -#use wml::debian::translation-check translation="891ab1709d6a8f23285950566eb8b497d37f4042" mindelta="1" diff --git a/danish/security/2005/dsa-805.wml b/danish/security/2005/dsa-805.wml deleted file mode 100644 index 60bb4d38392..00000000000 --- a/danish/security/2005/dsa-805.wml +++ /dev/null @@ -1,51 +0,0 @@ -flere sårbarheder - -

Flere problemer er opdaget i Apache2, den næste generation af den skalér- og -udvidbare webserver. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CAN-2005-1268 - -

    Marc Stern har opdaget en forskudt med én-fejl i mod_ssl's Certificate - Revocation List (CRL)-kontroltilbagekald. Når Apache var opsat til at - anvende en CRL, kunne denne sårbarhed anvendes til at forårsage et - lammelsesangreb (denial of service).

    - -
  • CAN-2005-2088 - -

    En sårbarhed er opdaget i webserveren Apache. Når den fungerede som en - HTTP-proxy var det muligt for fjernangribere at forgifte webcachen, at omgå - firewallbeskyttelse i webprogrammer og udføre et angreb i forbindelse med - udførelse af skripter på tværs af websteder, hvilket gjorde at Apache - ukorrekt håndterede og videresendte en forespørgselskrop.

    - -
  • CAN-2005-2700 - -

    Et problem er opdaget i mod_ssl, der sørger for understøttelse af stærk - kryptering (HTTPS-understøttelse) i Apache. Sårbarheden gjorde det muligt - for fjernangribere at omgå adgangsbegrænsninger.

    - -
  • CAN-2005-2728 - -

    Byte-range-filteret i Apache 2.0 gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb (denial of service) via en HTTP-header med et - stort "Range"-felt.

    - -
- -

Den gamle stabile distribution (woody) indeholder ikke Apache2-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.0.54-5.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.0.54-5.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-805.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-806.wml b/danish/security/2005/dsa-806.wml deleted file mode 100644 index 477efe9ce53..00000000000 --- a/danish/security/2005/dsa-806.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikre midlertidige filer - -

Marcus Meissner har opdaget at programmet cvsbug i gcvs, den grafiske -overbygning til CVS, der er det populære Concurrent Versions System, anvender -midlertidige filer på en usikker måde.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.0a7-2woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0final-5sarge1.

- -

I den ustabile distribution (sid) eksponeres programmet cvsbug ikke.

- -

Vi anbefaler at du opgraderer din gcvs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-806.data" -#use wml::debian::translation-check translation="e17c58d2b1f55166c41cb0c62b7f4c755fbba7f7" mindelta="1" diff --git a/danish/security/2005/dsa-807.wml b/danish/security/2005/dsa-807.wml deleted file mode 100644 index ce6207c9632..00000000000 --- a/danish/security/2005/dsa-807.wml +++ /dev/null @@ -1,21 +0,0 @@ -acl-begrænsningsomgåelse - -

Et problem er opdaget i mod_ssl, der leverer stærk kryptering -(HTTPS-understøttelse) til Apache, hvilket gjorde det muligt for fjernangribere -at omgå adgangsbegrænsninger.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.8.9-2.5.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.8.22-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.8.24-1.

- -

Vi anbefaler at du opgraderer din libapache-mod-ssl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-807.data" -#use wml::debian::translation-check translation="15e4eb701e466a5b75d996bbe91f31a16331320d" mindelta="1" diff --git a/danish/security/2005/dsa-808.wml b/danish/security/2005/dsa-808.wml deleted file mode 100644 index f1a9f204082..00000000000 --- a/danish/security/2005/dsa-808.wml +++ /dev/null @@ -1,20 +0,0 @@ -designfejl - -

Yutaka Oiwa og Hiromitsu Takagi har opdaget en såkaldt Cross-Site Request -Forgery (CSRF)-sårbarhed i tdiary, en ny weblog-generation, der kunne udnyttes -af fjernangribere til at ændre brugernes oplysninger.

- -

Den gamle stabile distribution (woody) indeholder ikke tdiary-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.0.1-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.2-1.

- -

Vi anbefaler at du opgraderer dine tdiary-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-808.data" -#use wml::debian::translation-check translation="bafd3e37a371188d1e0971bceff1e655503945ec" mindelta="1" diff --git a/danish/security/2005/dsa-809.wml b/danish/security/2005/dsa-809.wml deleted file mode 100644 index d4a7cb1ba53..00000000000 --- a/danish/security/2005/dsa-809.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - -

Visse afbrudte forespørgsler der udløser en "assertion" i squid, den -populære WWW-proxycache, kunne gøre det muligt for fjernangribere at forårsage -et lammelsesangreb (denial of service). Denne opdatering retter også en -regression forårsaget af DSA 751. -For fuldstændighedens skyld er den oprindelige bulletins tekst medtaget -herunder:

- -
-

Flere sårbarheder er opdaget i Squid, den populære WWW-proxycache. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-2794 - -

    Visse afbrudte forespørgsler der udløser an "assert" der kunne gøre det - muligt for fjernangribere at forårsage et lammelsesangreb (denial of - service).

    - -
  • CAN-2005-2796 - -

    Særligt fremstillede forespørgsler kunne forårsage et lammelsesangreb.

    - -
-
- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.4.6-2woody10.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.5.9-10sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.5.10-5.

- -

Vi anbefaler at du opgraderer din squid-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-809.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-810.wml b/danish/security/2005/dsa-810.wml deleted file mode 100644 index 7d8673674cc..00000000000 --- a/danish/security/2005/dsa-810.wml +++ /dev/null @@ -1,74 +0,0 @@ -flere sårbarheder - -

Flere problemer er opdaget i Mozilla, webbrowseren fra -Mozilla-programpakken. Da den almindelige praksis med tilbageførelse af -ændringer ikke lader til at virke med denne pakke, er denne opdatering -grundlæggende version 1.7.10 hvor versionsnummeret er rullet tilbage, og derfor -stadig hedder 1.7.8. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CAN-2004-0718, CAN-2005-1937 - -

    En sårbarhed er opdaget i Mozilla hvilket gjorde det muligt for - fjernangribere at indsprøjte vilkårligt Javascript fra en side ind i en - andet websteds frameset.

    • - -
  • CAN-2005-2260 - -

    Browserens brugergrænseflade skelner ikke korrekt mellem - brugergenererede begivenheder og syntetiske begivenheder som man ikke kan - stole på, hvilket gjode det nemmere for fjernagrigere at udføre farlige - handlinger som normalt kun kunne udføres manuelt af brugeren.

    • - -
  • CAN-2005-2261 - -

    XML-skripter kørte selv når Javascript var slået fra.

    • - -
  • CAN-2005-2263 - -

    Det var muligt for en fjernangriber at udføre en tilbagekaldsfunktion i - et andet domænes kontekst (dvs. fx en frame).

    • - -
  • CAN-2005-2265 - -

    Manglende kontrol af inddata i InstallVersion.compareTo() kunne medføre - at programmet gik ned.

    • - -
  • CAN-2005-2266 - -

    Fjernangribere kunne stjæle følsomme oplysninger så som cookies og - adgangskoder fra webstedet ved at tilgå data i fremmede frames.

    • - -
  • CAN-2005-2268 - -

    Det var muligt for en Javascript-dialogboks at udgive sig for en - dialogboks fra et websted der stoles på og dermed være et instrument i et - "phishing"-angreb.

    • - -
  • CAN-2005-2269 - -

    Fjernangribere kunne ændre visse tag-indstillinger hørende til - DOM-noder, hvilket kunne før til udførelse af vilkårlige skripter eller - kode.

    • - -
  • CAN-2005-2270 - -

    Mozilla-browserfamilien kloner ikke baseobjekter korrekt, hvilket gjorde - det muligt for fjernangribere at udføre vilkårlig kode.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.7.8-1sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.7.10-1.

- -

Vi anbefaler at du opgraderer dine Mozilla-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-810.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-811.wml b/danish/security/2005/dsa-811.wml deleted file mode 100644 index 11d1d38d26d..00000000000 --- a/danish/security/2005/dsa-811.wml +++ /dev/null @@ -1,29 +0,0 @@ -designfejl - -

Fejlrettelsen af den nedenfor nævnte problem indeholdt en fejl, der -forårsagede at tredjepartsprogrammer holdt op med at virke. Problemet rettes -med denne opdatering. For fuldstændighedens skyld er herunder den -oprindelige bulletins tekst:

- -
-

François-René Rideau har opdaget en fejl i common-lisp-controller, et -program til håndtering af kildekode og oversættelser vedrørende Common Lisp. -Fejlen gjorde det muligt for en lokal bruger at oversætte ondsindet kode i en -cache-mappe der udføres af en anden bruger, hvis denne bruger ikke tidligere -har anvendt Common Lisp.

-
- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.15sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.18.

- -

Vi anbefaler at du opgraderer din common-lisp-controller-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-811.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-812.wml b/danish/security/2005/dsa-812.wml deleted file mode 100644 index 7abfc90fb0b..00000000000 --- a/danish/security/2005/dsa-812.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Peter Karlsson har opdaget et bufferoverløb i Turquoise SuperStat, et -program til indsamling af statistiske oplysninger fra FidoNet og Usenet. -Bufferoverløbet kunne udnyttes af en særligt fremstillet NNTP_server.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.2.1woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.2.2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.2.4-1.

- -

Vi anbefaler at du opgraderer din turqstat-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-812.data" -#use wml::debian::translation-check translation="075d3f96a5b95b1769aa556d9905ef1601205648" mindelta="1" diff --git a/danish/security/2005/dsa-813.wml b/danish/security/2005/dsa-813.wml deleted file mode 100644 index 68038b83d53..00000000000 --- a/danish/security/2005/dsa-813.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Flere problemer er opdaget i libgadu, der også er del af centericq, en -teksttilstand-klient der understøtter flere chatprotokoller. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-2369 - -

    Flere fejl i forbindelse med heltalfortegn gjode det muligt for - fjernangribere at forårsage et lammelsesangreb (denial of service) eller - udføre vilkårlig kode.

    • - -
  • CAN-2005-2370 - -

    Hukommelsesjusteringsfejl kunne gøre det muligt for fjernangribere at - forårsage et lammelsesangreb på visse arkitekturerer såsom sparc.

    • - -
  • CAN-2005-2448 - -

    Flere endian-fejl kunne gøre det muligt for fjernangribere at forårsage - et lammelsesangreb.

    • - -
- -

Den gamle stabile distribution (woody) er ikke påvirket af disse -problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4.20.0-1sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.20.0-9.

- -

Vi anbefaler at du opgraderer din centericq-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-813.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-814.wml b/danish/security/2005/dsa-814.wml deleted file mode 100644 index f24b21f7e8f..00000000000 --- a/danish/security/2005/dsa-814.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker midlertidig fil - -

Javier Fernández-Sanguino Peña har opdaget at et skript hørende til -lm-sensors, der er værktøjer til læsning af temperatur-/volt-/blæser-følere, -oprettede en midlertidig fil med et forudsigeligt filnavn, hvilket gjorde det -sårbart over for et symlink-angreb.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.9.1-1sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.9.1-7.

- -

Vi anbefaler at du opgraderer din lm-sensors-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-814.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-815.wml b/danish/security/2005/dsa-815.wml deleted file mode 100644 index 14a20b2a916..00000000000 --- a/danish/security/2005/dsa-815.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

Ilja van Sprundel har opdaget en alvorlig fejl i forbindelse med håndtering -af lockfiler i kcheckpass, der i nogle opsætning kunne udnyttes til at opnå -root-adgang.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.3.2-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.4.2-3.

- -

Vi anbefaler at du opgraderer din kdebase-bin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-815.data" -#use wml::debian::translation-check translation="28fc0ad49cbb1ab22a2cf65188cb93bd3ff891ec" mindelta="1" diff --git a/danish/security/2005/dsa-816.wml b/danish/security/2005/dsa-816.wml deleted file mode 100644 index 737370e8e5d..00000000000 --- a/danish/security/2005/dsa-816.wml +++ /dev/null @@ -1,28 +0,0 @@ -heltalsoverløb - -

Søren Sandmann har opdaget en fejl ved allokering af hukommelse til -pixmap-billeder, hvilket kan medføre at X-serveren går ned eller udfører -vilkårlig kode.

- -

Opdateringen i den gamle stabile distribution (woody) indeholder desuden en -anden rettelse vedørende flere sårbarheder i libXpm (DSA 607, CAN-2004-0914, -fejl nummer 309143), -da den gamle rettelse medførte en regression.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 4.1.0-16woody7.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.3.0.dfsg.1-14sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.8.2.dfsg.1-7 of X.Org.

- -

Vi anbefaler at du opgraderer dine xfree86- og xorg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-816.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-817.wml b/danish/security/2005/dsa-817.wml deleted file mode 100644 index deb9333dc99..00000000000 --- a/danish/security/2005/dsa-817.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

Et heltalsoverløb med et efterfølgende bufferoverløb er opdaget i PCRE, -biblioteket Perl Compatible Regular Expressions, hvilket gjorde det muligt for -en angriber at udføre vilkårlig kode. Sårbarheden findes også i Python. -Udnyttelse af denne sårbarhed kræver at angriberen angiver det anvendte -regulære udtryk.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.2.1-4.8.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.2.3dfsg-2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.2.3dfsg-4.

- -

Vi anbefaler at du opgraderer dine python2.2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-817.data" -#use wml::debian::translation-check translation="392b2a99cac7e665e8640c896de228b8f038afbc" mindelta="1" diff --git a/danish/security/2005/dsa-818.wml b/danish/security/2005/dsa-818.wml deleted file mode 100644 index cdcdee4ce89..00000000000 --- a/danish/security/2005/dsa-818.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikre midlertidige filer - -

Javier Fernández-Sanguino Peña har opdaget at langen2kvhtml fra pakken -kvoctrain der indgår i programsamlingen kdeedu, oprettede midlertidige filer på -en usikker måde. Dette muliggjorde symlink-angreb.

- -

Den gamle stabile distribution (woody) er ikke påvirket af disse -problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 3.3.2-3.sarge.1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.4.2-1.

- -

Vi anbefaler at du opgraderer din kvoctrain-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-818.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-819.wml b/danish/security/2005/dsa-819.wml deleted file mode 100644 index bab220d4137..00000000000 --- a/danish/security/2005/dsa-819.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

Et heltalsoverløb med et efterfølgende bufferoverløb er opdaget i PCRE, -biblioteket Perl Compatible Regular Expressions, hvilket gjorde det muligt for -en angriber at udføre vilkårlig kode. Sårbarheden findes også i Python. -Udnyttelse af denne sårbarhed kræver at angriberen angiver det anvendte -regulære udtryk.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.1.3-3.4.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.1.3dfsg-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.1.3dfsg-3.

- -

Vi anbefaler at du opgraderer dine python2.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-819.data" -#use wml::debian::translation-check translation="81e9e58ac446ff1a9a0b944a1a824d1d03d542ef" mindelta="1" diff --git a/danish/security/2005/dsa-820.wml b/danish/security/2005/dsa-820.wml deleted file mode 100644 index ab11d99592f..00000000000 --- a/danish/security/2005/dsa-820.wml +++ /dev/null @@ -1,22 +0,0 @@ -manglende kontrol af inddata - -

Jakob Balle har opdaget, at med "Conditional Comments" i Internet Explorer, -var det muligt at skjule javascript-kode i kommentarer, der blev udført når -browseren viste en ondsindet e-mail via sqwebmail. Succesrig udnyttelse af -denne sårbarhed kræver at brugeren anvender Internet Explorer.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.37.3-2.7.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.47-4sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.47-9.

- -

Vi anbefaler at du opgraderer din sqwebmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-820.data" -#use wml::debian::translation-check translation="830621cd82e3778615aa3a885ab770997c8740c1" mindelta="1" diff --git a/danish/security/2005/dsa-821.wml b/danish/security/2005/dsa-821.wml deleted file mode 100644 index 8f435845f19..00000000000 --- a/danish/security/2005/dsa-821.wml +++ /dev/null @@ -1,22 +0,0 @@ -heltalsoverløb - -

Et heltalsoverløb med et efterfølgende bufferoverløb er opdaget i PCRE, -biblioteket Perl Compatible Regular Expressions, hvilket gjorde det muligt for -en angriber at udføre vilkårlig kode. Sårbarheden findes også i Python. -Udnyttelse af denne sårbarhed kræver at angriberen angiver det anvendte -regulære udtryk.

- -

Den gamle stabile distribution (woody) indeholder ikke python2.3-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.3.5-3sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.3.5-8.

- -

Vi anbefaler at du opgraderer dine python2.3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-821.data" -#use wml::debian::translation-check translation="53cc780e89b8210947f3f38b4b3f12ad38b2d4a9" mindelta="1" diff --git a/danish/security/2005/dsa-822.wml b/danish/security/2005/dsa-822.wml deleted file mode 100644 index 275b915e5da..00000000000 --- a/danish/security/2005/dsa-822.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker oprettelse af fil - -

Eric Romang har opdaget at gtkdiskfree, et GNOME-program der viser fri og -anvendt plads på filsystemer, opretter en midlertidig fil på en usikker -måde.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken -gtkdiskfree.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.9.3-4sarge1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din gtkdiskfree-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-822.data" -#use wml::debian::translation-check translation="cacceb12dcc3ba7016137ad10b1681dfc45b01cd" mindelta="1" diff --git a/danish/security/2005/dsa-823.wml b/danish/security/2005/dsa-823.wml deleted file mode 100644 index 3c68015ace2..00000000000 --- a/danish/security/2005/dsa-823.wml +++ /dev/null @@ -1,21 +0,0 @@ -rettighedsforøgelse - -

David Watson har opdaget en fejl i mount, som leveres af util-linux og andre -pakker så som loop-aes-utils, der tillader at lokale brugere omgår -adgangsbegræsninger i filsystemet ved at gen-mounte det som read-only.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.11n-7woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.12p-4sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.12p-8.

- -

Vi anbefaler at du opgraderer din util-linux-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-823.data" -#use wml::debian::translation-check translation="736335fcd5d633eaa7f011aabf9de1590ef4e748" mindelta="1" diff --git a/danish/security/2005/dsa-824.wml b/danish/security/2005/dsa-824.wml deleted file mode 100644 index 2523d7be001..00000000000 --- a/danish/security/2005/dsa-824.wml +++ /dev/null @@ -1,34 +0,0 @@ -uendelig løkke, bufferoverløb - -

To sårbarheder er opdaget i Clam AntiVirus, antivirus-scanneren til Unix, -designet til at kunne integreres med mailservere til at scanne vedhæftede -filer. Der er fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-2919 - -

    En potentiel uendelig løkke kunne medføre et lammelsesangreb (denial of - service).

    • - -
  • CAN-2005-2920 - -

    Et bufferoverløb kunne medføre et lammelsesangreb (denial of - service).

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke ClamAV-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.84-2.sarge.4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.87-1.

- -

Vi anbefaler at du opgraderer din clamav-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-824.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-825.wml b/danish/security/2005/dsa-825.wml deleted file mode 100644 index f8d29b0fd29..00000000000 --- a/danish/security/2005/dsa-825.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="736335fcd5d633eaa7f011aabf9de1590ef4e748" mindelta="1" -rettighedsforøgelse - -

David Watson har opdaget en fejl i mount, som leveres af util-linux og andre -pakker så som loop-aes-utils, der tillader at lokale brugere omgår -adgangsbegræsninger i filsystemet ved at gen-mounte det som read-only.

- -

Den gamle stabile distribution (woody) indeholder ikke -loop-aes-utils-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.12p-4sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.12p-9.

- -

Vi anbefaler at du opgraderer din loop-aes-utils-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-825.data" diff --git a/danish/security/2005/dsa-826.wml b/danish/security/2005/dsa-826.wml deleted file mode 100644 index 7af633be6bc..00000000000 --- a/danish/security/2005/dsa-826.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedssårbarheder er opdaget i medieafspilleren helix-player. -Sårbarhederne kunne gøre det muligt or en angriber at udføre kode på offerets -maskien via særligt fremstillede netværksressourcer.

- -
    - -
  • CAN-2005-1766 - -

    Bufferoverløb i RealText-fortolkeren kunne muliggøre fjernudførelse - af kode via særligt fremstillet RealMedia-fil med en lang - RealText-streng.

    • - -
  • CAN-2005-2710 - -

    Formatstrengssårbarhed i Real HelixPlayer og RealPlayer 10 gjorde - det muligt for fjernangribere at udføre vilkårlig kode via - billedhåndteringsattributten i en RealPix- (.rp) eller RealText- (.rt) - fil.

    • - -
- -

I den stabile distribution (sarge), er disse problemer rettet i -version 1.0.4-1sarge1

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.6-1

- -

Vi anbefaler at du opgraderer din helix-player-pakke.

- -

helix-player blev kun distribueret til arkitekturerne i386 og powerpc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-826.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-827.wml b/danish/security/2005/dsa-827.wml deleted file mode 100644 index 8e159105e33..00000000000 --- a/danish/security/2005/dsa-827.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker midlertidig fil - -

Moritz Muehlenhoff har opdaget at håndteringskoden i backupninja opretter en -midlertidig fil med et forudsigeligt filnavn, hvilket gør den sårbar over for -et symlink-angreb.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken -backupninja.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.5-3sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.8-2.

- -

Vi anbefaler at du opgraderer din backupninja-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-827.data" -#use wml::debian::translation-check translation="ae3c5a306f9d63bd1810710719709a02e178a420" mindelta="1" diff --git a/danish/security/2005/dsa-828.wml b/danish/security/2005/dsa-828.wml deleted file mode 100644 index f894d381d23..00000000000 --- a/danish/security/2005/dsa-828.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="1df4260bcb82db4954543d438dfed4c1181d60be" mindelta="1" -authentication handling - -

Opstrømsudviklerne af squid, den populære WWW-proxycache, har opdaget at -ændringer i autentifikationsmetoden ikke håndteres korrekt når visse speficikke -forespørgsler finder sted samtidig med at NTLM-autentifikation er aktiv, -hvilket kunne få dæmonen til at genstarte.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.5.9-10sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.5.10-6.

- -

Vi anbefaler at du opgraderer dine squid-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-828.data" diff --git a/danish/security/2005/dsa-829.wml b/danish/security/2005/dsa-829.wml deleted file mode 100644 index c812ad74920..00000000000 --- a/danish/security/2005/dsa-829.wml +++ /dev/null @@ -1,53 +0,0 @@ -bufferoverløb - -

Et stakbaseret bufferoverløb i funktionen it_syms i MySQL, et populært -databaseprogram, er opdaget. Bufferoverløbet gør det muligt for -autentificerede fjernbrugere, der kan oprette brugerdefinerede funktioner, at -oprette vilkårlig kode via et langt function_name felt. Normalt gives brugere -man ikke har særlig tillid til, ikke lov til at oprette brugerdefinerede -funktioner.

- -

Følgende sårbarhedsmatriks viser i hvilken version af MySQL problemet er -rettet i en given distribution:

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 woodysargesid
mysql3.23.49-8.14n/an/a
mysql-dfsgn/a4.0.24-10sarge14.0.24-10sarge1
mysql-dfsg-4.1n/a4.1.11a-4sarge24.1.14-2
mysql-dfsg-5.0n/an/a5.0.11beta-3
-
- -

Vi anbefaler at du opgraderer dine mysql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-829.data" -#use wml::debian::translation-check translation="797f724b6b67d40d10f6e70d81277dc2e9355271" mindelta="1" diff --git a/danish/security/2005/dsa-830.wml b/danish/security/2005/dsa-830.wml deleted file mode 100644 index 66cb1285b2b..00000000000 --- a/danish/security/2005/dsa-830.wml +++ /dev/null @@ -1,22 +0,0 @@ -forkerte rettigheder - -

Drew Parsons har bemærket at post-installeringsskriptet hørende til ntlmaps, -en NTLM-autentificeringsproxyserver, ændrer rettighederne på opsætningsfilen -til at være skrivbar for alle. Filen indeholder brugernavn og adgangskode til -det Windows NT-system, som ntlmaps forbinder sig til, hvorfor oplysningerne er -tilgængelige for lokale brugere.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken ntlmaps.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.9-2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.9-4.

- -

Vi anbefaler at du opgraderer din ntlmaps-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-830.data" -#use wml::debian::translation-check translation="a5d6af41558dd8bf8106ed8fd92339e78c089775" mindelta="1" diff --git a/danish/security/2005/dsa-831.wml b/danish/security/2005/dsa-831.wml deleted file mode 100644 index c5a7572185e..00000000000 --- a/danish/security/2005/dsa-831.wml +++ /dev/null @@ -1,53 +0,0 @@ -bufferoverløb - -

Et stakbaseret bufferoverløb i funktionen init_syms i MySQL, et populært -databaseprogram, er opdaget. Bufferoverløbet gør det muligt for -autentificerede fjernbrugere, der kan oprette brugerdefinerede funktioner, at -oprette vilkårlig kode via et langt function_name felt. Normalt gives brugere -man ikke har særlig tillid til, ikke lov til at oprette brugerdefinerede -funktioner.

- -

Følgende sårbarhedsmatriks viser i hvilken version af MySQL problemet er -rettet i en given distribution:

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 woodysargesid
mysql3.23.49-8.14n/an/a
mysql-dfsgn/a4.0.24-10sarge14.0.24-10sarge1
mysql-dfsg-4.1n/a4.1.11a-4sarge24.1.14-2
mysql-dfsg-5.0n/an/a5.0.11beta-3
-
- -

Vi anbefaler at du opgraderer dine mysql-dfsg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-831.data" -#use wml::debian::translation-check translation="0e6283ab2488a1591d745bf74275a661b505e428" mindelta="1" diff --git a/danish/security/2005/dsa-832.wml b/danish/security/2005/dsa-832.wml deleted file mode 100644 index 73d79d78192..00000000000 --- a/danish/security/2005/dsa-832.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Flere bufferoverløb er opdaget i gopher, en tekstorienteret klient til -protokollen Gopher Distributed Hypertext. Bufferoverløbet kunne udnyttes -af en ondsindet Gopher-server.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 3.0.3woody4.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.0.7sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.0.11.

- -

Vi anbefaler at du opgraderer din gopher-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-832.data" -#use wml::debian::translation-check translation="fc084ae196ec51c56a31715ac9016d9471defb5d" mindelta="1" diff --git a/danish/security/2005/dsa-833.wml b/danish/security/2005/dsa-833.wml deleted file mode 100644 index 976d04d6f8b..00000000000 --- a/danish/security/2005/dsa-833.wml +++ /dev/null @@ -1,59 +0,0 @@ -bufferoverløb - -

Denne opdatering dækker kun binære pakker til arkitekturen big endian MIPS, -som på mystisk vis blev glemt i den tidligere opdatering. For -fuldstændighedens skyld følger den oprindelige tekst herunder:

- -
-

Et stakbaseret bufferoverløb i funktionen init_syms i MySQL, et populært -databaseprogram, er opdaget. Bufferoverløbet gør det muligt for -autentificerede fjernbrugere, der kan oprette brugerdefinerede funktioner, at -oprette vilkårlig kode via et langt function_name felt. Normalt gives brugere -man ikke har særlig tillid til, ikke lov til at oprette brugerdefinerede -funktioner.

-
- -

Følgende sårbarhedsmatriks viser i hvilken version af MySQL problemet er -rettet i en given distribution:

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 woodysargesid
mysql3.23.49-8.14n/an/a
mysql-dfsgn/a4.0.24-10sarge14.0.24-10sarge1
mysql-dfsg-4.1n/a4.1.11a-4sarge24.1.14-2
mysql-dfsg-5.0n/an/a5.0.11beta-3
-
- -

Vi anbefaler at du opgraderer dine mysql-dfsg-4.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-833.data" -#use wml::debian::translation-check translation="bfd723b4be0ce015c6721bfd3c8fc2056603b9f7" mindelta="1" diff --git a/danish/security/2005/dsa-834.wml b/danish/security/2005/dsa-834.wml deleted file mode 100644 index 348e3a0cfe0..00000000000 --- a/danish/security/2005/dsa-834.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Tavis Ormandy har opdaget et bufferoverløb i prozilla, et multitrådet -program til forøgelse af hastigheden ved hentning af filer. Bufferoverløbet -kunne udnyttes til at udføre vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.3.6-3woody3.

- -

Den stabile distribution (sarge) indeholder ikke prozilla-pakker.

- -

Den ustabile distribution (sid) indeholder ikke prozilla-pakker.

- -

Vi anbefaler at du opgraderer din prozilla-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-834.data" -#use wml::debian::translation-check translation="9ca3d7e7a9eb787803693dbc604230785221b3a7" mindelta="1" diff --git a/danish/security/2005/dsa-835.wml b/danish/security/2005/dsa-835.wml deleted file mode 100644 index 626e8f64975..00000000000 --- a/danish/security/2005/dsa-835.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikre midlertidige filer - -

Javier Fernández-Sanguino Peña har opdaget flere anvendelser af usikre -midlertidige filer i cfengine, et værktøj til opsætning og vedligeholdelse af -maskiner i et netværk. Problemet kunne udnyttes via et symlink-angreb til at -overskrive vilkårlige filer ejet af bruger der kørte cfengine, hvilket -formentlig var root.

- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 1.6.3-9woody1.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.6.5-1sarge1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din cfengine-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-835.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-836.wml b/danish/security/2005/dsa-836.wml deleted file mode 100644 index 48d06cbdec0..00000000000 --- a/danish/security/2005/dsa-836.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikre midlertidige filer - -

Javier Fernández-Sanguino Peña har opdaget flere anvendelser af usikre -midlertidige filer i cfengine2, et værktøj til opsætning og vedligeholdelse af -maskiner i et netværk. Problemet kunne udnyttes via et symlink-angreb til at -overskrive vilkårlige filer ejet af bruger der kørte cfengine, hvilket -formentlig var root.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.1.14-1sarge1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din cfengine2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-836.data" -#use wml::debian::translation-check translation="69fbf206e427f7dd051e77659b1d9319cae6df71" mindelta="1" diff --git a/danish/security/2005/dsa-837.wml b/danish/security/2005/dsa-837.wml deleted file mode 100644 index ecc322702e4..00000000000 --- a/danish/security/2005/dsa-837.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Tom Ferris har opdaget en fejl i Mozilla Firefox håndtering af -IDN-værtsnavne. Fejlen findes også i andre browere fra samme familie, og den -gør det muligt for fjernangribere at forårsage et lammelsesangreb (denial of -service) og muligvis udførelse af vilkårlig kode via et værtsnavn med -bindestreger.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.4-2sarge4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.6-5.

- -

Vi anbefaler at du opgraderer din mozilla-firefox-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-837.data" -#use wml::debian::translation-check translation="5cff59ec686a38a89eceae886c30b2a63a9d9006" mindelta="1" diff --git a/danish/security/2005/dsa-838.wml b/danish/security/2005/dsa-838.wml deleted file mode 100644 index b37b16e45a1..00000000000 --- a/danish/security/2005/dsa-838.wml +++ /dev/null @@ -1,53 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedssårbarheder er opdaget i webbrowseren mozilla-firefox. -Disse sårbarheder kunne gøre det muligt for en angriber at udføre kode på -offerets maskine via særligt fremstillede netværksressourcer.

- -
    - -
  • CAN-2005-2701 - -

    Heap-overløb i XBM-billedbehandlingen.

    • - -
  • CAN-2005-2702 - -

    Lammelsesangreb (crash) og mulig udførelse af vilkårlig kode via - Unicode-sekvenser med "zero-width non-joiner"-tegn.

    • - -
  • CAN-2005-2703 - -

    XMLHttpRequest-headerforfalskning.

    • - -
  • CAN-2005-2704 - -

    Objektforfalskning vha. XBL <implements>

    • - -
  • CAN-2005-2705 - -

    JavaScript-heltalsoverløb.

    • - -
  • CAN-2005-2706 - -

    Rettighedsforøgelse vha. "about: scheme".

    • - -
  • CAN-2005-2707 - -

    Chrome-vindueforfalskning muliggjorde oprettelse af vinduer uden - brugergrænsefladekomponenter så som en URL- eller statusbjælke, hvilket - kunne anvendes til at udføre phishing-angreb.

    • - -
- -

I den stabile distribution (sarge), er disse problemer rettet i -version 1.0.4-2sarge5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.7-1.

- -

Vi anbefaler at du opgraderer din mozilla-firefox-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-838.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-839.wml b/danish/security/2005/dsa-839.wml deleted file mode 100644 index e41e86df516..00000000000 --- a/danish/security/2005/dsa-839.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker midlertidig fil - -

Eric Romang har opdaget at en fil oprettes på en usikker måde i apachetop, -et realtidsovervågningsværktøj til webserveren Apache. Sårbarheden kunne -udnyttes via et symlink-angreb til at overskrive vilkårlige filer med -brugerid'en der kørte apachetop.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.12.5-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.12.5-5.

- -

Vi anbefaler at du opgraderer din apachetop-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-839.data" -#use wml::debian::translation-check translation="30e1d1881cbfd98065f2d3ea3fde0dee06e0d845" mindelta="1" diff --git a/danish/security/2005/dsa-840.wml b/danish/security/2005/dsa-840.wml deleted file mode 100644 index 11fd31e731d..00000000000 --- a/danish/security/2005/dsa-840.wml +++ /dev/null @@ -1,22 +0,0 @@ -manglende kontrol af inddata - -

Stefan Esser fra Hardened-PHP Project rapporterer om en alvorlig sårbarhed -i det trejdeparts-XML-RPC-bibliotek der leveres sammen med nogle versioner af -Drupal. En angriber kunne udføre vilkårlig PHP-kode på et offers websted. -Denne opdatering indeholder den seneste opstrømsversion af XML-RPC.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem, da -drupal ikke indgår i distributionen.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.5.3-4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.5.5-1.

- -

Vi anbefaler at du opgraderer din drupal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-840.data" -#use wml::debian::translation-check translation="ba8fdddc9e6cca16be38a6f60d1b61a79f80fc04" mindelta="1" diff --git a/danish/security/2005/dsa-841.wml b/danish/security/2005/dsa-841.wml deleted file mode 100644 index dc32a2eb9a9..00000000000 --- a/danish/security/2005/dsa-841.wml +++ /dev/null @@ -1,20 +0,0 @@ -formatstrengssårbarhed - -

En formatstrengssårbarhed er opdaget i GNU mailutils, der indeholder -værktøjer til håndtering af e-mail. Sårbarheden gjorde det muligt for en -angriber at udføre vilkårlig kode på IMAP-serveren.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.6.1-4sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.6.90-3.

- -

Vi anbefaler at du opgraderer din mailutils-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-841.data" -#use wml::debian::translation-check translation="f733e046089a8025c38be85dbb92fd93a83205d1" mindelta="1" diff --git a/danish/security/2005/dsa-842.wml b/danish/security/2005/dsa-842.wml deleted file mode 100644 index fa704dfa489..00000000000 --- a/danish/security/2005/dsa-842.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Stefan Esser har opdaget en sårbarhed i XML-RPC-bibliotekerne. Sårbarheden, -der også findes i egroupware, en webbaseret groupwareprogrampakke, gjorde det -muligt at indsprøjte vilkårlig PHP-kode i eval()-kommandoer.

- -

Den gamle stabile distribution (woody) indeholder ikke egroupware-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.0.007-2.dfsg-2sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.0.009.dfsg-1.

- -

Vi anbefaler at du opgraderer dine egroupware-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-842.data" -#use wml::debian::translation-check translation="28d8ff585668c08044e137eaa95a16971cd9bd42" mindelta="1" diff --git a/danish/security/2005/dsa-843.wml b/danish/security/2005/dsa-843.wml deleted file mode 100644 index 8a7824b6177..00000000000 --- a/danish/security/2005/dsa-843.wml +++ /dev/null @@ -1,34 +0,0 @@ -usikker midlertidig fil - -

To sårbarheder er opdaget i pakkeprogrammet ARC til Unix. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problems:

- -
    - -
  • CAN-2005-2945 - -

    Eric Romang har opdaget at pakkeprogrammet ARC til Unix opretter - midlertidige filer med usikre rettigheder, hvilket kunne give en angriber - mulighed for at stjæle følsomme oplysninger.

    • - -
  • CAN-2005-2992 - -

    Joey Schulze har desuden opdaget at en midlertidig fil blev oprettet på - en usikker måde, hvilket muliggjorde et klassisk symlink-angreb.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke arc-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 5.21l-1sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 5.21m-1.

- -

Vi anbefaler at du opgraderer din arc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-843.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-844.wml b/danish/security/2005/dsa-844.wml deleted file mode 100644 index a1224cb14bf..00000000000 --- a/danish/security/2005/dsa-844.wml +++ /dev/null @@ -1,27 +0,0 @@ -programmeringsfejl - -

En sårbarhed i mod_auth_shadow, et Apache-modul der lader brugere -HTTP-autentificere mod /etc/shadow, er opdaget. Modulet kører alle steder hvor -kommandoen 'require group' anvendes, hvilket omgik adgangsbegrænsninger der -kontrolleres af en anden autorisationsmekanisme, såsom filen AuthGroupFile, -hvis brugernavnet var anført i password- og gshadow-filerne i den rette gruppe, -og den angivne adgangskode var magen til den i shadow-filen.

- -

Denne opdatering kræver eksplicit "AuthShadow on"-kommandon, hvis webstedets -autentifikation skal kontrolleres mod /etc/shadow.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.3-3.1woody.2.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.4-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.4-2.

- -

Vi anbefaler at du opgraderer din libapache-mod-auth-shadow-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-844.data" -#use wml::debian::translation-check translation="8c0bd8bc846124ec7eab99867d01c193d033ffa2" mindelta="1" diff --git a/danish/security/2005/dsa-845.wml b/danish/security/2005/dsa-845.wml deleted file mode 100644 index fe24843db63..00000000000 --- a/danish/security/2005/dsa-845.wml +++ /dev/null @@ -1,22 +0,0 @@ -programmingsfejl - -

Christoph Martin har bemærket, at når man har opsat mason, der interaktivt -opretter en pakkefiltrerende Linux-firewall, ikke installerede init-skriptet -der anvendes til at indlæse firewall'en når systemet startes. Dermed var -systemet uden en firewall efter det var blevet genstartet.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.13.0.92-2woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.0-2.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.0-3.

- -

Vi anbefaler at du opgraderer din mason-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-845.data" -#use wml::debian::translation-check translation="197150da6daa0a6672bde1cff16543a6d64f58a7" mindelta="1" diff --git a/danish/security/2005/dsa-846.wml b/danish/security/2005/dsa-846.wml deleted file mode 100644 index da3ee364d08..00000000000 --- a/danish/security/2005/dsa-846.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - -

To sårbarheder er opdaget i cpio, et program til håndtering af filarkiver. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CAN-2005-1111 - -

    Imran Ghory har opdaget en "race condition" ved opsættelses af - rettigheder på filer der er udpakket fra cpio-arkiver. En lokal angriber - med skriveadgang til målmappen kunne udnytte dette til at ændre - rettighederne på vilkårlige filer, som brugeren der udpakkede filerne havde - skriveadgang til.

    • - -
  • CAN-2005-1229 - -

    Imran Ghory har opdaget at cpio ikke kontrollerer stien på udpakkede - filer, selv når valgmuligheden --no-absolute-filenames var angivet. Dette - kunne udnyttes til at installere filer på vilkårlig steder, som brugeren - der pakkende filerne ud, havde skriveadgang til.

    • - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 2.4.2-39woody2.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.5-1.3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.6-6.

- -

Vi anbefaler at du opgraderer din cpio-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-846.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-847.wml b/danish/security/2005/dsa-847.wml deleted file mode 100644 index 04a7d6c1412..00000000000 --- a/danish/security/2005/dsa-847.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Joxean Koret har opdaget at Python SVG-importplugin'en i dia, en -vektororienteret diagrameditor, ikke på tilstrækkelig vis kontrollerede inddata -læst fra en SVG-fil, og derfor var sårbar overfor udførelse af vilkårlig -Python-kode.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.94.0-7sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.94.0-15.

- -

Vi anbefaler at du opgraderer din dia-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-847.data" -#use wml::debian::translation-check translation="3bf94125d1a6bfb5361e1198dc59863d03158318" mindelta="1" diff --git a/danish/security/2005/dsa-848.wml b/danish/security/2005/dsa-848.wml deleted file mode 100644 index 6e6ec8d330b..00000000000 --- a/danish/security/2005/dsa-848.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - -

Jens Steube har opdaget to sårbarheder i masqmail, et -postforsendelsesprogram til værtsmaskiner uden permanent Internet-adgang. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CAN-2005-2662 - -

    Ved afsendelse af fejlede e-mails, blev adressen ikke kontrolleret, - hvilket gjorde det muligt for lokale angribere at udføre vilkårlige - kommandoer som mail-brugeren.

    • - -
  • CAN-2005-2663 - -

    Ved åbning af logfilen, smed masqmail ikke sine rettigheder væk, hvilket - gjorde det muligt for lokale angribere at overskrive vilkårlige filer via - et symlink-angreb.

    • - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 0.1.16-2.2.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.2.20-1sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.2.20-1sarge1.

- -

Vi anbefaler at du opgraderer din masqmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-848.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-849.wml b/danish/security/2005/dsa-849.wml deleted file mode 100644 index d6e9d33fe82..00000000000 --- a/danish/security/2005/dsa-849.wml +++ /dev/null @@ -1,27 +0,0 @@ -programmeringsfejl - -

"Supernaut" har opdaget at shorewall, også kendt som Shoreline Firewall, -kunne generere en iptables-opsætning der var betydeligt mere åben end det -angivne regelsæt i shorewalls opsætning, hvis MAC-kontrol blev anvendt på en -måde der ikke var standard.

- -

Når MACLIST_DISPOSITION er sat til ACCEPT i filen shorewall.conf, blev alle -pakker fra værtsmaskiner som ikke bestod MAC-kontrollen sendt gennem -firwall'en, uden yderligere kontroller. Når MACLIST_TTL var sat til en værdi -forskellig fra nul, blev pakker fra værtsmaskiner der bestod MAC-kontrollen -sendt gennem firewall'en, igen uden yderligere kontroller.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.2.3-2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.4.1-2.

- -

Vi anbefaler at du opgraderer din shorewall-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-849.data" -#use wml::debian::translation-check translation="e2a9a7eccc5f11e94b9a6f0e230cba5a03e31285" mindelta="1" diff --git a/danish/security/2005/dsa-850.wml b/danish/security/2005/dsa-850.wml deleted file mode 100644 index 930ccd84da5..00000000000 --- a/danish/security/2005/dsa-850.wml +++ /dev/null @@ -1,22 +0,0 @@ -uendelig løkke - -

"Vade 79" har opdaget at BGP-dissektoren i tcpdump, et ydedygtigt værktøj -til overvågning af netværk og dataopsamling, ikke på korrekt vis håndterede -RT_ROUTING_INFO. En særligt fremstillet BGP-pakke kunne forårsage et -lammelsesangreb (denial of service) via en uendelig løkke.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 3.6.2-2.9.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.8.3-4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.8.3-4.

- -

Vi anbefaler at du opgraderer din tcpdump-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-850.data" -#use wml::debian::translation-check translation="b7ed7ceb9677126acc6f9a5717ed60db22379b52" mindelta="1" diff --git a/danish/security/2005/dsa-851.wml b/danish/security/2005/dsa-851.wml deleted file mode 100644 index 5d3305a4733..00000000000 --- a/danish/security/2005/dsa-851.wml +++ /dev/null @@ -1,48 +0,0 @@ -programmeringsfejl - -

Flere sikkerhedsrelaterede problemer er opdaget i openvpn, en Virtual -Private Network-dæmon. Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-2531 - -

    Forkert behandling af mislykket certifikatautentificering ved kørsel med - "verb 0" og uden TLS-autentification, kunne føre til et lammelsesangreb - (denial of service) ved at frakoble den forkerte klient.

    • - -
  • CAN-2005-2532 - -

    Forkert håndtering af pakker, der ikke kan dekrypteres på serveren, - kunne føre til frakobling af klienter der intet havde med det at - gøre.

    • - -
  • CAN-2005-2533 - -

    Ved kørsel i "dev tap"-Ethernet-bridgingtilstand, kunne openvpn ende med - at opbruge al sin hukommelse ved modtagelse af et stort antal forfalskede - MAC-adresser, og dermed blive lammet.

    • - -
  • CAN-2005-2534 - -

    Simultane TCP-forbindelser fra flere klienter med det samme - klientcertifikat, kunne forårsage et lammelsesangreb når - --duplicate-cn ikke var slået til.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke openvpn-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.0-1sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.0.2-1.

- -

Vi anbefaler at du opgraderer din openvpn-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-851.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-852.wml b/danish/security/2005/dsa-852.wml deleted file mode 100644 index b088932c206..00000000000 --- a/danish/security/2005/dsa-852.wml +++ /dev/null @@ -1,21 +0,0 @@ -formatstrengssårbarheder - -

Steve Kemp har opdaget to formatstrengssårbarheder i up-imapproxy, en -IMAP-protokolproxy, hvilket kunne føre til at fjernangribere kunne udføre -vilkårlig kode.

- -

Den gamle stabile distribution (woody) er ikke påvirket af disse -problemer.

- -

I den stabile distribution (sarge) er disse problem rettet i -version 1.2.3-1sarge1.

- -

I den ustabile distribution (sid) er disse problem rettet i -version 1.2.4-2.

- -

Vi anbefaler at du opgraderer din imapproxy-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-852.data" -#use wml::debian::translation-check translation="da373818ddab84d18b2c75f0f24ea537f759b36d" mindelta="1" diff --git a/danish/security/2005/dsa-853.wml b/danish/security/2005/dsa-853.wml deleted file mode 100644 index 56cb0706e1a..00000000000 --- a/danish/security/2005/dsa-853.wml +++ /dev/null @@ -1,62 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsproblemer er opdaget i ethereal, et udbredt program til -analysering af netværkstrafik. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-2360 - -

    Hukommelsesallokeringsfejl i LDAP-dissektoren kunen medføre et - lammelsesangreb (denial of service).

    • - -
  • CAN-2005-2361 - -

    Forskellige fejl i dissektorerne til AgentX, PER, DOCSIS, RADIUS, - Telnet, IS-IS, HTTP, DCERPC, DHCP og SCTP kunne forårsage et - lammelsesangreb.

    • - -
  • CAN-2005-2363 - -

    Forskellige fejl i dissektorerne til SMPP, 802.3, H1 og DHCP kunne - forårsage et lammelsesangreb.

    • - -
  • CAN-2005-2364 - -

    Null-pointer-dereferencer i WBXML- og GIOP-dissektorerne kunne forårsage - et lammelsesangreb.

    • - -
  • CAN-2005-2365 - -

    Et bufferoverløb og null-pointer-dereferenceringer i SMB-dissektoren - kunne forårsage et lammelsesangreb.

    • - -
  • CAN-2005-2366 - -

    Forkert adresseberegning i BER-dissektoren kunne forårsage en uendelig - løkke eller afbrydelse.

    • - -
  • CAN-2005-2367 - -

    Formatstrengssårbarheder i flere dissektorer gjorde det muligt for - fjernangribere at skrive til vilkårlige steder i hukommelsen, og dermed - opnå rettigheder.

    • - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 0.9.4-1woody13.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.10.10-2sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.10.12-2.

- -

Vi anbefaler at du opgraderer dine ethereal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-853.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-854.wml b/danish/security/2005/dsa-854.wml deleted file mode 100644 index 15949185e56..00000000000 --- a/danish/security/2005/dsa-854.wml +++ /dev/null @@ -1,19 +0,0 @@ -uendelig løkke - -

Simon Nielsen har opdaget at BGP-dissektoren i tcpdump, et ydedygtigt -værktøj til netværksovervågning og dataindsamling, ikke på korrekt vis -håndterede returværdier som var -1, fra en funktion som dekoder datapakker. -En særligt fremstillet BGP-pakke kunne forårsage et lammelsesangreb (denial of -service) via en uendelig løkke.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.8.3-5sarge1.

- -

Vi anbefaler at du opgraderer din tcpdump-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-854.data" -#use wml::debian::translation-check translation="df1090a661ef0119942fbc32d1480967438cf1fa" mindelta="1" diff --git a/danish/security/2005/dsa-855.wml b/danish/security/2005/dsa-855.wml deleted file mode 100644 index 0b4a29ba003..00000000000 --- a/danish/security/2005/dsa-855.wml +++ /dev/null @@ -1,22 +0,0 @@ -formatstrengssårbarhed - -

Ulf Härnhammar fra Debian Security Audit-projektet har opdaget en -formatstrengssårbarhed i weex, en ikke-interaktiv ftp-klient til opdatering af -websider, som kunne udnyttes til at udføre vilkårlig kode på klientens -maskine.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.6.1-4woody2.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.6.1-6sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.6.1-6sarge1.

- -

Vi anbefaler at du opgraderer din weex-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-855.data" -#use wml::debian::translation-check translation="69fbf206e427f7dd051e77659b1d9319cae6df71" mindelta="1" diff --git a/danish/security/2005/dsa-856.wml b/danish/security/2005/dsa-856.wml deleted file mode 100644 index 2f9f8c658eb..00000000000 --- a/danish/security/2005/dsa-856.wml +++ /dev/null @@ -1,20 +0,0 @@ -designfejl - -

Arc Riley har opdaget at py2play, en netværksspilmaskien til peer-to-peer, -kunne udføre vilkårlig kode modtaget fra det p2p-spilnetværk, programmet er -sluttet til, uden nogen sikkerhedskontroller.

- -

Den gamle stabile distribution (woody) indeholder ikke py2play-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.1.7-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.1.8-1.

- -

Vi anbefaler at du opgraderer din py2play-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-856.data" -#use wml::debian::translation-check translation="f8b356fe6a46ae8ce64d8d433ec3f7074e46ddc9" mindelta="1" diff --git a/danish/security/2005/dsa-857.wml b/danish/security/2005/dsa-857.wml deleted file mode 100644 index 65458b747cb..00000000000 --- a/danish/security/2005/dsa-857.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikker midlertidig fil - -

Javier Fernández-Sanguino Peña har opdaget oprettelsen af en usikker -midlertidig fil i graphviz, et omfattende sæt værktøjer til tegning af grafer. -Problemet kan udnyttes af en lokal angriber til at overskrive vilkårlige -filer.

- -

I den gamle stabile distribution (woody) er problemet der formentlig også, -men pakken er ikke-fri (non-free).

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.2.1-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.2.1-1sarge1.

- -

Vi anbefaler at du opgraderer din graphviz-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-857.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-858.wml b/danish/security/2005/dsa-858.wml deleted file mode 100644 index f27a23189c9..00000000000 --- a/danish/security/2005/dsa-858.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Ariel Berkman har opdaget flere bufferoverløb i xloadimage, et -billedvisningsprogram til X11, som kunne udnyttes via lange billednavne, og -forårsage udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 4.1-10woody2.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4.1-14.3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.1-15.

- -

Vi anbefaler at du opgraderer din xloadimage-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-858.data" -#use wml::debian::translation-check translation="38231c2207ad44d374a08b633033122dcdebc6f1" mindelta="1" diff --git a/danish/security/2005/dsa-859.wml b/danish/security/2005/dsa-859.wml deleted file mode 100644 index 4495cb2dd39..00000000000 --- a/danish/security/2005/dsa-859.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Ariel Berkman har opdaget flere bufferoverløb i xloadimage, der også findes -i xli, et kommandolinjeværktøj til visning af billeder i X11. Bufferoverløbet -kunne udnyttes via lange billednavne, og forårsage udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 1.17.0-11woody2.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.17.0-18sarge1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din xli-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-859.data" -#use wml::debian::translation-check translation="0a3164efd9990ff9cbb981ec243d872ca0c2d395" mindelta="1" diff --git a/danish/security/2005/dsa-860.wml b/danish/security/2005/dsa-860.wml deleted file mode 100644 index 57e728a8d2b..00000000000 --- a/danish/security/2005/dsa-860.wml +++ /dev/null @@ -1,42 +0,0 @@ -programmeringsfejl - -

Yutaka Oiwa har opdaget en fejl i Ruby, fortolkeren til det -objektorienterede skriptsprog, som kan gøre det muligt for ulovlig programkode -at omgå det sikre niveau, forurene flagbeskyttelseskontroller og blive udført. -Følgende matriks oplyser om rettede versioner i vores distributioner:

- -
- - - - - - - - - - - - - - - - - - - - - - - - - -
 gammel stable (woody)stable (sarge)unstable (sid)
ruby1.6.7-3woody5n/an/a
ruby1.6n/a1.6.8-12sarge11.6.8-13
ruby1.8n/a1.8.2-7sarge21.8.3-1
-
- -

Vi anbefaler at du opgraderer dine ruby-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-860.data" -#use wml::debian::translation-check translation="bfd723b4be0ce015c6721bfd3c8fc2056603b9f7" mindelta="1" diff --git a/danish/security/2005/dsa-861.wml b/danish/security/2005/dsa-861.wml deleted file mode 100644 index 9cac7af4751..00000000000 --- a/danish/security/2005/dsa-861.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

"infamous41md" har opdaget et bufferoverløb i uw-imap, University of -Washingtons IMAP-server. Bufferoverløbet gjorde det muligt for angribere at -udføre vilkårlig kode.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2002edebian1-11sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2002edebian1-11sarge1.

- -

Vi anbefaler at du opgraderer dine uw-imap-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-861.data" -#use wml::debian::translation-check translation="51f874fb262eec870d6f8a20b72640eb894cc361" mindelta="1" diff --git a/danish/security/2005/dsa-862.wml b/danish/security/2005/dsa-862.wml deleted file mode 100644 index 237af2d60f8..00000000000 --- a/danish/security/2005/dsa-862.wml +++ /dev/null @@ -1,42 +0,0 @@ -programmeringsfejl - -

Yutaka Oiwa har opdaget en fejl i Ruby, fortolkeren til det -objektorienterede skriptsprog, som kan gøre det muligt for ulovlig programkode -at omgå det sikre niveau, forurene flagbeskyttelseskontroller og blive udført. -Følgende matriks oplyser om rettede versioner i vores distributioner:

- -
- - - - - - - - - - - - - - - - - - - - - - - - - -
 gammel stable (woody)stable (sarge)unstable (sid)
ruby1.6.7-3woody5n/an/a
ruby1.6n/a1.6.8-12sarge11.6.8-13
ruby1.8n/a1.8.2-7sarge21.8.3-1
-
- -

Vi anbefaler at du opgraderer dine ruby-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-862.data" -#use wml::debian::translation-check translation="bfd723b4be0ce015c6721bfd3c8fc2056603b9f7" mindelta="1" diff --git a/danish/security/2005/dsa-863.wml b/danish/security/2005/dsa-863.wml deleted file mode 100644 index fa34b80ab43..00000000000 --- a/danish/security/2005/dsa-863.wml +++ /dev/null @@ -1,21 +0,0 @@ -formatstrengssårbarhed - -

Ulf Härnhammar fra Debian Security Audit-projektet har opdaget en -formatstrengssårbarhed i CDDB-behandlingskomponenten i xine-lib, xine -video-/medie-afspillerbiblioteket. Sårbarheden kunne føre til udførelse af -vilkårlig kode, forårsaget af en ondsindet CDDB-post.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.9.8-2woody4.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.1-1sarge1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libxine0- og libxine1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-863.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-864.wml b/danish/security/2005/dsa-864.wml deleted file mode 100644 index 9e42426902c..00000000000 --- a/danish/security/2005/dsa-864.wml +++ /dev/null @@ -1,42 +0,0 @@ -programmeringsfejl - -

Yutaka Oiwa har opdaget en fejl i Ruby, fortolkeren til det -objektorienterede skriptsprog, som kan gøre det muligt for ulovlig programkode -at omgå det sikre niveau, forurene flagbeskyttelseskontroller og blive udført. -Følgende matriks oplyser om rettede versioner i vores distributioner:

- -
- - - - - - - - - - - - - - - - - - - - - - - - - -
 gammel stable (woody)stable (sarge)unstable (sid)
ruby1.6.7-3woody5n/an/a
ruby1.6n/a1.6.8-12sarge11.6.8-13
ruby1.8n/a1.8.2-7sarge21.8.3-1
-
- -

Vi anbefaler at du opgraderer dine ruby-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-864.data" -#use wml::debian::translation-check translation="1eae137f08708f4b215ac389716ec0d555338529" mindelta="1" diff --git a/danish/security/2005/dsa-865.wml b/danish/security/2005/dsa-865.wml deleted file mode 100644 index 327b4154cfd..00000000000 --- a/danish/security/2005/dsa-865.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikre midlertidige filer - -

Javier Fernández-Sanguino Peña har opdaget at flere skripter hørende til -hylefax-programpakken, et fleksibelt klient/server-faxprogram, oprettede -midlertidige filer og mapper på en usikker måde, hvilket gjode dem sårbare over -for symlink-udnyttelser.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 4.1.1-3.2.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.2.1-5sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.2.2-1.

- -

Vi anbefaler at du opgraderer dine hylafax-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-865.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-866.wml b/danish/security/2005/dsa-866.wml deleted file mode 100644 index bbb5ad8bd69..00000000000 --- a/danish/security/2005/dsa-866.wml +++ /dev/null @@ -1,78 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede probelmer er opdaget i Mozilla og afledte -programmer. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CAN-2005-2871 - -

    Tom Ferris har opdaget en fejl i Mozillas håndtering af IDN-værtsnavne, - der gjorde det muligt for fjernangribere at forårsage et lammelesangreb - (denial of service) og muligvis udføre vilkårlig via et værtsnavn - indeholdende bindestreger.

    • - -
  • CAN-2005-2701 - -

    Et bufferoverløb gjorde det muligt for angribere at udføre vilkårlig - kode via en XBM-billedfil, der sluttede med et stort antal mellemrum, i - stedet for det forventede afsluttende tag.

    • - -
  • CAN-2005-2702 - -

    Mats Palmgren har opdaget et bufferoverløb i fortolkeren af - Unicode-strenge, der gjorde det muligt for særligt fremstillede - Unicode-sekvenser at få en buffer til at løbe over, og dermed udføre - vilkårlig kode.

    • - -
  • CAN-2005-2703 - -

    Fjernangribere kunne forfalske HTTP-headere hørende til XML - HTTP-forespørgsler via XMLHttpRequest, og muligvis anvende klienten til at - udnytte sårbarheder i servere eller proxy'er.

    • - -
  • CAN-2005-2704 - -

    Fjernangribere kunne forfalske DOM-objekter via en XBL-kontrol, der - implementerer en intern XPCOM-snitflade.

    • - -
  • CAN-2005-2705 - -

    Georgi Guninski har opdaget et heltalsoverløb i JavaScript-maskinen, - der kunne gøre det muligt for fjernangribere at udføre vilkårlig - kode.

    • - -
  • CAN-2005-2706 - -

    Fjernangribere kunne udføre Javascript-kode med chrome-rettigheder via - en about:-side som for eksempel about:mozilla.

    • - -
  • CAN-2005-2707 - -

    Fjernangribere kunne åbne vinduer uden brugergrænsefladekomponenter som - adresse- og statuslinje, hvilket kunne anvendes til udførelsen af - forfalsknings- eller phishing-angreb..

    • - -
  • CAN-2005-2968 - -

    Peter Zelezny har opdaget at shell-metategn ikke blev indkapslet - korrekt, når de blev overføret til et shell-skript, hvilket gjorde det - muligt at udføre vilkårlige kommandoer, for eksempel når en ondsindet URL - automatisk blev kopieret fra et andet program ind i Mozilla som - standardbrowseren.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.7.8-1sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.7.12-1.

- -

Vi anbefaler at du opgraderer din mozilla-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-866.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-867.wml b/danish/security/2005/dsa-867.wml deleted file mode 100644 index 910b9a3ba65..00000000000 --- a/danish/security/2005/dsa-867.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker midlertidig fil - -

Eduard Bloch har opdaget at en rule-fil i module-assistant, et værktøj til -at gøre det nemmere at oprette modul-pakker, opretter en midlertidig fil på en -usikker måde. Den udføres normalt også fra andre pakker.

- -

Den gamle stabile distribution (woody) indeholder ikke en -module-assistant-pakke.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.10.

- -

Vi anbefaler at du opgraderer din module-assistant-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-867.data" -#use wml::debian::translation-check translation="1f93df0fd3c41c553b94531dbec2bd78a3570ca8" mindelta="1" diff --git a/danish/security/2005/dsa-868.wml b/danish/security/2005/dsa-868.wml deleted file mode 100644 index 76d8c2fbd3b..00000000000 --- a/danish/security/2005/dsa-868.wml +++ /dev/null @@ -1,80 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede probelmer er opdaget i Mozilla og afledte -programmer. Flere af de følgende problemer vedrører ikke direkte Mozilla -Thunderbird, selv om koden findes. For at holde koden synkroniseret med -opstrøm, er den ikke desto mindre blevet ændret. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-2871 - -

    Tom Ferris har opdaget en fejl i Mozillas håndtering af IDN-værtsnavne, - der gjorde det muligt for fjernangribere at forårsage et lammelesangreb - (denial of service) og muligvis udføre vilkårlig via et værtsnavn - indeholdende bindestreger.

    • - -
  • CAN-2005-2701 - -

    Et bufferoverløb gjorde det muligt for angribere at udføre vilkårlig - kode via en XBM-billedfil, der sluttede med et stort antal mellemrum, i - stedet for det forventede afsluttende tag.

    • - -
  • CAN-2005-2702 - -

    Mats Palmgren har opdaget et bufferoverløb i fortolkeren af - Unicode-strenge, der gjorde det muligt for særligt fremstillede - Unicode-sekvenser at få en buffer til at løbe over, og dermed udføre - vilkårlig kode.

    • - -
  • CAN-2005-2703 - -

    Fjernangribere kunne forfalske HTTP-headere hørende til XML - HTTP-forespørgsler via XMLHttpRequest, og muligvis anvende klienten til at - udnytte sårbarheder i servere eller proxy'er.

    • - -
  • CAN-2005-2704 - -

    Fjernangribere kunne forfalske DOM-objekter via en XBL-kontrol, der - implementerer en intern XPCOM-snitflade.

    • - -
  • CAN-2005-2705 - -

    Georgi Guninski har opdaget et heltalsoverløb i JavaScript-maskinen, - der kunne gøre det muligt for fjernangribere at udføre vilkårlig - kode.

    • - -
  • CAN-2005-2706 - -

    Fjernangribere kunne udføre Javascript-kode med chrome-rettigheder via - en about:-side som for eksempel about:mozilla.

    • - -
  • CAN-2005-2707 - -

    Fjernangribere kunne åbne vinduer uden brugergrænsefladekomponenter som - adresse- og statuslinje, hvilket kunne anvendes til udførelsen af - forfalsknings- eller phishing-angreb..

    • - -
  • CAN-2005-2968 - -

    Peter Zelezny har opdaget at shell-metategn ikke blev indkapslet - korrekt, når de blev overføret til et shell-skript, hvilket gjorde det - muligt at udføre vilkårlige kommandoer, for eksempel når en ondsindet URL - automatisk blev kopieret fra et andet program ind i Mozilla som - standardbrowseren.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.2-2.sarge1.0.7.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.0.7-1.

- -

Vi anbefaler at du opgraderer din mozilla-thunderbird-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-868.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-869.wml b/danish/security/2005/dsa-869.wml deleted file mode 100644 index cab513c18ed..00000000000 --- a/danish/security/2005/dsa-869.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Udviklerne af eric, et komplet udviklingsmiljø (IDE) til Python, har rettet -en fejl i behandlingen af projektfiler, som kunne medføre udførelse af -vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken eric.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.6.2-2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.7.2-1.

- -

Vi anbefaler at du opgraderer din eric-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-869.data" -#use wml::debian::translation-check translation="331ad288d42e0eef51cc4059c52db8833771d2bd" mindelta="1" diff --git a/danish/security/2005/dsa-870.wml b/danish/security/2005/dsa-870.wml deleted file mode 100644 index 3b55770730d..00000000000 --- a/danish/security/2005/dsa-870.wml +++ /dev/null @@ -1,25 +0,0 @@ -manglende kontrol af inddata - -

Tavis Ormandy har bemærket at sudo, et program der giver begrænsede -superbrugerrettigheder til specifikke brugere, ikke renser miljøet -tilstrækkeligt. Variablerne SHELLOPTS og PS4 er farlige, og blev sendt videre -til programmer, der kørte som en priviligeret bruger. Dette kunne medføre -udførelse af vilkårlige kommandoer som en priviligeret bruger, når et -bash-skript blev udført. Disse sårbarheder kunne kun udnyttes af brugere der -var givet begrænsede superbrugerrettigheder.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.6.6-1.4.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.6.8p7-1.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.6.8p9-3.

- -

Vi anbefaler at du opgraderer din sudo-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-870.data" -#use wml::debian::translation-check translation="ccd0ca3ef29b95e94ec67516eac5c22252be2847" mindelta="1" diff --git a/danish/security/2005/dsa-871.wml b/danish/security/2005/dsa-871.wml deleted file mode 100644 index e280a8b0b74..00000000000 --- a/danish/security/2005/dsa-871.wml +++ /dev/null @@ -1,20 +0,0 @@ -formatstrengssårbarhed - -

Steve Kemp har opdaget to formatstrengssårbarheder i libgda2, GNOME Data -Access-biblioteket til GNOME2, hvilket kunne medføre udførelse af vilkårlig -kode i programmer, der anvendte dette bibliotek.

- -

Den gamle stabile distribution (woody) er ikke påvirket af disse -problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.2.1-2sarge1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libgda2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-871.data" -#use wml::debian::translation-check translation="34c55345d6786a4ac7fd763622da12933134bd3c" mindelta="1" diff --git a/danish/security/2005/dsa-872.wml b/danish/security/2005/dsa-872.wml deleted file mode 100644 index a82934acc48..00000000000 --- a/danish/security/2005/dsa-872.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Chris Evans har opdaget et bufferoverløb kwords RTF-importeringsrutine, -Kword er et tekstbehandlingsprogram i KDE Office Suite. Sårbarheden kunne -medføre udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken kword.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.3.5-4.sarge.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.3.5-5.

- -

Vi anbefaler at du opgraderer din kword-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-872.data" -#use wml::debian::translation-check translation="2b1d16e6a43c1650860788971d6d164011e27691" mindelta="1" diff --git a/danish/security/2005/dsa-873.wml b/danish/security/2005/dsa-873.wml deleted file mode 100644 index 6b90d676250..00000000000 --- a/danish/security/2005/dsa-873.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

En sikkerhedssårbarhed er fundet i Net-SNMP-udgivelserne, denne kunne gøre -det muligt at udføre et lammelsesangreb (denial of service) mod -Net-SNMP-agenter der havde åbent et streambaseret protokol (eksempelvis TCP, -men ikke UDP). Som standard åbner Net-SNMP ikke en TCP-port.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken net-snmp.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 5.1.2-6.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 5.2.1.2-1.

- -

Vi anbefaler at du opgraderer din net-snmp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-873.data" -#use wml::debian::translation-check translation="4c4067c9d1421234647798d3a49d507033d044c5" mindelta="1" diff --git a/danish/security/2005/dsa-874.wml b/danish/security/2005/dsa-874.wml deleted file mode 100644 index 647a0812c55..00000000000 --- a/danish/security/2005/dsa-874.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Ulf Härnhammar har opdaget et bufferoverløb inlynx, en tekstbaseret browser -til WWW, som kunne fjernudnyttes. Under håndteringen af asiatiske tegn ved -forbindelse til en NNTP-server, kunne lynx narres til at skrive ud over en -buffers grænser, hvilket kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.8.4.1b-3.3.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.8.5-2sarge1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din lynx-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-874.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-875.wml b/danish/security/2005/dsa-875.wml deleted file mode 100644 index bad518da703..00000000000 --- a/danish/security/2005/dsa-875.wml +++ /dev/null @@ -1,56 +0,0 @@ -kryptografisk svaghed - -

Yutaka Oiwa har opdaget en sårbarhed i biblioteket Open Secure Socket Layer -(OpenSSL), der kunne gøre det muligt for en angriber at udføre aktive -protokoltilbagerulning-angreb, hvilket kunne medføre anvendelse af den svagere -SSL 2.0-protokol, selvom begge parter understøttede SSL 3.0 eller TLS 1.0.

- -

Følgende matriks forklarer om rettede versioner i vores distributioner.

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 oldstable (woody)stable (sarge)unstable (sid)
openssl0.9.6c-2.woody.80.9.7e-3sarge10.9.8-3
openssl0940.9.4-6.woody.4n/an/a
openssl0950.9.5a-6.woody.6n/an/a
openssl096n/a0.9.6m-1sarge1n/a
openssl097n/an/a0.9.7g-5
-
- -

Vi anbefaler at du opgraderer dine libssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-875.data" -#use wml::debian::translation-check translation="392810a7c694fac31d80b36f681fb5ad96ba9e97" mindelta="1" diff --git a/danish/security/2005/dsa-876.wml b/danish/security/2005/dsa-876.wml deleted file mode 100644 index 61aa68d3c77..00000000000 --- a/danish/security/2005/dsa-876.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Ulf Härnhammar har opdaget et bufferoverløb inlynx, en tekstbaseret browser -til WWW, som kunne fjernudnyttes. Under håndteringen af asiatiske tegn ved -forbindelse til en NNTP-server, kunne lynx narres til at skrive ud over en -buffers grænser, hvilket kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.8.4.1b-3.2.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.8.5-2sarge1 of lynx.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din lynx-ssl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-876.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-877.wml b/danish/security/2005/dsa-877.wml deleted file mode 100644 index 658e80a3598..00000000000 --- a/danish/security/2005/dsa-877.wml +++ /dev/null @@ -1,36 +0,0 @@ -udførelse af skript på tværs af websteder, mappegennemløb - -

Steve Kemp har opdaget to sårbarheder i gnump3d, en streaming-server til -MP3- og OGG-filer. Common Vulnerabilities and Exposures Project har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2005-3122 - -

    404-fejlsiden fjerner ikke ondsindet javascript-indhold fra - resultatsiden, hvilket kunne udføres på offerets maskine.

    -
    • - -
  • CVE-2005-3123 - -

    Med anvendelse af særligt fremstillede URL'er, var det muligt at læse - vilkårlige filer, som brugeren af streaming-serveren havde adgang til.

    -
    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke pakken gnump3d.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.9.3-1sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.9.6-1.

- -

Vi anbefaler at du opgraderer din gnump3d-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-877.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-878.wml b/danish/security/2005/dsa-878.wml deleted file mode 100644 index c2281a26539..00000000000 --- a/danish/security/2005/dsa-878.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er fundet i pnmtopng-komponenten i pakken netpbm, en -samling værktøjer til konvertering af grafik. Denne sårbarhed kunne gøre det -muligt for en angriber at udføre vilkårlig kode som en lokal bruger vha. en -særligt fremstillet PNM-fil.

- -

Den gamle stabile distribution (woody) er ikke sårbar over for dette -problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 10.0-8sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 10.0-10.

- -

Vi anbefaler at du opgraderer dine netpbm-free-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-878.data" -#use wml::debian::translation-check translation="8346659bed3644545fd92d72dc98eaf76a9b900f" mindelta="1" diff --git a/danish/security/2005/dsa-879.wml b/danish/security/2005/dsa-879.wml deleted file mode 100644 index 73704ed61f6..00000000000 --- a/danish/security/2005/dsa-879.wml +++ /dev/null @@ -1,19 +0,0 @@ -programmeringsfejl - -

En fejl i gallery som giver alle registrerede postnuke-brugere fuld adgang -til programmet, er opdaget.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.5-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.5-2.

- -

Vi anbefaler at du opgraderer din gallery-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-879.data" -#use wml::debian::translation-check translation="1e20f57ad1f3bcc6113c689183fd14eb4f687a14" mindelta="1" diff --git a/danish/security/2005/dsa-880.wml b/danish/security/2005/dsa-880.wml deleted file mode 100644 index 5dd280612e0..00000000000 --- a/danish/security/2005/dsa-880.wml +++ /dev/null @@ -1,48 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder i forbindelse med udførelse af skripter på tværs af -websteder (cross-site scripting), er opdaget i phpmyadmin, der er en samling -PHP-skripter til administrering af MySQL over WWW. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CAN-2005-2869 - -

    Andreas Kerber og Michal Cihar har opdaget flere sårbarheder i - forbindelse med udførelse af skripter på tværs af websteder på fejlsiden og - i cookie-login'en.

    -
    • - -
  • CVE-2005-3300 - -

    Stefan Esser har opdaget manglende sikkerhedskontroller i - grab_globals.php, der kunne gøre det muligt for en angriber at få - phpmyadmin til at medtage en vilkårlig lokal fil.

    -
    • - -
  • CVE-2005-3301 - -

    Tobias Klein har opdaget flere sårbarheder i forbindelse med udførelse - af skripter på tværs af websteder, hvilket kunne gøre det muligt for - angribere at indsprøjte vilkårlig HTML-kode eller klientside-skripter.

    -
    • - -
- -

Versionen i den gamle stabile distribution (woody) har formentlig sine egne -fejl, og er ikke nem at rette uden en komplet audit- og rettelsesseance. Den -nemmeste måde er at opgradere fra woody til sarge.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.6.2-3sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.6.4-pl3-1.

- -

Vi anbefaler at du opgraderer din phpmyadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-880.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-881.wml b/danish/security/2005/dsa-881.wml deleted file mode 100644 index 9882d228ac8..00000000000 --- a/danish/security/2005/dsa-881.wml +++ /dev/null @@ -1,56 +0,0 @@ -kryptografisk svaghed - -

Yutaka Oiwa har opdaget en sårbarhed i biblioteket Open Secure Socket Layer -(OpenSSL), der kunne gøre det muligt for en angriber at udføre aktive -protokoltilbagerulning-angreb, hvilket kunne medføre anvendelse af den svagere -SSL 2.0-protokol, selvom begge parter understøttede SSL 3.0 eller TLS 1.0.

- -

Følgende matriks forklarer om rettede versioner i vores distributioner.

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 oldstable (woody)stable (sarge)unstable (sid)
openssl0.9.6c-2.woody.80.9.7e-3sarge10.9.8-3
openssl0940.9.4-6.woody.4n/an/a
openssl0950.9.5a-6.woody.6n/an/a
openssl096n/a0.9.6m-1sarge1n/a
openssl097n/an/a0.9.7g-5
-
- -

Vi anbefaler at du opgraderer dine libssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-881.data" -#use wml::debian::translation-check translation="871183d7cc8b0aa6f49d99643125fc67310d67fa" mindelta="1" diff --git a/danish/security/2005/dsa-882.wml b/danish/security/2005/dsa-882.wml deleted file mode 100644 index 465aee491fd..00000000000 --- a/danish/security/2005/dsa-882.wml +++ /dev/null @@ -1,56 +0,0 @@ -kryptografisk svaghed - -

Yutaka Oiwa har opdaget en sårbarhed i biblioteket Open Secure Socket Layer -(OpenSSL), der kunne gøre det muligt for en angriber at udføre aktive -protokoltilbagerulning-angreb, hvilket kunne medføre anvendelse af den svagere -SSL 2.0-protokol, selvom begge parter understøttede SSL 3.0 eller TLS 1.0.

- -

Følgende matriks forklarer om rettede versioner i vores distributioner.

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 oldstable (woody)stable (sarge)unstable (sid)
openssl0.9.6c-2.woody.80.9.7e-3sarge10.9.8-3
openssl0940.9.4-6.woody.4n/an/a
openssl0950.9.5a-6.woody.6n/an/a
openssl096n/a0.9.6m-1sarge1n/a
openssl097n/an/a0.9.7g-5
-
- -

Vi anbefaler at du opgraderer dine libssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-882.data" -#use wml::debian::translation-check translation="4e049f9a2b94b208f2f1052cfb38addcbb88d835" mindelta="1" diff --git a/danish/security/2005/dsa-883.wml b/danish/security/2005/dsa-883.wml deleted file mode 100644 index 754d84913fd..00000000000 --- a/danish/security/2005/dsa-883.wml +++ /dev/null @@ -1,23 +0,0 @@ -usikker midlertidig fil - -

Javier Fernández-Sanguino Peña fra Debians Debian Security Audit-teamet har -opdaget at skriptet syslogtocern fra thttpd, en lille webserver, anvendte en -midlertidig fil på en usikker måde, hvilket gjorde det muligt for en lokal -angriber at iværksætte et symlink-angreb til overskrivelse af vilkårlige -filer.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.21b-11.3.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.23beta1-3sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.23beta1-4.

- -

Vi anbefaler at du opgraderer din thttpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-883.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-884.wml b/danish/security/2005/dsa-884.wml deleted file mode 100644 index bcb10a0a142..00000000000 --- a/danish/security/2005/dsa-884.wml +++ /dev/null @@ -1,21 +0,0 @@ -designfejl - -

Mike O'Connor har opdaget at standardinstalleringen af Horde3 i Debian -indeholdt en administrativ konto uden adgangskode. Allerede opsatte -installeringer vil ikke blive ændret af enne opdatering.

- -

Den gamle stabile distribution (woody) indeholder ikke pakker horde3.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.0.4-4sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.0.5-2

- -

Hvis programmet er installeret, anbefaler vi at du kontrollerer din -admin-konto i horde3.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-884.data" -#use wml::debian::translation-check translation="64abbc5bd95032249f8946884416961bbe78f258" mindelta="1" diff --git a/danish/security/2005/dsa-885.wml b/danish/security/2005/dsa-885.wml deleted file mode 100644 index 2fa6792a1e2..00000000000 --- a/danish/security/2005/dsa-885.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i OpenVPN, en frit tilgængelig virtual private -network-dæmon. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende problemer:

- -
    - -
  • CVE-2005-3393 - -

    En formatstrengssårbarhed er opdaget, den kunne gøre det muligt at - udføre vilkårlig kode på klienten.

    • - -
  • CVE-2005-3409 - -

    En NULL-pointer dereference er opdaget, den kunne udnyttes til at få - servicen til at gå ned.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke openvpn-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.0-1sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.0.5-1.

- -

Vi anbefaler at du opgraderer din openvpn-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-885.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-886.wml b/danish/security/2005/dsa-886.wml deleted file mode 100644 index b4f63642ae4..00000000000 --- a/danish/security/2005/dsa-886.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i chmlib, et bibliotek til håndtering af -filer i CHM-formatet. Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-2659 - -

    Palasik Sandor har opdaget et bufferoverløb i dekomprimeringsmetoden - LZX.

    • - -
  • CVE-2005-2930 - -

    Et bufferoverløb er opdaget, som kunne medføre udførelse af vilkårlig - kode.

    • - -
  • CVE-2005-3318 - -

    Sven Tantau har opdaget et bufferoverløb, som kunne medføre udførelse af - vilkårlig kode.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke chmlib-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.35-6sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.37-2.

- -

Vi anbefaler at du opgraderer dine chmlib-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-886.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-887.wml b/danish/security/2005/dsa-887.wml deleted file mode 100644 index d4f9146426b..00000000000 --- a/danish/security/2005/dsa-887.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i Clam AntiVirus, antivirus-scanneren til Unix, -som er designet til at blive integreret med mailservere for at kunne udføre -scanning af vedhæftede filer. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-3239 - -

    OLE2-udpakkeren tillod at fjernangribere kunne forårsage en - segmenteringsfejl via DOC-filer med et ugyldigt egenskabstræ, hvilket - iværksatte en uendelig løkke.

    • - -
  • CVE-2005-3303 - -

    En særligt fremstillet udførbar fil komprimeret med FSG 1.33, kunne - forårsage at udpakkeren skrev ud over buffergrænser, hvilket gjorde det - muligt for en angriber at udføre vilkårlig kode.

    • - -
  • CVE-2005-3500 - -

    En særligt fremstillet CAB-fil kunne få ClamAV til at gå i en uendelig - løkke, og anvende alle tilgængelige processorressourcer, medførende et - lammelsesangreb (denial of service).

    • - -
  • CVE-2005-3501 - -

    En særligt fremstillet CAB-fil kunne få ClamAV til at gå i en uendelig - løkke, og anvende alle tilgængelige processorressourcer, medførende et - lammelsesangreb (denial of service).

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke clamav-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.84-2.sarge.6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.87.1-1.

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-887.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-888.wml b/danish/security/2005/dsa-888.wml deleted file mode 100644 index 66ed0f5a474..00000000000 --- a/danish/security/2005/dsa-888.wml +++ /dev/null @@ -1,56 +0,0 @@ -kryptografisk svaghed - -

Yutaka Oiwa har opdaget en sårbarhed i biblioteket Open Secure Socket Layer -(OpenSSL), der kunne gøre det muligt for en angriber at udføre aktive -protokoltilbagerulning-angreb, hvilket kunne medføre anvendelse af den svagere -SSL 2.0-protokol, selvom begge parter understøttede SSL 3.0 eller TLS 1.0.

- -

Følgende matriks forklarer om rettede versioner i vores distributioner.

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 oldstable (woody)stable (sarge)unstable (sid)
openssl0.9.6c-2.woody.80.9.7e-3sarge10.9.8-3
openssl0940.9.4-6.woody.4n/an/a
openssl0950.9.5a-6.woody.6n/an/a
openssl096n/a0.9.6m-1sarge1n/a
openssl097n/an/a0.9.7g-5
-
- -

Vi anbefaler at du opgraderer dine libssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-888.data" -#use wml::debian::translation-check translation="9752943468ef3f78cb1755450b62046b3739e48a" mindelta="1" diff --git a/danish/security/2005/dsa-889.wml b/danish/security/2005/dsa-889.wml deleted file mode 100644 index f2708a6fea0..00000000000 --- a/danish/security/2005/dsa-889.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Hadmut Danish har opdaget en fejl i enigmail, GPG-understøttelse til Mozilla -MailNews og Mozilla Thunderbird. Fejlen kunne medføre kryptering af mail med -den forkerte offentlige nøgle, hvorved der potentielt kunne afsløres følsomme -oplysninger til andre.

- -

Den gamle stabile distribution (woody) indeholder ikke enigmail-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.91-4sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.93-1.

- -

Vi anbefaler at du opgraderer dine enigmail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-889.data" -#use wml::debian::translation-check translation="9b9ce26c1b7eed58cb41e2512f9bd745f8bb6cf2" mindelta="1" diff --git a/danish/security/2005/dsa-890.wml b/danish/security/2005/dsa-890.wml deleted file mode 100644 index ea5482349e8..00000000000 --- a/danish/security/2005/dsa-890.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Chris Evans har opdaget flere sikkerhedsrelaterede problemer i libungif4, et -delt bibliotek til GIF-billeder. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2005-2974 - -

    Null-pointer-dereference, der kunne forårsage et lammelsesangreb (a - denial of service).

    • - -
  • CVE-2005-3350 - -

    Adgang til hukommelse uden for grænserne, der kunne forårsage et - lammelsesangreb (denial of service) eller udførelse af vilkårlig - kode.

    • - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 4.1.0b1-2woody1.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4.1.3-2sarge1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libungif4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-890.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-891.wml b/danish/security/2005/dsa-891.wml deleted file mode 100644 index dcb98a5e963..00000000000 --- a/danish/security/2005/dsa-891.wml +++ /dev/null @@ -1,20 +0,0 @@ -formatstreng - -

Kevin Finisterre har opdaget en formatstrengssårbarhed i gpsdrive, et -bilnagiveringssystem. Sårbarheden kunne føre til udførelse af vilkårlig -kode.

- -

Den gamle stabile distribution (woody) indeholder ikke gpsdrive-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.09-2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.09-2sarge1.

- -

Vi anbefaler at du opgraderer din gpsdrive-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-891.data" -#use wml::debian::translation-check translation="f3a36390285bc6cf25eb56b98f126f7c43668ca4" mindelta="1" diff --git a/danish/security/2005/dsa-892.wml b/danish/security/2005/dsa-892.wml deleted file mode 100644 index 551cc14c78c..00000000000 --- a/danish/security/2005/dsa-892.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Peter Vreugdenhil har opdaget at awstats, et funktionsfyldt program til -analysering af webserverlogfiler, sendte brugerleverede oplysninger til en -eval()-funktion, hvilket gjorde det muligt for fjernangribere at udføre -vilkårlige Perl-kommandoer.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 6.4-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.4-1.1.

- -

Vi anbefaler at du opgraderer din awstats-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-892.data" -#use wml::debian::translation-check translation="584faa2a3070dfb30c55f7f325441f91037b79a1" mindelta="1" diff --git a/danish/security/2005/dsa-893.wml b/danish/security/2005/dsa-893.wml deleted file mode 100644 index bf3df0c90b2..00000000000 --- a/danish/security/2005/dsa-893.wml +++ /dev/null @@ -1,33 +0,0 @@ -manglende kontrol af inddata - -

Remco Verhoef har opdaget en sårbarhed i acidlab, Analysis Console for -Intrusion Databases, og i acidbase, Basic Analysis and Security Engine, der -kunne udnyttes af ondsindede brugere til at udføre -SQL-indsprøjtningsangreb.

- -

Vedligeholderne af Analysis Console for Intrusion Databases (ACID) i Debian, -som BASE er afledt af, har efter en sikkerhedsaudit af både BASE og ACID -konstateret at den fundne fejl ikke kun påvirkede komponenterne -base_qry_main.php (i BASE) og acid_qry_main.php (i ACID), men også fandtes i -andre elementer i konsollerne på grund af ukorrekt validering og filtrering af -parametre.

- -

Alle de fundne fejl i forbindelse med SQL-indspøjtning og udførelse af -skripter på tværs af websteder (cross site scripting) er rettet i -Debian-pakken, hvilket lukker alle de fundne angrebsvektorer.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.9.6b20-2.1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.6b20-10.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.6b20-13 og i version 1.2.1-1 af acidbase.

- -

Vi anbefaler at du opgraderer dine acidlab- og acidbase-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-893.data" -#use wml::debian::translation-check translation="addc61ecdf4acb05991f97207f3eb3ff93df5b93" mindelta="1" diff --git a/danish/security/2005/dsa-894.wml b/danish/security/2005/dsa-894.wml deleted file mode 100644 index b8daddf1223..00000000000 --- a/danish/security/2005/dsa-894.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Chris Evans har opdaget flere bufferoverløb i RTF-importmekanismen i AbiWord, -et WYSIWYG-tekstbehandlingsprogram baseret på GTK 2. Åbning af en særligt -fremstillet RTF-fil kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 1.0.2+cvs.2002.06.05-1woody3.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.2.7-3sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.4.1-1.

- -

Vi anbefaler at du opgraderer din abiword-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-894.data" -#use wml::debian::translation-check translation="8593910a04bb43ed32aa8bcc4177b329514ac902" mindelta="1" diff --git a/danish/security/2005/dsa-895.wml b/danish/security/2005/dsa-895.wml deleted file mode 100644 index f998d3b7555..00000000000 --- a/danish/security/2005/dsa-895.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Masanari Yamamoto har opdaget ukorrekt anvendelse af miljøvariable i uim, en -fleksibel samling og bibliotek bestående af inputmetoder. Fejlen kunne føre til -rettighedsforøgelse i setuid/setgid-programmer linket til libuim. I Debian er i -hvert fald mlterm påvirket.

- -

Den gamle stabile distribution (woody) indeholder ikke uim-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.4.6final1-3sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.4.7-2.

- -

Vi anbefaler at du opgraderer dine libuim-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-895.data" -#use wml::debian::translation-check translation="b791730e61f6df891c335d141ff7b3c796b06b6b" mindelta="1" diff --git a/danish/security/2005/dsa-896.wml b/danish/security/2005/dsa-896.wml deleted file mode 100644 index 5d3f58997cf..00000000000 --- a/danish/security/2005/dsa-896.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i ftpd-ssl, en simple BSD FTP-server med -understøttelse af SSL-kryptering. Bufferoverløbet kunne medføre udførelse af -vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke -linux-ftpd-ssl-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.17.18+0.3-3sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.17.18+0.3-5.

- -

Vi anbefaler at du opgraderer din ftpd-ssl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-896.data" -#use wml::debian::translation-check translation="3b466ff8305c5343381072f8cbaa1b7624800eba" mindelta="1" diff --git a/danish/security/2005/dsa-897.wml b/danish/security/2005/dsa-897.wml deleted file mode 100644 index fb5f69f1257..00000000000 --- a/danish/security/2005/dsa-897.wml +++ /dev/null @@ -1,42 +0,0 @@ -programmeringsfejl - -

Flere sårbarheder er opdaget i phpsysinfo, et PHP-baseret program der viser -oplysninger om værtsmaskinen. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-0870 - -

    Maksymilian Arciemowicz har opdaget flere problemer med udførelse af - skripter på tværs af servere, hvoraf ikke alle blev rettet i - DSA 724.

    • - -
  • CVE-2005-3347 - -

    Christopher Kunz har opdaget at lokale variable blev overskrivet - betingelsesløst og at de senere blev anset for at være troværdige, hvilket - kunne medføre indlæsning af vilkårlige filer.

    • - -
  • CVE-2005-3348 - -

    Christopher Kunz har opdaget at brugerleverede inddata anvendes - ukontrolleret, hvilket forårsagede et opsplitningsproblem i HTTP - Response.

    • - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 2.0-3woody3.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.3-4sarge1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din phpsysinfo-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-897.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-898.wml b/danish/security/2005/dsa-898.wml deleted file mode 100644 index 15b9393a3a3..00000000000 --- a/danish/security/2005/dsa-898.wml +++ /dev/null @@ -1,43 +0,0 @@ -programmeringsfejl - -

Flere sårbarheder er opdaget i phpsysinfo, et PHP-baseret program der viser -oplysninger om værtsmaskinen og er indeholdt i phpgroupware. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-0870 - -

    Maksymilian Arciemowicz har opdaget flere problemer med udførelse af - skripter på tværs af servere, hvoraf ikke alle blev rettet i - DSA 724.

    • - -
  • CVE-2005-3347 - -

    Christopher Kunz har opdaget at lokale variable blev overskrivet - betingelsesløst og at de senere blev anset for at være troværdige, hvilket - kunne medføre indlæsning af vilkårlige filer.

    • - -
  • CVE-2005-3348 - -

    Christopher Kunz har opdaget at brugerleverede inddata anvendes - ukontrolleret, hvilket forårsagede et opsplitningsproblem i HTTP - Response.

    • - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 0.9.14-0.RC3.2.woody5.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.9.16.005-3.sarge4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.9.16.008-2.

- -

Vi anbefaler at du opgraderer dine phpgroupware-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-898.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-899.wml b/danish/security/2005/dsa-899.wml deleted file mode 100644 index de7d49957ef..00000000000 --- a/danish/security/2005/dsa-899.wml +++ /dev/null @@ -1,52 +0,0 @@ -programmeringsfejl - -

Flere sårbarheder er opdaget i egroupware, en webbaseret samling af -groupware-programmer. Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-0870 - -

    Maksymilian Arciemowicz har opdaget flere problemer med udførelse af - skripter på tværs af servere i phpsysinfo, som også er at finde i den - importerede version i egroupware, hvoraf ikke alle problemer blev rettet i - DSA 724.

    • - -
  • CVE-2005-2600 - -

    Alexander Heidenreich har opdaget et problem i forbindelse med udførelse - af skripter på tværs af websteder i FUD Forum Bulletin Board Software - trævisning, som også findes i egroupware og gjorde det muligt for - fjernangribere at læse private meddelelser via et tilrettet - mid-parameter.

    • - -
  • CVE-2005-3347 - -

    Christopher Kunz har opdaget at lokale variable blev overskrivet - betingelsesløst i phpsysinfo, som også findes i egroupware, og at de senere - blev anset for at være troværdige, hvilket kunne medføre indlæsning af - vilkårlige filer.

    • - -
  • CVE-2005-3348 - -

    Christopher Kunz har opdaget at brugerleverede inddata anvendes - ukontrolleret i phpsysinfo og importeres i egroupware, hvilket forårsagede - et opsplitningsproblem i HTTP Response.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke pakker egroupware-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.0.007-2.dfsg-2sarge4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.0.009.dfsg-3-3.

- -

Vi anbefaler at du opgraderer dine egroupware-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-899.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-900.wml b/danish/security/2005/dsa-900.wml deleted file mode 100644 index 1148760c13a..00000000000 --- a/danish/security/2005/dsa-900.wml +++ /dev/null @@ -1,33 +0,0 @@ -programmeringsfejl - -

På grund af en restriktiv afhængighedsdefinition af fetchmail-ssl kunne den -opdaterede fetchmailconf-pakke ikke installeres på den gamle stabile -distribution (woody) sammen med fetchmail-ssl. Denne opdatering slækker på -afhængighedsdefinitionen, så opdateringen kan hentes. For fuldstændighedens -skyld er herunder den oprindelige bulletins tekst:

- -
-

Thomas Wolff har opdaget at programmet fetchmailconf, der leveres som en -del af fetchmail, et program med SSL-understøttelse til hentning og -videresendelse af POP3-, APOP- og IMAP-mail, oprettede den nye opsætning på en -usikker måde, der kunne lække adgangskoder til postkonti til lokale brugere.

-
- -

Denne opdatering retter også en regression i pakken i den stabile -distribution, forårsaget af den forrige sikkerhedsopdatering.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 5.9.11-6.4 af fetchmail og i version 5.9.11-6.3 af fetchmail-ssl.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 6.2.5-12sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.2.5.4-1.

- -

Vi anbefaler at du opgraderer din fetchmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-900.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-901.wml b/danish/security/2005/dsa-901.wml deleted file mode 100644 index 1540922974d..00000000000 --- a/danish/security/2005/dsa-901.wml +++ /dev/null @@ -1,35 +0,0 @@ -programmeringsfejl - -

Flere sårbarheder er opdaget i gnump3d, et serverprogram der leverer -"streaming" MP3- og OGG-filer. Common Vulnerabilities and Exposures Project -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-3349 - -

    Ludwig Nussel har opdaget at flere midlertidige filer blev oprettet med - forudsigelige filnavne på en usikker måde, hvilket gjorde det muligt for - lokale angribere at iværksætte symlink-angreb.

    • - -
  • CVE-2005-3355 - -

    Ludwig Nussel har opdaget at theme-parameteret i HTTP-forespørgsler kunne - anvendes til mappegennemløb.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke pakken gnump3d.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.9.3-1sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.9.8-1.

- -

Vi anbefaler at du opgraderer din gnump3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-901.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-902.wml b/danish/security/2005/dsa-902.wml deleted file mode 100644 index 017d45eca91..00000000000 --- a/danish/security/2005/dsa-902.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i sendmail-programmet i xmail, et avanceret, -hurtigt og pålideligt ESMTP/POP3-mailserverprogram. Bufferoverløbet kunne -medføre udførelse af vilkårlig kode med rettighederne hørende til gruppen -mail.

- -

Den gamle stabile distribution (woody) indeholder ikke xmail-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.21-3sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.22-1.

- -

Vi anbefaler at du opgraderer din xmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-902.data" -#use wml::debian::translation-check translation="ba7948a720352b66afbeccded91d1ad23f5bbc4d" mindelta="1" diff --git a/danish/security/2005/dsa-903.wml b/danish/security/2005/dsa-903.wml deleted file mode 100644 index 2cc43fce2b9..00000000000 --- a/danish/security/2005/dsa-903.wml +++ /dev/null @@ -1,29 +0,0 @@ -race condition - -

Opdateringen af unzip i DSA 903 indeholdt en regression således at symbolske -links der afklares senere i koden ikke længere var understøttet. Denne -opdateringer retter dette problem. For fuldstændighedens skyld følger herunder -den oprindelige bulletins tekst:

- -
-

Imran Ghory har opdaget en "race condition" i koden til opsætning af -rettigheder i unzip. Ved udpakning af en fil i en mappe, som en angriber havde -adgang til, kunne unzip narres til at opsætte rettighederne til en anden fil, -som brugeren havde rettigheder til.

-
- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 5.50-1woody5.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 5.52-1sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 5.52-6.

- -

Vi anbefaler at du opgraderer din unzip-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-903.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-904.wml b/danish/security/2005/dsa-904.wml deleted file mode 100644 index bd872b8ec0d..00000000000 --- a/danish/security/2005/dsa-904.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Greg Roelofs har opdaget og rettet flere bufferoverløb i pnmtopng, der også -er indeholdt netpbm, en samling af værktøjer til konvertering af grafik. -Bufferoverløbene kunne medføre udførelse af vilkårlig kode via en særligt -fremstillet PNM-fil.

- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 9.20-8.5.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 10.0-8sarge2.

- -

I den ustabile distribution (sid) vil disse problemer blive rettet i -version 10.0-11.

- -

Vi anbefaler at du opgraderer din netpbm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-904.data" -#use wml::debian::translation-check translation="781f63ea0c29adf716c5864afdecfbbbeb03b3d9" mindelta="1" diff --git a/danish/security/2005/dsa-905.wml b/danish/security/2005/dsa-905.wml deleted file mode 100644 index 2c453ee4896..00000000000 --- a/danish/security/2005/dsa-905.wml +++ /dev/null @@ -1,46 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er fundet i Mantis, et webbaseret -fejlsporingssystem. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2005-3091 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder gjorde det muligt for angribere at indsprøjte vilkårlige - webskripter eller HTML.

    • - -
  • CVE-2005-3335 - -

    En filmedtagelsessårbarhed gjorde det muligt for fjernangribere at - udføre vilkårlig PHP-kode samt medtage vilkårlige lokale filer.

    • - -
  • CVE-2005-3336 - -

    En SQL-indsprøjtningssårbarhed gjorde det muligt for fjernangribere at - udføre vilkårlige SQL-kommandoer.

    • - -
  • CVE-2005-3338 - -

    Mantis kunne narres til at vise sine brugeres ellers skjulte rigtige - e-mail-adresser.

    • - -
- -

Den gamle stabile distribution (woody) er ikke påvirket af disse -problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.19.2-4.1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.19.3-0.1.

- -

Vi anbefaler at du opgraderer din mantis-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-905.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-906.wml b/danish/security/2005/dsa-906.wml deleted file mode 100644 index 609fa32facc..00000000000 --- a/danish/security/2005/dsa-906.wml +++ /dev/null @@ -1,49 +0,0 @@ -bufferoverløb - -

Colin Leroy har opdaget flere bufferoverløb i et antal importrutiner i -sylpheed, en letvægts-e-mail-klient med GTK+. Bufferoverløbene kunne føre -til udførelse af vilkårlig kode.

- -

Følgende matriks forklarer om rettede versioner i vores distributioner.

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 old stable (woody)stable (sarge)unstable (sid)
sylpheed0.7.4-4woody11.0.4-1sarge12.0.4-1
sylpheed-gtk1n/an/a1.0.6-1
sylpheed-claws0.7.4claws-3woody11.0.4-1sarge11.0.5-2
sylpheed-claws-gtk2n/an/a1.9.100-1
-
- -

Vi anbefaler at du opgraderer din sylpheed-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-906.data" -#use wml::debian::translation-check translation="07172a28f4c57fadc36d28d4b0d5a5fe3910a9d4" mindelta="1" diff --git a/danish/security/2005/dsa-907.wml b/danish/security/2005/dsa-907.wml deleted file mode 100644 index c53eb0a9692..00000000000 --- a/danish/security/2005/dsa-907.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker midlertidig fil - -

Akira Yoshiyama har opdaget at ipmenu, et cursel-GUI til iptables/iprout, -oprettede en midlertidig fil på en usikker måde, hvilket gjode det muligt for -lokale angribere at overskrive vilkårlige filer via et symlink-angreb.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.0.3-4woody1

- -

Den stablie distribution (sarge) indeholder ikke pakken ipmenu.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.0.3-5.

- -

Vi anbefaler at du opgraderer din ipmenu-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-907.data" -#use wml::debian::translation-check translation="bd2a3dbffc3097788619365c9e876c68b3524312" mindelta="1" diff --git a/danish/security/2005/dsa-908.wml b/danish/security/2005/dsa-908.wml deleted file mode 100644 index 287ea14e7f9..00000000000 --- a/danish/security/2005/dsa-908.wml +++ /dev/null @@ -1,47 +0,0 @@ -bufferoverløb - -

Colin Leroy har opdaget flere bufferoverløb i et antal importrutiner i -sylpheed-claws, en udvidet udgave postprogrammet Sylpheed. Bufferoverløbene -kunne føre til udførelse af vilkårlig kode.

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 old stable (woody)stable (sarge)unstable (sid)
sylpheed0.7.4-4woody11.0.4-1sarge12.0.4-1
sylpheed-gtk1n/an/a1.0.6-1
sylpheed-claws0.7.4claws-3woody11.0.4-1sarge11.0.5-2
sylpheed-claws-gtk2n/an/a1.9.100-1
-
- -

Vi anbefaler at du opgraderer din sylpheed-claws-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-908.data" -#use wml::debian::translation-check translation="68ab1a6e12f6ba90c0d47c2406b1647a02455ffd" mindelta="1" diff --git a/danish/security/2005/dsa-909.wml b/danish/security/2005/dsa-909.wml deleted file mode 100644 index 30f1109d16d..00000000000 --- a/danish/security/2005/dsa-909.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Daniel Schreckling har opdaget at MIME-fremviseren i horde3, en webbaseret -programsamling, ikke altid kontrollede sine inddata, hvilket åbnede mulighed -for at returnere ondsindet kode som kunne udføres på offerets maskine.

- -

Den gamle stabile distribution (woody) indeholder ikke horde3-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 3.0.4-4sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.0.7-1.

- -

Vi anbefaler at du opgraderer din horde3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-909.data" -#use wml::debian::translation-check translation="d9fdc7911d30dec8a421580b7df64ba3c920f6a1" mindelta="1" diff --git a/danish/security/2005/dsa-910.wml b/danish/security/2005/dsa-910.wml deleted file mode 100644 index 78a67cb5cb9..00000000000 --- a/danish/security/2005/dsa-910.wml +++ /dev/null @@ -1,20 +0,0 @@ -designfejl - -

En sårbarhed er opdaget i zope 2.7, en open source-webserver. Sårbarheden -gjorde det muligt for fjernangribere at indsætte vilkårlige filer via -include-kommanoder i funktionaliteten reStructuredText.

- -

Den gamle stabile distribution (woody) indeholder ikke zope2.7-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.7.5-2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.7.8-1.

- -

Vi anbefaler at du opgraderer din zope2.7-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-910.data" -#use wml::debian::translation-check translation="2b87058c4ff688b1742c10e25f8916b44b84a345" mindelta="1" diff --git a/danish/security/2005/dsa-911.wml b/danish/security/2005/dsa-911.wml deleted file mode 100644 index 8d891a25d32..00000000000 --- a/danish/security/2005/dsa-911.wml +++ /dev/null @@ -1,60 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i gtk+2.0, Gtk+ GdkPixBuf -XPM-billedbehandlingsbiblioteket. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-2975 - -

    Ludwig Nussel har opdaget en uendelig løkke ved behandling af - XPM-billeder, hvilket kunne gøre det muligt for en angriber at forårsage et - lammelsesangreb (denial of service) via en særligt fremstillet - XPM-fil.

    • - -
  • CVE-2005-2976 - -

    Ludwig Nussel har opdaget et heltalsoverløb i den måde XPM-billeder - behandles, hvilket kunne medføre udførelse af vilkårlig kode eller - programnedbrud via en særligt fremstillet XPM-fil.

    • - -
  • CVE-2005-3186 - -

    "infamous41md" har opdaget et heltalsoverløb i XPM-behandlingsrutinen, - hvilket kunne anvendes til at udføre vilkårlig kode via et traditionelt - heap-overløb.

    • - -
- -

Følgende matriks beskriver hvilker versioner der retter disse problemer:

- -
- - - - - - - - - - - - - - - - - - - -
 old stable (woody)stable (sarge)unstable (sid)
gdk-pixbuf0.17.0-2woody30.22.0-8.10.22.0-11
gtk+2.02.0.2-5woody32.6.4-3.12.6.10-2
-
- -

Vi anbefaler at du opgraderer dine gtk+2.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-911.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-912.wml b/danish/security/2005/dsa-912.wml deleted file mode 100644 index 6622cbb0838..00000000000 --- a/danish/security/2005/dsa-912.wml +++ /dev/null @@ -1,21 +0,0 @@ -lammelsesangreb - -

Wernfried Haas har opdaget at centericq, et tekstbaseret chatprogram der -understøtter flere protokoller, kan gå ned når det modtager visse pakker med en -længde på nul, og programmet er direkte forbundet til Internet.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 4.5.1-1.1woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.20.0-1sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.21.0-4.

- -

Vi anbefaler at du opgraderer din centericq-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-912.data" -#use wml::debian::translation-check translation="c623b056acc689175dea5a3f86b59566455a7702" mindelta="1" diff --git a/danish/security/2005/dsa-913.wml b/danish/security/2005/dsa-913.wml deleted file mode 100644 index c5e08499a35..00000000000 --- a/danish/security/2005/dsa-913.wml +++ /dev/null @@ -1,60 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i gdk-pixbuf, Gtk+ GdkPixBuf -XPM-billedbehandlingsbiblioteket. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-2975 - -

    Ludwig Nussel har opdaget en uendelig løkke ved behandling af - XPM-billeder, hvilket kunne gøre det muligt for en angriber at forårsage et - lammelsesangreb (denial of service) via en særligt fremstillet - XPM-fil.

    • - -
  • CVE-2005-2976 - -

    Ludwig Nussel har opdaget et heltalsoverløb i den måde XPM-billeder - behandles, hvilket kunne medføre udførelse af vilkårlig kode eller - programnedbrud via en særligt fremstillet XPM-fil.

    • - -
  • CVE-2005-3186 - -

    "infamous41md" har opdaget et heltalsoverløb i XPM-behandlingsrutinen, - hvilket kunne anvendes til at udføre vilkårlig kode via et traditionelt - heap-overløb.

    • - -
- -

Følgende matriks beskriver hvilker versioner der retter disse problemer:

- -
- - - - - - - - - - - - - - - - - - - -
 old stable (woody)stable (sarge)unstable (sid)
gdk-pixbuf0.17.0-2woody30.22.0-8.10.22.0-11
gtk+2.02.0.2-5woody32.6.4-3.12.6.10-2
-
- -

Vi anbefaler at du opgraderer dine gdk-pixbuf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-913.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-914.wml b/danish/security/2005/dsa-914.wml deleted file mode 100644 index 1ff773de882..00000000000 --- a/danish/security/2005/dsa-914.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

En sårbarhed er opdaget i horde2, en samling af webprogrammer. Sårbarheden -gjorde det muligt for angribere at indsætte vilkårlig skriptkode på -fejlwebsiden.

- -

Den gamle stabile distribution (woody) indeholder ikke horde2-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.2.8-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.2.9-1.

- -

Vi anbefaler at du opgraderer din horde2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-914.data" -#use wml::debian::translation-check translation="8750d183c8157a43bd3dd4d79c6d9fb347761ba9" mindelta="1" diff --git a/danish/security/2005/dsa-915.wml b/danish/security/2005/dsa-915.wml deleted file mode 100644 index 1c7b51c1454..00000000000 --- a/danish/security/2005/dsa-915.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Et heltalsoverløb er opdaget i helix-player, programmet helix der afspiller -audio- og videofiler. Denne fejl kunne gøre det muligt for en fjernangriber at -køre vilkårlig kode på offerets computer ved at levere en særligt fremstillet -netværksressource.

- -

Den gamle stabile distribution (woody) indeholder ikke en -helix-player-pakke.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.4-1sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.0.6-1.

- -

Vi anbefaler at du opgraderer din helix-player-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-915.data" -#use wml::debian::translation-check translation="d3946a3c26478aebb6f7c871681bb7a25221fcc0" mindelta="1" diff --git a/danish/security/2005/dsa-916.wml b/danish/security/2005/dsa-916.wml deleted file mode 100644 index f8148408bba..00000000000 --- a/danish/security/2005/dsa-916.wml +++ /dev/null @@ -1,35 +0,0 @@ -bufferoverløb - -

Flere sårbarheder er opdaget i Inkscape, et vektorbaseret tegneprogram. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2005-3737 - -

    Joxean Koret har opdaget et bufferoverløb i SVG-fortolkningsrutinerne, - som kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2005-3885 - -

    Javier Fernández-Sanguino Peña har bemærket at - ps2epsi-udvidelses-shellskriptet anvendte en hårdtkodet midlertidig fil, - hvilket gjorde den sårbar over for symlink-angreb.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke 'inkscape-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.41-4.99.sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.42.2+0.43pre1-1.

- -

Vi anbefaler at du opgraderer din inkscape-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-916.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-917.wml b/danish/security/2005/dsa-917.wml deleted file mode 100644 index 5c02084ad42..00000000000 --- a/danish/security/2005/dsa-917.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Patrick Cheong Shu Yang har opdaget at courier-authdaemon, -autentificeringsdæmonen hørende til Courier Mail Server, giver adgang til konti, -som allerede er deaktiverede.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.37.3-2.8.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.47-4sarge4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.47-12.

- -

Vi anbefaler at du opgraderer dine courier-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-917.data" -#use wml::debian::translation-check translation="e396bbccf6002bf1e623b2da29904d777faedf6a" mindelta="1" diff --git a/danish/security/2005/dsa-918.wml b/danish/security/2005/dsa-918.wml deleted file mode 100644 index 381af369b8f..00000000000 --- a/danish/security/2005/dsa-918.wml +++ /dev/null @@ -1,36 +0,0 @@ -programmeringsfejl - -

Flere sikkerhedsrelaterede problemer er opdaget i osh, operatørens shell til -udførelse af definerede programmer i et priviligeret miljø. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2005-3346 - -

    Charles Stevenson har opdaget en fejl ved udskiftningen af variable, der - gjorde det muligt for en lokal angriber at åbne en root-shell.

    • - -
  • CVE-2005-3533 - -

    Solar Eclipse har opdaget et bufferoverløb forårsaget af den aktuelle - arbejdssti plus et filnavn, der kunne anvendes til at udføre vilkårlig kode - og fx åbne en root-shell.

    • - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 1.7-11woody2.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.7-13sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.7-15, men pakken er dog blevet helt fjernet.

- -

Vi anbefaler at du opgraderer din osh-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-918.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-919.wml b/danish/security/2005/dsa-919.wml deleted file mode 100644 index 9997a807849..00000000000 --- a/danish/security/2005/dsa-919.wml +++ /dev/null @@ -1,45 +0,0 @@ -bufferoverløb - -

Opstrømsudviklerne af curl, et filoverførselsbibliotek der -understøtter flere protokoller, har informeret os om at den tidligere rettelse -af flere forskudt med én-fejl ikke er tilstrækkelig. For fuldstændighedens -skyld er den oprindelige tekst herunder:

- -
-

Flere problemer er opdaget i libcurl, et filoverførselsbibliotek, der -understøtter flere protokoller. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problmer:

- -
    - -
  • CVE-2005-3185 - -

    En bufferoverløb er opdaget i libcurl, der kunne tillade udførelse af - vilkårlig kode.

    • - -
  • CVE-2005-4077 - -

    Stefan Esser har opdaget flere forskydninger-med-en-fejl, der gjorde det - muligt for lokale brugere at udløse et bufferoverløb og forårsage et - lammelsesangreb (denial of service) eller omgåelse af - PHP-sikkerhedsbegrænsninger via visse URL'er.

    • - -
-
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 7.9.5-1woody2.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 7.13.2-2sarge5. Denne opdatering indeholder også en fejlrettelse som -forhindrer ødelæggelse af data.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 7.15.1-1.

- -

Vi anbefaler at du opgraderer dine libcurl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-919.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-920.wml b/danish/security/2005/dsa-920.wml deleted file mode 100644 index d27381c96e9..00000000000 --- a/danish/security/2005/dsa-920.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i ethereal, et udbredt program til analysering af -netværkstrafik. Bufferoverløbet kunne forårsage et lammelsesangreb (denial of -service) og kunne potentielt tillade udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.9.4-1woody14.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.10.10-2sarge3.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine ethereal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-920.data" -#use wml::debian::translation-check translation="77e46e54b7c8a16a475c71454166adcf381f9019" mindelta="1" diff --git a/danish/security/2005/dsa-921.wml b/danish/security/2005/dsa-921.wml deleted file mode 100644 index c6bd7f2c2e4..00000000000 --- a/danish/security/2005/dsa-921.wml +++ /dev/null @@ -1,147 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjerne sårbarheder er opdaget i Linux-kernen, de kan føre -til lammelsesangreb (denial of service) eller udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2005-0756 - -

    Alexander Nyberg har opdaget af systemkaldet ptrace() ikke på korrekt - vis kontrollerer adresser på amd64-arkitekturen, hvilket kunne udnyttes af - en lokal angriber til at crashe kernen.

    • - -
  • CVE-2005-0757 - -

    Et problem i offset-håndteringen i xattr-filsystemkoden til ext3, er - opdaget. Det kunne gøre det muligt for brugere på 64 bit-systemer, der - havde adgang til et ext3-filsystem med udvidede attributter, at få kernen - til at crashe.

    • - -
  • CVE-2005-1762 - -

    En sårbarhed er opdaget i systemkaldet ptrace() på amd64-arkitekturen, - hvilket gjorde det muligt for lokale angribere at få kernen til - crashe.

    • - -
  • CVE-2005-1767 - -

    En sårbarhed er opdaget i fejlhåndteringen af staksegmenter, hvilket - kunne gøre det muligt for lokale angribere at forårsage en stak-undtagelse, - der medførte at kernen crashede under visse omstændigheder.

    • - -
  • CVE-2005-1768 - -

    Ilja van Sprundel har opdaget en race condition i IA32 - (x86)-kompatíbilitets systemkaldet execve() til amd64 og IA64, hvilket - gjorde det muligt for lokale angribere at kernen til at gå i panik og - muligvis udføre vilkårlig kode.

    • - -
  • CVE-2005-2456 - -

    Balazs Scheidler har opdaget at en lokal angriber kunne kalde - setsockopt() med en ugyldig xfrm_user-policymeddelelse, hvilket fik kernen - til at skrive ud over et arrays gærnser, medførende et crash.

    • - -
  • CVE-2005-2458 - -

    Vladimir Volovich har opdaget en fejl i zlib-rutinerne, som også er at - finde i Linux-kernen. Fjernangribere kunne crashe kernen.

    • - -
  • CVE-2005-2459 - -

    Endun en sårbarhed er opdaget i zlib-rutinerne, som også er at finde i - Linux-kernen. Fjernangribere kunne crashe kernen.

    • - -
  • CVE-2005-2553 - -

    En null pointer-dereference i ptrace ved sporing af en 64 bit-udførbar - fil, kunne få kernen til at crashe.

    • - -
  • CVE-2005-2801 - -

    Andreas Gruenbacher har opdaget en fejl i ext2- og ext3-filsystemerne. - Når dataområder skulle deles mellem two inoder, blev der ikke undersøgt om - alle oplysninger var ens, hvilket kunne blotlægge forkerte ACL'er til - filer.

    • - -
  • CVE-2005-2872 - -

    Chad Walstrom har opdaget at kernemodulet ipt_recent der skal forhindre - SSH-rå magt-angreb, kunne få kernen til at crashe på 64 - bit-arkitekturer.

    • - -
  • CVE-2005-3275 - -

    En fejl i NAT-koden tillod at fjernangribere kunne forårsage et - lammelsesangreb (dvs. denial of service; hukommelseskorruption) ved at få - to pakker til den samme protokol, til at blive NAT'et på samme tid, hvilket - medførte hukommelseskorruption.

    • - -
- -

The following matrix explains which kernel version for which architecture -fix the problems mentioned above:

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Debian 3.1 (sarge)
Source2.4.27-10sarge1
Alpha architecture2.4.27-10sarge1
ARM architecture2.4.27-2sarge1
Intel IA-32 architecture2.4.27-10sarge1
Intel IA-64 architecture2.4.27-10sarge1
Motorola 680x0 architecture2.4.27-3sarge1
Big endian MIPS architecture2.4.27-10.sarge1.040815-1
Little endian MIPS architecture2.4.27-10.sarge1.040815-1
PowerPC architecture2.4.27-10sarge1
IBM S/390 architecture2.4.27-2sarge1
Sun Sparc architecture2.4.27-9sarge1
-
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke and -reboot the machine.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-921.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-922.wml b/danish/security/2005/dsa-922.wml deleted file mode 100644 index 97d7b3107aa..00000000000 --- a/danish/security/2005/dsa-922.wml +++ /dev/null @@ -1,246 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjerne sårbarheder er opdaget i Linux-kernen, de kan føre -til lammelsesangreb (denial of service) eller udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2004-2302 - -

    En race condition i sysfs-filsystemet tillod at lokale brugere læste - kernehukommelse og forårsagede et lammelsesangreb (dvs. denial of service; - crash).

    - -
  • CVE-2005-0756 - -

    Alexander Nyberg har opdaget af systemkaldet ptrace() ikke på korrekt - vis kontrollerer adresser på amd64-arkitekturen, hvilket kunne udnyttes af - en lokal angriber til at crashe kernen.

    • - -
  • CVE-2005-0757 - -

    Et problem i offset-håndteringen i xattr-filsystemkoden til ext3, er - opdaget. Det kunne gøre det muligt for brugere på 64 bit-systemer, der - havde adgang til et ext3-filsystem med udvidede attributter, at få kernen - til at crashe.

    • - -
  • CVE-2005-1265 - -

    Chris Wright har opdaget at funktionen mmap() kunne oprette ulovlige - memory map, hvilket kunne udnyttes af en lokal bruger til at crashe - kernen eller potentielt udføre vilkårlig kode.

    • - -
  • CVE-2005-1761 - -

    En sårbarhed på arkitekturen IA-64 kunne gøre det muligt for lokale - angribere at overskrive kernehukommelse og crashe kernen.

    • - -
  • CVE-2005-1762 - -

    En sårbarhed er opdaget i systemkaldet ptrace() på amd64-arkitekturen, - hvilket gjorde det muligt for lokale angribere at få kernen til - crashe.

    • - -
  • CVE-2005-1763 - -

    Et bufferoverløb i systemkaldet ptrace på 64 bit-arkitekturer, gjorde - det muligt for lokale brugere at skrive bytes ind i vilkårlig - kernehukommelse.

    • - -
  • CVE-2005-1765 - -

    Zou Nan Hai har opdaget at en lokal bruger kunne få kernen til at hænge - på amd64-arkitekturen efter at have kaldt syscall() med særligt - fremstillede parametre.

    • - -
  • CVE-2005-1767 - -

    En sårbarhed er opdaget i fejlhåndteringen af staksegmenter, hvilket - kunne gøre det muligt for lokale angribere at forårsage en stak-undtagelse, - der medførte at kernen crashede under visse omstændigheder.

    • - -
  • CVE-2005-2456 - -

    Balazs Scheidler har opdaget at en lokal angriber kunne kalde - setsockopt() med en ugyldig xfrm_user-policymeddelelse, hvilket fik kernen - til at skrive ud over et arrays gærnser, medførende et crash.

    • - -
  • CVE-2005-2458 - -

    Vladimir Volovich har opdaget en fejl i zlib-rutinerne, som også er at - finde i Linux-kernen. Fjernangribere kunne crashe kernen.

    • - -
  • CVE-2005-2459 - -

    Endun en sårbarhed er opdaget i zlib-rutinerne, som også er at finde i - Linux-kernen. Fjernangribere kunne crashe kernen.

    • - -
  • CVE-2005-2548 - -

    Peter Sandstrom har bemærket at snmpwalk fra en fjern værtsmaskine, - kunne forårsage et lammelsesangreb (dvs. denial of service; kerne-oops fra - en null-dereference) via visse UDP-pakker, der førte til et funktionskald - med de forkerte parametre.

    • - -
  • CVE-2005-2801 - -

    Andreas Gruenbacher har opdaget en fejl i ext2- og ext3-filsystemerne. - Når dataområder skulle deles mellem two inoder, blev der ikke undersøgt om - alle oplysninger var ens, hvilket kunne blotlægge forkerte ACL'er til - filer.

    • - -
  • CVE-2005-2872 - -

    Chad Walstrom har opdaget at kernemodulet ipt_recent på 64 - bit-processorer så som AMD64 ows remote attackers to cause a - denial of service (kernel panic) via certain attacks such as SSH - brute force.

    • - -
  • CVE-2005-3105 - -

    mprotect-koden på Itanium IA-64 Montecito-processorer vedligeholder ikke - korrekt cache-sammenhæng som krævet af arkitekturen, hvilket gjorde det - muligt for lokale brugere at forårsage et lammelsesangreb (denial of - service) og muligvis ødelægge data ved at ændre PTE-beskyttelser.

    • - -
  • CVE-2005-3106 - -

    En race condition i trådhåndteringen kunne gøre det muligt for lokale - brugere at forårsage et lammelsesangreb (dvs. denial of service; deadlock), - når tråde deler hukommelse og venter på en tråd, der netop har udført en - exec.

    • - -
  • CVE-2005-3107 - -

    Når en tråd blev sporet af en anden tråd som deler det samme - memory map som en lokal bruger, kunne det forårsage et lammelsesangreb - (dvs. denial of service; deadlock) ved at gennemtvinge et core dump, når - den sporede tråd var i tilstanden TASK_TRACED.

    • - -
  • CVE-2005-3108 - -

    En fejl i systemkaldet ioremap() er opdaget på amd64-arkitekturen, - hvilket kunne gøre det muligt for lokale brugere at forårsage et - lammelsesangreb (denial of service) eller en informationslækage, når et - opslag på en ikke-eksisterende hukommelsesside blev udført.

    • - -
  • CVE-2005-3109 - -

    Modulerne HFS og HFS+ (hfsplus) gjorde det muligt for lokale angribere - at forårsage et lammelsesangreb (dvs. denial of service; oops) ved at - anvende hfsplus til at mounte et filesystem, som ikke er hfsplus.

    • - -
  • CVE-2005-3110 - -

    En race ondition i netfiltermodulet ebtables på stærkt belastede - SMP-systemer, kunne gøre det muligt for fjernangribere at forårsage et - lammelsesangreb (dvs. denial of service; crash).

    • - -
  • CVE-2005-3271 - -

    Roland McGrath har opdaget at exec() ikke korrekt tømmer posix-timere i - multitrådede miljøer, hvilket medførte en ressourcelækage, og kunne gøre - det muligt for et stort antal lokale brugere at forårsage et - lammelsesangreb (denial of service) ved at anvende flere posix-timerere end - angivet i den enkelte brugers kvote.

    • - -
  • CVE-2005-3272 - -

    Kernen tillod at fjernangribere kunne forgifte bridge - forwarding-tabellen vha. frames der allerede var blevet smidt væk ved - filtrering, hvilket kunne få bridgen til at videresende forfalskede - pakker.

    • - -
  • CVE-2005-3273 - -

    ioctl til amatørradioprotokollen ROSE, kontrollerer ikke på korrekt vis - parametrene, når der opsættes en ny router, hvilket gjorde det muligt for - angribere at udløse out-of-bounds-fejl.

    • - -
  • CVE-2005-3274 - -

    En race condition på SMP-systemer, gjorde det muligt for lokale - brugere at forårsage et lammelsesangreb (dvs. denial of service; en - null-dereference) ved at få en connection-timer til at udløbe, mens - connection-tabellen blev tømt, før den nødvendige lock var - etableret.

    • - -
  • CVE-2005-3275 - -

    En fejl i NAT-koden tillod at fjernangribere kunne forårsage et - lammelsesangreb (dvs. denial of service; hukommelseskorruption) ved at få - to pakker til den samme protokol, til at blive NAT'et på samme tid, hvilket - medførte hukommelseskorruption.

    • - -
  • CVE-2005-3276 - -

    En manglende hukommelsesoprydning i thread-håndteringsrutinerne før - kopiering af data til userspace, tillod at en brugerproces kunne få adgang - til følsomme oplysninger.

    • - -
- -

Denne opdatering indeholder også en række rettelser af problemer, der siden -har vist sig ikke at have nogen sikkerhedsrelevans.

- -

Følgende matriks forklarer hvilke kerneversioner til hvilke arkitekturer, -der retter de ovennævnte problemer:

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Debian 3.1 (sarge)
Kildekode2.6.8-16sarge1
Alpha-arkitekturen2.6.8-16sarge1
AMD64-arkitekturen2.6.8-16sarge1
HP Precision-arkitekturen2.6.8-6sarge1
Intel IA-32-arkitekturen2.6.8-16sarge1
Intel IA-64-arkitekturen2.6.8-14sarge1
Motorola 680x0-arkitekturen2.6.8-4sarge1
PowerPC-arkitekturen2.6.8-12sarge1
IBM S/390-arkitekturen2.6.8-5sarge1
Sun Sparc-arkitekturen2.6.8-15sarge1
-
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-922.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-923.wml b/danish/security/2005/dsa-923.wml deleted file mode 100644 index 75506922702..00000000000 --- a/danish/security/2005/dsa-923.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i dropbear, en letvægts-SSH2-server og -klient. -Bufferoverløbet kunne gøre det muligt for autentificerede brugere at udføre -vilkårlig kode som serverbrugeren (normalt root).

- -

Den gamle stabile distribution (woody) indeholder ikke dropbear-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.45-2sarge0.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.47-1.

- -

Vi anbefaler at du opgraderer din dropbear-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-923.data" -#use wml::debian::translation-check translation="513fa91e4aa1f25e4f3c1174ea885b784bc400a9" mindelta="1" diff --git a/danish/security/2005/dsa-924.wml b/danish/security/2005/dsa-924.wml deleted file mode 100644 index 73ab9686158..00000000000 --- a/danish/security/2005/dsa-924.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Kurt Fitzner har opdaget et bufferoverløb i nbd, netværksblok-deviceklienten -og -serveren. Bufferoverløbet kunne potentielt tillade vilkårlig kode på -NBD-serveren.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.2cvs20020320-3.woody.3.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.7.3-3sarge1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din nbd-server-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-924.data" -#use wml::debian::translation-check translation="4099b0af013595f199ff7e8933edc80fd3313e55" mindelta="1" diff --git a/danish/security/2005/dsa-925.wml b/danish/security/2005/dsa-925.wml deleted file mode 100644 index 265fde1472e..00000000000 --- a/danish/security/2005/dsa-925.wml +++ /dev/null @@ -1,74 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i phpBB, et omfangsrigt og skinbart "fladt" -webforum. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- - -
    - -
  • CVE-2005-3310 - -

    Flere fortolkningsfejl gjorde det muligt for fjernautentificerede - brugere at indsprøjte vilkårlige webskripter, når fjern-avatars og - avatar-upload var slået til.

    • - -
  • CVE-2005-3415 - -

    phpBB gjorde det muligt for fjernangribere at omgå beskyttelsesmekanismer - som afregistrerede globale variable, hvilket tillod angriberne at manipulere - med den måde phpBB opførte sig på.

    • - -
  • CVE-2005-3416 - -

    phpBB gjorde det muligt for fjernangribere at omgå sikkerhedskontroller - når register_globals var slået til og funktionen session_start function ikke - var blevet kaldt for at håndtere en session.

    • - -
  • CVE-2005-3417 - -

    phpBB gjorde det muligt for fjernangribere at ændre globale variable og - omgå sikkerhedsmekanismer.

    • - -
  • CVE-2005-3418 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (cross-site scripting, XSS) gjorde det muligt for fjernangribere - at indsprøjte vilkårlige webskripter.

    • - -
  • CVE-2005-3419 - -

    En SQL-indsprøjtningssårbarhed gjorde det muligt for fjernangribee at - udføre vilkårlige SQL-kommandoer.

    • - -
  • CVE-2005-3420 - -

    phpBB gjorde det muligt for fjernangriberre at ændre regulære udtryk og - udføre PHP-kode via parameteret signature_bbcode_uid.

    • - -
  • CVE-2005-3536 - -

    Manglende kontrol af inddata i forbindelse med topic-typen, gjorde det - muligt for fjernangribere at indsprøjte vilkårlige SQL-kommandoer.

    • - -
  • CVE-2005-3537 - -

    Manglende request-validering tillod fjernangribere at redigere andre - brugeres private meddelelser.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke phpbb2-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.0.13+1-6sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.0.18-1.

- -

Vi anbefaler at du opgraderer dine phpbb2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-925.data" -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" diff --git a/danish/security/2005/dsa-926.wml b/danish/security/2005/dsa-926.wml deleted file mode 100644 index dbca03433cf..00000000000 --- a/danish/security/2005/dsa-926.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Steve Kemp fra Debian Security Audit Project har opdaget et bufferoverløb i -ketm, et gammeldags to-dimensionelt scrollende skydespil. Bufferoverløbet -kunnet udnyttes til at udføre vilkårlig kode med rettighederne hørende til -gruppen games.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.0.6-7woody0.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.0.6-17sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.0.6-17sarge1.

- -

Vi anbefaler at du opgraderer din ketm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-926.data" -#use wml::debian::translation-check translation="4d87edd83707d50811d5ad3198b32abd32d5df6c" mindelta="1" diff --git a/danish/security/2005/dsa-927.wml b/danish/security/2005/dsa-927.wml deleted file mode 100644 index fad18f2cae6..00000000000 --- a/danish/security/2005/dsa-927.wml +++ /dev/null @@ -1,27 +0,0 @@ -usikker midlertidig fil - -

Den foregående opdatering af tkdiff indeholdt en programmeringsfejl, som -rettes med denne version. For fuldstændighedens skyld er herunder den -oprindelige tekst fra bulletinen:

- -
-

Javier Fernández-Sanguino Peña fra Debian Security Audit-projektet har -opdaget at tkdiff, en grafisk ved siden af hinaden-"diff"-værktøj, oprettede -midlertidige filer på en usikker måde.

-
- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 3.08-3woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.0.2-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.0.2-4.

- -

Vi anbefaler at du opgraderer din tkdiff-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-927.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/dsa-928.wml b/danish/security/2005/dsa-928.wml deleted file mode 100644 index f3b778ead08..00000000000 --- a/danish/security/2005/dsa-928.wml +++ /dev/null @@ -1,22 +0,0 @@ -Usikker midlertidig fil - -

Javier Fernández-Sanguino Peña fra Debian Security Audit-projektet har -opdaget at to skripter i pakken dhis-tools-dns, DNS-opsætningsværktøjer -til et "dynamic host information system", der normalt blev udført af root, -oprettede filer på en usikker måde.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken -dhis-tools-dns.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 5.0-3sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 5.0-5.

- -

Vi anbefaler at du opgraderer din dhis-tools-dns-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2005/dsa-928.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2005/index.wml b/danish/security/2005/index.wml deleted file mode 100644 index 47f963408b4..00000000000 --- a/danish/security/2005/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2005 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2005', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2006/Makefile b/danish/security/2006/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2006/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2006/dsa-1000.wml b/danish/security/2006/dsa-1000.wml deleted file mode 100644 index b8b02a4253d..00000000000 --- a/danish/security/2006/dsa-1000.wml +++ /dev/null @@ -1,27 +0,0 @@ -designfejl - -

Gunnar Wolf har opdaget, at rettelsen til følgende problem ikke var komplet -og kræver en opdatering. For fuldstændighedens skyld bringer vi herunder den -oprindelige beskrivelse af problemet:

- -
-

En algoritmesvaghed er opdaget i Apache2::Request, det generiske -forespørgselsbibliotek i Apache2, hvilket kunne fjernudnyttes og forårsage et -lammelsesangreb (denial of service) via CPU-forbrug.

-
- -

Den gamle stabile distribution (woody) indeholder ikke this-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.04-dev-1sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.07-1.

- -

Vi anbefaler at du opgraderer dine libapreq2-, libapache2-mod-apreq2- og -libapache2-request-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1000.data" -#use wml::debian::translation-check translation="8cd3f56e4fea4c350fc19d6a93a09cb72f1ef04a" mindelta="1" diff --git a/danish/security/2006/dsa-1001.wml b/danish/security/2006/dsa-1001.wml deleted file mode 100644 index a55f9dcddcf..00000000000 --- a/danish/security/2006/dsa-1001.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Man har opdaget at Crossfire, et eventyrspil til flere spillere, udførte -grænsekontroller på netværkspakker når det blev kørt i "oldsocketmode", hvilket -muligvis kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.1.0-1woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.6.0.dfsg.1-4sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.9.0-1.

- -

Vi anbefaler at du opgraderer dine crossfire-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1001.data" -#use wml::debian::translation-check translation="52938027fd3116504b6fac947a3d9c91120a2095" mindelta="1" diff --git a/danish/security/2006/dsa-1002.wml b/danish/security/2006/dsa-1002.wml deleted file mode 100644 index c1c4040709e..00000000000 --- a/danish/security/2006/dsa-1002.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i webcalendar, en PHP-baseret -flerbrugerkalender. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende sårbarheder:

- -
    - -
  • CVE-2005-3949 - -

    Flere SQL-indsprøjtningssårbarheder tillod fjernangribere at udføre - vilkårlige SQL-kommandoer.

    • - -
  • CVE-2005-3961 - -

    Manglende inddatakontrol tillod en angriber at overskrive lokale - filer.

    • - -
  • CVE-2005-3982 - -

    En CRLF-indspørjtningssårbarhed tillod fjernangribere at ændre - HTTP-headere og udføre HTTP-opsplitningsforespørgselsangreb.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke webcalendar-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.9.45-4sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.0.2-1.

- -

Vi anbefaler at du opgraderer din webcalendar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1002.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1003.wml b/danish/security/2006/dsa-1003.wml deleted file mode 100644 index 71bfcdc41ca..00000000000 --- a/danish/security/2006/dsa-1003.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikker midlertidig fil - -

Eric Romang har opdaget at xpvm, en grafisk konsol og monitor til PVM, -oprettede en midlertidig fil der tillod lokale angribere at oprette eller -overskrive vilkålige filer med rettighederne hørende til brugeren der kørte -xpvm.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.2.5-7.2woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.2.5-7.3sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.5-8.

- -

Vi anbefaler at du opgraderer din xpvm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1003.data" -#use wml::debian::translation-check translation="699b93b1ca55f594ba2ec6e716cac0aa9a006918" mindelta="1" diff --git a/danish/security/2006/dsa-1004.wml b/danish/security/2006/dsa-1004.wml deleted file mode 100644 index e58ef0b7d91..00000000000 --- a/danish/security/2006/dsa-1004.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Simon Kilvington har opdaget at særligt fremstillede PNG-billeder kan udløse -et heap-overløb i libavcodec, ffmpegs multimedie-bibliotek, hvilket kunne føre -til udførelse af vilkårlig kode. VLC Media Player linker statisk mod -libavcodec.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.8.1.svn20050314-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.8.4.debian-2.

- -

Vi anbefaler at du opgraderer din vlc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1004.data" -#use wml::debian::translation-check translation="394f09c5d674f83264fc61481dec047e9582e0ad" mindelta="1" diff --git a/danish/security/2006/dsa-1005.wml b/danish/security/2006/dsa-1005.wml deleted file mode 100644 index 7e45b8c2b18..00000000000 --- a/danish/security/2006/dsa-1005.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Simon Kilvington har opdaget at særligt fremstillede PNG-billeder kan udløse -et heap-overløb i libavcodec, ffmpegs multimedie-bibliotek, hvilket kunne føre -til udførelse af vilkårlig kode. xine-lib indeholder en lokal kopi af -libavcodec.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.1-1sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.1-1.5.

- -

Vi anbefaler at du opgraderer din xine-lib-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1005.data" -#use wml::debian::translation-check translation="c3ed32fdcdbe66d04f206e6a2447e0b1be9158fd" mindelta="1" diff --git a/danish/security/2006/dsa-1006.wml b/danish/security/2006/dsa-1006.wml deleted file mode 100644 index 30dc13de9e2..00000000000 --- a/danish/security/2006/dsa-1006.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

"kcope" har opdaget at ftp-serveren wzdftpd mangler kontrol af inddata hvad -angår SITE-kommandoen, hvilket kunne føre til udførelse af vilkårlige -shell-kommandoer.

- -

Den gamle stabile distribution (woody) indeholder ikke wzdftpd-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.5.2-1.1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.5.5-1.

- -

Vi anbefaler at du opgraderer din wzdftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1006.data" -#use wml::debian::translation-check translation="c3ed32fdcdbe66d04f206e6a2447e0b1be9158fd" mindelta="1" diff --git a/danish/security/2006/dsa-1007.wml b/danish/security/2006/dsa-1007.wml deleted file mode 100644 index 2518ebf72c7..00000000000 --- a/danish/security/2006/dsa-1007.wml +++ /dev/null @@ -1,48 +0,0 @@ -flere sårbarheder - - -

Drupal Security Team har opdaget flere sårbarheder i Drupal, et komplet -system til indholdshåndtering og diskussionsstyring. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-1225 - -

    På grund af manglende kontrol af inddata, kunne en fjernangriber - indsprøjte headere fra udgående e-mail og bruge Drupal som en - spam-proxy.

    • - -
  • CVE-2006-1226 - -

    Manglende inddatakontroller tillod angribere at indspøjte vilkårlige - webskripter eller HTML.

    • - -
  • CVE-2006-1227 - -

    Menupunkter oprettet med menu.module manglende adgangskontrol, hvilket - kunne gøre det muligt for fjernangribere at få adgang til administrative - sider.

    • - -
  • CVE-2006-1228 - -

    Markus Petrux har opdaget en fejl i session fixation'en, hvilket kunne - gøre det muligt for fjernangribere at opnå brugerrettigheder i - Drupal.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke Drupal-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4.5.3-6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.5.8-1.

- -

Vi anbefaler at du opgraderer din drupal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1007.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1008.wml b/danish/security/2006/dsa-1008.wml deleted file mode 100644 index eadda2134dc..00000000000 --- a/danish/security/2006/dsa-1008.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Marcelo Ricardo Leitner har bemærket at den nuværende rettelse i DSA 932 -(\ -CVE-2005-3627) til kpdf, KDE's PDF-visningsprogram, ikke retter alle -bufferoverløb, hvorfor det stadig er muligt for en angriber at udføre vilkårlig -kode.

- -

Den gamle stabile distribution (woody) indeholder ikke kpdf-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.3.2-2sarge4.

- -

Den ustabile distribution (sid) er ikke påvirket af dette problem.

- -

Vi anbefaler at du opgraderer din kpdf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1008.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1009.wml b/danish/security/2006/dsa-1009.wml deleted file mode 100644 index 29aa968087f..00000000000 --- a/danish/security/2006/dsa-1009.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i spillet crossfire, hvilket tillod -fjernangribere at udføre vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.1.0-1woody2.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.6.0.dfsg.1-4sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.9.0-2.

- -

Vi anbefaler at du opgraderer din crossfire-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1009.data" -#use wml::debian::translation-check translation="c2d9e87a153b9120eabfc6b2b75d4f320240133b" mindelta="1" diff --git a/danish/security/2006/dsa-1010.wml b/danish/security/2006/dsa-1010.wml deleted file mode 100644 index de5ad3dd153..00000000000 --- a/danish/security/2006/dsa-1010.wml +++ /dev/null @@ -1,22 +0,0 @@ -manglende kontrol af inddata - -

Ulf Härnhammar fra Debian Security Audit-projektet har opdaget at ilohamail, -en ikke så omfattende flersproget og webbaseret IMAP/POP3-klient, ikke altid -kontrollerede inddata leveret af brugerne, hvilket gjorde det muligt for -fjernangribere at indsprøjte vilkårligt webskript eller HTML.

- -

Den gamle stabile distribution (woody) indeholder ikke en -ilohamail-pakke.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.8.14-0rc3sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.8.14-0rc3sarge1.

- -

Vi anbefaler at du opgraderer din ilohamail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1010.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-1011.wml b/danish/security/2006/dsa-1011.wml deleted file mode 100644 index 1c08111431d..00000000000 --- a/danish/security/2006/dsa-1011.wml +++ /dev/null @@ -1,44 +0,0 @@ -manglende attribut-understøttelse - -

Flere sårbarheder er opdaget i Debians vserver-understøttelse til Linux. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problems:

- -
    - -
  • CVE-2005-4347 - -

    Bjørn Steinbrink har opdaget at chroot-barrieren ikke er opsat korrekt i - util-vserver, hvilket kunne føre til uautoriserede udbrud fra en vserver til - værtssystemet.

    - -

    Denne sårbarhed er begrænset til 2.4-kernerettelsen indeholdt i - kernel-patch-vserver. Korrektionen af problemet kræver desuden at pakken - util-vserver bliver opdateret, og en ny kerne installeres, bygget på den - opdaterede kernel-patch-vserver-pakke.

    • - -
  • CVE-2005-4418 - -

    util-vservers standard-policy er sat til at stole på alle ukendte - muligheder, i stedet for at anse dem for at være usikre.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke en -kernel-patch-vserver-pakke.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.9.5.5 af kernel-patch-vserver og i version -0.30.204-5sarge3 af util-vserver.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.3 af kernel-patch-vserver og i version 0.30.208-1 af -util-vserver.

- -

Vi anbefaler at du omgående opgraderer dine util-vserver- og -kernel-patch-vserver-pakker, og opbygger en ny kerne.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1011.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1012.wml b/danish/security/2006/dsa-1012.wml deleted file mode 100644 index babcceba78e..00000000000 --- a/danish/security/2006/dsa-1012.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er fortolkningen af kommandolinjeparametre er opdaget i -unzip, udpakningsprogrammet til ZIP-filer, hvilket kunne føre til udførelse af -vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 5.50-1woody6.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 5.52-1sarge4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 5.52-7.

- -

Vi anbefaler at du opgraderer din unzip-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1012.data" -#use wml::debian::translation-check translation="4e0e82d1d9d76979b4ad4f1a974d63fe43940610" mindelta="1" diff --git a/danish/security/2006/dsa-1013.wml b/danish/security/2006/dsa-1013.wml deleted file mode 100644 index 4a96ab6047b..00000000000 --- a/danish/security/2006/dsa-1013.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker midlertidig fil - -

Will Aoki har opdaget at snmptrapfmt, en konfigurérbar "snmp trap -handler"-dæmon til snmpd, ikke forhindrer overskrivelse af eksisterende filer, -når der skrives til en midlertidig logfil.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.03woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.08sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.10-1.

- -

Vi anbefaler at du opgraderer din snmptrapfmt-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1013.data" -#use wml::debian::translation-check translation="7b05b6002d3ac6d328ca5007bde753aa76a736b3" mindelta="1" diff --git a/danish/security/2006/dsa-1014.wml b/danish/security/2006/dsa-1014.wml deleted file mode 100644 index cfee0fd4d10..00000000000 --- a/danish/security/2006/dsa-1014.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Aviram Jenik og Damyan Ivanov har opdaget et bufferoverløb i firebird2, en -RDBMS baseret på InterBase 6.0-kode, der gjorde det muligt for fjernangribere -at få programmet til at gå ned.

- -

Den gamle stabile distribution (woody) indeholder ikke firebird2-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.5.1-4sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.5.3.4870-3

- -

Vi anbefaler at du opgraderer dine firebird2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1014.data" -#use wml::debian::translation-check translation="8831a6ef73e2ab78e0b8524ca931ddb9b98c501e" mindelta="1" diff --git a/danish/security/2006/dsa-1015.wml b/danish/security/2006/dsa-1015.wml deleted file mode 100644 index 9e8769c824f..00000000000 --- a/danish/security/2006/dsa-1015.wml +++ /dev/null @@ -1,22 +0,0 @@ -programmeringsfejl - -

Mark Dowd har opdaget en fejl i håndteringen af asynkrone signaler i -sendmail, en ydedygtig, effektiv og skalérbar mailserver. Fejlen gjorde det -muligt for fjernangribere at udnytte en "race condition" til at udføre -vilkårlig kode som root.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 8.12.3-7.2.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 8.13.4-3sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 8.13.6-1.

- -

Vi anbefaler at du omgående opgraderer din sendmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1015.data" -#use wml::debian::translation-check translation="842f44e93fa539a73fa7939d95f4da6587ef45a2" mindelta="1" diff --git a/danish/security/2006/dsa-1016.wml b/danish/security/2006/dsa-1016.wml deleted file mode 100644 index ce61e97e273..00000000000 --- a/danish/security/2006/dsa-1016.wml +++ /dev/null @@ -1,21 +0,0 @@ -formatstrengssårbarheder - -

Ulf Härnhammar har opdaget flere formatstrengssårbarheder i Evolution, en -fri groupware-programpakke, hvilket kunne føre til at programmet gik ned eller -at der blev udført vilkårlig kode.

- -

I den gamle stabile distribution (woody) er disse problemer rettet -i version 1.0.5-1woody3.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.0.4-2sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.2.3-3.

- -

Vi anbefaler at du opgraderer din evolution-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1016.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-1017.wml b/danish/security/2006/dsa-1017.wml deleted file mode 100644 index b7570976c7d..00000000000 --- a/danish/security/2006/dsa-1017.wml +++ /dev/null @@ -1,237 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjerne sårbarheder er opdaget i Linux-kernen, hvilket kunne -føre til et lammelsesangreb (denial of service) eller til udførelse af -vilkårlig kode. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende problemer:

- -
    - -
  • CVE-2004-1017 - -

    Der var flere overløb i driveren io_edgeport, hviklet måske kunne - udnyttes i et lammelsesangreb.

    • - -
  • CVE-2005-0124 - -

    Bryan Fulton har rapporteret en grænsekontrolfejl i funktionen - coda_pioctl, hvilket kunne gøre det muligt for lokale brugere at udføre - vilkårlig kode eller udløse et lammelsesangreb.

    • - -
  • CVE-2005-0449 - -

    En fejl i funktionen skb_checksum_help() fra netfilter-frameworket er - opdaget, den gjorde det muligt at omgå pakkefiltreringsreglerne eller udløse - et lammelsesangreb.

    • - -
  • CVE-2005-2457 - -

    Tim Yamin har opdaget at der er utilstrækkelig indatakontrol i - zisofs-driveren til komprimerede ISO-filsystemer, hvilket tillod et - lammelsesangreb via ondsindet fremstillede ISO-aftryk.

    • - -
  • CVE-2005-2490 - -

    Et bufferoverløb i funktionen sendmsg() tillod lokale brugere at udføre - vilkårlig kode.

    • - -
  • CVE-2005-2555 - -

    Herbert Xu har opdaget at funktionen setsockopt() ikke var begrænset til - brugere/processer med CAP_NET_ADMIN-muligheden. Dette gjorde det muligt - for angribere at manipulere med IPSEC-policies eller iværksætte et - lammelsesangreb.

    • - -
  • CVE-2005-2709 - -

    Al Viro har opdaget en "race condition" i /proc-håndteringen af - netværksenheder. En (lokal) angriber kunne udnytte den gamle reference - efter nedlukning af interfacet, til at forårsage et lammelsesangreb eller - muligvis udføre kode i kerne-tilstand.

    • - -
  • CVE-2005-2800 - -

    Jan Blunck har opdaget at gentagne mislykkede læsninger af - /proc/scsi/sg/devices medfører hukommelseslækage, hvilket tillod et - lammelsesangreb.

    • - -
  • CVE-2005-2973 - -

    Tetsuo Handa har opdaget at funktionen udp_v6_get_port() i IPv6-koden - kan tvinges ind i en uendelig løkke, hvilket tillod et - lammelsesangreb.

    • - -
  • CVE-2005-3044 - -

    Vasiliy Averin har opdaget at referencetællerne i sockfd_put() og fput() - kan tvinges til at overlappe, hvilket tillod et lammelsesangreb gennem en - null pointer-dereference.

    • - -
  • CVE-2005-3053 - -

    Eric Dumazet har opdaget at systemkaldet set_mempolicy() accepterede - negative værdier som dets første parameter, hvilket udløste en - BUG()-assert. Dette tillod et lammelsesangreb.

    • - -
  • CVE-2005-3055 - -

    Harald Welte har opdaget at, hvis en proces udsendte en USB Request - Block (URB) til et device og afsluttede for URB'en afsluttede, så ville en - gammel pointer blive dereferenceret. Dette kunne anvendes til at udløse et - lammelsesangreb.

    • - -
  • CVE-2005-3180 - -

    Pavel Roskin har opdaget at driveren til trådløse Orinoco-kort tømmer - sine buffere på utilstrækkelig vis. Dermed kunne følsomme oplysninger - blive lækket til brugernavnerummet.

    • - -
  • CVE-2005-3181 - -

    Robert Derr har opdaget at audit-undersystemet anvendte en ukorrekt - funktion til frigivelse af hukommelse, hvilket tillod et - lammelsesangreb.

    • - -
  • CVE-2005-3257 - -

    Rudolf Polzer har opdaget at kernen utilstrækkeligt begrænsede adgang - til ioctl'en KDSKBSENT, hvilket muligvis kunne medføre - rettighedsforøgelse.

    • - -
  • CVE-2005-3356 - -

    Doug Chapman har opdaget at syscall'et mq_open kunne narres til at - nedtælle en intern tæller to gange, hvilket tillod et lammelsesangreb via - kerne-panik.

    • - -
  • CVE-2005-3358 - -

    Doug Chapman har opdaget at overførsel af nul-bitmaske til systemkaldet - set_mempolicy() førte til kerne-panik, hvilket tillod et - lammelsesangreb.

    • - -
  • CVE-2005-3783 - -

    ptrace-koden der anvendte CLONE_THREAD brugte ikke thread-gruppens ID - til at afgøre hvorvidt den kaldende tilføjede sig selv, hvilket tillod et - lammelsesangreb.

    • - -
  • CVE-2005-3784 - -

    Funktionaliteten til automatisk høstning af child-processer indeholdt - ptraced-tilføjede processer, hvilket tillod et lammelsesangreb via - dinglende referencer.

    • - -
  • CVE-2005-3806 - -

    Yen Zheng har opdaget at IPv6's "flow label"-kode ændrede en forkert - variabel, hvilket kunne føre til hukommelseskorruption og - lammelsesangreb.

    • - -
  • CVE-2005-3847 - -

    Man har opdaget at en threaded real-time-proces, der aktuelt var ved at - dumpe "core", kunne tvinges ind i en dead-lock-situation ved at sende et - SIGKILL-signal, hvilket tillod et lammelsesangreb.

    • - -
  • CVE-2005-3848 - -

    Ollie Wild har opdaget en hukommelseslækage i funktionen - icmp_push_reply(), hvilket tillod et lammelsesangreb via - hukommelsesforbrug.

    • - -
  • CVE-2005-3857 - -

    Chris Wright har opdaget at overdreven allokering af ødelagte - fillåsnings-leases i VFS-laget kunne opbruge hukommelse og fylde - systemloggen op, hvilket tillod et lammelsesangreb.

    • - -
  • CVE-2005-3858 - -

    Patrick McHardy har opdaget en hukommelseslækage i funktionen - ip6_input_finish() fra IPv6-koden, hvilket tillod et - lammelsesangreb.

    • - -
  • CVE-2005-4605 - -

    Karl Janmar har opdaget en fortegnsfejl i procfs-koden, der kunne - udnyttes til at læse kernehukommelse, hvilket kunne afsløre følsomme - oplysninger.

    • - -
  • CVE-2005-4618 - -

    Yi Ying har opdaget at sysctl ikke tilstrækkeligt håndhæver - bufferstørrelsen, hvilket tillod et lammelsesangreb.

    • - -
  • CVE-2006-0095 - -

    Stefan Rompf har opdaget at dm_crypt ikke tømte en intern struct før - den blev frigivet, hvilket måske kunne afsløre følsomme - oplysninger.

    • - -
  • CVE-2006-0096 - -

    Man har opdaget at SDLA-driverens duelighedskontroller var for løse hvad - angår firmware-opgraderinger.

    • - -
  • CVE-2006-0482 - -

    Ludovic Courtes har opdaget at get_compat_timespec() udfører - utilstrækkelig kontrol af inddata, hvilket tillod et lokalt - lammelsesangreb.

    • - -
  • CVE-2006-1066 - -

    Man har opdaget at ptrace() på ia64-arkitekturen tillod et lokalt - lammelsesangreb når preemption var slået til.

    • - -
- -

Følgende matriks forklarer hvilke kerneversioner til hvilke arkitekturer, -der retter de ovennævnte problemer:

- -
- - - - - - - - - - - -
Debian 3.1 (sarge)
Kildekode 2.6.8-16sarge2
Alpha-arkitekturen 2.6.8-16sarge2
AMD64-arkitekturen 2.6.8-16sarge2
HP Precision-arkitekturen 2.6.8-6sarge2
Intel IA-32-arkitekturen 2.6.8-16sarge2
Intel IA-64-arkitekturen 2.6.8-14sarge2
Motorola 680x0-arkitekturen2.6.8-4sarge2
PowerPC-arkitekturen 2.6.8-12sarge2
IBM S/390-arkitekturen 2.6.8-5sarge2
Sun Sparc-arkitekturen 2.6.8-15sarge2
- -

Følgende matriks opremser yderligere pakker der blev genopbygget af -kompatibilitetshensyn eller for at kunne udnytte denne opdatering:

- -
- - - - - - - - - - - -
Debian 3.1 (sarge)
kernel-latest-2.6-alpha 101sarge1
kernel-latest-2.6-amd64 103sarge1
kernel-latest-2.6-hppa 2.6.8-1sarge1
kernel-latest-2.6-sparc 101sarge1
kernel-latest-2.6-i386 101sarge1
kernel-latest-powerpc 102sarge1
fai-kernels 1.9.1sarge1
hostap-modules-i386 0.3.7-1sarge1
mol-modules-2.6.8 0.9.70+2.6.8+12sarge1
ndiswrapper-modules-i3861.1-2sarge1
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har fremstillet en skræddersyet kerne fra pakken med -kernekildekode, er du nødt til at genopbygge den for at kunne anvende disse -rettelser.

- -

Denne opdatering introducerer en ændring af kernens binære grænseflade, de -opvirkede pakker i Debian er blevet genopbygget. Hvis du anvender lokale -tilføjelser, skal du også genopbygge disse. På grund af det ændrede pakkenavn, -skal du bruge apt-get dist-upgrade til at opdatere dit system.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1017.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1018.wml b/danish/security/2006/dsa-1018.wml deleted file mode 100644 index b3a35b8ca55..00000000000 --- a/danish/security/2006/dsa-1018.wml +++ /dev/null @@ -1,167 +0,0 @@ -flere sårbarheder - -

Den oprindelige opdatering manglende genoversatte ALSA-moduler oversat mod -den nye kernes ABI. Desuden er kernel-latest-2.4-sparc nu på korrekt vis -afhængig af de opdaterede pakker. For fuldstændighedens skyld er herunder den -oprindelige beskrivelse af problemerne:

- -
-

Flere lokale og fjerne sårbarheder er opdaget i Linux-kernen, hvilket kunne -føre til et lammelsesangreb (denial of service) eller til udførelse af -vilkårlig kode. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende problemer:

- -
    - -
  • CVE-2004-0887 - -

    Martin Schwidefsky har opdaget at den priviligerede instruktion SACF - (Set Address Space Control Fast) på S/390-platformen ikke håndteredes - korrekt, hvilket gjorde det muligt for en lokal bruger at opnå - root-rettigheder.

    • - -
  • CVE-2004-1058 - -

    En "race condition" gjorde det muligt for en lokal bruger at læse - miljøvariable hørende til en proces, der stadig var spawned via - /proc/.../cmdline.

    • - -
  • CVE-2004-2607 - -

    En numerisk cast-overensstemmelse i sdla_xfer gjorde det muligt for - lokale brugere at læse dele af kernehukommelsen via et stort len-parameter, - der blev modtaget som en int, men blev cast'et til en short, hvilket - forhindrede læseløkken i at fylde en buffer.

    • - -
  • CVE-2005-0449 - -

    En fejl i funktionen skb_checksum_help() fra netfilter-frameworket er - opdaget, den gjorde det muligt at omgå pakkefiltreringsreglerne eller udløse - et lammelsesangreb.

    • - -
  • CVE-2005-1761 - -

    En sårbarhed i ptrace-undersystemet på IA-64-arkitekturen kunne tillade - lokale angribere at overskrive kernehukommelse og få kerne til at gå - ned.

    • - -
  • CVE-2005-2457 - -

    Tim Yamin har opdaget at der er utilstrækkelig indatakontrol i - zisofs-driveren til komprimerede ISO-filsystemer (zisofs), hvilket tillod - et lammelsesangreb via ondsindet fremstillede ISO-aftryk.

    • - -
  • CVE-2005-2555 - -

    Herbert Xu har opdaget at funktionen setsockopt() ikke var begrænset til - brugere/processer med CAP_NET_ADMIN-muligheden. Dette gjorde det muligt - for angribere at manipulere med IPSEC-policies eller iværksætte et - lammelsesangreb.

    • - -
  • CVE-2005-2709 - -

    Al Viro har opdaget en "race condition" i /proc-håndteringen af - netværksenheder. En (lokal) angriber kunne udnytte den gamle reference - efter nedlukning af interfacet, til at forårsage et lammelsesangreb eller - muligvis udføre kode i kerne-tilstand.

    • - -
  • CVE-2005-2973 - -

    Tetsuo Handa har opdaget at funktionen udp_v6_get_port() i IPv6-koden - kan tvinges ind i en uendelig løkke, hvilket tillod et - lammelsesangreb.

    • - -
  • CVE-2005-3257 - -

    Rudolf Polzer har opdaget at kernen utilstrækkeligt begrænsede adgang - til ioctl'en KDSKBSENT, hvilket muligvis kunne medføre - rettighedsforøgelse.

    • - -
  • CVE-2005-3783 - -

    ptrace-koden der anvendte CLONE_THREAD brugte ikke thread-gruppens ID - til at afgøre hvorvidt den kaldende tilføjede sig selv, hvilket tillod et - lammelsesangreb.

    • - -
  • CVE-2005-3806 - -

    Yen Zheng har opdaget at IPv6's "flow label"-kode ændrede en forkert - variabel, hvilket kunne føre til hukommelseskorruption og - lammelsesangreb.

    • - -
  • CVE-2005-3848 - -

    Ollie Wild har opdaget en hukommelseslækage i funktionen - icmp_push_reply(), hvilket tillod et lammelsesangreb via - hukommelsesforbrug.

    • - -
  • CVE-2005-3857 - -

    Chris Wright har opdaget at overdreven allokering af ødelagte - fillåsnings-leases i VFS-laget kunne opbruge hukommelse og fylde - systemloggen op, hvilket tillod et lammelsesangreb.

    • - -
  • CVE-2005-3858 - -

    Patrick McHardy har opdaget en hukommelseslækage i funktionen - ip6_input_finish() fra IPv6-koden, hvilket tillod et - lammelsesangreb.

    • - -
  • CVE-2005-4618 - -

    Yi Ying har opdaget at sysctl ikke tilstrækkeligt håndhæver - bufferstørrelsen, hvilket tillod et lammelsesangreb.

    • - -
-
- -

Følgende matriks forklarer hvilke kerneversioner til hvilke arkitekturer, -der retter de ovennævnte problemer:

- -
- - - - - - - - - - - - -
Debian 3.1 (sarge)
Kildekode 2.4.27-10sarge2
Alpha-arkitekturen 2.4.27-10sarge2
ARM-arkitekturen 2.4.27-2sarge2
Intel IA-32-arkitekturen 2.4.27-10sarge2
Intel IA-64-arkitekturen 2.4.27-10sarge2
Motorola 680x0-arkitekturen 2.4.27-3sarge2
Big endian MIPS-arkitekturen 2.4.27-10.sarge1.040815-2
Little endian MIPS-arkitekturen2.4.27-10.sarge1.040815-2
PowerPC-arkitekturen 2.4.27-10sarge2
IBM S/390-arkitekturen 2.4.27-2sarge2
Sun Sparc-arkitekturen 2.4.27-9sarge2
- -

Følgende matriks opremser yderligere pakker der blev genopbygget af -kompatibilitetshensyn eller for at kunne udnytte denne opdatering:

- -
- - - - - - - - - - - - - -
Debian 3.1 (sarge)
kernel-latest-2.4-alpha 101sarge1
kernel-latest-2.4-i386 101sarge1
kernel-latest-2.4-s390 2.4.27-1sarge1
kernel-latest-2.4-sparc 42sarge1
kernel-latest-powerpc 102sarge1
fai-kernels 1.9.1sarge1
i2c 1:2.9.1-1sarge1
kernel-image-speakup-i386 2.4.27-1.1sasrge1
lm-sensors 1:2.9.1-1sarge3
mindi-kernel 2.4.27-2sarge1
pcmcia-modules-2.4.27-i3863.2.5+2sarge1
systemimager 3.2.3-6sarge1
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har fremstillet en skræddersyet kerne fra pakken med -kernekildekode, er du nødt til at genopbygge den for at kunne anvende disse -rettelser.

- -

Denne opdatering introducerer en ændring af kernens binære grænseflade, de -opvirkede pakker i Debian er blevet genopbygget. Hvis du anvender lokale -tilføjelser, skal du også genopbygge disse.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1018.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1019.wml b/danish/security/2006/dsa-1019.wml deleted file mode 100644 index 722977faea6..00000000000 --- a/danish/security/2006/dsa-1019.wml +++ /dev/null @@ -1,19 +0,0 @@ -flere sårbarheder - -

Derek Noonburg har rettet flere potentielle sårbarheder i xpdf, Portable -Document Format (PDF)-programpakken, hvilket også findes i koffice, KDE Office -Suite.

- -

Den gamle stabile distribution (woody) indeholder ikke koffice-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.3.5-4.sarge.3.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din koffice-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1019.data" -#use wml::debian::translation-check translation="9136a019da7783c0891c539edd2b650c67af0260" mindelta="1" diff --git a/danish/security/2006/dsa-1020.wml b/danish/security/2006/dsa-1020.wml deleted file mode 100644 index 2cd45085404..00000000000 --- a/danish/security/2006/dsa-1020.wml +++ /dev/null @@ -1,25 +0,0 @@ -bufferoverløb - -

Chris Moore har opdaget at flex, en scannergenerator, genererede kode, der -allokerede utilstrækkelig hukommelse hvis grammar'en indeholdt REJECT-kommandoer -eller afsluttende kontekstregler. Dette kunne føre til et bufferoverløb og -udførelse af vilkårlig kode.

- -

Hvis du anvender kode, der stammer fra en sårbar lex-grammar i et miljø man -ikke har tiltro til, skal du regenerere din scanner med den rettede version af -flex.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.5.31-31sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.5.33-1.

- -

Vi anbefaler at du opgraderer din flex-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1020.data" -#use wml::debian::translation-check translation="a0ae968313bb594638ab0acaed7855e7d3137c69" mindelta="1" diff --git a/danish/security/2006/dsa-1021.wml b/danish/security/2006/dsa-1021.wml deleted file mode 100644 index b9819feb7b8..00000000000 --- a/danish/security/2006/dsa-1021.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikker programudførsel - -

Max Vozeler fra Debian Audit Project har opdaget at pstopnm, et program til -konvertering fra Postscript til formaterne PBM, PGM ig PNM, startede Ghostscript -på en usikker måde, hvilket kunne føre til udførelse af vilkårlige -shell-kommandoer ved konvertering af særligt fremstillede Postscript-filer.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 9.20-8.6.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 10.0-8sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 10.0-9.

- -

Vi anbefaler at du opgraderer din netpbm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1021.data" -#use wml::debian::translation-check translation="3b7bca6621925198c4f0902c0a6e40c296adcbd9" mindelta="1" diff --git a/danish/security/2006/dsa-1022.wml b/danish/security/2006/dsa-1022.wml deleted file mode 100644 index e984ffe9745..00000000000 --- a/danish/security/2006/dsa-1022.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i backup-værktøjet storebackup. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2005-3146 - -

    Storebackup oprettede en midlertidig fil på en forudsigelig måde, - hvilket kunne udnyttes til at overskrive vilkårlige filer på systemet med et - symlink-angreb.

    • - -
  • CVE-2005-3147 - -

    Backup'ens rodmappe blev ikke oprettet med faste rettigheder, hvilket - kunne føre til ukorrekte rettigheder hvis umask'en var for slap.

    • - -
  • CVE-2005-3148 - -

    Bruger- og grupperettighederne hørende til symlinks blev opsat ukorrekt - ved fremstilling eller tilbagelægning af en backup, hvilket kunne medføre - lækage af følsomme oplysninger.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke -storebackup-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.18.4-2sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.19-2.

- -

Vi anbefaler at du opgraderer din storebackup-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1022.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1023.wml b/danish/security/2006/dsa-1023.wml deleted file mode 100644 index a9eb60822c8..00000000000 --- a/danish/security/2006/dsa-1023.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Marcus Meissner har opdaget at kaffeine, en alsidig mediaafspiller til KDE 3, -indeholdt en ukontrolleret buffer, der kunne fjernoverskrives ved hentnng af -fjerne RAM-spillelister, hvilket kunne forårsage udførelse af vilkårlig -kode.

- -

Den gamle stabile distribution (woody) indeholder ikke kaffeine-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.6-1sarge1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din kaffeine-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1023.data" -#use wml::debian::translation-check translation="fd7870e306cab1c27f57461fd25055f1634b05c3" mindelta="1" diff --git a/danish/security/2006/dsa-1024.wml b/danish/security/2006/dsa-1024.wml deleted file mode 100644 index 2fa156a7260..00000000000 --- a/danish/security/2006/dsa-1024.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder der kan fjernudnyttes er opdaget i antivirus-værktøjssættet -ClamAV, hvilket kunne føre til et lammelsesangreb (denial of service) og -potentielt udførelse af vilkårlig kode. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-1614 - -

    Damian Put har opdaget et heltalsoverløb i PE-header-fortolkeren. Dette - kunne kun udnyttes hvis valgmuligheden ArchiveMaxFileSize var slået - fra.

    • - -
  • CVE-2006-1615 - -

    Der er opdaget formatstrengssårbarheder i logningskoden, de kunne føre - til udførelse af vilkårlig kode.

    • - -
  • CVE-2006-1630 - -

    David Luyer har opdaget at ClamAV kunne narres til at tilgå hukommelse - på ulovlig vis i funktionen cli_bitset_set(), hvilket kunne føre til et - lammelsesangreb.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke clamav-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.84-2.sarge.8.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.88.1-1.

- -

Vi anbefaler at du opgraderer din clamav-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1024.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1025.wml b/danish/security/2006/dsa-1025.wml deleted file mode 100644 index 64e9147a2c9..00000000000 --- a/danish/security/2006/dsa-1025.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

"infamous41md" har opdaget tre bufferoverløbsfejl i xfig-importkoden i dia, -en program til redigering af diagrammer, hvilket kunne føre til udførelse af -vilkårlig kode.

- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 0.88.1-3woody1.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.94.0-7sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.94.0-18.

- -

Vi anbefaler at du opgraderer din dia-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1025.data" -#use wml::debian::translation-check translation="e0ae5f3ac08b47e6dfd51159f4118d6979f72c14" mindelta="1" diff --git a/danish/security/2006/dsa-1026.wml b/danish/security/2006/dsa-1026.wml deleted file mode 100644 index 9fee661ac99..00000000000 --- a/danish/security/2006/dsa-1026.wml +++ /dev/null @@ -1,27 +0,0 @@ -bufferoverløb - -

Markus Oberhumer har opdaget en fejl i den måde zlib, et bibliotek der -anvendes til filkomprimering og -dekomprimering, håndterede ugyldige inddata. -Fejlen kunne få programmer der anvender zlib til at gå ned, når en ugyldig fil -blev åbnet. En anden fejl i den måde zlib håndterer udpakningen af visse -komprimerede filer, kunne få et program der anvender zlib, til at gå ned når -det åbnede en ugyldig fil.

- -

sash, stand-alone-shellprogrammet, linker statisk til zlib, og var dermed -påvirket af disse problemer.

- -

Den gamle stabile distribution (woody) er ikke påvirket af disse -problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 3.7-5sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.7-6.

- -

Vi anbefaler at du opgraderer din sash-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1026.data" -#use wml::debian::translation-check translation="b24431ababc4fc9b7e3e2dd318ba982706802266" mindelta="1" diff --git a/danish/security/2006/dsa-1027.wml b/danish/security/2006/dsa-1027.wml deleted file mode 100644 index 54dece77da9..00000000000 --- a/danish/security/2006/dsa-1027.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

Et potentielt lammelsesangrebsproblem (denial of service) er opdaget i -mailman, et webbaseret GNU-postlistehåndteringsprogram. Den fejlende -fortolkning af meddelelser med misdannede MIME-muliiparts, gjorde nogle gange -at hele postlisten holdt op med at fungere.

- -

Den gamle stabile distribution (woody) er ikke sårbar over for dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.1.5-8sarge2.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din mailman-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1027.data" -#use wml::debian::translation-check translation="8cbc744fecbed5cdf173593f5933e4ea88271169" mindelta="1" diff --git a/danish/security/2006/dsa-1028.wml b/danish/security/2006/dsa-1028.wml deleted file mode 100644 index de3b7f0ed3b..00000000000 --- a/danish/security/2006/dsa-1028.wml +++ /dev/null @@ -1,20 +0,0 @@ -programeringsfejl - -

Kjetil Kjernsmo har opdaget en fejl i libimager-perl, en Perl-udvidelse til -generering af 24-bitsbilleder, hvilket kunne føre til en segmenteringsfejl hvis -det arbejdede på 4-kanalers JPEG-billeder.

- -

Den gamle stabile distribution (woody) indeholder ikke denne pakke.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.44-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.50-1.

- -

Vi anbefaler at du opgraderer din libimager-perl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1028.data" -#use wml::debian::translation-check translation="efe2a380651d51ff9da2564cfbc4359842f9b975" mindelta="1" diff --git a/danish/security/2006/dsa-1029.wml b/danish/security/2006/dsa-1029.wml deleted file mode 100644 index 29e5bd31864..00000000000 --- a/danish/security/2006/dsa-1029.wml +++ /dev/null @@ -1,54 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i libphp-adodb, -'adodb'-databaseabstraktionslaget til PHP. Projektet Common Vulnerabilities -and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-0146 - -

    Andreas Sandblad har opdaget at ukorrekt kontrol af brugerinddata - medførte en potentiel fjernudnytbar SQL-indsprøjtningssårbarhed, der gjorde - det muligt for en angriber at kompromittere programmer, tilgå eller ændre - data, eller udnytte sårbarheder i den underliggende implementering af - databasen. Dette krævede at MySQL's root-adgangskode var tom. Rettelsen - er udført ved at begrænse adgang til det pågældende skript.

    • - -
  • CVE-2006-0147 - -

    En dynamisk kodeevalueringssårbarhed tillod fjernangribere at udføre - vilkårlige PHP-funktioner via parameteret 'do'.

    • - -
  • CVE-2006-0410 - -

    Andy Staudacher har opdaget en SQL-indsprøjtningssårbarhed som følge af - utilstrækkelig kontrol af inddata, der gjorde det muligt for fjernangribere - at udføre vilkårlige SQL-kommandoer.

    • - -
  • CVE-2006-0806 - -

    GulfTech Security Research har opdaget flere sårbarheder i forbindelse - med udførelse af skripter på tværs af websteder (cross-site scripting), på - grund af ukorrekt kontrol af brugerinddata. Angribere kunne udnytte disse - sårbarheder til at forårsage, at vilkårlige skripter blev udført i browseren - på et intetanende offers maskine, eller medføre i tyveri af cookie-baserede - autentifikationsoplysninger.

    • - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 1.51-1.2.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4.52-1sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.72-0.1.

- -

Vi anbefaler at du opgraderer din libphp-adodb-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1029.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1030.wml b/danish/security/2006/dsa-1030.wml deleted file mode 100644 index 5f1692ad8b5..00000000000 --- a/danish/security/2006/dsa-1030.wml +++ /dev/null @@ -1,53 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i libphp-adodb, -'adodb'-databaseabstraktionslaget til PHP, der er indlejret i moodle, et system -til håndtering af kurser til onlinelæring. Projektet Common Vulnerabilities -and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-0146 - -

    Andreas Sandblad har opdaget at ukorrekt kontrol af brugerinddata - medførte en potentiel fjernudnytbar SQL-indsprøjtningssårbarhed, der gjorde - det muligt for en angriber at kompromittere programmer, tilgå eller ændre - data, eller udnytte sårbarheder i den underliggende implementering af - databasen. Dette krævede at MySQL's root-adgangskode var tom. Rettelsen - er udført ved at begrænse adgang til det pågældende skript.

    • - -
  • CVE-2006-0147 - -

    En dynamisk kodeevalueringssårbarhed tillod fjernangribere at udføre - vilkårlige PHP-funktioner via parameteret 'do'.

    • - -
  • CVE-2006-0410 - -

    Andy Staudacher har opdaget en SQL-indsprøjtningssårbarhed som følge af - utilstrækkelig kontrol af inddata, der gjorde det muligt for fjernangribere - at udføre vilkårlige SQL-kommandoer.

    • - -
  • CVE-2006-0806 - -

    GulfTech Security Research har opdaget flere sårbarheder i forbindelse - med udførelse af skripter på tværs af websteder (cross-site scripting), på - grund af ukorrekt kontrol af brugerinddata. Angribere kunne udnytte disse - sårbarheder til at forårsage, at vilkårlige skripter blev udført i browseren - på et intetanende offers maskine, eller medføre i tyveri af cookie-baserede - autentifikationsoplysninger.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke moodle-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.4.4.dfsg.1-3sarge1.

- -

I den ustabile distribution vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din moodle-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1030.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1031.wml b/danish/security/2006/dsa-1031.wml deleted file mode 100644 index 66522e16c38..00000000000 --- a/danish/security/2006/dsa-1031.wml +++ /dev/null @@ -1,53 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i libphp-adodb, -'adodb'-databaseabstraktionslaget til PHP, der er indlejret i cacti, en -overbygning til rrdtool til overvågning af systemer og tjenester. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-0146 - -

    Andreas Sandblad har opdaget at ukorrekt kontrol af brugerinddata - medførte en potentiel fjernudnytbar SQL-indsprøjtningssårbarhed, der gjorde - det muligt for en angriber at kompromittere programmer, tilgå eller ændre - data, eller udnytte sårbarheder i den underliggende implementering af - databasen. Dette krævede at MySQL's root-adgangskode var tom. Rettelsen - er udført ved at begrænse adgang til det pågældende skript.

    • - -
  • CVE-2006-0147 - -

    En dynamisk kodeevalueringssårbarhed tillod fjernangribere at udføre - vilkårlige PHP-funktioner via parameteret 'do'.

    • - -
  • CVE-2006-0410 - -

    Andy Staudacher har opdaget en SQL-indsprøjtningssårbarhed som følge af - utilstrækkelig kontrol af inddata, der gjorde det muligt for fjernangribere - at udføre vilkårlige SQL-kommandoer.

    • - -
  • CVE-2006-0806 - -

    GulfTech Security Research har opdaget flere sårbarheder i forbindelse - med udførelse af skripter på tværs af websteder (cross-site scripting), på - grund af ukorrekt kontrol af brugerinddata. Angribere kunne udnytte disse - sårbarheder til at forårsage, at vilkårlige skripter blev udført i browseren - på et intetanende offers maskine, eller medføre i tyveri af cookie-baserede - autentifikationsoplysninger.

    • - -
- -

Den gamle stabile distribution (woody) er ikke påvirket af disse problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.8.6c-7sarge3.

- -

I den ustabile distribution vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din cacti-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1031.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1032.wml b/danish/security/2006/dsa-1032.wml deleted file mode 100644 index cd3b8b436fc..00000000000 --- a/danish/security/2006/dsa-1032.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

Man har opdaget at indholdshåndteringssystemet Plone mangler -sikkerhedsdeklaration for tre interne klasser. Dette gjorde det muligt for -upriviligerede brugere at manipulere med brugerportrætter.

- -

Den gamle stabile distribution (woody) indeholder ikke Plone.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.0.4-3sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.1.2-2.

- -

Vi anbefaler at du opgraderer din zope-cmfplone-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1032.data" -#use wml::debian::translation-check translation="553f4486af7ae971c89fb491e6440e61795fce9a" mindelta="1" diff --git a/danish/security/2006/dsa-1033.wml b/danish/security/2006/dsa-1033.wml deleted file mode 100644 index b769c615a14..00000000000 --- a/danish/security/2006/dsa-1033.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webprogramsskelettet Horde, -hvilket kunne føre til udførelse af vilkårlig webskriptkode. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-4190 - -

    Flere sårbarhed der kunne udnyttes på tværs af websteder (cross-site - scriping) er opdaget i "share edit window".

    • - -
  • CVE-2006-1260 - -

    Null-tegn i URL-paramentre omgik fornuftskontroller, hvilket gjorde det - muligt for fjernangribere at læse vilkårlig filer, hvilket muliggjorde - informationsafsløring.

    • - -
  • CVE-2006-1491 - -

    Brugerinddata i hjælpeviseren blev sendt ukontrolleret videre til - funktionen eval(), hvilket gjorde det muligt at indsprøjte vilkårlig - webkode.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke horde3-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 3.0.4-4sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.1.1-1.

- -

Vi anbefaler at du opgraderer din horde3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1033.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1034.wml b/danish/security/2006/dsa-1034.wml deleted file mode 100644 index 0f81ed44294..00000000000 --- a/danish/security/2006/dsa-1034.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webprogramsskelettet Horde, -hvilket kunne føre til udførelse af vilkårlig webskriptkode. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-1260 - -

    Null-tegn i URL-paramentre omgik fornuftskontroller, hvilket gjorde det - muligt for fjernangribere at læse vilkårlig filer, hvilket muliggjorde - informationsafsløring.

    • - -
  • CVE-2006-1491 - -

    Brugerinddata i hjælpeviseren blev sendt ukontrolleret videre til - funktionen eval(), hvilket gjorde det muligt at indsprøjte vilkårlig - webkode.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke horde2-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.2.8-1sarge2.

- -

Den ustabile distribution (sid) indeholder ikke længere horde2-pakker.

- -

Vi anbefaler at du opgraderer din horde2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1034.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1035.wml b/danish/security/2006/dsa-1035.wml deleted file mode 100644 index 4b2931c9b2f..00000000000 --- a/danish/security/2006/dsa-1035.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker midlertidig fil - -

Steve Kemp fra Debian Security Audit-projektet har opdaget at et cronjob -indeholdt i fcheck, et program til kontrol af filintegration, oprettede en -midlertidig fil på en usikker måde.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.7.59-7sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.7.59-8.

- -

Vi anbefaler at du opgraderer din fcheck-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1035.data" -#use wml::debian::translation-check translation="e4d9aed1a717ee6278f10c4affb373a61ad82914" mindelta="1" diff --git a/danish/security/2006/dsa-1036.wml b/danish/security/2006/dsa-1036.wml deleted file mode 100644 index 05499b8a7fd..00000000000 --- a/danish/security/2006/dsa-1036.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Et bufferoverløbsproblem er opdaget i sail, et spil indeholdt i pakken -bsdgames, en samling af klassiske tekstbaserede Unix-spil, hvilket kunne føre -til rettighedsforøgelse af gruppen games.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.13-7woody0.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.17-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.17-7.

- -

Vi anbefaler at du opgraderer din bsdgames-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1036.data" -#use wml::debian::translation-check translation="85d10c55e297373b7e843c8dc83452b6938e5558" mindelta="1" diff --git a/danish/security/2006/dsa-1037.wml b/danish/security/2006/dsa-1037.wml deleted file mode 100644 index 81b13d0fd55..00000000000 --- a/danish/security/2006/dsa-1037.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

Andrea Barisani har opdaget at zgv, et svgalib-baseret program til vising af -grafik, forsøgte at dekode JPEG-billeder inden for CMYK/YCCK-farverummet på -ukorrekt vis, hvilket kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 5.5-3woody3.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 5.7-1.4.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din zgv-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1037.data" -#use wml::debian::translation-check translation="1af7779c296785520c81301bb1d4c6ef509b15c3" mindelta="1" diff --git a/danish/security/2006/dsa-1038.wml b/danish/security/2006/dsa-1038.wml deleted file mode 100644 index ae19b55cd8e..00000000000 --- a/danish/security/2006/dsa-1038.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Andrea Barisani har opdaget at xzgv, et billedvisningsprogram til X med en -thumbnail-baseret billedvalgsfunktion, forsøgte at dekode JPEG-billeder inden -for CMYK/YCCK-farverummet på ukorrekt vis, hvilket kunne føre til udførelse af -vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.7-6woody3.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.8-3sarge1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din xzgv-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1038.data" -#use wml::debian::translation-check translation="c2f28352fb60c96010e0f3050bc2275af3f5cc13" mindelta="1" diff --git a/danish/security/2006/dsa-1039.wml b/danish/security/2006/dsa-1039.wml deleted file mode 100644 index 46102efebc3..00000000000 --- a/danish/security/2006/dsa-1039.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget blender, et meget hurtigt og fleksibelt program -til 3D-modellering/rendering. Common Vulnerabilities and Exposures Project har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-3302 - -

    Joxean Koret har opdaget, at på grund af manglende kontrol af inddata, - var et medleveret skript sårbart over for vilkårlig udførelse af - kommandoer.

    • - -
  • CVE-2005-4470 - -

    Damian Put har opdaget et bufferoverløb, der tillod fjernangribere at - forårsage et lammelsesangreb (denial of service) og muligvis udføre - vilkårlig kode.

    • - -
- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.36-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.40-1.

- -

Vi anbefaler at du opgraderer din blender-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1039.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1040.wml b/danish/security/2006/dsa-1040.wml deleted file mode 100644 index 89c0e92d2c7..00000000000 --- a/danish/security/2006/dsa-1040.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

En sårbarhed er fundet i gdm, en display-manager til X, der kunne gøre det -muligt for lokale angribere at opnå forøgede rettigheder ved at udnytte en -"race condition" i håndteringen af filen .ICEauthority.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.6.0.8-1sarge2.

- -

I den ustabile distribution (sid) vil dette problem blive rettet i -version 2.14.1-1.

- -

Vi anbefaler at du opgraderer din gdm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1040.data" -#use wml::debian::translation-check translation="c3782a3d2c53086a6713eaed1d0f4607a5b2b92d" mindelta="1" diff --git a/danish/security/2006/dsa-1041.wml b/danish/security/2006/dsa-1041.wml deleted file mode 100644 index 37affd88f02..00000000000 --- a/danish/security/2006/dsa-1041.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Erik Sjölund har opdaget at abc2ps, en oversætter af -ABC-musikbeskrivelsesfiler til PostScript, ikke kontrollerede grænserne når der -blev læst ABC-musikfiler, hvilket medførte et bufferoverløb.

- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 1.3.3-2woody1.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.3.3-3sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.3.3-3sarge1.

- -

Vi anbefaler at du opgraderer din abc2ps-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1041.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-1042.wml b/danish/security/2006/dsa-1042.wml deleted file mode 100644 index a9134a47b30..00000000000 --- a/danish/security/2006/dsa-1042.wml +++ /dev/null @@ -1,22 +0,0 @@ -programmeringsfejl - -

Mu Security-efterforskningsholdet har opdaget en lammelsesangrebstilstad -(denial of service) i Simple Authentication and Security -Layer-autentificationsbiblioteket (SASL) under DIGEST-MD5-forhandling. Dette -påvirker potentielt flere produkter, der anvender SASL -DIGEST-MD5-autentification, deriblandt OpenLDAP, Sendmail, Postfix, m.fl.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.1.19-1.5sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.1.19.dfsg1-0.2.

- -

Vi anbefaler at du opgraderer dine cyrus-sasl2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1042.data" -#use wml::debian::translation-check translation="e62fb8013b11944cc4b00f10f1dfd189197e0f47" mindelta="1" diff --git a/danish/security/2006/dsa-1043.wml b/danish/security/2006/dsa-1043.wml deleted file mode 100644 index 4ea1d97471f..00000000000 --- a/danish/security/2006/dsa-1043.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Erik Sjölund har opdaget at abcmidi-yaps, en oversætter af -ABC-musikbeskrivelsesfiler til PostScript, ikke kontrollerede grænserne når der -blev læst ABC-musikfiler, hvilket medførte et bufferoverløb.

- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 17-1woody1.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 20050101-1sarge1.

- -

I den ustabile distribution (sid) er disse problemer blevet rettet i -version 20060422-1.

- -

Vi anbefaler at du opgraderer din abcmidi-yaps-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1043.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-1044.wml b/danish/security/2006/dsa-1044.wml deleted file mode 100644 index 97ad2cadf1f..00000000000 --- a/danish/security/2006/dsa-1044.wml +++ /dev/null @@ -1,175 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla Firefox. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende -sårbarheder:

- -
    - -
  • CVE-2005-4134 - -

    Websider med ekstremt lange titler forårsagede, at efterfølgende - sideindlæsninger i browseren så ud til at "hænge" i op til flere minutter, - eller fik endda programmet til at gå ned, hvis der ikke er tilstrækkelig - hukommelse i computeren. [MFSA-2006-03]

    • - -
  • CVE-2006-0292 - -

    JavaScript-fortolkeren dereferencede ikke korrekt objekter, hvilket - gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - (denial of service) eller udføre vilkårlig kode. [MFSA-2006-01]

    • - -
  • CVE-2006-0293 - -

    Funktionsallokeringskoden tillod angribere at forårsage et - lammelsesangreb og muligvis udføre vilkårlig kode. [MFSA-2006-01]

    • - -
  • CVE-2006-0296 - -

    XULDocument.persist() kontrollerede ikke attributnavnet, hvilket gjorde - det muligt for angribere at indsprøjte vilkårlig XML- eller JavaScript-kode - i localstore.rdf, der der blev læst og reageret på under starten af - programmet. [MFSA-2006-05]

    • - -
  • CVE-2006-0748 - -

    En anonym efterforsker hos TippingPoint og Zero Day Initiative - rapporterer at en ugyldig og meningsløs sortering af tabel-relaterede - tags kunne udnyttes til at udføre vilkårlig kode. [MFSA-2006-27]

    • - -
  • CVE-2006-0749 - -

    En særlig rækkefølge af HTML-tags kunne forårsage hukommelseskorruption, - der kunne udnyttes til at udføre vilkårlig kode. [MFSA-2006-18]

    • - -
  • CVE-2006-1727 - -

    Georgi Guninski har rapporteret to varianter af anvendelse af skripter - i en XML-kontrol, til at opnå chrome-rettigheder når en side blev vist - under "Print Preview". [MFSA-2006-25]

    • - -
  • CVE-2006-1728 - -

    "shutdown" har opdaget at metoden crypto.generateCRMFRequest kunne - anvendes til at køre vilkårlig kode med rettighederne hørende til brugeren, - der kørte browseren, hvilket kunne gøre det muligt for en angriber at - installere malware. [MFSA-2006-24]

    • - -
  • CVE-2006-1729 - -

    Claus Jørgensen har rapporteret at en inddataboks til tekst kunne - forudfyldes med et filnavn og dernæst ændres til en filoplægningskontrol, - hvilket gjorde det muligt for et ondsindet websted at sjæle enhver lokal - fil hvis navn man kunne gætte. [MFSA-2006-23]

    • - -
  • CVE-2006-1730 - -

    En anonym efterforsker hos TippingPoint og Zero Day Initiative har - opdaget et heltalsoverløb udløst af CSS' letter-spacing-egenskab kunne - udnyttes til at udføre vilkårlig kode. [MFSA-2006-22]

    • - -
  • CVE-2006-1731 - -

    "moz_bug_r_a4" har opdaget at nogle interne funktioner returnerer - prototyper i stedet for objekter, hvilket gjorde det muligt for angribere - at iværksætte angreb på tværs af websteder (cross-site scripting). - [MFSA-2006-19]

    • - -
  • CVE-2006-1732 - -

    "shutdown" har opdaget at det var muligt at omgå samme - ophav-beskyttelser, der tillod ondsindede websteder at indsprøjte skripter - i indhold fra et andet websted, hvilket kunne gøre det muligt for den - ondsindede side at stjæle oplysninger så som cookier eller adgangskoder - fra det andet sted, eller udføre transaktioner på brugerens vegne, hvis - vedkommende allerede var logget på. [MFSA-2006-17]

    • - -
  • CVE-2006-1733 - -

    "moz_bug_r_a4" har opdaget at kompileringsscopet på priviligerede - indbyggede XML-bindinger ikke var fuldt ud beskyttet mod webindhold og - stadig kunne udføres, hvilket kunne anvendes til at udføre vilkårligt - JavaScript, der kunne gøre det muligt for en angriber at installere malware - så som virusser og adgangskodesniffere. [MFSA-2006-16]

    • - -
  • CVE-2006-1734 - -

    "shutdown" har opdaget at det var muligt at tilgå et internt - funktionsobjekt, hvilket dernæst kunne anvendes til at udføre vilkårlig - JavaScript-kode med de komplette rettigheder hørende til brugeren, der - kørte browseren, der kunne anvendes til at installere spyware eller - virusser. [MFSA-2006-15]

    • - -
  • CVE-2006-1735 - -

    Det var muligt at oprette JavaScript-funktioner, der ville blive - oversat med de forkerte rettigheder, der gjorde det muligt for en angriber - at køre selvvalgt kode med de komplette rettigheder hørende til brugeren, - der kørte browseren, hvilket kunne anvendes til at installere spyware eller - virusser. [MFSA-2006-14]

    • - -
  • CVE-2006-1736 - -

    Det var muligt at narre brugere til at hente eller gemme en eksekvérbar - fil via et billede, oven i hvilket var et gennemsigtigt billedlink pegende - på den eksekvérbare fil. [MFSA-2006-13]

    • - -
  • CVE-2006-1737 - -

    Et heltalsoverløb gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb og muligvis udføre vilkårlig bytecode via JavaScript med et - stort regulært udtryk. [MFSA-2006-11]

    • - -
  • CVE-2006-1738 - -

    En uspecificeret sårbarhed gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb. [MFSA-2006-11]

    • - -
  • CVE-2006-1739 - -

    Visse Cascading Style Sheets (CSS) kunne forårsage en array-skrivnign, - der overskred grænserne, hvilket kunne medføre et lammelsesangreb og - muligvis udførelse af vilkårlig kode. [MFSA-2006-11]

    • - -
  • CVE-2006-1740 - -

    Det var muligt for fjernangribere at forfalske sikre webstedsindikatorer - så som den "låste" ikon, ved at åbne et websted man har tiltro til i et - popup-vindue, og dernæst skifte til det ondsindede websted. - [MFSA-2006-12]

    • - -
  • CVE-2006-1741 - -

    "shutdown" har opdaget at det var muligt at indsprøjte vilkårlig - JavaScript-kode ind i en side på et andet websted ved hjælp af en - modal alert, til midlertidigt at afbryde event handleren, mens en ny side - blev indlæst. Dette kunne anvendes til at stjæle følsomme oplysninger. - [MFSA-2006-09]

    • - -
  • CVE-2006-1742 - -

    Igor Bukanov har opdaget at JavaScript-maskinen ikke korrekt håndterede - midlertidige variable, hvilket kunne gøre det muligt for fjernangribere at - udløse handlinger på frigivet hukommelse og forårsage - hukommelseskorruption. [MFSA-2006-10]

    • - -
  • CVE-2006-1790 - -

    En regressionsrettelse kunne føre til hukommelseskorruption, tillod - fjernangribere at forårsage et lammelsesangreb og muligvis udføre vilkårlig - kode. [MFSA-2006-11]

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.4-2sarge6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.5.dfsg+1.5.0.2-2.

- -

Vi anbefaler at du opgraderer dine Mozilla Firefox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1044.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1045.wml b/danish/security/2006/dsa-1045.wml deleted file mode 100644 index c4e18ffefab..00000000000 --- a/danish/security/2006/dsa-1045.wml +++ /dev/null @@ -1,20 +0,0 @@ -designfejl - -

Hendrik Weimer har opdaget at OpenVPN, Virtual Private Network Daemon, -tillod at skubbe miljøvariable ud til en klient, hvilket gjorde det muligt for -en ondsindet VPN-server at overtage de forbundne klienter.

- -

Den gamle stabile distribution (woody) indeholder ikke openvpn-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.0-1sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.6-1.

- -

Vi anbefaler at du opgraderer din openvpn-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1045.data" -#use wml::debian::translation-check translation="507ad243460ad3f31a0c884f2f0854647ed57905" mindelta="1" diff --git a/danish/security/2006/dsa-1046.wml b/danish/security/2006/dsa-1046.wml deleted file mode 100644 index afbd32eab11..00000000000 --- a/danish/security/2006/dsa-1046.wml +++ /dev/null @@ -1,234 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla Firefox. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende -sårbarheder:

- -
    - -
  • CVE-2005-2353 - -

    Skriptet "run-mozilla.sh" tillod at lokale brugere kunne oprette eller - overskrive vilkårlige filer når debugging var slået til, via et - symlink-angreb på midlertidige filer.

    • - -
  • CVE-2005-4134 - -

    Websider med ekstremt lange titler forårsagede, at efterfølgende - sideindlæsninger i browseren så ud til at "hænge" i op til flere minutter, - eller fik endda programmet til at gå ned, hvis der ikke er tilstrækkelig - hukommelse i computeren. [MFSA-2006-03]

    • - -
  • CVE-2006-0292 - -

    JavaScript-fortolkeren dereferencede ikke korrekt objekter, hvilket - gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - (denial of service) eller udføre vilkårlig kode. [MFSA-2006-01]

    • - -
  • CVE-2006-0293 - -

    Funktionsallokeringskoden tillod angribere at forårsage et - lammelsesangreb og muligvis udføre vilkårlig kode. [MFSA-2006-01]

    • - -
  • CVE-2006-0296 - -

    XULDocument.persist() kontrollerede ikke attributnavnet, hvilket gjorde - det muligt for angribere at indsprøjte vilkårlig XML- eller JavaScript-kode - i localstore.rdf, der der blev læst og reageret på under starten af - programmet. [MFSA-2006-05]

    • - -
  • CVE-2006-0748 - -

    En anonym efterforsker hos TippingPoint og Zero Day Initiative - rapporterer at en ugyldig og meningsløs sortering af tabel-relaterede - tags kunne udnyttes til at udføre vilkårlig kode. [MFSA-2006-27]

    • - -
  • CVE-2006-0749 - -

    En særlig rækkefølge af HTML-tags kunne forårsage hukommelseskorruption, - der kunne udnyttes til at udføre vilkårlig kode. [MFSA-2006-18]

    • - -
  • CVE-2006-0884 - -

    Georgi Guninski rapporterer at in-line-videresendelse af mail mens man - anvender HTML-"rich mail"-editoren, der er standard, vil udføre indlejret - JavaScript i e-mail-meddelelsen, med komplette rettigheder hørende til - klienten. [MFSA-2006-21]

    • - -
  • CVE-2006-1045 - -

    HTML-fortolkningsmaskinen blokerede ikke eksterne billeder fra - in-line-HTML-vedhæftelser på korrekt vis, når "Block loading of remote - images in mail messages" var slået til, hvilket kunne gøre det muligt for - fjernangribere at få adgang til følsomme oplysninger. - [MFSA-2006-26]

    • - -
  • CVE-2006-1529 - -

    En sårbarhed tillod potentielt fjernangribere at forårsage et - lammelsesangreb samt muligvis udføre vilkårlig kode. [MFSA-2006-20]

    • - -
  • CVE-2006-1530 - -

    En sårbarhed tillod potentielt fjernangribere at forårsage et - lammelsesangreb samt muligvis udføre vilkårlig kode. [MFSA-2006-20]

    • - -
  • CVE-2006-1531 - -

    En sårbarhed tillod potentielt fjernangribere at forårsage et - lammelsesangreb samt muligvis udføre vilkårlig kode. [MFSA-2006-20]

    • - -
  • CVE-2006-1723 - -

    En sårbarhed tillod potentielt fjernangribere at forårsage et - lammelsesangreb samt muligvis udføre vilkårlig kode. [MFSA-2006-20]

    • - -
  • CVE-2006-1724 - -

    En sårbarhed tillod potentielt fjernangribere at forårsage et - lammelsesangreb samt muligvis udføre vilkårlig kode. [MFSA-2006-20]

    • - -
  • CVE-2006-1725 - -

    På grund af interaktion mellem XUL-indholdsvinduer og - historikmekanismen, kunne nogle vinduer blive gennemsigtige, hvilket kunne - gøre det muligt for fjernangribere at udføre vilkårlig kode. - [MFSA-2006-29]

    • - -
  • CVE-2006-1726 - -

    "shutdown" har opdaget at sikkerhedskontrollen i funktionen - js_ValueToFunctionObject() kunne omgås og udnyttes til at installere - malware. [MFSA-2006-28]

    • - -
  • CVE-2006-1727 - -

    Georgi Guninski har rapporteret to varianter af anvendelse af skripter - i en XML-kontrol, til at opnå chrome-rettigheder når en side blev vist - under "Print Preview". [MFSA-2006-25]

    • - -
  • CVE-2006-1728 - -

    "shutdown" har opdaget at metoden crypto.generateCRMFRequest kunne - anvendes til at køre vilkårlig kode med rettighederne hørende til brugeren, - der kørte browseren, hvilket kunne gøre det muligt for en angriber at - installere malware. [MFSA-2006-24]

    • - -
  • CVE-2006-1729 - -

    Claus Jørgensen har rapporteret at en inddataboks til tekst kunne - forudfyldes med et filnavn og dernæst ændres til en filoplægningskontrol, - hvilket gjorde det muligt for et ondsindet websted at sjæle enhver lokal - fil hvis navn man kunne gætte. [MFSA-2006-23]

    • - -
  • CVE-2006-1730 - -

    En anonym efterforsker hos TippingPoint og Zero Day Initiative har - opdaget et heltalsoverløb udløst af CSS' letter-spacing-egenskab kunne - udnyttes til at udføre vilkårlig kode. [MFSA-2006-22]

    • - -
  • CVE-2006-1731 - -

    "moz_bug_r_a4" har opdaget at nogle interne funktioner returnerer - prototyper i stedet for objekter, hvilket gjorde det muligt for angribere - at iværksætte angreb på tværs af websteder (cross-site scripting). - [MFSA-2006-19]

    • - -
  • CVE-2006-1732 - -

    "shutdown" har opdaget at det var muligt at omgå samme - ophav-beskyttelser, der tillod ondsindede websteder at indsprøjte skripter - i indhold fra et andet websted, hvilket kunne gøre det muligt for den - ondsindede side at stjæle oplysninger så som cookier eller adgangskoder - fra det andet sted, eller udføre transaktioner på brugerens vegne, hvis - vedkommende allerede var logget på. [MFSA-2006-17]

    • - -
  • CVE-2006-1733 - -

    "moz_bug_r_a4" har opdaget at kompileringsscopet på priviligerede - indbyggede XML-bindinger ikke var fuldt ud beskyttet mod webindhold og - stadig kunne udføres, hvilket kunne anvendes til at udføre vilkårligt - JavaScript, der kunne gøre det muligt for en angriber at installere malware - så som virusser og adgangskodesniffere. [MFSA-2006-16]

    • - -
  • CVE-2006-1734 - -

    "shutdown" har opdaget at det var muligt at tilgå et internt - funktionsobjekt, hvilket dernæst kunne anvendes til at udføre vilkårlig - JavaScript-kode med de komplette rettigheder hørende til brugeren, der - kørte browseren, der kunne anvendes til at installere spyware eller - virusser. [MFSA-2006-15]

    • - -
  • CVE-2006-1735 - -

    Det var muligt at oprette JavaScript-funktioner, der ville blive - oversat med de forkerte rettigheder, der gjorde det muligt for en angriber - at køre selvvalgt kode med de komplette rettigheder hørende til brugeren, - der kørte browseren, hvilket kunne anvendes til at installere spyware eller - virusser. [MFSA-2006-14]

    • - -
  • CVE-2006-1736 - -

    Det var muligt at narre brugere til at hente eller gemme en eksekvérbar - fil via et billede, oven i hvilket var et gennemsigtigt billedlink pegende - på den eksekvérbare fil. [MFSA-2006-13]

    • - -
  • CVE-2006-1737 - -

    Et heltalsoverløb gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb og muligvis udføre vilkårlig bytecode via JavaScript med et - stort regulært udtryk. [MFSA-2006-11]

    • - -
  • CVE-2006-1738 - -

    En uspecificeret sårbarhed gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb. [MFSA-2006-11]

    • - -
  • CVE-2006-1739 - -

    Visse Cascading Style Sheets (CSS) kunne forårsage en array-skrivnign, - der overskred grænserne, hvilket kunne medføre et lammelsesangreb og - muligvis udførelse af vilkårlig kode. [MFSA-2006-11]

    • - -
  • CVE-2006-1740 - -

    Det var muligt for fjernangribere at forfalske sikre webstedsindikatorer - så som den "låste" ikon, ved at åbne et websted man har tiltro til i et - popup-vindue, og dernæst skifte til det ondsindede websted. - [MFSA-2006-12]

    • - -
  • CVE-2006-1741 - -

    "shutdown" har opdaget at det var muligt at indsprøjte vilkårlig - JavaScript-kode ind i en side på et andet websted ved hjælp af en - modal alert, til midlertidigt at afbryde event handleren, mens en ny side - blev indlæst. Dette kunne anvendes til at stjæle følsomme oplysninger. - [MFSA-2006-09]

    • - -
  • CVE-2006-1742 - -

    Igor Bukanov har opdaget at JavaScript-maskinen ikke korrekt håndterede - midlertidige variable, hvilket kunne gøre det muligt for fjernangribere at - udløse handlinger på frigivet hukommelse og forårsage - hukommelseskorruption. [MFSA-2006-10]

    • - -
  • CVE-2006-1790 - -

    En regressionsrettelse kunne føre til hukommelseskorruption, tillod - fjernangribere at forårsage et lammelsesangreb og muligvis udføre vilkårlig - kode. [MFSA-2006-11]

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.7.8-1sarge5.

- -

I den ustabile distribution (sid) vil disse problemer blive rettet i -version 1.7.13-1.

- -

Vi anbefaler at du opgraderer dine Mozilla-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1046.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1047.wml b/danish/security/2006/dsa-1047.wml deleted file mode 100644 index 822056573c7..00000000000 --- a/danish/security/2006/dsa-1047.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

Et problem er opdaget i resmgr, en ressourcehåndterings-biblioteksdæmon, -der gjorde det muligt for lokale brugere at omgå adgangskontrol og åbne enhver -USB-enhed, når der var givet tilladelse til adgang til en enkelt enhed.

- -

Den gamle stabile distribution (woody) indeholder ikke resmgr-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0-2sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0-4.

- -

Vi anbefaler at du opgraderer din resmgr-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1047.data" -#use wml::debian::translation-check translation="47b834903e93a4f4d87fc2259cf96bd739c19fb8" mindelta="1" diff --git a/danish/security/2006/dsa-1048.wml b/danish/security/2006/dsa-1048.wml deleted file mode 100644 index 0d22d308aa2..00000000000 --- a/danish/security/2006/dsa-1048.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

Flere problemer er opdaget i Asterisk, et Open Source Private Branch Exchange -(telefonkontrolcenter). Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-3559 - -

    Adam Pointon har opdaget, at grundet manglende kontrol af inddata, var - det muligt at hente en optaget telefonbesked til et andet lokalt - nummer.

    • - -
  • CVE-2006-1827 - -

    Emmanouel Kellinis har opdaget et heltalsfortegnsfejl, der kunne udløse - et bufferoverløb og dermed tillade udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.1.11-3woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.7.dfsg.1-2sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.7.1.dfsg-1.

- -

Vi anbefaler at du opgraderer din asterisk-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1048.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1049.wml b/danish/security/2006/dsa-1049.wml deleted file mode 100644 index 79c189b5b33..00000000000 --- a/danish/security/2006/dsa-1049.wml +++ /dev/null @@ -1,64 +0,0 @@ -flere sårbarheder - -

Gerald Combs har rapporteret flere sårbarheder i ethereal, et populært -program til analysering af netværkstrafik. Projektet Common Vulnerabilities -and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-1932 - -

    OID-udskriftsrutinen var sårbar over for en forskud med én-fejl.

    • - -
  • CVE-2006-1933 - -

    UMA- og BER-dissektorerne kunne gå i en uendelig løkke.

    • - -
  • CVE-2006-1934 - -

    Network Instruments-filkoden kunne løber ud over en buffer.

    • - -
  • CVE-2006-1935 - -

    COPS-dissektoren indeholdt et potentielt bufferoverløb.

    • - -
  • CVE-2006-1936 - -

    Telnet-dissektoren indeholdt et bufferoverløb.

    • - -
  • CVE-2006-1937 - -

    Fejl i SRVLOC- og AIM-dissektorerne, og i statistiktælleren, kunne få - ethereal til at gå ned.

    • - -
  • CVE-2006-1938 - -

    Null pointer-dereferencer i SMB PIPE-dissektoren og ved læsning af en - misdannet Sniffer-capture kunne få ethereal til at gå ned.

    • - -
  • CVE-2006-1939 - -

    Null pointer-dereferencer i de ASN.1-, GSM SMS-, RPC- og ASN.1-baserede - dissektorer og et ugyldigt visningsfilter kunne få ethereal til at gå - ned.

    • - -
  • CVE-2006-1940 - -

    SNDCP-dissektoren kunne forårsage et utilsigted nedbrud.

    • - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 0.9.4-1woody15.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.10.10-2sarge5.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine ethereal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1049.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1050.wml b/danish/security/2006/dsa-1050.wml deleted file mode 100644 index 591707f7ff7..00000000000 --- a/danish/security/2006/dsa-1050.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Ulf Härnhammar og en anonym efterforsker fra Tyskland har opdaget en -sårbarhed i freshclams protokolkode. Freshclam er et kommandolinjeværktør med -ansvar for at hente og installere virussignaturopdateringer til ClamAV, -antivirusscanneren til Unix. Dette kunne føre til et lammelsesangreb (denial -of service) eller potentielt udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke clamav-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.84-2.sarge.9.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.88.2-1.

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1050.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-1051.wml b/danish/security/2006/dsa-1051.wml deleted file mode 100644 index 1fe332ad614..00000000000 --- a/danish/security/2006/dsa-1051.wml +++ /dev/null @@ -1,221 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla Thunderbird. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -sårbarheder:

- -
    - -
  • CVE-2005-2353 - -

    Skriptet "run-mozilla.sh" tillod at lokale brugere kunne oprette eller - overskrive vilkårlige filer når debugging var slået til, via et - symlink-angreb på midlertidige filer.

    • - -
  • CVE-2005-4134 - -

    Websider med ekstremt lange titler forårsagede, at efterfølgende - sideindlæsninger i browseren så ud til at "hænge" i op til flere minutter, - eller fik endda programmet til at gå ned, hvis der ikke er tilstrækkelig - hukommelse i computeren. [MFSA-2006-03]

    • - -
  • CVE-2006-0292 - -

    JavaScript-fortolkeren dereferencede ikke korrekt objekter, hvilket - gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - (denial of service) eller udføre vilkårlig kode. [MFSA-2006-01]

    • - -
  • CVE-2006-0293 - -

    Funktionsallokeringskoden tillod angribere at forårsage et - lammelsesangreb og muligvis udføre vilkårlig kode. [MFSA-2006-01]

    • - -
  • CVE-2006-0296 - -

    XULDocument.persist() kontrollerede ikke attributnavnet, hvilket gjorde - det muligt for angribere at indsprøjte vilkårlig XML- eller JavaScript-kode - i localstore.rdf, der der blev læst og reageret på under starten af - programmet. [MFSA-2006-05]

    • - -
  • CVE-2006-0748 - -

    En anonym efterforsker hos TippingPoint og Zero Day Initiative - rapporterer at en ugyldig og meningsløs sortering af tabel-relaterede - tags kunne udnyttes til at udføre vilkårlig kode. [MFSA-2006-27]

    • - -
  • CVE-2006-0749 - -

    En særlig rækkefølge af HTML-tags kunne forårsage hukommelseskorruption, - der kunne udnyttes til at udføre vilkårlig kode. [MFSA-2006-18]

    • - -
  • CVE-2006-0884 - -

    Georgi Guninski rapporterer at in-line-videresendelse af mail mens man - anvender HTML-"rich mail"-editoren, der er standard, vil udføre indlejret - JavaScript i e-mail-meddelelsen, med komplette rettigheder hørende til - klienten. [MFSA-2006-21]

    • - -
  • CVE-2006-1045 - -

    HTML-fortolkningsmaskinen blokerede ikke eksterne billeder fra - in-line-HTML-vedhæftelser på korrekt vis, når "Block loading of remote - images in mail messages" var slået til, hvilket kunne gøre det muligt for - fjernangribere at få adgang til følsomme oplysninger. - [MFSA-2006-26]

    • - -
  • CVE-2006-1529 - -

    En sårbarhed tillod potentielt fjernangribere at forårsage et - lammelsesangreb samt muligvis udføre vilkårlig kode. [MFSA-2006-20]

    • - -
  • CVE-2006-1530 - -

    En sårbarhed tillod potentielt fjernangribere at forårsage et - lammelsesangreb samt muligvis udføre vilkårlig kode. [MFSA-2006-20]

    • - -
  • CVE-2006-1531 - -

    En sårbarhed tillod potentielt fjernangribere at forårsage et - lammelsesangreb samt muligvis udføre vilkårlig kode. [MFSA-2006-20]

    • - -
  • CVE-2006-1723 - -

    En sårbarhed tillod potentielt fjernangribere at forårsage et - lammelsesangreb samt muligvis udføre vilkårlig kode. [MFSA-2006-20]

    • - -
  • CVE-2006-1724 - -

    En sårbarhed tillod potentielt fjernangribere at forårsage et - lammelsesangreb samt muligvis udføre vilkårlig kode. [MFSA-2006-20]

    • - -
  • CVE-2006-1727 - -

    Georgi Guninski har rapporteret to varianter af anvendelse af skripter - i en XML-kontrol, til at opnå chrome-rettigheder når en side blev vist - under "Print Preview". [MFSA-2006-25]

    • - -
  • CVE-2006-1728 - -

    "shutdown" har opdaget at metoden crypto.generateCRMFRequest kunne - anvendes til at køre vilkårlig kode med rettighederne hørende til brugeren, - der kørte browseren, hvilket kunne gøre det muligt for en angriber at - installere malware. [MFSA-2006-24]

    • - -
  • CVE-2006-1729 - -

    Claus Jørgensen har rapporteret at en inddataboks til tekst kunne - forudfyldes med et filnavn og dernæst ændres til en filoplægningskontrol, - hvilket gjorde det muligt for et ondsindet websted at sjæle enhver lokal - fil hvis navn man kunne gætte. [MFSA-2006-23]

    • - -
  • CVE-2006-1730 - -

    En anonym efterforsker hos TippingPoint og Zero Day Initiative har - opdaget et heltalsoverløb udløst af CSS' letter-spacing-egenskab kunne - udnyttes til at udføre vilkårlig kode. [MFSA-2006-22]

    • - -
  • CVE-2006-1731 - -

    "moz_bug_r_a4" har opdaget at nogle interne funktioner returnerer - prototyper i stedet for objekter, hvilket gjorde det muligt for angribere - at iværksætte angreb på tværs af websteder (cross-site scripting). - [MFSA-2006-19]

    • - -
  • CVE-2006-1732 - -

    "shutdown" har opdaget at det var muligt at omgå samme - ophav-beskyttelser, der tillod ondsindede websteder at indsprøjte skripter - i indhold fra et andet websted, hvilket kunne gøre det muligt for den - ondsindede side at stjæle oplysninger så som cookier eller adgangskoder - fra det andet sted, eller udføre transaktioner på brugerens vegne, hvis - vedkommende allerede var logget på. [MFSA-2006-17]

    • - -
  • CVE-2006-1733 - -

    "moz_bug_r_a4" har opdaget at kompileringsscopet på priviligerede - indbyggede XML-bindinger ikke var fuldt ud beskyttet mod webindhold og - stadig kunne udføres, hvilket kunne anvendes til at udføre vilkårligt - JavaScript, der kunne gøre det muligt for en angriber at installere malware - så som virusser og adgangskodesniffere. [MFSA-2006-16]

    • - -
  • CVE-2006-1734 - -

    "shutdown" har opdaget at det var muligt at tilgå et internt - funktionsobjekt, hvilket dernæst kunne anvendes til at udføre vilkårlig - JavaScript-kode med de komplette rettigheder hørende til brugeren, der - kørte browseren, der kunne anvendes til at installere spyware eller - virusser. [MFSA-2006-15]

    • - -
  • CVE-2006-1735 - -

    Det var muligt at oprette JavaScript-funktioner, der ville blive - oversat med de forkerte rettigheder, der gjorde det muligt for en angriber - at køre selvvalgt kode med de komplette rettigheder hørende til brugeren, - der kørte browseren, hvilket kunne anvendes til at installere spyware eller - virusser. [MFSA-2006-14]

    • - -
  • CVE-2006-1736 - -

    Det var muligt at narre brugere til at hente eller gemme en eksekvérbar - fil via et billede, oven i hvilket var et gennemsigtigt billedlink pegende - på den eksekvérbare fil. [MFSA-2006-13]

    • - -
  • CVE-2006-1737 - -

    Et heltalsoverløb gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb og muligvis udføre vilkårlig bytecode via JavaScript med et - stort regulært udtryk. [MFSA-2006-11]

    • - -
  • CVE-2006-1738 - -

    En uspecificeret sårbarhed gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb. [MFSA-2006-11]

    • - -
  • CVE-2006-1739 - -

    Visse Cascading Style Sheets (CSS) kunne forårsage en array-skrivnign, - der overskred grænserne, hvilket kunne medføre et lammelsesangreb og - muligvis udførelse af vilkårlig kode. [MFSA-2006-11]

    • - -
  • CVE-2006-1740 - -

    Det var muligt for fjernangribere at forfalske sikre webstedsindikatorer - så som den "låste" ikon, ved at åbne et websted man har tiltro til i et - popup-vindue, og dernæst skifte til det ondsindede websted. - [MFSA-2006-12]

    • - -
  • CVE-2006-1741 - -

    "shutdown" har opdaget at det var muligt at indsprøjte vilkårlig - JavaScript-kode ind i en side på et andet websted ved hjælp af en - modal alert, til midlertidigt at afbryde event handleren, mens en ny side - blev indlæst. Dette kunne anvendes til at stjæle følsomme oplysninger. - [MFSA-2006-09]

    • - -
  • CVE-2006-1742 - -

    Igor Bukanov har opdaget at JavaScript-maskinen ikke korrekt håndterede - midlertidige variable, hvilket kunne gøre det muligt for fjernangribere at - udløse handlinger på frigivet hukommelse og forårsage - hukommelseskorruption. [MFSA-2006-10]

    • - -
  • CVE-2006-1790 - -

    En regressionsrettelse kunne føre til hukommelseskorruption, tillod - fjernangribere at forårsage et lammelsesangreb og muligvis udføre vilkårlig - kode. [MFSA-2006-11]

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.2-2.sarge1.0.8.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.5.0.2-1 of thunderbird.

- -

Vi anbefaler at du opgraderer dine Mozilla Thunderbird-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1051.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1052.wml b/danish/security/2006/dsa-1052.wml deleted file mode 100644 index 80392dc83f5..00000000000 --- a/danish/security/2006/dsa-1052.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Flere bufferoverløb er opdaget i cgiirc, en webbaseret IRC-klient, hvilket -kunne udnyttes til at udføre vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke cgiirc-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.5.4-6sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.5.4-6sarge1.

- -

Vi anbefaler at du opgraderer din cgiirc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1052.data" -#use wml::debian::translation-check translation="441507211602277a4ed1b172cb705f8da32e9b6c" mindelta="1" diff --git a/danish/security/2006/dsa-1053.wml b/danish/security/2006/dsa-1053.wml deleted file mode 100644 index 9c49d3bc0a3..00000000000 --- a/danish/security/2006/dsa-1053.wml +++ /dev/null @@ -1,17 +0,0 @@ -programmeringsfejl - -

Martijn Wargers og Nick Mott har beskrevet nedbrud i Mozilla på grund af -anvendelsen af en slettet controller-kontekst. I teorien kunne dette udnyttes -til at udføre ondsindet kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.7.8-1sarge6.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine mozilla-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1053.data" -#use wml::debian::translation-check translation="ff2af7496b30316ad5253c65f3adc21e85e914ea" mindelta="1" diff --git a/danish/security/2006/dsa-1054.wml b/danish/security/2006/dsa-1054.wml deleted file mode 100644 index 6ff4fdc07ec..00000000000 --- a/danish/security/2006/dsa-1054.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Tavis Ormandy har opdaget flere sårbarheder i TIFF-biblioteket, der kunne -føre til et lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2006-2024 - -

    Flere sårbarheder gjorde det muligt for angribere at forårsage et - lammelsesangreb.

    • - -
  • CVE-2006-2025 - -

    Et heltalsoverløbs gjorde det muligt for angribere at forårsage et - lammelsesangreb og muligvis udføre vilkårlig kode.

    • - -
  • CVE-2006-2026 - -

    En sårbarhed i forbindelse med dobbelt-frigivelse gjorde det muligt for - angribere at forårsage et lammelsesangreb og muligvis udføre vilkårlig - kode.

    • - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet -i version 3.5.5-7woody1.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 3.7.2-3sarge1.

- -

I den ustabile distribution (sid) er ikke sårbar over for disse problemer.

- -

Vi anbefaler at du opgraderer dine libtiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1054.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1055.wml b/danish/security/2006/dsa-1055.wml deleted file mode 100644 index 85288ff3329..00000000000 --- a/danish/security/2006/dsa-1055.wml +++ /dev/null @@ -1,19 +0,0 @@ -programmeringsfejl - -

Martijn Wargers og Nick Mott har beskrevet nedbrud i Mozilla på grund af -anvendelsen af en slettet controller-kontekst. I teorien kunne dette udnyttes -til at udføre ondsindet kode. Da Mozilla og Firefox deler den samme kodebase, -var Firefox måske også sårbar.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.4-2sarge7.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.5.dfsg+1.5.0.3-1.

- -

Vi anbefaler at du opgraderer dine Mozilla Firefox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1055.data" -#use wml::debian::translation-check translation="9220d14279d18808f80f20c7c46fa1e56b147033" mindelta="1" diff --git a/danish/security/2006/dsa-1056.wml b/danish/security/2006/dsa-1056.wml deleted file mode 100644 index 7b4233842fc..00000000000 --- a/danish/security/2006/dsa-1056.wml +++ /dev/null @@ -1,20 +0,0 @@ -udførlig fejlmeddelelse - -

David Maciejak har bemærket at webcalendar, en PHP-baseret -flerbrugerkalender, returnerede forskellige fejlmeddelelser ved loginforsøg pga. -en forkert adgangskode og en ikke-eksisterende bruger, hvilket gjorde det muligt -for fjernangribere at få oplysninger om gyldige brugernavne.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken webcalendar.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.45-4sarge4.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din webcalendar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1056.data" -#use wml::debian::translation-check translation="55071b013cdfa962682f9efcae6ba93571aa2647" mindelta="1" diff --git a/danish/security/2006/dsa-1057.wml b/danish/security/2006/dsa-1057.wml deleted file mode 100644 index b0ec0a6bb61..00000000000 --- a/danish/security/2006/dsa-1057.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Flere sårbarheder i forbindelse med udførelse af skripter på tværs af -websteder er opdaget i phpLDAPadmin, en webbaseret grænseflade til -administrering af LDAP-servere, hvilket gjorde det muligt for fjernangribere at -indsprøjte vilkårlige webskripter eller HTML.

- -

Den gamle stabile distribution (woody) indeholder ikke phpldapadmin-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.9.5-3sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.9.8.3-1.

- -

Vi anbefaler at du opgraderer din phpldapadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1057.data" -#use wml::debian::translation-check translation="5d3d9de4bced28f8cdfbebda9829844119110e85" mindelta="1" diff --git a/danish/security/2006/dsa-1058.wml b/danish/security/2006/dsa-1058.wml deleted file mode 100644 index 9786fa3aa0b..00000000000 --- a/danish/security/2006/dsa-1058.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Hendrik Weimer har opdaget at særligt fremstillede webforespørgsler kunne -få awstats, et ydedigtigt og omfangsriget program til analysering af -weblogfiler, til at udføre vilkårlige kommandoer.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 6.4-1sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.5-2.

- -

Vi anbefaler at du opgraderer din awstats-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1058.data" -#use wml::debian::translation-check translation="5b370964d8533454a6d894d618dbcf04dfad502b" mindelta="1" diff --git a/danish/security/2006/dsa-1059.wml b/danish/security/2006/dsa-1059.wml deleted file mode 100644 index d06d4fd7b93..00000000000 --- a/danish/security/2006/dsa-1059.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - -

Konstantin Gavrilenko har opdaget flere sårbarheder i quagga, -BGP/OSPF/RIP-routingdæmonen. Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-2223 - -

    Fjernangribere kunne få fat i følsomme oplysninger via RIPv1 - REQUEST-pakker, også selvom quagga var opsat til at anvende - MD5-autentificering.

    • - -
  • CVE-2006-2224 - -

    Fjernangribere kunne indsprøjte vilkårlige ruter ved hjælp af - RIPv1 RESPONSE-pakker, også selvom quagga var opsat til at anvende - MD5-autentification.

    • - -
  • CVE-2006-2276 - -

    Fredrik Widell har opdaget at lokale brugere kunne forårsage et - lammelsesangreb (denial of service) i en bestemt sh ip bgp-kommando angivet - via telnet.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke pakker quagga-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.98.3-7.2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.99.4-1.

- -

Vi anbefaler at du opgraderer din quagga-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1059.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1060.wml b/danish/security/2006/dsa-1060.wml deleted file mode 100644 index d2a5d39324d..00000000000 --- a/danish/security/2006/dsa-1060.wml +++ /dev/null @@ -1,23 +0,0 @@ -programmeringsfejl - -

Jan Rekorajski har opdaget at kerne-rettelsen til virtuelle private netværk -ikke begrænser kontekstmulighederne til brugeren root på det virtuelle server, -hvilket kunne føre til rettighedsforøgelse ved nogle virtuel server-specifikke -handlinger.

- -

Den gamle stabile distribution (woody) indeholder ikke -kernel-patch-vserver-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.9.5.6.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.1-4.

- -

Vi anbefaler at du opgraderer din kernel-patch-vserver-pakke og omgående -genopbygger din kerne.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1060.data" -#use wml::debian::translation-check translation="81ed1ff6623d5de6ffd871e62fd2ec4ca4f03bee" mindelta="1" diff --git a/danish/security/2006/dsa-1061.wml b/danish/security/2006/dsa-1061.wml deleted file mode 100644 index 405f45d01f5..00000000000 --- a/danish/security/2006/dsa-1061.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at popfile, et program til bayesisk mailklassificering, kunne -tvinges til at gå ned ved hjælp af misdannede tegnsæt i e-mail-beskeden, hvilket -muliggjorde et lammelsesangreb (denial of service).

- -

Den gamle stabile distribution (woody) indeholder ikke popfile-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.22.2-2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.22.4-1.

- -

Vi anbefaler at du opgraderer din popfile-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1061.data" -#use wml::debian::translation-check translation="21886a4e9fcb635830b5b055a2ff5e6439ac9c6a" mindelta="1" diff --git a/danish/security/2006/dsa-1062.wml b/danish/security/2006/dsa-1062.wml deleted file mode 100644 index 22faf8cb2c1..00000000000 --- a/danish/security/2006/dsa-1062.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker filoprettelse - -

Sven Dreyer har opdaget at KPhone, en "Voice over IP"-klient (tale over IP) -til KDE, oprettede en opsætningsfil så den kunne læses af alle, hvilket kunne -lække følsomme oplysninger som fx SIP-adgangskoder.

- -

Den gamle stabile distribution (woody) indeholder ikke kphone-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.1.0-2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.2-6.

- -

Vi anbefaler at du opgraderer din kphone-pakke. Hvis din nuværende kphonerc -er for slappe rettigheder, skal du manuelt ændre dem.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1062.data" -#use wml::debian::translation-check translation="b9ce84df0080a6c1d0bab1819d6e3b94bfd03225" mindelta="1" diff --git a/danish/security/2006/dsa-1063.wml b/danish/security/2006/dsa-1063.wml deleted file mode 100644 index f742956fb1f..00000000000 --- a/danish/security/2006/dsa-1063.wml +++ /dev/null @@ -1,22 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at avatar-uploadfunktionen i FUD Forum, en komponent hørende -til det webbaserede groupware-system phpgroupware, ikke på tilstrækkelig vis -validerede uploadede filer, hvilket kunne føre til udførelse af indsprøjtet -webskriptkode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.9.14-0.RC3.2.woody6.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.16.005-3.sarge5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.16.009-1.

- -

Vi anbefaler at du opgraderer dine phpgroupware-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1063.data" -#use wml::debian::translation-check translation="4dce983ccc5f5331bf6c99b54209e26a4c3ba4c5" mindelta="1" diff --git a/danish/security/2006/dsa-1064.wml b/danish/security/2006/dsa-1064.wml deleted file mode 100644 index 5a789a4fe53..00000000000 --- a/danish/security/2006/dsa-1064.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Jason Duell har opdaget at cscope, et værktøj til at kigge på kildekode, ikke -kontrollerede længden på filname angivet i include-kommandoer, hvilket -potentielt kunne føre til udførelse af vilkårlig kode ved hjælp af særligt -fremstillede kildekodefiler.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 15.3-1woody3.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 15.5-1.1sarge1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din cscope-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1064.data" -#use wml::debian::translation-check translation="0febf0ad75e03eabdfceebb9b95ccb42dffdd2da" mindelta="1" diff --git a/danish/security/2006/dsa-1065.wml b/danish/security/2006/dsa-1065.wml deleted file mode 100644 index 5e9766c2bae..00000000000 --- a/danish/security/2006/dsa-1065.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Matteo Rosi og Leonardo Maccari har opdaget at hostapd, en -autentifikationsdæmon til wifi-netværk, udførte utilstrækkelige grænsekontroller -på en nøglelængdeværdi, hvilket kunne udnyttes til at få servicen til at gå -ned.

- -

Den gamle stabile distribution (woody) indeholder ikke hostapd-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.3.7-2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.5-1.

- -

Vi anbefaler at du opgraderer din hostapd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1065.data" -#use wml::debian::translation-check translation="21886a4e9fcb635830b5b055a2ff5e6439ac9c6a" mindelta="1" diff --git a/danish/security/2006/dsa-1066.wml b/danish/security/2006/dsa-1066.wml deleted file mode 100644 index e9bc7ef5d0f..00000000000 --- a/danish/security/2006/dsa-1066.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at phpbb2, et webbaserede opslagstavlesystem, ikke på -tilstrækkelig vis kontrollerede værdier angivet i indstillingen "Font Colour 3", -hvilket kunne føre til udførelse af indsprøjtet kode af admin-brugere.

- -

Den gamle stabile distribution (woody) indeholder ikke phpbb2-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.0.13+1-6sarge3.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din phpbb2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1066.data" -#use wml::debian::translation-check translation="21886a4e9fcb635830b5b055a2ff5e6439ac9c6a" mindelta="1" diff --git a/danish/security/2006/dsa-1067.wml b/danish/security/2006/dsa-1067.wml deleted file mode 100644 index fdd41815813..00000000000 --- a/danish/security/2006/dsa-1067.wml +++ /dev/null @@ -1,172 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen. De -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2004-0427 - -

    En lokal lammelsesangrebssårbarhed i do_fork() er fundet.

    • - -
  • CVE-2005-0489 - -

    En lokal lammelsesangrebssårbarhed i proc-hukommelseshåndteringen er - fundet.

    • - -
  • CVE-2004-0394 - -

    Et bufferoverløb i panikhåndteringskoden er fundet.

    • - -
  • CVE-2004-0447 - -

    En lokal lammelsesangrebssårbarhed via en null pointer-dereference i - IA64's proceshåndteringskode er fundet.

    • - -
  • CVE-2004-0554 - -

    En lokal lammelsesangrebssårbarhed via en uendelig løkke i - signalhåndteringskoden er fundet.

    • - -
  • CVE-2004-0565 - -

    En informationslækage i kontekstskifteroden er fundet på - IA64-arkitekturen.

    • - -
  • CVE-2004-0685 - -

    Usikker anvendelse af copy_to_user i USB-drivere kunne afsløre følsomme - oplysninger.

    • - -
  • CVE-2005-0001 - -

    En "race condition" i i386's page fault-håndtering kunne tillade - rettighedsforøgelse.

    • - -
  • CVE-2004-0883 - -

    Flere sårbarheder i SMB-filsystemskoden kunne tillade et lammelsesangreb - eller informationsafsløring.

    • - -
  • CVE-2004-0949 - -

    En informationslækage er opdaget i SMB-filsystemskoden.

    • - -
  • CVE-2004-1016 - -

    En lokal lammelsesangrebssårbarhed er fundet i SCM-laget.

    • - -
  • CVE-2004-1333 - -

    Et heltalsoverløb i terminalkoden kunne tillade en - lammelsesangrebssårbarhed.

    • - -
  • CVE-2004-0997 - -

    En lokal rettighedsforøgelse i MIPS-assemblerkoden er fundet.

    • - -
  • CVE-2004-1335 - -

    En hukommelseslækage i funktionen ip_options_get() kunne føre til et - lammelsesangreb.

    • - -
  • CVE-2004-1017 - -

    Flere overløb blev fundet i driveren io_edgeport, hvilket måske kunne - udnyttes som en angrebsvinkel ved et lammelsesangreb.

    • - -
  • CVE-2005-0124 - -

    Bryan Fulton har rapporteret en grænsekontrolfejl i funktionen - coda_pioctl, hvilket gjorde det muligt for lokale brugere at udføre - vilkårlig kode eller udløse et lammelsesangreb.

    • - -
  • CVE-2003-0984 - -

    Ukorrekt initialisering af RTC kunne afsløre oplysninger.

    • - -
  • CVE-2004-1070 - -

    Utilstrækkelig kontrol af inddata i funktionen load_elf_binary() kunne - føre til rettighedsforøgelse.

    • - -
  • CVE-2004-1071 - -

    Ukorrekt fejlhåndtering i binfmt_elf-loaderen kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2004-1072 - -

    Et bufferoverløb i binfmt_elf-loaderen kunne føre til - rettighedsforøgelse eller et lammelsesangreb.

    • - -
  • CVE-2004-1073 - -

    Funktionen open_exec kunne afsløre oplysninger.

    • - -
  • CVE-2004-1074 - -

    binfmt-koden er sårbar over for et lammelsesangreb ved hjælp af en - misdannet a.out-binær fil.

    • - -
  • CVE-2004-0138 - -

    En lammelsesangrebssårbarhed ELF-loaderen er fundet.

    • - -
  • CVE-2004-1068 - -

    En programmeringsfejl i funktionen unix_dgram_recvmsg() kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2004-1234 - -

    ELF-loaderen var sårbar over for et lammelsesangreb ved hjælp af en - misdannet binær fil.

    • - -
  • CVE-2005-0003 - -

    Særligt fremstillede binære ELF-filer kunne føre til - rettighedsforøgelse, på grund af utilstrækkelig kontrol af overlappende - hukommelsesområder.

    • - -
  • CVE-2004-1235 - -

    En "race condition" i funktionerne load_elf_library() og binfmt_aout() - kunne tillade rettighedsforøgelse.

    • - -
  • CVE-2005-0504 - -

    Et heltalsoverløb i Moxa-driveren kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2005-0384 - -

    En fjernudnytbar lammelsesangrebssårbarhed er fundet i PPP-driveren.

    • - -
  • CVE-2005-0135 - -

    En IA64-specifik lammelsesangrebssårbarhed er fundet i funktionen - unw_unwind_to_user().

    • - -
- -

Følgende matriks forklarer hvilke kerne-versioner til hvilke arkitekturer, der -retter problemerne nævnt ovenfor:

- -
- - - - - -
Debian 3.0 (woody)
Kildekode 2.4.16-1woody2
arm/lart 20040419woody1
arm/netwinder 20040419woody1
arm/riscpc 20040419woody1
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1067.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1068.wml b/danish/security/2006/dsa-1068.wml deleted file mode 100644 index 49be9f3fb7b..00000000000 --- a/danish/security/2006/dsa-1068.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker midlertidig fil - -

Jan Braun har opdaget at fbgs-skriptet i fbi, et billedvisningsprogram til -framebuffer-miljøet, opretter en mappe på en forudsigelig måde, hvilket tillod -et lammelsesangreb (denial of service) ved hjælp af symlink-angreb.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.23woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.01-1.2sarge1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din fbi-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1068.data" -#use wml::debian::translation-check translation="70095cb4f5eaa2f5ad27f78ae5565da30fd0e976" mindelta="1" diff --git a/danish/security/2006/dsa-1069.wml b/danish/security/2006/dsa-1069.wml deleted file mode 100644 index 830076162e9..00000000000 --- a/danish/security/2006/dsa-1069.wml +++ /dev/null @@ -1,176 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen. De -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2004-0427 - -

    En lokal lammelsesangrebssårbarhed i do_fork() er fundet.

    • - -
  • CVE-2005-0489 - -

    En lokal lammelsesangrebssårbarhed i proc-hukommelseshåndteringen er - fundet.

    • - -
  • CVE-2004-0394 - -

    Et bufferoverløb i panikhåndteringskoden er fundet.

    • - -
  • CVE-2004-0447 - -

    En lokal lammelsesangrebssårbarhed via en null pointer-dereference i - IA64's proceshåndteringskode er fundet.

    • - -
  • CVE-2004-0554 - -

    En lokal lammelsesangrebssårbarhed via en uendelig løkke i - signalhåndteringskoden er fundet.

    • - -
  • CVE-2004-0565 - -

    En informationslækage i kontekstskifteroden er fundet på - IA64-arkitekturen.

    • - -
  • CVE-2004-0685 - -

    Usikker anvendelse af copy_to_user i USB-drivere kunne afsløre følsomme - oplysninger.

    • - -
  • CVE-2005-0001 - -

    En "race condition" i i386's page fault-håndtering kunne tillade - rettighedsforøgelse.

    • - -
  • CVE-2004-0883 - -

    Flere sårbarheder i SMB-filsystemskoden kunne tillade et lammelsesangreb - eller informationsafsløring.

    • - -
  • CVE-2004-0949 - -

    En informationslækage er opdaget i SMB-filsystemskoden.

    • - -
  • CVE-2004-1016 - -

    En lokal lammelsesangrebssårbarhed er fundet i SCM-laget.

    • - -
  • CVE-2004-1333 - -

    Et heltalsoverløb i terminalkoden kunne tillade en - lammelsesangrebssårbarhed.

    • - -
  • CVE-2004-0997 - -

    En lokal rettighedsforøgelse i MIPS-assemblerkoden er fundet.

    • - -
  • CVE-2004-1335 - -

    En hukommelseslækage i funktionen ip_options_get() kunne føre til et - lammelsesangreb.

    • - -
  • CVE-2004-1017 - -

    Flere overløb blev fundet i driveren io_edgeport, hvilket måske kunne - udnyttes som en angrebsvinkel ved et lammelsesangreb.

    • - -
  • CVE-2005-0124 - -

    Bryan Fulton har rapporteret en grænsekontrolfejl i funktionen - coda_pioctl, hvilket gjorde det muligt for lokale brugere at udføre - vilkårlig kode eller udløse et lammelsesangreb.

    • - -
  • CVE-2003-0984 - -

    Ukorrekt initialisering af RTC kunne afsløre oplysninger.

    • - -
  • CVE-2004-1070 - -

    Utilstrækkelig kontrol af inddata i funktionen load_elf_binary() kunne - føre til rettighedsforøgelse.

    • - -
  • CVE-2004-1071 - -

    Ukorrekt fejlhåndtering i binfmt_elf-loaderen kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2004-1072 - -

    Et bufferoverløb i binfmt_elf-loaderen kunne føre til - rettighedsforøgelse eller et lammelsesangreb.

    • - -
  • CVE-2004-1073 - -

    Funktionen open_exec kunne afsløre oplysninger.

    • - -
  • CVE-2004-1074 - -

    binfmt-koden er sårbar over for et lammelsesangreb ved hjælp af en - misdannet a.out-binær fil.

    • - -
  • CVE-2004-0138 - -

    En lammelsesangrebssårbarhed ELF-loaderen er fundet.

    • - -
  • CVE-2004-1068 - -

    En programmeringsfejl i funktionen unix_dgram_recvmsg() kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2004-1234 - -

    ELF-loaderen var sårbar over for et lammelsesangreb ved hjælp af en - misdannet binær fil.

    • - -
  • CVE-2005-0003 - -

    Særligt fremstillede binære ELF-filer kunne føre til - rettighedsforøgelse, på grund af utilstrækkelig kontrol af overlappende - hukommelsesområder.

    • - -
  • CVE-2004-1235 - -

    En "race condition" i funktionerne load_elf_library() og binfmt_aout() - kunne tillade rettighedsforøgelse.

    • - -
  • CVE-2005-0504 - -

    Et heltalsoverløb i Moxa-driveren kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2005-0384 - -

    En fjernudnytbar lammelsesangrebssårbarhed er fundet i PPP-driveren.

    • - -
  • CVE-2005-0135 - -

    En IA64-specifik lammelsesangrebssårbarhed er fundet i funktionen - unw_unwind_to_user().

    • - -
- -

Følgende matriks forklarer hvilke kerne-versioner til hvilke arkitekturer, der -retter problemerne nævnt ovenfor:

- -
- - - - - - - - - -
Debian 3.0 (woody)
Kildekode 2.4.18-14.4
Alpha-arkitekturen 2.4.18-15woody1
Intel IA-32-arkitekturen 2.4.18-13.2
HP Precision-arkitekturen 62.4
PowerPC-arkitekturen 2.4.18-1woody6
PowerPC-arkitekturen/XFS 20020329woody1
PowerPC-arkitekturen/benh 20020304woody1
Sun Sparc-arkitekturen 22woody1
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1069.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1070.wml b/danish/security/2006/dsa-1070.wml deleted file mode 100644 index cdc42243f27..00000000000 --- a/danish/security/2006/dsa-1070.wml +++ /dev/null @@ -1,171 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen. De -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2004-0427 - -

    En lokal lammelsesangrebssårbarhed i do_fork() er fundet.

    • - -
  • CVE-2005-0489 - -

    En lokal lammelsesangrebssårbarhed i proc-hukommelseshåndteringen er - fundet.

    • - -
  • CVE-2004-0394 - -

    Et bufferoverløb i panikhåndteringskoden er fundet.

    • - -
  • CVE-2004-0447 - -

    En lokal lammelsesangrebssårbarhed via en null pointer-dereference i - IA64's proceshåndteringskode er fundet.

    • - -
  • CVE-2004-0554 - -

    En lokal lammelsesangrebssårbarhed via en uendelig løkke i - signalhåndteringskoden er fundet.

    • - -
  • CVE-2004-0565 - -

    En informationslækage i kontekstskifteroden er fundet på - IA64-arkitekturen.

    • - -
  • CVE-2004-0685 - -

    Usikker anvendelse af copy_to_user i USB-drivere kunne afsløre følsomme - oplysninger.

    • - -
  • CVE-2005-0001 - -

    En "race condition" i i386's page fault-håndtering kunne tillade - rettighedsforøgelse.

    • - -
  • CVE-2004-0883 - -

    Flere sårbarheder i SMB-filsystemskoden kunne tillade et lammelsesangreb - eller informationsafsløring.

    • - -
  • CVE-2004-0949 - -

    En informationslækage er opdaget i SMB-filsystemskoden.

    • - -
  • CVE-2004-1016 - -

    En lokal lammelsesangrebssårbarhed er fundet i SCM-laget.

    • - -
  • CVE-2004-1333 - -

    Et heltalsoverløb i terminalkoden kunne tillade en - lammelsesangrebssårbarhed.

    • - -
  • CVE-2004-0997 - -

    En lokal rettighedsforøgelse i MIPS-assemblerkoden er fundet.

    • - -
  • CVE-2004-1335 - -

    En hukommelseslækage i funktionen ip_options_get() kunne føre til et - lammelsesangreb.

    • - -
  • CVE-2004-1017 - -

    Flere overløb blev fundet i driveren io_edgeport, hvilket måske kunne - udnyttes som en angrebsvinkel ved et lammelsesangreb.

    • - -
  • CVE-2005-0124 - -

    Bryan Fulton har rapporteret en grænsekontrolfejl i funktionen - coda_pioctl, hvilket gjorde det muligt for lokale brugere at udføre - vilkårlig kode eller udløse et lammelsesangreb.

    • - -
  • CVE-2003-0984 - -

    Ukorrekt initialisering af RTC kunne afsløre oplysninger.

    • - -
  • CVE-2004-1070 - -

    Utilstrækkelig kontrol af inddata i funktionen load_elf_binary() kunne - føre til rettighedsforøgelse.

    • - -
  • CVE-2004-1071 - -

    Ukorrekt fejlhåndtering i binfmt_elf-loaderen kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2004-1072 - -

    Et bufferoverløb i binfmt_elf-loaderen kunne føre til - rettighedsforøgelse eller et lammelsesangreb.

    • - -
  • CVE-2004-1073 - -

    Funktionen open_exec kunne afsløre oplysninger.

    • - -
  • CVE-2004-1074 - -

    binfmt-koden er sårbar over for et lammelsesangreb ved hjælp af en - misdannet a.out-binær fil.

    • - -
  • CVE-2004-0138 - -

    En lammelsesangrebssårbarhed ELF-loaderen er fundet.

    • - -
  • CVE-2004-1068 - -

    En programmeringsfejl i funktionen unix_dgram_recvmsg() kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2004-1234 - -

    ELF-loaderen var sårbar over for et lammelsesangreb ved hjælp af en - misdannet binær fil.

    • - -
  • CVE-2005-0003 - -

    Særligt fremstillede binære ELF-filer kunne føre til - rettighedsforøgelse, på grund af utilstrækkelig kontrol af overlappende - hukommelsesområder.

    • - -
  • CVE-2004-1235 - -

    En "race condition" i funktionerne load_elf_library() og binfmt_aout() - kunne tillade rettighedsforøgelse.

    • - -
  • CVE-2005-0504 - -

    Et heltalsoverløb i Moxa-driveren kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2005-0384 - -

    En fjernudnytbar lammelsesangrebssårbarhed er fundet i PPP-driveren.

    • - -
  • CVE-2005-0135 - -

    En IA64-specifik lammelsesangrebssårbarhed er fundet i funktionen - unw_unwind_to_user().

    • - -
- -

Følgende matriks forklarer hvilke kerne-versioner til hvilke arkitekturer, der -retter problemerne nævnt ovenfor:

- -
- - - - -
Debian 3.0 (woody)
Kildekode 2.4.19-4
Sun Sparc-arkitekturen 26woody1
Little endian MIPS-arkitekturen0.020911.1.woody5
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskine.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1070.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1071.wml b/danish/security/2006/dsa-1071.wml deleted file mode 100644 index 211b9a082d9..00000000000 --- a/danish/security/2006/dsa-1071.wml +++ /dev/null @@ -1,72 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i MySQL, en populær SQL-database. Common -Vulnerabilities and Exposures Project har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2006-0903 - -

    Ukorrekt håndtering af SQL-forespørgsler indeholder NULL-tegnet gjorde - det muligt for lokale brugere at omgå logningsmekanismer.

    • - -
  • CVE-2006-1516 - -

    Brugernavne uden en afsluttende null-byte gjorde det muligt for - fjernangribere at læse dele af hukommelsen.

    • - -
  • CVE-2006-1517 - -

    En forespørgsel med en ukorrekt pakkelængde gjorde det muligt for - fjernangribere at få adgang til følsomme oplysninger.

    • - -
  • CVE-2006-1518 - -

    Særligt fremstillede forespørgselspakker med ugyldige længdeværdier - tillod udførelse af vilkårlig kode.

    - -
- -

Følgende sårbarhedsmatriks viser hvor problemerne er rettet i hvilke -versioner af MySQL og i hvilke distributioner:

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 woodysargesid
mysql3.23.49-8.15n/an/a
mysql-dfsgn/a4.0.24-10sarge2n/a
mysql-dfsg-4.1n/a4.1.11a-4sarge3n/a
mysql-dfsg-5.0n/an/a5.0.21-3
- -

Vi anbefaler at du opgraderer dine mysql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1071.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1072.wml b/danish/security/2006/dsa-1072.wml deleted file mode 100644 index 81f873b9d8f..00000000000 --- a/danish/security/2006/dsa-1072.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i nagios, et system til overvågning og -håndtering af hosts og services, hvilket kunne udnyttes af fjernangribere til -at udføre vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke nagios-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.3-cvs.20050402-2.sarge.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.4-1 and 2.3-1.

- -

Vi anbefaler at du opgraderer din nagios-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1072.data" -#use wml::debian::translation-check translation="908fbef566876813dbbc8ec2961ca64372cdb09a" mindelta="1" diff --git a/danish/security/2006/dsa-1073.wml b/danish/security/2006/dsa-1073.wml deleted file mode 100644 index bbe45ef6c7a..00000000000 --- a/danish/security/2006/dsa-1073.wml +++ /dev/null @@ -1,71 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i MySQL, en populær SQL-database. Common -Vulnerabilities and Exposures Project har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2006-0903 - -

    Ukorrekt håndtering af SQL-forespørgsler indeholder NULL-tegnet gjorde - det muligt for lokale brugere at omgå logningsmekanismer.

    • - -
  • CVE-2006-1516 - -

    Brugernavne uden en afsluttende null-byte gjorde det muligt for - fjernangribere at læse dele af hukommelsen.

    • - -
  • CVE-2006-1517 - -

    En forespørgsel med en ukorrekt pakkelængde gjorde det muligt for - fjernangribere at få adgang til følsomme oplysninger.

    • - -
  • CVE-2006-1518 - -

    Særligt fremstillede forespørgselspakker med ugyldige længdeværdier - tillod udførelse af vilkårlig kode.

    • - -
- -

Følgende sårbarhedsmatriks viser hvor problemerne er rettet i hvilke -versioner af MySQL og i hvilke distributioner:

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 woodysargesid
mysql3.23.49-8.15n/an/a
mysql-dfsgn/a4.0.24-10sarge2n/a
mysql-dfsg-4.1n/a4.1.11a-4sarge3n/a
mysql-dfsg-5.0n/an/a5.0.21-3
-

Vi anbefaler at du opgraderer dine mysql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1073.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1074.wml b/danish/security/2006/dsa-1074.wml deleted file mode 100644 index 8bd1097eb66..00000000000 --- a/danish/security/2006/dsa-1074.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

A. Alejandro Hernández har opdaget en sårbarhed i mpg123, et -kommandolinjeprogram til afspilning af MPEG-lydfiler. Utilstrækkelig kontrol af -MPEG 2.0 layer 3-filer medførte flere bufferoverløb.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.59r-20sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.59r-22.

- -

Vi anbefaler at du opgraderer dine mpg123-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1074.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-1075.wml b/danish/security/2006/dsa-1075.wml deleted file mode 100644 index 11efa3d2838..00000000000 --- a/danish/security/2006/dsa-1075.wml +++ /dev/null @@ -1,26 +0,0 @@ -programmeringsfejl - -

Hendrik Weimer har opdaget at awstats kunne udføre vilkårlig kommandoer -under webserverens brugerid, når brugere havde tilladelse til at angive -vilkårlige opsætningsfiler. Selvom fejlen fejlagtigt blev nævnt i DSA 1058, -var den endnu ikke rettet.

- -

Denne nye standardvirkemåde er ikke at acceptere vilkårlige opsætningsmapper -fra brugeren. Dette kan overtrumfes af miljøvariablen -AWSTATS_ENABLE_CONFIG_DIR, når man stoler på brugerne.

- -

Den gamle stabile distribution (woody) lader ikke til at være påvirket af -dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 6.4-1sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.5-2.

- -

Vi anbefaler at du opgraderer din awstats-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1075.data" -#use wml::debian::translation-check translation="19f098a697632062c3f6ad7ad259ba35857ecb61" mindelta="1" diff --git a/danish/security/2006/dsa-1076.wml b/danish/security/2006/dsa-1076.wml deleted file mode 100644 index b942e30d6be..00000000000 --- a/danish/security/2006/dsa-1076.wml +++ /dev/null @@ -1,23 +0,0 @@ -programmeringsfejl - -

Michal Zalewski har opdaget at lynx, den populære webbrowser til -teksttilstand, ikke forstod ugyldig HTML indeholdende et TEXTAREA-tag'et med en -stor COLS-værdi og et stort tag-navn i et element, som ikke er afsluttet, -hvorved den gik i en uendelig løkke mens den prøvede at fortolke det defekte -HTML.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.8.4.1b-3.4.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.8.5-2sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.8.5-2sarge2.

- -

Vi anbefaler at du opgraderer din lynx-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1076.data" -#use wml::debian::translation-check translation="063f6f5f4237318952304b136b0516b71798c471" mindelta="1" diff --git a/danish/security/2006/dsa-1077.wml b/danish/security/2006/dsa-1077.wml deleted file mode 100644 index fa4fbbb2ca9..00000000000 --- a/danish/security/2006/dsa-1077.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Michal Zalewski har opdaget at lynx, den populære webbrowser til -teksttilstand, ikke forstod ugyldig HTML indeholdende et TEXTAREA-tag med en -stor COLS-værdi og et stort tag-navn i et element, som ikke er afsluttet, -hvorved den gik i en uendelig løkke mens den prøvede at fortolke det defekte -HTML. Den samme kode er også i lynx-ssl.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.8.4.1b-3.3.

- -

Den stabile distribution (sarge) indeholder ikke længere lynx-ssl-pakker.

- -

Den ustabile distribution (sid) indeholder ikke længere lynx-ssl-pakker.

- -

Vi anbefaler at du opgraderer din lynx-ssl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1077.data" -#use wml::debian::translation-check translation="44495baad6a61aebff36955a3be3418961d0da50" mindelta="1" diff --git a/danish/security/2006/dsa-1078.wml b/danish/security/2006/dsa-1078.wml deleted file mode 100644 index e2c7d929809..00000000000 --- a/danish/security/2006/dsa-1078.wml +++ /dev/null @@ -1,21 +0,0 @@ -læsning ud over grænser - -

Andrey Kiselev har opdaget et problem i TIFF-biblioteket, hvilket kunne gøre -det muligt for en angriber med et særligt fremstillet TIFF-billede indeholdende -Yr/Yg/Yb-værdier højere end YCR/YCG/YCB-værdierne, at få biblioteket til at gå -ned (crashe), og dermed det omgivende program.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.7.2-4.

- -

Den ustabile distribution (sid) er ikke påvirket af dette problem.

- -

Vi anbefaler at du opgraderer dine tiff-pakker og genstarter programmer, der -anvender det.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1078.data" -#use wml::debian::translation-check translation="c9c6c0d2be0a5b7f5eeeaa333686bc7347a4cd35" mindelta="1" diff --git a/danish/security/2006/dsa-1079.wml b/danish/security/2006/dsa-1079.wml deleted file mode 100644 index f4de7dc9da5..00000000000 --- a/danish/security/2006/dsa-1079.wml +++ /dev/null @@ -1,72 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i MySQL, en populær SQL-database. Common -Vulnerabilities and Exposures Project har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2006-0903 - -

    Ukorrekt håndtering af SQL-forespørgsler indeholder NULL-tegnet gjorde - det muligt for lokale brugere at omgå logningsmekanismer.

    • - -
  • CVE-2006-1516 - -

    Brugernavne uden en afsluttende null-byte gjorde det muligt for - fjernangribere at læse dele af hukommelsen.

    • - -
  • CVE-2006-1517 - -

    En forespørgsel med en ukorrekt pakkelængde gjorde det muligt for - fjernangribere at få adgang til følsomme oplysninger.

    • - -
  • CVE-2006-1518 - -

    Særligt fremstillede forespørgselspakker med ugyldige længdeværdier - tillod udførelse af vilkårlig kode.

    • - -
- -

Følgende sårbarhedsmatriks viser hvor problemerne er rettet i hvilke -versioner af MySQL og i hvilke distributioner:

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 woodysargesid
mysql3.23.49-8.15n/an/a
mysql-dfsgn/a4.0.24-10sarge2n/a
mysql-dfsg-4.1n/a4.1.11a-4sarge3n/a
mysql-dfsg-5.0n/an/a5.0.21-3
- -

Vi anbefaler at du opgraderer dine mysql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1079.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1080.wml b/danish/security/2006/dsa-1080.wml deleted file mode 100644 index c5ef1ed9fd3..00000000000 --- a/danish/security/2006/dsa-1080.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

Et problem er opdaget i IMAP-komponenten i Dovecot, en sikker mailserver som -understøtter mbox- og maildir-mailboxe, hvilket kunne føre til -informationsafsløring via mappegennemløb af autentificerede brugere.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.99.14-1sarge0.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0beta8-1.

- -

Vi anbefaler at du opgraderer din dovecot-imapd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1080.data" -#use wml::debian::translation-check translation="054d6aa915451335db9afc6cae077cafee7f8a4f" mindelta="1" diff --git a/danish/security/2006/dsa-1081.wml b/danish/security/2006/dsa-1081.wml deleted file mode 100644 index a7b8b049831..00000000000 --- a/danish/security/2006/dsa-1081.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Luigi Auriemma har opdaget et bufferoverløb i behandlingen af ASF-filer i -libextractor, et bibliotek til udtrækning af vilkårlige metadata fra filer, -hvilket kunne føre til udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.4.2-2sarge5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.5.14-1.

- -

Vi anbefaler at du opgraderer dine libextractor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1081.data" -#use wml::debian::translation-check translation="61adf0d4782c5ac3bd21c948361798341dd555ec" mindelta="1" diff --git a/danish/security/2006/dsa-1082.wml b/danish/security/2006/dsa-1082.wml deleted file mode 100644 index 10599a658f7..00000000000 --- a/danish/security/2006/dsa-1082.wml +++ /dev/null @@ -1,175 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen. De -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2004-0427 - -

    En lokal lammelsesangrebssårbarhed i do_fork() er fundet.

    • - -
  • CVE-2005-0489 - -

    En lokal lammelsesangrebssårbarhed i proc-hukommelseshåndteringen er - fundet.

    • - -
  • CVE-2004-0394 - -

    Et bufferoverløb i panikhåndteringskoden er fundet.

    • - -
  • CVE-2004-0447 - -

    En lokal lammelsesangrebssårbarhed via en null pointer-dereference i - IA64's proceshåndteringskode er fundet.

    • - -
  • CVE-2004-0554 - -

    En lokal lammelsesangrebssårbarhed via en uendelig løkke i - signalhåndteringskoden er fundet.

    • - -
  • CVE-2004-0565 - -

    En informationslækage i kontekstskifteroden er fundet på - IA64-arkitekturen.

    • - -
  • CVE-2004-0685 - -

    Usikker anvendelse af copy_to_user i USB-drivere kunne afsløre følsomme - oplysninger.

    • - -
  • CVE-2005-0001 - -

    En "race condition" i i386's page fault-håndtering kunne tillade - rettighedsforøgelse.

    • - -
  • CVE-2004-0883 - -

    Flere sårbarheder i SMB-filsystemskoden kunne tillade et lammelsesangreb - eller informationsafsløring.

    • - -
  • CVE-2004-0949 - -

    En informationslækage er opdaget i SMB-filsystemskoden.

    • - -
  • CVE-2004-1016 - -

    En lokal lammelsesangrebssårbarhed er fundet i SCM-laget.

    • - -
  • CVE-2004-1333 - -

    Et heltalsoverløb i terminalkoden kunne tillade en - lammelsesangrebssårbarhed.

    • - -
  • CVE-2004-0997 - -

    En lokal rettighedsforøgelse i MIPS-assemblerkoden er fundet.

    • - -
  • CVE-2004-1335 - -

    En hukommelseslækage i funktionen ip_options_get() kunne føre til et - lammelsesangreb.

    • - -
  • CVE-2004-1017 - -

    Flere overløb blev fundet i driveren io_edgeport, hvilket måske kunne - udnyttes som en angrebsvinkel ved et lammelsesangreb.

    • - -
  • CVE-2005-0124 - -

    Bryan Fulton har rapporteret en grænsekontrolfejl i funktionen - coda_pioctl, hvilket gjorde det muligt for lokale brugere at udføre - vilkårlig kode eller udløse et lammelsesangreb.

    • - -
  • CVE-2003-0984 - -

    Ukorrekt initialisering af RTC kunne afsløre oplysninger.

    • - -
  • CVE-2004-1070 - -

    Utilstrækkelig kontrol af inddata i funktionen load_elf_binary() kunne - føre til rettighedsforøgelse.

    • - -
  • CVE-2004-1071 - -

    Ukorrekt fejlhåndtering i binfmt_elf-loaderen kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2004-1072 - -

    Et bufferoverløb i binfmt_elf-loaderen kunne føre til - rettighedsforøgelse eller et lammelsesangreb.

    • - -
  • CVE-2004-1073 - -

    Funktionen open_exec kunne afsløre oplysninger.

    • - -
  • CVE-2004-1074 - -

    binfmt-koden er sårbar over for et lammelsesangreb ved hjælp af en - misdannet a.out-binær fil.

    • - -
  • CVE-2004-0138 - -

    En lammelsesangrebssårbarhed ELF-loaderen er fundet.

    • - -
  • CVE-2004-1068 - -

    En programmeringsfejl i funktionen unix_dgram_recvmsg() kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2004-1234 - -

    ELF-loaderen var sårbar over for et lammelsesangreb ved hjælp af en - misdannet binær fil.

    • - -
  • CVE-2005-0003 - -

    Særligt fremstillede binære ELF-filer kunne føre til - rettighedsforøgelse, på grund af utilstrækkelig kontrol af overlappende - hukommelsesområder.

    • - -
  • CVE-2004-1235 - -

    En "race condition" i funktionerne load_elf_library() og binfmt_aout() - kunne tillade rettighedsforøgelse.

    • - -
  • CVE-2005-0504 - -

    Et heltalsoverløb i Moxa-driveren kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2005-0384 - -

    En fjernudnytbar lammelsesangrebssårbarhed er fundet i PPP-driveren.

    • - -
  • CVE-2005-0135 - -

    En IA64-specifik lammelsesangrebssårbarhed er fundet i funktionen - unw_unwind_to_user().

    • - -
- -

Følgende matriks forklarer hvilke kerne-versioner til hvilke arkitekturer, der -retter problemerne nævnt ovenfor:

- -
- - - - - - - - -
Debian 3.1 (sarge)
Kildekode 2.4.17-1woody4
HP Precision-arkitekturen 32.5
Intel IA-64-arkitekturen 011226.18
IBM S/390-arkitekturen/image2.4.17-2.woody.5
IBM S/390-arkitekturen/patch0.0.20020816-0.woody.4
PowerPC-arkitekturen (apus) 2.4.17-6
MIPS-arkitekturen 2.4.17-0.020226.2.woody7
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke and reboot -the machine.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1082.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1083.wml b/danish/security/2006/dsa-1083.wml deleted file mode 100644 index 8e63bcb2d23..00000000000 --- a/danish/security/2006/dsa-1083.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Mehdi Oudad og Kevin Fernandez har opdaget et bufferoverløb i -ktools-biblioteket som anvendes i motor, et integreret udviklingsmiljø til C, -C++ og Java, hvilket kunne føre til at lokale angribere kunne udføre vilkårlig -kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 3.2.2-2woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.4.0-2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.4.0-6.

- -

Vi anbefaler at du opgraderer din motor-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1083.data" -#use wml::debian::translation-check translation="a9f35abf9e0700ad8bf451283d93138dea156a76" mindelta="1" diff --git a/danish/security/2006/dsa-1084.wml b/danish/security/2006/dsa-1084.wml deleted file mode 100644 index 27361969a70..00000000000 --- a/danish/security/2006/dsa-1084.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Niko Tyni har opdaget et bufferoverløb i behandlingen af netværksdata i -typespeed, et spil til afprøvning og forbedring af tastehastigehden, hvilket -kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.4.1-2.4.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.4.4-8sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.4.4-10.

- -

Vi anbefaler at du opgraderer dine typespeed-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1084.data" -#use wml::debian::translation-check translation="b93f7a5ec77890f58b8116522b5b766df5915145" mindelta="1" diff --git a/danish/security/2006/dsa-1085.wml b/danish/security/2006/dsa-1085.wml deleted file mode 100644 index 6236c16e26d..00000000000 --- a/danish/security/2006/dsa-1085.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i lynx, den populære webbrowser til -teksttilstand. Common Vulnerabilities and Exposures Project har fundet frem -til følgende sårbarheder:

- -
    - -
  • CVE-2004-1617 - -

    Michal Zalewski har opdaget at lynx ikke forstod ugyldig HTML - indeholdende et TEXTAREA-tag med en stor COLS-værdi og et stort tag-navn i - et element, som ikke er afsluttet, hvorved den gik i en uendelig løkke mens - den prøvede at fortolke det defekte HTML.

    - -
  • CVE-2005-3120 - -

    Ulf Härnhammar har opdaget et bufferoverløb, som kan fjernudnyttes. Ved - håndteringen af asiatiske tegn mens en forbindelse til en NNTP-server blev - etableret, kunne lynx narres til at skrive ud over en buffers grænse, - hvilket kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 2.8.5-2.5woody1.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.8.6-9sarge1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din lynx-cur-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1085.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1086.wml b/danish/security/2006/dsa-1086.wml deleted file mode 100644 index f1f12f601e1..00000000000 --- a/danish/security/2006/dsa-1086.wml +++ /dev/null @@ -1,22 +0,0 @@ -designfejl - -

xmcdconfig opretter mapper, der er skrivbare for alle, hvilket gør det muligt -for lokale brugere at fylde partitionerne /usr og /var op, og dermed forårsage -et lammelsesangreb (denial of service). Problemet har været halv-rettet siden -version 2.3-1.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.6-14woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.6-17sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.6-18.

- -

Vi anbefaler at du opgraderer din xmcd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1086.data" -#use wml::debian::translation-check translation="49484f5487e742df42e6a7d0f6bfade566bd06fd" mindelta="1" diff --git a/danish/security/2006/dsa-1087.wml b/danish/security/2006/dsa-1087.wml deleted file mode 100644 index aa287967dc3..00000000000 --- a/danish/security/2006/dsa-1087.wml +++ /dev/null @@ -1,46 +0,0 @@ -programmeringsfejl - -

Flere indkodningsproblemer er opdaget i PostgreSQL, en populær SQL-database. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2006-2313 - -

    Akio Ishida og Yasuo Ohgaki har opdaget en svaghed i håndteringen af - ugyldigt indkodet multibyte-tekstdata, hvilket kunne gøre det muligt for en - angriber at indsprøjte vilkårlige SQL-kommandoer.

    • - -
  • CVE-2006-2314 - -

    Et lignende problem findes i indkodningen på klientsiden (så som SJIS, - BIG5, GBK, GB18030 og UHC), der indeholder gyldige multibyte-tegn, som - slutter med en bagudrettet skråstreg (backslash). En angriber kunne levere - en særligt fremstillet bytesekvens, som kunne indsprøjte vilkårlige - SQL-kommandoer.

    - -

    Problemet påvirker dig ikke, hvis du kun anvender indkodning som er enkelt-byte - (som i SQL_ASCII eller ISO-8859-X-familien) eller upåvirket multibyte (som - UTF-8).

    - -

    psycopg og python-pgsql anvender den gamle indkodning til binære data og - skal måske opdateres.

    • - -
- -

Den gamle stabile distribution (woody) er sårbar over for disse problemer, men -vi har ikke mulighed for at rette pakken.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 7.4.7-6sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 7.4.13-1.

- -

Vi anbefaler at du opgraderer dine postgresql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1087.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1088.wml b/danish/security/2006/dsa-1088.wml deleted file mode 100644 index 131def73aaa..00000000000 --- a/danish/security/2006/dsa-1088.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Mehdi Oudad og Kevin Fernandez har opdaget et bufferoverløb i -ktools-biblioteket, som anvendes i centericq, et tekstbaseret chatprogram som -understøtter flere forskellige protokoller, hvilket kunne føre til at lokal -eller fjernangribere kunne udføre vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 4.5.1-1.1woody2.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.20.0-1sarge4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.21.0-6.

- -

Vi anbefaler at du opgraderer din centericq-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1088.data" -#use wml::debian::translation-check translation="7b16b38341f4b66737e75ee2b01e861cfa30c9f3" mindelta="1" diff --git a/danish/security/2006/dsa-1089.wml b/danish/security/2006/dsa-1089.wml deleted file mode 100644 index b2beb5b11dd..00000000000 --- a/danish/security/2006/dsa-1089.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

Flere problemer er opdaget i freeradius, en højtydende RADIUS-server, som kan -opsættes på et utal af måder. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-4744 - -

    SuSE-efterforskere har fundet flere forskud med én-fejl, hvilket kunne - gøre det muligt for fjernangribere at forårsage et lammelsesangreb (denial of - service) og muligvis udføre vilkårlig kode.

    • - -
  • CVE-2006-1354 - -

    På grund af utilstrækkelig kontrol af inddata, var det muligt for - fjernangribere at omgå autentificering eller forårsage et - lammelsesangreb.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke denne pakke.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.2-4sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.1.0-1.2.

- -

Vi anbefaler at du opgraderer din freeradius-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1089.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1090.wml b/danish/security/2006/dsa-1090.wml deleted file mode 100644 index 0133ce6f98a..00000000000 --- a/danish/security/2006/dsa-1090.wml +++ /dev/null @@ -1,26 +0,0 @@ -programmeringsfejl - -

En sårbarhed er opdaget i SpamAssassin, et Perl-baseret spamfilter anvendende -tekstanalyse, hvilket kunne gøre det muligt for fjernangribere at udføre -vilkårlige kommandoer. Problemet påvirker kun systemer, hvor spamd er -tilgængelig via internet og anvendes sammen med vpopmail-virtuelle brugere via -kommandoen "-v" / "--vpopmail", og med kommandoen "-P" / "--paranoid", der ikke -er opsat som standard i Debian.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.0.3-2sarge1.

- -

I arkivet volatile til den stabile distribution (sarge) er dette problem -rettet i version 3.1.0a-0volatile3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.1.3-1.

- -

Vi anbefaler at du opgraderer din spamd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1090.data" -#use wml::debian::translation-check translation="046fcb7a2ab255a42d9a58f165bd4f90d5abc48f" mindelta="1" diff --git a/danish/security/2006/dsa-1091.wml b/danish/security/2006/dsa-1091.wml deleted file mode 100644 index 51a864d13ed..00000000000 --- a/danish/security/2006/dsa-1091.wml +++ /dev/null @@ -1,36 +0,0 @@ -bufferoverløb - -

Flere problemer er opdaget i TIFF-biblioteket. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-2193 - -

    SuSE har opdaget et bufferoverløb i konverteringen af TIFF-filer til - PDF-dokumenter, hvilket kunne udnyttes når tiff2pdf blev anvendt i for - eksempel et printerfilter.

    • - -
  • CVE-2006-2656 - -

    Kommandoen tiffsplit i TIFF-biblioteket indeholdt et bufferoverløb i - kommandolinjehåndteringen, hvilket kunne udnyttes når programmet blev - udført automatisk på ukendte filnavne.

    • - -
- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 3.5.5-7woody2.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.7.2-5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.8.2-4.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1091.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1092.wml b/danish/security/2006/dsa-1092.wml deleted file mode 100644 index ea72ba9dcae..00000000000 --- a/danish/security/2006/dsa-1092.wml +++ /dev/null @@ -1,24 +0,0 @@ -programmeringsfejl - -

Josh Berkus og Tom Lane har opdaget at MySQL 4.1, en populær SQL-database, -på ukorrekt vis fortolkede en streng indkapslet med mysql_real_escape(), hvilket -kunne føre til SQL-indsprøjtning. Problemet findes ikke i versionerne 4.1 og -5.0.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.1.11a-4sarge4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 5.0.21-4.

- -

Version 4.0 i den stabile distribution (sarge), er ikke på virket af dette -problem.

- -

Vi anbefaler at du opgraderer dine mysql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1092.data" -#use wml::debian::translation-check translation="62448fa10e5960a7efc5964155a327d5d0fc9f5d" mindelta="1" diff --git a/danish/security/2006/dsa-1093.wml b/danish/security/2006/dsa-1093.wml deleted file mode 100644 index 2886d657340..00000000000 --- a/danish/security/2006/dsa-1093.wml +++ /dev/null @@ -1,19 +0,0 @@ -formatstreng - -

Flere formatstrengssårbarheder er opdaget i xine-ui, videoafspiller xines -brugergrænseflade, hvilket kan forårsage et lammelsesangreb (denial of -service).

- -

Den gamle stabile distribution (woody) er ikke påvirket af disse problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.99.3-1sarge1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din xine-ui-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1093.data" -#use wml::debian::translation-check translation="c39aa849f8b06e7bec9b253caf77ba75648ab04e" mindelta="1" diff --git a/danish/security/2006/dsa-1094.wml b/danish/security/2006/dsa-1094.wml deleted file mode 100644 index ecc183b060f..00000000000 --- a/danish/security/2006/dsa-1094.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Joxean Koret har opdaget flere sårbarheder i forbindelse med udførelse af -skripter på tværs af websteder (cross-site scripting) i Gforge, en -programpakke til onlinesamarbejde om programudvikling, hvilket gjorde det -muligt at indspøjte webskriptkode.

- -

Den gamle stabile distribution (woody) indeholder ikke gforge-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.1-31sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.1-31sarge1.

- -

Vi anbefaler at du opgraderer din gforge-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1094.data" -#use wml::debian::translation-check translation="c4421d0e8b513d227b3157a219c5c9a35b8de068" mindelta="1" diff --git a/danish/security/2006/dsa-1095.wml b/danish/security/2006/dsa-1095.wml deleted file mode 100644 index 74b3f2c7692..00000000000 --- a/danish/security/2006/dsa-1095.wml +++ /dev/null @@ -1,43 +0,0 @@ -heltalsoverløb - -

Flere problemer er opdaget i FreeType 2-skripttypemaskinen. Projektet -Common vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-0747 - -

    Flere heltalsunderløb er opdaget, hvilket kunne gøre det muligt for - fjernangribere at forårsage et lammelsesangreb (denial of service).

    • - -
  • CVE-2006-1861 - -

    Chris Evans har opdaget flere heltalsoverløb, der kunne føre til et - lammelsesangreb eller muligvis endda føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2006-2493 - -

    Flere andre heltalsoverløb er opdaget, hvilket måske kunne føre til - udførelse af vilkårlige kode.

    • - -
  • CVE-2006-2661 - -

    En null-pointerdereference kunne forårsage et lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 2.0.9-1woody1.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.1.7-2.5.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet

- -

Vi anbefaler at du opgraderer dine libfreetype-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1095.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1096.wml b/danish/security/2006/dsa-1096.wml deleted file mode 100644 index 8dce6eb0e88..00000000000 --- a/danish/security/2006/dsa-1096.wml +++ /dev/null @@ -1,20 +0,0 @@ -uinitialiseret variabel - -

En sårbarhed er opdaget i webcalendar, en PHP-baseret flerbrugkalender, -hvilket gjorde det muligt for en fjernangriber at udføre vilkårlig PHP-kode når -register_globals er slået til.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken webcalendar.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.45-4sarge5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.4-1

- -

Vi anbefaler at du opgraderer din webcalendar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1096.data" -#use wml::debian::translation-check translation="cfc1b1526a7228d6bddf579ffe86ecacdb77ce12" mindelta="1" diff --git a/danish/security/2006/dsa-1097.wml b/danish/security/2006/dsa-1097.wml deleted file mode 100644 index 7c39cf12615..00000000000 --- a/danish/security/2006/dsa-1097.wml +++ /dev/null @@ -1,164 +0,0 @@ -flere sårbarheder - - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen. De -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2006-0038 - -

    "Solar Designer" har opdaget at aritmetiske beregninger i netfilters - funktion do_replace() kunne føre til et bufferoverløb og udførelse af - vilkårlig kode. Dog kræver handlingen CAP_NET_ADMIN-rettigheder, hvilket - kun er et problem i virtualiseringssystemer eller fint opdelte - adgangskontrolsystemer.

    • - -
  • CVE-2006-0039 - -

    "Solar Designer" har opdaget en "race condition" i netfilters funktion - do_add_counters(), hvilket tillod informationsafsløring af kernehukommelse - ved at udnytte en race condition. Som - CVE-2006-0038, - krævede det CAP_NET_ADMIN-rettigheder.

    • - -
  • CVE-2006-0741 - -

    Intel EM64T-systemer var sårbare over for et lokalt lammelsesangreb - (DoS), på grund af en uendelig rekursiv fejl, relateret til en dårlig - ELF-adgangsadresse.

    • - -
  • CVE-2006-0742 - -

    Funktionen die_if_kernel() var ukorrekt erklæret som "returnerer - aldrig", hvilket kunne udnyttes af en lokal angriber medførende et - kernenedbrud (crash).

    • - -
  • CVE-2006-1056 - -

    AMD64-maskiner (og andre 7.- og 8.-generations AuthenticAMD-processorer) - har vist sig at være sårbare over for et en lækage af følsomme oplysninger, - på grund af hvordan de håndterer gemning og hentning af x87-registrene FOP, - FIP og FDP i FXSAVE/FXRSTOR, når en undtagelse ventede. Dette gjorde det - muligt for en proces at finde "state"-dele af flydende komma-instruktioners - hørende til andre processor.

    • - -
  • CVE-2006-1242 - -

    Marco Ivaldi har opdaget at der var en utilsigtet informationsafsløring, - hvilket gjorde det muligt for fjernangribere at omgå beskyttelser mod - Idle Scans (nmap -sI) ved at misbruge id-feltet i IP-pakker og omgå - IP-id'er indeholdende nul i DF-pakkemodforholdsregler. Dette var et - resultat af at funktionen ip_push_pending_frames ukorrekt talte - IP-id-feltet op, når den sendte en RST efter at have modtaget uopfordrede - TCP SYN-ACK-pakker.

    • - -
  • CVE-2006-1343 - -

    Pavel Kankovsky rapporterede om tilstedeværelsen af en potentiel - informationslækage, som følge af at sin.sin_zero i IPv4-socketkoden ikke - blev initialiseret.

    • - -
  • CVE-2006-1368 - -

    Shaun Tancheff har opdaget et bufferoverløb (grænsekontrolfejl) i - implementeringen af USB Gadget RNDIS, hvilket gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (DoS). Ved oprettelsen af - en svarmeddelese, allokerede driveren hukommelse til svardataene, men ikke - til svarstrukturen. Kernen udførte ikke tilstrækkelige grænsekontroller af - brugerleverede data, før de blev kopieret til en for lille - hukommelsesbuffer. Angribere kunne få systemet til at crashe eller - muligvis udføre vilkårlig maskinkode.

    • - -
  • CVE-2006-1524 - -

    Hugh Dickins har opdaget et problem i funktionen madvise_remove(), hvori - fil- og mmap-begrænsninger ikke blev overholdt, hvilket gjorde det muligt - for lokale brugere at omgå IPC-tilladelser og udskifte dele kun læsbare - tmpfs-filer med nuller.

    • - -
  • CVE-2006-1525 - -

    Alexandra Kossovsky rapporterer om en NULL-pointerdereference-tilstand i - ip_route_input(), der kunne udløses af en lokal bruger ved at bede om en - rute til en multicast IP-adresse, medførende et lammelsesangreb - (panik).

    • - -
  • CVE-2006-1857 - -

    Vlad Yasevich rapporterer et problem med datavalidering i - SCTP-undersystemet, der kunne gøre det muligt for en fjernbruger at få en - buffer til at løbeover ved at anvende en dårligt formateret HB-ACK-chunk, - medførende et lammelsesangreb.

    • - -
  • CVE-2006-1858 - -

    Vlad Yasevich rapporterede en fejl i grænsekontrolkoden i - SCTP-undersystemet, der kunne gøre det muligt for fjernangribere at udløse - et lammelsesangreb, når afrundede parameterlænger blev anvendt til at - beregne parameterlængder i stedet for de virkelige værdier.

    • - -
  • CVE-2006-1864 - -

    Mark Mosely har opdaget at man kunne bryde ud af chroots der befinder - sig på en SMB-share, ved hjælp af særligt fremstillede - "cd"-sekvenser.

    • - -
  • CVE-2006-2271 - -

    "Mu security team" har opdaget at omhyggeligt fremstillede ECNE-chunks - kunne forårsage et kernecrash, ved at tilgå ukorrekte stabile state-poster - i SCTP-netværksundersystemet, hvilket tillod et lammelsesangreb.

    • - -
  • CVE-2006-2272 - -

    "Mu security team" har opdaget at fragmenterede SCTP-kontrolchunks kunne - udløse kernepanik, hvilket tillod lammelsesangreb.

    • - -
  • CVE-2006-2274 - -

    Man har opdaget at SCTP-pakker med to indledende bundtede datapakker - kunne føre til en uendelig løkke, hvilket tillod lammelsesangreb.

    • - -
- -

Følgende matriks forklarer hvilke kerne-versioner til hvilke arkitekturer, der -retter problemerne nævnt ovenfor:

- -
- - - - - - - - - - - - -
Debian 3.1 (sarge)
Kildekode 2.4.27-10sarge3
Alpha-arkitekturen 2.4.27-10sarge3
ARM-arkitekturen 2.4.27-2sarge3
Intel IA-32-arkitekturen 2.4.27-10sarge3
Intel IA-64-arkitekturen 2.4.27-10sarge3
Motorola 680x0-arkitekturen 2.4.27-3sarge3
Big endian MIPS 2.4.27-10.sarge3.040815-1
Little endian MIPS 2.4.27-10.sarge3.040815-1
PowerPC-arkitekturen 2.4.27-10sarge3
IBM S/390-arkitekturen 2.4.27-2sarge3
Sun Sparc-arkitekturen 2.4.27-9sarge3
- -

Følgende matriks opremser yderligere pakker, der blev genopbygget af -kompatibilitetshensyn som følge af denne opdatering, eller for at drage fordel -af den:

- -
- - - - - -
Debian 3.1 (sarge)
fai-kerneler 1.9.1sarge2
kernel-image-2.4.27-speakup 2.4.27-1.1sarge2
mindi-kernen 2.4.27-2sarge2
systemimager 3.2.3-6sarge2
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har opbygget en skræddersyet kerne fra kernekildekodenpakken, -skal du genopbygge den for at drage nytte af disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1097.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1098.wml b/danish/security/2006/dsa-1098.wml deleted file mode 100644 index da8068950f3..00000000000 --- a/danish/security/2006/dsa-1098.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Michael Marek har opdaget at webapplikationsframeworket Horde udfører -utilstrækkelig kontrol af inddata, hvilket kunne føre til indsprøjtning af -webskriptkode via udførelse af scripter på tværs af websteder (cross-site -scripting).

- -

Den gamle stabile distribution (woody) indeholder ikke horde3-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.0.4-4sarge4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.1.1-3.

- -

Vi anbefaler at du opgraderer din horde3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1098.data" -#use wml::debian::translation-check translation="895abda2291d2e9fab5973bc921fccaf2f2f1e09" mindelta="1" diff --git a/danish/security/2006/dsa-1099.wml b/danish/security/2006/dsa-1099.wml deleted file mode 100644 index 3025bda2a4a..00000000000 --- a/danish/security/2006/dsa-1099.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Michael Marek har opdaget at webapplikationsframeworket Horde udfører -utilstrækkelig kontrol af inddata, hvilket kunne føre til indsprøjtning af -webskriptkode via udførelse af scripter på tværs af websteder (cross-site -scripting).

- -

Den gamle stabile distribution (woody) indeholder ikke horde2-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.2.8-1sarge3.

- -

Den ustabile distribution (sid) indeholder ikke længere horde2-pakker.

- -

Vi anbefaler at du opgraderer din horde2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1099.data" -#use wml::debian::translation-check translation="a6ec1f62ceff74169c375c2632ab63080c114d31" mindelta="1" diff --git a/danish/security/2006/dsa-1100.wml b/danish/security/2006/dsa-1100.wml deleted file mode 100644 index 67b5112b7c1..00000000000 --- a/danish/security/2006/dsa-1100.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

En grænsekontrolfejl er opdaget i wv2, et bibliotek der tilgår Microsoft -Word-dokumenter, hvilket kunne føre til et heltalsoverløb under behandling af -Word-filer.

- -

Den gamle stabile distribution (woody) indeholder ikke wv2-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.2.2-1sarge1

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libwv-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1100.data" -#use wml::debian::translation-check translation="54372e1681011e110298c582446e67d9eb7e45d2" mindelta="1" diff --git a/danish/security/2006/dsa-1101.wml b/danish/security/2006/dsa-1101.wml deleted file mode 100644 index 6a9d4fd47f2..00000000000 --- a/danish/security/2006/dsa-1101.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

En fejl er opdaget i Courier Mail Server, hvilket kunne medføre at et antal -processer brugte vilkårlige mængder CPU-kraft.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.37.3-2.9.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.47-4sarge5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.53.2-1.

- -

Vi anbefaler at du opgraderer dine courier-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1101.data" -#use wml::debian::translation-check translation="46eb3e75ea6b991f74204cc9fb50606a2a2c0a67" mindelta="1" diff --git a/danish/security/2006/dsa-1102.wml b/danish/security/2006/dsa-1102.wml deleted file mode 100644 index 1345aff790a..00000000000 --- a/danish/security/2006/dsa-1102.wml +++ /dev/null @@ -1,20 +0,0 @@ -designfejl - -

Steve Kemp fra Debian Security Audit-projektet har opdaget at pinball, en -pinball-simulator, kunne narres til at indlæse niveau-plugin'er fra -brugerkontrollerede mapper, uden at smide rettigheder væk.

- -

Den gamle stabile distribution (woody) indeholder ikke denne pakke.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.3.1-3sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.3.1-6.

- -

Vi anbefaler at du opgraderer din pinball-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1102.data" -#use wml::debian::translation-check translation="e313cf52513e0ee4771b2d817836d75e2cb0c36e" mindelta="1" diff --git a/danish/security/2006/dsa-1103.wml b/danish/security/2006/dsa-1103.wml deleted file mode 100644 index c6dd0b3e2e6..00000000000 --- a/danish/security/2006/dsa-1103.wml +++ /dev/null @@ -1,210 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen. De -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2005-3359 - -

    Franz Filz har opdaget at nogle socket-kald tillod at der opstod - inkonsistente referenceoptællinger på loadbare moduler, hvilket gjorde det - muligt for lokale brugere at forårsage et lammelsesangreb.

    • - -
  • CVE-2006-0038 - -

    "Solar Designer" har opdaget at aritmetiske beregninger i netfilters - funktion do_replace() kunne føre til et bufferoverløb og udførelse af - vilkårlig kode. Dog kræver handlingen CAP_NET_ADMIN-rettigheder, hvilket - kun er et problem i virtualiseringssystemer eller fint opdelte - adgangskontrolsystemer.

    • - -
  • CVE-2006-0039 - -

    "Solar Designer" har opdaget en "race condition" i netfilters funktion - do_add_counters(), hvilket tillod informationsafsløring af kernehukommelse - ved at udnytte en race condition. Som - CVE-2006-0038, - krævede det CAP_NET_ADMIN-rettigheder.

    • - -
  • CVE-2006-0456 - -

    David Howells har opdaget at s390-assemblyversionen af funktionen - strnlen_user() ukorrekt returnerer nogle strengstørrelsesværdier.

    • - -
  • CVE-2006-0554 - -

    Man har opdaget at funktionen ftruncate() i XFS kunne blotlægge - uallokerede blokke, hvilket muliggjorde informationsafsløring af tidligere - slettede filer.

    • - -
  • CVE-2006-0555 - -

    Man har opdaget at nogle NFS-filhandlinger på handles mountet med - O_DIRECT kunne tvinge kernen til at gå ned (crash).

    • - -
  • CVE-2006-0557 - -

    Man har opdaget at koden til opsætning af hukommelsespolicies gjorde det - muligt at narre kernen til at gå ned, og dermed muliggjorde et - lammelsesangreb.

    • - -
  • CVE-2006-0558 - -

    Cliff Wickman har opdaget at perfmon til IA64-arkitekturen gjorde det - muligt for brugere at udløse en BUG()-assert, hvilket muliggjorde et - lammelsesangreb.

    • - -
  • CVE-2006-0741 - -

    Intel EM64T-systemer var sårbare over for et lokalt lammelsesangreb - (DoS), på grund af en uendelig rekursiv fejl, relateret til en dårlig - ELF-adgangsadresse.

    • - -
  • CVE-2006-0742 - -

    Funktionen die_if_kernel() var ukorrekt erklæret som "returnerer - aldrig", hvilket kunne udnyttes af en lokal angriber medførende et - kernenedbrud (crash).

    • - -
  • CVE-2006-0744 - -

    Linuxkernen håndterede ikke korrekt ukanoniske returadresser på Intel - EM64T-cpu'er, rapporerende exeptions i SYSRET i stedet for den næste - instruktion, hvilket fik en kerne-exceptionhandler til at køre på - brugerstakken med den forkerte GS. Dette kunne medføre et lammelsesangreb - på grund af en lokal brugere kunne ændre frames.

    • - -
  • CVE-2006-1056 - -

    AMD64-maskiner (og andre 7.- og 8.-generations AuthenticAMD-processorer) - har vist sig at være sårbare over for et en lækage af følsomme oplysninger, - på grund af hvordan de håndterer gemning og hentning af x87-registrene FOP, - FIP og FDP i FXSAVE/FXRSTOR, når en undtagelse ventede. Dette gjorde det - muligt for en proces at finde "state"-dele af flydende komma-instruktioners - hørende til andre processor.

    • - -
  • CVE-2006-1242 - -

    Marco Ivaldi har opdaget at der var en utilsigtet informationsafsløring, - hvilket gjorde det muligt for fjernangribere at omgå beskyttelser mod - Idle Scans (nmap -sI) ved at misbruge id-feltet i IP-pakker og omgå - IP-id'er indeholdende nul i DF-pakkemodforholdsregler. Dette var et - resultat af at funktionen ip_push_pending_frames ukorrekt talte - IP-id-feltet op, når den sendte en RST efter at have modtaget uopfordrede - TCP SYN-ACK-pakker.

    • - -
  • CVE-2006-1368 - -

    Shaun Tancheff har opdaget et bufferoverløb (grænsekontrolfejl) i - implementeringen af USB Gadget RNDIS, hvilket gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (DoS). Ved oprettelsen af - en svarmeddelese, allokerede driveren hukommelse til svardataene, men ikke - til svarstrukturen. Kernen udførte ikke tilstrækkelige grænsekontroller af - brugerleverede data, før de blev kopieret til en for lille - hukommelsesbuffer. Angribere kunne få systemet til at crashe eller - muligvis udføre vilkårlig maskinkode.

    • - -
  • CVE-2006-1523 - -

    Oleg Nesterov har rapporteret om et usikkert BUG_ON-kald i signal.c, - hvilket blev introduceret af RCU-signalhåndteringen. BUG_ON-koden er - beskyttet af siglock, mens koden i switch_exit_pids() anvender - tasklist_lock. Det var måske muligt for lokale brugere at udnytte dette - til at iværksætte et lammelsesangreb.

    • - -
  • CVE-2006-1524 - -

    Hugh Dickins har opdaget et problem i funktionen madvise_remove(), hvori - fil- og mmap-begrænsninger ikke blev overholdt, hvilket gjorde det muligt - for lokale brugere at omgå IPC-tilladelser og udskifte dele kun læsbare - tmpfs-filer med nuller.

    • - -
  • CVE-2006-1525 - -

    Alexandra Kossovsky rapporterer om en NULL-pointerdereference-tilstand i - ip_route_input(), der kunne udløses af en lokal bruger ved at bede om en - rute til en multicast IP-adresse, medførende et lammelsesangreb - (panik).

    • - -
  • CVE-2006-1857 - -

    Vlad Yasevich rapporterede et problem med datavalidering i - SCTP-undersystemet, der kunne gøre det muligt for en fjernbruger at få en - buffer til at løbeover ved at anvende en dårligt formateret HB-ACK-chunk, - medførende et lammelsesangreb.

    • - -
  • CVE-2006-1858 - -

    Vlad Yasevich rapporterede en fejl i grænsekontrolkoden i - SCTP-undersystemet, der kunne gøre det muligt for fjernangribere at udløse - et lammelsesangreb, når afrundede parameterlænger blev anvendt til at - beregne parameterlængder i stedet for de virkelige værdier.

    • - -
  • CVE-2006-1863 - -

    Mark Mosely har opdaget at chroots der befinder sig på en CIFS-share - kunne undslippes med særligt udførte "cd"-sekvenser.

    • - -
  • CVE-2006-1864 - -

    Mark Mosely har opdaget at man kunne bryde ud af chroots der befinder - sig på en SMB-share, ved hjælp af særligt udførte "cd"-sekvenser.

    • - -
  • CVE-2006-2271 - -

    "Mu security team" har opdaget at omhyggeligt fremstillede ECNE-chunks - kunne forårsage et kernecrash, ved at tilgå ukorrekte stabile state-poster - i SCTP-netværksundersystemet, hvilket tillod et lammelsesangreb.

    • - -
  • CVE-2006-2272 - -

    "Mu security team" har opdaget at fragmenterede SCTP-kontrolchunks kunne - udløse kernepanik, hvilket tillod lammelsesangreb.

    • - -
  • CVE-2006-2274 - -

    Man har opdaget at SCTP-pakker med to indledende bundtede datapakker - kunne føre til en uendelig løkke, hvilket tillod lammelsesangreb.

    • - -
- -

Følgende matriks forklarer hvilke kerne-versioner til hvilke arkitekturer, der -retter problemerne nævnt ovenfor:

- -
- - - - - - - - - - -
Debian 3.1 (sarge)
Kildekode 2.6.8-16sarge3
Alpha-arkitekturen 2.6.8-16sarge3
HP Precision-arkitekturen 2.6.8-6sarge3
Intel IA-32-arkitekturen 2.6.8-16sarge3
Intel IA-64-arkitekturen 2.6.8-14sarge3
Motorola 680x0-arkitekturen 2.6.8-4sarge3
PowerPC-arkitekturen 2.6.8-12sarge3
IBM S/390-arkitekturen 2.6.8-5sarge3
Sun Sparc-arkitekturen 2.6.8-15sarge3
- -

På grund af tekniske problemer kunne de opbyggede amd64-pakker ikke -behandles arkivskriptet. Når problemet er løst, vil en opdateret DSA 1103-2 -blive udsendt med checksummerne til amd64.

- -

Følgende matriks opremser yderligere pakker, der blev genopbygget af -kompatibilitetshensyn som følge af denne opdatering, eller for at drage fordel -af den:

- -
- - -
Debian 3.1 (sarge)
fai-kernels 1.9.1sarge2
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har opbygget en skræddersyet kerne fra kernekildekodenpakken, -skal du genopbygge den for at drage nytte af disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1103.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1104.wml b/danish/security/2006/dsa-1104.wml deleted file mode 100644 index 8c78a01818b..00000000000 --- a/danish/security/2006/dsa-1104.wml +++ /dev/null @@ -1,54 +0,0 @@ -flere sårbarheder - -

Indlæsning af misdannede XML-dokumenter kunne forårsage bufferoverløb i -OpenOffice.org, en fri kontorpakke, samt forårsage et lammelsesangreb (denial -of service) eller udførelse af vilkårlig kode. Det har vist sig at rettelsen i -DSA 1104-1 ikke var tilstrækkelig, derfor en ny opdatering. For -fuldstændighedens skyld er herunder den oprindelige bulletins tekst:

- -
-

Flere sårbarheder er opdaget i OpenOffice.org, en fri kontorpakke. Common -Vulnerabilities and Exposures Project har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2006-2198 - -

    Det har vist sig at være muligt, at indlejre vilkårlige BASIC-makroer i - dokumenter, på en måde så OpenOffice.org ikke kunne se dem, men kørte dem - alligevel uden brugerindgriben.

    • - -
  • CVE-2006-2199 - -

    Det var muligt at undgå Java-sandkassen med særligt fremstillede - Java-applets.

    • - -
  • CVE-2006-3117 - -

    Indlæsning af misdannede XML-dokumenter kunne forårsage bufferoverløb og - forårsage et lammelsesangreb (denial of service) eller udføre vilkårlig - kode.

    - -
- -

I denne opdatering er Mozilla-komponenten slået fra, hvorfor -Mozilla/LDAP-adressebogsfunktionen ikke længere fungerer. Det virkede heller -ikke på andet end i386 på sarge.

-
- -

Den gamle stabile distribution (woody) indeholder ikke -OpenOffice.org-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.1.3-9sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.3-1.

- -

Vi anbefaler at du opgraderer dine OpenOffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1104.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1105.wml b/danish/security/2006/dsa-1105.wml deleted file mode 100644 index cde734bea47..00000000000 --- a/danish/security/2006/dsa-1105.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Federico L. Bossi Bonin har opdaget et bufferoverløb i HTTP Plugin i -xine-lib, video-/medieafspilningsbiblioteket xine, der kunne gøre det muligt for -en fjernangriber at forårsage et lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.9.8-2woody5.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.1-1sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.1.1-2.

- -

Vi anbefaler at du opgraderer dine libxine-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1105.data" -#use wml::debian::translation-check translation="a4b815800ea91548f23febf6f2a6e293ac90997b" mindelta="1" diff --git a/danish/security/2006/dsa-1106.wml b/danish/security/2006/dsa-1106.wml deleted file mode 100644 index 6123f5d3892..00000000000 --- a/danish/security/2006/dsa-1106.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmersingfejl - -

Marcus Meissner har opdaget at webbind-plugin'en i pppd ikke kontrollerer -om et setuid()-kald har haft succes, når rettighedernes forsøges smidt væk, -hvilket kunne fejle ved nogle PAM-opsætninger.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.4.3-20050321+2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.4.4rel-1.

- -

Vi anbefaler at du opgraderer din ppp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1106.data" -#use wml::debian::translation-check translation="70c4ad816a89a9d7c207788f46a51733beabb5a8" mindelta="1" diff --git a/danish/security/2006/dsa-1107.wml b/danish/security/2006/dsa-1107.wml deleted file mode 100644 index 6823b4bf52b..00000000000 --- a/danish/security/2006/dsa-1107.wml +++ /dev/null @@ -1,22 +0,0 @@ -heltalsoverløb - -

Evgeny Legerov har opdaget at gnupg, GNU privacy guard, en frit tilgængelig -PGP-erstatning, havde et heltalsoverløb der kunne forårsage en -segmenteringsfejl og muligvis overskrive hukommelse gennem en stor -brugerid-streng.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.0.6-4woody6.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.4.1-1.sarge4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.4.3-2.

- -

Vi anbefaler at du opgraderer din gnupg-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1107.data" -#use wml::debian::translation-check translation="e4156ce61f4484abec0407c2629fc564d7400f42" mindelta="1" diff --git a/danish/security/2006/dsa-1108.wml b/danish/security/2006/dsa-1108.wml deleted file mode 100644 index 49aa30c4f4b..00000000000 --- a/danish/security/2006/dsa-1108.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Man har opdaget at maillæseren mutt udfører utilstrækkelig kontrol af -værdier der returnes fra en IMAP-server, hvilket kunne få en buffer til at -løbe over og potentielt føre til indsprøjtning af vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.5.9-2sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.5.11+cvs20060403-2.

- -

Vi anbefaler at du opgraderer din mutt-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1108.data" -#use wml::debian::translation-check translation="076556af2ddd82711181a480d385bcfc02a804bf" mindelta="1" diff --git a/danish/security/2006/dsa-1109.wml b/danish/security/2006/dsa-1109.wml deleted file mode 100644 index 4d2ce42cd35..00000000000 --- a/danish/security/2006/dsa-1109.wml +++ /dev/null @@ -1,18 +0,0 @@ -programmeringsfejl - -

Russ Allbery har opdaget at rssh, en begrænset (restricted) shell, udførte -utilstrækkelige kontrol af indkommende kommandoer, hvilket kunne føre til -omgåelse af adgangsbegrænsninger..

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.2.3-1.sarge.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.3.0-1.1.

- -

Vi anbefaler at du opgraderer din rssh-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1109.data" -#use wml::debian::translation-check translation="2745d95074276a33adc3760a1e9a0f80105f939e" mindelta="1" diff --git a/danish/security/2006/dsa-1110.wml b/danish/security/2006/dsa-1110.wml deleted file mode 100644 index de670865522..00000000000 --- a/danish/security/2006/dsa-1110.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

Gerald Carter har opdaget at smbd-dæmonen fra Samba, en fri implementering af -protokollen SMB/CIFS, pålagde utilstrækkelige begrænsninger i koden, der -håndterede delte forbindelser, hvilket kunne udnyttes til at opbruge -systemhukommelse ved at sende ondsindet fremstillede forespørgsler, førende til -et lammelsesangreb (denial of service).

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.0.14a-3sarge2.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din samba-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1110.data" -#use wml::debian::translation-check translation="2745d95074276a33adc3760a1e9a0f80105f939e" mindelta="1" diff --git a/danish/security/2006/dsa-1111.wml b/danish/security/2006/dsa-1111.wml deleted file mode 100644 index af4aa70f24b..00000000000 --- a/danish/security/2006/dsa-1111.wml +++ /dev/null @@ -1,35 +0,0 @@ -race-tilstand - -

Man har opdaget at en race-tilstand i proces-filsystemet kunne føre til -rettighedsforøgelse.

- -

Følgende matriks forklarer hvilken kerneversion til hvilken arkitektur, -der retter ovennævnte problem:

- -
- - - - - - - - - - - - -
Debian 3.1 (sarge)
Kildekode 2.6.8-16sarge4
Alpha-arkitekturen 2.6.8-16sarge4
AMD64-arkitekturen 2.6.8-16sarge4
Intel IA-32-arkitekturen2.6.8-16sarge4
Intel IA-64-arkitekturen2.6.8-14sarge4
PowerPC-arkitekturen 2.6.8-12sarge4
Sun Sparc-arkitekturen 2.6.8-15sarge4
IBM S/390 2.6.8-5sarge4
Motorola 680x0 2.6.8-4sarge4
HP Precision 2.6.8-6sarge3
FAI 1.9.1sarge3
- -

Den oprindelige bulletin manglende opbygninger til arkitekturerne IBM S/390, -Motorola 680x0 og HP Precision, som nu stilles til rådighed. Desuden er -kernerne til FAI-installeringsprogrammet blevet opdateret.

- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har opbygget en skræddersyet kerne fra kernekildekodenpakken, -skal du genopbygge den for at drage nytte af disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1111.data" -#use wml::debian::translation-check translation="b657fd9bb95c93c952599e28e714f0cb3739a0d0" mindelta="1" diff --git a/danish/security/2006/dsa-1112.wml b/danish/security/2006/dsa-1112.wml deleted file mode 100644 index ed52e86d67b..00000000000 --- a/danish/security/2006/dsa-1112.wml +++ /dev/null @@ -1,32 +0,0 @@ -flere sårbarheder - -

Flere lokale sårbarheder er opdaget i MySQL-databaseserveren, hvilket kunne -føre til lammelsesangreb (denial of service). Projektet Common Vulnerabilities -and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-3081 - -

    "Kanatoko" har opdaget at serveren kunne bringes til at gå ned, ved at - sende NULL-værdier til funktionen str_to_date().

    • - -
  • CVE-2006-3469 - -

    Jean-David Maillefer har opdaget at serveren kunne bringes til at gå ned - med særligt fremstillede kald af funktionen date_format().

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4.1.11a-4sarge5.

- -

Den ustabile distribution (sid) indeholder ikke længere MySQL 4.1-pakker. -MySQL 5.0 fra sid er ikke påvirket.

- -

Vi anbefaler at du opgraderer dine mysql-dfsg-4.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1112.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1113.wml b/danish/security/2006/dsa-1113.wml deleted file mode 100644 index 033679d450d..00000000000 --- a/danish/security/2006/dsa-1113.wml +++ /dev/null @@ -1,17 +0,0 @@ -programmeringsfejl - -

Man har opdaget at webapplikationsserveren Zope tillod læseadgang til -vilkårlige sider på serveren, hvis en bruger havde rettigheder til at redigere -"restructured text"-sider.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.7.5-2sarge2.

- -

Den ustabile distribution (sid) indeholder ikke længere Zope 2.7-pakker.

- -

Vi anbefaler at du opgraderer din zope2.7-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1113.data" -#use wml::debian::translation-check translation="6d942f26f1cc6bc7a19ca1f102c6ecb01eb0815b" mindelta="1" diff --git a/danish/security/2006/dsa-1114.wml b/danish/security/2006/dsa-1114.wml deleted file mode 100644 index 7967c4716e9..00000000000 --- a/danish/security/2006/dsa-1114.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Andreas Seltenreich har opdaget et bufferoverløb i hashcash, et system til -frankeringsbetaling af e-mail, som er baseret på hash-kalkulationer, hvilket -kunne gøre det muligt for angribere at udføre vilkårlig kode via særligt -fremstillede poster.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.17-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.21-1.

- -

Vi anbefaler at du opgraderer din hashcash-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1114.data" -#use wml::debian::translation-check translation="b864ddb3883b24e3f16bffa284c09ac4113bae15" mindelta="1" diff --git a/danish/security/2006/dsa-1115.wml b/danish/security/2006/dsa-1115.wml deleted file mode 100644 index 0c1dd9b5ee2..00000000000 --- a/danish/security/2006/dsa-1115.wml +++ /dev/null @@ -1,18 +0,0 @@ -heltalsoverløb - -

Evgeny Legerov har opdaget at gnupg, GNU privacy guard, en fri implementering -af PGP, indeholdt et heltalsoverløb der kunne forårsage en segmenteringsfejl og -muligvis overskrive hukommelse via en stor brugerid-streng.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.4.1-1.sarge4 af GnuPG og i version 1.9.15-6sarge1 af GnuPG2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.4.3-2 af GnuPG, en rettelse til GnuPG2 er på vej.

- -

Vi anbefaler at du opgraderer din gnupg-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1115.data" -#use wml::debian::translation-check translation="d67630ed90207755c3bc59dcc33822ea7ba032d5" mindelta="1" diff --git a/danish/security/2006/dsa-1116.wml b/danish/security/2006/dsa-1116.wml deleted file mode 100644 index 9a395ad7f33..00000000000 --- a/danish/security/2006/dsa-1116.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Henning Makholm har opdaget et bufferoverløb i XCF-indlæsningskoden i Gimp, -et billedredigeringsprogram. Åbning af et særligt fremstillet XCF-billede kunne -få programmet til at udføre vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.2.6-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.2.11-3.1.

- -

Vi anbefaler at du opgraderer din gimp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1116.data" -#use wml::debian::translation-check translation="68f608828fd108908e4efcd74272fad2058c7c62" mindelta="1" diff --git a/danish/security/2006/dsa-1117.wml b/danish/security/2006/dsa-1117.wml deleted file mode 100644 index 61a5212e0c6..00000000000 --- a/danish/security/2006/dsa-1117.wml +++ /dev/null @@ -1,18 +0,0 @@ -utilstrækkelig kontrol af inddata - -

Man har opdaget at GD-grafikbiblioteket udførte utilstrækklige kontroller af -validiteten af GIF-billeder, hvilket kunne føre til lammelsesangreb (denial of -service) ved at narre programmet ind i en uendelig løkke.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.0.33-1.1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.33-5.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1117.data" -#use wml::debian::translation-check translation="8f0b58b6fc05c2c8faad23a0daecdbfde6d217b1" mindelta="1" diff --git a/danish/security/2006/dsa-1118.wml b/danish/security/2006/dsa-1118.wml deleted file mode 100644 index 6791c8cb57d..00000000000 --- a/danish/security/2006/dsa-1118.wml +++ /dev/null @@ -1,115 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2006-1942 - -

    Eric Foley har opdaget at en bruger kunne narres til at blotlægge en - lokal fil til en fjernangriber, ved at vise en lokal fil som et billede i - forbindelse med andre sårbarheder. [MFSA-2006-39]

    • - -
  • CVE-2006-2775 - -

    XUL-attributter er forbundet med forkerte URL'er under visse - omstændigheder, hvilket kunne gøre det muligt for fjernangribere at omgå - begrænsninger. [MFSA-2006-35]

    • - -
  • CVE-2006-2776 - -

    Paul Nickerson har opdaget at content-defined-sættere på en - objektprototype, blev kaldt af priviligeret brugergrænsefladekode, og - moz_bug_r_a4 demonstrerede at den højere rettighedsgrad kunne sendes - videre til den content-defined-angrebskode. [MFSA-2006-37]

    • - -
  • CVE-2006-2777 - -

    En sårbarhed gjorde det muligt for fjernangribere at udføre vilkårlig - kode og oprette beskeder, der udføres i en priviligeret kontekst. - [MFSA-2006-43]

    • - -
  • CVE-2006-2778 - -

    Mikolaj Habryn har opdaget et bufferoverløb i funktionen crypto.signText, - der gjorde det muligt for fjernangribere at udføre vilkårlig kode via visse - valgfrie Certificate Authority-navneparametre. [MFSA-2006-38]

    • - -
  • CVE-2006-2779 - -

    Mozilla-teammedlemmer har opdaget flere nedbrud under test af - browsermaskinen, som viste tegn på hukommelseskorrpution hvilket også kunne - føre til udførelse af vilkårlig kode. Dette problem er kun delvis rettet. - [MFSA-2006-32]

    • - -
  • CVE-2006-2780 - -

    Et heltalsoverløb gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (denial of service) og kunne gøre det muligt at udføre - vilkårlig kode. [MFSA-2006-32]

    • - -
  • CVE-2006-2781 - -

    Masatoshi Kimura har opdaget en dobbelt frigivelsessårbarhed, der gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb og muligvis - udføre vilkårlig kode via et VCard. [MFSA-2006-40]

    • - -
  • CVE-2006-2782 - -

    Chuck McAuley har opdaget at en tekstindtastningsboks kunne forudfyldes - med et filnavn, og dernæst ændres til en filoplægningskontrol, hvilket - gjorde det muligt for et ondsindet websted at stjæle enhver lokal fil hvis - navn de kunne gætte. [MFSA-2006-41, MFSA-2006-23, - CVE-2006-1729]

    • - -
  • CVE-2006-2783 - -

    Masatoshi Kimura har opdaget at Unicode Byte-order-Mark (BOM) fjernes fra - UTF-8-sider under en konvertering til Unicode, før fortolkeren ser websiden, - hvilket gjorde det muligt for fjernangribere at iværksætte angreb i - forbindelse med udførelse af skripter på tværs af websteder (cross site - scripting, XSS). [MFSA-2006-42]

    • - -
  • CVE-2006-2784 - -

    Paul Nickerson har opdaget at rettelsen til - CVE-2005-0752 - kunne omgås ved hjælp af nestede JavaScript:-URL'er, hvilket gjorde det - muligt for fjernangribere at udføre priviligeret kode. [MFSA-2005-34, - MFSA-2006-36]

    • - -
  • CVE-2006-2785 - -

    Paul Nickerson demonstrerede at, hvis en angriber kunne overbevise en - bruger om at højreklikke på et ødelagt billede og vælge View Image fra - kontekstmenu, kunne vedkommende dernæst køre JavaScript. - [MFSA-2006-34]

    • - -
  • CVE-2006-2786 - -

    Kazuho Oku har opdaget at Mozillas lemfældige håndtering af - HTTP-headersyntaks kunne gøre det muligt for fjernangribere at narre - browseren til at fortolke visse svar som om de var svar fra to forskellige - websteder. [MFSA-2006-33]

    • - -
  • CVE-2006-2787 - -

    Mozilla-efterforskeren moz_bug_r_a4 har opdaget at JavaScript der køres - gennem EvalInSandbox, kun undslippe sandkassen og opnå forøgede rettigheder. - [MFSA-2006-31]

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.7.8-1sarge7.1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.7.13-0.3.

- -

Vi anbefaler at du opgraderer dine Mozilla-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1118.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1119.wml b/danish/security/2006/dsa-1119.wml deleted file mode 100644 index b031388d435..00000000000 --- a/danish/security/2006/dsa-1119.wml +++ /dev/null @@ -1,19 +0,0 @@ -designfejl - -

Akira Tanaka har opdaget en sårbarhed i Hiki Wiki, en wiki-maskine skrevet i -Ruby, hvilket gjorde det muligt for angribere at forårsage et lammelsesangreb -(denial of service) via højt CPU-forbrug ved at udføre en diff mellem store og -særligt fremstillede wiki-sider.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.6.5-2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.8.6-1.

- -

Vi anbefaler at du opgraderer din hiki-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1119.data" -#use wml::debian::translation-check translation="0ffe2ac8e152c33ae8b54e87dfe2628a9df94166" mindelta="1" diff --git a/danish/security/2006/dsa-1120.wml b/danish/security/2006/dsa-1120.wml deleted file mode 100644 index 71926e9ae01..00000000000 --- a/danish/security/2006/dsa-1120.wml +++ /dev/null @@ -1,110 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Several security related problems have been discovered in Mozilla. -The Common Vulnerabilities and Exposures project identifies the -following vulnerabilities:

- -
    - -
  • CVE-2006-1942 - -

    Eric Foley har opdaget at en bruger kunne narres til at blotlægge en - lokal fil til en fjernangriber, ved at vise en lokal fil som et billede i - forbindelse med andre sårbarheder. [MFSA-2006-39]

    • - -
  • CVE-2006-2775 - -

    XUL-attributter er forbundet med forkerte URL'er under visse - omstændigheder, hvilket kunne gøre det muligt for fjernangribere at omgå - begrænsninger. [MFSA-2006-35]

    • - -
  • CVE-2006-2776 - -

    Paul Nickerson har opdaget at content-defined-sættere på en - objektprototype, blev kaldt af priviligeret brugergrænsefladekode, og - "moz_bug_r_a4" demonstrerede at den højere rettighedsgrad kunne sendes - videre til den content-defined-angrebskode. [MFSA-2006-37]

    • - -
  • CVE-2006-2777 - -

    En sårbarhed gjorde det muligt for fjernangribere at udføre vilkårlig - kode og oprette beskeder, der udføres i en priviligeret kontekst. - [MFSA-2006-43]

    • - -
  • CVE-2006-2778 - -

    Mikolaj Habryn har opdaget et bufferoverløb i funktionen crypto.signText, - der gjorde det muligt for fjernangribere at udføre vilkårlig kode via visse - valgfrie Certificate Authority-navneparametre. [MFSA-2006-38]

    • - -
  • CVE-2006-2779 - -

    Mozilla-teammedlemmer har opdaget flere nedbrud under test af - browsermaskinen, som viste tegn på hukommelseskorrpution hvilket også kunne - føre til udførelse af vilkårlig kode. Dette problem er kun delvis rettet. - [MFSA-2006-32]

    • - -
  • CVE-2006-2780 - -

    Et heltalsoverløb gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (denial of service) og kunne gøre det muligt at udføre - vilkårlig kode. [MFSA-2006-32]

    • - -
  • CVE-2006-2782 - -

    Chuck McAuley har opdaget at en tekstindtastningsboks kunne forudfyldes - med et filnavn, og dernæst ændres til en filoplægningskontrol, hvilket - gjorde det muligt for et ondsindet websted at stjæle enhver lokal fil hvis - navn de kunne gætte. [MFSA-2006-41, MFSA-2006-23, - CVE-2006-1729]

    • - -
  • CVE-2006-2783 - -

    Masatoshi Kimura har opdaget at Unicode Byte-order-Mark (BOM) fjernes fra - UTF-8-sider under en konvertering til Unicode, før fortolkeren ser websiden, - hvilket gjorde det muligt for fjernangribere at iværksætte angreb i - forbindelse med udførelse af skripter på tværs af websteder (cross site - scripting, XSS). [MFSA-2006-42]

    • - -
  • CVE-2006-2784 - -

    Paul Nickerson har opdaget at rettelsen til - CVE-2005-0752 - kunne omgås ved hjælp af nestede JavaScript:-URL'er, hvilket gjorde det - muligt for fjernangribere at udføre priviligeret kode. [MFSA-2005-34, - MFSA-2006-36]

    • - -
  • CVE-2006-2785 - -

    Paul Nickerson demonstrerede at, hvis en angriber kunne overbevise en - bruger om at højreklikke på et ødelagt billede og vælge "View Image" fra - kontekstmenu, kunne vedkommende dernæst køre JavaScript. - [MFSA-2006-34]

    • - -
  • CVE-2006-2786 - -

    Kazuho Oku har opdaget at Mozillas lemfældige håndtering af - HTTP-headersyntaks kunne gøre det muligt for fjernangribere at narre - browseren til at fortolke visse svar som om de var svar fra to forskellige - websteder. [MFSA-2006-33]

    • - -
  • CVE-2006-2787 - -

    Mozilla-efterforskeren "moz_bug_r_a4" har opdaget at JavaScript der køres - gennem EvalInSandbox, kun undslippe sandkassen og opnå forøgede rettigheder. - [MFSA-2006-31]

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.4-2sarge9.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.5.dfsg+1.5.0.4-1.

- -

Vi anbefaler at du opgraderer dine Mozilla Firefox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1120.data" diff --git a/danish/security/2006/dsa-1121.wml b/danish/security/2006/dsa-1121.wml deleted file mode 100644 index a4744b3b58f..00000000000 --- a/danish/security/2006/dsa-1121.wml +++ /dev/null @@ -1,21 +0,0 @@ -formatstrengsårbarhed - -

Peter Bieringer har opdaget at postgrey, en implementering af grålistning til -Postfix, var sårbar over for en formatstrengsangreb, der gjorde det muligt for -fjernangribere at forårsage et lammelsesangreb (denial of service) i dæmonen.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.21-1sarge1.

- -

I den stabile distribution (sarge) er problemet også rettet i version -1.21-1volatile4 i arkivet volatile.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.22-1.

- -

Vi anbefaler at du opgraderer din postgrey-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1121.data" -#use wml::debian::translation-check translation="1b6c2f24e58a399c9664d43d2ee533f6153fb512" mindelta="1" diff --git a/danish/security/2006/dsa-1122.wml b/danish/security/2006/dsa-1122.wml deleted file mode 100644 index 0a425d360ed..00000000000 --- a/danish/security/2006/dsa-1122.wml +++ /dev/null @@ -1,20 +0,0 @@ -formatstrengsårbarhed - -

Peter Bieringer har opdaget at funktionen "log" i Perl-modulet Net::Server, -en udvidbar generel Perl-servermaskine, ikke var sikker over for -formatstrengudnyttelser.

- -

Den gamle stabile distribution (woody) indeholder ikke denne pakke.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.87-3sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.89-1.

- -

Vi anbefaler at du opgraderer din libnet-server-perl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1122.data" -#use wml::debian::translation-check translation="164a6a38f1a152566ad8172ac34d33995a5dfcfa" mindelta="1" diff --git a/danish/security/2006/dsa-1123.wml b/danish/security/2006/dsa-1123.wml deleted file mode 100644 index 2479c899833..00000000000 --- a/danish/security/2006/dsa-1123.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Luigi Auriemma har opdaget at DUMB, et tracker-musikbibliotek, udførte -utilstrækkelig kontrol af værdier overført fra IT-musikfiler, hvilket kunne -føre til et bufferoverløb og udførelse af vilkårlig kode, hvis manipulerede -filer blev læst.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.2-6.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.3-5.

- -

Vi anbefaler at du opgraderer dine libdumb-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1123.data" -#use wml::debian::translation-check translation="4e05c81cbe77a19ad1264049515edaebe2ca8ba4" mindelta="1" diff --git a/danish/security/2006/dsa-1124.wml b/danish/security/2006/dsa-1124.wml deleted file mode 100644 index 01b54b2d962..00000000000 --- a/danish/security/2006/dsa-1124.wml +++ /dev/null @@ -1,18 +0,0 @@ -slåfejl - -

Toth Andras har opdaget at programmet fbgs der viser PostScript/PDF-filer -vha. framebufferen, indeholdt en slåfejl, der forhindrede det påtænkte filter -mod ondsindede PostScript-kommandoer i at virke korrekt. Det kunne føre til -sletning af brugerdata ved visning af en PostScript-fil.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.01-1.2sarge2.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din fbi-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1124.data" -#use wml::debian::translation-check translation="4e05c81cbe77a19ad1264049515edaebe2ca8ba4" mindelta="1" diff --git a/danish/security/2006/dsa-1125.wml b/danish/security/2006/dsa-1125.wml deleted file mode 100644 index efc06d78b50..00000000000 --- a/danish/security/2006/dsa-1125.wml +++ /dev/null @@ -1,51 +0,0 @@ -flere sårbarheder - -

Opdateringen af Drupal i DSA 1125 indeholdt en regression. Denne opdatering -retter disse fejl. For fuldstændighedens skyld er herunder den oprindelige -bulletins tekst:

- -

Flere fjernudnytbare sårbarheder er opdaget i webstedsplatformen Drupal, -hvilket kunne føre til udførelse af vilkårlige webskripter. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-2742 - -

    En SQL-indsprøjtningssårbarhed er opdaget i variablerne "count" og - "from" i databasegrænsefladen.

    • - -
  • CVE-2006-2743 - -

    Flere fil-extensions blev håndteret ukorrekt hvis Drupal kørte på - Apache med mod_mime aktiveret.

    • - -
  • CVE-2006-2831 - -

    En variant af \ - CVE-2006-2743 er der desuden blevet taget hånd om.

    • - -
  • CVE-2006-2832 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (cross site scripting) i uploadmodulet, er opdaget.

    • - -
  • CVE-2006-2833 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder i taksonomimodulet, er opdaget.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4.5.3-6.1sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.5.8-1.1.

- -

Vi anbefaler at du opgraderer dine drupal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1125.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1126.wml b/danish/security/2006/dsa-1126.wml deleted file mode 100644 index 0410e4d17ef..00000000000 --- a/danish/security/2006/dsa-1126.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Et problem er opdaget i IAX2-kanaldrivprogrammet i Asterisk, et open -source-værktøj til lokal omstilling og telefoni, hvilket kunne gøre det muligt -for en fjernangriber at forårsage et nedbred i Asterisk-serveren.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.7.dfsg.1-2sarge3.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1126.data" -#use wml::debian::translation-check translation="f60d9ffce8659481dac1441c3fe5e6ee7a719146" mindelta="1" diff --git a/danish/security/2006/dsa-1127.wml b/danish/security/2006/dsa-1127.wml deleted file mode 100644 index 7c2871eec8a..00000000000 --- a/danish/security/2006/dsa-1127.wml +++ /dev/null @@ -1,46 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er op daget i Ethereal-netværkssnuseren, -hvilket kunne føre til udførelse af vilkårlig kode. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-3628 - -

    Ilja van Sprundel har opdaget at FW-1- og MQ-dissektorerne var - sårbare over for formatstrengsangreb.

    • - -
  • CVE-2006-3629 - -

    Ilja van Sprundel har opdaget at MOUNT-dissektoren var sårbar over for - lammelsesangreb (denial of service) gennem hukommelseforbrug.

    • - -
  • CVE-2006-3630 - -

    Ilja van Sprundel har opdaget et forskudt med én-overløb i NCP NMAS- og - NDPS-dissektorerne.

    • - -
  • CVE-2006-3631 - -

    Ilja van Sprundel har opdaget et bufferoverløb i NFS-dissektoren.

    • - -
  • CVE-2006-3632 - -

    Ilja van Sprundel har opdaget at SSH-dissektoren var sårbar over for et - lammelsesangreb gennem en uendelig løkke.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.10.10-2sarge6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.99.2-1 af wireshark, snuseren tidligere kendt som ethereal.

- -

Vi anbefaler at du opgraderer dine ethereal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1127.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1128.wml b/danish/security/2006/dsa-1128.wml deleted file mode 100644 index 5c8c1864dad..00000000000 --- a/danish/security/2006/dsa-1128.wml +++ /dev/null @@ -1,17 +0,0 @@ -rettighedsfejl - -

Yan Rong Ge har opdaget forkerte rettigheder på en delt hukommelsesside i -heartbeat, et undersystem til High-Availability Linux, kunne udnyttes af en -lokal angriber til at forårsage et lammelsesangreb (denial of service).

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.2.3-9sarge5.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine heartbeat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1128.data" -#use wml::debian::translation-check translation="1da9fa47138b542908eaa5a9fa7b1614a1dc81e1" mindelta="1" diff --git a/danish/security/2006/dsa-1129.wml b/danish/security/2006/dsa-1129.wml deleted file mode 100644 index c764fa1d403..00000000000 --- a/danish/security/2006/dsa-1129.wml +++ /dev/null @@ -1,20 +0,0 @@ -formatstrengsfejl - -

Ulf Härnhammar og Max Vozeler fra Debians Security Audit Project har fundet -flere formatstrengssikkerhedsfejl i osiris, et netværksomspændende -kontrolgrænseflade til overvågning af systemintegritet. En fjernangriber kunne -udnytte fejlene og forårsage et lammelsesangreb (denial of service) eller udføre -vilkårlig kode.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4.0.6-1sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.2.0-2.

- -

Vi anbefaler at du opgraderer dine osiris-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1129.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-1130.wml b/danish/security/2006/dsa-1130.wml deleted file mode 100644 index b8cdbb4ec68..00000000000 --- a/danish/security/2006/dsa-1130.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

En sårbarhed i forbindelse med udførelse af skripter på tværs af websteder -(cross-site scripting) er opdaget i sitebar, et webbaseret program skrevet i -PHP til håndtering af bogmærker, hvilket gjorde det muligt for fjernangribere -at indsprøjte vilkårlige webskripter eller HTML.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.2.6-7.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.3.8-1.1.

- -

Vi anbefaler at du opgraderer din sitebar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1130.data" -#use wml::debian::translation-check translation="8c0b1c7d09a57e6cd3b8b2e5bb2581a6d3faadfe" mindelta="1" diff --git a/danish/security/2006/dsa-1131.wml b/danish/security/2006/dsa-1131.wml deleted file mode 100644 index 829e5820292..00000000000 --- a/danish/security/2006/dsa-1131.wml +++ /dev/null @@ -1,16 +0,0 @@ -bufferoverløb - -

Mark Dowd har opdaget et bufferoverløb i mod_rewrite-komponenten i apache, -en alsidig og højtydende HTTP-server. I nogle situationer kunne en -fjernangriber udnytte dette til at udføre vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i version 1.3.33-6sarge2.

- -

I den ustabile distribution (sid) vil dette problem snarest blive rettet.

- -

Vi anbefaler at du opgraderer din apache-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1131.data" -#use wml::debian::translation-check translation="534afb9dc9ed4e72b64b1a122642966705afd03a" mindelta="1" diff --git a/danish/security/2006/dsa-1132.wml b/danish/security/2006/dsa-1132.wml deleted file mode 100644 index 2bea6233b3b..00000000000 --- a/danish/security/2006/dsa-1132.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Mark Dowd har opdaget et bufferoverløb i mod_rewrite-komponenten i apache, -en alsidig og højtydende HTTP-server. I nogle situationer kunne en -fjernangriber udnytte dette til at udføre vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.0.54-5sarge1.

- -

I den ustabile distribution (sid) vil dette problem snarest blive rettet.

- -

Vi anbefaler at du opgraderer din apache2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1132.data" -#use wml::debian::translation-check translation="a7f733e7d3b425ed80d6c0ba6d72c3f18c85fe8c" mindelta="1" diff --git a/danish/security/2006/dsa-1133.wml b/danish/security/2006/dsa-1133.wml deleted file mode 100644 index bab28586bd1..00000000000 --- a/danish/security/2006/dsa-1133.wml +++ /dev/null @@ -1,43 +0,0 @@ -manglende kontrol af inddata - -

Flere fjernudnytbare sårbarheder er opdaget i fejlsporingssystemet Mantis, -hvilket kunne føre til udførelse af vilkårlige webskripter. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-0664 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (cross-site scripting), er opdaget i config_defaults_inc.php.

    • - -
  • CVE-2006-0665 - -

    Sårbarheder i forbindelse med udførelse af skripter på tværs af websteder, - er opdaget i query_store.php og manage_proj_create.php.

    • - -
  • CVE-2006-0841 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder, er opdaget i view_all_set.php, manage_user_page.php, - view_filters_page.php og proj_doc_delete.php.

    • - -
  • CVE-2006-1577 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder, er opdaget i view_all_set.php.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.19.2-5sarge4.1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.19.4-3.1.

- -

Vi anbefaler at du opgraderer din mantis-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1133.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1134.wml b/danish/security/2006/dsa-1134.wml deleted file mode 100644 index b32cc54de81..00000000000 --- a/danish/security/2006/dsa-1134.wml +++ /dev/null @@ -1,117 +0,0 @@ -flere sårbarheder - -

Several security related problems have been discovered in Mozilla -which are also present in Mozilla Thunderbird. The Common -Vulnerabilities and Exposures project identifies the following -vulnerabilities:

- -
    - -
  • CVE-2006-1942 - -

    Eric Foley har opdaget at en bruger kunne narres til at blotlægge en - lokal fil til en fjernangriber, ved at vise en lokal fil som et billede i - forbindelse med andre sårbarheder. [MFSA-2006-39]

    • - -
  • CVE-2006-2775 - -

    XUL-attributter er forbundet med forkerte URL'er under visse - omstændigheder, hvilket kunne gøre det muligt for fjernangribere at omgå - begrænsninger. [MFSA-2006-35]

    • - -
  • CVE-2006-2776 - -

    Paul Nickerson har opdaget at content-defined-sættere på en - objektprototype, blev kaldt af priviligeret brugergrænsefladekode, og - "moz_bug_r_a4" demonstrerede at den højere rettighedsgrad kunne sendes - videre til den content-defined-angrebskode. [MFSA-2006-37]

    • - -
  • CVE-2006-2777 - -

    En sårbarhed gjorde det muligt for fjernangribere at udføre vilkårlig - kode og oprette beskeder, der udføres i en priviligeret kontekst. - [MFSA-2006-43]

    • - -
  • CVE-2006-2778 - -

    Mikolaj Habryn har opdaget et bufferoverløb i funktionen crypto.signText, - der gjorde det muligt for fjernangribere at udføre vilkårlig kode via visse - valgfrie Certificate Authority-navneparametre. [MFSA-2006-38]

    • - -
  • CVE-2006-2779 - -

    Mozilla-teammedlemmer har opdaget flere nedbrud under test af - browsermaskinen, som viste tegn på hukommelseskorrpution hvilket også kunne - føre til udførelse af vilkårlig kode. Dette problem er kun delvis rettet. - [MFSA-2006-32]

    • - -
  • CVE-2006-2780 - -

    Et heltalsoverløb gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (denial of service) og kunne gøre det muligt at udføre - vilkårlig kode. [MFSA-2006-32]

    • - -
  • CVE-2006-2781 - -

    Masatoshi Kimura har opdaget en dobbelt frigivelsessårbarhed, der gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb og muligvis - udføre vilkårlig kode via et VCard. [MFSA-2006-40]

    • - -
  • CVE-2006-2782 - -

    Chuck McAuley har opdaget at en tekstindtastningsboks kunne forudfyldes - med et filnavn, og dernæst ændres til en filoplægningskontrol, hvilket - gjorde det muligt for et ondsindet websted at stjæle enhver lokal fil hvis - navn de kunne gætte. [MFSA-2006-41, MFSA-2006-23, - CVE-2006-1729]

    • - -
  • CVE-2006-2783 - -

    Masatoshi Kimura har opdaget at Unicode Byte-order-Mark (BOM) fjernes fra - UTF-8-sider under en konvertering til Unicode, før fortolkeren ser websiden, - hvilket gjorde det muligt for fjernangribere at iværksætte angreb i - forbindelse med udførelse af skripter på tværs af websteder (cross site - scripting, XSS). [MFSA-2006-42]

    • - -
  • CVE-2006-2784 - -

    Paul Nickerson har opdaget at rettelsen til - CVE-2005-0752 - kunne omgås ved hjælp af nestede JavaScript:-URL'er, hvilket gjorde det - muligt for fjernangribere at udføre priviligeret kode. [MFSA-2005-34, - MFSA-2006-36]

    • - -
  • CVE-2006-2785 - -

    Paul Nickerson demonstrerede at, hvis en angriber kunne overbevise en - bruger om at højreklikke på et ødelagt billede og vælge "View Image" fra - kontekstmenu, kunne vedkommende dernæst køre JavaScript. - [MFSA-2006-34]

    • - -
  • CVE-2006-2786 - -

    Kazuho Oku har opdaget at Mozillas lemfældige håndtering af - HTTP-headersyntaks kunne gøre det muligt for fjernangribere at narre - browseren til at fortolke visse svar som om de var svar fra to forskellige - websteder. [MFSA-2006-33]

    • - -
  • CVE-2006-2787 - -

    Mozilla-efterforskeren "moz_bug_r_a4" har opdaget at JavaScript der køres - gennem EvalInSandbox, kun undslippe sandkassen og opnå forøgede rettigheder. - [MFSA-2006-31]

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.2-2.sarge1.0.8a.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.5.0.4-1 og xulrunner 1.5.0.4-1 hvad angår galeon og epiphany.

- -

Vi anbefaler at du opgraderer dine Mozilla Thunderbird-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1134.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1135.wml b/danish/security/2006/dsa-1135.wml deleted file mode 100644 index 01b1e33c172..00000000000 --- a/danish/security/2006/dsa-1135.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Kevin Kofler har opdaget flere stakbaserede bufferoverløb i funktionen -LookupTRM::lookup i libtunepimp, et MusicBrainz-mærkningsbibliotek, hvilket -gjorde det muligt for fjernangribere at forårsage et lammelsesangreb (denial -of service) eller udføre vilkårlig kode.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.3.0-3sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.4.2-4.

- -

Vi anbefaler at du opgraderer dine libtunepimp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1135.data" -#use wml::debian::translation-check translation="345ae5829873b136fcf7fa26bf52ec7b6b9904eb" mindelta="1" diff --git a/danish/security/2006/dsa-1136.wml b/danish/security/2006/dsa-1136.wml deleted file mode 100644 index 379be83e9ac..00000000000 --- a/danish/security/2006/dsa-1136.wml +++ /dev/null @@ -1,20 +0,0 @@ -forkert kontrol af inddata - -

infamous41md og Chris Evans har opdaget flere heap-baserede -bufferoverløb i xpdf, Portable Document Format (PDF)-programpakken, som også er -til stede i gpdf,viserprogramemt med Gtk-bindinger, og hvilket kunne føre til -et lammelsesangreb (denial of service) ved at få programmet til at gå ned eller -muligvis udføre vilkårlig kode.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.8.2-1.2sarge5.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.10.0-4.

- -

Vi anbefaler at du opgraderer din gpdf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1136.data" -#use wml::debian::translation-check translation="2dea119ada2e100c12905e5917ab1c7791558f35" mindelta="1" diff --git a/danish/security/2006/dsa-1137.wml b/danish/security/2006/dsa-1137.wml deleted file mode 100644 index 264b79c113f..00000000000 --- a/danish/security/2006/dsa-1137.wml +++ /dev/null @@ -1,57 +0,0 @@ -flere sårbarheder - -

Tavis Ormandy fra Google Security Team har opdaget flere problemer i -TIFF-biblioteket. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2006-3459 - -

    Flere stak-bufferoverløb er opdaget.

    • - -
  • CVE-2006-3460 - -

    En heap-overløbssårbarhed i JPEG-dekoderen kunne få en buffer til at løbe - over med flere data end forventet.

    • - -
  • CVE-2006-3461 - -

    En heap-overløbssårbarhed i PixarLog-dekoderen kunne gøre det muligt for - en angriber at udføre vilkårlig kode.

    • - -
  • CVE-2006-3462 - -

    En heap-overløbssårbarhed er opdaget i NeXT RLE-dekoderen.

    • - -
  • CVE-2006-3463 - -

    En løkke er opdaget hvor en 16-bit unsigned short blev vandt til at - gennemløbe en 32-bit unsigned-værdi, hvorved løkken aldrig endte.

    • - -
  • CVE-2006-3464 - -

    Flere ukontrollerede aritmetiske handlinger er blotlagt, deriblandt et - antal handlinger til range-kontrol, designet til at sikre at offset angivet - i TIFF-mapper er legitime.

    • - -
  • CVE-2006-3465 - -

    En fejl blev også blotlagt i libtiffs understøttelse skræddersyede tags, - hvilket kunne føre til abnorm opførsel, nedbrud eller potentielt udførelse - af vilkårlig kode.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 3.7.2-7.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.8.2-6.

- -

Vi anbefaler at du opgraderer dine libtiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1137.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1138.wml b/danish/security/2006/dsa-1138.wml deleted file mode 100644 index 551110edc9e..00000000000 --- a/danish/security/2006/dsa-1138.wml +++ /dev/null @@ -1,18 +0,0 @@ -heltalsoverløb - -

Carlo Contavalli har opdaget et heltalsoverløb i CFS, et kryptografisk -filsystem, hvilket gjorde det muligt for lokale brugere at få -krypteringsdæmonen til at gå ned..

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.4.1-15sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.4.1-17.

- -

Vi anbefaler at du opgraderer din cfs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1138.data" -#use wml::debian::translation-check translation="50cf8f102eb8a72dcbf06fce199ef917b9d71862" mindelta="1" diff --git a/danish/security/2006/dsa-1139.wml b/danish/security/2006/dsa-1139.wml deleted file mode 100644 index a91dfeabf6e..00000000000 --- a/danish/security/2006/dsa-1139.wml +++ /dev/null @@ -1,17 +0,0 @@ -manglende rettighedskontroller - -

Man har opdaget at fortolkerne til Ruby-sproget ikke på korrekt vis fastholdt -"safe levels" til aliasing, mappeadgang og regulære udtryk, hvilket kunne føre -til omgåelse af sikkerhedsbegrænsninger.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.6.8-12sarge2.

- -

Den ustabile distribution (sid) indeholder ikke længere ruby1.6-pakker.

- -

Vi anbefaler at du opgraderer dine Ruby-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1139.data" -#use wml::debian::translation-check translation="50cf8f102eb8a72dcbf06fce199ef917b9d71862" mindelta="1" diff --git a/danish/security/2006/dsa-1140.wml b/danish/security/2006/dsa-1140.wml deleted file mode 100644 index 1ffd53c0994..00000000000 --- a/danish/security/2006/dsa-1140.wml +++ /dev/null @@ -1,17 +0,0 @@ -heltalsoverløb - -

Evgeny Legerov har opdaget at meget store kommentarer kan få gnupg - GNU -privacy guard, en fri PGP-erstatning - til at gå ned.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.4.1-1.sarge5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.4.5-1.

- -

Vi anbefaler at du opgraderer din gnupg-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1140.data" -#use wml::debian::translation-check translation="6ee4f5fe427a47655124f3bef52b9c8182c676f1" mindelta="1" diff --git a/danish/security/2006/dsa-1141.wml b/danish/security/2006/dsa-1141.wml deleted file mode 100644 index 819c29db25c..00000000000 --- a/danish/security/2006/dsa-1141.wml +++ /dev/null @@ -1,18 +0,0 @@ -heltalsoverløb - -

Evgeny Legerov har opdaget at meget store kommentarer kan få gnupg - GNU -privacy guard, en fri PGP-erstatning - til at gå ned. Problemet findes også i -udviklingsforgreningen.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.9.15-6sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.9.20-2.

- -

Vi anbefaler at du opgraderer din gnupg2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1141.data" -#use wml::debian::translation-check translation="c6d8e54dcd2005b198bc1863509cbd528915c6aa" mindelta="1" diff --git a/danish/security/2006/dsa-1142.wml b/danish/security/2006/dsa-1142.wml deleted file mode 100644 index 8989da33750..00000000000 --- a/danish/security/2006/dsa-1142.wml +++ /dev/null @@ -1,18 +0,0 @@ -manglende grænsekontroller - -

Luigi Auriemma har opdaget manglende grænsekontroller i freeciv, en klon af -det velkendte spil Civilisation, hvilket kunne udnyttes af fjernangribere til at -forårsage et lammelsesangreb (nedbrud) eller muligvis udførelse af vilkårlig -kode.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.0.1-1sarge2.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din freeciv-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1142.data" -#use wml::debian::translation-check translation="09ac89f3433e0e7f6573906b133c968eff7d51fc" mindelta="1" diff --git a/danish/security/2006/dsa-1143.wml b/danish/security/2006/dsa-1143.wml deleted file mode 100644 index dcbb0bef815..00000000000 --- a/danish/security/2006/dsa-1143.wml +++ /dev/null @@ -1,17 +0,0 @@ -programmeringsfejl - -

Justin Winschief og Andrew Steets har opdaget en fejl i dhcp, DHCP-server til -automatisk tildeling af IP-adresser, hvilket fik serverprogrammet til uventet at -gå ned.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.0pl5-19.1sarge2.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din dhcp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1143.data" -#use wml::debian::translation-check translation="a3d3d5a0ff413c154bb2ea294d254f25220fc2f1" mindelta="1" diff --git a/danish/security/2006/dsa-1144.wml b/danish/security/2006/dsa-1144.wml deleted file mode 100644 index f6cc22cf20a..00000000000 --- a/danish/security/2006/dsa-1144.wml +++ /dev/null @@ -1,18 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at et af værktøjerne der distribueres med chmlib, et -bibliotek til håndtering af Microsofts CHM-filer, udførte utilstrækkelig -kontrol af filnavne, hvilket kunne føre til mappegennemløb.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.35-6sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.38-1.

- -

Vi anbefaler at du opgraderer din chmlib-bin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1144.data" -#use wml::debian::translation-check translation="0e0e9853d2f4c48d1488dc87a6b510acaae86ec1" mindelta="1" diff --git a/danish/security/2006/dsa-1145.wml b/danish/security/2006/dsa-1145.wml deleted file mode 100644 index 40ac7d2bad3..00000000000 --- a/danish/security/2006/dsa-1145.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i freeradius, en højtydende -RADIUS-server, hvilket kunne føre til SQL-indsprøjtning eller lammelsesangreb -(denial af service). Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2005-4745 - -

    En SQL-indsprøjtningssårbarhed er opdaget i modulet - rlm_sqlcounter.

    • - -
  • CVE-2005-4746 - -

    Flere bufferoverløb er opdaget, hvilke muliggjorde - lammelsesangreb.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.2-4sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.0.5-1.

- -

Vi anbefaler at du opgraderer dine freeradius-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1145.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1146.wml b/danish/security/2006/dsa-1146.wml deleted file mode 100644 index 07be72772e7..00000000000 --- a/danish/security/2006/dsa-1146.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

I visse programmet pakket i MIT Kerberos 5-kildekoden, kontrolleres kald til -setuid() og seteuid() ikke altid for om de er lykkedes, hvilket kan give fejl i -visse PAM-opsætninger. En lokal bruger kunne udnytte en af disse sårbarheder, -medførende rettighedsforøgelse. På nuværende tidspunkt er der ikke kendskab til -udnytbar kode.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.3.6-2sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.4.3-9.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1146.data" -#use wml::debian::translation-check translation="929df89929df9620d02960fdc8c8401d03959334" mindelta="1" diff --git a/danish/security/2006/dsa-1147.wml b/danish/security/2006/dsa-1147.wml deleted file mode 100644 index 3fe1d553b06..00000000000 --- a/danish/security/2006/dsa-1147.wml +++ /dev/null @@ -1,18 +0,0 @@ -manglende kontrol af inddata - -

Ayman Hourieh har opdaget at Drupal, en dynamisk webstedsplatform, udførte -utilstrækkelig kontrol af inddata i user-modulet, hvilket kunne føre til -udførelse af skripter på tværs af websteder (cross-site scripting).

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.5.3-6.1sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.5.8-2.

- -

Vi anbefaler at du opgraderer din drupal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1147.data" -#use wml::debian::translation-check translation="297ed1a042fe033d31f4313e3446ff2788d27da3" mindelta="1" diff --git a/danish/security/2006/dsa-1148.wml b/danish/security/2006/dsa-1148.wml deleted file mode 100644 index 1061f4b38c6..00000000000 --- a/danish/security/2006/dsa-1148.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i gallery, et webbaseret -fotoalbum. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2005-2734 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (cross-site scripting) gjorde det muligt at indsprøjte - webskriptkode gennem HTML eller EXIF-oplysninger.

    • - -
  • CVE-2006-0330 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder i brugerregistreringen gjorde det muligt at indsprøjte - webskriptkode.

    • - -
  • CVE-2006-4030 - -

    Manglende kontrol af inddata i stats-modulerne tillod - informationslækage.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.5-1sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.5-2.

- -

Vi anbefaler at du opgraderer din gallery-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1148.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1149.wml b/danish/security/2006/dsa-1149.wml deleted file mode 100644 index 8a8919c59f5..00000000000 --- a/danish/security/2006/dsa-1149.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferunderløb - -

Tavis Ormandy fra Google Security Team har opdaget en manglende -grænsekontrol i ncompress, de originale Lempel-Ziv-programmer compress og -uncompress, hvilket gjorde det muligt for en særligt fremstillet datastrøm at -underløbe en buffer med angriberkontrollerede data.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.2.4-15sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.2.4-15sarge2.

- -

Vi anbefaler at du opgraderer din ncompress-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1149.data" -#use wml::debian::translation-check translation="678b72dec9c2c4e3846a02814aced8b4ed542c09" mindelta="1" diff --git a/danish/security/2006/dsa-1150.wml b/danish/security/2006/dsa-1150.wml deleted file mode 100644 index a1dea7398ef..00000000000 --- a/danish/security/2006/dsa-1150.wml +++ /dev/null @@ -1,18 +0,0 @@ -programmeringsfejl - -

En fejl er opdaget i flere pakker, der udfører systemkaldet setuid() uden at -kontrollere om det gik godt, når de forsøger at smider rettigheder væk, hvilket -kunne fejle med nogle PAM-opsætninger.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.0.3-31sarge8.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.0.17-2.

- -

Vi anbefaler at du opgraderer din passwd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1150.data" -#use wml::debian::translation-check translation="48fed278a9a6f6e7b7e505339b6d39a33f9d0cb1" mindelta="1" diff --git a/danish/security/2006/dsa-1151.wml b/danish/security/2006/dsa-1151.wml deleted file mode 100644 index 0a1c2fd2b97..00000000000 --- a/danish/security/2006/dsa-1151.wml +++ /dev/null @@ -1,18 +0,0 @@ -læsning uden for grænserne - -

Yan Rong Ge har opdaget hukommelsestilgang uden for grænserne i heartbeat, -undersystemet til High-Availability Linux. Dette kunne udnyttes af en -fjernangriber til at forårsage et lammelsesangreb (denial of service).

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.2.3-9sarge6.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.4-14 and heartbeat-2 2.0.6-2.

- -

Vi anbefaler at du opgraderer dine heartbeat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1151.data" -#use wml::debian::translation-check translation="ae66ac1f4f0bf127060419f9f05af0ba84e1ecc3" mindelta="1" diff --git a/danish/security/2006/dsa-1152.wml b/danish/security/2006/dsa-1152.wml deleted file mode 100644 index 308d47b730b..00000000000 --- a/danish/security/2006/dsa-1152.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

Felix Wiemann har opdaget at trac, en udvidet wiki og problemstyringsystem -til softwareudviklingsprojekter, kunne anvendes til at afsløre vilkårlige -lokale filer. For at rette problem, skal python-docutils desuden -opdateres.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.8.1-3sarge5 af trac og version 0.3.7-2sarge1 af python-docutils.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.6-1.

- -

Vi anbefaler at du opgraderer dine trac- og python-docutils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1152.data" -#use wml::debian::translation-check translation="cc908aa5f653864e40bab337a15e488820db8ec5" mindelta="1" diff --git a/danish/security/2006/dsa-1153.wml b/danish/security/2006/dsa-1153.wml deleted file mode 100644 index 2d018a30e89..00000000000 --- a/danish/security/2006/dsa-1153.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Damian Put har opdaget et heap-overløbssårbarhed i UPX-udpakkeren i -antivirusværktøjet ClamAV, hvilket kunne gøre det muligt for fjernangribere at -udføre vilkårlig kode eller forårsage lammelsesangreb (denial of service).

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.84-2.sarge.10.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.88.4-0volatile1 i arkivet volatile.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.88.4-2.

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1153.data" -#use wml::debian::translation-check translation="76d24badaf26664696c7056f568fe0c1a253484a" mindelta="1" diff --git a/danish/security/2006/dsa-1154.wml b/danish/security/2006/dsa-1154.wml deleted file mode 100644 index d5df9cd171b..00000000000 --- a/danish/security/2006/dsa-1154.wml +++ /dev/null @@ -1,19 +0,0 @@ -variabel-overskrivning - -

James Bercegay fra GulfTech Security Research har opdaget en sårbarhed i -SquirrelMail, hvor en autentificeret bruger kunne overskrive tilfældige -variable i compose-skriptet. Dette kunne måske udnyttes til at læse eller -skrive andre brugeres opsætning eller vedhæftede filer.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.4.4-9.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.4.8-1.

- -

Vi anbefaler at du opgraderer din squirrelmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1154.data" -#use wml::debian::translation-check translation="ff1b78cc37a15dd28c23c72b02812f96707ce861" mindelta="1" diff --git a/danish/security/2006/dsa-1155.wml b/danish/security/2006/dsa-1155.wml deleted file mode 100644 index e79d2822e24..00000000000 --- a/danish/security/2006/dsa-1155.wml +++ /dev/null @@ -1,38 +0,0 @@ -programmeringsfejl - -

Det har vist sig, at den binære sendmail-fil er afhængig af libsasl2 (>= -2.1.19.dfsg1), der hverken er tilgængelig i den stabile distribution eller i -sikkerhedsarkivet. Denne version er dog planlagt til at komme med i den næste -opdatering af den stabile udgave.

- -

Du er nødt til at hente den angivne fil til din arkitektur fra det nedenfor -nævnte sted og installere den med dpkg -i.

- -

Som et alternativ, vil en midlertidig tilføjelse af følgende linje til -/etc/apt/sources.list også løse problemet:

- - - deb http://ftp.debian.de/debian stable-proposed-updates main - - -

Her følger den oprindelige sikkerhedsbulletin for fuldstændighedens -skyld:

- -
-

Frank Sheiness har opdaget at MIME-konverteringsrutinen i sendmail, et -ydedygtigt, effektivt og skalérbart program til transport af e-mail, kunne -narre af en særligt fremstillet mail til at gå i en uendelig løkke.

-
- -

I den stabile distribution (sarge) er dette problem rettet i -version 8.13.4-3sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 8.13.7-1.

- -

Vi anbefaler at du opgraderer din sendmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1155.data" -#use wml::debian::translation-check translation="73a727f1325fbc4975fdb2e40733b64a7f464974" mindelta="1" diff --git a/danish/security/2006/dsa-1156.wml b/danish/security/2006/dsa-1156.wml deleted file mode 100644 index 1b11735f0e8..00000000000 --- a/danish/security/2006/dsa-1156.wml +++ /dev/null @@ -1,18 +0,0 @@ -programmeringsfejl - -

Ludwig Nussel har opdaget at kdm, KDE's X-displaymanager, håndterede adgang -til sessionstypeopsætningsfilen på usikker vis, hvilket kunne føre til -afsløring af vilkårlige filer gennem et symlink-angreb.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.3.2-1sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.5.2-2.

- -

Vi anbefaler at du opgraderer din kdm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1156.data" -#use wml::debian::translation-check translation="efa7c17deb36121095b8cf6c4d7bd779fab9f327" mindelta="1" diff --git a/danish/security/2006/dsa-1157.wml b/danish/security/2006/dsa-1157.wml deleted file mode 100644 index 7489b777551..00000000000 --- a/danish/security/2006/dsa-1157.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i Ruby-sprogets fortolker, hvilket kunne føre -til omgåelse af sikkerhedsbegrænsninger eller lammelsesangreb (denial of -service(. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2006-1931 - -

    Man har opdaget at anvendelsen af blokerings-sockets kunne føre til - lammelsesangreb.

    • - -
  • CVE-2006-3964 - -

    Man har opdaget at Ruby ikke på korrekt vis holdt styr på "safe levels" - til aliasing, mappeadgang og regulære udtryk, hvilket kunne føre til - omgåelse af sikkerhedsbegrænsninger.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.8.2-7sarge4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.8.4-3.

- -

Vi anbefaler at du opgraderer dine Ruby-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1157.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1158.wml b/danish/security/2006/dsa-1158.wml deleted file mode 100644 index 5b564fedf2e..00000000000 --- a/danish/security/2006/dsa-1158.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Ulf Härnhammar fra Debian Security Audit Project har opdaget at -streamripper, et værktøj til optagelse af online-radiostrømme, udførte -utilstrækkelig kontrol af data modtaget fra streaming-serveren, hvilket kunne -føre til bufferoverløb og udførelse afvilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.61.7-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.61.25-2.

- -

Vi anbefaler at du opgraderer din streamripper-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1158.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-1159.wml b/danish/security/2006/dsa-1159.wml deleted file mode 100644 index 77cce360b33..00000000000 --- a/danish/security/2006/dsa-1159.wml +++ /dev/null @@ -1,70 +0,0 @@ -flere sårbarheder - -

De seneste sikkerhedsopdateringer af Mozilla Thunderbird introducerede en -regression, der førte til et funktionsforringet vedhæftelsespanel, som er -berettiget til en rettelse for at løse problemet. Som reference følger den -oprindelige bulletins tekst herunder:

- -
-

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla og afledte -produkter så som Mozilla Thunderbird. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2006-2779 - -

    Mozilla-holdet har opdaget flere nedbrud under aftestning af - browsermaskinen, med beviser på hukommelseskorruption, hvilket også kunne - føre udførelse af vilkårlig kode. Den sidste del af dette problem vil - blive korrigeret ved næste opdatering. Du kan finder alle problemerne ved - at slå Javascript fra. [MFSA-2006-32]

    • - -
  • CVE-2006-3805 - -

    Javascript-maskinen kunne gøre det muligt for fjernangribere at udføre - vilkårlig kode. [MFSA-2006-50]

    • - -
  • CVE-2006-3806 - -

    Flere heltalsoverløb i Javascript-maskinen kunne gøre det muligt for - fjernangribere at udføre vilkårlig kode. [MFSA-2006-50]

    • - -
  • CVE-2006-3807 - -

    Særligt fremstillet Javascript gjorde det muligt for fjernangribere at - udføre vilkårlig kode. [MFSA-2006-51]

    • - -
  • CVE-2006-3808 - -

    Remote Proxy AutoConfig (PAC)-servere (fjernopsætbare servere) kunne - udføre kode med forøgede rettigheder gennem et særligt fremstillet - PAC-skript. [MFSA-2006-52]

    • - -
  • CVE-2006-3809 - -

    Skripter med rettigheden UniversalBrowserRead kunne opnå rettigheden - UniversalXPConnect, samt muligvis udføre kode eller tilgå følsomme data. - [MFSA-2006-53]

    • - -
  • CVE-2006-3810 - -

    En sårbarhed i forbindelse med udførelse af skripter gjorde det muligt - for fjernangribere at indsprøjte vilkårlige webskripter eller HTML. - [MFSA-2006-54]

    • - -
-
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.2-2.sarge1.0.8b.2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.5.0.5-1.

- -

Vi anbefaler at du opgraderer din mozilla-thunderbird-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1159.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1160.wml b/danish/security/2006/dsa-1160.wml deleted file mode 100644 index 2910d76dcc8..00000000000 --- a/danish/security/2006/dsa-1160.wml +++ /dev/null @@ -1,76 +0,0 @@ -flere sårbarheder - -

De seneste sikkerhedsopdateringer af Mozilla introducerede en regression, -der førte til et funktionsforringet vedhæftelsespanel, som er berettiget til en -rettelse for at løse problemet. Som reference følger den oprindelige bulletins -tekst herunder:

- -
-

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla og afledte -produkter så som Mozilla Thunderbird. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2006-2779 - -

    Mozilla-holdet har opdaget flere nedbrud under aftestning af - browsermaskinen, med beviser på hukommelseskorruption, hvilket også kunne - føre udførelse af vilkårlig kode. Den sidste del af dette problem vil - blive korrigeret ved næste opdatering. Du kan finder alle problemerne ved - at slå Javascript fra. [MFSA-2006-32]

    • - -
  • CVE-2006-3805 - -

    Javascript-maskinen kunne gøre det muligt for fjernangribere at udføre - vilkårlig kode. [MFSA-2006-50]

    • - -
  • CVE-2006-3806 - -

    Flere heltalsoverløb i Javascript-maskinen kunne gøre det muligt for - fjernangribere at udføre vilkårlig kode. [MFSA-2006-50]

    • - -
  • CVE-2006-3807 - -

    Særligt fremstillet Javascript gjorde det muligt for fjernangribere at - udføre vilkårlig kode. [MFSA-2006-51]

    • - -
  • CVE-2006-3808 - -

    Remote Proxy AutoConfig (PAC)-servere (fjernopsætbare servere) kunne - udføre kode med forøgede rettigheder gennem et særligt fremstillet - PAC-skript. [MFSA-2006-52]

    • - -
  • CVE-2006-3809 - -

    Skripter med rettigheden UniversalBrowserRead kunne opnå rettigheden - UniversalXPConnect, samt muligvis udføre kode eller tilgå følsomme data. - [MFSA-2006-53]

    • - -
  • CVE-2006-3810 - -

    En sårbarhed i forbindelse med udførelse af skripter gjorde det muligt - for fjernangribere at indsprøjte vilkårlige webskripter eller HTML. - [MFSA-2006-54]

    • - -
  • CVE-2006-3810 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder tillod fjernangribere at indsprøjte vilkårlige webskriper eller - HTML. [MFSA-2006-54]

    • - -
-
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.7.8-1sarge7.2.2.

- -

I den ustabile distribution (sid) vil disse problemer ikke blive rettet, da -pakken har nået slutningen på sit livsforløb og snart vil blive fjernet.

- -

Vi anbefaler at du opgraderer din mozilla-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1160.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1161.wml b/danish/security/2006/dsa-1161.wml deleted file mode 100644 index 17249b93051..00000000000 --- a/danish/security/2006/dsa-1161.wml +++ /dev/null @@ -1,62 +0,0 @@ -flere sårbarheder - -

De seneste sikkerhedsopdateringer af Mozilla Thunderbird introducerede en -regression, der førte til et funktionsforringet vedhæftelsespanel, som er -berettiget til en rettelse for at løse problemet. Som reference følger den -oprindelige bulletins tekst herunder:

- -
-

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla og afledte -produkter så som Mozilla Thunderbird. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2006-3805 - -

    Javascript-maskinen kunne gøre det muligt for fjernangribere at udføre - vilkårlig kode. [MFSA-2006-50]

    • - -
  • CVE-2006-3806 - -

    Flere heltalsoverløb i Javascript-maskinen kunne gøre det muligt for - fjernangribere at udføre vilkårlig kode. [MFSA-2006-50]

    • - -
  • CVE-2006-3807 - -

    Særligt fremstillet Javascript gjorde det muligt for fjernangribere at - udføre vilkårlig kode. [MFSA-2006-51]

    • - -
  • CVE-2006-3808 - -

    Remote Proxy AutoConfig (PAC)-servere (fjernopsætbare servere) kunne - udføre kode med forøgede rettigheder gennem et særligt fremstillet - PAC-skript. [MFSA-2006-52]

    • - -
  • CVE-2006-3809 - -

    Skripter med rettigheden UniversalBrowserRead kunne opnå rettigheden - UniversalXPConnect, samt muligvis udføre kode eller tilgå følsomme data. - [MFSA-2006-53]

    • - -
  • CVE-2006-3811 - -

    Flere sårbarheder gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (nedbrud) og muligvis udføre vilkårlig kode. - [MFSA-2006-55]

    • - -
-
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.4-2sarge11.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.5.dfsg+1.5.0.5-1.

- -

Vi anbefaler at du opgraderer din mozilla-firefox-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1161.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1162.wml b/danish/security/2006/dsa-1162.wml deleted file mode 100644 index e8a6346abb4..00000000000 --- a/danish/security/2006/dsa-1162.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Luigi Auriemma har opdaget flere bufferoverløb i libmusicbrainz, et -cd-indekseringsbibliotek, der gjorde det muligt for fjernangribere at forårsage -et lammelsesangreb (denial of service) eller udføre vilkårlig kode.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.0.2-10sarge1 og 2.1.1-3sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.1.4-1.

- -

Vi anbefaler at du opgraderer dine libmusicbrainz-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1162.data" -#use wml::debian::translation-check translation="6fcba9d36a1ca23ef129260d7f3cb73ef3e5b75b" mindelta="1" diff --git a/danish/security/2006/dsa-1163.wml b/danish/security/2006/dsa-1163.wml deleted file mode 100644 index 76ac7c73d96..00000000000 --- a/danish/security/2006/dsa-1163.wml +++ /dev/null @@ -1,17 +0,0 @@ -programmeringsfejl - -

Michael Gehring har opdaget flere potentielle indekstilgange der gik ud over -grænserne i gtetrinet, et Tetris-lignende spil til flere spillere, hvilket -kunne gøre det muligt for en fjern server at udføre vilkårlig kode.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.7.8-1sarge2.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din gtetrinet-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1163.data" -#use wml::debian::translation-check translation="9e310b1164a8be5e10b0d5d4bedd0e22b9ee4f69" mindelta="1" diff --git a/danish/security/2006/dsa-1164.wml b/danish/security/2006/dsa-1164.wml deleted file mode 100644 index 2030096216b..00000000000 --- a/danish/security/2006/dsa-1164.wml +++ /dev/null @@ -1,23 +0,0 @@ -programmeringsfejl - -

En programmeringsfejl er opdaget i sendmail, et alternativt -posttransporteringsprogram i Debian, der kunne gøre det muligt for -fjernangribere at få sendmail-processen til at gå ned ved at sende en særligt -fremstillet e-mail.

- -

Bemærk: for at kunne installere denne opdatering, skal du også installere -biblioteket libsasl2 fra arkivet proposed updates, som forklaret i DSA -1155-2.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 8.13.3-3sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 8.13.8-1.

- -

Vi anbefaler at du opgraderer din sendmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1164.data" -#use wml::debian::translation-check translation="7df7bdacab61b79d64693055a111fe4a7b445e22" mindelta="1" diff --git a/danish/security/2006/dsa-1165.wml b/danish/security/2006/dsa-1165.wml deleted file mode 100644 index 3c708abf66b..00000000000 --- a/danish/security/2006/dsa-1165.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

Lionel Elie Mamane har opdaget en sikkerhedssårbarhed i capi4hylafax, -værktøjer til faxforsendelse gennem en CAPI 2.0-enhed, hvilket gjorde det -muligt for fjernangribere at udføre vilkårlige kommandoer på det system, -der modtog faxen.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 01.02.03-10sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 01.03.00.99.svn.300-3.

- -

Vi anbefaler at du opgraderer din capi4hylafax-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1165.data" -#use wml::debian::translation-check translation="fa773aff79020fe9a333937f6da3d92ec2341edb" mindelta="1" diff --git a/danish/security/2006/dsa-1166.wml b/danish/security/2006/dsa-1166.wml deleted file mode 100644 index a61526fd445..00000000000 --- a/danish/security/2006/dsa-1166.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Luigi Auriemma har opdaget et bufferoverløb i indlæsningskomponenten i -cheesetracker, et lydmoduls-trackingprogram, hvilket kunne tillade en ondsindet -kontrueret inddatafil at udføre vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.9-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.9-6.

- -

Vi anbefaler at du opgraderer din cheesetracker-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1166.data" -#use wml::debian::translation-check translation="78a6226d7f04a78c2d50acb26a770b330cc36754" mindelta="1" diff --git a/danish/security/2006/dsa-1167.wml b/danish/security/2006/dsa-1167.wml deleted file mode 100644 index 1c5655adc92..00000000000 --- a/danish/security/2006/dsa-1167.wml +++ /dev/null @@ -1,35 +0,0 @@ -manglende kontrol af inddata - -

Flere fjernudnytbare sårbarheder er opdaget i Apache, verdens mest populære -webserver, hvilket kunne føre til udførelse af vilkårlige webskripter. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2005-3352 - -

    EN fejl i forbindelse med udførelse af skripter på tværs af websteder - (cross site scripting, XSS) fandtes i Apache-serverens - mod_imap-komponent.

    • - -
  • CVE-2006-3918 - -

    Apache kontrollerede ikke Expect-headeren fra en HTTP-request når den - blev vist i en fejlmeddelelse, hvilket kunne gøre det muligt at udføre - angreb i stil med udførelse af skripter på tværs af websteder (XSS).

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.3.33-6sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.3.34-3.

- -

Vi anbefaler at du opgraderer din apache-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1167.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1168.wml b/danish/security/2006/dsa-1168.wml deleted file mode 100644 index 25de00a2ee7..00000000000 --- a/danish/security/2006/dsa-1168.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Imagemagick, en samling af -billedbehandlingsværktøjer, hvilket kunne føre til udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2006-2440 - -

    Eero Häkkinen har opdaget at visningsværktøjet allokerede - utilstrækkelig hukommelse til globbing-mønstre, hvilket kunne føre til et - bufferoverløb.

    • - -
  • CVE-2006-3743 - -

    Tavis Ormandy fra Google Security Team har opdaget at - Sun-bitmapdekoderen udførte utilstrækkelig kontrol af inddata, hvilket - kunne føre til bufferoverløb og udførelse af vilkårlig kode.

    • - -
  • CVE-2006-3744 - -

    Tavis Ormandy fra Google Security Team har opdaget at - XCF-billeddekoderen udførte utilstrækkelig kontrol af inddata, hvilket - kunne føre til bufferoverløb og udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 6:6.0.6.2-2.7.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1168.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1169.wml b/danish/security/2006/dsa-1169.wml deleted file mode 100644 index fd777674640..00000000000 --- a/danish/security/2006/dsa-1169.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere lokale sårbarheder er opdaget i databaseserveren MySQL. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2006-4226 - -

    Michal Prokopiuk har opdaget at fjernautentificerede brugere har - tilladelse til at oprette og tilgå en database hvis navnet skrevet med små - bogstaver, er det samme som på den database, de er blevet givet tilladelse - til.

    • - -
  • CVE-2006-4380 - -

    Beat Vontobel har opdaget at visse forespørgsler replikeret til en - slaveserver, kunne få klienten til at gå ned og dermed afbryde - replikeringen.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4.1.11a-4sarge7. Version 4.0 er ikke påvirket af disse problemer.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 5.0.24-3. Replikeringsproblemet findes kun i version 4.1.

- -

Vi anbefaler at du opgraderer din mysql-server-4.1-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1169.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1170.wml b/danish/security/2006/dsa-1170.wml deleted file mode 100644 index 1d7e7ca3adc..00000000000 --- a/danish/security/2006/dsa-1170.wml +++ /dev/null @@ -1,18 +0,0 @@ -manglende fornuftighedskontrol - -

Jürgen Weigert har opdaget, at ved udpakning af JAR-arkiver, kontrollerede -fastjar fra GNU Compiler Collection ikke stier hørende til filerne i arkivet, -og tillod overskrivelse af filer i overliggende mapper.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.4.3-13sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.1.1-11.

- -

Vi anbefaler at du opgraderer din fastjar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1170.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-1171.wml b/danish/security/2006/dsa-1171.wml deleted file mode 100644 index c333b84779c..00000000000 --- a/danish/security/2006/dsa-1171.wml +++ /dev/null @@ -1,62 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i netværksscanneren Ethereal, -hvilket kunne føre til udførelse af vilkårlig kode. Projektet Common -Vulnerabilities and Exposures har fundet frem tilfølgende problemer:

- -
    - -
  • CVE-2006-4333 - -

    Man har opdaget at Q.2391-dissektoren var sårbar over for - lammelsesangreb (denial of service) forårsaget af - hukommelsesoverudnyttelse.

    • - -
  • CVE-2005-3241 - -

    Man har opdaget at FC-FCS-, RSVP- og ISIS-LSP-dissektorerne var sårbare - over for lammelsesangreb forårsaget af hukommelsesoverudnyttelse.

    • - -
  • CVE-2005-3242 - -

    Man har opdaget at IrDA- og SMB-dissektorerne var sårbare over for - lammelsesangreb forårsaget af hukommelsesoverudnyttelse.

    • - -
  • CVE-2005-3243 - -

    Man har opdaget at SLIMP3- og AgentX-dissektorerne var sårbare over for - indsprøjtning af kode forårsaget af bufferoverløb.

    • - -
  • CVE-2005-3244 - -

    Man har opdaget at BER-dissektoren var sårbar over for lammelsesangreb - forårsaget af en uendelig løkke.

    • - -
  • CVE-2005-3246 - -

    Man har opdaget at NCP- og RTnet-dissektorerne var sårbare over for - lammelsesangreb forårsaget af en null-pointerdereference.

    • - -
  • CVE-2005-3248 - -

    Man har opdaget at X11-dissektoren var sårbar over for lammelsesangreb - forårsaget af division med nul.

    • - -
- -

Denne opdatering retter også en 64 bit-specifik regression i -ASN.1-dekoderen, der stammer fra den foregående DSA.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.10.10-2sarge8.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.99.2-5.1 af wireshark, netværksnifferen der tidligere var kendt som -ethereal.

- -

Vi anbefaler at du opgraderer dine ethereal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1171.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1172.wml b/danish/security/2006/dsa-1172.wml deleted file mode 100644 index 3127de2728e..00000000000 --- a/danish/security/2006/dsa-1172.wml +++ /dev/null @@ -1,19 +0,0 @@ -programmeringsfejl - -

To sårbarheder er opdaget i BIND9, Berkeley Internet Name Domain-serveren. -Den første er i forbindelse med behandling af SIG-forespørgsler og den anden i -forbindelse med en tilstand, der kunne udløse en INSIST-fejl, og begge førte -til lammelsesangreb (denial of service).

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 9.2.4-1sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 9.3.2-P1-1.

- -

Vi anbefaler at du opgraderer din bind9-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1172.data" -#use wml::debian::translation-check translation="f2f04ad008e2a6b51ef3d87c858fcc346211d7e4" mindelta="1" diff --git a/danish/security/2006/dsa-1173.wml b/danish/security/2006/dsa-1173.wml deleted file mode 100644 index 2802ea5f9a0..00000000000 --- a/danish/security/2006/dsa-1173.wml +++ /dev/null @@ -1,21 +0,0 @@ -kryptografisk svaghed - -

Daniel Bleichenbacher har opdaget en fejl OpenSSL-kryptografipakken, der -kunne gøre det muligt for en angriber at generere forfalskede signaturer, som -OpenSSL accepterede som gyldige.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.7e-3sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.8b-3.

- -

Vi anbefaler at du opgraderer dine openssl-pakker. Bemærk at -serviceprogrammer der linker mod delte openssl-biblioteker skal genstartes. -Typiske eksempler på sådanne serviceprogrammer er for eksempel de flete -mailserverprogrammer, SSH-servere og webservere.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1173.data" -#use wml::debian::translation-check translation="65f031f098440c11ba255ba25480f4d3d3a6e44a" mindelta="1" diff --git a/danish/security/2006/dsa-1174.wml b/danish/security/2006/dsa-1174.wml deleted file mode 100644 index 1adb7ebb1f5..00000000000 --- a/danish/security/2006/dsa-1174.wml +++ /dev/null @@ -1,21 +0,0 @@ -kryptografisk svaghed - -

Daniel Bleichenbacher har opdaget en fejl OpenSSL-kryptografipakken, der -kunne gøre det muligt for en angriber at generere forfalskede signaturer, som -OpenSSL accepterede som gyldige.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.6m-1sarge2.

- -

Pakken findes kun af kompabilitetshensyn med ældre software, og er ikke i -Debians ustabile og test-forgreninger.

- -

Vi anbefaler at du opgraderer dine openssl-pakker. Bemærk at -serviceprogrammer der linker mod delte openssl-biblioteker skal genstartes. -Typiske eksempler på sådanne serviceprogrammer er for eksempel de flete -mailserverprogrammer, SSH-servere og webservere.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1174.data" -#use wml::debian::translation-check translation="16edae3fbe84e8e546d69e69f59172ec80f4196e" mindelta="1" diff --git a/danish/security/2006/dsa-1175.wml b/danish/security/2006/dsa-1175.wml deleted file mode 100644 index 070bc0d4cda..00000000000 --- a/danish/security/2006/dsa-1175.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

En fejl er fundet i isakmpd, OpenBSD's implementering af protokollen Internet -Key Exchange, hvilket forårsagede at Security Associations blev oprettet med et -replay-vindue på 0 når isakmpd fungerede som den svarende part i en -SA-forhandling. Dette kunne gøre det muligt for en angriber at genindsprøjte -opsnusede IPsec-pakker, der ikke blev kontrolleret mod replay-tælleren.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 20041012-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 20041012-4.

- -

Vi anbefaler at du opgraderer din isakmpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1175.data" -#use wml::debian::translation-check translation="9dbde6bd109fc10c6f9dba6ba57ea038d03a9141" mindelta="1" diff --git a/danish/security/2006/dsa-1176.wml b/danish/security/2006/dsa-1176.wml deleted file mode 100644 index a3b8fe1a080..00000000000 --- a/danish/security/2006/dsa-1176.wml +++ /dev/null @@ -1,18 +0,0 @@ -programmeringsfejl - -

Man har opdaget at webapplikationsservern Zope ikke slog direktivet -csv_table fra i websider indeholdende ReST-markup, hvilket gjorde det muligt at -afsløre filer der var læsbare af Zope-serveren.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.7.5-2sarge2.

- -

Den ustabile distribution (sid) indeholder ikke længere zope2.7, i zope2.8 -er dette problem rettet i version 2.8.8-2.

- -

Vi anbefaler at du opgraderer din Zope-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1176.data" -#use wml::debian::translation-check translation="f6e70fb3897105a4d6067834d4f6ff9271b2df14" mindelta="1" diff --git a/danish/security/2006/dsa-1177.wml b/danish/security/2006/dsa-1177.wml deleted file mode 100644 index 06115653f06..00000000000 --- a/danish/security/2006/dsa-1177.wml +++ /dev/null @@ -1,17 +0,0 @@ -programmeringsfejl - -

Hendrik Weimer har opdaget at det var muligt for almindelige brugere at -slå loginskallen til root-kontoen fra gennem usermin, et webbaseret -administrationsværktøj.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.110-3.1.

- -

I opstrømsdistributionen er dette problem rettet i version 1.220.

- -

Vi anbefaler at du opgraderer din usermin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1177.data" -#use wml::debian::translation-check translation="1414537b9267db89fddceddac1e0a4d2bdd1683a" mindelta="1" diff --git a/danish/security/2006/dsa-1178.wml b/danish/security/2006/dsa-1178.wml deleted file mode 100644 index 52c07639c03..00000000000 --- a/danish/security/2006/dsa-1178.wml +++ /dev/null @@ -1,18 +0,0 @@ -heltalsoverløb - -

Man har opdaget et heltalsoverløb i freetypes PCF-fontkode, hvilket kunne -føre til et lammelsesangreb (denial of service) og potentielt udførelse af -vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.1.7-6.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.2.1-5.

- -

Vi anbefaler at du opgraderer din freetype-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1178.data" -#use wml::debian::translation-check translation="0348899f1e341e4f3298ab7757e6147a13afc78e" mindelta="1" diff --git a/danish/security/2006/dsa-1179.wml b/danish/security/2006/dsa-1179.wml deleted file mode 100644 index daaf43f7484..00000000000 --- a/danish/security/2006/dsa-1179.wml +++ /dev/null @@ -1,17 +0,0 @@ -programmeringsfejl - -

Luigi Auriemma har opdaget flere bufferoverløb i alsaplayer, en -PCM-afspiller til ALSA, hvilket kunne føre til programnedbrud og måske værre -resultater.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.99.76-0.3sarge1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din alsaplayer-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1179.data" -#use wml::debian::translation-check translation="0bf09a003054363eb8b02cbfeec42051d35d4ab9" mindelta="1" diff --git a/danish/security/2006/dsa-1180.wml b/danish/security/2006/dsa-1180.wml deleted file mode 100644 index d03e74414a3..00000000000 --- a/danish/security/2006/dsa-1180.wml +++ /dev/null @@ -1,33 +0,0 @@ -programmeringsfejl - -

Luigi Auriemma har opdaget to sikkerhedsrelaterede fejl i bomberclone, en -fri Bomberman-klon. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2006-4005 - -

    Programmer kopierer fjernleverede data unkontrolleret, hvilket kunne - føre til et lammelsesangreb (denial of service) gennem et - programnedbrud.

    • - -
  • CVE-2006-4006 - -

    Bomberclone anvender fjernleverede data som en parameterlængde, hvilket - kunne føre til afsløring af private oplysninger.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.11.5-1sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.11.7-0.1.

- -

Vi anbefaler at du opgraderer din bomberclone-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1180.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1181.wml b/danish/security/2006/dsa-1181.wml deleted file mode 100644 index 0b90c1778b5..00000000000 --- a/danish/security/2006/dsa-1181.wml +++ /dev/null @@ -1,47 +0,0 @@ -flere sårbarheder - -

Tavis Ormandy fra Google Security Team har opdaget flere sårbarheder i gzip, -GNU's kompressionsværktøj. Projeketet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-4334 - -

    En null-pointerdereference kunne føre til lammelsesangreb (denial of - service) hvis gzip blev anvendt på en automatiseret måde.

    • - -
  • CVE-2006-4335 - -

    Manglende grænsekontroller kunne føre til stak-ændring, hvilket kunne - tillade udførelse af vilkårlig kode.

    • - -
  • CVE-2006-4336 - -

    Et bufferunderløb i pack-supportkoden kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2006-4337 - -

    Et bufferunderløb i LZH-suportkoden kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2006-4338 - -

    En uendelig løkke kunne føre til lammelsesangreb hvis gzip blev anvendt - på en automatiseret måde.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.3.5-10sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.3.5-15.

- -

Vi anbefaler at du opgraderer din gzip-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1181.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1182.wml b/danish/security/2006/dsa-1182.wml deleted file mode 100644 index 7008243f893..00000000000 --- a/danish/security/2006/dsa-1182.wml +++ /dev/null @@ -1,18 +0,0 @@ -kryptografisk svaghed - -

Daniel Bleichenbacher har opdaget en fejl i den kryptografiske GNU -TLS-pakke, der kunne gøre det muligt for en angriber at generere en forfalsket -signatur, som GNU TLS accepterede som valid.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.16-13.2sarge2.

- -

Den ustabile distribution (sid) indeholder ikke længere gnutls11, hvad angår -gnutls13 er dette problem rettet i version 1.4.4-1.

- -

Vi anbefaler at du opgraderer din GNU TLS-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1182.data" -#use wml::debian::translation-check translation="df8f4c152e12030b4f3e888761f951046952fb58" mindelta="1" diff --git a/danish/security/2006/dsa-1183.wml b/danish/security/2006/dsa-1183.wml deleted file mode 100644 index 949a67e3fcc..00000000000 --- a/danish/security/2006/dsa-1183.wml +++ /dev/null @@ -1,131 +0,0 @@ -flere sårbarheder - -

Flere sikkhedsrelaterede problemer er fundet i Linux-kernen, de kunne føre -til lammelsesangreb (denial of service) eller endda udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2005-4798 - -

    Et bufferoverløb i håndteringen af NFS-readlink gjorde det muligt for en - ondsindet fjern server at forårsage et lammelsesangreb.

    • - -
  • CVE-2006-2935 - -

    Diego Calleja Garcia har opdaget et bufferoverløb i dvd-håndteringskoden, - hvilket kunne udnyttes af en særligt fremstillet dvd eller USB-lagringsenhed - til at udføre vilkårlig kode.

    • - -
  • CVE-2006-1528 - -

    Douglas Gilbert rapporterede en fejl i sg-driveren, der gjorde det muligt - for lokale brugere at forårsage et lammelsesangreb ved at udføre direkte - I/O-overførsler fra sg-driveren til hukommelsesmappet I/O-område..

    • - -
  • CVE-2006-2444 - -

    Patrick McHardy opdagede en fejl i SNMP NAT-hjælperen, hvilket gjorde det - muligt for fjernangribere at forårsage et lammelsesangreb.

    • - -
  • CVE-2006-2446 - -

    En race condition i socket-bufferhåndteringen gjorde det muligt - for fjernangribere at forårsage et lammelsesangreb.

    • - -
  • CVE-2006-3745 - -

    Wei Wang har opdaget en fejl i SCTP-implementeringen, hvilket gjorde - det muligt for lokale brugere at forårsage et lammelsesangreb eller - muligvis opnå root-rettigheder.

    • - -
  • CVE-2006-4535 - -

    David Miller rapporterede et problem med rettelsen af - CVE-2006-3745, - hvilket gjorde det muligt for lokale brugere at få systemet til at gå ned - gennem en SCTP-socket med en bestemt SO_LINGER-værdi.

    • - -
- -

Følgende matriks forklarer hvilke kerne-versioner til hvilke arkitekturer, der -retter problemerne nævnt ovenfor:

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 stable (sarge)
Kildekode2.4.27-10sarge4
Alpha-arkitekturen2.4.27-10sarge4
ARM-arkitekturen2.4.27-2sarge4
Intel IA-32-arkitekturen2.4.27-10sarge4
Intel IA-64-arkitekturen2.4.27-10sarge4
Motorola 680x0-arkitekturen2.4.27-3sarge4
MIPS-arkitekturens2.4.27-10.sarge4.040815-1
PowerPC-arkitekturen2.4.27-10sarge4
IBM S/3902.4.27-2sarge4
Sun Sparc-arkitekturen2.4.27-9sarge4
FAI1.9.1sarge4
mindi-kernel2.4.27-2sarge3
kernel-image-speakup-i3862.4.27-1.1sarge3
systemimager3.2.3-6sarge3
- -

I den ustabile distribution (sid) vil disse problemer ikke blive rettet i -2.4-kerneserien.

- -

I den ustabile distribution (sid) these problems won't be fixed -anymore in the 2.4 kernel series.

- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har opbygget en skræddersyet kerne fra kernekildekodenpakken, -skal du genopbygge den for at drage nytte af disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1183.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1184.wml b/danish/security/2006/dsa-1184.wml deleted file mode 100644 index 0ed3419018a..00000000000 --- a/danish/security/2006/dsa-1184.wml +++ /dev/null @@ -1,176 +0,0 @@ -flere sårbarheder - -

Denne bulletin dækker S/390-komponenterne i den nylige sikkerhedsopdatering -af Linux 2.6.8-kernen, der manglende pga. tekniske problemer. Til reference er -herunder den oprindelige bulletins tekst.

- -
-

Flere sikkhedsrelaterede problemer er fundet i Linux-kernen, de kunne føre -til lammelsesangreb (denial of service) eller endda udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2004-2660 - -

    Toshihiro Iwamoto har opdaget en hukommelseslækage i håndteringen af - direkte I/O-skrivninger, hvilket gjorde det muligt for lokale brugere at - forårsage et lammelsesangreb.

    • - -
  • CVE-2005-4798 - -

    Et bufferoverløb i håndteringen af NFS-readlink gjorde det muligt for en - ondsindet fjern server at forårsage et lammelsesangreb.

    • - -
  • CVE-2006-1052 - -

    Stephen Smalley har opdaget en fejl i SELinux' ptrace-håndtering, - hvilket gjorde det muligt for lokale brugere med ptrace-rettigheder at - ændre tracer-SID'en til SID'en hørende til en anden proces.

    • - -
  • CVE-2006-1343 - -

    Pavel Kankovsky har opdaget en informationslækage i systemkaldet - getsockopt, hvilket kunne udnyttes af et lokal program til at lække - potentielt følsom hukommelse til brugerområdet.

    • - -
  • CVE-2006-1528 - -

    Douglas Gilbert rapporterede en fejl i sg-driveren, der gjorde det muligt - for lokale brugere at forårsage et lammelsesangreb ved at udføre direkte - I/O-overførsler fra sg-driveren til hukommelsesmappet I/O-område..

    • - -
  • CVE-2006-1855 - -

    Mattia Belletti bemærkede at bestemt debugkode efterladt i - proceshåndteringskoden kunne udnyttes af en lokal angriber til at - forårsage et lammelsesangreb.

    • - -
  • CVE-2006-1856 - -

    Kostik Belousov opdagede at en manglende LSM file_permission-kontrol i - funktionerne readv og writev måske kunne gøre det muligt for angribere at - omgå tilsigtede adgangsbegrænsninger.

    • - -
  • CVE-2006-2444 - -

    Patrick McHardy opdagede en fejl i SNMP NAT-hjælperen, hvilket gjorde det - muligt for fjernangribere at forårsage et lammelsesangreb.

    • - -
  • CVE-2006-2446 - -

    En race condition i socket-bufferhåndteringen gjorde det muligt - for fjernangribere at forårsage et lammelsesangreb.

    • - -
  • CVE-2006-2935 - -

    Diego Calleja Garcia har opdaget et bufferoverløb i dvd-håndteringskoden, - hvilket kunne udnyttes af en særligt fremstillet dvd-USB-lagringsenhed - til at udføre vilkårlig kode.

    • - -
  • CVE-2006-2936 - -

    Der er opdaget en fejl i den serielle USB-driver, hvilket kunne udnyttes - af en skræddersyet seriel USB-adapter til at forbruge vilkårlige mængder - hukommelse.

    • - -
  • CVE-2006-3468 - -

    James McKenzie har opdaget en lammelsesangrebssårbarhed i NFS-driveren. - Ved eksport af et ext3-filsystem over NFS, kunne en fjernangriber udnytte - sårbarheden til at udløse systempanik ved at sende særligt fremstillede - UDP-pakker.

    • - -
  • CVE-2006-3745 - -

    Wei Wang har opdaget en fejl i SCTP-implementeringen, hvilket gjorde - det muligt for lokale brugere at forårsage et lammelsesangreb eller - muligvis opnå root-rettigheder.

    • - -
  • CVE-2006-4093 - -

    Olof Johansson har opdaget at kernen ikke slog HID0-bitten fra på PowerPC - 970-processorer, hvilket kunne udnyttes af en lokal angriber til at - forårsage et lammelsesangreb.

    • - -
  • CVE-2006-4145 - -

    En fejl i filsystemsdriveren til Universal Disk Format (UDF) kunne - udnyttes af en lokal bruger til at forårsage et lammelseangreb.

    • - -
  • CVE-2006-4535 - -

    David Miller rapporterede et problem med rettelsen af - CVE-2006-3745, - hvilket gjorde det muligt for lokale brugere at få systemet til at gå ned - gennem en SCTP-socket med en bestemt SO_LINGER-værdi.

    • - -
-
- -

Følgende matriks forklarer hvilke kerne-versioner til hvilke arkitekturer, der -retter problemerne nævnt ovenfor:

- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 stable (sarge)
Kildekode2.6.8-16sarge5
Alpha-arkitekturen2.6.8-16sarge5
AMD64-arkitekturen2.6.8-16sarge5
HP Precision-arkitekturen2.6.8-6sarge5
Intel IA-32-arkitekturen2.6.8-16sarge5
Intel IA-64-arkitekturen2.6.8-14sarge5
Motorola 680x0-arkitekturen2.6.8-4sarge5
PowerPC-arkitekturen2.6.8-12sarge5
IBM S/3902.6.8-5sarge5
Sun Sparc-arkitekturen2.6.8-15sarge5
FAI1.9.1sarge4
- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.6.18-1.

- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har opbygget en skræddersyet kerne fra kernekildekodenpakken, -skal du genopbygge den for at drage nytte af disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1184.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1185.wml b/danish/security/2006/dsa-1185.wml deleted file mode 100644 index 966950372a1..00000000000 --- a/danish/security/2006/dsa-1185.wml +++ /dev/null @@ -1,79 +0,0 @@ -lammelsesangreb - -

Rettelsen der blev anvendt til at korrigere CVE-2006-2940, introducerede -kode, der kunne føre til anvendelse af uinitialiseret hukommelse. En sådan -anvendelse ville sandsynligvis få programmer der anvender openssl-biblioteket -til at gå ned, og har potentialet til at gøre det muligt for en angriber, at -forårsage udførelse af vilkårlig kode. For reference er herunder den -oprindelige bulletins tekst:

- -
-

Flere sårbarheder er opdaget i OpenSSL-kryptografipakken, hvilket kunne give -en angriber mulighed for at iværksætte et lammelsesangreb (denial of service) -ved at opbruge systemressourcer eller få processer på offerets maskine til at -gå ned.

- -
    - -
  • - CVE-2006-2937 -

    Dr S N Henson fra OpenSSL's kerneteam og Open Network Security udviklede - for nylig en ANS1-testsuite for NISCC (www.niscc.gov.uk). Da testsuiten - blev kørt mod OpenSSL, blev to lammelsesangreb opdaget.

    - -

    Under fortolkingen af visse ugyldige ANS1-strukturer, blev en - fejlsituation behandlet forkert. Dette kunne føre til en uendelig - løkke, hvilket forbrugte systemhukommelse.

    - -

    Al kode der anvender OpenSSL til at fortolke ANS1-data fra kilder - man ikke stoler på, er påvirket. Deriblandt SSL-servere der muliggør - klientautentificering og S/MIME-appplikationer.

    -
    • - -
  • - CVE-2006-3738 -

    Tavis Ormandy og Will Drewry fra Google Security Team har opdaget et - bufferoverløb i værktøjsfunktionen SSL_get_shared_ciphers, der anvendes - af applikationer som exim og mysql. En angriber kunne sende en liste - over koder (ciphers), hvilket fik en buffer til at løbe over.

    -
    • - -
  • - CVE-2006-4343 -

    Tavis Ormandy og Will Drewry fra Google Security Team har opdaget et - muligt lammelsesangreb (DoS) i sslv2-klientkoden. Hvor en - klientapplikation anvender OpenSSL til at etablere en SSLv2-forbindelse - til en ondsindet server, kunne denne server få klienten til at gå - ned.

    -
    • - -
  • - CVE-2006-2940 -

    Dr S N Henson fra OpenSSL's kerneteam og Open Network Security udviklede - for nylig en ANS1-testsuite for NISCC (www.niscc.gov.uk). Da testsuiden - blev kørt mod OpenSSL blev et lammelsesangreb opdaget.

    - -

    Visse former for offentlige nøgler kunne tage uforholdsmæssig lang - tid at behandle, hvilket kunne benyttes af en angriber i et - lammelsesangreb.

    -
    • - -
-
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.9.7e-3sarge4.

- -

I den ustabile og distributionen testing (hhv. sid og etch) vil disse -problemer blive rettet i version 0.9.7k-3 af openssl097-kompatible biblioteker -samt version 0.9.8c-3 af openssl-pakken.

- -

Vi anbefaler at du opgraderer din openssl-pakke. Bemærk at -serviceprogrammer der linker mod delte openssl-biblioteker skal genstartes. -Typiske eksempler på sådanne serviceprogrammer er for eksempel de flete -mailserverprogrammer, SSH-servere og webservere.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1185.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1186.wml b/danish/security/2006/dsa-1186.wml deleted file mode 100644 index 2e2fa2d99e2..00000000000 --- a/danish/security/2006/dsa-1186.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Will Drewry fra Google Security Team har opdaget flere bufferoverløb i -cscope, et værktøj til at gennemse kildekode, hvilket kunne føre til -udførelse af vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 15.5-1.1sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 15.5+cvs20060902-1.

- -

Vi anbefaler at du opgraderer din cscope-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1186.data" -#use wml::debian::translation-check translation="124f06add18395512c78e361047f63b6eeea261d" mindelta="1" diff --git a/danish/security/2006/dsa-1187.wml b/danish/security/2006/dsa-1187.wml deleted file mode 100644 index 546ce0f3dda..00000000000 --- a/danish/security/2006/dsa-1187.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikre midlertidige filer - -

Jason Hoover har opdaget at migrationtools, en samling skripter til -migrering af brugerdata til LDAP, oprettede flere midlertidige filer på en -usikker måde, hvilket kunne føre til lammelsesangreb (denial of service) gennem -et symlink-angreb.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 46-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 46-2.1.

- -

Vi anbefaler at du opgraderer din migrationtools-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1187.data" -#use wml::debian::translation-check translation="258317c310baac58fbd30303218eb6bfd7614a76" mindelta="1" diff --git a/danish/security/2006/dsa-1188.wml b/danish/security/2006/dsa-1188.wml deleted file mode 100644 index b7f96f242d2..00000000000 --- a/danish/security/2006/dsa-1188.wml +++ /dev/null @@ -1,33 +0,0 @@ -formatstrengsårbarhed - -

Flere sikkerhedsrelaterede problemer er opdaget i mailman, det webbaserede -postlistehåndteringsprogram fra GNU. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-3636 - -

    Moritz Naumann har opdaget flere problemer i forbindelse med udførelse - af skripter på tværs af websteder, hvilket kunne gøre det muligt for - fjernangribere at indsprøjte webskriptkode eller HTML.

    • - -
  • CVE-2006-4624 - -

    Moritz Naumann har opdaget af en fjernangriber kunne indsprøjte - vilkårlige strenge i logfilen.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.1.5-8sarge5.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.1.8-3.

- -

Vi anbefaler at du opgraderer din mailman-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1188.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1189.wml b/danish/security/2006/dsa-1189.wml deleted file mode 100644 index 46dca609724..00000000000 --- a/danish/security/2006/dsa-1189.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i OpenSSH, en fri implementering -af Secure Shell-protokollen, hvilket kunne føre til lammelsesangreb (denial of -service) og potentielt udførelse af vilkårlig kode. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-4924 - -

    Tavis Ormandy fra Google Security Team har opdaget en - lammelsesangrebssårbarhed i koden til bekæmpelse af komplekse angreb, - hvilket kunne føre til forøget CPU-forbrug indtil en timeout blev udløst. - Dette kunne kun udnyttes hvis understøttelse af SSH-protokollens version 1 - var slået til.

    • - -
  • CVE-2006-5051 - -

    Mark Dowd har opdaget at usikker signalhåndtering potentielt kunne føre - til udførelse af vilkårlig kode gennem en dobbelt frigivelse. Debians - sikkerhedsteam mener ikke at den generelle openssh-pakke uden - understøttelse af Kerberos kan udnyttes vha. dette problem. Men på grund af - den underliggende kodes kompleksitet vil vi dog alligevel udsende en - opdatering for en sikkerheds skyld.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 3.8.1p1-7sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.3p2-4 af openssh. openssh-krb5 vil snart blive konverteret til en -overgangspakke til openssh.

- -

Vi anbefaler at du opgraderer dine openssh-krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1189.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1190.wml b/danish/security/2006/dsa-1190.wml deleted file mode 100644 index 1e3fab19d31..00000000000 --- a/danish/security/2006/dsa-1190.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Oliver Karow har opdaget at WebDBM-frontend'en til MaxDB-databasen udførte -utilstrækkelig kontrol af forespørgsler sendt til den, hvilket kunne føre til -udførelse af vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 7.5.00.24-4.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din maxdb-7.5.00-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1190.data" -#use wml::debian::translation-check translation="f682c1cc0d897dcf52e4a8292d23969ffc6472a6" mindelta="1" diff --git a/danish/security/2006/dsa-1191.wml b/danish/security/2006/dsa-1191.wml deleted file mode 100644 index cb85f10d854..00000000000 --- a/danish/security/2006/dsa-1191.wml +++ /dev/null @@ -1,60 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla og afledte -produkter så som Mozilla Thunderbird. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2006-2788 - -

    Fernando Ribeiro har opdaget en sårbarhed i funktionen getRawDER gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb (denial of - service; hængende program) og muligvis udførelse af vilkårlig - kode.

    • - -
  • CVE-2006-4340 - -

    Daniel Bleichenbacher beskrev for nylig en implementeringsfejl i - RSA-signaturverifikationen, hvilket ukorrekt for programmet til at stole på - SSL-certifikater.

    • - -
  • CVE-2006-4565, CVE-2006-4566 - -

    Priit Laes rapporterede at regulære udtryk i JavaScript kunne udløse et - heap-baseret bufferoverløb, hvilket gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb og muligvis udførelse af vilkårlig - kode.

    • - -
  • CVE-2006-4568 - -

    En sårbarhed er opdaget, hvilket gjorde det muligt for fjernangribere at - omgå sikkerhedsmodellen og sprøjte indhold ind i et andet websteds - under-frame.

    • - -
  • CVE-2006-4570 - -

    Georgi Guninski demonstrerede at selv med JavaScript slået fra i - e-mail-delen (standard), kunne en angriber alligevel udføre JavaScript når - en e-mail blev vist, besvaret eller videresendt.

    • - -
  • CVE-2006-4571 - -

    Flere uspecifierede sårbarheder i Firefox, Thunderbird og SeaMonkey - gjorde det muligt for fjernangribere at forårsage lammelsesangreb, - beskadige hukommelsen og muligvis udføre vilkårlig kode.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.2-2.sarge1.0.8c.1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.5.0.7-1.

- -

Vi anbefaler at du opgraderer dine Mozilla Thunderbird-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1191.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1192.wml b/danish/security/2006/dsa-1192.wml deleted file mode 100644 index 13290b1afaa..00000000000 --- a/danish/security/2006/dsa-1192.wml +++ /dev/null @@ -1,57 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla og afledte -produkter så som Mozilla Thunderbird. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2006-2788 - -

    Fernando Ribeiro har opdaget en sårbarhed i funktionen getRawDER gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb (denial of - service; hængende program) og muligvis udførelse af vilkårlig - kode.

    • - -
  • CVE-2006-4340 - -

    Daniel Bleichenbacher beskrev for nylig en implementeringsfejl i - RSA-signaturverifikationen, hvilket ukorrekt for programmet til at stole på - SSL-certifikater.

    • - -
  • CVE-2006-4565, CVE-2006-4566 - -

    Priit Laes rapporterede at regulære udtryk i JavaScript kunne udløse et - heap-baseret bufferoverløb, hvilket gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb og muligvis udførelse af vilkårlig - kode.

    • - -
  • CVE-2006-4568 - -

    En sårbarhed er opdaget, hvilket gjorde det muligt for fjernangribere at - omgå sikkerhedsmodellen og sprøjte indhold ind i et andet websteds - under-frame.

    • - -
  • CVE-2006-4570 - -

    Georgi Guninski demonstrerede at selv med JavaScript slået fra i - e-mail-delen (standard), kunne en angriber alligevel udføre JavaScript når - en e-mail blev vist, besvaret eller videresendt.

    • - -
  • CVE-2006-4571 - -

    Flere uspecifierede sårbarheder i Firefox, Thunderbird og SeaMonkey - gjorde det muligt for fjernangribere at forårsage lammelsesangreb, - beskadige hukommelsen og muligvis udføre vilkårlig kode.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.7.8-1sarge7.3.1.

- -

Vi anbefaler at du opgraderer din Mozilla-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1192.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1193.wml b/danish/security/2006/dsa-1193.wml deleted file mode 100644 index 7d3c976e0d1..00000000000 --- a/danish/security/2006/dsa-1193.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i X Window System, hvilket kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb (denial of service). -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2006-3467 - -

    Chris Evan opdagede et heltalsoverløb i koden der håndterer - PCF-skrifttyper, hvilket kunne føre til lammelsesangreb hvis en misdannet - skrifttype blev åbnet.

    • - -
  • CVE-2006-3739 - -

    Man har opdaget et heltalsoverløb i koden der håndterer Adobe Font - Metrics, hvilket kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2006-3740 - -

    Man har opdaget et heltalsoverløb i koden der håndterer CMap- og - CIDFont-skrifttypedata, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2006-4447 - -

    XFree86's initialiseringskode udførte utilstrækkelig kontrol af - returværdien fra setuid() når rettigheder blev smidt væk, hvilket kunne - føre til en lokal rettighedsforøgelse.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4.3.0.dfsg.1-14sarge2. Denne udgave mangler opbygninger til -arkitekturen Motorola 680x0, som gik galt på grund at pladsproblemer på -harddisken på opbygningsmaskinen. De vil blive udgivet når dette problem er -løst.

- -

I den ustabile distribution (sid) er disse problemer rettet -i version 1:1.2.2-1 af libxfont og version 1:1.0.2-9 af xorg-server.

- -

Vi anbefaler at du opgraderer dine XFree86-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1193.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1194.wml b/danish/security/2006/dsa-1194.wml deleted file mode 100644 index 02f7992334d..00000000000 --- a/danish/security/2006/dsa-1194.wml +++ /dev/null @@ -1,18 +0,0 @@ -heltalsoverløb - -

Man har opdaget et heltalsoverløb i libwmf, biblioteket der læser filer i -Windows Metafile-format, hvilket kunne udnyttes til at udføre vilkårlig kode -hvis en særligt fremstillet WMF-fil blev behandlet.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.2.8.3-2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.2.8.4-2.

- -

Vi anbefaler at du opgraderer din libwmf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1194.data" -#use wml::debian::translation-check translation="96e9168c004e655c10692fb5d43ad59f0e9982be" mindelta="1" diff --git a/danish/security/2006/dsa-1195.wml b/danish/security/2006/dsa-1195.wml deleted file mode 100644 index cefd496bf62..00000000000 --- a/danish/security/2006/dsa-1195.wml +++ /dev/null @@ -1,51 +0,0 @@ -lammelsesangreb (flere) - -

Flere sårbarheder er opdaget i OpenSSL-kryptografipakken, hvilket kunne give -en angriber mulighed for at iværksætte et lammelsesangreb (denial of service) -ved at opbruge systemressourcer eller få processer på offerets maskine til at -gå ned.

- -
    - -
  • CVE-2006-3738 - -

    Tavis Ormandy og Will Drewry fra Google Security Team har opdaget et - bufferoverløb i værktøjsfunktionen SSL_get_shared_ciphers, der anvendes - af applikationer som exim og mysql. En angriber kunne sende en liste - over koder (ciphers), hvilket fik en buffer til at løbe over.

    • - -
  • CVE-2006-4343 - -

    Tavis Ormandy og Will Drewry fra Google Security Team har opdaget et - muligt lammelsesangreb (DoS) i sslv2-klientkoden. Hvor en - klientapplikation anvender OpenSSL til at etablere en SSLv2-forbindelse - til en ondsindet server, kunne denne server få klienten til at gå - ned.

    • - -
  • CVE-2006-2940 - -

    Dr S N Henson fra OpenSSL's kerneteam og Open Network Security udviklede - for nylig en ANS1-testsuite for NISCC (www.niscc.gov.uk). Da testsuiden - blev kørt mod OpenSSL blev et lammelsesangreb opdaget.

    - -

    Visse former for offentlige nøgler kunne tage uforholdsmæssig lang - tid at behandle, hvilket kunne benyttes af en angriber i et - lammelsesangreb.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.9.6m-1sarge4.

- -

Denne pakke findes kun af hensyn til kompatibilitet med ældre programmer, og -findes ikke i Debians ustabile eller testing-distributioner.

- -

Vi anbefaler at du opgraderer din openssl096-pakke. Bemærk at -serviceprogrammer der linker mod delte openssl-biblioteker skal genstartes. -Typiske eksempler på sådanne serviceprogrammer er for eksempel de flete -mailserverprogrammer, SSH-servere og webservere.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1195.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1196.wml b/danish/security/2006/dsa-1196.wml deleted file mode 100644 index c28bdfe9558..00000000000 --- a/danish/security/2006/dsa-1196.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i ClamAV, programmaskinen til -scanning efter ondsindede programmer, hvilket kunne føre til udførelse af -vilkårlig kode. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende problemer:

- -
    - -
  • CVE-2006-4182 - -

    Damian Put har opdaget en heapoverløbsfejl i skriptet der genopbygger - PE-filer, hvilket kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2006-5295 - -

    Damian Put har opdaget at manglende kontrol af inddata i - CHM-håndteringen kunne føre lammelsesangreb (denial of service).

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.84-2.sarge.11. På grund af tekniske problemer med opbygningsmaskinen -er der i denne opdatering ikke en opbygning til Sparc-arkitekturen. Denne vil -snart blive stillet til rådighed.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.88.5-1.

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1196.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1197.wml b/danish/security/2006/dsa-1197.wml deleted file mode 100644 index be61d11639d..00000000000 --- a/danish/security/2006/dsa-1197.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Benjamin C. Wiley Sittler opdagede at repr() i Python-fortolkeren -allokerede en utilstrækkelig mængde hukommelse ved fortolkning af UCS-4 -Unicode-strenge, hvilket kunne føre til udførelse af vilkårlig kode gennem et -bufferoverløb.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.4.1-2sarge1. På grund af opbygningsproblemer mangler denne -opdatering rettede pakker til m68k-arkitekturen. Når problemet er løst, vil -der blive frigivet binære filer til m68k.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.4.4-1.

- -

Vi anbefaler at du opgraderer dine Python 2.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1197.data" -#use wml::debian::translation-check translation="f7ebe706f87556901da0a77cbb59a04c11967ed7" mindelta="1" diff --git a/danish/security/2006/dsa-1198.wml b/danish/security/2006/dsa-1198.wml deleted file mode 100644 index e71efdf2fc8..00000000000 --- a/danish/security/2006/dsa-1198.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Benjamin C. Wiley Sittler opdagede at repr() i Python-fortolkeren -allokerede en utilstrækkelig mængde hukommelse ved fortolkning af UCS-4 -Unicode-strenge, hvilket kunne føre til udførelse af vilkårlig kode gennem et -bufferoverløb.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.3.5-3sarge2. På grund af opbygningsproblemer mangler denne -opdatering rettede pakker til Alpha- og Sparc-arkitekturerne. Når problemerne -er løst, vil der blive frigivet binære filer til disse arkitekturer.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.3.5-16.

- -

Vi anbefaler at du opgraderer dine Python 2.3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1198.data" -#use wml::debian::translation-check translation="bb28ee747db94f3d8b7c6c7d5c39367256724f18" mindelta="1" diff --git a/danish/security/2006/dsa-1199.wml b/danish/security/2006/dsa-1199.wml deleted file mode 100644 index c4de93fadb4..00000000000 --- a/danish/security/2006/dsa-1199.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i webmin, et webbaseret administreringsværktøj. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -sårbarheder:

- -
    -
  • CVE-2005-3912 -

    En formatstrengssårbarhed i miniserv.pl kunne gøre det muligt for en - angriber at forårsage et lammelsesangreb (denial of service) ved at få - programmet til at gå ned eller udmatte systemressourcer, og kunne - potentielt gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2006-3392 -

    Ukorrekt kontrol af inddata i miniserv.pl kunne gøre det muligt for - en angriber at læse vilkårlige filer på webmin-værten ved at levere en - særligt fremstillet URL-sti til http-serveren miniserv.

    • - -
  • CVE-2006-4542 -

    Ukorrekt håndtering af null-tegn i URL'er i miniserv.pl kunne gøre - det muligt for en angriber at iværksætte angreb i forbindelse med - udførelse af skripter på tværs af websteder (cross-site scripting), - læse CGI-programmers kildekode, vise indholdet af lokale mapper og - potentielt udføre vilkårlig kode.

    • -
- -

Stabile opdateringer er tilgængelige til alpha, amd64, arm, hppa, i386, -ia64, m68k, mips, mipsel, powerpc, s390 og sparc.

- -

I den stabile distribution (sarge), er disse problemer rettet i -version 1.180-3sarge1.

- -

Webmin findes ikke i distributionerne unstable (sid) eller testing (etch), -hvorved problemerne ikke er til stede dér.

- -

Vi anbefaler at du opgraderer din webmin (1.180-3sarge1)-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1199.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1200.wml b/danish/security/2006/dsa-1200.wml deleted file mode 100644 index 9e33cabac00..00000000000 --- a/danish/security/2006/dsa-1200.wml +++ /dev/null @@ -1,20 +0,0 @@ -heltalsoverløb - -

Et heltalsoverløb er fundet i pixmaphåndteringsrutinerne i Qt -GUI-bibliotekerne. Dette kunne gøre det muligt for en angriber at -forårsage et lammelsesangreb (denial of service) og muligvis udføre -vilkårlig kode ved at levere en særligt fremstillet billedfil og få -offeret til at se det i et program baseret på Qt.

- -

I den stabile distribution (sarge), er dette problem rettet i -version 3:3.3.4-3sarge1.

- -

I den ustabile distribution (sid), er dette problem rettet i -versions 3:3.3.7-1 and 4.2.1-1.

- -

Vi anbefaler at du opgraderer dine qt-x11-free-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1200.data" -#use wml::debian::translation-check translation="f14732fea42a9ec7ae765acd4837d06a9e06bcab" mindelta="1" diff --git a/danish/security/2006/dsa-1201.wml b/danish/security/2006/dsa-1201.wml deleted file mode 100644 index bfdbeadd68a..00000000000 --- a/danish/security/2006/dsa-1201.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i netværksscanneren Ethereal. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2005-4574 - -

    Man har opdaget at MIME-multipartdissektoren var sårbar over for - lammelsesangreb (denial of service) forårsaget et af forskudt med - en-overløb.

    • - -
  • CVE-2006-4805 - -

    Man har opdaget at XOT-dissektoren var sårbar over for lammelsesangreb - forårsaget af hukommelseskorruption.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.10.10-2sarge9. På grund af tekniske problemer med -sikkerheds-buildd-infrastrukturen, mangler denne opdatering opbygninger til -arkitekturerne hppa og sparc; de vil blive frigivet så snart problemerne er -løst.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine ethereal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1201.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1202.wml b/danish/security/2006/dsa-1202.wml deleted file mode 100644 index 393121a9743..00000000000 --- a/danish/security/2006/dsa-1202.wml +++ /dev/null @@ -1,22 +0,0 @@ -programmeringsfejl - -

cstone og Rich Felker har opdaget at særligt fremstillede UTF-8-sekvenser -kunne føre til hukommelsesskrivning uden for grænserne, når de blev vist inden -for screen-terminalens multiplexer, hvilket muliggjorde lammelsesangreb (denial -of service) og potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.0.2-4.1sarge1. På grund af tekniske problemer med -sikkerheds-buildd-infrastrukturen mangler denne opdatering en opbygning til -Sun Sparc-arkitekturen. Den vil blive frigivet så snart problemerne er -løst.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.0.3-0.1.

- -

Vi anbefaler at du opgraderer din screen-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1202.data" -#use wml::debian::translation-check translation="d3b3ce1c162c016927ff895a5a4d09fd5ce8dbe7" mindelta="1" diff --git a/danish/security/2006/dsa-1203.wml b/danish/security/2006/dsa-1203.wml deleted file mode 100644 index 4f89d241fb4..00000000000 --- a/danish/security/2006/dsa-1203.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Steve Rigler har opdaget at PAM-modulet til autentificering mod LDAP-servere -behandlede PasswordPolicyReponse-kontrolmeddelelser ukorrekt, hvilket kunne føre -til at en angriber kunne logge på gennem en suspenderet systemkonto.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 178-1sarge3. På grund af tekniske problemer med -sikkerheds-buildd-infrastrukturen mangler denne opdatering en opbygning til -Sun Sparc-arkitekturen. Den vil blive frigivet så snart problemerne er -løst.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 180-1.2.

- -

Vi anbefaler at du opgraderer din libpam-ldap-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1203.data" -#use wml::debian::translation-check translation="ddec1b7594cc7533f2a4a57193b803707b85ffba" mindelta="1" diff --git a/danish/security/2006/dsa-1204.wml b/danish/security/2006/dsa-1204.wml deleted file mode 100644 index 8c13431d17b..00000000000 --- a/danish/security/2006/dsa-1204.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at e-mail-filterregelhåndteringsprogrammet Ingo udførte -utilstrækkelig indkaspling af brugerleverede data i oprettede -procmail-regelfiler, hvilket kunne gøre det muligt at udføre vilkårlige -shell-kommandoer.

- -

I den stabile distribution (sarge), er dette problem rettet i -version 1.0.1-1sarge1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.2-1.

- -

Vi anbefaler at du opgraderer din ingo1-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1204.data" -#use wml::debian::translation-check translation="162d8b2eb786c9b2c443e5b675aeba134e3b1cbc" mindelta="1" diff --git a/danish/security/2006/dsa-1205.wml b/danish/security/2006/dsa-1205.wml deleted file mode 100644 index d6e6d6aec81..00000000000 --- a/danish/security/2006/dsa-1205.wml +++ /dev/null @@ -1,25 +0,0 @@ -usikre midlertidige filer - -

Den oprindelige bulletin for dette problem indeholdt ikke rettede pakker til -alle understøttede arkitekturer, hvilket rettes med denne opdatering. Til -reference er herunder den oprindelige bulletins tekst:

- -
-

Marco d'Itri har opdaget at thttpd, en lille, hurtig og sikker webserver, -anvendte usikre midlertidige filer når dens logfiler blev roteret, hvilket -kunne føre til et lammelsesangreb (denial of service) gennem et -symlinkangreb.

-
- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.23beta1-3sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.23beta1-5.

- -

Vi anbefaler at du opgraderer din thttpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1205.data" -#use wml::debian::translation-check translation="8a8bd9975a1f24d390a192514ff88c1e4c4e058e" mindelta="1" diff --git a/danish/security/2006/dsa-1206.wml b/danish/security/2006/dsa-1206.wml deleted file mode 100644 index 21d579ba89b..00000000000 --- a/danish/security/2006/dsa-1206.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i PHP, et serverside-skriptsprog -med indlejret HTML, hvilket kunne føre udførelse af vilkårlig kode. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-3353 - -

    Tim Starling har opdaget at manglende kontrol af inddata i EXIF-modulet - kunne føre til lammelsesangreb (denial of service).

    • - -
  • CVE-2006-3017 - -

    Stefan Esser har opdaget en sikkerhedskritisk programmeringsfejl i - hashtabel-implementeringen i den interne Zend-maskine.

    • - -
  • CVE-2006-4482 - -

    Man har opdaget af funktionerne str_repeat() og wordwrap() udførte - utilstrækkelige kontroller for buffergrænser på 64 bit-systemet, hvilket - måske kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2006-5465 - -

    Stefan Esser har opdaget et bufferoverløb i htmlspecialchars() og - htmlentities(), hvilket måske kunne føre til udførelse af vilkårlig - kode.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4:4.3.10-18. Opbygninger til hppa og m68k vil blive stillet til -rådighed senere, når de er tilgængelige.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4:4.4.4-4 af php4 og version 5.1.6-6 af php5.

- -

Vi anbefaler at du opgraderer dine php4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1206.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1207.wml b/danish/security/2006/dsa-1207.wml deleted file mode 100644 index f94a04518be..00000000000 --- a/danish/security/2006/dsa-1207.wml +++ /dev/null @@ -1,58 +0,0 @@ -flere sårbarheder - -

Opdateringen af phpmyadmin i DSA 1207 indførte en regression. Denne -opdatering retter fejlen. For fuldstændighedens skyld er herunder den -oprindelige tekst fra bulletinen:

- -
-

Flere fjernudnytbare sårbarheder er fundet i phpMyAdmin, et program til -administrering af MySQL over web'et. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-3621 - -

    En CRLF-indsprøjtningssårbarhed gjorde det muligt for fjernangribere at - iværksætte HTTP-svaropsplitningsangreb (HTTP response splitting).

    • - -
  • CVE-2005-3665 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (cross-site scripting, XSS) gjorde det muligt for fjernangribere - at indsprøjte vilkårlige webskripter eller HTML gennem (1) variablen - HTTP_HOST og (2) forskellige skripter i libraries-mappen, der håndterer - header-generering.

    • - -
  • CVE-2006-1678 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder gjorde det muligt for fjernangribere at indsprøjte vilkårlige - webskripter eller HTML gennem skripter i themes-mappen.

    • - -
  • CVE-2006-2418 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder gjorde det muligt for fjernangribere at indsprøjte vilkårlige - webskripter eller HTML gennem db-parameteret i footer.inc.php.

    • - -
  • CVE-2006-5116 - -

    En fjernangriber kunne overskrive interne variable gennem den globale - variabel _FILES.

    • - -
-
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.6.2-3sarge3.

- -

I den kommende stabile distribution (etch) og i den ustabile distribution -(sid) er disse problemer rettet i version 2.9.0.3-1.

- -

Vi anbefaler at du opgraderer din phpmyadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1207.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1208.wml b/danish/security/2006/dsa-1208.wml deleted file mode 100644 index 075e3c28bf8..00000000000 --- a/danish/security/2006/dsa-1208.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i fejlsporingssystemet Bugzilla, -hvilket kunne føre til udførelse af vilkårlig kode. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2005-4534 - -

    Javier Fernández-Sanguino Peña opdagede at usikker anvendelse af en - midlertidig fil kunne føre til lammelsesangreb (denian of service) gennem - et symlink-angreb.

    • - -
  • CVE-2006-5453 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder kunne føre til indspøjtning af vilkårlig webskriptkode.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.16.7-7sarge2.

- -

I den kommende stabile distribution (etch) er disse problemer -rettet i version 2.22.1-1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.22.1-1.

- -

Vi anbefaler at du opgraderer dine bugzilla-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1208.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1209.wml b/danish/security/2006/dsa-1209.wml deleted file mode 100644 index 27ed2e6948d..00000000000 --- a/danish/security/2006/dsa-1209.wml +++ /dev/null @@ -1,20 +0,0 @@ -cross-site-forespørgselsforfalskning - -

Man har opdaget at Trac, en wiki og problemstyringssystem til -softwareudviklingsprojekter, udførte utilstrækkelig validering for -cross-site-forespørgselsforfalskninger, hvilket kunne føre til at en angriber -kunne foretage manipulering med et Trac-websted, med rettighederne hørende -til den angrebne Trac-bruger.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.8.1-3sarge7.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.10.1-1.

- -

Vi anbefaler at du opgraderer din trac-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1209.data" -#use wml::debian::translation-check translation="c67fc40944f35ea2bf317d40efc6c71434d1f58d" mindelta="1" diff --git a/danish/security/2006/dsa-1210.wml b/danish/security/2006/dsa-1210.wml deleted file mode 100644 index 53277732b62..00000000000 --- a/danish/security/2006/dsa-1210.wml +++ /dev/null @@ -1,54 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla og afledte -produkter, så som Mozilla Firefox. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2006-2788 - -

    Fernando Ribeiro har opdaget en sårbarhed i funktionen getRawDER gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb (denial of - service; hængende program) og muligvis udførelse af vilkårlig - kode.

    • - -
  • CVE-2006-4340 - -

    Daniel Bleichenbacher beskrev for nylig en implementeringsfejl i - RSA-signaturverifikationen, hvilket ukorrekt for programmet til at stole på - SSL-certifikater.

    • - -
  • CVE-2006-4565, CVE-2006-4566 - -

    Priit Laes rapporterede at regulære udtryk i JavaScript kunne udløse et - heap-baseret bufferoverløb, hvilket gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb og muligvis udførelse af vilkårlig - kode.

    • - -
  • CVE-2006-4568 - -

    En sårbarhed er opdaget, hvilket gjorde det muligt for fjernangribere at - omgå sikkerhedsmodellen og sprøjte indhold ind i et andet websteds - under-frame.

    • - -
  • CVE-2006-4571 - -

    Flere uspecifierede sårbarheder i Firefox, Thunderbird og SeaMonkey - gjorde det muligt for fjernangribere at forårsage lammelsesangreb, - beskadige hukommelsen og muligvis udføre vilkårlig kode.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.4-2sarge12.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.5.dfsg+1.5.0.7-1 of firefox.

- -

Vi anbefaler at du opgraderer dine Mozilla Firefox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1210.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1211.wml b/danish/security/2006/dsa-1211.wml deleted file mode 100644 index 61011a3e318..00000000000 --- a/danish/security/2006/dsa-1211.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Man har opdaget at misdannede TCP-pakker kunne føre til lammelsesangreb -(denial of service) og muligvis udførelse af vilkårlig kode, hvis navneserveren -PowerDNS fungerede som rekursiv navneserver.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.9.17-13sarge3.

- -

I den kommende stabile distribution (etch) er dette problem rettet -i version 3.1.4-1 of pdns-recursor.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.1.4-1 of pdns-recursor.

- -

Vi anbefaler at du opgraderer dine PowerDNS-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1211.data" -#use wml::debian::translation-check translation="340a935bcb0fa2b94594eb3db5e89bcb6ad7fa46" mindelta="1" diff --git a/danish/security/2006/dsa-1212.wml b/danish/security/2006/dsa-1212.wml deleted file mode 100644 index dbe43fd698d..00000000000 --- a/danish/security/2006/dsa-1212.wml +++ /dev/null @@ -1,35 +0,0 @@ -Lammelsesangreb - -

To lammelsesangrebssårbarheder (denial of service) er fundet i -OpenSSH-serveren. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende sårbarheder.

- -
    - -
  • CVE-2006-4924 - -

    sshd-understøttelsen til ssh-protokol version 1 håndterede ikke - duplikerede indkommende blokke på korrekt vis. Dette kunne gøre det - muligt for en fjernangriber at få sshd til at opbruge betydelige - CPU-ressourcer, førende til et lammelsesangreb.

    • - -
  • CVE-2006-5051 - -

    En "race condition" i signalhåndteringen kunne potentielt gøre det - muligt for fjernangribere at få sshd til at gå ned, og teoretisk gøre det - muligt at udføre vilkårlig kode.

    • - -
- -

I den stabile distribution (sarge), er disse problemer rettet i -version 1:3.8.1p1-8.sarge.6.

- -

I den ustabile og testing distributionerne, er disse problemer -rettet i version 1:4.3p2-4.

- -

Vi anbefaler at du opgraderer din openssh-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1212.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1213.wml b/danish/security/2006/dsa-1213.wml deleted file mode 100644 index 6eaf50adfce..00000000000 --- a/danish/security/2006/dsa-1213.wml +++ /dev/null @@ -1,48 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Imagemagick, en samling af -programmer til billedbehandling, hvilket måske kunne føre til udførelse af -vilkårlig kode. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende problemer:

- -
    - -
  • CVE-2006-0082 - -

    Daniel Kobras opdagede at Imagemagick var sårbar over for - formatstrengangreb i koden der fortolkede filnanvet.

    • - -
  • CVE-2006-4144 - -

    Damian Put opdagede at Imagemagick var sårbar over for bufferoverløb i - modulet til SGI-billeder.

    • - -
  • CVE-2006-5456 - -

    M Joonas Pihlaja opdagede at Imagemagick var sårbar over for - bufferoverløb i modulet til DCM- og PALM-billeder.

    • - -
  • CVE-2006-5868 - -

    Daniel Kobras opdagede at Imagemagick var sårbar over for bufferoverløb - i modelet til SGI-billeder.

    • -
- -

Denne opdatering tager også vare om regressioner i XCF-koden, som blev -indført i den foregående sikkerhedsopdatering.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 6:6.0.6.2-2.8.

- -

I den kommende stabile distribution (etch) er disse problemer -rettet i version 7:6.2.4.5.dfsg1-0.11.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 7:6.2.4.5.dfsg1-0.11.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1213.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1214.wml b/danish/security/2006/dsa-1214.wml deleted file mode 100644 index bedc3a23369..00000000000 --- a/danish/security/2006/dsa-1214.wml +++ /dev/null @@ -1,28 +0,0 @@ -bufferoverløb - -

Den oprindelige opdatering i DSA 1214-1 var utilstrækkelig; denne opdatering -retter problemet. Til reference er herunder den oprindelige bulletins -tekst:

- -
-

Renaud Lifchitz opdagede at gv, PostScript- og PDF-fremviseren til X, -udførte utilstrækkelige grænsekontroller i koden til fortolkning af -PostScript, hvilket gjorde det muligt at udføre vilkårlig kode gennem et -bufferoverløb.

-
- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.6.1-10sarge2.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 3.6.2-2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.6.2-2.

- -

Vi anbefaler at du opgraderer din gv-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1214.data" -#use wml::debian::translation-check translation="f3ef16cfee9001905c476030fe96bef0bddcd1d7" mindelta="1" diff --git a/danish/security/2006/dsa-1215.wml b/danish/security/2006/dsa-1215.wml deleted file mode 100644 index b3239faf03f..00000000000 --- a/danish/security/2006/dsa-1215.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i multimediabiblioteket Xine, -hvilket kunne føre til udførelse af vilkårlig kode. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-4799 - -

    XFocus Security Team har opdaget at utilstrækkelig kontrol af AVI-headere - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2006-4800 - -

    Michael Niedermayer opdagede at et bufferoverløb i 4XM-codec'en kunne - føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.1-1sarge4.

- -

I den kommende stabile distribution (etch) er disse problemer -rettet i version 1.1.2-1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.1.2-1.

- -

Vi anbefaler at du opgraderer dine xine-lib-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1215.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1216.wml b/danish/security/2006/dsa-1216.wml deleted file mode 100644 index 347e572f6fb..00000000000 --- a/danish/security/2006/dsa-1216.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker midlertidig fil - -

Eric Romang har opdaget at backupværktøjet flexbackup oprettede midlertidige -filer på en usikker måde, hvilket gjorde det muligt at udføre et lammelsesangreb -(denial of service) gennem et symlinkangreb.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.2.1-2sarge1.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 1.2.1-3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.1-3.

- -

Vi anbefaler at du opgraderer din flexbackup-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1216.data" -#use wml::debian::translation-check translation="7ed677f91bfe8d6ab1d55a0776f356243f26d9ff" mindelta="1" diff --git a/danish/security/2006/dsa-1217.wml b/danish/security/2006/dsa-1217.wml deleted file mode 100644 index c9c28add99f..00000000000 --- a/danish/security/2006/dsa-1217.wml +++ /dev/null @@ -1,22 +0,0 @@ -programmeringsfejl - -

Paul Szabo opdagede at netkits ftp-server skiftede brugerid for sent, hvilket -kunne føre til omgåelse af adgangsbegrænsningerne når NFS anvendes. Denne -opdatering tilføjer også kontrol af returværder til setuid()-kald, hvilket kunne -fejle i forbindelse med nogle PAM-opsætninger.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.17-20sarge2.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 0.17-22.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.17-22.

- -

Vi anbefaler at du opgraderer din ftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1217.data" -#use wml::debian::translation-check translation="28ea7f2b646a572581bfe33dfb028b3eac27ceb0" mindelta="1" diff --git a/danish/security/2006/dsa-1218.wml b/danish/security/2006/dsa-1218.wml deleted file mode 100644 index 8094090efc1..00000000000 --- a/danish/security/2006/dsa-1218.wml +++ /dev/null @@ -1,18 +0,0 @@ -programmeringsfejl - -

Man har opdaget at ftp-dæmonen proftpd udførte utilstrækkelig kontrol af -ftp-bufferens størrelsesbegrænsning, hvilket kunne føre til lammelsesangreb -(denial of service).

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.2.10-15sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.3.0-13 af pakken proftpd-dfsg.

- -

Vi anbefaler at du opgraderer din proftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1218.data" -#use wml::debian::translation-check translation="3108fedc5eb19ee4d656190b5302b74334fbb86c" mindelta="1" diff --git a/danish/security/2006/dsa-1219.wml b/danish/security/2006/dsa-1219.wml deleted file mode 100644 index 8502f8a09bb..00000000000 --- a/danish/security/2006/dsa-1219.wml +++ /dev/null @@ -1,36 +0,0 @@ -bufferoverløb - -

Flere sårbarheder er fundet i GNU texinfo-pakken, et dokumenteringssystem -til online-oplysninger og uddata på papir.

- -
    - -
  • CVE-2005-3011 - -

    Håndtering af midlertidige filer blev foretage på en usikker måde, - hvilket gjorde det muligt for en angriber at overskrive enhver fil, - der var skrivbar for offeret.

    • - -
  • CVE-2006-4810 - -

    Et bufferoverløb i util/texindex.c kunne gøre det muligt for en angriber - at udføre vilkårlig kode med offerets adgangsrettigheder, ved at få offeret - til at køre texindex eller tex2dvi på en særligt fremstillet - texinfo-fil.

    • - -
- -

I den stabile distribution (sarge), er disse problemer rettet i version -4.7-2.2sarge2. Bemærk at binære pakker til mipsel-arkitekturen pt. ikke er -tilgængelige på grund af tekniske problemer med opbygningsværtsmaskinen. Disse -pakker vil blive gjort tilgængelige så snart som muligt.

- -

I den ustabile (sid) og kommende stabile distribution (etch), er disse -problemer rettet i version 4.8.dfsg.1-4.

- -

Vi anbefaler at du opgraderer din texinfo-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1219.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1220.wml b/danish/security/2006/dsa-1220.wml deleted file mode 100644 index 62dcc1ac9ff..00000000000 --- a/danish/security/2006/dsa-1220.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikker citering af filnavn - -

Brian May har opdaget at pstotext, et værktøj til udtrækning af af tekst fra -PostScript- og PDF-filer, udførte utilstrækkelig citering af filnavne, hvilket -gjorde det muligt at udføre vilkårlige shell-kommandoer.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.9-1sarge2. Opbygningen til mipsel-arkitekturen er endnu ikke -tilgængelig på grund af tekniske problemer på opbygningsværtsmaskinen.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 1.9-4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.9-4.

- -

Vi anbefaler at du opgraderer din pstotext-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1220.data" -#use wml::debian::translation-check translation="05a9dbb8e5e0a02f3fa8dc9bdb2b34bbfb9ea726" mindelta="1" diff --git a/danish/security/2006/dsa-1221.wml b/danish/security/2006/dsa-1221.wml deleted file mode 100644 index 675365af0b5..00000000000 --- a/danish/security/2006/dsa-1221.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

infamous41md har opdaget en heap-bufferoverløbssårbarhed i libgsf, et -GNOME-bibliotek til læsning og skrivning af strukturerede filformater, hvilket -kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.11.1-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.14.2-1.

- -

Vi anbefaler at du opgraderer dine libgsf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1221.data" -#use wml::debian::translation-check translation="d3b3ce1c162c016927ff895a5a4d09fd5ce8dbe7" mindelta="1" diff --git a/danish/security/2006/dsa-1222.wml b/danish/security/2006/dsa-1222.wml deleted file mode 100644 index 57313c3ad7a..00000000000 --- a/danish/security/2006/dsa-1222.wml +++ /dev/null @@ -1,48 +0,0 @@ -flere sårbarheder - -

På grund af tekniske problemer manglende gårsdagens opdatering af proftpd en -opbygning til amd64-arkitekturen, hvilket nu er tilgængelig. Til reference er -herunder den oprindelige bulletins tekst:

- -
-

Flere fjernudnytbare sårbarheder er opdaget i ftp-dæmonen proftpd, hvilket -kunne føre til udførelse af vilkårlig kode eller lammelsesangreb (denial of -service). Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2006-5815 - -

    Man har opdaget at et bufferoverløb i funktionen sreplace() - kunne føre til lammelsesangreb og muligvis udførelse af vilkårlig - kode.

    • - -
  • CVE-2006-6170 - -

    Man har opdaget at et bufferoverløb i addon-modulet mod_tls kunne føre - til udførelse af vilkårlig kode.

    • - -
  • CVE-2006-6171 - -

    Man har opdaget at utilstrækkelig validering af ftp-kommandobufferens - størrelsesgrænser kunne føre til lammelsesangreb. På grund af uklare - oplysninger blev dette problem allerede rettet i DSA-1218 som - \ - CVE-2006-5815.

    • - -
-
- -

I den stabile distribution (sarge) er disse problemer rettet i version -1.2.10-15sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.3.0-16 af pakken proftpd-dfsg.

- -

Vi anbefaler at du opgraderer din proftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1222.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1223.wml b/danish/security/2006/dsa-1223.wml deleted file mode 100644 index 767cd4da53a..00000000000 --- a/danish/security/2006/dsa-1223.wml +++ /dev/null @@ -1,19 +0,0 @@ -fejl ved validering af inddata - -

Teemu Salmela har opdaget en sårbarhed i GNU tar, der kunne gøre det muligt -for en ondsindet bruger at overskrive vilkårlige filer ved at få offeret til at -forsøge at udpakke en særligt fremstillet tar-fil indeholdende en -GNUTYPE_NAMES-post med et symbolsk link.

- -

I den stabile distribution (sarge), er dette problem rettet i -version 1.14-2.3.

- -

I den ustabile distribution (sid) og den kommende stabile udgave (etch), -vil disse problem blive rettet i version 1.16-2.

- -

Vi anbefaler at du opgraderer din tar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1223.data" -#use wml::debian::translation-check translation="fac6b8b2be0776f0d517928e7c45bb6d94aed294" mindelta="1" diff --git a/danish/security/2006/dsa-1224.wml b/danish/security/2006/dsa-1224.wml deleted file mode 100644 index a26fcbf21e8..00000000000 --- a/danish/security/2006/dsa-1224.wml +++ /dev/null @@ -1,52 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla og afledte -produkter. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende sårbarheder:

- -
    - -
  • CVE-2006-4310 - -

    Tomas Kempinsky har opdaget at misdannede ftp-serversvar kunne føre til - lammelsesangreb (denial of service).

    • - -
  • CVE-2006-5462 - -

    Ulrich Kühn har opdaget at rettelsen af en kryptografisk fejl i - håndteringen af PKCS-1-certifikater ikke var komplet, hvilket tillod - forfalskning af certifikater.

    • - -
  • CVE-2006-5463 - -

    shutdown har opdaget af ændring af JavaScript-objekter under - udførelse kunne føre til udførelse af vilkårlig - JavaScript-bytecode.

    • - -
  • CVE-2006-5464 - -

    Jesse Ruderman og Martijn Wargers har opdaget flere nedbrud i - layout-maskinen, hvilket også kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2006-5748 - -

    Igor Bukanov og Jesse Ruderman opdagede flere nedbrud i - JavaScript-maskinen, hvilket også kunne føre til udførelse af vilkårlig - kode.

    • - -
- -

Denne opdatering tager også vare om flere nedbrud, der kunne udløses af -ondsindede websteder, og retter en regression der blev introduceret i den -foregående Mozilla-opdatering.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.7.8-1sarge8.

- -

Vi anbefaler at du opgraderer din mozilla-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1224.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1225.wml b/danish/security/2006/dsa-1225.wml deleted file mode 100644 index 87a1b2434d2..00000000000 --- a/danish/security/2006/dsa-1225.wml +++ /dev/null @@ -1,61 +0,0 @@ -flere sårbarheder - -

Denne opdatering dækker pakker til little endian MIPS-arkitekturen, der -manglende i forbindelse med den oprindelige bulletin. Til reference er herunder -den oprindelige bulletins tekst:

- -
-

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla og afledte -produkter så som Mozilla Firefox. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2006-4310 - -

    Tomas Kempinsky har opdaget at misdannede ftp-serversvar kunne føre til - lammelsesangreb (denial of service).

    • - -
  • CVE-2006-5462 - -

    Ulrich Kühn har opdaget at rettelsen af en kryptografisk fejl i - håndteringen af PKCS-1-certifikater ikke var komplet, hvilket tillod - forfalskning af certifikater.

    • - -
  • CVE-2006-5463 - -

    shutdown har opdaget af ændring af JavaScript-objekter under - udførelse kunne føre til udførelse af vilkårlig - JavaScript-bytecode.

    • - -
  • CVE-2006-5464 - -

    Jesse Ruderman og Martijn Wargers har opdaget flere nedbrud i - layout-maskinen, hvilket også kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2006-5748 - -

    Igor Bukanov og Jesse Ruderman opdagede flere nedbrud i - JavaScript-maskinen, hvilket også kunne føre til udførelse af vilkårlig - kode.

    • - -
- -

Denne opdatering tager også vare om flere nedbrud, der kunne udløses af -ondsindede websteder, og retter en regression der blev introduceret i den -foregående Mozilla-opdatering.

-
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.4-2sarge13.

- -

I den ustabile distribution (sid) er disse problemer rettet i den aktuelle -iceweasel-pakke 2.0+dfsg-1.

- -

Vi anbefaler at du opgraderer din mozilla-firefox-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1225.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1226.wml b/danish/security/2006/dsa-1226.wml deleted file mode 100644 index bae6b72f04f..00000000000 --- a/danish/security/2006/dsa-1226.wml +++ /dev/null @@ -1,21 +0,0 @@ -utilstrækkelig indkapsling - -

Teemu Salmela har opdaget at den teksttilstandsbaserede webbrowser links -udførte utilstrækkelig kontrol af smb://-URI'er, hvilket måske -kunne føre til udførelse af vilkårlige shell-kommandoer.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.99+1.00pre12-1sarge1.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 0.99+1.00pre12-1.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.99+1.00pre12-1.1.

- -

Vi anbefaler at du opgraderer din links-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1226.data" -#use wml::debian::translation-check translation="983f688b1f4324d62b0d84bb8852627983993f05" mindelta="1" diff --git a/danish/security/2006/dsa-1227.wml b/danish/security/2006/dsa-1227.wml deleted file mode 100644 index 30d3c959234..00000000000 --- a/danish/security/2006/dsa-1227.wml +++ /dev/null @@ -1,55 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla og afledte -produkter så som Mozilla Thunderbird. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2006-4310 - -

    Tomas Kempinsky har opdaget at misdannede ftp-serversvar kunne føre til - lammelsesangreb (denial of service).

    • - -
  • CVE-2006-5462 - -

    Ulrich Kühn har opdaget at rettelsen af en kryptografisk fejl i - håndteringen af PKCS-1-certifikater ikke var komplet, hvilket tillod - forfalskning af certifikater.

    • - -
  • CVE-2006-5463 - -

    shutdown har opdaget af ændring af JavaScript-objekter under - udførelse kunne føre til udførelse af vilkårlig - JavaScript-bytecode.

    • - -
  • CVE-2006-5464 - -

    Jesse Ruderman og Martijn Wargers har opdaget flere nedbrud i - layout-maskinen, hvilket også kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2006-5748 - -

    Igor Bukanov og Jesse Ruderman opdagede flere nedbrud i - JavaScript-maskinen, hvilket også kunne føre til udførelse af vilkårlig - kode.

    • - -
- -

Denne opdatering tager også vare om flere nedbrud, der kunne udløses af -ondsindede websteder, og retter en regression der blev introduceret i den -foregående Mozilla-opdatering.

- -

I den stabile distribution (sarge) er disse problems rettet i -version 1.0.4-2sarge13.

- -

I den ustabile distribution (sid) er disse problemer rettet i den aktuelle -icedove-pakke 1.5.0.8.

- -

Vi anbefaler at du opgraderer din mozilla-thunderbird-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1227.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1228.wml b/danish/security/2006/dsa-1228.wml deleted file mode 100644 index a81879917fe..00000000000 --- a/danish/security/2006/dsa-1228.wml +++ /dev/null @@ -1,21 +0,0 @@ -utilstrækkelig indkapsling - -

Teemu Salmela har opdaget at den teksttilstandsbaserede webbrowser elinks -udførte utilstrækkelig kontrol af smb://-URI'er, hvilket måske -kunne føre til udførelse af vilkårlige shell-kommandoer.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.10.4-7.1.

- -

For the upcoming stable distribution (etch) er dette problem -rettet i version 0.11.1-1.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.11.1-1.2.

- -

Vi anbefaler at du opgraderer din elinks-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1228.data" -#use wml::debian::translation-check translation="8896b747be1474e0534394e5e750b3d61fc9212b" mindelta="1" diff --git a/danish/security/2006/dsa-1229.wml b/danish/security/2006/dsa-1229.wml deleted file mode 100644 index a8a4bc64e66..00000000000 --- a/danish/security/2006/dsa-1229.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

Adam Boileau har opdaget et heltalsoverløb i kanaldriveren Skinny i -Asterisk, et Open Source Private Branch Exchange eller telefonsystem, -der anvendes af Cisco SCCP-telefoner, hvilket gjorde det muligt for -fjernangribere at udføre vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.7.dfsg.1-2sarge4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.13~dfsg-1.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1229.data" -#use wml::debian::translation-check translation="fb7f3b9f3b82769b01bb3e437da6e147fca08f12" mindelta="1" diff --git a/danish/security/2006/dsa-1230.wml b/danish/security/2006/dsa-1230.wml deleted file mode 100644 index 0c63d95c29f..00000000000 --- a/danish/security/2006/dsa-1230.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Rhys Kidd har opdaget en sårbarhed i l2tpns, protokolnetværksserver til -layer 2-tunnelling, hvilket kunne udløses af en fjernbruger til at -udføre vilkårlig kode.

- -

I den stabile distribution (sarge), er dette problem rettet i -version 2.0.14-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.1.21-1.

- -

Vi anbefaler at du opgraderer din l2tpns-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1230.data" -#use wml::debian::translation-check translation="e6d5c8c59074476eb0aa99d4c70c2262880283af" mindelta="1" diff --git a/danish/security/2006/dsa-1231.wml b/danish/security/2006/dsa-1231.wml deleted file mode 100644 index 5feed1ed1b7..00000000000 --- a/danish/security/2006/dsa-1231.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i GNU privacy guard, en fri -PGP-erstatning, hvilket kunne føre til udførelse af vilkårlig kode. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-6169 - -

    Werner Koch opdagede at et bufferoverløb i en fornuftighedsfunktion - kunne føre til udførelse vilkårlig kode når gnupg blev kørt - interaktivt.

    • - -
  • CVE-2006-6235 - -

    Tavis Ormandy opdagede at fortolkning af omhyggeligt fremstillede - OpenPGP-pakker kunne føre til udførelse af vilkårlig kode, da en - funktionspointer hørende til en intern struktur kunne kontrolleres gennem - dekrypteringsrutinerne.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.4.1-1.sarge6.

- -

I den kommende stabile distribution (etch) er disse problemer -rettet i version 1.4.6-1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.4.6-1.

- -

Vi anbefaler at du opgraderer dine gnupg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1231.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1232.wml b/danish/security/2006/dsa-1232.wml deleted file mode 100644 index f661ad2cb7a..00000000000 --- a/danish/security/2006/dsa-1232.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende fornuftighedskontroller - -

Stephen Gran har opdaget at misdannede base64-indkapslede MIME-vedhæftelser -kunne føre til lammelsesangreb (denial of service) gennem en null-pointer -dereference.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.84-2.sarge.12.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 0.86-1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.86-1.

- -

Vi anbefaler at du opgraderer din clamav-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1232.data" -#use wml::debian::translation-check translation="c6a0f49003fbc426b77eacfb48bb58c870b65376" mindelta="1" diff --git a/danish/security/2006/dsa-1233.wml b/danish/security/2006/dsa-1233.wml deleted file mode 100644 index d6574af53cf..00000000000 --- a/danish/security/2006/dsa-1233.wml +++ /dev/null @@ -1,119 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen, hvilket -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2006-3741 - -

    Stephane Eranian har opdaget en lokal lammelsesangrebssårbarhed på - ia64-arkitekturen. En lokal bruger kunne udmatte de tilgængelige - fil-descriptorer ved at udnytte en optællingsfejl i systemkaldet - permonctl().

    • - -
  • CVE-2006-4538 - -

    Kirill Korotaev rapporterede om en lokal lammelsesangrebssårbarhed på - ia64- og sparc-arkitekturerne. En bruger kunne få systemet til at gå ned - ved at udføre misdannede binære ELF-filer på grund af utilstrækkelig - kontrol af hukommelseslayoutet.

    • - -
  • CVE-2006-4813 - -

    Dmitriy Monakhov rapporterede om en potentiel hukommelseslækage i - funktionen __block_prepare_write function. __block_prepare_write - fornuftighedskontrollerede ikke korrekt kernebufferne under fejlbehandling, - hvilket kunne udnyttes af lokale brugere til at opnå adgang til følsom - kernehukommelse.

    • - -
  • CVE-2006-4997 - -

    ADLab Venustech Info Ltd rapporterede om en potentiel - lammelsesangrebssårbarhed i undersystemet til IP over ATM. En fjernbruger - kunne få systemet til at gå ned ved at sende særligt fremstillede pakker, - der udløste et forsøg på at frigive en allerede frigivet pointer, hvilket - medførte systemnedbruddet.

    • - -
  • CVE-2006-5174 - -

    Martin Schwidefsky rapporterede om potentiel lækage af følsomme - oplysninger på s390-systemer. Funktionen copy_from_user tømte ikke - kernebufferen for tilbageværende bytes efter at have modtaget en fejl på - brugerrummets adresse, medførende lækage af uinitialiseret kernehukommelse. - En lokal bruger kunne udnytte dette ved at føje fra en dårlig adresse til - en fil.

    • - -
  • CVE-2006-5619 - -

    James Morris rapporterede om en lokal lammelsesangrebssårbarhed, der - kunne anvendes til at få systemet til at hænge eller oops'e. - Seqfile-håndteringen af /proc/net/ip6_flowlabel indeholdt en fejl, der - kunne udnyttes til at forårsage en uendelig løkke ved at læse denne fil - efter fremstillingen af en flowlabel.

    • - -
  • CVE-2006-5649 - -

    Fabio Massimo Di Nitto rapporterede om en potentiel fjernudnytbar - lammelsesangrebssårbarhed på powerpc-systemer. Justerings-exception'en - kontrollerede kun exception-tabellen for forekomster af -EFAULT, ikke andre - fejl. Dette kunne udnyttes af en lokal bruger til at forårsage et - systemnedbrud (panic).

    • - -
  • CVE-2006-5751 - -

    Eugene Teo rapporterede om en sårbarhed i funktionen get_fdb_entries, der - potentielt kunne udnyttes til at udføre vilkårlig kode med forøgede - rettigheder.

    • - -
  • CVE-2006-5871 - -

    Bill Allombert rapporterede at forskellige mount-indstillingsmuligheder - blev ignoreret af smbfs når UNIX-udvidelser var slået til. Deriblandt - indstillingerne uid, gid og mode. Klientsystemer kunne i stilhed anvende - de serverleverede indstillinger i stedet for at bruge de valgte - indstillinger, hvorved sikkerhedsmodellen blev ændret. Opdateringen - indeholder en rettelse fra Haroldo Gamal, som tvinger kernen til at - overholde disse mount-indstillinger. Bemærk at eftersom de aktuelle - versioner af smbmount altid leverer værdier for disse indstillinger til - kernen, er det ikke pt. muligt at aktivere UNIX-udvidelser ved at undlade - mount-indstillinger. Dog er dette konsistent med den måde, hvorpå den - næste Debian-udgivelse, "etch", pt. opfører sig.

    • - -
- -

Følgende matriks forklarer hvilke kerneversioner til hvilke arkitekturer, -der retter de oven for nævnte problemer:

- -
- - - - - - - - - - - -
Debian 3.1 (sarge)
Kildekode 2.6.8-16sarge6
Alpha-arkitekturen 2.6.8-16sarge6
AMD64-arkitekturen 2.6.8-16sarge6
HP Precision-arkitekturen 2.6.8-6sarge6
Intel IA-32-arkitecturen 2.6.8-16sarge6
Intel IA-64-arkitecturen 2.6.8-14sarge6
Motorola 680x0-arkitecturen 2.6.8-4sarge6
PowerPC-arkitecturen 2.6.8-12sarge6
IBM S/390-arkitecturen 2.6.8-5sarge6
Sun Sparc-arkitecturen 2.6.8-15sarge6
- -

Følgende matriks opremser yderligere pakker, der blev genopbygget -af kompatibilitetshensyn med denne opdatering:

- -
- - -
Debian 3.1 (sarge)
fai-kerner 1.9.1sarge5
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1233.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1234.wml b/danish/security/2006/dsa-1234.wml deleted file mode 100644 index fa3ef83eb65..00000000000 --- a/danish/security/2006/dsa-1234.wml +++ /dev/null @@ -1,16 +0,0 @@ -lammelsesangreb - - -

En lammelsesangrebssårbarhed (denial of service) er opdaget i CGI-biblioteket -der følger med Ruby, det fortolkede skriptsprog til hurtig og nem -objektorienteret programmering.

- -

I den stabile distribution (sarge), er dette problem rettet i version -1.6.8-12sarge3.

- -

Vi anbefaler at du opgraderer din ruby1.6-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1234.data" -#use wml::debian::translation-check translation="86df8c5f646287dbe1e291ef30b207d2a65af706" mindelta="1" diff --git a/danish/security/2006/dsa-1235.wml b/danish/security/2006/dsa-1235.wml deleted file mode 100644 index 354b5b7f27f..00000000000 --- a/danish/security/2006/dsa-1235.wml +++ /dev/null @@ -1,15 +0,0 @@ -lammelsesangreb - -

En lammelsesangrebssårbarhed (denial of service) er opdaget i CGI-biblioteket -der følger med Ruby, det fortolkede skriptsprog til hurtig og nem -objektorienteret programmering.

- -

I den stabile distribution (sarge), er dette problem rettet i version -1.8.2-7sarge5.

- -

Vi anbefaler at du opgraderer din ruby1.8-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1235.data" -#use wml::debian::translation-check translation="86df8c5f646287dbe1e291ef30b207d2a65af706" mindelta="1" diff --git a/danish/security/2006/dsa-1236.wml b/danish/security/2006/dsa-1236.wml deleted file mode 100644 index 7863667ab46..00000000000 --- a/danish/security/2006/dsa-1236.wml +++ /dev/null @@ -1,15 +0,0 @@ -manglende fornuftighedskontroller - -

Antti-Juhani Kaijanaho opdagede at enemies-of-carlotta, et simpelt program -til håndtering af postlister, ikke på korrekt vis fornuftighedskontrollerede -e-mail-adresser før de blev sendt videre til systemshell'en.

- -

I den stabile distribution (sarge), er dette problem rettet i version -1.0.3-1sarge1

- -

Vi anbefaler at du opgraderer din enemies-of-carlotta-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1236.data" -#use wml::debian::translation-check translation="c5e9c0fdf434a25f7ca94b5e98ef649cebc29502" mindelta="1" diff --git a/danish/security/2006/dsa-1237.wml b/danish/security/2006/dsa-1237.wml deleted file mode 100644 index 5edb1eeb7c9..00000000000 --- a/danish/security/2006/dsa-1237.wml +++ /dev/null @@ -1,101 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen, hvilket -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2005-4093 - -

    Olof Johansson rapporterede om en lokal lammelsesangrebssårbarhed på - PPC970-platformen. Bruger uden rettigheder kunne få systemet til at hænge - ved at udføre attn-instruktionen, som ikke blev deaktiveret ved - boot.

    • - -
  • CVE-2006-4538 - -

    Kirill Korotaev rapporterede om en lokal lammelsesangrebssårbarhed på - ia64- og sparc-arkitekturerne. En bruger kunne få systemet til at gå ned - ved at udføre en misdannet binær ELF-fil, på grund af utilstrækkelig - kontrol af hukommelseslayoutet.

    • - -
  • CVE-2006-4997 - -

    ADLab Venustech Info Ltd rapporterede om en potentiel - lammelsesangrebssårbarhed i undersystemet til IP over ATM. En fjernbruger - kunne få systemet til at gå ned ved at sende særligt fremstillede pakker, - der udløste et forsøg på at frigive en allerede frigivet pointer, hvilket - medførte systemnedbruddet.

    • - -
  • CVE-2006-5174 - -

    Martin Schwidefsky rapporterede om potentiel lækage af følsomme - oplysninger på s390-systemer. Funktionen copy_from_user tømte ikke - kernebufferen for tilbageværende bytes efter at have modtaget en fejl på - brugerrummets adresse, medførende lækage af uinitialiseret kernehukommelse. - En lokal bruger kunne udnytte dette ved at føje fra en dårlig adresse til - en fil.

    • - -
  • CVE-2006-5649 - -

    Fabio Massimo Di Nitto rapporterede om en potentiel fjernudnytbar - lammelsesangrebssårbarhed på powerpc-systemer. Justerings-exception'en - kontrollerede kun exception-tabellen for forekomster af -EFAULT, ikke andre - fejl. Dette kunne udnyttes af en lokal bruger til at forårsage et - systemnedbrud (panic).

    • - -
  • CVE-2006-5871 - -

    Bill Allombert rapporterede at forskellige mount-indstillingsmuligheder - blev ignoreret af smbfs når UNIX-udvidelser var slået til. Deriblandt - indstillingerne uid, gid og mode. Klientsystemer kunne i stilhed anvende - de serverleverede indstillinger i stedet for at bruge de valgte - indstillinger, hvorved sikkerhedsmodellen blev ændret. Opdateringen - indeholder en rettelse fra Haroldo Gamal, som tvinger kernen til at - overholde disse mount-indstillinger. Bemærk at eftersom de aktuelle - versioner af smbmount altid leverer værdier for disse indstillinger til - kernen, er det ikke pt. muligt at aktivere UNIX-udvidelser ved at undlade - mount-indstillinger. Dog er dette konsistent med den måde, hvorpå den - næste Debian-udgivelse, "etch", pt. opfører sig.

    • - -
- -

Følgende matriks forklarer hvilke kerneversioner til hvilke arkitekturer, -der retter de oven for nævnte problemer:

- -
- - - - - - - - - - - - -
Debian 3.1 (sarge)
Kildekode 2.4.27-10sarge5
Alpha-arkitekturen 2.4.27-10sarge5
ARM-arkitekturen 2.4.27-2sarge5
Intel IA-32-arkitekturen 2.4.27-10sarge5
Intel IA-64-arkitekturen 2.4.27-10sarge5
Motorola 680x0-arkitekturen 2.4.27-3sarge5
Big endian MIPS 2.4.27-10.sarge4.040815-2
Little endian MIPS 2.4.27-10.sarge4.040815-2
PowerPC-arkitekturen 2.4.27-10sarge5
IBM S/390-arkitekturen 2.4.27-2sarge5
Sun Sparc-arkitekturen 2.4.27-9sarge5
- -

Følgende matriks opremser yderligere pakker, der blev genopbygget -af kompatibilitetshensyn med denne opdatering:

- -
- - - - - -
Debian 3.1 (sarge)
fai-kernel 1.9.1sarge5
kernel-image-2.4.27-speakup 2.4.27-1.1sarge4
mindi-kerne 2.4.27-2sarge4
systemimager 3.2.3-6sarge4
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1237.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1238.wml b/danish/security/2006/dsa-1238.wml deleted file mode 100644 index e80532a04b9..00000000000 --- a/danish/security/2006/dsa-1238.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i antivirusværktøjet Clam. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2006-6406 - -

    Hendrik Weimer opdagede at ugyldige tegn i base64-indkapslede data kunne - føre til omgåelse af scanningsmekanismer.

    • - -
  • CVE-2006-6481 - -

    Hendrik Weimer opdagede at dybt indlejrede multipart/mime MIME-data kunne - føre til lammelsesangreb (denial of service).

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.84-2.sarge.13.

- -

I den kommende stabile distribution (etch) er disse problemer -rettet i version 0.88.7-1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.88.7-1.

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1238.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1239.wml b/danish/security/2006/dsa-1239.wml deleted file mode 100644 index 61cf6ff9763..00000000000 --- a/danish/security/2006/dsa-1239.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i SQL Ledger, et webbaseret -dobbeltindtastnings-regnskabsprogram, hvilket kunne føre til udførelse af -vilkårlig kode. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende problems:

- -
    - -
  • CVE-2006-4244 - -

    Chris Travers opdagede at sessionshåndteringen kunne narres til at - kapre eksisterende sessioner.

    • - -
  • CVE-2006-4731 - -

    Chris Travers opdagede at mappegennemløbssårbarheder kunne udnyttes til - at udføre vilkårlig Perl-kode.

    • - -
  • CVE-2006-5872 - -

    Man har opdaget at manglende fornuftighedskontrol af inddata gjorde det - muligt af udføre vilkårlig Perl-kode.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.4.7-2sarge1.

- -

I den kommende stabile distribution (etch) er disse problemer -rettet i version 2.6.21-1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.6.21-1.

- -

Vi anbefaler at du opgraderer dine sql-ledger-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1239.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1240.wml b/danish/security/2006/dsa-1240.wml deleted file mode 100644 index 97aad60f28c..00000000000 --- a/danish/security/2006/dsa-1240.wml +++ /dev/null @@ -1,21 +0,0 @@ -utilstrækkelig indkapsling - -

Teemu Salmela har opdaget at den tekstbaserede webbrowser links2 udførte -utilstrækkelig fornuftighedskrontol af smb://-URI'er, hvilket kunne føre til -udførelse af vilkårlige shell-kommandoer.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.1pre16-1sarge1.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 2.1pre26-1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.1pre26-1.

- -

Vi anbefaler at du opgraderer din links2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1240.data" -#use wml::debian::translation-check translation="d2241434fd5d7bd5a5cff99cc036230c57d9c835" mindelta="1" diff --git a/danish/security/2006/dsa-1241.wml b/danish/security/2006/dsa-1241.wml deleted file mode 100644 index a1c85fe3e2f..00000000000 --- a/danish/security/2006/dsa-1241.wml +++ /dev/null @@ -1,29 +0,0 @@ -udførelse af skripter på tværs af websteder - -

Martijn Brinkers har opdaget en sårbarhed i forbindelse med udførelse af -skripter tværs af websteder (cross-site scripting) i mailto-parameteret i -webmail.php, parametrene session og delete_draft i compose.php og gennem en -begræsning i filteret magicHTML. En angriber kunne misbruge disse sårbarheder -til at udføre ondsindet JavaScript i brugerens webmail-session.

- -

Der er også udviklet en omgåelse af et problem i versioner af Internet -Explorer mindre end eller lig med 5: Internet Explorer prøver at gætte -vedhæftelsers MIME-type baseret på indholdet, ikke den modtagne MIME. -Vedhæftelser kunne udgive sig for at være "harmløse" JPEG-filer, mens de i -virkeligheden var HTML som Internet Explorer kunne fortolke.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2:1.4.4-10.

- -

I den kommende stabile distribution (etch) er disse problemer rettet -i version 2:1.4.9a-1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2:1.4.9a-1.

- -

Vi anbefaler at du opgraderer din squirrelmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1241.data" -#use wml::debian::translation-check translation="1473c6ce0855137c841ad4c9ea87334689af4bba" mindelta="1" diff --git a/danish/security/2006/dsa-1242.wml b/danish/security/2006/dsa-1242.wml deleted file mode 100644 index 61750238c1a..00000000000 --- a/danish/security/2006/dsa-1242.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i elog, en webbaseret elektronisk -logbog, hvilket kunne føre til udførelse af vilkårlig kode. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-5063 - -

    Tilman Koschnick opdagede at redigering af logposter i HTML er sårbar - over for udførelse af skripter på tværs af websteder (cross-site scripting). - Denne opdatering slår den sårbare kode fra.

    • - -
  • CVE-2006-5790 - -

    Ulf Härnhammar fra Debian Security Audit Project har opdaget flere - formatstrengssårbarheder i elog, hvilket kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2006-5791 - -

    Ulf Härnhammar fra Debian Security Audit Project har opdaget sårbarheder - i forbindelse med udførelse af scripter på tværs af websteder ved - oprettelse af nye logbogsposter.

    • - -
  • CVE-2006-6318 - -

    Jayesh KS og Arun Kethipelly fra OS2A har opdaget at elog udførte - utilstrækkelig fejlhåndtering i fortolkningen af config-filer, hvilket kunne - føre til lammelsesangreb (denial of service) gennem en - NULL-pointerdereference.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.5.7+r1558-4+sarge3.

- -

I den kommende stabile distribution (etch) indeholder ikke længere elog.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.6.2+r1754-1.

- -

Vi anbefaler at du opgraderer din elog-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1242.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-1243.wml b/danish/security/2006/dsa-1243.wml deleted file mode 100644 index 2e250e03488..00000000000 --- a/danish/security/2006/dsa-1243.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Renaud Lifchitz har opdaget at gv, PostScript- PDF-viseren til X, udførte -utilstrækkelige grænsekontroller i fortolkningen af PostScript-kode, hvilket -gjorde det muligt at udføre vilkårlig kode gennem et bufferoverløb. Evince -indeholder en kopi af gv, og skal derfor også opdateres.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.1.5-2sarge1.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 0.4.0-3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.4.0-3.

- -

Vi anbefaler at du opgraderer din evince-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1243.data" -#use wml::debian::translation-check translation="c17042a74927744370b508cdfbf15f5d96d7ac42" mindelta="1" diff --git a/danish/security/2006/dsa-1244.wml b/danish/security/2006/dsa-1244.wml deleted file mode 100644 index e59a9f64bd0..00000000000 --- a/danish/security/2006/dsa-1244.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Man har opdaget at multimedie-biblioteket Xine udførte utilstrækkelig -fornuftighedskontrol af Real-strømme, hvilket kunne føre til at udførelse af -vilkårlig kode gennem et bufferoverløb.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.1-1sarge5.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 1.1.2+dfsg-2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.1.2+dfsg-2.

- -

Vi anbefaler at du opgraderer dine xine-lib-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-1244.data" -#use wml::debian::translation-check translation="d94a151d9ea41f5b3d9c87b7030a09b53602064c" mindelta="1" diff --git a/danish/security/2006/dsa-929.wml b/danish/security/2006/dsa-929.wml deleted file mode 100644 index 2af861f49be..00000000000 --- a/danish/security/2006/dsa-929.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Steve Kemp fra projektet Debian Security Audit har opdaget et bufferoverløb i -petris, en klon af Tetris-spillet, der kunne udnyttes til at udføre vilkårlig -kode med gruppen games' rettigheder.

- -

Den gamle stabile distribution (woody) indeholder ikke pakken petris.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.1-4sarge0.

- -

I den ustabile distribution vil pakken snarest blive opdateret.

- -

Vi anbefaler at du opgraderer din petris-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-929.data" -#use wml::debian::translation-check translation="8750d183c8157a43bd3dd4d79c6d9fb347761ba9" mindelta="1" diff --git a/danish/security/2006/dsa-930.wml b/danish/security/2006/dsa-930.wml deleted file mode 100644 index 8501bbdb247..00000000000 --- a/danish/security/2006/dsa-930.wml +++ /dev/null @@ -1,25 +0,0 @@ -formatstrengsangreb - -

Ulf Härnhammar fra projektet Debian Security Audit har opdaget et -formatstrengsangreb i smstools logningskode, hvilket kunne udnyttes til at -udføre vilkårlig kode med root-rettigheder.

- -

Den oprindelige bulleting vedrørende dette problem oplyste at den gamle -distribution (woody) ikke var påvirket, fordi den ikke indeholder smstools. -Dette var ukorrekt, og den eneste ændring i denne opdaterede bulletin er -medtagelsen af de rettede pakker til woody.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.5.0-2woody0.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.14.8-1sarge0.

- -

I den ustabile distribution vil pakken snarest blive opdateret.

- -

Vi anbefaler at du opgraderer din smstools-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-930.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-931.wml b/danish/security/2006/dsa-931.wml deleted file mode 100644 index 9ac5571ddb6..00000000000 --- a/danish/security/2006/dsa-931.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

"infamous41md" og Chris Evans har fundet flere heap-baserede bufferoverløb i -xpdf, Portable Document Format (PDF)-programsamlingen, der kunne medføre et -lammelsesangreb (denial of service) ved at få programmet til at gå ned eller -muligvis udføre vilkårlig kode.

- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 1.00-3.8.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 3.00-13.4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.01-4.

- -

Vi anbefaler at du opgraderer din xpdf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-931.data" -#use wml::debian::translation-check translation="165e403401419b9d680eeab94147d1db3dcdc1f2" mindelta="1" diff --git a/danish/security/2006/dsa-932.wml b/danish/security/2006/dsa-932.wml deleted file mode 100644 index ba5bd0d7db6..00000000000 --- a/danish/security/2006/dsa-932.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

"infamous41md" og Chris Evans har fundet flere heap-baserede bufferoverløb i -xpdf, Portable Document Format (PDF)-programsamlingen, der kunne medføre et -lammelsesangreb (denial of service) ved at få programmet til at gå ned eller -muligvis udføre vilkårlig kode. Den samme kode findes i kpdf, der er en del af -pakken kdegraphics.

- -

Den gamle stabile distribution (woody) indeholder ikke kpdf-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 3.3.2-2sarge3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.5.0-3.

- -

Vi anbefaler at du opgraderer din kpdf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-932.data" -#use wml::debian::translation-check translation="9ca5b5240426d10f256c9322608924a3c1b23acd" mindelta="1" diff --git a/danish/security/2006/dsa-933.wml b/danish/security/2006/dsa-933.wml deleted file mode 100644 index 276776fa207..00000000000 --- a/danish/security/2006/dsa-933.wml +++ /dev/null @@ -1,22 +0,0 @@ -udførelse af vilkårlig kommando - -

Patrice Fournier har opdaget at hylafax sendte ukontrollerede brugerdata i -notify-skriptet, hvilket gjorde det muligt for brugere med mulighed for at -sende jobs, at udføre vilkårlige kommandoer med hylafax-serverens -rettigheder.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 4.1.1-4woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.2.1-5sarge3.

- -

I den ustabile distribution er problemet rettet i version -4.2.4-2.

- -

Vi anbefaler at du opgraderer din hylafax-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-933.data" -#use wml::debian::translation-check translation="850a591401504087280fc81128012e6a2ee22168" mindelta="1" diff --git a/danish/security/2006/dsa-934.wml b/danish/security/2006/dsa-934.wml deleted file mode 100644 index 3ec60f30a87..00000000000 --- a/danish/security/2006/dsa-934.wml +++ /dev/null @@ -1,32 +0,0 @@ -flere sårbarheder - -

To sårbarheder er opdaget i Pound, en reverse proxy og load balancer til -HTTP. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    -
  • CVE-2005-1391: -

    Meget lange HTTP Host:-headere kunne udløse et bufferoverløb i funktionen - add_port(), hvilket kunne medføre udførelse af vilkårlig kode.

    • - -
  • CVE-2005-3751: -

    HTTP-forespørgsler med modstridende Content-Length- og - Transfer-Encoding-headere, kunne medføre at "HTTP Request Smuggling Attack" - (HTTP-forespørgselssmuglingsangreb), hvilket kunne udnyttes til at omgå - pakkefiltre eller forgifte webcacher.

    • -
- -

Den gamle stabile distribution (woody) indeholder ikke pound-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.8.2-1sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.9.4-1.

- -

Vi anbefaler at du opgraderer din pound-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-934.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-935.wml b/danish/security/2006/dsa-935.wml deleted file mode 100644 index 9733b602076..00000000000 --- a/danish/security/2006/dsa-935.wml +++ /dev/null @@ -1,21 +0,0 @@ -formatstrengssårbarhed - -

iDEFENSE rapporterer at en formatstrengssårbarhed i mod_auth_pgsql, et -bibliotek der anvendes til at autentificere webbrugere mod en -PostgreSQL-database, kunne anvendes til at udføre vilkårlig kode med -rettighederne hørende til httpd-brugeren.

- -

Den gamle stabile distribution (woody) indeholder ikke -libapache2-mod-auth-pgsql.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.0.2b1-5sarge0.

- -

I den ustabile distribution (sid) vil dette problem snarest blive rettet.

- -

Vi anbefaler at du opgraderer din libapache2-mod-auth-pgsql-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-935.data" -#use wml::debian::translation-check translation="cb65138f9c5b1da48a5192c3f10d2bf35e439d1d" mindelta="1" diff --git a/danish/security/2006/dsa-936.wml b/danish/security/2006/dsa-936.wml deleted file mode 100644 index 1c72ff2b5a5..00000000000 --- a/danish/security/2006/dsa-936.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

"infamous41md" og Chris Evans har fundet flere heap-baserede bufferoverløb i -xpdf, Portable Document Format (PDF)-programsamlingen, som også findes i -libextractor, et bibliotek til udtræk af vilkårlige metadata fra filer, hvilket -kunne medføre et lammelsesangreb (denial of service) ved at få programmet til -at gå ned eller muligvis udføre vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke -libextractor-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.4.2-2sarge2.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libextractor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-936.data" -#use wml::debian::translation-check translation="be5604dd5cce5f0ce36b3188c83616fae19d4f3d" mindelta="1" diff --git a/danish/security/2006/dsa-937.wml b/danish/security/2006/dsa-937.wml deleted file mode 100644 index a8d268797ed..00000000000 --- a/danish/security/2006/dsa-937.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

"infamous41md" og Chris Evans har fundet flere heap-baserede bufferoverløb i -xpdf, Portable Document Format (PDF)-programsamlingen, som også findes i -tetex-bin, teTeX' binære filer, hvilket kunne medføre et lammelsesangreb -(denial of service) ved at få programmet til at gå ned eller muligvis udføre -vilkårlig kode.

- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 1.0.7+20011202-7.7.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.0.2-30sarge4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.4.3-2 af poppler som tetex-bin linker mod.

- -

Vi anbefaler at du opgraderer din tetex-bin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-937.data" -#use wml::debian::translation-check translation="4e9398858fe7df0c603e88eaf4a21ccf9c6a91ee" mindelta="1" diff --git a/danish/security/2006/dsa-938.wml b/danish/security/2006/dsa-938.wml deleted file mode 100644 index 12d463461cd..00000000000 --- a/danish/security/2006/dsa-938.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

"infamous41md" og Chris Evans har fundet flere heap-baserede bufferoverløb i -xpdf, Portable Document Format (PDF)-programsamlingen, som også findes i -koffice, KDE Office Suite, hvilket kunne medføre et lammelsesangreb (denial of -service) ved at få programmet til at gå ned eller muligvis udføre vilkårlig -kode.

- -

Den gamle stabile distribution (woody) indeholder ikke koffice-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.3.5-4.sarge.2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.4.2-6.

- -

Vi anbefaler at du opgraderer din koffice-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-938.data" -#use wml::debian::translation-check translation="bab66ee1d3ae8bcaa90b554c66f91da21994cf5a" mindelta="1" diff --git a/danish/security/2006/dsa-939.wml b/danish/security/2006/dsa-939.wml deleted file mode 100644 index fdceb8a920d..00000000000 --- a/danish/security/2006/dsa-939.wml +++ /dev/null @@ -1,22 +0,0 @@ -programmeringsfejl - -

Daniel Drake har opdaget et problem i fetchmail, et program til hentning og -videresendelse af POP3-, APOP- og IMAP-mail med understøttelse af SSL. -Problemet kunne forårsage et nedbrud (crash) når programmet kørte i -multidrop-tilstand og modtog meddelelser uden headere.

- -

Den gamle stabile distribution (woody) lader ikke til at være påvirket af -dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 6.2.5-12sarge4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.3.1-1.

- -

Vi anbefaler at du opgraderer din fetchmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-939.data" -#use wml::debian::translation-check translation="7e248ab1143f1d53baccaadd6cc28f814f1da70c" mindelta="1" diff --git a/danish/security/2006/dsa-940.wml b/danish/security/2006/dsa-940.wml deleted file mode 100644 index 12d9b2f9aef..00000000000 --- a/danish/security/2006/dsa-940.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

"infamous41md" og Chris Evans har fundet flere heap-baserede bufferoverløb i -xpdf, Portable Document Format (PDF)-programsamlingen, som også findes i -gpdf, GNOMEs udgave af PDF-visningsprogrammet, hvilket kunne medføre et -lammelsesangreb (denial of service) ved at få programmet til at gå ned eller -muligvis udføre vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke gpdf-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.8.2-1.2sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.10.0-2.

- -

Vi anbefaler at du opgraderer din gpdf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-940.data" -#use wml::debian::translation-check translation="f6ad51f02ef42e8e9b66876181a011fc7332df22" mindelta="1" diff --git a/danish/security/2006/dsa-941.wml b/danish/security/2006/dsa-941.wml deleted file mode 100644 index 64f7712c1c7..00000000000 --- a/danish/security/2006/dsa-941.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker midlertidig fil - -

Javier Fernández-Sanguino Peña fra Debians Security Audit-projekt har -opdaget at et skript i tuxpaint, et tegneprogram til mindre børn, oprettede -midlertidige filer på en usikker måde.

- -

Den gamle stabile distribution (woody) indeholder ikke tuxpaint-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.14-2sarge0.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.15b-1.

- -

Vi anbefaler at du opgraderer din tuxpaint-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-941.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-942.wml b/danish/security/2006/dsa-942.wml deleted file mode 100644 index 3b1ce713444..00000000000 --- a/danish/security/2006/dsa-942.wml +++ /dev/null @@ -1,20 +0,0 @@ -designfejl - -

En designfejl er opdaget i webapplikationstoolkitet Albatross, som anvender -brugerleverede oplysninger der bruges som en del af udførelsen af en skabelon, -hvorved der kunne udføres vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke albatross-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.20-2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.33-1.

- -

Vi anbefaler at du opgraderer din albatross-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-942.data" -#use wml::debian::translation-check translation="24da195a26b729edc1231dade2abcf5f8dac8f33" mindelta="1" diff --git a/danish/security/2006/dsa-943.wml b/danish/security/2006/dsa-943.wml deleted file mode 100644 index bc75e9be9cb..00000000000 --- a/danish/security/2006/dsa-943.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

Jack Louis har opdaget et heltalsoverløb i Perl, Larry Walls Practical -Extraction and Report Language, der gjorde det muligt for angribere at -overskrive vilkårlig hukommelse og muligvis udføre vilkårlig kode via særligt -fremstillet indhold, der blev sendt videre til sårbare formatstrenge i -tredjepartsprodukter.

- -

Den gamle stabile distribution (woody) lader ikke til at være påvirket af -dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 5.8.4-8sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 5.8.7-9.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-943.data" -#use wml::debian::translation-check translation="4816088dd00f6001dccb1bfab064b88b07e2b7c9" mindelta="1" diff --git a/danish/security/2006/dsa-944.wml b/danish/security/2006/dsa-944.wml deleted file mode 100644 index fa158a2e11c..00000000000 --- a/danish/security/2006/dsa-944.wml +++ /dev/null @@ -1,70 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i Mantis, et webbaseret -fejlsporingssystem. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2005-4238 - -

    Manglende kontrol af inddata tillod fjernangribere at indsprøjte - vilkårlige webskripter eller HTML.

    • - -
  • CVE-2005-4518 - -

    Tobias Klein har opdaget at Mantis tillod fjernangribere at omgå - størrelsesbegrænsningen på filer der uploades.

    • - -
  • CVE-2005-4519 - -

    Tobias Klein har opdaget flere SQL-indsprøjtningssårbarheder, der tillod - fjernangribere at udføre vilkårlige SQL-kommandoer.

    • - -
  • CVE-2005-4520 - -

    Tobias Klein har opdaget uspecificerede "port-indsprøjtnings"-sårbarheder - i filtre.

    • - -
  • CVE-2005-4521 - -

    Tobias Klein har opdaget at en CRLF-indsprøjtningssårbarhed tillod - fjernangribere at ændre HTTP-headere og udføre - HTTP-forespørgselsopslitningsangreb.

    • - -
  • CVE-2005-4522 - -

    Tobias Klein har opdaget flere sårbarheder i forbindelse med udførelse - af skripter på tværs af websteder (XSS), der tillod fjernangribere at - indsprøjte vilkårlige webskripter eller HTML.

    • - -
  • CVE-2005-4523 - -

    Tobias Klein har opdaget at Mantis afslører private fejl via offentlige - RSS-feeds, hvilket gav fjernangribere adgang til følsomme - oplysninger.

    • - -
  • CVE-2005-4524 - -

    Tobias Klein har opdaget at Mantis ikke håndterede "Gør bemærkning - privat" korrekt, når en fejl var ved at blive løst, hvilket har ukendte - konsekvenser og angrebsvinkler, muligvis relateret til en - informationslækage.

    • - -
- -

Den gamle stabile distribution (woody) lader ikke til at være påvirket af -disse problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.19.2-5sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.19.4-1.

- -

Vi anbefaler at du opgraderer din mantis-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-944.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-945.wml b/danish/security/2006/dsa-945.wml deleted file mode 100644 index c8fa3bb5971..00000000000 --- a/danish/security/2006/dsa-945.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikker midlertidig fil - -

Javier Fernández-Sanguino Peña fra Debians Security Audit-projekt har -opdaget at to skripter i antiword, værktøjer til konvertering af Word-filer til -tekst- og Postscript-format, oprettede en midlertidig fil på en usikker -måde.

- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 0.32-2woody0.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.35-2sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.35-2.

- -

Vi anbefaler at du opgraderer din antiword-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-945.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-946.wml b/danish/security/2006/dsa-946.wml deleted file mode 100644 index 6f7335a3770..00000000000 --- a/danish/security/2006/dsa-946.wml +++ /dev/null @@ -1,44 +0,0 @@ -manglende kontrol af inddata - -

Den tidligere rettelse af sårbarheder i sudo-pakken fungerede fint, men var -for restriktive i nogle miljøer. Derfor har vi gennemgået ændringerne igen og -tilladt at nogle miljøvariable kommer tilbage i det priviligerede -udførelsesmiljø. Derfor denne opdatering.

- -

Opsætningsmuligheden "env_reset" er nu aktiveret som standard. Den vil kun -bevare miljøvariablerne HOME, LOGNAME, PATH, SHELL, TERM, DISPLAY, XAUTHORITY, -XAUTHORIZATION, LANG, LANGUAGE, LC_* og USER, foruden de separate -SUDO_*-variabler.

- -

For fuldstændighedens skyld er herunder den oprindelige bulletins tekst:

- -
-

Man har opdaget at sudo, et priviligeret program der giver specifikke brugere -begrænsede superbrugerrettigheder, overførte flere miljøvariable til det kørende -program med forøgede rettigheder. Hvad angår include-stier (eksempelvis -vedrørende Perl, Python, Ruby eller andre skriptsprog) kunne dette forårsage -udførelse af vilkårlig kode som en priviligeret bruger, hvis angriberen pegede -på en manipuleret version af et systembibliotek.

- -

Denne opdatering ændrer sudos tidligere virkemåde og begrænser antallet af -understøttede miljøvariable til LC_*, LANG, LANGUAGE og TERM. Yderligere -variabler kan kun overføres når de er opsat som env_check i /etc/sudoers, -hvilket nogle skripter kan kræve for fortsat at kunne fungere.

-
- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.6.6-1.6.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.6.8p7-1.4.

- -

I den ustabile distribution (sid) vil den samme funktionalitet snart blive -implementeret.

- -

Vi anbefaler at du opgraderer din sudo-pakke. I unstable skal -"Defaults = env_reset" tilføjes manuelt til /etc/sudoers.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-946.data" -#use wml::debian::translation-check translation="94c7ab265147cf1eeb6bea2f39e54bce51c20831" mindelta="1" diff --git a/danish/security/2006/dsa-947.wml b/danish/security/2006/dsa-947.wml deleted file mode 100644 index f2db0488a31..00000000000 --- a/danish/security/2006/dsa-947.wml +++ /dev/null @@ -1,25 +0,0 @@ -heap-overløb - -

Et heap-overløb er opdaget i ClamAV, en virusscanner, hvilket kunne gøre det -muligt for en angriber at udføre vilkårlig kode ved at sende en særligt -fremstillet UPX-indkapslet eksekvérbar fil til et system der kører ClamAV. -Desuden er andre potentielle overløb rettet.

- -

Pakker til ARM-arkitekturen var ikke tilgængelige da DSA 947-1 blev udsendt; -disse pakker er nu tilgængelige. Desuden angav DSA 947-1 en forkert -pakkeversion vedrørende rettelsen til den ustabile distribution (sid).

- -

Den gamle stabile distribution (woody) indeholder ikke ClamAV.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.84-2.sarge.7.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.88-1.

- -

Vi anbefaler at du omgående opgraderer din clamav-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-947.data" -#use wml::debian::translation-check translation="ba8fdddc9e6cca16be38a6f60d1b61a79f80fc04" mindelta="1" diff --git a/danish/security/2006/dsa-948.wml b/danish/security/2006/dsa-948.wml deleted file mode 100644 index 05c70c0ac80..00000000000 --- a/danish/security/2006/dsa-948.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Maksim Orlovich har opdaget at Javascript-fortolkeren kjs, som anvendes i -webbrowseren Konqueror og i andre dele af KDE, udførte utilstrækkelige -grænsekontroller når UTF-8-indkapslede URI'er blev fortolket, hvilket kunne -medføre et head-baseret bufferoverløb og udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.3.2-6.4

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din kdelibs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-948.data" -#use wml::debian::translation-check translation="239ee68a2aeebc7cfbcf81327520b81695d8eaad" mindelta="1" diff --git a/danish/security/2006/dsa-949.wml b/danish/security/2006/dsa-949.wml deleted file mode 100644 index c21efa278f3..00000000000 --- a/danish/security/2006/dsa-949.wml +++ /dev/null @@ -1,23 +0,0 @@ -usikker programudførelse - -

Steve Kemp fra Debians Security Audit-projekt har opdaget et -sikkerhedsrelateret problem i crawl, endnu et konsolbaseret spil der går ud på -at udforske huler, i stil med nethack og rogue. Programmet udførte kommandoer -på en usikker måde når et spil blev gemt eller hentet, hvilket kunne gøre det -muligt for lokale angribere at opnå rettighederne hørende til gruppen games.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 4.0.0beta23-2woody2.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.0.0beta26-4sarge0.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.0.0beta26-7.

- -

Vi anbefaler at du opgraderer din crawl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-949.data" -#use wml::debian::translation-check translation="bcf2b536beec3a9d510c6af2257c4cbd9ead5109" mindelta="1" diff --git a/danish/security/2006/dsa-950.wml b/danish/security/2006/dsa-950.wml deleted file mode 100644 index bdf5f5b0b1a..00000000000 --- a/danish/security/2006/dsa-950.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

"infamous41md" og Chris Evans har fundet flere heap-baserede bufferoverløb i -xpdf, som også findes i CUPS, Common UNIX Printing System, hvilket kunne -medføre et lammelsesangreb (denial of service) ved at få programmet til at gå -ned eller muligvis udføre vilkårlig kode.

- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 1.1.14-5woody14.

- -

CUPS har siden 1.1.22-7 ikke anvendt xpdf's kildekode, da der fra denne -version anvendes xpdf-utils til behandling af PDF-filer.

- -

Vi anbefaler at du opgraderer dine CUPS-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-950.data" -#use wml::debian::translation-check translation="f5359956a289e21974beaa3f87121877aa96315b" mindelta="1" diff --git a/danish/security/2006/dsa-951.wml b/danish/security/2006/dsa-951.wml deleted file mode 100644 index 2f9f8a252d3..00000000000 --- a/danish/security/2006/dsa-951.wml +++ /dev/null @@ -1,42 +0,0 @@ -manglende kontrol af inddata - -

Denne opdatering retter søgefunktionen i trac, en udvidet wiki og -fejlsporingssystem til softwareudviklingsprojekter, der holdt op med at virke -efter den seneste sikkerhedsopdatering. For fuldstændighedens skyld er -herunder den oprindelige bulletins tekst:

- -
-

Flere sårbarheder er opdaget i trac, en udvidet wiki- og fejlsporingssystem -til softwareudviklingsprojekter. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problems:

- -
    - -
  • CVE-2005-4065 - -

    På grund af manglende kontrol af inddata, var det muligt at sprøjte - vilkårlig SQL-kode ind i SQL-kommandoer.

    • - -
  • CVE-2005-4644 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder gjorde det muligt for fjernangribere at indsprøjte vilkårlige - webskripter eller HTML-kode.

    • - -
-
- -

Den gamle stabile distribution (woody) indeholder ikke trac-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.8.1-3sarge4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.9.3-1.

- -

Vi anbefaler at du opgraderer din trac-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-951.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-952.wml b/danish/security/2006/dsa-952.wml deleted file mode 100644 index b103ff6d04e..00000000000 --- a/danish/security/2006/dsa-952.wml +++ /dev/null @@ -1,21 +0,0 @@ -formatstreng - -

"Seregorn" har opdaget en formatstrengssårbarhed i logningsfunktionen i -libapache-auth-ldap, et LDAP-autentificeringsmodul til webserveren Apache. -Sårbarheden kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.6.0-3.1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.6.0-8.1

- -

Den ustabile distribution (sid) indeholder ikke længere -libapache-auth-ldap.

- -

Vi anbefaler at du opgraderer din libapache-auth-ldap-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-952.data" -#use wml::debian::translation-check translation="e477ea2c0e439734b9633e3a572fa426c37ac33f" mindelta="1" diff --git a/danish/security/2006/dsa-953.wml b/danish/security/2006/dsa-953.wml deleted file mode 100644 index 2d0a390fc15..00000000000 --- a/danish/security/2006/dsa-953.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Flere sårbarheder i forbindelse med udførelse af skripter på tværs af -websteder (cross-site scripting) er fundet i flyspray, et letanvendeligt -fejlsporingssystem. Sårbarhederne gjorde det muligt for angribere at indsætte -vilkårlig skriptkode på index-siden.

- -

Den gamle stabile distribution (woody) indeholder ikke flyspray.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.7-2.1.

- -

I distributionerne testing (etch) og unstable (sid) er dette problem -rettet i version 0.9.8-5.

- -

Vi anbefaler at du opgraderer din flyspray-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-953.data" -#use wml::debian::translation-check translation="8750d183c8157a43bd3dd4d79c6d9fb347761ba9" mindelta="1" diff --git a/danish/security/2006/dsa-954.wml b/danish/security/2006/dsa-954.wml deleted file mode 100644 index c4bde39b1d2..00000000000 --- a/danish/security/2006/dsa-954.wml +++ /dev/null @@ -1,22 +0,0 @@ -designfejl - -

H D Moore har opdaget at Wine, en frit tilgængelig implementering af -Microsoft Windows-API'erne, nedarvede en designfejl fra Windows' GDI API, -hvilket kunne medføre udførelse af kode via GDI-escapefunktioner i -WMF-filer.

- -

Den gamle stabile distribution (woody) lader ikke til at være påvirket af -dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.0.20050310-1.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.2-1.

- -

Vi anbefaler at du opgraderer dine wine-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-954.data" -#use wml::debian::translation-check translation="ba8fdddc9e6cca16be38a6f60d1b61a79f80fc04" mindelta="1" diff --git a/danish/security/2006/dsa-955.wml b/danish/security/2006/dsa-955.wml deleted file mode 100644 index f689d2581a1..00000000000 --- a/danish/security/2006/dsa-955.wml +++ /dev/null @@ -1,23 +0,0 @@ -DoS - -

To lammelsesangrebsfejl (denial of service) er opdaget i listeserveren -mailman. Den første fejl gjaldt navne på vedhæftede filer indeholdende -UTF8-strenge, som ikke blev fortolket korrekt, hvilket kunne få serveren til at -gå ned. Den anden fejl gjaldt en meddelelse indeholdende en dårlig datostreng, -som kunne få serveren til at gå ned.

- -

Den gamle stabile distribution (woody) er ikke sårbar over for disse -problemer.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.1.5-8sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.1.5-10.

- -

Vi anbefaler at du omgående opgraderer din mailman-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-955.data" -#use wml::debian::translation-check translation="bfb456139d47afa16d79398fa262a2c876dcf71a" mindelta="1" diff --git a/danish/security/2006/dsa-956.wml b/danish/security/2006/dsa-956.wml deleted file mode 100644 index 85ffe910df9..00000000000 --- a/danish/security/2006/dsa-956.wml +++ /dev/null @@ -1,36 +0,0 @@ -filedescriptor-lækage - -

Stefan Pfetzing har opdaget at lshd, en Secure Shell v2 -(SSH2)-protokolserver, lækkede et par fil-descriptorer, i forbindelse med -tilfældighedsgenerering, til bruger-shell'er startet af lshd. En lokal -angriber kunne trunkere serverens seed-fil, hvilket kunne forhindre serveren i -at starte, og med noget mere arbejde, måske også bryde sessionsnøglen.

- -

Efter installering af denne opdatering, bør du fjerne serverens seed-fil -(/var/spool/lsh/yarrow-seed-file) og som root regenerere den med -"lsh-make-seed --server".

- -

Af sikkerhedsgrunde skal lsh-make-seed køres fra konsollen på det system, -som du kører den på. Hvis du kører lsh-make-seed via en fjern shell, er det -meget muligt at timing-oplysningerne som lsh-make-seed anvender til oprettelsen -af sin tilfældigheds-seed kan være dårlige. Om nødvendigt kan du generere -tilfældigheds-seed'en på et andet system, end der hvor den egentlig skal køre, -ved at installere pakken lsh-utils og køre -"lsh-make-seed -o my-other-server-seed-file". Derefter kan du overføre -seed-filen til det oprindelige system via en sikker forbindelse.

- -

Den gamle stabile distribution (woody) er måske ikke påvirket af dette -problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.0.1-3sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.1cdbs-4.

- -

Vi anbefaler at du opgraderer din lsh-server-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-956.data" -#use wml::debian::translation-check translation="6267e9a2f71dd5e3a12c5eb13f60f528bb7e8b4b" mindelta="1" diff --git a/danish/security/2006/dsa-957.wml b/danish/security/2006/dsa-957.wml deleted file mode 100644 index 71b732c19e2..00000000000 --- a/danish/security/2006/dsa-957.wml +++ /dev/null @@ -1,24 +0,0 @@ -manglende kontrol af shell-meta-data - -

Florian Weimer har opdaget at delegeringskode i ImageMagick var sårbar -overfor kommandoindspøjtning til shell'en ved hjælp af særligt fremstillede -filnavne. Dette gjorde det muligt for angribere at indkapsle kommandoer i -grafik-kommandoer. Med nogen brugerindgriben, var sårbarheden udnytbar via -Gnus og Thunderbird. Denne opdatering bortfiltrerer desuden "$"-tegnet, -hvilket blev glemt i den forrige opdatering.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 5.4.4.5-1woody8.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 6.0.6.2-2.6.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.2.4.5-0.6.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-957.data" -#use wml::debian::translation-check translation="b339a77580e06b206bedadd0ee4df7dd5cae5ef8" mindelta="1" diff --git a/danish/security/2006/dsa-958.wml b/danish/security/2006/dsa-958.wml deleted file mode 100644 index 9af5d8abaaa..00000000000 --- a/danish/security/2006/dsa-958.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i drupal, en omfattende -"maskine" til indholdshåndtering og diskussioner. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2005-3973 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (cross-site scripting) tillod fjernangribere at indsprøjte - vilkårlige webskripter eller HTML-kode.

    • - -
  • CVE-2005-3974 - -

    Når Drupal kørte under PHP5, blev brugerrettigheder ikke altid udøvet - korrekt, hvilket tillod fjernangribere at omgå tilladelsen "access - user profiles".

    • - -
  • CVE-2005-3975 - -

    En fortolkningskonflikt tillod fjern-autentificerede brugere at - indsprøjte vilkårlige webskriper eller HTML-kode via HTML i en fil med en - GIF- eller JPEG-filudvidelse.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke drupal-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4.5.3-5.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.5.6-1.

- -

Vi anbefaler at du opgraderer din drupal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-958.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-959.wml b/danish/security/2006/dsa-959.wml deleted file mode 100644 index 0a27190e3bd..00000000000 --- a/danish/security/2006/dsa-959.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Ulf Härnhammar fra Debians Security Audit-projekt har opdaget at unalz, et -program til udpakning af ALZ-arkiver, udførte utilstrækkelige grænsekontroller -ved fortolkning af filnavne. Dette kunne føre til udførelse af vilkårlig kode -hvis en angriber leverede et særligt fremstillet ALZ-arkiv.

- -

Den gamle stabile distribution (woody) indeholder ikke unalz.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.30.1

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din unalz-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-959.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-960.wml b/danish/security/2006/dsa-960.wml deleted file mode 100644 index fb64e3c30cf..00000000000 --- a/danish/security/2006/dsa-960.wml +++ /dev/null @@ -1,31 +0,0 @@ -usikker oprettelse af fil - -

Den forrige opdatering var årsag til at midlertidige filer blev oprettet i -den aktuelle mappe, på grund af et forkert funktionsparameter. Med denne -opdatering oprettes midlertidige filer i brugerens hjemmemappe, hvis HOME er -defineret, og ellers i den fælles mappe til midlertidige filer, normalt /tmp. -For fuldstændighedens skyld er herunder teksten fra den oprindelige -bulletin:

- -
-

Niko Tyni har opdaget at modulet Mail::Audit, et Perl-bibliotek til -oprettelse af simple mailfiltre, loggede til en midlertidig fil med et -forudsigeligt filnavn på en usikker måde, når logning var slået til, hvilket -ikke er tilfældet som standard.

-
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 2.0-4woody3.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.1-5sarge4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.1-5.1.

- -

Vi anbefaler at du opgraderer din libmail-audit-perl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-960.data" -#use wml::debian::translation-check translation="9b77694c46b719f4e1092bd1364bfceed186fb75" mindelta="1" diff --git a/danish/security/2006/dsa-961.wml b/danish/security/2006/dsa-961.wml deleted file mode 100644 index 79af2bb61b2..00000000000 --- a/danish/security/2006/dsa-961.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

"infamous41md" og Chris Evans har fundet flere heap-baserede bufferoverløb i -xpdf, som også findes i pdfkit.framework, GNUsteps framework til fremstilling -af PDF-indhold, hvilket kunne medføre et lammelsesangreb (denial of service) -ved at få programmet til at gå ned eller muligvis udføre vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke -pdfkit.framework-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.8-2sarge1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din pdfkit.framework-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-961.data" -#use wml::debian::translation-check translation="cca5d24b4868c491ba536647cf7694d9e9e9c3ea" mindelta="1" diff --git a/danish/security/2006/dsa-962.wml b/danish/security/2006/dsa-962.wml deleted file mode 100644 index c2355352280..00000000000 --- a/danish/security/2006/dsa-962.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

"infamous41md" og Chris Evans har fundet flere heap-baserede bufferoverløb i -xpdf, som også findes i pdftohtml, et værktøj som oversætter PDF-dokumenter til -HTML-format, hvilket kunne medføre et lammelsesangreb (denial of service) ved -at få programmet til at gå ned eller muligvis udføre vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke pdftohtml-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.36-11sarge1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din pdftohtml-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-962.data" -#use wml::debian::translation-check translation="4e0b93b83f0b8c25828b4aa60e8c5d1698535ad1" mindelta="1" diff --git a/danish/security/2006/dsa-963.wml b/danish/security/2006/dsa-963.wml deleted file mode 100644 index 3db1843fb07..00000000000 --- a/danish/security/2006/dsa-963.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

NISCC rapporterer at MyDNS, en DNS-server som anvender en SQL-database til -lagring af data, kan snydes ind i en uendelig løkke af en fjernangriber og -dermed forårsage et lammelsesangreb (denial of service).

- -

Den gamle stabile distribution (woody) indeholder ikke mydns-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.0.0-4sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.1.0+pre-3.

- -

Vi anbefaler at du opgraderer din mydns-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-963.data" -#use wml::debian::translation-check translation="7ede51affe90b6c6bf838f48246e324d57c17c46" mindelta="1" diff --git a/danish/security/2006/dsa-964.wml b/danish/security/2006/dsa-964.wml deleted file mode 100644 index 540820258ff..00000000000 --- a/danish/security/2006/dsa-964.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Et problem er opdaget i gnocatan, computerudgaven af brætspillet Catan. -Problemet kunne føre til at serveren og andre klienter afsluttede med en -"assert", og tillod dermed ikke udførelse af vilkårlig kode. Spillet er -efter udgivelsen af Debian "sarge" blevet omdøbt til Pioneers.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.6.1-5woody3.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.8.1.59-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.9.49-1 of pioneers.

- -

Vi anbefaler at du opgraderer dine gnocatan- og pioneers-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-964.data" -#use wml::debian::translation-check translation="b6bf03d787fb16b2f9f3854b982b3254c02d7369" mindelta="1" diff --git a/danish/security/2006/dsa-965.wml b/danish/security/2006/dsa-965.wml deleted file mode 100644 index 9eb7c2cbb19..00000000000 --- a/danish/security/2006/dsa-965.wml +++ /dev/null @@ -1,21 +0,0 @@ -null-dereference - -

Implementeringen af Internet Key Exchange version 1 (IKEv1) i racoon fra -ipsec-tools, IPsec-værktøjer til Linux, prøvede at dereferencere en NULL-pointer -under visse omstændigheder, hvilket gjorde det muligt for fjernangribere at -forårsage et lammelsesangreb (denial of service).

- -

Den gamle stabile distribution (woody) indeholder ikke ipsec-tools.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.5.2-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.6.3-1.

- -

Vi anbefaler at du opgraderer din racoon-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-965.data" -#use wml::debian::translation-check translation="8cc542a92d926fbf4909b359779e02b0ac7c704a" mindelta="1" diff --git a/danish/security/2006/dsa-966.wml b/danish/security/2006/dsa-966.wml deleted file mode 100644 index e5d2f06dfd3..00000000000 --- a/danish/security/2006/dsa-966.wml +++ /dev/null @@ -1,21 +0,0 @@ -lammelsesangreb - -

Thomas Reifferscheid har opdaget at adzapper, et proxy-tilføjelsesprogram der -fjerner reklamer, der når det er installeret som en plugin i -internet-cacheprogrammet squid, kunne opbruge mange CPU-ressourcer og dermed -forårsage et lammelsesangreb (denial of service) på proxy-værtsmaskinen.

- -

Den gamle stabile distribution (woody) indeholder ikke en adzapper-pakke.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 20050316-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 20060115-1.

- -

Vi anbefaler at du opgraderer din adzapper-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-966.data" -#use wml::debian::translation-check translation="b38005f95c8859534ad3a8703e08396029a408b9" mindelta="1" diff --git a/danish/security/2006/dsa-967.wml b/danish/security/2006/dsa-967.wml deleted file mode 100644 index 0ceed49b87a..00000000000 --- a/danish/security/2006/dsa-967.wml +++ /dev/null @@ -1,64 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsproblemer er opdaget i elog, en elektronisk logbog til -håndtering af noter. Common Vulnerabilities and Exposures Project har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2005-4439 - -

    "GroundZero Security" har opdaget at elog på utilstrækkelig vis - kontrollerede størrelsen på en buffer der blev anvendt til at - behandle URL-parametre, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2006-0347 - -

    Man har opdaget at elog indeholdt en mappegennemløbssårbarhed i - behandlingen af "../"-forekomester i URL'er, hvilket kunne føre til - informationslækage.

    • - -
  • CVE-2006-0348 - -

    Koden der skriver til logfilen indeholdt en formatstrengssårbarhed, - hvilket kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2006-0597 - -

    Ekstra lange revisionsattributter kunne udløse et crash på grund af - et bufferoverløb.

    • - -
  • CVE-2006-0598 - -

    Koden der skriver til logfilen udførte ikke korrekte grænsekontroller, - hvilket kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2006-0599 - -

    elog kom med forskellige fejlmeddelelser vedrørende ugyldige adgangskoder - og ugyldige brugere, hvilket gjorde det muligt for en angriber at søge efter - gyldige brugernavne.

    • - -
  • CVE-2006-0600 - -

    En angriber kunne blive ledt ind i en uendelig viderestilling med en - særligt fremstillet "fail"-forespørgsel, hvilket potentielt kunne have - udløst et lammelsesangreb (denial of service).

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke elog-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.5.7+r1558-4+sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.6.1+r1642-1.

- -

Vi anbefaler at du opgraderer din elog-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-967.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-968.wml b/danish/security/2006/dsa-968.wml deleted file mode 100644 index a623c600a1d..00000000000 --- a/danish/security/2006/dsa-968.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker midlertidig fil - -

Javier Fernández-Sanguino Peña fra Debian Security Audit-projektet har -opdaget at et skript i noweb, et weblignende sprogligt programmeringsværktøj, -oprettede midlertidige filer på en usikker måde.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.9a-7.4.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.10c-3.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.10c-3.2.

- -

Vi anbefaler at du opgraderer din nowebm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-968.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-969.wml b/danish/security/2006/dsa-969.wml deleted file mode 100644 index b0e6a8caad1..00000000000 --- a/danish/security/2006/dsa-969.wml +++ /dev/null @@ -1,22 +0,0 @@ -designsfejl - -

Max Vozeler har opdaget en sårbarhed i scponly, et værktøj til begrænsning -af brugerkommandoer til scp og sftp, hvilket kunne føre til udførelse af -vilkårlige kommandoer som root. Systemet var kun sårbart hvis programmet -scponlyc var installeret setuid root og hvis almindelige brugere havde -shell-adgang til maskinen.

- -

Den gamle stabile distribution (woody) indeholder ikke en scponly-pakke.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 4.0-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.6-1.

- -

Vi anbefaler at du opgraderer din scponly-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-969.data" -#use wml::debian::translation-check translation="b339a77580e06b206bedadd0ee4df7dd5cae5ef8" mindelta="1" diff --git a/danish/security/2006/dsa-970.wml b/danish/security/2006/dsa-970.wml deleted file mode 100644 index 7a5f1734f77..00000000000 --- a/danish/security/2006/dsa-970.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Johannes Greil fra SEC Consult har opdaget flere sårbarheder i forbindelse -med udførelse af skripter på tværs af websteder (cross-site scripting) i -kronolith, Hordes kalenderprogram.

- -

Den gamle stabile distribution (woody) indeholder ikke kronolith-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.1.4-2sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.0.6-1 of kronolith2.

- -

Vi anbefaler at du opgraderer dine kronolith- og kronolith2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-970.data" -#use wml::debian::translation-check translation="5268204b6238b925e764d60124ff3251891f8475" mindelta="1" diff --git a/danish/security/2006/dsa-971.wml b/danish/security/2006/dsa-971.wml deleted file mode 100644 index d7caeca9693..00000000000 --- a/danish/security/2006/dsa-971.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

SuSE-efterforskere har opdaget heapoverløbsfejl i xpdf, Portable Document -Format (PDF)-programpakken, som kunne gøre det muligt for angribere at -forårsage et lammelsesangreb (denial of service) ved at få programmet til at -gå ned eller muligvis udføre vilkårlig kode.

- -

Den gamle stabile distribution (woody) er ikke påvirket.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 3.00-13.5.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.01-6.

- -

Vi anbefaler at du opgraderer dine xpdf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-971.data" -#use wml::debian::translation-check translation="2f6cd3d43bad6d1ecf55df9121dd799bbd5bf696" mindelta="1" diff --git a/danish/security/2006/dsa-972.wml b/danish/security/2006/dsa-972.wml deleted file mode 100644 index 5ae13037c21..00000000000 --- a/danish/security/2006/dsa-972.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

SuSE-efterforskere har opdaget heapoverløbsfejl i xpdf, Portable Document -Format (PDF)-programpakken, der også findes i pdfkit.framework som er GNUsteps -framework til dannelse af PDF-indhold, og som kunne gøre det muligt for -angribere at forårsage et lammelsesangreb (denial of service) ved at få -programmet til at gå ned eller muligvis udføre vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke -pdfkit.framework-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.8-2sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.8-4 by switching to poppler.

- -

Vi anbefaler at du opgraderer din pdfkit.framework-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-972.data" -#use wml::debian::translation-check translation="d664bcd19d13661fc9b77a1940e4f2430e6a8a82" mindelta="1" diff --git a/danish/security/2006/dsa-973.wml b/danish/security/2006/dsa-973.wml deleted file mode 100644 index e2357f051a2..00000000000 --- a/danish/security/2006/dsa-973.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i otrs, Open Ticket Request System, der kunne -fjernudnyttes. Common Vulnerabilities and Exposures Project har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2005-3893 - -

    Flere sårbarheder i forbindelse med indsprøjtning af SQL gjorde det - muligt for fjernangribere at udføre vilkårlige SQL-kommandoer og omgå - autentificering.

    • - -
  • CVE-2005-3894 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs - af websteder (cross-site scripting) gjorde det muligt for - fjernautentificerede brugere at indsprøjte vilkårlige webskripter - eller HTML.

    • - -
  • CVE-2005-3895 - -

    Internt vedhæftede text/html-meddelelser blev også behandlet som HTML, - når moderatoren forsøgte at hente vedhæftelsen, hvilket gjorde det muligt - for fjernangribere at udføre vilkårlige webskripter eller HTML.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke OTRS-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.3.2p01-6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.0.4p01-1.

- -

Vi anbefaler at du opgraderer din otrs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-973.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-974.wml b/danish/security/2006/dsa-974.wml deleted file mode 100644 index d7f95a6f315..00000000000 --- a/danish/security/2006/dsa-974.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

SuSE-efterforskere har opdaget heapoverløbsfejl i xpdf, Portable Document -Format (PDF)-programpakken, der også findes i gpdf, GNOMEs udgave af -PDF-visningsprogrammet, og som kunne gøre det muligt for angribere at -forårsage et lammelsesangreb (denial of service) ved at få programmet til at -gå ned eller muligvis udføre vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke gpdf-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.8.2-1.2sarge3.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din gpdf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-974.data" -#use wml::debian::translation-check translation="40d6c8b7bbb487cf736a0e2d9074fd23af15d0ef" mindelta="1" diff --git a/danish/security/2006/dsa-975.wml b/danish/security/2006/dsa-975.wml deleted file mode 100644 index 72a6793dbd2..00000000000 --- a/danish/security/2006/dsa-975.wml +++ /dev/null @@ -1,29 +0,0 @@ -bufferoverløb - -

Marcus Meissner har opdaget at angribere kunne udløse et bufferoverløb i -stihåndteringskoden ved at oprette eller misbruge eksisterende symlinks, -hvilket kunne føre til udførelse af vilkårlig kode.

- -

Denne sårbarhed findes ikke i kernens NFS-server.

- -

Opdateringen indeholder en fejlrettelse til attributhåndteringen af -symlinks. Rettelsen har ikke sikkerhedsimplikationer, men da denne DSA -blev forberedt var rettelsen allerede i kø til at blive optaget i den -næste punktopdatering af den stabile udgave, hvorfor vi besluttede at -medtage den med det samme.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.2beta47-12woody1.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.2beta47-20sarge2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.2beta47-22.

- -

Vi anbefaler at du opgraderer din nfs-user-server-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-975.data" -#use wml::debian::translation-check translation="aaee277daecab2a519ea829493a15c7dbb6aee1a" mindelta="1" diff --git a/danish/security/2006/dsa-976.wml b/danish/security/2006/dsa-976.wml deleted file mode 100644 index 1410365c324..00000000000 --- a/danish/security/2006/dsa-976.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Johnny Mast har opdaget et bufferoverløb i libast, "library of assorted -spiffy things" (biblioteket med forskellige fikse ting), der kunne føre til -udførelse af vilkårlig kode. Biblioteket anvendes af eterm, der installeres -setgid uid, hvilket førte til en sårbarhed der muligjorde ændring af -utmp-filen.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 0.4-3woody2.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.6-0pre2003010606sarge1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libast-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-976.data" -#use wml::debian::translation-check translation="8750d183c8157a43bd3dd4d79c6d9fb347761ba9" mindelta="1" diff --git a/danish/security/2006/dsa-977.wml b/danish/security/2006/dsa-977.wml deleted file mode 100644 index 2e8c6eb7dcc..00000000000 --- a/danish/security/2006/dsa-977.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere sårbarheder - -

To sårbarheder er opdaget i heimdal, en fri implementering af Kerberos 5. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -sårbarheder:

- -
    - -
  • CVE-2006-0582 - -

    Rettighedsforøgelse i rsh-serveren tillod at en autentificeret angriber - kunne overskrive vilkårlige filer og opnå ejerskab af dem.

    • - -
  • CVE-2006-0677 - -

    En fjernangriber kunne tvinge telnet-serveren til at gå ned før brugeren - loggede på, hvilket medførte at inetd slog telnetd fra fordi den fork'ede - for hurtigt.

    • - -
- -

Den gamle stabile distribution (woody) blotlægger ikke rsh- og telnet-servere.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.6.3-10sarge2.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine heimdal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-977.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-978.wml b/danish/security/2006/dsa-978.wml deleted file mode 100644 index 45dd82c83ae..00000000000 --- a/danish/security/2006/dsa-978.wml +++ /dev/null @@ -1,24 +0,0 @@ -programmeringsfejl - -

Tavis Ormandy har opdaget at gnupg, GNU privacy guard - en fri -PGP-erstatning, kontrollerede eksterne signaturer på filer med succes, -selvom de slet ikke indeholdt en signatur.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.0.6-4woody4.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.4.1-1sarge1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din gnupg-pakke.

- -

Bemærk at denne sikkerhedsbulletin er blevet erstattet af -DSA 993. De opdaterede pakker, -som der linkes til fra denne side er derfor ikke længere tilgængelige.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-978.data" -#use wml::debian::translation-check translation="4e3ab2eef740faa25445ac8e4163c683f5217733" mindelta="1" diff --git a/danish/security/2006/dsa-979.wml b/danish/security/2006/dsa-979.wml deleted file mode 100644 index a41ff118738..00000000000 --- a/danish/security/2006/dsa-979.wml +++ /dev/null @@ -1,20 +0,0 @@ -flere sårbarheder - -

Derek Noonburg har rettet flere potentielle sårbarheder i xpdf, Portable -Document Format (PDF)-programpakken, som også findes i pdfkit.framework, -GNUsteps framework til fremstilling af PDF-indhold.

- -

Den gamle stabile distribution (woody) indeholder ikke -pdfkit.framework-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.8-2sarge3.

- -

Den ustabile distribution (sid) er ikke påvirket af disse problemer.

- -

Vi anbefaler at du opgraderer din pdfkit.framework-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-979.data" -#use wml::debian::translation-check translation="bddad7e1fe337f6c4d008a535bb1ba7703fc45b2" mindelta="1" diff --git a/danish/security/2006/dsa-980.wml b/danish/security/2006/dsa-980.wml deleted file mode 100644 index fff26361b5a..00000000000 --- a/danish/security/2006/dsa-980.wml +++ /dev/null @@ -1,32 +0,0 @@ -flere sårbarheder - -

Joxean Koret har opdaget flere sikkerhedsproblemer i tutos, et webbaseret -program til teamorganisering. Common Vulnerabilities and Exposures Project har -fundet frem til følgende problemer:

- -
    -
  • CVE-2004-2161 - -

    En SQL-indsprøjtningssårbarhed tillod udførelse af SQL-kommandoer - gennem parameteret link_id i file_overview.php.

    • - -
  • CVE-2004-2162 - -

    Sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (cross-site scripting) i søgefunktionen i adressebogen og i - app_new.php tillod udførelse af webskriptkode.

    • -
- -

Den gamle stabile distribution (woody) indeholder ikke tutos-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.1.20031017-2+1sarge1.

- -

Den ustabile distribution (sid) indeholder ikke længere tutos-pakker.

- -

Vi anbefaler at du opgraderer din tutos-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-980.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-981.wml b/danish/security/2006/dsa-981.wml deleted file mode 100644 index d6ad5b437a7..00000000000 --- a/danish/security/2006/dsa-981.wml +++ /dev/null @@ -1,21 +0,0 @@ -heltalsoverløb - -

"felinemalice" har opdaget et heltalsoverløb i BMV, et -Postscript-visningsprogram til SVGAlib. Overløbet kunne føre til udførelse af -vilkårlig kode via særligt fremstillede Postscript-filer.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 1.2-14.3.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.2-17sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2-18.

- -

Vi anbefaler at du opgraderer din bmv-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-981.data" -#use wml::debian::translation-check translation="951b11af3b21e8e016add91df549590eb7e1cd2f" mindelta="1" diff --git a/danish/security/2006/dsa-982.wml b/danish/security/2006/dsa-982.wml deleted file mode 100644 index 53d30940942..00000000000 --- a/danish/security/2006/dsa-982.wml +++ /dev/null @@ -1,18 +0,0 @@ -flere sårbarheder - -

Derek Noonburg har rettet flere potentielle sårbarheder i xpdf, som også -findes i gpdf, Portable Document Format (PDF)-fremviseren med Gtk-bindinger.

- -

Den gamle stabile distribution (woody) indeholder ikke gpdf-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2.8.2-1.2sarge4.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din gpdf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-982.data" -#use wml::debian::translation-check translation="736aac3eab006df81a3602369f34055d7cfc6f7e" mindelta="1" diff --git a/danish/security/2006/dsa-983.wml b/danish/security/2006/dsa-983.wml deleted file mode 100644 index 25010d11570..00000000000 --- a/danish/security/2006/dsa-983.wml +++ /dev/null @@ -1,20 +0,0 @@ -flere sårbarheder - -

Derek Noonburg har rettet flere potentielle sårbarheder i xpdf, som også -findes i pdftohtml, et værktøj som konverterer PDF-dokumenter til -HTML-format.

- -

Den gamle stabile distribution (woody) indeholder ikke pdftohtml-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.36-11sarge2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.36-12.

- -

Vi anbefaler at du opgraderer din pdftohtml-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-983.data" -#use wml::debian::translation-check translation="209164cd3b895067d2de14b54dedfd9a99fd3d46" mindelta="1" diff --git a/danish/security/2006/dsa-984.wml b/danish/security/2006/dsa-984.wml deleted file mode 100644 index 4d2c910320e..00000000000 --- a/danish/security/2006/dsa-984.wml +++ /dev/null @@ -1,19 +0,0 @@ -flere sårbarheder - -

Derek Noonburg har rettet flere potentielle sårbarheder i xpdf, Portable -Document Format (PDF)-programpakken.

- -

Den gamle stabile distribution (woody) lader ikke til at være påvirket.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 3.00-13.6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.01-7.

- -

Vi anbefaler at du opgraderer dine xpdf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-984.data" -#use wml::debian::translation-check translation="89c1ff5b707235bcd08e44fa0f76c0a055ef73c2" mindelta="1" diff --git a/danish/security/2006/dsa-985.wml b/danish/security/2006/dsa-985.wml deleted file mode 100644 index 05e7f1b7cc0..00000000000 --- a/danish/security/2006/dsa-985.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Evgeny Legerov har opdaget flere hukommelsestilgange der sker uden for -grænserne i DER-dekodningskomponenten i Tiny ASN.1 Library, hvilket gjorde det -muligt for angribere at få DER-dekoderen til at gå ned og muligvis udføre -vilkårlig kode.

- -

Den gamle stabile distribution (woody) er ikke påvirket af disse problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2_0.2.10-3sarge1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libtasn1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-985.data" -#use wml::debian::translation-check translation="4d8f436faca54837df5a1e22658569f59abaa2b4" mindelta="1" diff --git a/danish/security/2006/dsa-986.wml b/danish/security/2006/dsa-986.wml deleted file mode 100644 index 3875c79ed1d..00000000000 --- a/danish/security/2006/dsa-986.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Evgeny Legerov har opdaget flere hukommelsestilgange der sker uden for -grænserne i DER-dekodningskomponenten i Tiny ASN.1 Library, som også findes og -anvendes i GnuTLS, GNU's implementering af protokollerne Transport Layer -Security (TLS) 1.0 og Secure Sockets Layer (SSL) 3.0, hvilket gjorde det muligt -for angribere at få DER-dekoderen til at gå ned og muligvis udføre vilkårlig -kode.

- -

Den gamle stabile distribution (woody) er ikke påvirket af disse problemer.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.16-13.2.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine gnutls-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-986.data" -#use wml::debian::translation-check translation="0c2c75a8fa4216aa458a83dd32e5ab533eeb5331" mindelta="1" diff --git a/danish/security/2006/dsa-987.wml b/danish/security/2006/dsa-987.wml deleted file mode 100644 index dfa882d6298..00000000000 --- a/danish/security/2006/dsa-987.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Jim Meyering har opdaget flere bufferoverløb i GNU tar, der kunne føre til -udførelse af vilkårlig kode via særligt fremstillede tar-arkiver.

- -

Den gamle stabile distribution (woody) er ikke påvirket af dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.14-2.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.15.1-3.

- -

Vi anbefaler at du opgraderer din tar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-987.data" -#use wml::debian::translation-check translation="417287205bfc45d07b571838c05beb86e454c9c3" mindelta="1" diff --git a/danish/security/2006/dsa-988.wml b/danish/security/2006/dsa-988.wml deleted file mode 100644 index 74daa265d50..00000000000 --- a/danish/security/2006/dsa-988.wml +++ /dev/null @@ -1,48 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i Squirrelmail, et udbredt webmailsystem. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2006-0188 - -

    Martijn Brinkers og Ben Maurer har fundet en fejl i webmail.php, der - tillod fjernangribere at indsprøjte vilkårlige websider i den højre frame - via en URL i parameteret right_frame.

    • - -
  • CVE-2006-0195 - -

    Martijn Brinkers og Scott Hughes har opdaget en forolkningskonflikt i - MagicHTML-filteret, der tillod fjernangribere at foretage angreb i - forbindelse med udførelse af skripter på tværs af websteder (cross-site - scripting, XSS) via style sheet-specifikationer med ugyldige (1) "/*" og - "*/" kommentarer, eller (2) skråstreger i "url"-nøgleord, der behandles af - nogle webbrowsere, deriblandt Internet Explorer.

    • - -
  • CVE-2006-0377 - -

    Vicente Aguilera fra Internet Security Auditors, S.L. har opdaget en - CRLF-indsprøjtningssårbarhed, hvilket tillod fjernangribere at indsprøjte - vilkårlige IMAP-kommandoer via nylinje-tegn i mailbox-parameteret i - kommandoen sqimap_mailbox_select command, alias "IMAP injection." Der er - endnu ingen kendt måde at udnytte denne sårbarhed på.

    • - -
- -

I den gamle stabile distribution (woody) er disse problemer rettet i -version 1.2.6-5.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 2:1.4.4-8.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2:1.4.6-1.

- -

Vi anbefaler at du opgraderer din squirrelmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-988.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/dsa-989.wml b/danish/security/2006/dsa-989.wml deleted file mode 100644 index a24568b77ec..00000000000 --- a/danish/security/2006/dsa-989.wml +++ /dev/null @@ -1,21 +0,0 @@ -SQL-indsprøjtning - -

Neil McBride har opdaget at Zoph, et webbaseret fotohåndteringssystem -udførte utilstrækkelige kontrol af de oplysninger der blev brugt i en -fotosøgning, hvilket kunne føre til udførelse af SQL-kommandoer via et -SQL-indsprøjtningsangreb.

- -

Den gamle stabile distribution (woody) indeholder ikke zoph-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.3.3-12sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.5-1.

- -

Vi anbefaler at du opgraderer din zoph-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-989.data" -#use wml::debian::translation-check translation="4e5de6a3a36cc739b0862edf3d88880e5a587c12" mindelta="1" diff --git a/danish/security/2006/dsa-990.wml b/danish/security/2006/dsa-990.wml deleted file mode 100644 index fe5d3cfedb5..00000000000 --- a/danish/security/2006/dsa-990.wml +++ /dev/null @@ -1,19 +0,0 @@ -programmeringsfejl - -

Et lammelsesangreb (denial of service) er opdaget i bluez-hcidump, et -værktøj der analyserer Bluetooth HCI-pakker, hvilket kunne fjernudløses.

- -

Den gamle stabile distribution (woody) indeholder ikke bluez-hcidump-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.17-1sarge1

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.30-1.

- -

Vi anbefaler at du opgraderer din bluez-hcidump-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-990.data" -#use wml::debian::translation-check translation="3bffea2dd8c3d1696264925f4857d667f1c8333b" mindelta="1" diff --git a/danish/security/2006/dsa-991.wml b/danish/security/2006/dsa-991.wml deleted file mode 100644 index 8b2174242e4..00000000000 --- a/danish/security/2006/dsa-991.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Jean-Sébastien Guay-Leroux har opdaget et bufferoverløb i zoo, et værktøj -til behandling af zoo-arkiver, hvilket kunne føre til udførelse af vilkårlig -kode ved udpakning af et særligt fremstillet zoo-arkiv.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.10-9woody0.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.10-11sarge0.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.10-17.

- -

Vi anbefaler at du opgraderer din zoo-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-991.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-992.wml b/danish/security/2006/dsa-992.wml deleted file mode 100644 index 83cc0b24d3d..00000000000 --- a/danish/security/2006/dsa-992.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Simon Kilvington har opdaget at særligt fremstillede PNG-billeder kan udløse -et heap-overløb i libavcodec, ffmpegs multimedie-bibliotek, hvilket kunne føre -til udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke ffmpeg-pakker.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.cvs20050313-2sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.cvs20050918-5.1.

- -

Vi anbefaler at du opgraderer din ffmpeg-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-992.data" -#use wml::debian::translation-check translation="6ffc5529746ceb8ad95a23310a6122201d4b8444" mindelta="1" diff --git a/danish/security/2006/dsa-993.wml b/danish/security/2006/dsa-993.wml deleted file mode 100644 index 8661d7afba0..00000000000 --- a/danish/security/2006/dsa-993.wml +++ /dev/null @@ -1,23 +0,0 @@ -programmeringsfejl - -

Tavis Ormandy har opdaget at gnupg, GNU privacy guard - en fri -PGP-erstatning, kan narres til at udsende en "good signature"-statusmeddelelse -når en gyldig signatur som ikke hører til datapakken er indeholdt. -Denne nye opdatering tilføjer grundlæggede nye pakker til woody, hvis version -også viste sig at være såbar.

- -

I den gamle stabile distribution (woody) er dette problem rettet i version -1.0.6-4woody5.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.4.1-1.sarge3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.4.2.2-1.

- -

Vi anbefaler at du opgraderer din gnupg-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-993.data" -#use wml::debian::translation-check translation="3cda9eed78ed4d8ddc76efe17fe08686a95444b5" mindelta="1" diff --git a/danish/security/2006/dsa-994.wml b/danish/security/2006/dsa-994.wml deleted file mode 100644 index b1d10cc298f..00000000000 --- a/danish/security/2006/dsa-994.wml +++ /dev/null @@ -1,20 +0,0 @@ -lammelsesangreb - -

Luigi Auriemma har opdaget et lammelsesangreb (denial of service) i den frie -Civilization-server, hvilket gjorde det muligt for en fjernbruger at udløse et -servernedbrud (crash).

- -

Den gamle stabile distribution (woody) er ikke påvirket at dette problem.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.0.1-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.8-1.

- -

Vi anbefaler at du opgraderer din freeciv-server-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-994.data" -#use wml::debian::translation-check translation="852b8a6329e63e144544320a209c37462a74058d" mindelta="1" diff --git a/danish/security/2006/dsa-995.wml b/danish/security/2006/dsa-995.wml deleted file mode 100644 index 7fe014c5017..00000000000 --- a/danish/security/2006/dsa-995.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Ulf Härnhammar har opdaget et bufferoverløb i metamail, en implementering af -MIME (Multi-purpose Internet Mail Extensions), hvilket kunne føre til et -lammelsesangreb (denial of service) eller potentielt udføre vilkårlig kode -under behandling af meddelelser.

- -

I den gamle stabile distribution (woody) er dette problem rettet i -version 2.7-45woody.4.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.7-47sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.7-51.

- -

Vi anbefaler at du opgraderer din metamail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-995.data" -#use wml::debian::translation-check translation="19967b4c9aa3da955f49ef99ac0a9d117606c8a4" mindelta="1" diff --git a/danish/security/2006/dsa-996.wml b/danish/security/2006/dsa-996.wml deleted file mode 100644 index 1551cc859e4..00000000000 --- a/danish/security/2006/dsa-996.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Lincoln Stein har opdaget at Perl Crypt::CBC-modulet producerer svag -"ciphertext" når det anvendes med blokkrypteringsalgoritmer med en -blokstørrelse større end 8 bytes.

- -

Den gamle stabile distribution (woody) indeholder ikke et -Crypt::CBC-modul.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.12-1sarge1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.17-1.

- -

Vi anbefaler at du opgraderer din libcrypt-cbc-perl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-996.data" -#use wml::debian::translation-check translation="ec293f0dd1e1c698f6f686f7876e432633ea511e" mindelta="1" diff --git a/danish/security/2006/dsa-997.wml b/danish/security/2006/dsa-997.wml deleted file mode 100644 index c2fb534dfa7..00000000000 --- a/danish/security/2006/dsa-997.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Stefan Cornelius fra Gentoo Security har opdaget at bomberclone, et frit -Bomberman-lignende spil, gik ned når det modtog ekstra lange fejlpakker, -hvilket også kunne tillade fjernangribere at udføre vilkårlig kode.

- -

Den gamle stabile distribution (woody) indeholder ikke bomberclone-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.11.5-1sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.11.6.2-1.

- -

Vi anbefaler at du opgraderer din bomberclone-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-997.data" -#use wml::debian::translation-check translation="61953ffc9158f2b85e219cbf9e5a5b823bd0ac3c" mindelta="1" diff --git a/danish/security/2006/dsa-998.wml b/danish/security/2006/dsa-998.wml deleted file mode 100644 index eb515dd8d03..00000000000 --- a/danish/security/2006/dsa-998.wml +++ /dev/null @@ -1,20 +0,0 @@ -flere sårbarheder - -

Derek Noonburg har rettet flere potentielle sårbarheder i xpdf, hvilket også -er til stede i libextractor, en bibliotek til udtrækning af vilkårlige metadata -fra filer.

- -

Den gamle stabile distribution (woody) indeholder ikke libextractor-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.4.2-2sarge3.

- -

I den ustabile distribution (sarge) er disse problemer rettet i -version 0.5.10-1.

- -

Vi anbefaler at du opgraderer din libextractor-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-998.data" -#use wml::debian::translation-check translation="ec9f33957a305a72c02d84e7dbba8fbc16a62c56" mindelta="1" diff --git a/danish/security/2006/dsa-999.wml b/danish/security/2006/dsa-999.wml deleted file mode 100644 index 5c8abef2a39..00000000000 --- a/danish/security/2006/dsa-999.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i lurker, et -arkiveringsværktøj til postlister med integreret søgemaskine. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-1062 - -

    Lurkers mekanisme til specificering af opsætningsfiler kunne overskrives. - Da Lurker medtager sektioner fra ufortolkede opsætningsfiler i sine uddata, - kunne en angriber manipulere Lurker til at læse enhver fil der var læsbar - af brugeren www-data.

    • - -
  • CVE-2006-1063 - -

    Det var muligt for en fjernangriber at oprette eller overskrive filer i - enhver skrivbar mappe med navnet "mbox".

    • - -
  • CVE-2006-1064 - -

    Manglende kontrol af inddata gjorde det muligt for en angriber at - indsprøjte vilkårlige webskripter eller HTML.

    • - -
- -

Den gamle stabile distribution (woody) indeholder ikke lurker-pakker.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.2-5sarge1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.1-1.

- -

Vi anbefaler at du opgraderer din lurker-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2006/dsa-999.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2006/index.wml b/danish/security/2006/index.wml deleted file mode 100644 index 235824d649e..00000000000 --- a/danish/security/2006/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2006 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2006', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2007/Makefile b/danish/security/2007/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2007/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2007/dsa-1245.wml b/danish/security/2007/dsa-1245.wml deleted file mode 100644 index ad4c5a8f033..00000000000 --- a/danish/security/2007/dsa-1245.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Martin Loewer opdagede at ftp-dæmonen proftpd var sårbar over for -lammelsesangreb (denial of service), hvis tillægsmodulet til -Radius-autentifikation var aktiveret.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.2.10-15sarge4.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 1.2.10+1.3.0rc5-1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.10+1.3.0rc5-1.

- -

Vi anbefaler at du opgraderer din proftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1245.data" -#use wml::debian::translation-check translation="d8047062d546b865afbe9991b84dc1c21d070020" mindelta="1" diff --git a/danish/security/2007/dsa-1246.wml b/danish/security/2007/dsa-1246.wml deleted file mode 100644 index 493c7afaed1..00000000000 --- a/danish/security/2007/dsa-1246.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

John Heasman fra Next Generation Security Software har opdaget et heapoverløb -i håndteringen af Windows-metafiles i OpenOffice.org, den frie kontorpakke, -hvilket kunne føre til lammelsesangreb og potentielt udførelse af vilkårlig -kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.1.3-9sarge4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.4-1.

- -

Vi anbefaler at du opgraderer din openoffice.org-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1246.data" -#use wml::debian::translation-check translation="7cefa57cfb766fb058b5efc45f8aa805895ad4c3" mindelta="1" diff --git a/danish/security/2007/dsa-1247.wml b/danish/security/2007/dsa-1247.wml deleted file mode 100644 index d2d3fa82eaa..00000000000 --- a/danish/security/2007/dsa-1247.wml +++ /dev/null @@ -1,20 +0,0 @@ -heapoverløb - -

En forskudt med én-fejl medførende et heap-baseret bufferoverløb er opdaget i -libapache-mod-auth-kerb, et Apache-modul til Kerberos-autentificering. Fejlen -kunne gøre det muligt for en angriber at udløse et programnedbrud eller -potentielt udføre vilkårlig kode ved at sende en særligt fremstillet -Kerberos-meddelelse.

- -

I den stabile distribution (sarge), er dette problem rettet i -version 4.996-5.0-rc6-1sarge1.

- -

I den ustabile distribution (sid) og den kommende stabile distribution -(etch), er dette problem rettet i version 5.3-1.

- -

Vi anbefaler at du opgraderer din libapache-mod-auth-kerb-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1247.data" -#use wml::debian::translation-check translation="59ba3d9e89efdf44d452a8c559248a5ea1609ff2" mindelta="1" diff --git a/danish/security/2007/dsa-1248.wml b/danish/security/2007/dsa-1248.wml deleted file mode 100644 index 87014662f06..00000000000 --- a/danish/security/2007/dsa-1248.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Roland Lezuo og Josselin Mouette har opdaget at HTTP-biblioteket libsoup -udførte utilstrækkelig fornuftighedskontrol når HTTP-headere blev fortolket, -hvilket kunne føre til lammelsesangreb (denial of service).

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.2.3-2sarge1.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 2.2.98-2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.2.98-2.

- -

Vi anbefaler at du opgraderer din libsoup-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1248.data" -#use wml::debian::translation-check translation="3a36f2865f66eed16fa4282fa51cd6d4564f1de4" mindelta="1" diff --git a/danish/security/2007/dsa-1249.wml b/danish/security/2007/dsa-1249.wml deleted file mode 100644 index 5417c8ac160..00000000000 --- a/danish/security/2007/dsa-1249.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i X Window System, hvilket kunne føre til -rettighedsforøgelse eller lammelsesangreb (denial of service). Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-6101 - -

    Sean Larsson opdagede et heltalsoverløb i Render-udvidelsen, hvilket - kunne føre til lammelsesangreb eller lokal rettighedsforøgelse.

    • - -
  • CVE-2006-6102 - -

    Sean Larsson opdagede et heltalsoverløb i DBE-udvidelsen, hvilket kunne - føre til lammelsesangreb eller lokal rettighedsforøgelse.

    • - -
  • CVE-2006-6103 - -

    Sean Larsson opdagede et heltalsoverløb i DBE-udvidelsen, hvilket kunne - føre til lammelsesangreb eller lokal rettighedsforøgelse.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i version -4.3.0.dfsg.1-14sarge3. Denne opdatering mangler opbygninger til arkitekturen -Motorola 680x0, hvormed der var opbygningsproblemer. Pakker vil blive frigivet -så snart problemet er løst.

- -

I den kommende stabile distribution (etch) er disse problemer rettet -i version 2:1.1.1-15 of xorg-server.

- -

I den ustabile distribution (sid) er disse problemer rettet -i version 2:1.1.1-15 of xorg-server.

- -

Vi anbefaler at du opgraderer dine XFree86-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1249.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1250.wml b/danish/security/2007/dsa-1250.wml deleted file mode 100644 index eebb3af07d7..00000000000 --- a/danish/security/2007/dsa-1250.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at cacti, en overbygning til rrdtool, udførte utilstrækkelig -kontrol af data leveret til skriptet cmd, hvilket gjorde -SQL-indsprøjtning mulig, samt udførelse af vilkårlige shell-kommandoer.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.8.6c-7sarge4.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 0.8.6i-3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.8.6i-3.

- -

Vi anbefaler at du opgraderer din cacti-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1250.data" -#use wml::debian::translation-check translation="d43252cb99f88c92fa3c9bad1079a75be6e99e25" mindelta="1" diff --git a/danish/security/2007/dsa-1251.wml b/danish/security/2007/dsa-1251.wml deleted file mode 100644 index f68fede614e..00000000000 --- a/danish/security/2007/dsa-1251.wml +++ /dev/null @@ -1,22 +0,0 @@ -utilstrækkelig indkapsling - -

Man har opdaget at netrik, en tekstbaseret webbrowser med vi-lignende -tastaturudlægning, ikke på korrekt vis fornuftighedskontrollerede midlertidige -filnavne, når tekstområder blev redigeret, hvilket kunne gøre det muligt for -angribere at udføre vilkårlige kommandoer gennem shell-metategn.

- -

I den stabile distribution (sarge), er dette problem rettet i version -1.15.4-1sarge1.

- -

I den kommende stabile distribution (etch) er dette problem rettet i -version 1.15.3-1.1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.15.3-1.1.

- -

Vi anbefaler at du opgraderer din netrik-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1251.data" -#use wml::debian::translation-check translation="814cd4331924b2591032efcf88b28ebdbcd0fa93" mindelta="1" diff --git a/danish/security/2007/dsa-1252.wml b/danish/security/2007/dsa-1252.wml deleted file mode 100644 index 17858d46d15..00000000000 --- a/danish/security/2007/dsa-1252.wml +++ /dev/null @@ -1,21 +0,0 @@ -formatstreng - -

Kevin Finisterre har opdaget flere formatstrengproblemer i vlc, et program -til afspilning af multimedier og streams, hvilket kunne føre til udførelse af -vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.8.1.svn20050314-1sarge2.

- -

I distributionen testing (etch) er dette problem rettet i -version 0.8.6-svn20061012.debian-3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.8.6.a.debian-1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1252.data" -#use wml::debian::translation-check translation="e39749301d0781c0a666024da5394ec17c19aa2c" mindelta="1" diff --git a/danish/security/2007/dsa-1253.wml b/danish/security/2007/dsa-1253.wml deleted file mode 100644 index 4612ceb225c..00000000000 --- a/danish/security/2007/dsa-1253.wml +++ /dev/null @@ -1,56 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla og afledte -produkter så som Mozilla Firefox. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2006-6497 - -

    Flere sårbarheder i layout-maskinen gjorde det muligt for fjernangribere - at forårsage lammelsesangreb (denial of service) og muligvis tillade dem at - udføre vilkårlig kode. [MFSA 2006-68]

    • - -
  • CVE-2006-6498 - -

    Flere sårbarheder i JavaScript-maskinen gjorde det muligt for - fjernangribere at forårsage lammelsesangreb og muligvis tillade dem at - udføre vilkårlig kode. [MFSA 2006-68]

    • - -
  • CVE-2006-6499 - -

    En fejl i funktionen js_dtoa gjorde det muligt for fjernangribere at - forårsage lammelsesangreb. [MFSA 2006-68]

    • - -
  • CVE-2006-6501 - -

    "shutdown" opdagede en sårbarhed der gjort det muligt for fjernangribere - at opnå rettigheder og installere ondsindet kode gennem - JavaScript-funktionen watch. [MFSA 2006-70]

    • - -
  • CVE-2006-6502 - -

    Steven Michaud har opdaget en programmeringsfejl der gjorde det - muligt for fjernangribere at forårsage lammelsesangreb. - [MFSA 2006-71]

    • - -
  • CVE-2006-6503 - -

    "moz_bug_r_a4" rapporterede at src-attributten på et IMG-element kunne - anvendes til at indsprøjte JavaScript-kode. [MFSA 2006-72]

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.4-2sarge15.

- -

I distributionerne testing (etch) og unstable (sid) er disse problemer -rettet i version 2.0.0.1+dfsg-2 af iceweasel.

- -

Vi anbefaler at du opgraderer dine firefox- og iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1253.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1254.wml b/danish/security/2007/dsa-1254.wml deleted file mode 100644 index 36119bb6af2..00000000000 --- a/danish/security/2007/dsa-1254.wml +++ /dev/null @@ -1,22 +0,0 @@ -utilstrækkelig kontrol af inddata - -

Man har opdaget at naveserverdæmonen Bind var sårbar over for lammelsesangreb -(denial of service) ved at udløse en assertion gennem en fremstillet -DNS-forespørgsel. Dette påvirker kun installation der anvender -DNSSEC-udvidelserne.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 9.2.4-1sarge2.

- -

I den kommende stabile distribution (etch) vil dette problem snart blive -rettet.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 9.3.4-1.

- -

Vi anbefaler at du opgraderer din bind9-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1254.data" -#use wml::debian::translation-check translation="f8736cd3f4bbb8e8bac500abb8837a084da4fb26" mindelta="1" diff --git a/danish/security/2007/dsa-1255.wml b/danish/security/2007/dsa-1255.wml deleted file mode 100644 index 400afb672b8..00000000000 --- a/danish/security/2007/dsa-1255.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Liu Qishuai har opdaget at GNOMEs gtop-bibliotek udførte utilstrækkelig -fornuftighedskontrol ved fortolkning af systemets /proc-tabel, hvilket kunne -føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.6.0-4sarge1.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 2.14.4-3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.14.4-3.

- -

Vi anbefaler at du opgraderer dine libgtop2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1255.data" -#use wml::debian::translation-check translation="3497c95d1d5c2c4b824a65a45a1e8b8919338eb3" mindelta="1" diff --git a/danish/security/2007/dsa-1256.wml b/danish/security/2007/dsa-1256.wml deleted file mode 100644 index 09f17b67035..00000000000 --- a/danish/security/2007/dsa-1256.wml +++ /dev/null @@ -1,23 +0,0 @@ -programmeringsfejl - -

Man har opdaget af billedindlæsningskoden i grafisk brugerflade-biblioteket -GTK+ udførte utilstrækkelig fejlhåndtering ved indlæsning af misdannede -billeder, hvilket kunne føre til lammelsesangreb (denial of service).

- -

I den stabile distribution (sarge) er dette problem rettet i -version 2.6.4-3.2. Pga. opbygningsproblemer mangler denne opdatering til -Motorola 680x0-arkitekturen. Pakkerne vil blive frigivet når problemet er -blevet løst.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 2.8.20-5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.8.20-5.

- -

Vi anbefaler at du opgraderer dine GTK-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1256.data" -#use wml::debian::translation-check translation="38acabf023ca8dec9e06b1919c9bcacdd96a416a" mindelta="1" diff --git a/danish/security/2007/dsa-1257.wml b/danish/security/2007/dsa-1257.wml deleted file mode 100644 index 29928171c01..00000000000 --- a/danish/security/2007/dsa-1257.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i samba, en fri implementering af -SMB-/CIFS-protokollen, hvilket kunne føre til udførelse af vilkårlig kode eller -til lammelsesangreb (denial of service). Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-0452 - -

    Man har opdaget at ukorrekt håndtering af udskudte filåbningskald kunne - føre til en uendelig løkke, hvilket medførte lammelsesangreb.

    • - -
  • CVE-2007-0454 - -

    "zybadawg333" har opdaget at AFS ACL mapping VFS-plugin'en udførte - usikker formatstrengshåndtering, hvilket kunne føre til udførelse af - vilkårlig kode.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 3.0.14a-3sarge4.

- -

I den kommende stabile distribution (etch) er disse problemer -rettet i version 3.0.23d-5.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 3.0.23d-5.

- -

Vi anbefaler at du opgraderer din samba-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1257.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1258.wml b/danish/security/2007/dsa-1258.wml deleted file mode 100644 index 395939b2047..00000000000 --- a/danish/security/2007/dsa-1258.wml +++ /dev/null @@ -1,56 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla og afledte -produkter så som Mozilla Firefox. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende sårbarheder:

- -
    - -
  • CVE-2006-6497 - -

    Flere sårbarheder i layout-maskinen gjorde det muligt for fjernangribere - at forårsage lammelsesangreb (denial of service) og muligvis tillade dem at - udføre vilkårlig kode. [MFSA 2006-68]

    • - -
  • CVE-2006-6498 - -

    Flere sårbarheder i JavaScript-maskinen gjorde det muligt for - fjernangribere at forårsage lammelsesangreb og muligvis tillade dem at - udføre vilkårlig kode. [MFSA 2006-68]

    • - -
  • CVE-2006-6499 - -

    En fejl i funktionen js_dtoa gjorde det muligt for fjernangribere at - forårsage lammelsesangreb. [MFSA 2006-68]

    • - -
  • CVE-2006-6501 - -

    "shutdown" opdagede en sårbarhed der gjort det muligt for fjernangribere - at opnå rettigheder og installere ondsindet kode gennem - JavaScript-funktionen watch. [MFSA 2006-70]

    • - -
  • CVE-2006-6502 - -

    Steven Michaud har opdaget en programmeringsfejl der gjorde det - muligt for fjernangribere at forårsage lammelsesangreb. - [MFSA 2006-71]

    • - -
  • CVE-2006-6503 - -

    "moz_bug_r_a4" rapporterede at src-attributten på et IMG-element kunne - anvendes til at indsprøjte JavaScript-kode. [MFSA 2006-72]

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.0.2-2.sarge1.0.8e.2.

- -

I distributionerne testing (etch) og unstable (sid) er disse -problemer rettet i version 1.5.0.9.dfsg1-1 af icedove.

- -

Vi anbefaler at du opgraderer dine Mozilla Thunderbird- og Icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1258.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1259.wml b/danish/security/2007/dsa-1259.wml deleted file mode 100644 index f699f21d62c..00000000000 --- a/danish/security/2007/dsa-1259.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Isaac Wilcox har opdaget at fetchmail, et populært program til hentning og -videresendelse af mail, på utilstrækkelig vis håndhævede kryptering af -forbindelse, hvilket kunne føre til informationslækage.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 6.2.5-12sarge5.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 6.3.6-1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 6.3.6-1.

- -

Vi anbefaler at du opgraderer din fetchmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1259.data" -#use wml::debian::translation-check translation="a7b9812e9ac869a3471afcd13b5e6c3f2b1c902b" mindelta="1" diff --git a/danish/security/2007/dsa-1260.wml b/danish/security/2007/dsa-1260.wml deleted file mode 100644 index 5bd5d6925e5..00000000000 --- a/danish/security/2007/dsa-1260.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

Vladimir Nadvornik har opdaget at rettelsen til sårbarheden i PALM-dekoderen -i Imagemagick, en samling af billedmanipuleringsprogrammer, var ineffektiv. For -at undgå forvirring er en ny CVE-ID blevet tildelt; det oprindelige problem var -registreret som \ -CVE-2006-5456.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 6:6.0.6.2-2.9.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 7:6.2.4.5.dfsg1-0.14.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 7:6.2.4.5.dfsg1-0.14.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1260.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1261.wml b/danish/security/2007/dsa-1261.wml deleted file mode 100644 index d1db5f142c4..00000000000 --- a/danish/security/2007/dsa-1261.wml +++ /dev/null @@ -1,21 +0,0 @@ -flere sårbarheder - -

Man har opdaget at PostgreSQL-databasen udførte utilstrækkelige typekontrol -i SQL-funktionsargumenter, hvilket kunne føre til lammelsesangreb (denial of -service) eller informationslækage.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 7.4.7-6sarge4.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 8.1.7-1 af pakken postgresql-8.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 8.1.7-1 af pakken postgresql-8.1.

- -

Vi anbefaler at du opgraderer dine PostgreSQL-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1261.data" -#use wml::debian::translation-check translation="e53300b8b6ff666dc66d39a42db18314971bfb28" mindelta="1" diff --git a/danish/security/2007/dsa-1262.wml b/danish/security/2007/dsa-1262.wml deleted file mode 100644 index b58f566b3d4..00000000000 --- a/danish/security/2007/dsa-1262.wml +++ /dev/null @@ -1,20 +0,0 @@ -formatstreng - -

Mu Security har opdaget at en formatstrengssårbarhed i VoIP-løsningen -GnomeMeeting gjorde det muligt at udføre vilkårlig kode.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.2.1-1sarge1.

- -

I den kommende stabile distribution (etch) er dette problem -rettet i version 2.0.3-2.1 af pakken ekiga.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.3-2.1 af pakken ekiga.

- -

Vi anbefaler at du opgraderer din gnomemeeting-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1262.data" -#use wml::debian::translation-check translation="57a0bfe978ad89e44c379bf2b042f401fd5fd8b2" mindelta="1" diff --git a/danish/security/2007/dsa-1263.wml b/danish/security/2007/dsa-1263.wml deleted file mode 100644 index 45c96b0b671..00000000000 --- a/danish/security/2007/dsa-1263.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i antivirusværktøjssættet Clam, -hvilket kunne føre til lammelsesangreb (denial of service). Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-0897 - -

    Man har opdaget at misdannede CAB-arkiver kunne udmatte - fildescriptorerne, hvilket muliggjorde lammelsesangreb.

    • - -
  • CVE-2007-0898 - -

    Man har opdaget at en mappegennemløbssårbarhed i MIME-headerfortolkeren - måske kunne føre til lammelsesangreb.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.84-2.sarge.15.

- -

I den kommende stabile distribution (etch) er disse problemer rettet -i version 0.88.7-2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.90-1.

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1263.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1264.wml b/danish/security/2007/dsa-1264.wml deleted file mode 100644 index 3dc18eebf90..00000000000 --- a/danish/security/2007/dsa-1264.wml +++ /dev/null @@ -1,54 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdageti PHP, et server-side skriptsprog -med indlejret HTML, hvilket kunne føre til udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-0906 - -

    Man har opdaget at et heltalsoverløb i funktionen str_replace() kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2007-0907 - -

    Man har opdaget at et bufferunderløb i funktionen sapi_header_op() kunne - få PHP-fortolkeren til at gå ned.

    • - -
  • CVE-2007-0908 - -

    Stefan Esser opdagede at en programmeringsfejl i wddx-udvidelsen - muliggjorde informationslækage.

    • - -
  • CVE-2007-0909 - -

    Man har opdaget at en formatstrengssårbarhed i funktionen - odbc_result_all() gjorde det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2007-0910 - -

    Man har opdaget et super-globale variable kunne blive overskrevet med - sessionsdata.

    • - -
  • CVE-2007-0988 - -

    Stefan Esser opdagede at funktionen zend_hash_init() kunne narres til at - gå i en uendelig løkke, hvilket muliggjorde lammelsesangreb (denial of - service) gennem ressourceforbrug indtil en timeout blev udløst.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 4:4.3.10-19.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 6:4.4.4-9 af php4 og version 5.2.0-9 af php5.

- -

Vi anbefaler at du opgraderer dine php4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1264.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1265.wml b/danish/security/2007/dsa-1265.wml deleted file mode 100644 index d64d41912c2..00000000000 --- a/danish/security/2007/dsa-1265.wml +++ /dev/null @@ -1,60 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i Mozilla og afledte -produkter. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende sårbarheder:

- -
    - -
  • CVE-2006-6497 - -

    Flere sårbarheder i layoutmaskinen tillod fjernangribere at forårsage et - lammelsesangreb (denial of service) og muligvis tillod sårbarhederne dem at - udføre vilkårlig kode. [MFSA 2006-68]

    • - -
  • CVE-2006-6498 - -

    Flere sårbarheder i JavaScript-maskinen tillod fjernangribere at - forårsage lammelsesangreb og muligvis tillod en sårbarhederne dem at udføre - vilkårlig kode. [MFSA 2006-68]

    • - -
  • CVE-2006-6499 - -

    En fejl i funktionen js_dtoa gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb. [MFSA 2006-68]

    • - -
  • CVE-2006-6501 - -

    shutdown opdagede en sårbarhed, der gjorde det muligt for - fjernangribere at opnå rettigheder og installere ondsindet kode gennem - en watch-JavaScript-funktion. [MFSA 2006-70]

    • - -
  • CVE-2006-6502 - -

    Steven Michaud opdagede en programmeringsfejl, der gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb. [MFSA 2006-71]

    • - -
  • CVE-2006-6503 - -

    moz_bug_r_a4 rapporterede at src-attributten til et IMG-element kunne - anvendes til at indsprøjte JavaScript-kode. [MFSA 2006-72]

    • - -
  • CVE-2006-6505 - -

    Georgi Guninski opdagede flere head-baserede bufferoverløb, der gjorde - det muligt for fjernangribere at udføre vilkårlig kode. [MFSA 2006-74]

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.7.8-1sarge10.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.0.7-1 of iceape.

- -

Vi anbefaler at du opgraderer dine Mozilla- og Iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1265.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1266.wml b/danish/security/2007/dsa-1266.wml deleted file mode 100644 index dafbf24e67c..00000000000 --- a/danish/security/2007/dsa-1266.wml +++ /dev/null @@ -1,24 +0,0 @@ -flere sårbarheder - -

Gerardo Richarte har opdaget at GnuPG, en fri erstatning for PGP, gav -utilstrækkelige oplysninger til brugeren hvis en OpenPGP-meddelelse indeholdt -både en signeret og en usigneret del. Indsættelse af tekstsegmenter i en ellers -signeret medddelelse kunne udnyttes til at forfalske indholdet af signerede -meddelelser. Denne opdatering forhindrer sådanne angreb; den gamle virkemåde -kan stadig aktiveres vha. valgmuligheden --allow-multiple-messages.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.4.1-1.sarge7.

- -

I den kommeunde stabile distribution (etch) er disse problemer -rettet i version 1.4.6-2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.4.6-2.

- -

Vi anbefaler at du opgraderer dine gnupg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1266.data" -#use wml::debian::translation-check translation="15b66a4f18e990acd5417b5fa88a127644b0e6f3" mindelta="1" diff --git a/danish/security/2007/dsa-1267.wml b/danish/security/2007/dsa-1267.wml deleted file mode 100644 index dfd57d48dd9..00000000000 --- a/danish/security/2007/dsa-1267.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at WebCalendar, et PHP-baseret kalenderprogram, på -utilstrækkelig vis beskyttede en intern variabel, hvilket muliggjorde -fjerninkludering af filer.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 0.9.45-4sarge6.

- -

Den kommende stabile distribution (etch) indeholder ikke længere -webcalendar-pakker.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din webcalendar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1267.data" -#use wml::debian::translation-check translation="d4b22e8f70fe645b2eb0cbadfbac72fcf9f9852c" mindelta="1" diff --git a/danish/security/2007/dsa-1268.wml b/danish/security/2007/dsa-1268.wml deleted file mode 100644 index 85ecdb03500..00000000000 --- a/danish/security/2007/dsa-1268.wml +++ /dev/null @@ -1,22 +0,0 @@ -heltalsoverløb - -

iDefense har rapporteret om flere heltalsoverløbsfejl i libwpd, et bibliotek -til håndtering af Word Perfect-dokumenter. Angribere kunne udnytte disse fejl -med omhyggeligt fremstillede Word Perfect-filer, der kunne forårsage at et -program linket med libwpd kunne gå ned eller muligvis udføre vilkårlig kode.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 0.8.1-1sarge1.

- -

I distributionen testing (etch) er disse problemer rettet i -version 0.8.7-6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.8.7-6.

- -

Vi anbefaler at du opgraderer din libwpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1268.data" -#use wml::debian::translation-check translation="8faacf523addd3b3edc457f6850f3cd274f4c519" mindelta="1" diff --git a/danish/security/2007/dsa-1269.wml b/danish/security/2007/dsa-1269.wml deleted file mode 100644 index 6cac748ce0b..00000000000 --- a/danish/security/2007/dsa-1269.wml +++ /dev/null @@ -1,23 +0,0 @@ -usikker midlertidig fil - -

Tatsuya Kinoshita opdagede at Lookup, en søgegrænseflade til elektroniske -ordbøger på emacsen, oprettede en midlertidig fil på en usikker måde, når -ndeb-binary-funktionaliteten blev anvendt, hvilket gjorde det muligt for en -lokal angriber at iværksætte et symlink-angreb til overskrivelse af vilkårlige -filer.

- -

I den stabile distribution (sarge) er dette problem rettet i -version 1.4-3sarge1.

- -

I distributionen testing (etch) er dette problem rettet i -version 1.4-5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.4-5.

- -

Vi anbefaler at du opgraderer din lookup-el-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1269.data" -#use wml::debian::translation-check translation="02ed1f930242bec16d4b8ee4ffb30f7af4c9ab47" mindelta="1" diff --git a/danish/security/2007/dsa-1270.wml b/danish/security/2007/dsa-1270.wml deleted file mode 100644 index b773a00fdd6..00000000000 --- a/danish/security/2007/dsa-1270.wml +++ /dev/null @@ -1,50 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i OpenOffice.org, den frie -kontorpakke. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2007-0002 - -

    iDefense rapporterede om flere heltalsoverløbsfejl i libwpd, et bibliotek - til håndtering af WordPerfect-dokumenter, som er indeholdt i OpenOffice.org. - Angribere kunne udnytte disse fejl ved hjælp af omhyggeligt fremstillede - WordPerfect-filer, som kunne få et program linket med libwpd til at gå ned - eller måske udføre vilkårlig kode.

    • - -
  • CVE-2007-0238 - -

    Next Generation Security opdagede at StarCalc-fortolkeren i - OpenOffice.org indeholdt et let udnytbart stakoverløb, der kunne anvendes - ved hjælp af et særligt fremstillet dokument til at udføre vilkårlig - kode.

    • - -
  • CVE-2007-0239 - -

    Der er rapporteret om at OpenOffice.org ikke indkapsler shell-meta-tegn, - og dermed er sårbar over for udførelse af vilkårlige shell-kommandoer ved - hjælp af særligt fremstillede dokumenter, efter brugeren har klikket på et - forberedt link.

    • - -
- -

Med dette opdaterede bulletin leveres der kun pakker til den kommende -udgivelse af etch, alias Debian GNU/Linux 4.0.

- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.1.3-9sarge6.

- -

I distributionen testing (etch) er disse problemer rettet i -version 2.0.4.dfsg.2-5etch1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.0.4.dfsg.2-6.

- -

Vi anbefaler at du opgraderer dine OpenOffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1270.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1271.wml b/danish/security/2007/dsa-1271.wml deleted file mode 100644 index ce59cd194e5..00000000000 --- a/danish/security/2007/dsa-1271.wml +++ /dev/null @@ -1,43 +0,0 @@ -designfejl - -

En designfejl er fundet i OpenAFS, et distribueret filsystem der virker på -tværs af platforme, og som er indeholdt i Debian.

- -

OpenAFS har af historiske grunde aktiveret setuid-filesystemsunderstøttelse -i den lokale celle. Men med dens eksisterende protokol, kan OpenAFS kun -anvende kryptering, og derfor integritetsbeskyttelse, hvis brugeren er -autentificeret. Uautentificeret adgang medfører ikke integritetsbeskyttelse. -Det praktiske resultat heraf er, at det var muligt for en angriber med viden -om AFS at fremstille et AFS FetchStatus-kald og lade en binær fil vise sig for -en AFS-klient som værende setuid. Hvis angriberen dernæst kunne sørge for at -filen blev kørt, ville vedkommende kunne opnå rettighedsforøgelse.

- -

OpenAFS 1.3.81-3sarge2 ændrer standardvirkemåden til at deaktivere -setuid-filer globalt, deriblandt den lokale celle. Det er vigtigt at bemærke, -at denne ændring vil træde i kraft før AFS-kernemodulet, bygget fra pakken -openafs-modules-source, er blevet genopbygget og indlæst i din kerne. Som en -midlertidig løsning, indtil kernemodulet kan genindlæses, kan -setuid-understøttelse manuelt slås fra i den lokale celle ved at køre følgende -kommando som root

- -

fs setcell -cell <localcell> -nosuid

- -

Efter anvendelse af denne opdatering, hvis du er sikker på at der ikke er en -sikkerhedsrisiko ved at en angriber forfalske AFS-filserversvar, kan den -genaktivere setuid-status selektivt med følgende kommando, men det bør ikke gøre -på maskiner der er synlige på internettet

- -

fs setcell -cell <localcell> -suid

- -

I den stabile distribution (sarge), er dette problem rettet i -version 1.3.81-3sarge2.

- -

I den ustabile distribution (sid) og den kommende stabile distribution -(etch), vil dette problem blive rettet i version 1.4.2-6.

- -

Vi anbefaler at du opgraderer din openafs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1271.data" -#use wml::debian::translation-check translation="53450dc80643a3148ab930ae247d630ce7047b9e" mindelta="1" diff --git a/danish/security/2007/dsa-1272.wml b/danish/security/2007/dsa-1272.wml deleted file mode 100644 index b2d6ad4520d..00000000000 --- a/danish/security/2007/dsa-1272.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Moritz Jodeit opdagede et forskudt med én-bufferoverløb i tcpdump, et -ydedygtigt værktøj til netværksovervågning og datafangst, hvilket muliggjorde -lammelsesangreb (denial of service).

- -

I den stabile distribution (sarge) er dette problem rettet i -version 3.8.3-5sarge2.

- -

I den kommeunde stabile distribution (etch) er dette problem rettet -i version 3.9.5-2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.9.5-2.

- -

Vi anbefaler at du opgraderer din tcpdump-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1272.data" -#use wml::debian::translation-check translation="6d23ee28b444e62652ecb0d1ce980ba0a78e616a" mindelta="1" diff --git a/danish/security/2007/dsa-1273.wml b/danish/security/2007/dsa-1273.wml deleted file mode 100644 index a0e53cf1156..00000000000 --- a/danish/security/2007/dsa-1273.wml +++ /dev/null @@ -1,53 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i nas, Network Audio System.

- -
    - -
  • CVE-2007-1543 - -

    Et stakbaseret bufferoverløb i funktionen accept_att_local i -server/os/connection.c i nas gjorde det muligt for fjernangribere at udføre -vilkårlig kode gennem et langt sti-slavenavn i en -USL-socketforbindelse.

    • - -
  • CVE-2007-1544 - -

    Et heltalsoverløb i funktionen ProcAuWriteElement i server/dia/audispatch.c -gjorde det muligt for fjernangribere at forårsage et lammelsesangreb (denial of -service, nedbrud) samt muligvis udførelse af vilkårlig kode gennem en lang -max_samples-værdi.

    • - -
  • CVE-2007-1545 - -

    Funktionen AddResource i server/dia/resource.c gjorde det muligt for -fjernangribere at forårsage et lammelsesangreb (server-nedbrud) gennem en -ikke-eksisterende klient-id.

    • - -
  • CVE-2007-1546 - -

    Arrayindeksfejl gjorde det muligt for fjernangribere at forårsage et -lammelsesangreb (nedbrud) gennem (1) store num_action-værdier i funktionen -ProcAuSetElements i server/dia/audispatch.c eller (2) et stort -inputNum-parameter til funktionen compileInputs i server/dia/auutil.c.

    • - -
  • CVE-2007-1547 - -

    Funktionen ReadRequestFromClient i server/os/io.c gjorde det muligt for -fjernangribere at forårsage lammelsesangreb (nedbrud) gennem mange samtidige -forbindelser, hvilket udløste en NULL-pointerdereference.

    • - -
- -

I den stabile distribution (sarge), er disse problemer rettet i -version 1.7-2sarge1.

- -

I den kommende stabile distribution (etch) og i den ustabile -distribution (sid) er disse problemer rettet i version 1.8-4.

- -

Vi anbefaler at du opgraderer din nas-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1273.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1274.wml b/danish/security/2007/dsa-1274.wml deleted file mode 100644 index d9f7ff8b9c5..00000000000 --- a/danish/security/2007/dsa-1274.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

En heltalsunderløbsfejl er fundet i funktionen file_printf i file, et værktøj -til afgørelse af filtyper på baggrund af analyser af filernes indhold. Fejlen -kunne udnyttes af en angriber til at udføre vilkårlig kode, ved at få en lokal -bruger til at undersøge en særligt fremstillet fil, der udløser -bufferoverløbet.

- -

I den stabile distribution (sarge), er dette problem rettet i -version 4.12-1sarge1.

- -

I den kommende stabile distribution (etch), er dette problem rettet i -version 4.17-5etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -4.20-1.

- -

Vi anbefaler at du opgraderer din file-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1274.data" -#use wml::debian::translation-check translation="c06875751a6d1a75e8091748a3cb64fd3671ce0b" mindelta="1" diff --git a/danish/security/2007/dsa-1275.wml b/danish/security/2007/dsa-1275.wml deleted file mode 100644 index 9c6fcb64ce0..00000000000 --- a/danish/security/2007/dsa-1275.wml +++ /dev/null @@ -1,23 +0,0 @@ -udførelse af skripter på tværs af websteder - -

En sårbarhed i forbindelse med udførelse af skripter på tværs af websteder er -fundet i zope, en webapplikationsserver, hvilket kunne gøre det muligt for en -angriber at indsprøjte vilkårlig HTML og/eller JavaScript i offerets webbrowser. -Koden kunne blive afvilket inde i browserens sikkerhedskontekt, hvilket -potentielt kunne gøre det muligt for angriberen at tilgå private oplysninger så -som autentificeringscookies, eller til at påvirke zope-websiders fortolkning -eller virkemåde.

- -

I den stabile distribution (sarge), er dette problem rettet i -version 2.7.5-2sarge4.

- -

I den kommende stabile distribution (etch) og i den ustabile distribution -(sid) er zope2.9 indeholdt, og denne sårbarhed er rettet i version 2.9.6-4etch1 -i etch og 2.9.7-1 i sid.

- -

Vi anbefaler at du opgraderer din zope2.7-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1275.data" -#use wml::debian::translation-check translation="d31401e9a07e1cd27919020e1573d131007ae4e8" mindelta="1" diff --git a/danish/security/2007/dsa-1276.wml b/danish/security/2007/dsa-1276.wml deleted file mode 100644 index a46b7dcefef..00000000000 --- a/danish/security/2007/dsa-1276.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i MIT's referenceimplementering -af netværksautentificeringsprotokolsuiten Kerberos, hvilket kunne føre til -udførelse af vilkårlig kode. Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-0956 - -

    Man har opdaget at krb5-telnetdæmonen udførte utilstrækkelig validering - af brugernavne, hvilket kunne muliggøre uautoriseret login eller - rettighedsforøgelse.

    • - -
  • CVE-2007-0957 - -

    iDefense har opdaget at et bufferoverløb i logningskoden i KDC og - administreringsdæmonen kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2007-1216 - -

    Man har opdaget at en dobbelt frigivelse i RPCSEC_GSS-delen af - GSS-biblioteket kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (sarge) er disse problemer rettet i -version 1.3.6-2sarge4.

- -

I den kommende stabile distribution (etch) er disse problemer rettet -i version 1.4.4-7etch1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine Kerberos-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1276.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1277.wml b/danish/security/2007/dsa-1277.wml deleted file mode 100644 index 48ebe40d9dd..00000000000 --- a/danish/security/2007/dsa-1277.wml +++ /dev/null @@ -1,20 +0,0 @@ -flere sårbarheder - -

Flere fejl er fundet i skin-håndteringsrutinerne i xmms, X Multimedia System. -Disse sårbarheder kunne gøre det muligt for en angriber at køre vilkårlig kode -som brugeren, der kørte xmms, ved at få offeret til at indlæse særligt -fremstillede brugerfalde-skin-filer.

- -

I den stabile distribution (sarge), er disse problemer rettet i -version 1.2.10+cvs20050209-2sarge1.

- -

I den kommende stabile distrubution (etch) og i den ustabile distribution -(sid), er disse problemer rettet i versionerne 1:1.2.10+20061101-1etch1 -henholdsvis 1:1.2.10+20070401-1.

- -

Vi anbefaler at du opgraderer dine xmms-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1277.data" -#use wml::debian::translation-check translation="d9fdc7911d30dec8a421580b7df64ba3c920f6a1" mindelta="1" diff --git a/danish/security/2007/dsa-1278.wml b/danish/security/2007/dsa-1278.wml deleted file mode 100644 index e94a38bbf08..00000000000 --- a/danish/security/2007/dsa-1278.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i man-kommandoen, der kunne gøre det muligt for -en angriber at udføre kode som brugeren 'man' ved at lave særligt fremstillede -parametre til flaget -H. Det er sandsynligvis kun et problem på maskiner, hvor -man- og mandb-programmerne er installeret setuid.

- -

I den stabile distribution (sarge), er dette problem rettet i -version 2.4.2-21sarge1.

- -

I den kommende stabile distribution (etch) og i den ustabile distribution -(sid), er dette problem rettet i version 2.4.3-5.

- -

Vi anbefaler at du opgraderer din man-db-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1278.data" -#use wml::debian::translation-check translation="d9fdc7911d30dec8a421580b7df64ba3c920f6a1" mindelta="1" diff --git a/danish/security/2007/dsa-1279.wml b/danish/security/2007/dsa-1279.wml deleted file mode 100644 index e97d2b52b19..00000000000 --- a/danish/security/2007/dsa-1279.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at WebCalendar, et PHP-baseret kalenderprogram, udførte -utilstrækkelig fornuftighedskontrol i eksporthåndteringen, hvilket gjode det -muligt at indsprøjte webskripter.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 0.9.45-4sarge7.

- -

Den stabile distribution (etch) indeholder ikke længere WebCalendar-pakker.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.5-2.

- -

Vi anbefaler at du opgraderer din webcalendar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1279.data" -#use wml::debian::translation-check translation="216a177d85f09caaea120c7c963d562c42c65852" mindelta="1" diff --git a/danish/security/2007/dsa-1280.wml b/danish/security/2007/dsa-1280.wml deleted file mode 100644 index 40f4deafaeb..00000000000 --- a/danish/security/2007/dsa-1280.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Man har opdaget at aircrack-ng, et WEP/WPA-sikkerhedsanalyseringsværktøj, -udførte utilstrækkelig kontrol af 802.11-autentificeringspakker, hvilket gjorde -det muligt at udføre vilkårlig kode.

- -

Den gamle stabile distribution (sarge) indeholder ikke aircrack-ng-pakker.

- -

I den stabile distribution (etch) er dette problem rettet i -version 0.6.2-7etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.7-3.

- -

Vi anbefaler at du opgraderer dine aircrack-ng-pakker. Pakker til arkitekturene -arm, sparc og mips, mipsel er ikke klar endnu. De stilles til rådighed senere.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1280.data" -#use wml::debian::translation-check translation="418ae46f98a452980ca87a9c09f8e7a9a4d576e6" mindelta="1" diff --git a/danish/security/2007/dsa-1281.wml b/danish/security/2007/dsa-1281.wml deleted file mode 100644 index 9ffddc155a8..00000000000 --- a/danish/security/2007/dsa-1281.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Clam anti-virus toolkit. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-1745 - -

    Man har opdaget at en fildescriptor-lækage i CHM-håndteringen kunne føre - til lammelsesangreb (denial of service).

    • - -
  • CVE-2007-1997 - -

    Man har opdaget at et bufferoverløb i CAB-håndteringen kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2007-2029 - -

    Man har opdaget at en fildescriptor-lækage i PDF-håndteringen kunne føre - til lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 0.84-2.sarge.16.

- -

I den stabile distribution (etch) er disse problemer rettet i -version 0.90.1-3etch1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.90.2-1.

- -

Vi anbefaler at du opgraderer dine clamav-pakker. Pakker til arkitekturene -arm, sparc, m68k og mips, mipsel er endnu ikke tilgængelige. De vil senere blive -stillet til rådighed.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1281.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1282.wml b/danish/security/2007/dsa-1282.wml deleted file mode 100644 index afb8b250ae1..00000000000 --- a/danish/security/2007/dsa-1282.wml +++ /dev/null @@ -1,56 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare særbarheder er opdaget i PHP, et server-side skriptsprog -med indlejring af HTML, hvilket kunne føre til udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    -
  • CVE-2007-1286 -

    Stefan Esser opdagede et overløb i objektreferencehåndteringskoden i - funktionen unserialize(), hvilket gjorde det muligt at udføre vilkårlig - kode hvis misdannet inddata blev overført fra et program.

    • - -
  • CVE-2007-1380 -

    Stefan Esser opdagede at sessionshåndteren udførte utilstrækkelig kontrol - af variabelnavnes længdeværdier, hvilket muliggjorde informationsafsløring - gennem en heap-informationslækage.

    • - -
  • CVE-2007-1521 -

    Stefan Esser opdagede en dobbelt frigivelses-sårbarhed i funktionen - session_regenerate_id(), hvilket muliggjorde udførelse af vilkårlig - kode.

    • - -
  • CVE-2007-1711 -

    Stefan Esser opdagede en dobbelt frigivelses-sårbarhed i - sessionshåndteringskoden, hvilket muliggjorde udførelse af vilkårlig kode.

    • - -
  • CVE-2007-1718 -

    Stefan Esser opdagede at funktionen mail() udførte utilstrækkelig kontrol af - foldede mailheadere, hvilket muliggjorde mailheader-indsprøjtning.

    • - -
  • CVE-2007-1777 -

    Stefan Esser opdagede at udvidelsen til håndtering af ZIP-arkiv udførte - utilstrækkelig længdekontroller, hvilket muliggjorde udførelse af vilkårlig - kode.

    • -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 4.3.10-20.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 4.4.4-8+etch2.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.4.6-1. php4 vil blive fjernet fra sid; dermed opfordres du kraftigt -til at migrere til php5, hvis du foretrækker at anvende den ustabile -distribution.

- -

Vi anbefaler at du opgraderer dine PHP-pakker. Pakker til arkitekturerne -arm, m68k, mips og mipsel er endnu ikke tilgængelige. De vil senere blive -stillet til rådighed.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1282.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1283.wml b/danish/security/2007/dsa-1283.wml deleted file mode 100644 index 4c08917d090..00000000000 --- a/danish/security/2007/dsa-1283.wml +++ /dev/null @@ -1,96 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i PHP, et server-side skriptsprog -med indlejring af HTML, hvilket kunne føre til udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    -
  • CVE-2007-1286 -

    Stefan Esser opdagede et overløb i objektreferencehåndteringskoden i - funktionen unserialize(), hvilket gjorde det muligt at udføre vilkårlig - kode hvis misdannet inddata blev overført fra et program.

    • - -
  • CVE-2007-1375 -

    Stefan Esser opdagede at et heltalsoverløb i funktionen substr_compare() - muliggjorde informationsafsløring af heap-hukommelse.

    • - -
  • CVE-2007-1376 -

    Stefan Esser opdagede at utilstrækkelig kontrol af funktionerne til delt - hukommelse muliggjorde afsløring af heap-hukommelse.

    • - -
  • CVE-2007-1380 -

    Stefan Esser opdagede at sessionshåndteren udførte utilstrækkelig kontrol - af variabelnavnes længdeværdier, hvilket muliggjorde informationsafsløring - gennem en heap-informationslækage.

    • - -
  • CVE-2007-1453 -

    Stefan Esser opdagede at filtreringsframeworket udførte utilstrækkelig - kontrol af inddata, hvilket muliggjorde udførelse af vilkårlig kode gennem - et bufferunderløb.

    • - -
  • CVE-2007-1454 -

    Stefan Esser opdagede at filtreringsframeworket kunne omgås ved hjælp af - særlige whitespace-tegn.

    • - -
  • CVE-2007-1521 -

    Stefan Esser opdagede en dobbelt frigivelses-sårbarhed i funktionen - session_regenerate_id(), hvilket muliggjorde udførelse af vilkårlig - kode.

    • - -
  • CVE-2007-1583 -

    Stefan Esser opdagede at en programmeringsfejl i funktionen mb_parse_str() - muliggjorde aktivering af register_globals.

    • - -
  • CVE-2007-1700 -

    Stefan Esser opdagede at sessionsudvidelsen på ukorrekt vis vedligeholdt - referencetælleren af sessionsvariable, hvilket muliggjorde udførelse af - vilkårlig kode.

    • - -
  • CVE-2007-1711 -

    Stefan Esser opdagede en dobbelt frigivelses-sårbarhed i - sessionshåndteringskoden, hvilket muliggjorde udførelse af vilkårlig kode.

    • - -
  • CVE-2007-1718 -

    Stefan Esser opdagede at funktionen mail() udførte utilstrækkelig kontrol af - foldede mailheadere, hvilket muliggjorde mailheader-indsprøjtning.

    • - -
  • CVE-2007-1777 -

    Stefan Esser opdagede at udvidelsen til håndtering af ZIP-arkiv udførte - utilstrækkelig længdekontroller, hvilket muliggjorde udførelse af vilkårlig - kode.

    • - -
  • CVE-2007-1824 -

    Stefan Esser opdagede en forskudt med én-fejl i filtreringsframeworket, - hvilket muliggjorde udførelse af vilkårlig kode.

    • - -
  • CVE-2007-1887 -

    Stefan Esser opdagede at et bufferoverløb i sqlite-udvidelsen muliggjorde - udførelse af vilkårlig kode.

    • - -
  • CVE-2007-1889 -

    Stefan Esser opdagede at PHP-hukommelseshåndtereren udførte en ukorrekt - typecast, hvilket muliggjorde udførelse af vilkårlig kode gennem - bufferoverløb.

    • - -
  • CVE-2007-1900 -

    Stefan Esser opdagede at ukorrekt validering i e-mail-filter-udvidelsen - muliggjorde indsprøjtning af mailheadere.

    • -
- -

Den gamle stabile distribution (sarge) indeholder ikke php5.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 5.2.0-8+etch3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 5.2.0-11.

- -

Vi anbefaler at du opgraderer dine PHP-pakker. Pakker til arkitekturerne arm, -hppa, mips og mipsel er endnu ikke tilgængelige. De vil senere blive stillet til -rådighed.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1283.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1284.wml b/danish/security/2007/dsa-1284.wml deleted file mode 100644 index 633cb968cb8..00000000000 --- a/danish/security/2007/dsa-1284.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i processoremulatoren QEMU, hvilket kunne føre -til udførelse af vilkårlig kode eller lammelsesangreb (denial of service). -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-1320 -

    Tavis Ormandy opdagede at en hukommelseshåndteringsrutine i - Cirrus-videodriveren udførte utilstrækklig grænsekontrol, hvilket kunne - gøre det muligt at udføre vilkårlig kode gennem et heapoverløb.

    • - -
  • CVE-2007-1321 -

    Tavis Ormandy opdagede at NE2000-netværksdriveren og socketkoden udførte - utilstrækkelig kontrol af inddata, hvilket kunne gøre det muligt at - udføre vilkårlig kode gennem et heapoverløb.

    • - -
  • CVE-2007-1322 -

    Tavis Ormandy opdagede at icebp-instruktionen kunne misbruges til - at afslutte emuleringen, medførende et lammelsesangreb.

    • - -
  • CVE-2007-1323 -

    Tavis Ormandy opdagede at NE2000-netværksdriveren og socketkoden udførte - utilstrækkelig kontrol af inddata, hvilket kunne gøre det muligt at - udføre vilkårlig kode gennem et heapoverløb.

    • - -
  • CVE-2007-1366 -

    Tavis Ormandy opdagede at aam-instruktionen kunne misbruges til - at få QEMU til at gå ned gennem en division med nul, medførende et - lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 0.6.1+20050407-1sarge1.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 0.8.2-4etch1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1284.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1285.wml b/danish/security/2007/dsa-1285.wml deleted file mode 100644 index f7f2f8aba31..00000000000 --- a/danish/security/2007/dsa-1285.wml +++ /dev/null @@ -1,46 +0,0 @@ -flere sårbarheder - -
    - -
  • CVE-2007-1622 -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (cross-site scripting, XSS) i wp-admin/vars.php i - WordPress-versioner før 2.0.10 RC2, og før 2.1.3 RC2 i 2.1-serien, gjorde - det mulig for fjernautentificerede brugere med temarettigheder, at - indsprøjte vilkårlige webskripter eller HTML gennem PATH_INFO i - administrationsfladen, knyttet til slap behandling behandling af regulære - udtryk fra PHP_SELF.

    • - -
  • CVE-2007-1893 -

    WordPress 2.1.2, og sandsynligvis tidligere versioner, gjorde det muligt - for fjernautentificerede brugere med contributer-rolle, at omgå tilsigtede - adgangsbegrænsninger og aktivere publish_posts-funktionaliteten, hvilket - kunne anvendes til at udgive et tidligere gemt indlæg.

    • - -
  • CVE-2007-1894 -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (XSS) i wp-includes/general-template.php i WordPress-versioner før - 20070309, gjorde det muligt for fjernangribere at indsprøjte vilkårlige - webskripter eller HTML gennem year-parameteret i funktionen wp_title.

    • - -
  • CVE-2007-1897 -

    En SQL-indspøjtningssårbarhed i xmlrpc.php i WordPress 2.1.2, og - sandsynligvis tidligere versioner, gjorde det muligt for - fjernautentificerede brugere at udføre vilkårlige SQL-kommandoer gennem en - strengparameterværdi i et XML RPC-mt.setPostCategories-metodekald, i - forbindelse med variablen post_id.

    • - -
- -

I den stabile distribution (etch) er disse problemer rettet i -version 2.0.10-1.

- -

I distributionerne testing og unstable (henholdsvis lenny og sid) er -disse problemer rettet i version 2.1.3-1.

- -

Vi anbefaler at du opgraderer din wordpress-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1285.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1286.wml b/danish/security/2007/dsa-1286.wml deleted file mode 100644 index 41fd3eebe6f..00000000000 --- a/danish/security/2007/dsa-1286.wml +++ /dev/null @@ -1,62 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjerndnytbare sårbarheder er opdaget i Linux-kernen, hvilket -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2007-0005 - -

    Daniel Roethlisberger opdagede to bufferoverløb i cm4040-driveren til - Omnikey CardMan 4040-enheden. En lokal bruger eller en ondsindet enhed - kunne udnytte dette til at udføre vilkårlig kode i kerne-rummet.

    • - -
  • CVE-2007-0958 - -

    Santosh Eraniose rapporterede om en sårbarhed, der gjorde det muligt for - lokale brugere at læse ellers ulæselige filer ved at udløse et coredump - ved at anvende PT_INTERP. Dette er relateret til - \ - CVE-2004-1073.

    • - -
  • CVE-2007-1357 - -

    Jean Delvare rapporterede om en sårbarhed i appletalk-undersystemet. - Systemer hvor appletalk-modulet er indlæst, kunne anvendes til at gå ned - ved hjælp af andre systemer på det lokale netværk gennem en misdannet - frame.

    • - -
  • CVE-2007-1592 - -

    Masayuki Nakagawa opdagede at flow-labels utilsigtet blev delt mellem - lyttende sockets og barne-sockets. Denne defekt kunne udnyttes af lokale - brugere til at forårsage et lammelsesangreb (denial of service, - Oops).

    • - -
- -

Dette problem er rettet i den stabile distribution i version -2.6.18.dfsg.1-12etch1.

- -

Følgende matriks opremser yderligere pakker, der blev genopbygget -af kompatibilitetshensyn med denne opdatering:

- -
- - - -
Debian 4.0 (etch)
fai-kerner 1.17etch1
user-mode-linux 2.6.18-1um-2etch1
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- -

Opdaterede pakker til arkitekturerne mips og mipsel er endnu ikke -tilgængelige. De vil senere blive stillet til rådighed.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1286.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1287.wml b/danish/security/2007/dsa-1287.wml deleted file mode 100644 index a1c07863064..00000000000 --- a/danish/security/2007/dsa-1287.wml +++ /dev/null @@ -1,31 +0,0 @@ -flere sårbarheder - -

To sårbarheder er opdaget i den version af ldap-account-manager som -distribueres med Debian 3.1 (sarge).

- -
    - -
  • CVE-2006-7191 -

    En sårbarhed i forbindelse med en usikker PATH kunne gøre det muligt for - lokale angribere at udføre vilkårlig kode med forøgede rettigheder, ved at - levere en ondsindet udførebar rm-fil og angivelse af en PATH-miljøvariabel - pegende på denne udførbare fil.

    • - -
  • CVE-2007-1840 -

    Ukorrekt indkapsling af HTML-indhold kunne gøre det muligt for en - angriber at udføre skripter på tværs af websteder-angreb (XSS, cross-site - scripting) og udføre vilkårlig kode i offerets browser i det påvirkede - websteds sikkerhedskontekst.

    • - -
- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 0.4.9-2sarge1. Nyere versioner af Debian (etch, lenny og sid) er ikke -påvirkede.

- -

Vi anbefaler at du opgraderer din ldap-account-manager-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1287.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1288.wml b/danish/security/2007/dsa-1288.wml deleted file mode 100644 index ee58a800322..00000000000 --- a/danish/security/2007/dsa-1288.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Man har opdaget at PoPToP Point to Point Tunneling Server indeholdt en -programmeringsfejl, der gjorde det muligt at rive en PPTP-forbindelse ned -gennem en misdannet GRE-pakke, medførende et lammelsesangreb (denial of -service).

- -

Den gamle stabile distribution (sarge) er ikke påvirket af dette problem.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.3.0-2etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.3.4-1.

- -

Vi anbefaler at du opgraderer dine pptpd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1288.data" -#use wml::debian::translation-check translation="603620b3adc93b20da99ed7f3e946fb92923cf6a" mindelta="1" diff --git a/danish/security/2007/dsa-1289.wml b/danish/security/2007/dsa-1289.wml deleted file mode 100644 index 1f6728da8a9..00000000000 --- a/danish/security/2007/dsa-1289.wml +++ /dev/null @@ -1,53 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen, hvilket -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2007-1496 - -

    Michal Miroslaw rapporterede om et lammelsesangrebssårbarhed (DoS, - nedbrud) i netfilter. En fjernangriger kunne forårsage en NULL-pointer - dereference i funktionen nfnetlink_log.

    • - -
  • CVE-2007-1497 - -

    Patrick McHardy rapportede om en sårbarhed i netfilter, hvilket kunne - gøre det muligt for angribere at omgå visse firewall-regler. - nfctinfo-værdien af gensamlede IPv6-pakkefragmenter var initialiseret - ukorrekt til 0, hvilket gjorde det muligt for disse pakker at blive sporet - som ESTABLISHED.

    • - -
  • CVE-2007-1861 - -

    Jaco Kroon rapportede en fejl i hvilken NETLINK_FIB_LOOKUP-pakker - ukorrekt blev sendt tilbage til kernen, medførende en uendelig - løkke-tilstand. Lokale brugere kunne udnytte denne virkemåde til at - forårsage et lammelsesangreb (nedbrud).

    • - -
- -

Disse problemer er rettet i den stabile distribution i version -2.6.18.dfsg.1-12etch2.

- -

Følgende matriks opremser yderligere pakker, der blev genopbygget -af kompatibilitetshensyn med denne opdatering:

- -
- - - - -
Debian 4.0 (etch)
fai-kerner 1.17+etch2
user-mode-linux 2.6.18-1um-2etch2
kernel-patch-openvz028.18.1etch1
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1289.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1290.wml b/danish/security/2007/dsa-1290.wml deleted file mode 100644 index 50e8d10e1af..00000000000 --- a/danish/security/2007/dsa-1290.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at webmailpakken Squirrelmail udførte utilstrækkelig kontrol -inde i HTML-filteret, hvilket gjorde det muligt at indsprøjte vilkårlig -webskriptkode under visning af e-mail-beskeder indeholdende HTML.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 2:1.4.4-11.

- -

I den stabile distribution (etch) er dette problem rettet i -version 2:1.4.9a-2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2:1.4.10a-1.

- -

Vi anbefaler at du opgraderer din squirrelmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1290.data" -#use wml::debian::translation-check translation="f99a932b5d8d6168ba8fe6e611c81cb247d244db" mindelta="1" diff --git a/danish/security/2007/dsa-1291.wml b/danish/security/2007/dsa-1291.wml deleted file mode 100644 index f73b27acdc1..00000000000 --- a/danish/security/2007/dsa-1291.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere problemer er fundet i Samba, implementeringen af SMB/CIFS-fil- og -printerserver til GNU/Linux.

- -
    - -
  • CVE-2007-2444 -

    Ved oversættelse af SID'er til/fra navne ved hjælp af Sambas lokale liste - over bruger- og gruppekonti, kunne en logisk fejl i smbd-dæmonens interne - sikkerhedsstak medføre overgang til root-brugerid'en frem for - ikke-root-brugeren. Brugeren kunne da midlertidigt udføre - SMB/CIFS-protokolhandlinger som root-brugeren. Dette kunne gøre det muligt - for en angriber at etablere flere muligheder for at opnå root-adgang til - serveren.

    • - -
  • CVE-2007-2446 -

    Forskellige fejl i Sambas NDR-fortolkning kunne gøre det muligt for en - bruger at sende særligt fremstillede MS-RPC-forespørgsler, som overskrev - heap-området med brugerdefinerede data.

    • - -
  • CVE-2007-2447 -

    Uindkapslede brugerinddataparametre blev overført som argumenter til - /bin/sh, hvilket muliggjorde fjernudførelse af kommandoer.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 3.0.24-6etch1.

- -

i distributionerne test-distributionen og i den ustabile distribution -(lenny hhv. sid), er disse problemer rettet i version 3.0.25-1.

- -

Vi anbefaler at du opgraderer din samba-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1291.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1292.wml b/danish/security/2007/dsa-1292.wml deleted file mode 100644 index d4cd885d8aa..00000000000 --- a/danish/security/2007/dsa-1292.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

Andreas Nolden opdagede en fejl UTF8-dekodningsrutinerne i qt4-x11, et C++ -GUI-bibliotekframework, hvilket kunne gøre det muligt for fjernangribere at -udføre skripter på tværs af websteder (XSS) eller mappegennemløbsangreb gennem -lange sekvenser, der blev dekodet til farlige metategn.

- -

I den stabile distribution (etch), er dette problem rettet i version -4.2.1-2etch1.

- -

I test-distributionen og i den ustabile distribution (lenny hhv. sid), -er dette problem rettet i version 4.2.2-2.

- -

Vi anbefaler at du opgraderer din qt4-x11-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1292.data" -#use wml::debian::translation-check translation="f09576d8bbd2b2ec2ae0e4921bd0b3254cd1ad21" mindelta="1" diff --git a/danish/security/2007/dsa-1293.wml b/danish/security/2007/dsa-1293.wml deleted file mode 100644 index 04857e7bf10..00000000000 --- a/danish/security/2007/dsa-1293.wml +++ /dev/null @@ -1,21 +0,0 @@ -læsning ud over grænserne - -

Paul Jakma opdagede at særligt fremstillede UPDATE-meddelelser kunne udløse -en læsning ud over grænserne, hvilket kunne medføre at quagga gik ned; quagga er -en BGP/OSPF/RIP-routingdæmon.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 0.98.3-7.4.

- -

I den stabile distribution (etch) er dette problem rettet i -version 0.99.5-5etch2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.99.6-5.

- -

Vi anbefaler at du opgraderer din quagga-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1293.data" -#use wml::debian::translation-check translation="66cbcd32eb97143605d4699861561484c2c371c6" mindelta="1" diff --git a/danish/security/2007/dsa-1294.wml b/danish/security/2007/dsa-1294.wml deleted file mode 100644 index 8682968d489..00000000000 --- a/danish/security/2007/dsa-1294.wml +++ /dev/null @@ -1,50 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i X Window System, hvilket kunne føre til -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2007-1003 - -

    Sean Larsson opdagede et heltalsoverløb i XC-MISC-udvidelsen, hvilket - kunne føre til lammelsesangreb (denial of service) eller lokal - rettighedsforøgelse.

    • - -
  • CVE-2007-1351 - -

    Greg MacManus opdagede et heltalsoverløb i fonthåndteringen, hvilket - kunne føre til lammelsesangreb eller lokal rettighedsforøgelse.

    • - -
  • CVE-2007-1352 - -

    Greg MacManus opdagede et heltalsoverløb i fonthåndteringen, hvilket - kunne føre til lammelsesangreb eller lokal rettighedsforøgelse.

    • - -
  • CVE-2007-1667 - -

    Sami Leides opdagede et heltalsoverløb i libx11-biblioteket, hvilket - kunne føre til udførelse af vilkårlig kode. Denne opdateringer introducerer - strengere fornuftighedskontroller af inddata leveret til XCreateImage(). - For at kunne tage vare om dette, leveres en opdateret rdesktop-pakke sammen - med denne sikkerhedsopdatering. Et andet program der er påvirket af denne - fejl, men ikke er en del af Debian, er den proprietære webbrowser Opera. - Leverandøren har dog frigivet opdaterde pakker.

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 4.3.0.dfsg.1-14sarge4. Der mangler opbygninger til Sparc-arkitekturen -på grund af problemer med opbygningsværten. Pakkerne vil blive frigivet når -problemet er blevet løst.

- -

Den stabile distribution (etch) er ikke påvirket af disse problemer, da -sårbarhederne allerede blev rettet i forbindelse med "frysningen" af etch.

- -

Vi anbefaler at du opgraderer dine XFree86-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1294.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1295.wml b/danish/security/2007/dsa-1295.wml deleted file mode 100644 index bcbd1db41cf..00000000000 --- a/danish/security/2007/dsa-1295.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i PHP, et serverside-skriptsprog -med indlejret HTML-kode, hvilket kunne føre til udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    -
  • CVE-2007-2509 -

    Man har opdaget, at manglende fornuftighedskontrol af inddata inde i - ftp-udvidelsen, gjorde det muligt for en angriber, at udføre vilkårlige - ftp-kommandoer. Dette krævede at angriberen allerede havde adgang til - ftp-serveren.

    • - -
  • CVE-2007-2510 -

    Man har opdaget at et bufferoverløb i SOAP-udvidelsen gjorde det muligt - at udføre vilkårlig kode.

    • - -
- -

Den gamle stabile distribution (sarge) indeholder ikke php5.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 5.2.0-8+etch4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 5.2.2-1.

- -

Vi anbefaler at du opgraderer dine PHP-pakker. Pakker til arkitekturen Sparc -er endnu ikke tilgængelige, på grund af problemer på opbygningsværten. Pakkerne -vil senere blive gjort tilgængelige.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1295.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1296.wml b/danish/security/2007/dsa-1296.wml deleted file mode 100644 index 1ceeb33b743..00000000000 --- a/danish/security/2007/dsa-1296.wml +++ /dev/null @@ -1,26 +0,0 @@ -manglende kontrol af inddata - - -

Man har opdaget at ftp-udvidelsen i PHP, et serverside-skriptsprog med -indlejret HTML-kode, udførte utilstrækkelig fornuftighedskontrol af inddata, -hvilket gjorde det muligt for en angriber, at udføre vilkårlige ftp-kommandoer. -Dette krævede at angriberen allerede havde adgang til ftp-serveren.

- -

I den gamle stabile distribution (sarge) er dette problem rettet -i version 4.3.10-21.

- -

I den stabile distribution (etch) er dette problem rettet -i version 4.4.4-8+etch3.

- -

I den ustabile distribution (sid) bliver dette problem ikke rettet, da php4 -vil blive fjernet fra sid; dermed opfordres du kraftigt til at gå over til php5, -hvis du foretrækker at anvende den ustabile distribution.

- -

Vi anbefaler at du opgraderer dine PHP-pakker. Pakker til arkitekturen Sparc -er endnu ikke tilgængelige, på grund af problemer på opbygningsværten. Pakkerne -vil senere blive gjort tilgængelige.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1296.data" -#use wml::debian::translation-check translation="9f839a1b1b0ce58d4dd9e8128933db558e43974f" mindelta="1" diff --git a/danish/security/2007/dsa-1297.wml b/danish/security/2007/dsa-1297.wml deleted file mode 100644 index 56e3a4c6b15..00000000000 --- a/danish/security/2007/dsa-1297.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Bernhard R. Link opdagede at CVS-visningsgrænsefladen i Gforge, et -samarbejdsudviklingsværktøj, udførte utilstrækkelig indkapsling af URL'er, -hvilket gjorde det muligt at udføre vilkårlige shell-kommandoer med -rettighederne hørende til brugeren www-data.

- -

Den gamle stabile distribution (sarge) er ikke påvirket af dette problem.

- -

I den stabile distribution (etch) er dette problem rettet i -version 4.5.14-5etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.5.14-6.

- -

Vi anbefaler at du opgraderer din gforge-plugin-scmcvs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1297.data" -#use wml::debian::translation-check translation="8a117fc12e8f13336885d380aca87997d6ceca41" mindelta="1" diff --git a/danish/security/2007/dsa-1298.wml b/danish/security/2007/dsa-1298.wml deleted file mode 100644 index 2308d1ceb11..00000000000 --- a/danish/security/2007/dsa-1298.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at Open Ticket Request System udførte utilstrækkelig -fornuftighedskontrol på parameteret Subaction, hvilket gjorde det muligt at -indsprøjte vilkårlig webskriptkode.

- -

Den gamle stabile distribution (sarge) indeholder ikke otrs2.

- -

I den stabile distribution (etch) er dette problem rettet i -version 2.0.4p01-18.

- -

Den ustabile distribution (sid) er ikke påvirket af dette problem.

- -

Vi anbefaler at du opgraderer din otrs2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1298.data" -#use wml::debian::translation-check translation="e7c073a35c454b1b60bfa5339ec921d18c33effb" mindelta="1" diff --git a/danish/security/2007/dsa-1299.wml b/danish/security/2007/dsa-1299.wml deleted file mode 100644 index eb264eec362..00000000000 --- a/danish/security/2007/dsa-1299.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - - -

Man har opdaget at en særligt fremstillet pakke sendt til racoon -ipsec-nøgleudvekslingsserveren kunne få en tunnel til at gå ned, medførende -et lammelsesangreb (denial of service).

- -

Den gamle stabile distribution (sarge) er ikke påvirket af dette problem.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1:0.6.6-3.1.

- -

I den ustabile distribution (sid) vil problemet snart blive rettet.

- -

Vi anbefaler at du opgraderer din racoon-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1299.data" -#use wml::debian::translation-check translation="49c703af66ae1a1be85b8ab7b240bc6756bb160c" mindelta="1" diff --git a/danish/security/2007/dsa-1300.wml b/danish/security/2007/dsa-1300.wml deleted file mode 100644 index 699e7cf6a28..00000000000 --- a/danish/security/2007/dsa-1300.wml +++ /dev/null @@ -1,64 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i internetprogrampakken Iceape, -en version af Seamonkey Internet Suite. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-1362 - -

    Nicolas Derouet opdagede at Iceape udførte utilstrækkelig kontrol på - cookies, hvilket kunne føre til lammelsesangreb (denial of - service).

    • - -
  • CVE-2007-1558 - -

    Gatan Leurent opdagede en kryptografisk svaghed i APOP-autentification, - hvilket formindskede det arbejde, der skulle til at gennemføre et "manden i - midten"-angreb (MITM) til at opsnappe en adgangskode. Denne opdatering - håndhæver en strengere kontrol, hvilket forhindrer dette angreb.

    • - -
  • CVE-2007-2867 - -

    Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn - Wargers og Olli Pettay opdagede nedbrud i layoutmaskinen, hvilket kunne gøre - det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2007-2868 - -

    Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 og Wladimir - Palant opdagede nedbrud i JavaScript-maskinen, hvilket kunne gøre det muligt - at udføre vilkårlig kode.

    • - -
  • CVE-2007-2870 - -

    moz_bug_r_a4 opdagede at tilføjelse af en event-lytter gennem - funktionen addEventListener() tillod udførelse af skripter på tværs af - websteder (cross-site scripting).

    • - -
  • CVE-2007-2871 - -

    Chris Thomas opdagede at XUL-popup'er kunne misbruges til forfalsknings- - (spoofing) eller fiskningsangreb (phising).

    • - -
- -

Rettelser til den gamle stabile distribution (sarge) er ikke tilgængelige. -Mens der vil være en ny runde sikkerhedsopdateringer til Mozilla-produkter, -har Debian ikke ressourcer til at tilbageføre flere sikkerhedsrettelser til de -gamle Mozilla-produkter. Du opfordres kraftigt til så snart som muligt at -opgradere til den stabile distribution.

- -

I den stabile distribution (etch) er disse problemer rettet i version -1.0.9-0etch1. En opbygning til arm-arkitekturen er endnu ikke tilgængelig, -den vil senere blive stillet til rådighed.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1300.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1301.wml b/danish/security/2007/dsa-1301.wml deleted file mode 100644 index 90233e13f7f..00000000000 --- a/danish/security/2007/dsa-1301.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i Gimps SUNRAS-plugin i versioner før 2.2.15. -Denne fejl kunne gøre det muligt for en angriber at udføre vilkårlig kode på -offerets computer ved at narre vedkommende til at åbne en særligt fremstillet -RAS-fil.

- -

I den stabile distribution (etch), er dette problem rettet i -version 2.2.13-1etch1.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 2.2.6-1sarge2.

- -

I den ustabile and testing distributions (sid and lenny, -respectively), er dette problem rettet i version 2.2.14-2.

- -

Vi anbefaler at du opgraderer din gimp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1301.data" -#use wml::debian::translation-check translation="62b38eb66fe93b5d005bf1e3f10f2caad2b162a2" mindelta="1" diff --git a/danish/security/2007/dsa-1302.wml b/danish/security/2007/dsa-1302.wml deleted file mode 100644 index 4a3c0fc775d..00000000000 --- a/danish/security/2007/dsa-1302.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - - -

Der er opdaget et problem med freetype, en FreeTyp2-skrifttypemaskine, -hvilket kunne gøre det muligt at udføre vilkårlig kode gennem et heltalsoverløb -i særligt fremstillede TTF-filer.

- -

I den stabile distribution (etch), er dette problem rettet i -version 2.2.1-5+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.2.1-6.

- -

Vi anbefaler at du opgraderer din freetype-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1302.data" -#use wml::debian::translation-check translation="284fdbcc32d6f01900766764a168744457a421c3" mindelta="1" diff --git a/danish/security/2007/dsa-1303.wml b/danish/security/2007/dsa-1303.wml deleted file mode 100644 index be4c71276f6..00000000000 --- a/danish/security/2007/dsa-1303.wml +++ /dev/null @@ -1,33 +0,0 @@ -lammelsesangreb - -

To problemer er opdaget i lighttpd, en hurtig webserver med minimalt -hukommelsesforbrug, hvilket kunne muliggøre lammelsesangreb (denial of service). -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-1869 - -

    Fjernangribere kunne forårsage lammelsesangreb ved at afbryde undervejs - i en forespørgsel.

    • - -
  • CVE-2007-1870 - -

    En NULL-pointerdereference kunne forårsage et nedbrud når filer med 0 som - mtime blev leveret.

    • - -
- -

I den stabile distribution (etch) er disse problemer rettet i -version 1.4.13-4etch1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.4.14-1.

- -

Vi anbefaler at du opgraderer din lighttpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1303.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1304.wml b/danish/security/2007/dsa-1304.wml deleted file mode 100644 index ef77b990bb2..00000000000 --- a/danish/security/2007/dsa-1304.wml +++ /dev/null @@ -1,135 +0,0 @@ -flere sårbarheder - -

CVE-2006-6060 -CVE-2006-6106 -CVE-2006-6535 -CVE-2007-0958 -CVE-2007-1357 -CVE-2007-1592

- -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen, hvilket -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode.

- -

Denne opdatering retter også en regression i undersystemet smbfs, opstået i -DSA-1233, -hvilket gjorde at symlinks blev opfattet som almindelige filer.

- -

Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2005-4811 - -

    David Gibson rapporterede om et problem i hugepage-koden, hvilket kunne - gøre det muligt at iværksætte et lokalt lammelsesangreb (systemnedbrud) på - systemer der var sat tilsvarende op.

    • - -
  • CVE-2006-4814 - -

    Doug Chapman opdagede et potentielt lokalt lammelsesangreb (deadlock) i - funktionen mincore, forårsaget af ukorrekt lock-håndtering.

    • - -
  • CVE-2006-4623 - -

    Ang Way Chuang rapporterede om et fjernudnytbar lammelsesangreb (nedbrud) - i dvb-driveren, hvilket kunne udløses af en ULE-pakke med en SNDU-længde på - 0.

    • - -
  • CVE-2006-5753 - -

    Eric Sandeen lavede en rettelse af en lokal - hukommelsesødelæggelses-sårbarhed, som følge af en misfortolkning af - returværdier, når der arbejdedes på inoder, der var markeret som værende - dårlige.

    • - -
  • CVE-2006-5754 - -

    Darrick Wong opdagede et lokal lammelsesangrebssårbarhed (nedbrud), som - følge af ukorrekt initialisering af nr_pages i aio_setup_ring().

    • - -
  • CVE-2006-5757 - -

    LMH rapporterede om et potentielt lokalt lammelsesangreb, hvilket kunne - udnyttes af en ondsindet bruger med ret til at mount'e og læse a ødelagt - iso9660-filsystem.

    • - -
  • CVE-2006-6053 - -

    LMH rapporterede om et potentielt lokalt lammelsesangreb, hvilket kunne - udnyttes af en ondsindet bruger med ret til at mount'e og læse a ødelagt - ext3-filsystem.

    • - -
  • CVE-2006-6056 - -

    LMH rapporterede om et potentielt lokalt lammelsesangreb, hvilket kunne - udnyttes af en ondsindet bruger med ret til at mount'e og læse a ødelagt - hfs-filsystem på systemer hvor SELinux-kald var aktiveret (som standard er - SELinux ikke aktiveret i Debian).

    • - -
  • CVE-2006-6060 - -

    LMH rapporterede om et potentielt lokalt lammelsesangreb, hvilket kunne - udnyttes af en ondsindet bruger med ret til at mount'e og læse a ødelagt - NTFS-filsystem.

    • - -
  • CVE-2006-6106 - -

    Marcel Holtman opdagede flere bufferoverløb i Bluetooth-undersystemet, - hvilket kunne anvendes til at fjernudløse et lammelsesangreb (nedbrud) og - potentielt udføre vilkårlig kode.

    • - -
  • CVE-2006-6535 - -

    Kostantin Khorenko opdagede en ugyldig fejlsti i dev_queue_xmit(), - hvilket kunne udnyttes af en lokal bruger til at forårsage - dataødelæggelse.

    • - -
  • CVE-2007-0958 - -

    Santosh Eraniose rapporterede om en sårbarhed, der gjorde det muligt for - lokale brugere at læse ellers ulæselige filer, ved at udløse et coredump - mens PT_INTERP blev anvendt. Dette er knyttet til - CVE-2004-1073.

    • - -
  • CVE-2007-1357 - -

    Jean Delvare rapporterede om en sårbarhed i appletalk-undersystemet. - Andre systemer på det lokale netværk kunne gennem en misdannet frame, - udløse et nedbrud på systemer hvor appletalk-modulet var indlæst.

    • - -
  • CVE-2007-1592 - -

    Masayuki Nakagawa opdagede at flow-labels utilsigtet blev delt mellem - lyttende sockets og child-sockets. Denne defekt kunne udnyttes af lokale - brugere til at forårsage et lammelsesangreb (oops).

    • - -
- -

Følgende matriks forklarer hvilke kerneversioner til hvilke arkitekturer, -der retter de oven for nævnte problemer:

- -
- - - - - - - - - - - -
Debian 3.1 (sarge)
Kildekode 2.6.8-16sarge7
Alpha-arkitekturen 2.6.8-16sarge7
AMD64-arkitekturen 2.6.8-16sarge7
HP Precision-arkitekturen 2.6.8-6sarge7
Intel IA-32-arkitekturen 2.6.8-16sarge7
Intel IA-64-arkitekturen 2.6.8-14sarge7
Motorola 680x0-arkitekturen2.6.8-4sarge7
PowerPC-arkitekturen 2.6.8-12sarge7
IBM S/390-arkitekturen 2.6.8-5sarge7
Sun Sparc-arkitekturen 2.6.8-15sarge7
-
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1304.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1305.wml b/danish/security/2007/dsa-1305.wml deleted file mode 100644 index 42d3c6c8dea..00000000000 --- a/danish/security/2007/dsa-1305.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i postprogrammet Icedove, en -version af Thunderbird-programmet. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-1558 - -

    Gatan Leurent opdagede en kryptografisk svaghed i APOP-autentification, - hvilket formindskede det arbejde, der skulle til at gennemføre et "manden i - midten"-angreb (MITM) til at opsnappe en adgangskode. Denne opdatering - håndhæver en strengere kontrol, hvilket forhindrer dette angreb.

    • - -
  • CVE-2007-2867 - -

    Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn - Wargers og Olli Pettay opdagede nedbrud i layoutmaskinen, hvilket kunne gøre - det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2007-2868 - -

    Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 og Wladimir - Palant opdagede nedbrud i JavaScript-maskinen, hvilket kunne gøre det muligt - at udføre vilkårlig kode.

    • - -
- -

Rettelser til den gamle stabile distribution (sarge) er ikke tilgængelige. -Debian har ikke ressourcerne til at tilbageføre yderligere sikkerhedsrettelser -til de gamle Mozilla-produktuer. Du opfordres kraftigt til så snart som muligt -at opgradere til den stabile distribution.

- -

I den stabile distribution (etch) er disse problemer rettet i version -1.5.0.12.dfsg1-0etch1.

- -

I ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1305.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1306.wml b/danish/security/2007/dsa-1306.wml deleted file mode 100644 index 8f0630edb2b..00000000000 --- a/danish/security/2007/dsa-1306.wml +++ /dev/null @@ -1,58 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtime-miljø -til XUL-programmer. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2007-1362 - -

    Nicolas Derouet opdagede at Iceape udførte utilstrækkelig kontrol på - cookies, hvilket kunne føre til lammelsesangreb (denial of - service).

    • - -
  • CVE-2007-2867 - -

    Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn - Wargers og Olli Pettay opdagede nedbrud i layoutmaskinen, hvilket kunne gøre - det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2007-2868 - -

    Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 og Wladimir - Palant opdagede nedbrud i JavaScript-maskinen, hvilket kunne gøre det muligt - at udføre vilkårlig kode.

    • - -
  • CVE-2007-2869 - -

    Marcel opdagede at ondsindede websteder kunne forårsage omfattende - ressourceforbrug gennem funktionen til automatisk fuldførelse, medførende - lammelsesangreb.

    • - -
  • CVE-2007-2870 - -

    moz_bug_r_a4 opdagede at tilføjelse af en event-lytter gennem - funktionen addEventListener() tillod udførelse af skripter på tværs af - websteder (cross-site scripting).

    • - -
  • CVE-2007-2871 - -

    Chris Thomas opdagede at XUL-popup'er kunne misbruges til forfalsknings- - (spoofing) eller fiskningsangreb (phising).

    • - -
- -

Den gamle stabile distribution (sarge) indeholder ikke xulrunner.

- -

I den stabile distribution (etch) er disse problemer rettet i -version 1.8.0.12-0etch1.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1306.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1307.wml b/danish/security/2007/dsa-1307.wml deleted file mode 100644 index 446357345d4..00000000000 --- a/danish/security/2007/dsa-1307.wml +++ /dev/null @@ -1,22 +0,0 @@ -heap-overløb - -

John Heasman har opdaget et heap-overløb i de rutiner i OpenOffice.org, der -fortolker RTF-filer. En særligt fremstillet ETF-fil kunne forårsage at filteret -overskrev data på heap'en, hvilket kunne føre til udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 1.1.3-9sarge7.

- -

I den stabile distribution (etch) er dette problem rettet i -version 2.0.4.dfsg.2-7etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.2.1~rc1-1.

- -

Vi anbefaler at du opgraderer dine openoffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1307.data" -#use wml::debian::translation-check translation="245bbb4bdeff70725f741d56b1e37663fbab130b" mindelta="1" diff --git a/danish/security/2007/dsa-1308.wml b/danish/security/2007/dsa-1308.wml deleted file mode 100644 index 0c28ed87dcd..00000000000 --- a/danish/security/2007/dsa-1308.wml +++ /dev/null @@ -1,64 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webbrowseren Iceweasel, en -version af browseren Firefox. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-1362 - -

    Nicolas Derouet opdagede at Iceape udførte utilstrækkelig kontrol på - cookies, hvilket kunne føre til lammelsesangreb (denial of - service).

    • - -
  • CVE-2007-2867 - -

    Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn - Wargers og Olli Pettay opdagede nedbrud i layoutmaskinen, hvilket kunne gøre - det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2007-2868 - -

    Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 og Wladimir - Palant opdagede nedbrud i JavaScript-maskinen, hvilket kunne gøre det muligt - at udføre vilkårlig kode.

    • - -
  • CVE-2007-2869 - -

    Marcel opdagede at ondsindede websteder kunne forårsage omfattende - ressourceforbrug gennem funktionen til automatisk fuldførelse, medførende - lammelsesangreb.

    • - -
  • CVE-2007-2870 - -

    moz_bug_r_a4 opdagede at tilføjelse af en event-lytter gennem - funktionen addEventListener() tillod udførelse af skripter på tværs af - websteder (cross-site scripting).

    • - -
  • CVE-2007-2871 - -

    Chris Thomas opdagede at XUL-popup'er kunne misbruges til forfalsknings- - (spoofing) eller fiskningsangreb (phising).

    • - -
- -

Rettelser til den gamle stabile distribution (sarge) er ikke tilgængelige. -Mens der vil være en ny runde sikkerhedsopdateringer til Mozilla-produkter, -har Debian ikke ressourcer til at tilbageføre flere sikkerhedsrettelser til de -gamle Mozilla-produkter. Du opfordres kraftigt til så snart som muligt at -opgradere til den stabile distribution.

- -

I den stabile distribution (etch) er disse problemer rettet i version -2.0.0.4-0etch1. En opbygning til alpha-arkitekturen er endnu ikke tilgængelig, -den vil senere blive stillet til rådighed.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -2.0.0.4-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1308.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1309.wml b/danish/security/2007/dsa-1309.wml deleted file mode 100644 index d8c7e16f9c9..00000000000 --- a/danish/security/2007/dsa-1309.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

Man har opdaget at PostgreSQL-databasen udførte utilstrækkelig kontrol af -på variabler overførte til priviligerede SQL-kommandoer, såkaldte security -definers, hvilket kunne føre til SQL-rettighedsforøgelse.

- -

Den gamle stabile distribution (sarge) indeholder ikke PostgreSQL 8.1.

- -

I den stabile distribution (etch) er dette problem rettet i -version 8.1.9-0etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 8.1.9-1.

- -

Vi anbefaler at du opgraderer dine PostgreSQL-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1309.data" -#use wml::debian::translation-check translation="641a58003014fc1e750fa166bddbc303b955bd06" mindelta="1" diff --git a/danish/security/2007/dsa-1310.wml b/danish/security/2007/dsa-1310.wml deleted file mode 100644 index dfcf64d6f3e..00000000000 --- a/danish/security/2007/dsa-1310.wml +++ /dev/null @@ -1,18 +0,0 @@ -heltalsoverløb - -

En sårbarhed er opdaget i libexif, et bibliotek til fortolkning af -EXIF-filer, hvilket muliggjorde lammelsesangreb (denial of service) samt -muligvis udførelse af vilkårlig kode gennem misdannede EXIF-data.

- -

I den gamle stabile distribution (sarge), er dette problem rettet -i version 0.6.9-6sarge1.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.6.13-5etch1.

- -

Vi anbefaler at du opgraderer din libexif-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1310.data" -#use wml::debian::translation-check translation="aae5bbc6905b2887431a2049402a680292419267" mindelta="1" diff --git a/danish/security/2007/dsa-1311.wml b/danish/security/2007/dsa-1311.wml deleted file mode 100644 index d2425adaef9..00000000000 --- a/danish/security/2007/dsa-1311.wml +++ /dev/null @@ -1,23 +0,0 @@ -programmeringsfejl - -

Man har opdaget at PostgreSQL-databasen udførte utilstrækkelig kontrol af -på variabler overførte til priviligerede SQL-kommandoer, såkaldte security -definers, hvilket kunne føre til SQL-rettighedsforøgelse.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 7.4.7-6sarge5. En powerpc-opbygning er endnu ikke tilgængelig på grund -af problemer med opbygningsværten. Den vil senere blive stillet til -rådighed.

- -

I den stabile distribution (etch) er dette problem rettet i -version 7.4.17-0etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 7.4.17-1.

- -

Vi anbefaler at du opgraderer dine PostgreSQL-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1311.data" -#use wml::debian::translation-check translation="3aa68eafa7e64106dbc20ecd0c4fbad2fe241b3a" mindelta="1" diff --git a/danish/security/2007/dsa-1312.wml b/danish/security/2007/dsa-1312.wml deleted file mode 100644 index 9f7f99a6c38..00000000000 --- a/danish/security/2007/dsa-1312.wml +++ /dev/null @@ -1,23 +0,0 @@ -programmeringsfejl - -

Man har opdaget at Apache 1.3-connector'en til Tomcat Java-servletmaskinen -dekodede forespørgsels-URL'er flere gange, hvilket kunne føre til -informationsafsløring.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 1.2.5-2sarge1. En opdateret pakke til powerpc er endnu ikke tilgængelig -på grund af problemer med opbygningsværten. Den vil senere blive stillet -rådighed.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.2.18-3etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.23-1.

- -

Vi anbefaler at du opgraderer din libapache-mod-jk-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1312.data" -#use wml::debian::translation-check translation="3060e6cc6be2f361f85ac3939f7bdfee92208c3b" mindelta="1" diff --git a/danish/security/2007/dsa-1313.wml b/danish/security/2007/dsa-1313.wml deleted file mode 100644 index f00415b60b2..00000000000 --- a/danish/security/2007/dsa-1313.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Stefan Cornelius og Reimar Doeffinger opdagede at filmafspilleren MPlayer -udførte utilstrækkelige grænsekontroller ved tilgåelse af CDDB-data, hvilket -kunne føre til udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (sarge) indeholder ikke MPlayer-pakker.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.0~rc1-12etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0~rc1-14.

- -

Vi anbefaler at du opgraderer din mplayer-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1313.data" -#use wml::debian::translation-check translation="06ae48f6f25aa18b6637b6687d9e0c6d6cb4f301" mindelta="1" diff --git a/danish/security/2007/dsa-1314.wml b/danish/security/2007/dsa-1314.wml deleted file mode 100644 index 6c5427bd18b..00000000000 --- a/danish/security/2007/dsa-1314.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i open-iscsi, en -transportuafhængig iSCSI-implementering. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-3099 - -

    Olaf Kirch opdagede, at på grund af en programmeringsfejl, adgang til et - håndteringsfaldesocket var utilstrækkeligt beskyttet, hvilket muliggjorde - lammelsesangreb.

    • - -
  • CVE-2007-3100 - -

    Olaf Kirch opdagede at adgang til en semafor anvendt i logningskoden, var - utilstrækkeligt beskyttet, hvilket muliggjorde lammelsesangreb.

    • - -
- -

Den gamle stabile distribution (sarge) indeholder ikke open-iscsi.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 2.0.730-1etch1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.0.865-1.

- -

Vi anbefaler at du opgraderer dine open-iscsi-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1314.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1315.wml b/danish/security/2007/dsa-1315.wml deleted file mode 100644 index 9a11f3d12cc..00000000000 --- a/danish/security/2007/dsa-1315.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - - -

Thor Larholm opdagede at libphp-phpmailer, en mailforsendelsesklasse til PHP, -udførte utilstrækkelig kontrol af inddata, hvis opsat til at anvende Sendmail. -Dette gjorde det muligt at udføre vilkårlige shell-kommandoer.

- -

Den gamle stabile distribution (sarge) indeholder ikke libphp-phpmailer.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.73-2etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.73-4.

- -

Vi anbefaler at du opgraderer din libphp-phpmailer-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1315.data" -#use wml::debian::translation-check translation="64a260dfa659cd0852ce92cadd061900e387bc5e" mindelta="1" diff --git a/danish/security/2007/dsa-1316.wml b/danish/security/2007/dsa-1316.wml deleted file mode 100644 index ab83f4ac167..00000000000 --- a/danish/security/2007/dsa-1316.wml +++ /dev/null @@ -1,15 +0,0 @@ -lammelsesangreb - - -

Man har opdaget at emacs, GNU Emacs-editoren, går ned når den behandler visse -former for billeder.

- -

I den stabile distribution (etch), er dette problem rettet i -version 21.4a+1-3etch1.

- -

Vi anbefaler at du opgraderer din emacs21-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1316.data" -#use wml::debian::translation-check translation="5cbd74450d7e1f5697c60eba66a4a5fa5483b3d3" mindelta="1" diff --git a/danish/security/2007/dsa-1317.wml b/danish/security/2007/dsa-1317.wml deleted file mode 100644 index ca91e1380a7..00000000000 --- a/danish/security/2007/dsa-1317.wml +++ /dev/null @@ -1,16 +0,0 @@ -bufferoverløb - -

Duskwave opdagede at tinymux, en tekstbaseret flerbruger-virtuel -verden-server, udførte utilstrækkelige grænsekontroller når den anvendte -brugerleverede oplysninger, hvilket kunne føre til udførelse af vilkårlig -kode.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.4.3.31-1etch1.

- -

Vi anbefaler at du opgraderer din tinymux-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1317.data" -#use wml::debian::translation-check translation="a6e9eeeaaff8bd6725ff7c3a16e7d98902519004" mindelta="1" diff --git a/danish/security/2007/dsa-1318.wml b/danish/security/2007/dsa-1318.wml deleted file mode 100644 index 37951c60fca..00000000000 --- a/danish/security/2007/dsa-1318.wml +++ /dev/null @@ -1,53 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i ekg, Gadu Gadu-klient til -konsollen. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2005-2370 - -

    Man har opdaget at hukommelsesjusteringsfejl kunne gøre det muligt for - fjernangribere at forårsage et lammelsesangreb (denial of service) på visse - arkitekturer så som sparc. Dette påvirker kun Debian sarge.

    • - -
  • CVE-2005-2448 - -

    Man har opdaget at flere fejl i forbindelse med endianess kunne - gøre det muligt for fjernangribere at forårsage et lammelsesangreb. Dette - påvirker kun Debian sarge.

    • - -
  • CVE-2007-1663 - -

    Man har opdaget at en hukommelseslækage i hånderingen af billedbeskeder - kunne føre til lammelsesangreb. Dette påvirker kun Debian etch.

    • - -
  • CVE-2007-1664 - -

    Man har opdaget at en null pointer-deference i token-OCR-koden kunne føre - til lammelsesangreb. Dette påvirker kun Debian etch.

    • - -
  • CVE-2007-1665 - -

    Man har opdaget at en hukommelseslækage i token-OCR-koden kunne føre til - lammelsesangreb. Dette påvirker kun Debian etch.

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 1.5+20050411-7. Denne opdatering mangler opdaterede pakker til -arkitekturen m68k. De vil blive stillet til rådighed senere.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 1:1.7~rc2-1etch1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1:1.7~rc2-2.

- -

Vi anbefaler at du opgraderer dine ekg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1318.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1319.wml b/danish/security/2007/dsa-1319.wml deleted file mode 100644 index 88351daf2c4..00000000000 --- a/danish/security/2007/dsa-1319.wml +++ /dev/null @@ -1,40 +0,0 @@ -hukommelseslækager - -

Flere fjernudnytbare sårbarheder er opdaget i MaraDNS, en simpel -sikkerhedsopmærksom Domain Name Service-server. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-3114 - -

    Man har opdaget at misdannede DNS-forespørgsler kunne udløse - hukommelseslækager, muliggørende lammelsesangreb (denial of - service).

    • - -
  • CVE-2007-3115 - -

    Man har opdaget at misdannede DNS-forespørgsler kunne udløse - hukommelseslækager, muliggørende lammelsesangreb.

    • - -
  • CVE-2007-3116 - -

    Man har opdaget at misdannede DNS-forespørgsler kunne udløse - hukommelseslækager, muliggørende lammelsesangreb.

    • - -
- -

Den gamle stabile distribution (sarge) er ikke påvirket af disse problemer.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 1.2.12.04-1etch1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.2.12.06-1.

- -

Vi anbefaler at du opgraderer dine maradns-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1319.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1320.wml b/danish/security/2007/dsa-1320.wml deleted file mode 100644 index a7ce20571a3..00000000000 --- a/danish/security/2007/dsa-1320.wml +++ /dev/null @@ -1,56 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Clam anti-virus toolkit. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-2650 - -

    Man har opdaget at OLE2-fortolkeren kunne narres ind i en uendelig løkke - samt opbruge hukommelsen.

    • - -
  • CVE-2007-3023 - -

    Man har opdaget at koden til udpakning af NsPack udførte utilstrækkelig - fornuftighedskontrol på en intern længdevariabel, medførende et potentielt - bufferoverløb.

    • - -
  • CVE-2007-3024 - -

    Man har opdaget at midlertidige filer blev oprettet med usikre - rettigheder, medførende informationsafsløring.

    • - -
  • CVE-2007-3122 - -

    Man har opdaget at udpakningskoden til RAR-arkiver tillod omgåelse af en - skanning af et RAR-arkiv på grund af utilstrækkelige - gyldighedskontroller.

    • - -
  • CVE-2007-3123 - -

    Man har opdaget at udpakningskoden til RAR-arkiver udførte utilstrækkelig - kontrol af headerværdier, medførende et bufferoverløb.

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 0.84-2.sarge.17. Bemærk at rettelsen af -CVE-2007-3024 -ikke er blevet ført tilbage til versionen i den gamle stabile distribution.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 0.90.1-3etch1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.90.2-1.

- -

Vi anbefaler at du opgraderer dine clamav-pakker. En opdateret pakke til -arkitekturen powerpc i den gamle stabile distribution endnu ikke er tilgængelig. -Den vil senere blive stillet til rådighed.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1320.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1321.wml b/danish/security/2007/dsa-1321.wml deleted file mode 100644 index aacb0f59f1d..00000000000 --- a/danish/security/2007/dsa-1321.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Man har opdaget at IMAP-koden i Evolution Data Server udførte utilstrækkelig -fornuftighedskontrol på en værdi, der senere blev anvendt i et array-indeks, -hvilket kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (sarge) er en anden kildekodepakke påvirket, -og vil blive rettet separat.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.6.3-5etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.10.2-2.

- -

Vi anbefaler at du opgraderer dine evolution-data-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1321.data" -#use wml::debian::translation-check translation="13773d9633e5a7822f2cc82d0a8ac023becf8611" mindelta="1" diff --git a/danish/security/2007/dsa-1322.wml b/danish/security/2007/dsa-1322.wml deleted file mode 100644 index f8e66c77fea..00000000000 --- a/danish/security/2007/dsa-1322.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Wireshark, et program til -analysering af netværkstrafik, hvilket kunne føre til lammelsesangreb (denial -of service). Projektet Common Vulnerabilities and Exposures project har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2007-3390 - -

    Forskudt med en-overløb blev opdaget i iSeries-dissektoren.

    • - -
  • CVE-2007-3392 - -

    MMS- og SSL-dissektorerne kunne tvinges ind i en uendelig løkke.

    • - -
  • CVE-2007-3393 - -

    Et forskudt med en-overløb blev opdaget i DHCP/BOOTP-dissektoren.

    • - -
- -

Den gamle stabile distribution (sarge) er ikke påvirket af disse problemer. -(I sarge blev Wireshark kaldt Ethereal).

- - -

I den stabile distribution (etch) er disse problemer rettet -i version 0.99.4-5.etch.0. Pakker til big endian MIPS-arkitekturen er endnu -ikke tilgængelige. De vil senere blive stillet til rådighed.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.99.6pre1-1.

- -

Vi anbefaler at du opgraderer dine Wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1322.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1323.wml b/danish/security/2007/dsa-1323.wml deleted file mode 100644 index 5806096cc43..00000000000 --- a/danish/security/2007/dsa-1323.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i MIT's referenceimplementering -af netværksautentificeringsprotokolsuiten Kerberos, hvilket kunne føre til -udførelse af vilkårlig kode. Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-2442 - -

    Wei Wang opdagede at frigivelsen af en uinitialiseret pointer i Kerberos' - RPC-bibliotek kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2007-2443 - -

    Wei Wang opdagede at utilstrækkelig fornuftighedskontrol af inddata i - Kerberos' RPC-bibliotek kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2007-2798 - -

    Man har opdaget at et bufferoverløb i Kerberos' administrationsdæmon - kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 1.3.6-2sarge5. Pakker til hppa, mips og powerpc er endnu ikke -tilgængelige. De vil senere blive stillet til rådighed.

- -

I den stabile distribution (etch) er disse problemer rettet i -version 1.4.4-7etch2. Pakker til hppa og mips er endnu ikke tilgængelige. De -vil senere blive stillet til rådighed.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.6.dfsg.1-5.

- -

Vi anbefaler at du opgraderer dine Kerberos-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1323.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1324.wml b/danish/security/2007/dsa-1324.wml deleted file mode 100644 index 2f1508c0785..00000000000 --- a/danish/security/2007/dsa-1324.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - - -

Kazuhiro Nishiyama fandt en sårbarhed i hiki, en wiki-maskine skrevet i Ruby, -hvilket kunne gøre det muligt for en fjernangriber at slette vilkårlige filer, -som Hiki-brugere kan skrive til, gennem et særligt fremstillet -sessionsparameter.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.8.6-1etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i version -0.8.7-1.

- -

Vi anbefaler at du opgraderer din hiki-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1324.data" -#use wml::debian::translation-check translation="f81e6cd6c8e6c07a3fc322551423146e5cf9b749" mindelta="1" diff --git a/danish/security/2007/dsa-1325.wml b/danish/security/2007/dsa-1325.wml deleted file mode 100644 index a2362d0dff7..00000000000 --- a/danish/security/2007/dsa-1325.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Evolution, en -groupware-programpakke med mailklient og organiseringsprogram. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-1002 - -

    Ulf Härnhammar opdagede en formatstrengssårbarhed i håndteringen af delte - kalendre, der kunne gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2007-3257 - -

    Man har opdaget IMAP-koden i Evolution Data Server udførte utilstrækkelig - fornuftighedskontrol af værdier, der senere anvendes som et arrayindeks, - hvilket kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet i version -2.0.4-2sarge2. Pakker til hppa, mips og powerpc er endnu ikke tilgængelige. De -vil senere blive stillet til rådighed.

- -

I den stabile distribution (etch) er disse problemer rettet i version -2.6.3-6etch1. Pakker til mips er endnu ikke tilgængelige. De vil senere blive -stillet til rådighed.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine evolution-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1325.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1326.wml b/danish/security/2007/dsa-1326.wml deleted file mode 100644 index 78f5d3b09cc..00000000000 --- a/danish/security/2007/dsa-1326.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikre midlertidige filer - -

Steve Kemp fra Debian Security Audit-projektet opdagede at fireflier-server, -et interaktivt værktøj til fremstilling af firewall-regler, anvendte -midlertidige filer på en usikker måde, hvilket kunne udnyttes til at fjerne -vilkårlige filer fra det lokale system.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 1.1.5-1sarge1.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.1.6-3etch1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din fireflier-server-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1326.data" -#use wml::debian::translation-check translation="a6e9eeeaaff8bd6725ff7c3a16e7d98902519004" mindelta="1" diff --git a/danish/security/2007/dsa-1327.wml b/danish/security/2007/dsa-1327.wml deleted file mode 100644 index 3d61eccd628..00000000000 --- a/danish/security/2007/dsa-1327.wml +++ /dev/null @@ -1,18 +0,0 @@ -usikre midlertidige filer - -

Steve Kemp fra Debian Security Audit-projektet opdagede at gsambad, et -GTK+-opsætningsværktøj til Samba, anvendte midlertidige filer på en usikker -måde, hvilket kunne udnyttes til at trunkere vilkårlige filer på det lokale -system.

- -

I den stabile distribution (etch) er dette problem rettet i -version 0.1.4-2etch1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din gsambad-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1327.data" -#use wml::debian::translation-check translation="a6e9eeeaaff8bd6725ff7c3a16e7d98902519004" mindelta="1" diff --git a/danish/security/2007/dsa-1328.wml b/danish/security/2007/dsa-1328.wml deleted file mode 100644 index 094d527a7bc..00000000000 --- a/danish/security/2007/dsa-1328.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - - -

Steve Kemp fra Debian Security Audit-projektet opdagede at unicon-imc2, en -bibliotek til den kinesiske indtastningsmetode, anvendte miljøvariable på en -usikker måde, hvilket kunne udnyttes til at udføre vilkårlig kode.

- -

I den stabile distribution (etch) er dette problem rettet i -version 3.0.4-11etch1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din unicon-imc2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1328.data" -#use wml::debian::translation-check translation="b99787d3663a6732415345eb683d36b3153aff64" mindelta="1" diff --git a/danish/security/2007/dsa-1329.wml b/danish/security/2007/dsa-1329.wml deleted file mode 100644 index 954f4255be9..00000000000 --- a/danish/security/2007/dsa-1329.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikre midlertidige filer - -

Steve Kemp fra Debians Security Audit-projektet opdagede at gfax, en -GNOME-overbygning til faxprogrammer, anvendte midlertidige filer på en usikker -måde, hvilket kunne udnyttes til at udføre vilkårlige kommandoer med -rettighederne hørende til root-brugeren.

- -

I den gamle stabile distribution (sarge) er dette problem rettet -i version 0.4.2-11sarge1.

- -

Den stabile distribution (etch) er ikke påvirket af dette problem.

- -

Den ustabile distribution (sid) er ikke påvirket af dette problem.

- -

Vi anbefaler at du opgraderer din gfax-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1329.data" -#use wml::debian::translation-check translation="2af55d85c44246295d2f6530cc14ff3106820a75" mindelta="1" diff --git a/danish/security/2007/dsa-1330.wml b/danish/security/2007/dsa-1330.wml deleted file mode 100644 index 785a1fea778..00000000000 --- a/danish/security/2007/dsa-1330.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i PHP, en serverside-skriptsprog -med indlejret HTML, hvilket kunne føre til udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-1399 - -

    Stefan Esser opdagede at et bufferoverløb zip-udvidelsen muliggjorde - udførelse af vilkårlig kode.

    • - -
  • CVE-2007-1864 - -

    Man har opdaget at et bufferoverløb i xmlrpc-udvidelsen muliggjorde - udførelse af vilkårlig kode.

    • - -
- -

Den gamle stabile distribution (sarge) indeholder ikke php5.

- -

I den stabile distribution (etch) er disse problemer rettet i -version 5.2.0-8+etch7.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 5.2.2-1.

- -

Vi anbefaler at du opgraderer dine PHP-pakker. Pakker til little endian -mips-arkitekturen er endnu ikke tilgængelige på grund af problemer på -opbygningsværtsmaskinen. De vil senere blive stillet til rådighed.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1330.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1331.wml b/danish/security/2007/dsa-1331.wml deleted file mode 100644 index 37f918268fb..00000000000 --- a/danish/security/2007/dsa-1331.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i PHP, en serverside-skriptsprog -med indlejret HTML, hvilket kunne føre til udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2006-0207 - -

    Stefan Esser discovered HTTP response splitting vulnerabilities - in the session extension. This only affects Debian 3.1 (Sarge).

    • - -
  • CVE-2006-4486 - -

    Stefan Esser discovered that an heltalsoverløb in memory allocation - routines allows the bypass of memory limit restrictions. This only - affects Debian 3.1 (Sarge) on 64 bit architectures.

    • - -
  • CVE-2007-1864 - -

    Man har opdaget at et bufferoverløb i xmlrpc-udvidelsen muliggjorde - udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet -i version 4.3.10-22.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 4.4.4-8+etch4.

- -

Den ustabile distribution (sid) indeholder ikke længere php4.

- -

Vi anbefaler at du opgraderer dine PHP packages. Sarge-pakker til hppa, mips -og powerpc er endnu ikke tilgængelige på grund af problemer på -opbygningsværtsmaskinen. De vil senere blive stillet til rådighed.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1331.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1332.wml b/danish/security/2007/dsa-1332.wml deleted file mode 100644 index 3158714097c..00000000000 --- a/danish/security/2007/dsa-1332.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i multimedieafspilleren og --streameren VideoLan, hvilket kunne føre til udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-3316 - -

    David Thiel opdagede at flere formatstrengssårbarheder kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2007-3467 - -

    David Thiel opdagede et heltalsoverløb i WAV-behandlingskoden.

    • - -
- -

Denne opdatering retter også flere nedbrud, der kunne udløses gennem -misdannede filer.

- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 0.8.1.svn20050314-1sarge3. Pakker til arkitekturen powerpc er endnu -ikke tilgængelige. De vil senere blive stillet til rådighed.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 0.8.6-svn20061012.debian-5etch1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.8.6.c-1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1332.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1333.wml b/danish/security/2007/dsa-1333.wml deleted file mode 100644 index fe9112d8579..00000000000 --- a/danish/security/2007/dsa-1333.wml +++ /dev/null @@ -1,16 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at GnuTLS-certifikatverificeringsmetoderne implementeret i -libcurl-gnutls, et solidt, brugbart og portérbart -flerprotokol-filoverførselsbibliotek, ikke kontrollerede for udløbne eller -ugyldige datoer.

- -

I den stabile distribution (etch), er dette problem rettet i -version 7.15.5-1etch1.

- -

Vi anbefaler at du opgraderer din libcurl3-gnutls-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1333.data" -#use wml::debian::translation-check translation="956e4d593026c81577427b835d4ff87ee74b595d" mindelta="1" diff --git a/danish/security/2007/dsa-1334.wml b/danish/security/2007/dsa-1334.wml deleted file mode 100644 index 78c80ecaadf..00000000000 --- a/danish/security/2007/dsa-1334.wml +++ /dev/null @@ -1,15 +0,0 @@ -heltalsoverløb - -

Et problem blev opdaget i freetype, en FreeType2-skrifttypemaskine, hvilket -kunne gøre det muligt at udføre vilkårlig kode gennem et heltalsoverløb i -særligt fremstillede TTF-filer.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 2.1.7-8.

- -

Vi anbefaler at du opgraderer din freetype-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1334.data" -#use wml::debian::translation-check translation="a17db4488db04b96d1ea4c04982f6cde6872a09a" mindelta="1" diff --git a/danish/security/2007/dsa-1335.wml b/danish/security/2007/dsa-1335.wml deleted file mode 100644 index c6e763b76c1..00000000000 --- a/danish/security/2007/dsa-1335.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Gimp, GNU Image Manipulation -Program, hvilket kunne føre til udførelse af vilkårlig kode. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2006-4519 - -

    Sean Larsson opdagede flere heltalsoverløbs i behandlingskoden vedrørende - DICOM-, PNM-, PSD-, RAS-, XBM- og XWD-billeder, hvilket kunne føre til - udførelse af vilkårlig kode hvis en bruger blev narret til at åbne en sådan - misdannet mediefil.

    • - -
  • CVE-2007-2949 - -

    Stefan Cornelius opdagede et heltalsoverløb i behandlingskoden vedrørende - PSD-billeder, hvilket kunne føre til udførelse af vilkårlig kode hvis en - bruger blev narret til at åbne en sådan misdannet mediefil.

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 2.2.6-1sarge4. Pakker til mips og mipsel er endnu ikke -tilgængelige.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 2.2.13-1etch4. Pakker til mips er endnu ikke tilgængelige.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.2.17-1.

- -

Vi anbefaler at du opgraderer dine gimp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1335.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1336.wml b/danish/security/2007/dsa-1336.wml deleted file mode 100644 index 9f99962f6ef..00000000000 --- a/danish/security/2007/dsa-1336.wml +++ /dev/null @@ -1,78 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Mozilla Firefox.

- -

Dette er den sidste sikkerhedsopdatering af Mozilla-baserede produkter i -den gamle stabile distribution (sarge) of Debian. Vi anbefaler at opgradere til -den stabile distribution (etch) så hurtigt som muligt.

- -

Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -sårbarheder:

- -
    - -
  • CVE-2007-1282 - -

    Man har opdaget et heltalsoverløb i text/enhanced-meddelelsesfortolkning, - hvilket muliggjorde udførelse af vilkårlig kode.

    • - -
  • CVE-2007-0994 - -

    Man har opdaget at en regression i JavaScript-maskinen muliggjorde - udførelse af JavaScript med forøgede rettigheder.

    • - -
  • CVE-2007-0995 - -

    Man har opdaget at ukorrekt fortolkning af ugyldige HTML-tegn muliggjorde - omgåelse af indholdsfiltre.

    • - -
  • CVE-2007-0996 - -

    Man har opdaget at usikker child frame-håndtering muliggjorde - udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2007-0981 - -

    Man har opdaget at Firefox på usikker vis håndterede URI'er med en - nullbyte i værtsnavnet.

    • - -
  • CVE-2007-0008 - -

    Man har opdaget at et bufferoverløb i NSS-koden muliggjorde udførelse af - vilkårlig kode.

    • - -
  • CVE-2007-0009 - -

    Man har opdaget at et bufferoverløb i NSS-koden muliggjorde udførelse af - vilkårlig kode.

    • - -
  • CVE-2007-0775 - -

    Man har opdaget at flere programmeringsfejl i layout-maskinen muliggjorde - udførelse af vilkårlig kode.

    • - -
  • CVE-2007-0778 - -

    Man har opdaget at sidecachen udregnede hash'er på en usikker - måde.

    • - -
  • CVE-2006-6077 - -

    Man har opdaget at adgangskodehåndteringen tillod afsløring af - adgangskoder.

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 1.0.4-2sarge17. Du bør opgradere til etch så hurtigt som muligt.

- -

Den stabile distribution (etch) er ikke påvirket. Disse sårbarheder blev -rettet for udgivelsen af Debian etch.

- -

Den ustabile distribution (sid) indeholder ikke længere mozilla-firefox. -Iceweasel er allerede rettet.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1336.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1337.wml b/danish/security/2007/dsa-1337.wml deleted file mode 100644 index ef9824b8707..00000000000 --- a/danish/security/2007/dsa-1337.wml +++ /dev/null @@ -1,63 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtime-miljø -til XUL-programmer. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2007-3089 - -

    Ronen Zilberman og Michal Zalewski opdagede at et timing race - gjorde det muligt at indsprøjte indhold i about:blank-frames.

    • - -
  • CVE-2007-3656 - -

    Michal Zalewski opdagede at same-origin-regler for - wyciwyg://-dokumenter blev håndhævet på utilstrækkelig vis.

    • - -
  • CVE-2007-3734 - -

    Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, - Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul - Nickerson og Vladimir Sukhoy opdagede nedbrud i layout-maskinen, hvilket - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2007-3735 - -

    Asaf Romano, Jesse Ruderman og Igor Bukanov opdagede nedbrud i - JavaScript-maskinen, hvilket kunne muliggøre udførelse af vilkårlig - kode.

    • - -
  • CVE-2007-3736 - -

    moz_bug_r_a4 opdagede at funktionerne addEventListener() og - setTimeout() tillod udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2007-3737 - -

    moz_bug_r_a4 opdagede at en programmeringsfejl i event-håndteringen - tillod rettighedsforøgelse.

    • - -
  • CVE-2007-3738 - -

    shutdown og moz_bug_r_a4 opdagede at XPCNativeWrapper tillod - udførelse af vilkårlig kode.

    • - -
- -

Den gamle stabile distribution (sarge) indeholder ikke xulrunner.

- -

I den stabile distribution (etch) er disse problemer rettet i version -1.8.0.13~pre070720-0etch1. En opbygning til mips-arkitekturen er endnu ikke -tilgængelig, den vil senere blive stillet til rådighed.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -1.8.1.5-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1337.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1338.wml b/danish/security/2007/dsa-1338.wml deleted file mode 100644 index 48fac796a29..00000000000 --- a/danish/security/2007/dsa-1338.wml +++ /dev/null @@ -1,65 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webbrowseren Iceweasel, en -version af browseren Firefox. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-3089 - -

    Ronen Zilberman og Michal Zalewski opdagede at et timing race - gjorde det muligt at indsprøjte indhold i about:blank-frames.

    • - -
  • CVE-2007-3656 - -

    Michal Zalewski opdagede at same-origin-regler for - wyciwyg://-dokumenter blev håndhævet på utilstrækkelig vis.

    • - -
  • CVE-2007-3734 - -

    Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, - Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul - Nickerson og Vladimir Sukhoy opdagede nedbrud i layout-maskinen, hvilket - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2007-3735 - -

    Asaf Romano, Jesse Ruderman og Igor Bukanov opdagede nedbrud i - JavaScript-maskinen, hvilket kunne muliggøre udførelse af vilkårlig - kode.

    • - -
  • CVE-2007-3736 - -

    moz_bug_r_a4 opdagede at funktionerne addEventListener() og - setTimeout() tillod udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2007-3737 - -

    moz_bug_r_a4 opdagede at en programmeringsfejl i event-håndteringen - tillod rettighedsforøgelse.

    • - -
  • CVE-2007-3738 - -

    shutdown og moz_bug_r_a4 opdagede at XPCNativeWrapper tillod - udførelse af vilkårlig kode.

    • - -
- -

Mozilla-produkterne i den gamle stabile distribution (sarge) er ikke længere -understøttet med sikkerhedsopdateringer. Du opfordres kraftigt til at opgradere -til den stabile distribution så hurtigt som muligt.

- -

I den stabile distribution (etch) er disse problemer rettet i version -2.0.0.5-0etch1. Opbygninger til alpha og mips er endnu ikke tilgængelige, de -vil senere blive stillet til rådighed.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -2.0.0.5-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1338.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1339.wml b/danish/security/2007/dsa-1339.wml deleted file mode 100644 index f65c5b250e0..00000000000 --- a/danish/security/2007/dsa-1339.wml +++ /dev/null @@ -1,65 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i internetprogrampakken Iceape, -en version af Seamonkey Internet Suite. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-3089 - -

    Ronen Zilberman og Michal Zalewski opdagede at et timing race - gjorde det muligt at indsprøjte indhold i about:blank-frames.

    • - -
  • CVE-2007-3656 - -

    Michal Zalewski opdagede at same-origin-regler for - wyciwyg://-dokumenter blev håndhævet på utilstrækkelig vis.

    • - -
  • CVE-2007-3734 - -

    Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, - Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul - Nickerson og Vladimir Sukhoy opdagede nedbrud i layout-maskinen, hvilket - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2007-3735 - -

    Asaf Romano, Jesse Ruderman og Igor Bukanov opdagede nedbrud i - JavaScript-maskinen, hvilket kunne muliggøre udførelse af vilkårlig - kode.

    • - -
  • CVE-2007-3736 - -

    moz_bug_r_a4 opdagede at funktionerne addEventListener() og - setTimeout() tillod udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2007-3737 - -

    moz_bug_r_a4 opdagede at en programmeringsfejl i event-håndteringen - tillod rettighedsforøgelse.

    • - -
  • CVE-2007-3738 - -

    shutdown og moz_bug_r_a4 opdagede at XPCNativeWrapper tillod - udførelse af vilkårlig kode.

    • - -
- -

Mozilla-produkterne i den gamle stabile distribution (sarge) er ikke længere -understøttet med sikkerhedsopdateringer. Du opfordres kraftigt til at opgradere -til den stabile distribution så hurtigt som muligt.

- -

I den stabile distribution (etch) er disse problemer rettet i version -1.0.10~pre070720-0etch1. En opbygning til mips-arkitekturen er endnu ikke -tilgængelig, den vil senere blive stillet til rådighed.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -1.1.3-1.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1339.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1340.wml b/danish/security/2007/dsa-1340.wml deleted file mode 100644 index e1987c85926..00000000000 --- a/danish/security/2007/dsa-1340.wml +++ /dev/null @@ -1,24 +0,0 @@ -null pointer-dereference - -

En NULL pointer-dereference er opdaget i RAR VM fra Clam Antivirus (ClamAV), -hvilket muliggjorde at brugerassisterede fjernangreb medførende lammelsesangreb -(denial of service) gennem særligt fremstillede RAR-arkiver.

- -

Vi er i øjeblikket ikke i stand til at levere rettede pakker til -MIPS-arkitekturerne. Disse pakker vil blive installeret i sikkerhedsarkivet når -de blive tilgængelige..

- -

Den gamle stabile distribution (sarge) er ikke påvirket af dette problem.

- -

I den stabile distribution (etch) er dette problem rettet i -version 0.90.1-3etch4.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.91-1.

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1340.data" -#use wml::debian::translation-check translation="ed7ce948c00ffb8f264a04d83a8ac9ba58ade168" mindelta="1" diff --git a/danish/security/2007/dsa-1341.wml b/danish/security/2007/dsa-1341.wml deleted file mode 100644 index 3bb13353483..00000000000 --- a/danish/security/2007/dsa-1341.wml +++ /dev/null @@ -1,27 +0,0 @@ -designfejl - -

Denne opdatering leverer rettede pakker til den gamle stabile distribution -(sarge). Til reference er herunder den oprindelige bulletins tekst:

- -
-

Amit Klein opdagede at navneserveren BIND genererede forudsigelige -DNS-opslags-identifikationer, hvilket kunne føre til angreb der forgifter -mellemlageret (cachen).

-
- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 9.2.4-1sarge3. En opdatering til mips, powerpc og hppa er endnu ikke -tilgængelig, de vil snart blive frigivet.

- -

I den stabile distribution (etch) er dette problem rettet i -version 9.3.4-2etch1. En opdatering til mips er endnu ikke tilgængelig, den vil -snart blive frigivet.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine BIND-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1341.data" -#use wml::debian::translation-check translation="7056ebf9e1b8467a8a96ad6f2864975bdbc9415f" mindelta="1" diff --git a/danish/security/2007/dsa-1342.wml b/danish/security/2007/dsa-1342.wml deleted file mode 100644 index 2201f6b8ef0..00000000000 --- a/danish/security/2007/dsa-1342.wml +++ /dev/null @@ -1,22 +0,0 @@ -race-tilstand - -

Man har opdaget at en race-tilstand i skriptet init.d fra X Font -Server tillod ændring af vilkårlige filers rettigheder, hvis den lokale -administrator kunne narres til at genstarte X Font Server.

- -

I den gamle stabile distribution (sarge) findes xfs som en del af den -monolitiske xfree86-pakke. En rettelse vil blive stillet til rådighed sammen -med en fremtidig sikkerhedsopdatering.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.0.1-6.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.4-2.

- -

Vi anbefaler at du opgraderer din xfs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1342.data" -#use wml::debian::translation-check translation="494dbe8f269595f7acb06aeded752a47fa9a9d35" mindelta="1" diff --git a/danish/security/2007/dsa-1343.wml b/danish/security/2007/dsa-1343.wml deleted file mode 100644 index 93e20448d4f..00000000000 --- a/danish/security/2007/dsa-1343.wml +++ /dev/null @@ -1,21 +0,0 @@ -heltalsoverløb - -

Colin Percival opdagede et heltalsoverløb i file, et værktøj til -klassifikering af filtyper, hvilket kunne føre til udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 4.12-1sarge2.

- -

I den stabile distribution (etch) er dette problem rettet i -version 4.17-5etch2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.21-1.

- -

Vi anbefaler at du opgraderer din file-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1343.data" -#use wml::debian::translation-check translation="e819e23b9f78a783edd597a6e955f85bd8fec22d" mindelta="1" diff --git a/danish/security/2007/dsa-1344.wml b/danish/security/2007/dsa-1344.wml deleted file mode 100644 index 10093eb239c..00000000000 --- a/danish/security/2007/dsa-1344.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webbrowseren Iceweasel, en -version af browseren Firefox. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-3844 - -

    moz_bug_r_a4 opdagede at en regression i håndteringen af - about:blank-vinduer anvendt af tilføjelsesprogrammer, kunne føre til - at en angriber kunne ændre websteders indhold.

    • - -
  • CVE-2007-3845 - -

    Jesper Johansson opdagede at manglende fornuftighedskontrol af dobbelte - anførselstegn og mellemrum i URI'er overført til eksterne programmer, kunne - gøre det muligt for en angriber at overføre vilkårlige parametre til - hjælpeprogrammet, hvis brugeren blev narret til at åbne en misdannet - webside.

    • - -
- -

Mozilla-produkterne i den gamel stabile distribution (sarge) er ikke længere -understøttet med sikkerhedsopdateringer.

- -

I den stabile distribution (etch) er disse problemer rettet i version -2.0.0.6-0etch1.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -2.0.0.6-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1344.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1345.wml b/danish/security/2007/dsa-1345.wml deleted file mode 100644 index 82c8b897838..00000000000 --- a/danish/security/2007/dsa-1345.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtime-miljø -til XUL-programmer. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2007-3844 - -

    moz_bug_r_a4 opdagede at en regression i håndteringen af - about:blank-vinduer anvendt af tilføjelsesprogrammer, kunne føre til - at en angriber kunne ændre websteders indhold.

    • - -
  • CVE-2007-3845 - -

    Jesper Johansson opdagede at manglende fornuftighedskontrol af dobbelte - anførselstegn og mellemrum i URI'er overført til eksterne programmer, kunne - gøre det muligt for en angriber at overføre vilkårlige parametre til - hjælpeprogrammet, hvis brugeren blev narret til at åbne en misdannet - webside.

    • - -
- -

Den gamle stabile distribution (sarge) indeholder ikke xulrunner.

- -

I den stabile distribution (etch) er disse problemer rettet i version -1.8.0.13~pre070720-0etch3.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -1.8.1.6-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1345.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1346.wml b/danish/security/2007/dsa-1346.wml deleted file mode 100644 index dc30b0742ae..00000000000 --- a/danish/security/2007/dsa-1346.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i internetprogrampakken Iceape, -en version af Seamonkey Internet Suite. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-3844 - -

    moz_bug_r_a4 opdagede at en regression i håndteringen af - about:blank-vinduer anvendt af tilføjelsesprogrammer, kunne føre til - at en angriber kunne ændre websteders indhold.

    • - -
  • CVE-2007-3845 - -

    Jesper Johansson opdagede at manglende fornuftighedskontrol af dobbelte - anførselstegn og mellemrum i URI'er overført til eksterne programmer, kunne - gøre det muligt for en angriber at overføre vilkårlige parametre til - hjælpeprogrammet, hvis brugeren blev narret til at åbne en misdannet - webside.

    • - -
- -

Mozilla-produkterne i den gamel stabile distribution (sarge) er ikke længere -understøttet med sikkerhedsopdateringer.

- -

I den stabile distribution (etch) er disse problemer rettet i version -1.0.10~pre070720-0etch3.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -1.1.3-2.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1346.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1347.wml b/danish/security/2007/dsa-1347.wml deleted file mode 100644 index 94cd948caac..00000000000 --- a/danish/security/2007/dsa-1347.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

Man har opdaget et heltalsoverløb PDF-fremviseren i xpdf, hvilket kunne føre -til udførelse af vilkårlig kode, hvis en misdannet PDF-fil blev åbnet.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 3.00-13.7.

- -

I den stabile distribution (etch) er dette problem rettet i -version 3.01-9etch1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xpdf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1347.data" -#use wml::debian::translation-check translation="2eb50e1c895eab18a4e951b1fb3aba3883c28383" mindelta="1" diff --git a/danish/security/2007/dsa-1348.wml b/danish/security/2007/dsa-1348.wml deleted file mode 100644 index 81778a9f459..00000000000 --- a/danish/security/2007/dsa-1348.wml +++ /dev/null @@ -1,21 +0,0 @@ -heltalsoverløb - -

Man har opdaget et heltalsoverløb PDF-fremviseren xpdf PDF, hvilket kunne -føre til udførelse af vilkårlig kode, hvis en misdannet PDF-fil blev åbnet.

- -

poppler indeholder en kopi af xpdf-koden, og kræver derfor også en -opdatering.

- -

Den gamle stabile distribution (sarge) indeholder ikke poppler.

- -

I den stabile distribution (etch) er dette problem rettet i -version 0.4.5-5.1etch1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine poppler-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1348.data" -#use wml::debian::translation-check translation="edc8d777918d8ea33b6d3076dbe346764eb41785" mindelta="1" diff --git a/danish/security/2007/dsa-1349.wml b/danish/security/2007/dsa-1349.wml deleted file mode 100644 index 1a13c4882ab..00000000000 --- a/danish/security/2007/dsa-1349.wml +++ /dev/null @@ -1,21 +0,0 @@ -heltalsoverløb - -

Man har opdaget et heltalsoverløb i PDF-fremviseren xpdf, hvilket kan føre -til udførelse af vilkårlig kode, hvis en misdannet PDF-fil blev åbnet.

- -

libextractor indeholder en kopi af xpdf-koden, og kræver derfor også en -opdatering.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 0.4.2-2sarge6.

- -

Den stabile distribution (etch) er ikke påvirket af dette problem.

- -

Den ustabile distribution (sid) er ikke påvirket af dette problem.

- -

Vi anbefaler at du opgraderer dine libextractor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1349.data" -#use wml::debian::translation-check translation="4459965dc35b0aecd2a148cb0ce00815fe4bd67d" mindelta="1" diff --git a/danish/security/2007/dsa-1350.wml b/danish/security/2007/dsa-1350.wml deleted file mode 100644 index a32a7fe829d..00000000000 --- a/danish/security/2007/dsa-1350.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

Man har opdaget et heltalsoverløb i PDF-fremviseren xpdf, hvilket kunne føre -til udførelse af vilkårlig kode, hvis en misdannet PDF-fil blev åbnet.

- -

tetex-bin indeholder en kopi af xpdf-koden, og kræver derfor også en -opdatering.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 2.0.2-30sarge5.

- -

Pakken i den stabile distribution (etch) linker dynamisk mod libpoppler og -behøver ikke en separat opdatering.

- -

Pakken i den ustabile distribution (sid) linker dynamisk mod libpoppler og -behøver ikke en separat opdatering.

- -

Vi anbefaler at du opgraderer dine tetex-bin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1350.data" -#use wml::debian::translation-check translation="b057a342dcd9b5f6ff795bf0efd616b59057a76c" mindelta="1" diff --git a/danish/security/2007/dsa-1351.wml b/danish/security/2007/dsa-1351.wml deleted file mode 100644 index 1adfacd7470..00000000000 --- a/danish/security/2007/dsa-1351.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Tavis Ormandy opdagede at bochs, en meget portérbar IA-32-pc-emulator, var -sårbar over for et bufferoverløb i den emulerede NE2000-netværksenhedsdriver, -hvilket kunne føre til rettighedsforøgelse.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 2.1.1+20041109-3sarge1.

- -

I den stabile distribution (etch) er dette problem rettet i -version 2.3-2etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.3+20070705-1.

- -

Vi anbefaler at du opgraderer dine bochs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1351.data" -#use wml::debian::translation-check translation="5ceeec7e8e3cd6d1372f1f3e8e660c94c2d1a4fe" mindelta="1" diff --git a/danish/security/2007/dsa-1352.wml b/danish/security/2007/dsa-1352.wml deleted file mode 100644 index c7da202f07c..00000000000 --- a/danish/security/2007/dsa-1352.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

Man har opdaget et heltalsoverløb i PDF-fremviseren xpdf, hvilket kunne føre -til udførelse af vilkårlig kode, hvis en misdannet PDF-fil blev åbnet.

- -

pdfkit.framework indeholder en kopi af xpdf-koden, og kræver derfor også en -opdatering.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 0.8-2sarge4.

- -

Pakken i den stabile distribution (etch) linker dynamisk mod libpoppler og -behøver ikke en separat opdatering.

- -

Pakken i den ustabile distribution (sid) linker dynamisk mod libpoppler og -behøver ikke en separat opdatering.

- -

Vi anbefaler at du opgraderer dine pdfkit.framework-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1352.data" -#use wml::debian::translation-check translation="0e426cd1682a539fde41b2219ace150b1c9105f9" mindelta="1" diff --git a/danish/security/2007/dsa-1353.wml b/danish/security/2007/dsa-1353.wml deleted file mode 100644 index 27acb404d0f..00000000000 --- a/danish/security/2007/dsa-1353.wml +++ /dev/null @@ -1,21 +0,0 @@ -heltalsoverløb - -

Man har opdaget at et heltalsoverløb BGP-dissektoren i tcpdump, et ydedygtigt -værktøj til netværksovervågning og dataindsamling, kunne føre til udførelse af -vilkårlig kode.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 3.8.3-5sarge3.

- -

I den stabile distribution (etch) er dette problem rettet i -version 3.9.5-2etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.9.5-3.

- -

Vi anbefaler at du opgraderer din tcpdump-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1353.data" -#use wml::debian::translation-check translation="ab4b527cad111c20809c42061ddbee14e9d51b1e" mindelta="1" diff --git a/danish/security/2007/dsa-1354.wml b/danish/security/2007/dsa-1354.wml deleted file mode 100644 index f70cb0b7283..00000000000 --- a/danish/security/2007/dsa-1354.wml +++ /dev/null @@ -1,21 +0,0 @@ -heltalsoverløb - -

Man har opdaget et heltalsoverløb i PDF-fremviseren xpdf, hvilket kunne føre -til udførelse af vilkårlig kode, hvis en misdannet PDF-fil blev åbnet.

- -

gpdf indeholder en kopi af xpdf-koden, og kræver derfor også en -opdatering.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 2.8.2-1.2sarge6.

- -

Den stabile distribution (etch) indeholder ikke længere gpdf.

- -

Den ustabile distribution (sid) indeholder ikke længere gpdf.

- -

Vi anbefaler at du opgraderer dine gpdf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1354.data" -#use wml::debian::translation-check translation="f61512baf2076badb24da29b5100b1d7e7206284" mindelta="1" diff --git a/danish/security/2007/dsa-1355.wml b/danish/security/2007/dsa-1355.wml deleted file mode 100644 index 97fa17ca1a8..00000000000 --- a/danish/security/2007/dsa-1355.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

Man har opdaget et heltalsoverløb i PDF-fremviseren xpdf, hvilket kunne føre -til udførelse af vilkårlig kode, hvis en misdannet PDF-fil blev åbnet.

- -

kpdf indeholder en kopi af xpdf-koden, og kræver derfor også en -opdatering.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 3.3.2-2sarge5.

- -

I den stabile distribution (etch) er dette problem rettet i -version 3.5.5-3etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.5.7-3.

- -

Vi anbefaler at du opgraderer dine kpdf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1355.data" -#use wml::debian::translation-check translation="8f5479868dd54dbeff78f96b07a66afb10eb7174" mindelta="1" diff --git a/danish/security/2007/dsa-1356.wml b/danish/security/2007/dsa-1356.wml deleted file mode 100644 index 6f205e139ea..00000000000 --- a/danish/security/2007/dsa-1356.wml +++ /dev/null @@ -1,96 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen, hvilket -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2007-1353 - -

    Ilja van Sprundel opdagede at kernehukommelse kunne lækkes gennem - Bluetooth-setsockopt-kaldet på grund af en uinitialiseret stakbuffer. Dette - kunne anvendes af lokale angribere til at læse indholdet af følsom - kernehukommelse.

    • - -
  • CVE-2007-2172 - -

    Thomas Graf rapporterede om en slåfejl i DECnet-protokolhåndteringen, der - kunne anvendes af en lokal angriber til at få et array til at løbe over - gennem særligt fremstillede pakker, potentielt medførende et lammelsesangreb - (systemnedbrud). Et lignende problem findes i IPv4-protokolhåndteringen, og - vil blive rettet i en efterfølgende opdatering.

    • - -
  • CVE-2007-2453 - -

    Et par problemer med generering af tilfældige tal blev opdaget. Lidt - mindre tilfældige tal, var resultatet af hashing af en delmængde af den - tilgængelige entropi. Systemer med nul-entropi blev seedet med de samme - inddata ved start, medførende en gentaget serie af tilfældige tal.

    • - -
  • CVE-2007-2525 - -

    Florian Zumbiehl opdagede en hukommelseslækage i PPPOE-undersystemet, - forårsaget af frigivelse af en socket før blev PPPIOCGCHAN blev kaldt på den. - Dette kunne anvendes af en lokal bruger til et lammelsesangribe et system, - ved at forbruge al dets tilgængelige hukommelse.

    • - -
  • CVE-2007-2876 - -

    Vilmos Nebehaj opdagede en null-pointer-dereferencetilstand i - undersystemet netfilter. Dette gjorde det muligt for fjernsystemer, der - kommunikerer ved hjælp af SCTP-protokollen, at få systemet til at gå ned - ved at oprette en forbindelse med en ukendt chunk-type.

    • - -
  • CVE-2007-3513 - -

    Oliver Neukum rapporterede om et problem i usblcd-enheden, hvilket ved - ikke at begrænse størrelsen på skrivebufferne, gjorde det muligt for lokale - brugere med skriveadgang, at udløse et lammelsesangreb ved at forbruge al - tilgængelig hukommelse.

    • - -
  • CVE-2007-3642 - -

    Zhongling Wen rapporterede om et problem i nf_conntrack_h323, hvor - fraværet af rangekontrol kunne føre til null-pointer-dereferencer. - Fjernangribere kunne udnytte dette til at etablere en - lammelsesangrebstilstand (systemnedbrud).

    • - -
  • CVE-2007-3848 - -

    Wojciech Purczynski opdagede at pdeath_signal ikke blev nulstillet - korrekt i visse situationer, hvilket kunne gøre det muligt for lokale - brugere at opnå rettigheder, ved at sende vilkårlige signaler til - binære suid-filer.

    • - -
  • CVE-2007-3851 - -

    Dave Airlie rapporterede at i Intel 965 og senere chipset, er - batchbuffer-sikkerhedsbittene blevet flyttet. Lokale X-serverbrugere - kunne udnytte dette til at skrive brugerdata til vilkårlige fysiske - hukommelseadresser.

    • - -
- -

Disse problemer er rettet i den stabile distribution i version -2.6.18.dfsg.1-13etch1.

- -

Følgende matriks viser yderligere pakker, der af kompatibilitetshensyn med -denne opdatering, eller for at kunne benytte sig af den, er blevet -genopbygget:

- -
- - - -
  Debian 4.0 (etch)
fai-kernels 1.17+etch4
user-mode-linux 2.6.18-1um-2etch3
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1356.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1357.wml b/danish/security/2007/dsa-1357.wml deleted file mode 100644 index 8a84bffba96..00000000000 --- a/danish/security/2007/dsa-1357.wml +++ /dev/null @@ -1,22 +0,0 @@ -heltalsoverløb - -

Man har opdaget et heltalsoverløb i PDF-fremviseren xpdf, hvilket kunne føre -til udførelse af vilkårlig kode, hvis en misdannet PDF-fil blev åbnet.

- -

koffice indeholder en kopi af xpdf-koden, og kræver derfor også en -opdatering.

- -

Den gamle stabile distribution (sarge) vil senere blive rettet.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.6.1-2etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.6.3-2.

- -

Vi anbefaler at du opgraderer dine koffice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1357.data" -#use wml::debian::translation-check translation="8f5479868dd54dbeff78f96b07a66afb10eb7174" mindelta="1" diff --git a/danish/security/2007/dsa-1358.wml b/danish/security/2007/dsa-1358.wml deleted file mode 100644 index daa589d7201..00000000000 --- a/danish/security/2007/dsa-1358.wml +++ /dev/null @@ -1,66 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Asterisk, en fri software-PBX -og -telefoniværktøj. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2007-1306 - -

    Mu Security opdagede at en NULL-pointerdereference i - SIP-implementeringen kunne føre til lammelsesangreb (denial of - service).

    • - -
  • CVE-2007-1561 - -

    Inria Lorraine opdagede at en programmeringsfejl i - SIP-implementeringen kunne føre til lammelsesangreb.

    • - -
  • CVE-2007-2294 - -

    Man har opdaget at en NULL-pointerdereference i håndteringsfladen kunne - føre til lammelsesangreb.

    • - -
  • CVE-2007-2297 - -

    Man har opdaget at en programmeringsfejl i - SIP-implementeringen kunne føre til lammelsesangreb.

    • - -
  • CVE-2007-2488 - -

    Tim Panton og Birgit Arkestein opdagede at en programmeringsfejl i - IAX2-implementeringen kunne føre til informationslækage.

    • - -
  • CVE-2007-3762 - -

    Russell Bryant opdagede at et bufferoverløb i - IAX-implementeringen kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2007-3763 - -

    Chris Clark og Zane Lackey opdagede at flere NULL-pointerdereferencer i - IAX2-implementeringen kunne føre til lammelsesangreb.

    • - -
  • CVE-2007-3764 - -

    Will Drewry opdagede at en programmeringsfejl i Skinny-implementeringen - kunne føre til lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 1.0.7.dfsg.1-2sarge5.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 1:1.2.13~dfsg-2etch1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1:1.4.11~dfsg-1.

- -

Vi anbefaler at du opgraderer dine Asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1358.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1359.wml b/danish/security/2007/dsa-1359.wml deleted file mode 100644 index 6707a30db36..00000000000 --- a/danish/security/2007/dsa-1359.wml +++ /dev/null @@ -1,20 +0,0 @@ -mappegennemløb - -

Man har opdaget at dovecot, en sikker mailserver der understøtter mbox- og -maildir-mailbokse, når opsat til at anvende ikke-systembruger-spools og -komprimerede mapper, kunne gøre det muligt at gennemløbe mapper i -mailboks-navne.

- -

I den gamle stabile distribution (sarge), findes dette problem ikke.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.0.rc15-2etch1.

- -

I den ustabile distribution (sid) vil problemet snart bllive rettet.

- -

Vi anbefaler at du opgraderer din dovecot-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1359.data" -#use wml::debian::translation-check translation="86023722087b6d506e34789164b33de2a96bb29c" mindelta="1" diff --git a/danish/security/2007/dsa-1360.wml b/danish/security/2007/dsa-1360.wml deleted file mode 100644 index cdc65a108de..00000000000 --- a/danish/security/2007/dsa-1360.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Sebastian Krahmer opdagede at rsync, et hurtigt fjernfilkopieringsprogram, -indeholdt en forskudt med en-fejl, hvilket måske kunne gøre det muligt for -fjernangribere at udføre vilkårlig kode gennem lange mappenavne.

- -

I den gamle stabile distribution (sarge), findes dette problem ikke.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.6.9-2etch1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din rsync-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1360.data" -#use wml::debian::translation-check translation="fec1183778cccae16b163161b8ea9671f00c751f" mindelta="1" diff --git a/danish/security/2007/dsa-1361.wml b/danish/security/2007/dsa-1361.wml deleted file mode 100644 index f81b161305f..00000000000 --- a/danish/security/2007/dsa-1361.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Man har opdaget at postfix-policyd, en anti-spam-plugin til postfix, ikke -udførte grænsekontroller på korrekt vis på indkommende SMTP-kommandoer, hvilket -potentielt kunne gøre det muligt at fjernudnytte vilkårlig kode.

- -

I den gamle stabile distribution (sarge), findes denne pakke ikke.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.80-2.1etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.80-2.2.

- -

Vi anbefaler at du opgraderer din postfix-policyd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1361.data" -#use wml::debian::translation-check translation="35eb26e6b57d768a73f287b7f3bf3be2efc5828b" mindelta="1" diff --git a/danish/security/2007/dsa-1362.wml b/danish/security/2007/dsa-1362.wml deleted file mode 100644 index 53dca86fb2e..00000000000 --- a/danish/security/2007/dsa-1362.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i lighttpd, en hurtig webserver med minimalt -hukommelsesforbrug, hvilket kunne gøre det muligt at udføre vilkårlig kode -ved overløb af CGI-variable når mod_fcgi var aktiveret. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-3946 - -

    Anvendelse af mod_auth kunne føre til et lammelsesangreb (denial of - service), som fik webserveren til at gå ned.

    • - -
  • CVE-2007-3947 - -

    Ukorrekt håndtering af gentagne HTTP-headere kunne forårsage et - lammelsesangreb, som fik webserveren til at gå ned.

    • - -
  • CVE-2007-3949 - -

    En fejl i mod_access gjorde det potentielt muligt for fjernbrugere at - omgå adgangsbegrænsninger gennem afsluttende skråstreger - (/).

    • - -
  • CVE-2007-3950 - -

    På 32-bit-platforme, kunne brugerne måske iværksætte lammelsesangreb, - der fik webserveren til at gå ned, gennem mod_webdav, mod_fastcgi eller - mod_scgi.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -1.4.13-4etch4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.4.16-1.

- -

Vi anbefaler at du opgraderer din lighttpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1362.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1363.wml b/danish/security/2007/dsa-1363.wml deleted file mode 100644 index 9a97fa65711..00000000000 --- a/danish/security/2007/dsa-1363.wml +++ /dev/null @@ -1,68 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen, hvilket -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2007-2172 - -

    Thomas Graf rapporterede om en slåfejl i DECnet-protokolhåndteringen, der - kunne anvendes af en lokal angriber til at få et array til at løbe over - gennem særligt fremstillede pakker, potentielt medførende et lammelsesangreb - (systemnedbrud). DECnet-modstykket til dette problem blev allerede rettet i - DSA 1356.

    • - -
  • CVE-2007-2875 - -

    iDefense rapporterede om et potentielt heltalsunderløb i - cpuset-filsystemet, hvilket kunne gøre det muligt for lokale angribere at - opnå adgang til følsom kernehukommelse. Denne sårbarhed er kun udnytbar - hvis cpuset-filsystemet er mountet.

    • - -
  • CVE-2007-3105 - -

    PaX Team opdagede et potentielt bufferoverløb i tilfældigt - tal-generatoren, hvilket kunne gøre det muligt for lokale brugere at - forårsage lammelsesangreb eller opnå yderligere rettigheder. Problemet - menes ikke at påvirke standardinstalleringer af Debian, hvor kun root har - tilstrækkelige rettigheder til at udnytte det.

    • - -
  • CVE-2007-3843 - -

    En programmeringsdejl i CIFS-undersystemet gjorde det muligt at anvende - unsignerede meddelelser, også selv om klienten har opsat til systemet til at - kræve signering ved at opsætte mountindstillingen sec=ntlmv2i. Dette kunne - gøre det muligt for fjernangribere at forfalske CIFS-netværkstrafik.

    • - -
  • CVE-2007-4308 - -

    Alan Cox rapporterede om et problem i aacraid-driveren, der tillod - upriviligerede lokale brugere at foretage ioctl-kald, hvilket bør være - begrænset til administratorrettigheder.

    • - -
- -

Disse problemer er rettet i den stabile distribution i version -2.6.18.dfsg.1-13etch2.

- -

Følgende matriks viser yderligere pakker, der af kompatibilitetshensyn med -denne opdatering, eller for at kunne benytte sig af den, er blevet -genopbygget:

- -
- - - -
  Debian 4.0 (etch)
fai-kernels 1.17+etch5
user-mode-linux 2.6.18-1um-2etch4
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1363.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1364.wml b/danish/security/2007/dsa-1364.wml deleted file mode 100644 index b91be439d22..00000000000 --- a/danish/security/2007/dsa-1364.wml +++ /dev/null @@ -1,44 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i editoren vim. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-2953 - -

    Ulf Härnhammar opdagede at en formatstrengssårbarhed i helptags_one() fra - src/ex_cmds.c (udløst gennem kommandoen helptags) kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2007-2438 - -

    Editorerer indeholder ofte en måde at indlejre editoropsætningskommandoer - (alias modelines), som udføres når en fil åbnes. Skadelige kommandoer - bortfiltreres af en sandkassemekanisme. Man har opdaget at funktionskald - til writefile(), feedkeys() og system() ikke blev filtreret, hvilket tillod - udførelse af shell-kommandoer med en omhyggeligt fremstillet fil, åbnet i - vim.

    • - -
- -

Med denne opdaterede bulletin løses problemer med manglender filer i pakkerne -til den gamle stabile distribution (sarge) til arkitekturerne alpha, mips, og -mipsel.

- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 6.3-071+1sarge2. Sarge er ikke påvirket af -CVE-2007-2438.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 7.0-122+1etch3.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 7.1-056+1.

- -

Vi anbefaler at du opgraderer dine vim-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1364.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1365.wml b/danish/security/2007/dsa-1365.wml deleted file mode 100644 index 6f93d9f882d..00000000000 --- a/danish/security/2007/dsa-1365.wml +++ /dev/null @@ -1,22 +0,0 @@ -programmeringsfejl - -

Nikolaus Schulz opdagede at en programmeringsfejl i id3lib, ID3 -Tag-biblioteket, kunne føre til symlink-baserede lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 3.8.3-4.1sarge1.

- -

På grund af tekniske begrænsninger i arkivhåndteringsskripterne, kan -rettelsen til den stabile distribution (etch) først frigives om nogle få -dage.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 3.8.3-7.

- -

Vi anbefaler at du opgraderer dine id3lib3.8.3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1365.data" -#use wml::debian::translation-check translation="ae98925d23775aebbaa99b852f3a694ccfd2385b" mindelta="1" diff --git a/danish/security/2007/dsa-1366.wml b/danish/security/2007/dsa-1366.wml deleted file mode 100644 index cd684afc494..00000000000 --- a/danish/security/2007/dsa-1366.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i antivirusværktøjet Clam. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-4510 - -

    Man har opdaget at RTF- og RFC2397-fortolkerne kunne narres til at - dereferencere en NULL-pointer, medførende lammelsesangreb (debian of - service).

    • - -
  • CVE-2007-4560 - -

    Man har opdaget at clamav-milter udførte utilstrækkelig kontrol af - inddata, medførende udførelse af vilkårlige shell-kommandoer.

    • - -
- -

Den gamle stabile distribution (sarge) er kun påvirket af en del af disse -problemer. En opdatering vil senere blive stillet til rådighed.

- -

I den stabile distribution (etch) er disse problemer rettet -i version 0.90.1-3etch7.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.91.2-1.

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1366.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1367.wml b/danish/security/2007/dsa-1367.wml deleted file mode 100644 index 01c076dd668..00000000000 --- a/danish/security/2007/dsa-1367.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Man har opdaget at et bufferoverløb i RPC-biblioteket i MIT's -referenceimplementering af Kerberos muliggjorde udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (sarge) er ikke påvirket af dette problem.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.4.4-7etch3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.6.dfsg.1-7.

- -

Vi anbefaler at du opgraderer dine Kerberos-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1367.data" -#use wml::debian::translation-check translation="129fe3d5bc5004593dba52ee65769f12b6346be1" mindelta="1" diff --git a/danish/security/2007/dsa-1368.wml b/danish/security/2007/dsa-1368.wml deleted file mode 100644 index 543b010de80..00000000000 --- a/danish/security/2007/dsa-1368.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Man har opdaget at et bufferoverløb i biblioteket til sikker -RPC-kommunikation gennem protokollen rpcsec_gss protocol tillod udførelse af -vilkårlig kode.

- -

Den gamle stabile distribution (sarge) indeholder ikke librpcsecgss.

- -

I den stabile distribution (etch) er dette problem rettet i -version 0.14-2etch1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine librpcsecgss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1368.data" -#use wml::debian::translation-check translation="ce16f0bfec0ecc66450bb49ade53d67e360be545" mindelta="1" diff --git a/danish/security/2007/dsa-1369.wml b/danish/security/2007/dsa-1369.wml deleted file mode 100644 index 7b4bdfcbfc0..00000000000 --- a/danish/security/2007/dsa-1369.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

Sumit I. Siddharth opdagede at Gforge, et værktøj til udvikling i fællesskab, -udførte utilstrækkelig kontrol af inddata, hvilket tillod SQL-indsprøjtning.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 3.1-31sarge2.

- -

I den stabile distribution (etch) er dette problem rettet i -version 4.5.14-22etch1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din gforge-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1369.data" -#use wml::debian::translation-check translation="ce16f0bfec0ecc66450bb49ade53d67e360be545" mindelta="1" diff --git a/danish/security/2007/dsa-1370.wml b/danish/security/2007/dsa-1370.wml deleted file mode 100644 index 7c12e0c8764..00000000000 --- a/danish/security/2007/dsa-1370.wml +++ /dev/null @@ -1,73 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i phpMyAdmin, et program til -webadministrering af MySQL. Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-1325 - -

    Funktionen PMA_ArrayWalkRecursive i libraries/common.lib.php begrænsede - ikke rekursion på array leveret af brugere, hvilket gjorde det muligt for - kontekstafhængige angribere at forårsage lammelsesangreb (denial of service, - webservernedbrud) gennem et array med mange dimensioner.

    - -

    Dette problem påvirker kun den stabile distribution (etch).

    • - -
  • CVE-2007-1395 - -

    Ufuldstændig sortlistesårbarhed i index.php gjorde det muligt for - fjernangribere at iværksætte angreb i forbindelse med udførelse af skripter - på tværs af websteder (XSS) ved at indsprøjte vilkårligt JavaScript eller - HTML i en (1) db- eller (2) table-parameterværdi efterfulgt af et - </SCRIPT>-sluttag skrevet med store bogstaver, hvilket omgik beskyttelsen - mod tagget skrevet med små bogstaver, </script>.

    - -

    Dette problem påvirker kun den stabile distribution (etch).

    • - -
  • CVE-2007-2245 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (XSS) gjorde det muligt for fjernangribere at indsprøjte - vilkårligt webskript eller HTML gennem (1) fieldkey-parameteret i - browse_foreigners.php eller (2) visse former for inddata til funktionen - PMA_sanitize.

    • - -
  • CVE-2006-6942 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (XSS) gjorde det muligt for fjernangribere at indsprøjte - vilkårligt HTML eller webskript gennem (1) en kommentar til et tabelnavn, - som udnyttet gennem (a) db_operations.php, (2) db-parameteret i (b) - db_create.php, (3) newname-parameteret i db_operations.php, parametrene (4) - query_history_latest, (5) query_history_latest_db og (6) querydisplay_tab i - (c) querywindow.php, og (7) pos-parameteret i (d) sql.php.

    - -

    Dette problem påvirker kun den gamle stabile distribution (sarge).

    • - -
  • CVE-2006-6944 - -

    phpMyAdmin gjorde det muligt for fjernangribere at omgå - Allow/Deny-adgangsregler, som anvender IP-adresser, gennem falske - headere.

    - -

    Dette problem påvirker kun den gamle stabile distribution (sarge).

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 2.6.2-3sarge5.

- -

I den stabile distribution (etch) er disse problemer rettet i -version 2.9.1.1-4.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.10.1-1.

- -

Vi anbefaler at du opgraderer dine phpmyadmin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1370.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1371.wml b/danish/security/2007/dsa-1371.wml deleted file mode 100644 index 077e5344de4..00000000000 --- a/danish/security/2007/dsa-1371.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i phpWiki, en wikimaskine skrevet i PHP. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-2024 - -

    Man har opdaget at phpWiki udførte utilstrækkelig kontrol af filnavne, - hvilket muliggjorde ukontrolleret oplægning af filer.

    • - -
  • CVE-2007-2025 - -

    Man har opdaget at phpWiki udførte utilstrækkelig kontrol af filnavne, - hvilket muliggjorde ukontrolleret oplægning af filer.

    • - -
  • CVE-2007-3193 - -

    Hvis opsætningen mangler et PASSWORD_LENGTH_MINIMUM, som er forskelligt - fra nul, kunne phpWiki måske gøre det muligt for fjernangribere at omgå - autentificering gennem en tom adgangskode, hvilket fik ldap_bind til at - returnere true med visse LDAP-implementeringer.

    • - -
- -

Den gamle stabile distribution (sarge) indeholder ikke phpwiki-pakker.

- -

I den stabile distribution (etch) er disse problemer rettet i -version 1.3.12p3-5etch1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.3.12p3-6.1.

- -

Vi anbefaler at du opgraderer din phpwiki-pakke.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1371.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1372.wml b/danish/security/2007/dsa-1372.wml deleted file mode 100644 index 130540d5628..00000000000 --- a/danish/security/2007/dsa-1372.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Aaron Plattner opdagede et bufferoverløb i Composite-udvidelsen til -X.org-X-serveren, hvilket kunne føre til lokal rettighedsforøgelse.

- -

Den gamle stabile distribution (sarge) er ikke påvirket af dette problem.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.1.1-21etch1.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1372.data" -#use wml::debian::translation-check translation="827685bf968df2cb238f017f61c2b3d6f56a237a" mindelta="1" diff --git a/danish/security/2007/dsa-1373.wml b/danish/security/2007/dsa-1373.wml deleted file mode 100644 index 8a8532e5d2a..00000000000 --- a/danish/security/2007/dsa-1373.wml +++ /dev/null @@ -1,20 +0,0 @@ -mappegennemløb - -

Man har opdaget at ktorrent, en BitTorrent-klient til KDE, var sårbar over -for en mappegennemløbsfejl, hvilket potentielt gjorde det muligt for -fjernbrugere at overskrive vilkårlige filer.

- -

I den gamle stabile distribution (sarge), findes denne pakke ikke.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.0.3+dfsg1-2.2etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.2.1.dfsg.1-1.

- -

Vi anbefaler at du opgraderer din ktorrent-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1373.data" -#use wml::debian::translation-check translation="27622737a8a282d885c1f80106740d5f79c4850f" mindelta="1" diff --git a/danish/security/2007/dsa-1374.wml b/danish/security/2007/dsa-1374.wml deleted file mode 100644 index 0c39406f0ca..00000000000 --- a/danish/security/2007/dsa-1374.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i jffnms, et webbaseret Network Management -System til IP-netværk. Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-3189 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (cross-site scripting, XSS) i auth.php, gjorde det muligt for - fjernangribere at indsprøjte vilkårligt webskript eller HTML gennem - user-parameteret.

    -
    • - -
  • CVE-2007-3190 - -

    Flere SQL-indsprøjtningssårbarheder i auth.php, gjorde det muligt for - fjernangribere at udføre vilkårlige SQL-kommandoer gennem user- og - pass-parametrene.

    -
    • - -
  • CVE-2007-3192 - -

    Direkte forespørgsler på URL'er gjorde det muligt for fjernangribere at - tilgå opsætningsoplysninger og dermed omgå logonbegrænsninger.

    -
    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -0.8.3dfsg.1-2.1etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.8.3dfsg.1-4.

- -

Vi anbefaler at du opgraderer din jffnms-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1374.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1375.wml b/danish/security/2007/dsa-1375.wml deleted file mode 100644 index 26d4b86fa86..00000000000 --- a/danish/security/2007/dsa-1375.wml +++ /dev/null @@ -1,27 +0,0 @@ -bufferoverløb - -

En heapoverløbssårbarhed er opdaget i TIFF-fortolkningskoden i -OpenOffice.org-programpakken. Fortolkeren anvendte ubetroede værdier fra -TIFF-filen til at beregne antallet af hukommelsesbytes, der skulle allokeres. -Et særligt fremstillet TIFF-billede kunne udløse et heltalsoverløb og -efterfølgende et bufferoverløb, som kunne forårsage udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 1.1.3-9sarge8.

- -

I den stabile distribution (etch) er dette problem rettet i -version 2.0.4.dfsg.2-7etch2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.2.1-9.

- -

I den eksperimentelle distribution er dette problem rettet i -version 2.3.0~src680m224-1.

- -

Vi anbefaler at du opgraderer dine openoffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1375.data" -#use wml::debian::translation-check translation="518e1687d88ebf751929193137975143f7703a0a" mindelta="1" diff --git a/danish/security/2007/dsa-1376.wml b/danish/security/2007/dsa-1376.wml deleted file mode 100644 index fe5ef834624..00000000000 --- a/danish/security/2007/dsa-1376.wml +++ /dev/null @@ -1,18 +0,0 @@ -programmeringsfejl - - -

iKees Huijgen opdagede at under visse omstændigheder i KDM, en -X-sessionmanager til KDE, kunne narres til at tillade brugerlogin -uden en adgangskode.

- -

I den gamle stabile distribution (sarge) findes problemet ikke.

- -

I den stabile distribution (etch), er dette problem rettet i version -4:3.5.5a.dfsg.1-6etch1.

- -

Vi anbefaler at du opgraderer din kdebase-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1376.data" -#use wml::debian::translation-check translation="321db8a4661fc838c58e19a9302664213cd71622" mindelta="1" diff --git a/danish/security/2007/dsa-1377.wml b/danish/security/2007/dsa-1377.wml deleted file mode 100644 index 02af167eb0c..00000000000 --- a/danish/security/2007/dsa-1377.wml +++ /dev/null @@ -1,19 +0,0 @@ -nullpointer-dereference - -

Matthias Andree opdagede at fetchmail, en SSL-understøttende -posthenter/postvideresender til POP3, APOP og IMAP, under visse omstændigheder -kunne forsøge at dereference en NULL-pointer og herefter gå ned.

- -

I den gamle stabile distribution (sarge) findes dette problem ikke.

- -

I den stabile distribution (etch), er dette problem rettet i -version 6.3.6-1etch1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din fetchmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1377.data" -#use wml::debian::translation-check translation="2e1eccb3e64de4535296990af4b55c50c46d7e49" mindelta="1" diff --git a/danish/security/2007/dsa-1378.wml b/danish/security/2007/dsa-1378.wml deleted file mode 100644 index 83ea7a93878..00000000000 --- a/danish/security/2007/dsa-1378.wml +++ /dev/null @@ -1,68 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen, hvilket -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2007-3731 - -

    Evan Teran opdagede et potentielt lokalt lammelsesangreb (oops) i - håndteringen af forespørgslerne PTRACE_SETREGS og PTRACE_SINGLESTEP.

    • - -
  • CVE-2007-3739 - -

    Adam Litke rapporterede om et potentielt lokalt lammelsesangreb (oops) på - powerpc-platforme, som følge af ukontrolleret VMA-udvidelse ind i - adresserum reserveret til hugetlb-sider.

    • - -
  • CVE-2007-3740 - -

    Matt Keenan rapportede at CIFS-filsystemer med CAP_UNIX slået til, ikke - tog hensyn til en proces' umask, hvilket kunne føre til utilsigtet lempede - rettigheder.

    • - -
  • CVE-2007-4573 - -

    Wojciech Purczynski opdagede en sårbarhed, der kunne udnyttes af en lokal - bruger til at opnå superbrugerrettigheder på x86_64-systemer. Dette var en - følge af ukorrekt fjernelse af registres høje bits under emulering af - ia32-systemkald. Sårbarheden er relevant for Debian amd64-tilpasningen - såvel som for brugere af i386-tilpasningen, der anvender et - amd64-Linuxaftryk.

    • - -
  • CVE-2007-4849 - -

    Michael Stone rapporterede om et problem med JFFS2-filsystemet. - Legacy-tilstande for inoder, som var oprettet med aktiveret POSIX - ACL-understøttelse, blev ikke skrevet ud til mediet, medførende ukorrekte - rettigheder ved næste mount.

    • - -
- -

Disse problemer er rettet i den stabile distribution i version -2.6.18.dfsg.1-13etch3.

- -

Dette bulletin er opdateret til at indeholde en opbygning til -arm-arkitekturen, som ikke var tilgængelig da DSA-1378-1 blev udsendt.

- -

Følgende matriks viser yderligere pakker, der af kompatibilitetshensyn med -denne opdatering, eller for at kunne benytte sig af den, er blevet -genopbygget:

- -
- - - -
  Debian 4.0 (etch)
fai-kerner 1.17+etch.13etch3
user-mode-linux 2.6.18-1um-2etch.13etch3
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1378.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1379.wml b/danish/security/2007/dsa-1379.wml deleted file mode 100644 index adf6e65bddd..00000000000 --- a/danish/security/2007/dsa-1379.wml +++ /dev/null @@ -1,25 +0,0 @@ -forskudt med én-fejl/bufferoverløb - -

En forskudt med én-fejl er fundet i rutinen SSL_get_shared_ciphers() i -libssl-biblioteket fra OpenSSL, en implementation af de kryptografiske -biblioteker og værktøjer Secure Socket Layer. Fejlen kunne gøre det muligt for -en angriber at få et program til at gå ned, hvis dette anvender OpenSSLs -libssl-bibliotek, eller potentielt udføre vilkårlig kode i under en brugers -sikkerhedskontekst, hvis denne kørte sådan et program.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i version -0.9.7e-3sarge5.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.9.8c-4etch1.

- -

I den distributionerne unstable og testing (hhv. sid og lenny), er dette -problem rettet i version 0.9.8e-9.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1379.data" -#use wml::debian::translation-check translation="e2a03c7855dcb77d72da8ab71c0188ca0db80f87" mindelta="1" diff --git a/danish/security/2007/dsa-1380.wml b/danish/security/2007/dsa-1380.wml deleted file mode 100644 index 07d2ebc5a7f..00000000000 --- a/danish/security/2007/dsa-1380.wml +++ /dev/null @@ -1,19 +0,0 @@ -programmeringsfejl - -

Kalle Olavi Niemitalo opdagede at elinks, en avanceret webbrowser til -teksttilstand, sendte HTTP POST-oplysninger i klartekst når der blev anvendt en -HTTPS-proxyserver, hvilket potentielt kunne gøre det muligt af afsløre private -oplysninger.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.11.1-1.2etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.11.1-1.5.

- -

Vi anbefaler at du opgraderer din elinks-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1380.data" -#use wml::debian::translation-check translation="f6bbc3208f775ca92a109cb5f4965f2805e417ed" mindelta="1" diff --git a/danish/security/2007/dsa-1381.wml b/danish/security/2007/dsa-1381.wml deleted file mode 100644 index 59d88f98672..00000000000 --- a/danish/security/2007/dsa-1381.wml +++ /dev/null @@ -1,79 +0,0 @@ -flere sårbarheder - -

Flere lokaludnytbare sårbarheder er opdaget i Linux-kernen, hvilket kunne -føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2006-5755 - -

    NT-bitten kunne måske lækkes til den næste task, hvilket kunne - gøre det muligt for lokale angribere at forårsage et lammelsesangreb (crash) - på systemer der anvender amd64-udgaven af kernen. Den stabile distribution - (etch) mentes på udgivelsestidspunktet ikke at være sårbar over for dette - problem, men til gengæld opdagede Bastian Blank at problemet også gælder - xen-amd64- og xen-vserver-amd64-udgaverne af kernen, og dette løses med - denne DSA.

    • - -
  • CVE-2007-4133 - -

    Hugh Dickins opdagede et potentielt lokalt lammelsesangreb (panik) i - hugetlbfs. En fejlkonvertering af hugetlb_vmtruncate_list til prio_tree - kunne gøre det muligt for lokale brugere at udløse et BUG_ON()-kald i - exit_mmap.

    • - -
  • CVE-2007-4573 - -

    Wojciech Purczynski opdagede en sårbarhed, som kunne udnyttes af en lokal - bruger til at opnå superbrugerrettigheder på x86_64-systemer. Dette - skyldtes ukorrekt nulstilling af high-bits i registre under emulering af - ia32-systemkald. Sårbarheden er relevant i Debians amd64-tilpasning så vel - som for brugere af i386-tilpasningen, som anvender amd64-udgaven af - Linux-kernen.

    - -

    DSA-1378 løste problemet i amd64-udgaver af kernen, men Tim Wickberg og - Ralf Hemmenstädt rapporterede om et tilbageværende problem med - kerneudgaverne xen-amd64 og xen-vserver-amd64, og det løses med denne - DSA.

    • - -
  • CVE-2007-5093 - -

    Alex Smith opdagede et problem med pwc-driveren til visse - webkamera-enheder. Hvis enheden blev fjernet samtidig med at et program i - brugerrummet holdt enheden åben, ventede driveren på at brugerrummet - lukkede for enheden, medførende et blokeret USB-undersystem. Problemet har - en lav sikkerhedsrisiko, da det kræver at angriberen enten har fysisk adgang - til systemet eller kan overbevise brugere med lokal adgang, om at fjerne - enheden.

    • - -
- -

Disse problemer er rettet i den stabile distribution i version -2.6.18.dfsg.1-13etch4.

- -

Dette er en opdatering til DSA-1381-1, som kun indeholdt binære filer til -amd64 til linux 2.6. Opbygninger til andre arkitekturer er nu tilgængelige, -foruden genopbygninger af tilknyttede pakker, som anvender den indeholdte -linux-kildekode.

- -

Følgende matriks viser yderligere pakker, der af kompatibilitetshensyn med -denne opdatering, eller for at kunne benytte sig af den, er blevet -genopbygget:

- -
- - - - -
  Debian 4.0 (etch)
fai-kerner 1.17+etch.13etch4
kernel-patch-openvz 028.18.1etch5
user-mode-linux 2.6.18-1um-2etch.13etch4
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1381.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1382.wml b/danish/security/2007/dsa-1382.wml deleted file mode 100644 index bf9f060431e..00000000000 --- a/danish/security/2007/dsa-1382.wml +++ /dev/null @@ -1,21 +0,0 @@ -null-pointer-dereference - -

Man har opdaget at BGP-peers kunne udløse en NULL-pointer-dereference i -BGP-dæmonen, hvis debuglogning var slået til, medførende at BGP-dæmonen gik -ned.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 0.98.3-7.5.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.99.5-5etch3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.99.9-1.

- -

Vi anbefaler at du opgraderer dine quagga-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1382.data" -#use wml::debian::translation-check translation="85d1b2bc8b5e52570c76c4441afedccc2d2aad3e" mindelta="1" diff --git a/danish/security/2007/dsa-1383.wml b/danish/security/2007/dsa-1383.wml deleted file mode 100644 index 0e54df0b5ba..00000000000 --- a/danish/security/2007/dsa-1383.wml +++ /dev/null @@ -1,22 +0,0 @@ -udførelse af skripter på tværs af servere - -

Man har opdaget en sårbarhed i forbindelse med udførelse af skripter på tværs -af servere i GForge, en samarbejdsudviklerværktøj, hvilket gjorde det muligt for -fjernangribere at indsprøjte vilkårligt webskript eller HTML i konteksten -hørende til en indlogget brugeres session.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 3.1-31sarge3.

- -

I den stabile distribution (etch) er dette problem rettet i -version 4.5.14-22etch2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.6.99+svn6094-1.

- -

Vi anbefaler at du opgraderer din gforge-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1383.data" -#use wml::debian::translation-check translation="59b9038b2b03fdbfbddf613ee9416bbe52a9cd8c" mindelta="1" diff --git a/danish/security/2007/dsa-1384.wml b/danish/security/2007/dsa-1384.wml deleted file mode 100644 index 98c3abd38c1..00000000000 --- a/danish/security/2007/dsa-1384.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

Flere lokale sårbarheder er opdaget i Xen-hypervisor-pakkerne, hvilket kunne -føre til udførelse af vilkårlig kode. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-4993 - -

    Ved anvendelse af særligt fremstillede opsætningsfiler til grub, kunne en - domU-bruger måske udføre vilkårlig kode på dmo9, når pygrub blev - anvendt.

    • - -
  • CVE-2007-1320 - -

    Flere heap-baserede bufferoverløb i Cirrus VGA-udvidelsen leveret af QEMU, - kunne gøre det muligt for lokale brugere at udføre vilkårlig kode gennem - bitblt-heap-overløb.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -3.0.3-0-3.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din xen-utils-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1384.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1385.wml b/danish/security/2007/dsa-1385.wml deleted file mode 100644 index 6455a64f5c6..00000000000 --- a/danish/security/2007/dsa-1385.wml +++ /dev/null @@ -1,21 +0,0 @@ -flere sårbarheder - -

Sean Larsson opdagede at to kodestier i X Font Server håndterede -heltalsværdier usikkert, hvilket kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 4.3.0.dfsg.1-14sarge5 af xfree86. Pakker til m68k er endnu ikke -tilgængelige. De vil senere blive stillet til rådighed.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.0.1-7.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.5-1.

- -

Vi anbefaler at du opgraderer dine xfs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1385.data" -#use wml::debian::translation-check translation="15d51c7329dec3ea673f02ff79ee55c2fbe2024b" mindelta="1" diff --git a/danish/security/2007/dsa-1386.wml b/danish/security/2007/dsa-1386.wml deleted file mode 100644 index 33bb3a93a91..00000000000 --- a/danish/security/2007/dsa-1386.wml +++ /dev/null @@ -1,26 +0,0 @@ -programmeringsfejl - -

Et problem er opdaget i behandlingen af chat-meddelelser. Meget lange -meddelelser afkortes af serveren til en bestemt længde, uden at tage hensyn til -multibyte-tegn. Dette førte til ugyldige UTF-8-tegn på klienter og kunne -forårsage exceptions, som ikke blev fanget. Bemærk at både wesnoth og -wesnoth-server er påvirkede af problemet.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 0.9.0-6 og i version 1.2.7-1~bpo31+1 i sarge-backports.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.2-2 og i version 1.2.7-1~bpo40+1 i etch-backports.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.7-1.

- -

Pakker til den gamle stabile mips-arkitektur vil senere blive føjet til -arkivet.

- -

Vi anbefaler at du opgraderer dine wesnoth-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1386.data" -#use wml::debian::translation-check translation="a11c05a84d9eebddea5722623f40d3be4dd610d6" mindelta="1" diff --git a/danish/security/2007/dsa-1387.wml b/danish/security/2007/dsa-1387.wml deleted file mode 100644 index 065d18c6cf9..00000000000 --- a/danish/security/2007/dsa-1387.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

Man har opdaget at den oprindelige rettelse til et bufferoverløb i -svc_auth_gss.c i RPC-biblioteket RPCSEC_GSS i MIT Kerberos 5 -(\ -CVE-2007-3999, DSA-1368-1) var utilstrækkelig beskyttelse mod udførelse -af vilkårlig kode i nogle miljøer.

- -

Den gamle stabile distribution (sarge) indeholder ikke en -librpcsecgss-pakke.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.14-2etch3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.14-4.

- -

Vi anbefaler at du opgraderer din librpcsecgss-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1387.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1388.wml b/danish/security/2007/dsa-1388.wml deleted file mode 100644 index aa445086d1e..00000000000 --- a/danish/security/2007/dsa-1388.wml +++ /dev/null @@ -1,31 +0,0 @@ -bufferoverløb - -

Rettelsen anvendt til at løse bufferoverløbet i DHCP-serveren i DSA-1388-1 -var ikke komplet og løste ikke på tilstrækkelig vis problemet. Med denne -opdatering til den tidligere bulletin, gøres opdatede pakker tilgængelige, -baseret på en nyere version af rettelsen.

- -

For fuldstændighedens skyld er herunder den oprindelige bulletins tekst:

- -

Man har opdaget at dhcp, en DHCP-server til automatisk tildeling af -IP-adresser, ikke på korrekt vis allokerede plads til netværkssvar. Dette -kunne potentielt gøre det muligt for ondsindede DHCP-klienter at udføre -vilkårlig kode på DHCP-serveren.

- -#

I den gamle stabile distribution (sarge), er dette problem rettet i -#version 2.0pl5-19.1sarge3.

- -

I den stabile distribution (etch), er dette problem rettet i -version 2.0pl5-19.5etch2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Opdateringer til den gamle stabile version (i sarge) er på vej.

- -

Vi anbefaler at du opgraderer din dhcp-pakke.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1388.data" -#use wml::debian::translation-check translation="a17db4488db04b96d1ea4c04982f6cde6872a09a" mindelta="1" diff --git a/danish/security/2007/dsa-1389.wml b/danish/security/2007/dsa-1389.wml deleted file mode 100644 index bf5814b4d9e..00000000000 --- a/danish/security/2007/dsa-1389.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at zoph, et webbaseret system til håndtering af fotografier, -udførte utilstrækkelig kontrol af inddata, hvilket muliggjorde indsprøjtning af -SQL.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 0.3.3-12sarge3.

- -

I den stabile distribution (etch) er dette problem rettet i -version 0.6-2.1etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.7.0.2-1.

- -

Vi anbefaler at du opgraderer din zoph-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1389.data" -#use wml::debian::translation-check translation="413cc97de086a03a54fc095d6bfa45552f0d570e" mindelta="1" diff --git a/danish/security/2007/dsa-1390.wml b/danish/security/2007/dsa-1390.wml deleted file mode 100644 index fa49df1243e..00000000000 --- a/danish/security/2007/dsa-1390.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Hamid Ebadi opdagede et bufferoverløb i rutinen intT1_Env_GetCompletePath i -t1lib, et Type 1-skrifttyperasterinseringsbibliotek. Denne fejl kunne gøre det -muligt for en angriber at få et program til at gå ned, hvis det anvender de -delte t1lib-biblioteker, og potentielt udføre vilkårlig kode inden for et sådant -programs sikkerhedskontekst.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 5.0.2-3sarge1.

- -

I den stabile distribution (etch), er dette problem rettet i -version 5.1.0-2etch1.

- -

Vi anbefaler at du opgraderer din t1lib-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1390.data" -#use wml::debian::translation-check translation="31fe057ffb2e546b12d42749a83aa9eb2d31c91a" mindelta="1" diff --git a/danish/security/2007/dsa-1391.wml b/danish/security/2007/dsa-1391.wml deleted file mode 100644 index e2c1e10f8a6..00000000000 --- a/danish/security/2007/dsa-1391.wml +++ /dev/null @@ -1,65 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er op daget i mailklienten Icedove, en -udgave af Thunderbird-klienten. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-3734 - -

    Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, - Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul - Nickerson og Vladimir Sukhoy opdagede nedbrud i layout-maskinen, hvilket - måske kunne gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2007-3735 - -

    Asaf Romano, Jesse Ruderman og Igor Bukanov opdagede nedbrud i - JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre vilkårlig - kode.

    • - -
  • CVE-2007-3844 - -

    moz_bug_r_a4 opdagede at en regression i håndteringen af - about:blank-vinduer anvendt af addon-programmer kunne medføre at en - angriber fik mulighed for at ændre indholdet af websteder.

    • - -
  • CVE-2007-3845 - -

    Jesper Johansson opdagede at manglende kontrol af dobbelte anførselstegn - og mellemrum i URL'er overført til eksterne programmer, kunne gøre det - muligt for en angriber at overføre vilkårlige parametre til - hjælpeprogrammet, hvis brugeren blev narret til at åbne en misdannet - webside.

    - -
  • CVE-2007-5339 - -

    L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli - Pettay, Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz og Martijn Wargers - opdagede nedbrud i layout-maskinen, hvilket kunne gøre det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2007-5340 - -

    Igor Bukanov, Eli Friedman og Jesse Ruderman opdagede nedbrud i - JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre vilkårlig - kode. Generelt anbefales det ikke at aktivere JavaScript i Icedove.

    • - -
- -

Mozilla-produkterne i den gamle stabile distribution (sarge) er ikke længere -understøttet med sikkerhedsopdateringer.

- -

I den stabile distribution (etch) er disse problemer rettet i version -1.5.0.13+1.5.0.14b.dfsg1-0etch1. Opbygninger til hppa vil senere blive stillet -til rådighed.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1391.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1392.wml b/danish/security/2007/dsa-1392.wml deleted file mode 100644 index 5a1521b5cf5..00000000000 --- a/danish/security/2007/dsa-1392.wml +++ /dev/null @@ -1,72 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtime-miljø til -XUL-programmer. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende problemer:

- -
    - -
  • CVE-2007-1095 - -

    Michal Zalewski opdagede at håndteringsrutinen til unload-events havde - adgang til adressen på den næste side, der skal indlæses, hvilket kunne - muliggøre informationsafsløring eller spoofing.

    • - -
  • CVE-2007-2292 - -

    Stefano Di Paola opdagede at utilstrækkelig kontrol af brugernavne - anvendt i Digest-autentificering på et webstid muliggjorde - HTTP-svaropsplitningsangreb.

    • - -
  • CVE-2007-3511 - -

    Man har opdaget at usikker fokushåndtering i filoplægningskontrollen - kunne føre til informationsafsløring. Dette er en variant af - CVE-2006-2894.

    • - -
  • CVE-2007-5334 - -

    Eli Friedman opdagede at websider skrivet i Xul-markup kunne skjule - vinduers titellinje, hvilket kunne føre til spoofing-angreb.

    • - -
  • CVE-2007-5337 - -

    Georgi Guninski opdagede at usikker håndtering af smb://- og - sftp://-URI'er kunne føre til informationsafsløring. Denne sårbarhed er kun - udnytbar hvis understøttelse af Gnome-VFS er til stede på systemet.

    • - -
  • CVE-2007-5338 - -

    moz_bug_r_a4 opdagede at beskyttelsesmetoden der stilles til rådighed - af XPCNativeWrappers kunne omgås, hvilket kunne muliggøre - rettighedsforøgelse.

    - -
  • CVE-2007-5339 - -

    L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli - Pettay, Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz og Martijn Wargers - opdagede nedbrud i layout-maskinen, hvilket kunne gøre det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2007-5340 - -

    Igor Bukanov, Eli Friedman og Jesse Ruderman opdagede nedbrud i - JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre vilkårlig - kode. Generelt anbefales det ikke at aktivere JavaScript i Icedove.

    • - -
- -

Den gamle stabile distribution (sarge) indeholder ikke xulrunner.

- -

I den stabile distribution (etch) er disse problemer rettet i version -1.8.0.14~pre071019b-0etch1. Opbygninger til hppa og mipsel vil senere blive -stillet til rådighed.

- -

I den ustabile distribution (sid) vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1392.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1393.wml b/danish/security/2007/dsa-1393.wml deleted file mode 100644 index 7f41da68d8c..00000000000 --- a/danish/security/2007/dsa-1393.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikker udførelse - -

Man har opdaget at xfce-terminal, en terminalemulater til xfce-miljøet, ikke -på korrekt vis indkapslede parametre overført til processer startet gennem Open -Link. Dette gjorde det muligt for ondsindede links at udføre vilkårlige -kommandoer på det lokale system.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.2.5.6rc1-2etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.2.6-3.

- -

Vi anbefaler at du opgraderer din xfce4-terminal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1393.data" -#use wml::debian::translation-check translation="950a71b48aab827d9a7af3d3a2b0369e696fe573" mindelta="1" diff --git a/danish/security/2007/dsa-1394.wml b/danish/security/2007/dsa-1394.wml deleted file mode 100644 index 1b8e1e7b00d..00000000000 --- a/danish/security/2007/dsa-1394.wml +++ /dev/null @@ -1,22 +0,0 @@ -authentication bypass - -

Man har opdaget at reprepro, et værktøj til fremstilling af arkiver med -Debian-pakker, kun kontrollerede for gyldighed af kendte signaturer ved -opdatering fra et fjernt sted, og dermed ikke afviste pakker med udelukkende -ukendte signaturer. Dette gjorde det muligt for en angriber at omgå -autentificeringsmekanismen..

- -

Den gamle stabile distribution (sarge) er ikke påvirket af dette problem.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.3.1+1-1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.2.4-1.

- -

Vi anbefaler at du opgraderer din reprepro-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1394.data" -#use wml::debian::translation-check translation="a06f7133cae5f65b6dd3ee639521950ad2b31c6d" mindelta="1" diff --git a/danish/security/2007/dsa-1395.wml b/danish/security/2007/dsa-1395.wml deleted file mode 100644 index a0f227c7933..00000000000 --- a/danish/security/2007/dsa-1395.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikre midlertidige filer - -

Steve Kemp fra Debian Security Audit-projektet opdagede at xen-utils, en -samling af administrative værktøjer til XEN, anvendte midlertidige filer på en -usikker måde i xenmon-værktøjet, hvilket gjorde det muligt for lokale brugere at -trunkere vilkårlige filer.

- -

I den gamle stabile distribution (sarge) findes denne pakke ikke.

- -

I den stabile distribution (etch) er dette problem rettet i version -3.0.3-0-4.

- -

I den ustabile distribution (sid) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din xen-3.0-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1395.data" -#use wml::debian::translation-check translation="1a67a7185ac77e7dfa2fb3b46cea3ee6a7feb9b6" mindelta="1" diff --git a/danish/security/2007/dsa-1396.wml b/danish/security/2007/dsa-1396.wml deleted file mode 100644 index f02c985ed5a..00000000000 --- a/danish/security/2007/dsa-1396.wml +++ /dev/null @@ -1,75 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webbrowseren Iceweasel, en -udgave af browseren Firefox. Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-1095 - -

    Michal Zalewski opdagede at håndteringsrutinen til unload-events havde - adgang til adressen på den næste side, der skal indlæses, hvilket kunne - muliggøre informationsafsløring eller spoofing.

    • - -
  • CVE-2007-2292 - -

    Stefano Di Paola opdagede at utilstrækkelig kontrol af brugernavne - anvendt i Digest-autentificering på et webstid muliggjorde - HTTP-svaropsplitningsangreb.

    • - -
  • CVE-2007-3511 - -

    Man har opdaget at usikker fokushåndtering i filoplægningskontrollen - kunne føre til informationsafsløring. Dette er en variant af - CVE-2006-2894.

    • - -
  • CVE-2007-5334 - -

    Eli Friedman opdagede at websider skrivet i Xul-markup kunne skjule - vinduers titellinje, hvilket kunne føre til spoofing-angreb.

    • - -
  • CVE-2007-5337 - -

    Georgi Guninski opdagede at usikker håndtering af smb://- og - sftp://-URI'er kunne føre til informationsafsløring. Denne sårbarhed er kun - udnytbar hvis understøttelse af Gnome-VFS er til stede på systemet.

    • - -
  • CVE-2007-5338 - -

    moz_bug_r_a4 opdagede at beskyttelsesmetoden der stilles til rådighed - af XPCNativeWrappers kunne omgås, hvilket kunne muliggøre - rettighedsforøgelse.

    - -
  • CVE-2007-5339 - -

    L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli - Pettay, Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz og Martijn Wargers - opdagede nedbrud i layout-maskinen, hvilket kunne gøre det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2007-5340 - -

    Igor Bukanov, Eli Friedman og Jesse Ruderman opdagede nedbrud i - JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre vilkårlig - kode. Generelt anbefales det ikke at aktivere JavaScript i Icedove.

    • - -
- -

Mozilla-produkterne i den gamle stabile distribution (sarge) er ikke længere -understøttet med sikkerhedsopdateringer.

- -

I den stabile distribution (etch) er disse problemer rettet i version -2.0.0.6+2.0.0.8-0etch1. Opbygninger til arm og sparc vil senere blive stillet -til rådighed.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -2.0.0.8-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1396.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1397.wml b/danish/security/2007/dsa-1397.wml deleted file mode 100644 index c18aa55c13b..00000000000 --- a/danish/security/2007/dsa-1397.wml +++ /dev/null @@ -1,20 +0,0 @@ -heltalsoverløb - -

Et heltalsoverløb i implementeringen af datatypen BigInteger er opdaget i det -frit tilgængelige .NET-runtimemiljø Mono.

- -

Den gamle stabile distribution (sarge) indeholder ikke mono.

- -

I den stabile distribution (etch) er dette problem rettet i version -1.2.2.1-1etch1. En opbygning til powerpc vil senere blive gjort -tilgængelig.

- -

Den ustabile distribution (sid) vil snart blive rettet.

- -

Vi anbefaler at du opgraderer dine mono-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1397.data" -#use wml::debian::translation-check translation="b9ff311d08c8b6d5bc38d97c27c09c219bb5a16f" mindelta="1" diff --git a/danish/security/2007/dsa-1398.wml b/danish/security/2007/dsa-1398.wml deleted file mode 100644 index 839812195b3..00000000000 --- a/danish/security/2007/dsa-1398.wml +++ /dev/null @@ -1,29 +0,0 @@ -formatstrengsfejl - - -

-Bernhard Mueller fra SEC Consult har opdaget en formatstrengssårbarhed i -perdition, en IMAP-proxy. Denne sårbarhed kunne gøre det muligt for -uautentificerede fjernbrugere at køre vilkårlig kode på perdition-serveren -ved at lave et særligt formateret IMAP-tag. -

- -

-I den gamle stabile distribution (sarge), er dette problem rettet i -version 1.15-5sarge1. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 1.17-7etch1. -

- -

-Vi anbefaler at du opgraderer din perdition-pakke. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1398.data" -#use wml::debian::translation-check translation="d9fdc7911d30dec8a421580b7df64ba3c920f6a1" mindelta="1" diff --git a/danish/security/2007/dsa-1399.wml b/danish/security/2007/dsa-1399.wml deleted file mode 100644 index 0eccd08021f..00000000000 --- a/danish/security/2007/dsa-1399.wml +++ /dev/null @@ -1,104 +0,0 @@ -flere sårbarheder - - -

-Tavis Ormandy fra Google Security Team har opdaget flere sikkerhedsproblemer i -PCRE, Perl-Compatible Regular Expression-biblioteket, hvilket potentielt kunne -gøre det muligt for angribere at udføre vilkårlig kode ved at compile særligt -fremstillede regulære udtryk. -

- -

-Version 7.0 af PCRE-biblioteket indeholdt en større omskrivning af regulære -udtryk-compileren, og det blev vurderet upraktisk at tilbageføre -sikkerhedsrettelserne fra version 7.3 til versionerne i Debians stabile og -gamle stable distributioner (6.7 hhv. 4.5). Derfor er denne opdatering baseret -på version 7.4 (der indeholder sikkerhedsfejlrettelser fra version 7.3, samt -flere rettede regressioner), med særlige rettelser til at forbedre -kompatibiliteten med de ældre versioner. Man skal derfor være særlig omhyggelig -når denne opdatering lægges på. -

- -

-Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer: -

- -
    - -
  • CVE-2007-1659 - -

    - Ikke-matchede \Q\E-sekvenser med forældreløse \E-koder kunne medføre at - compilet regex blev afsynkroniseret, med ødelagt bytecode til følge, hvilket - kunne give flere udnytbare situationer. -

    • - -
  • CVE-2007-1660 - -

    - Flere former for tegn-klasser havde fejlberegnede størrelser i de indledende - gennemløb, medførende at for lidt hukommelse blev allokeret. -

    • - -
  • CVE-2007-1661 - -

    - Flere møstre på formen \X?\d eller \P{L}?\d i ikke-UTF-8-tilstand kunne - springe tilbage til før begyndelsen af strengen, muligvis lækkende - oplysninger fra adresserummet, eller forårsagende et nedbrud ved at læse - uden for grænserne. -

    • - -
  • CVE-2007-1662 - -

    - En antal rutiner kunne narres til at læse ud over slutningen af en streng, - ved søgning efter ikke-matchede parenteser eller klammer, medførende et - lammelsesangreb (denial of service). -

    • - -
  • CVE-2007-4766 - -

    - Flere heltalsoverløb i behandlingen af escape-sekvenser kunne medføre - heap-overløb eller læsning/skrivning uden for grænserne. -

    • - -
  • CVE-2007-4767 - -

    - Flere uendelige løkker og heap-overløb blev opdaget i hånteringen af - sekvenser med \P og \P{x}, hvor længden af disse ikke-standard handlinger - blev håndteret ukorrekt. -

    • - -
  • CVE-2007-4768 - -

    - Tegn-klasser indeholdende en enlig unicode-sekevens blev optimeret på - forkert vis, medførende heap-overløb. -

    • - -
- -

-I den gamle stabile distribution (sarge), er disse problemer rettet i -version 4.5+7.4-1. -

- -

-I den stabile distribution (etch), er disse problemer rettet i -version 6.7+7.4-2. -

- -

-I den ustabile distribution (sid), er disse problemer rettet i -version 7.3-1. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1399.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1400.wml b/danish/security/2007/dsa-1400.wml deleted file mode 100644 index e9c90ee271b..00000000000 --- a/danish/security/2007/dsa-1400.wml +++ /dev/null @@ -1,36 +0,0 @@ -heap-overløb - -

-Will Drewry og Tavis Ormandy fra Google Security Team har opdaget et -UTF-8-relateret heap-overløb i Perls compiler til regulære udtryk, hvilket -formentlig gjorde det muligt for angribere at udføre vilkårlig kode ved at -compile særligt fremstillede regulære udtryk. -

- -

-I den gamle stabile distribution (sarge), er dette problem rettet i -version 5.8.4-8sarge6. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 5.8.8-7etch1. -

- -

-I den ustabile distribution (sid), vil dette problem snart blive rettet. -

- -

-Nogle arkitekturer mangler fra denne DSA; disse opdateringer vil blive udgivet -når de er klar. -

- -

-Vi anbefaler at du opgraderer din perl-pakke. -

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1400.data" -#use wml::debian::translation-check translation="36dee7659b989535569ed73a4144da403ff220fd" mindelta="1" diff --git a/danish/security/2007/dsa-1401.wml b/danish/security/2007/dsa-1401.wml deleted file mode 100644 index 9ad3828db50..00000000000 --- a/danish/security/2007/dsa-1401.wml +++ /dev/null @@ -1,82 +0,0 @@ -flere sårbarheder - -

-Flere fjernudnytbare sårbarheder er opdaget i internetprogrampakken Iceape, en -udgave af Seamonkey Internet Suite. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer: -

- -
    - -
  • CVE-2007-1095 - -

    Michal Zalewski opdagede at håndteringsrutinen til unload-events havde - adgang til adressen på den næste side, der skal indlæses, hvilket kunne - muliggøre informationsafsløring eller spoofing.

    • - -
  • CVE-2007-2292 - -

    Stefano Di Paola opdagede at utilstrækkelig kontrol af brugernavne - anvendt i Digest-autentificering på et webstid muliggjorde - HTTP-svaropsplitningsangreb.

    • - -
  • CVE-2007-3511 - -

    Man har opdaget at usikker fokushåndtering i filoplægningskontrollen - kunne føre til informationsafsløring. Dette er en variant af - CVE-2006-2894.

    • - -
  • CVE-2007-5334 - -

    Eli Friedman opdagede at websider skrivet i Xul-markup kunne skjule - vinduers titellinje, hvilket kunne føre til spoofing-angreb.

    • - -
  • CVE-2007-5337 - -

    Georgi Guninski opdagede at usikker håndtering af smb://- og - sftp://-URI'er kunne føre til informationsafsløring. Denne sårbarhed er kun - udnytbar hvis understøttelse af Gnome-VFS er til stede på systemet.

    • - -
  • CVE-2007-5338 - -

    moz_bug_r_a4 opdagede at beskyttelsesmetoden der stilles til rådighed - af XPCNativeWrappers kunne omgås, hvilket kunne muliggøre - rettighedsforøgelse.

    - -
  • CVE-2007-5339 - -

    L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli - Pettay, Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz og Martijn Wargers - opdagede nedbrud i layout-maskinen, hvilket kunne gøre det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2007-5340 - -

    Igor Bukanov, Eli Friedman og Jesse Ruderman opdagede nedbrud i - JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre vilkårlig - kode. Generelt anbefales det ikke at aktivere JavaScript i Icedove.

    • - -
- -

Mozilla-produkterne i den gamle stabile distribution (sarge) er ikke længere -understøttet med sikkerhedsopdateringer.

- -

-I den stabile distribution (etch) er disse problemer rettet i version -1.0.11~pre071022-0etch1. -

- -

-I den ustabile distribution (sid) er disse problemer rettet i version -1.1.5-1. -

- -

-Vi anbefaler at du opgraderer dine iceape-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1401.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1402.wml b/danish/security/2007/dsa-1402.wml deleted file mode 100644 index e2e243d76b7..00000000000 --- a/danish/security/2007/dsa-1402.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikre midlertidige filer - -

Steve Kemp fra Debian Security Audit-projektet opdagede at gforge, et -samarbejdsudviklingsværktøj, anvendte midlertidige filer på en usikker måde, -hvilket kunne gøre det muligt for lokale brugere at trunkere filer på systemet, -med rettighederne hørende til gforge-brugeren, eller iværksætte lammelsesangreb -(denial of service).

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 3.1-31sarge4.

- -

I den stabile distribution (etch), er dette problem rettet i version -4.5.14-22etch3.

- -

Vi anbefaler at du opgraderer din gforge-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1402.data" -#use wml::debian::translation-check translation="a9b7cbccb082033adce896b7f8a49cb15a497f4d" mindelta="1" diff --git a/danish/security/2007/dsa-1403.wml b/danish/security/2007/dsa-1403.wml deleted file mode 100644 index e9bb2887533..00000000000 --- a/danish/security/2007/dsa-1403.wml +++ /dev/null @@ -1,37 +0,0 @@ -manglende kontrol af inddata - -

Omer Singer fra DigiTrust Group opdagede flere sårbarheder i phpMyAdmin, et -program til administrering af MySQL over WWW. Projektet Common Vulnerabilities -and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-5589 - -

    phpMyAdmin gjorde det muligt for en fjernangriber at sprøjte vilkårligt - webskript eller HTML ind i konteksten hørende til en indlogget brugers - session (skripting på tværs af servere, cross site scripting).

    • - -
  • CVE-2007-5386 - -

    Når phpMyAdmin tilgås af en browser, der ikke URL-indkaplser - forespørgsler, gjorde det muligt for fjernangribere at indsprøjte vilkårligt - webskript eller HTML gennem query-strengen.

    • - -
- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 4:2.6.2-3sarge6.

- -

I den stabile distribution (etch) er dette problem rettet i -version 4:2.9.1.1-6.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4:2.11.1.2-1.

- -

Vi anbefaler at du opgraderer din phpmyadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1403.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1404.wml b/danish/security/2007/dsa-1404.wml deleted file mode 100644 index dd476c6e951..00000000000 --- a/danish/security/2007/dsa-1404.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Nicklous Roberts opdagede at modulet Reupload i Gallery 2, et webbaseret -program til håndtering af billeder, gjorde det muligt for uautoriserede brugere -at redigere Gallerys datafil.

- -

Den gamle stabile distribution (sarge) indeholder ikke pakken gallery2. -Den tidligere gallery-pakke er ikke påvirket af denne sårbarhed.

- -

I den stabile distribution (etch) er dette problem rettet i -version 2.1.2-2.0.etch.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.2.3-1.

- -

Vi anbefaler at du opgraderer din gallery2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1404.data" -#use wml::debian::translation-check translation="da0b40fd12ebf6ec47384e175c1fdb48c45c7c85" mindelta="1" diff --git a/danish/security/2007/dsa-1405.wml b/danish/security/2007/dsa-1405.wml deleted file mode 100644 index faf939562d9..00000000000 --- a/danish/security/2007/dsa-1405.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at Plone, et webindholdshåndteringssystem, gjorde det muligt -for fjernangribere at udføre vilkålig kode gennem særligt fremstillede -webbrowser-cookies.

- -

Den gamle stabile distribution (sarge) er ikke påvirket af dette problem.

- -

I den stabile distribution (etch) er dette problem rettet i -version 2.5.1-4etch3.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.5.2-3.

- -

Vi anbefaler at du opgraderer din zope-cmfplone-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1405.data" -#use wml::debian::translation-check translation="ba1af559ab76ed30d57ae9df84178b9bd6b81f09" mindelta="1" diff --git a/danish/security/2007/dsa-1406.wml b/danish/security/2007/dsa-1406.wml deleted file mode 100644 index 5b53336544b..00000000000 --- a/danish/security/2007/dsa-1406.wml +++ /dev/null @@ -1,102 +0,0 @@ -flere sårbarheder - -

-Flere fjernudnytbare sårbarheder er opdaget webapplikationsframeworket Horde. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer: -

- -
    - -
  • CVE-2006-3548 - -

    - Moritz Naumann opdagede at Horde gjorde det muligt for fjernangribere at - sprøjte vilkårligt webskript eller HTML ind i konteksten hørende til en - indlogget brugers session (skripting på tværs af servere, cross site - scripting). -

    - -

    - Denne sårbarhed gælder kun den gamle stabile distribution (sarge). -

    -
    • - -
  • CVE-2006-3549 - -

    - Moritz Naumann opdagede at Horde ikke på korrekt vis begrænsede adgangen til - sin billedproxy, hvilket gjorde det muligt for fjernangribere at anvende - serveren som en proxy. -

    - -

    - Denne sårbarhed gælder kun den gamle stabile distribution (sarge). -

    -
    • - -
  • CVE-2006-4256 - -

    - Marc Ruef opdagede at Horde gjorde det muligt for fjernangribere at anvende - andre websteders websider, hvilket kunne være nyttigt i phishing-angreb. -

    - -

    - Denne sårbarhed gælder kun den gamle stabile distribution (sarge). -

    -
    • - -
  • CVE-2007-1473 - -

    - Moritz Naumann opdagede at Horde gjorde det muligt for fjernangribere at - sprøjte vilkårligt webskript eller HTML ind i konteksten hørende til en - indlogget brugers session (skripting på tværs af servere, cross site - scripting). -

    - -

    - Denne sårbarhed gælder både den stabile distribution (etch) og den gamle - stabile distribution (sarge). -

    -
    • - -
  • CVE-2007-1474 - -

    - iDefense opdagede at Hordes cronskript cleanup gjorde det muligt for lokale - brugere at slette vilkårlige filer. -

    - -

    - Denne sårbarhed gælder kun den gamle stabile distribution (sarge). -

    -
    • - -
- -

-I den gamle stabile distribution (sarge) er disse problemer rettet i -version 3.0.4-4sarge6. -

- -

-I den stabile distribution (etch) er disse problemer rettet i -version 3.1.3-4etch1. -

- -

-I den ustabile distribution (sid) er disse problemer rettet i -version 3.1.4-1. -

- -

-Vi anbefaler at du opgraderer din horde3-pakke. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1406.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1407.wml b/danish/security/2007/dsa-1407.wml deleted file mode 100644 index dac0ca7c0bf..00000000000 --- a/danish/security/2007/dsa-1407.wml +++ /dev/null @@ -1,28 +0,0 @@ -bufferoverløb - -

-Alin Rad Pop opdagede at Common UNIX Printing System var sårbar over for et -forskudt med en-bufferoverløb i koden der behandler IPP-pakker, hvilket kunne -føre til udførelse af vilkårlig kode. -

- -

-Versionen af cupsys i den gamle stabile distribution (sarge) er ikke sårbar -over for vilkårlig udførelse af kode. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 1.2.7-4etch1. Opdaterede pakker til arkitekturen arm vil senere blive -stillet til rådighed. -

- -

-Vi anbefaler at du opgraderer dine cupsys-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1407.data" -#use wml::debian::translation-check translation="7c0d1b0814003ff80bbb35fcb15efaeba7ca9a7c" mindelta="1" diff --git a/danish/security/2007/dsa-1408.wml b/danish/security/2007/dsa-1408.wml deleted file mode 100644 index 222f3224c58..00000000000 --- a/danish/security/2007/dsa-1408.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Alin Rad Pop opdagede et bufferoverløb i kpdf, hvilket kunne gøre det muligt -at udføre vilkårlig kode, hvis en misdannet PDF-fil blev vist.

- -

Den gamle stabile distribution (sarge) vil blive rettet senere.

- -

I den stabile distribution (etch), er dette problem rettet i -version 4:3.5.5-3etch2. Opbygninger til arm og sparc er endnu ikke -tilgængelige.

- -

Vi anbefaler at du opgraderer dine kdegraphics-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1408.data" -#use wml::debian::translation-check translation="f3f2292877c30bc250d73261a6cb808411f75f9f" mindelta="1" diff --git a/danish/security/2007/dsa-1409.wml b/danish/security/2007/dsa-1409.wml deleted file mode 100644 index 220d29e4603..00000000000 --- a/danish/security/2007/dsa-1409.wml +++ /dev/null @@ -1,51 +0,0 @@ -flere sårbarheder - -

Denne opdatering retter alle kendte regressioner, som opstod i forbindelse -med de to foregående udgaver af DSA 1409. Den oprindelige tekst er -herunder:

- -
- -

Flere lokale/fjernudnytbare sårbarheder er opdaget i samba, en -LanManager-lignende fil- og printerserver til Unix. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-5398 - -

    Alin Rad Pop fra Secunia Research opdagede at nmbd ikke på korrekt vis - kontrollerede længden på netbios-pakker. Når samba var opsat som en - WINS-server, kunne en fjernangriber sende mange særligt fremstillede - forespørgsler til den, hvilket medførte udførelse af vilkårlig kode med - root-rettigheder.

    -
    • - -
  • CVE-2007-4572 - -

    Samba-udviklerne opdagede at en buffer i nmbd kunne løbe over under - behandlingen af GETDC-logonserverforespørgsler. Når samba var opsat som en - Primary eller Backup Domain Controller, kunne en fjernangriber sende - ondsindede logonforespørgsler og muligvis forårsage et lammelsesangreb - (denial of service).

    -
    • - -
- -
- -

I den gamle stabile distribution (sarge), er disse problemer rettet i -version 3.0.14a-3sarge10.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 3.0.24-6etch8.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.0.27-1.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1409.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1410.wml b/danish/security/2007/dsa-1410.wml deleted file mode 100644 index e860208f076..00000000000 --- a/danish/security/2007/dsa-1410.wml +++ /dev/null @@ -1,34 +0,0 @@ -programmeringsfejl - -

Flere sårbarheder er opdaget i Ruby, et objektorienteret skriptsprog. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-5162 - -

    Man har opdaget at Ruby's HTTP(S)-modul udførte utilstrækkelig kontrol - af SSL-certifikater, hvilket kunne føre til manden i midten-angreb.

    • - -
  • CVE-2007-5770 - -

    Man har opdaget at Rubys moduler til FTP, Telnet, IMAP, POP og SMTP - udførte utilstrækkelig kontrol af SSL-certicikater, hvilket kunne føre til - manden i midten-angreb.

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet -i version 1.8.2-7sarge6. Pakker til sparc vil blive gjort tilgængelige -senere.

- -

I den stabile distribution (etch) er disse problemer rettet i -version 1.8.5-4etch1. Pakker til sparc vil blive gjort tilgængelige senere.

- -

Vi anbefaler at du opgraderer dine ruby1.8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1410.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1411.wml b/danish/security/2007/dsa-1411.wml deleted file mode 100644 index 4baee4fece2..00000000000 --- a/danish/security/2007/dsa-1411.wml +++ /dev/null @@ -1,33 +0,0 @@ -programmeringsfejl - -

Flere sårbarheder er opdaget i Ruby, et objektorienteret skriptsprog. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-5162 - -

    Man har opdaget at Ruby's HTTP(S)-modul udførte utilstrækkelig kontrol - af SSL-certifikater, hvilket kunne føre til manden i midten-angreb.

    • - -
  • CVE-2007-5770 - -

    Man har opdaget at Rubys moduler til FTP, Telnet, IMAP, POP og SMTP - udførte utilstrækkelig kontrol af SSL-certicikater, hvilket kunne føre til - manden i midten-angreb.

    • - -
- -

I den gamle stabile distribution (sarge) er disse problemer rettet -i version 0.1.4a-1sarge1. Pakker til sparc vil blive gjort tilgængelige -senere.

- -

Den stabile distribution (etch) indeholder ikke længere libopenssl-ruby.

- -

Vi anbefaler at du opgraderer dine libopenssl-ruby-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1411.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1412.wml b/danish/security/2007/dsa-1412.wml deleted file mode 100644 index 4f28774dd31..00000000000 --- a/danish/security/2007/dsa-1412.wml +++ /dev/null @@ -1,33 +0,0 @@ -programmeringsfejl - -

Flere sårbarheder er opdaget i Ruby, et objektorienteret skriptsprog. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-5162 - -

    Man har opdaget at Ruby's HTTP(S)-modul udførte utilstrækkelig kontrol - af SSL-certifikater, hvilket kunne føre til manden i midten-angreb.

    • - -
  • CVE-2007-5770 - -

    Man har opdaget at Rubys moduler til FTP, Telnet, IMAP, POP og SMTP - udførte utilstrækkelig kontrol af SSL-certicikater, hvilket kunne føre til - manden i midten-angreb.

    • - -
- -

Den gamle stabile distribution (sarge) indeholder ikke ruby1.9-pakker.

- -

I den stabile distribution (etch) er disse problemer rettet i -version 1.9.0+20060609-1etch1. Opdaterede pakker til hppa og sparc vil blive -gjort tilgængelige senere.

- -

Vi anbefaler at du opgraderer dine ruby1.9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1412.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1413.wml b/danish/security/2007/dsa-1413.wml deleted file mode 100644 index 0cc3c70830e..00000000000 --- a/danish/security/2007/dsa-1413.wml +++ /dev/null @@ -1,71 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er fundet i MySQL-databasepakker, spændende fra -uautoriserede databaseændringer til fjernudløste servernedbrud. Projektet -Common Vulnerabilities and Exposures har fundet frem tilfølgende problemer:

- -
    - -
  • CVE-2007-2583 - -

    Funktionen in_decimal::set i item_cmpfunc.cc i MySQL før version - 5.0.40 gjorde det muligt at forårsage et kontaktafhængigt - lammelsesangreb (denial of service) gennem en fabrikeret IF-statement, - der medfører en division med nul-fejl og en NULL-pointerdereference. - (Påvirket kildekodeversion 5.0.32.)

    • - -
  • CVE-2007-2691 - -

    MySQL kræver ikke DROP-rettigheden ved RENAME TABLE-statements, - hvilket gjorde det muligt for fjernautentificerede brugere at omdøbe - vilkårlige tabeller. (Alle understøttede versioner er - påvirket.)

    • - -
  • CVE-2007-2692 - -

    Funktionen mysql_change_db genetablerer ikke - THD::db_access-rettigheder, når den vender tilbage fra gemte SQL - SECURITY INVOKER-rutiner, hvilket gjordet muligt for - fjernautentificerede brugere at opnå rettigheder. (Påvirket - kildekodeversion 5.0.32.)

    • - -
  • CVE-2007-3780 - -

    Man kunne få MySQL til at lade en char med fortegn løbe over, under - autentificering. Fjernangribere kunne anvende særligt fremstillede - autenficiceringsforespørgsler til at forårsage lammelsesangreb. - (Opstrøms kildekodeversioner 4.1.11a og 5.0.32 er påvirkede.)

    • - -
  • CVE-2007-3782 - -

    Phil Anderton opdagede at MySQL ikke på korrekt vis kontrollerede - rettigheder, når eksterne tabeller blev tilgået. Det havde til følge - at autentificerede brugere kunne udnytte sårbarheden til at opnå - UPDATE-rettigheder til eksterne tabeller. (Påvirket kildekodeversion - 5.0.32.)

    • - -
  • CVE-2007-5925 - -

    Funktionen convert_search_mode_to_innobase i ha_innodb.cc i - InnoDB-maskinen i MySQL 5.1.23-BK og tidligere, gjorde det muligt for - fjernautentificerede brugere at forårsage lammelsesangreb - (databasenedbrud) gennem en særligt fremstillet CONTAINS-handling på en - indekseret kolonne, hvilket udløste en assertion-fejl. (Påvirket - kildekodeversion 5.0.32.)

    • - -
- -

I den gamle stabile distribution (sarge), er disse problemer rettet i -version 4.0.24-10sarge3 af mysql-dfsg og version 4.1.11a-4sarge8 af -mysql-dfsg-4.1.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 5.0.32-7etch3 af mysql-dfsg-5.0-pakkerne.

- -

Vi anbefaler at du opgraderer dine mysql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1413.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1414.wml b/danish/security/2007/dsa-1414.wml deleted file mode 100644 index ac2c2b28a77..00000000000 --- a/danish/security/2007/dsa-1414.wml +++ /dev/null @@ -1,50 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i -netværkstrafianalyseringsprogrammet Wireshark, hvilket kunne føre til -lammelsesangreb (denial of service) eller udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-6114 - -

    Stefan Esser opdagede et bufferoverløb i SSL-dissectoren. - Fabiodds opdagede et bufferoverløb i iSeries trace-dissectoren.

    • - -
  • CVE-2007-6117 - -

    En programmeringsfejl blev opdaget i HTTP-dissectoren, hvilket kunne - føre til lammelsesangreb.

    • - -
  • CVE-2007-6118 - -

    MEGACO-dissectoren kunne narres til at udmatte ressourcerne.

    • - -
  • CVE-2007-6120 - -

    Bluetooth SDP-dissectoren kunne narres ind i en uendelig løkke.

    • - -
  • CVE-2007-6121 - -

    RPC portmap-dissectoren kunne narres til at dereferencere en - NULL-pointer.

    • - -
- -

I den gamle stabile distribution (sarge), er disse problemer -rettet i version 0.10.10-2sarge10. (I sarge blev Wireshark tidligere kaldt -Ethereal). Opdaterede pakker til sparc og m68k vil senere blive gjort -tilgængelige.

- -

I den stabile distribution (etch), er disse problemer rettet -i version 0.99.4-5.etch.1. Opdaterede pakker til sparc vil senere blive gjort -tilgængelige.

- -

Vi anbefaler at du opgraderer dine wireshark/ethereal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1414.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1415.wml b/danish/security/2007/dsa-1415.wml deleted file mode 100644 index 47935d7bf19..00000000000 --- a/danish/security/2007/dsa-1415.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Man har opdaget at Tk, et flerplatforms grafisk værktøj til Tcl, udførte -utilstrækkelig kontrol af inddata i koden, der anvendes til at indlæse -GIF-billeder, hvilket kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (sarge), er dette problem rettet -i version 8.4.9-1sarge1.

- -

I den stabile distribution (etch), er dette problem rettet i -version 8.4.12-1etch1.

- -

Vi anbefaler at du opgraderer dine tk8.4 packages. Opdaterede pakker til -sparc vil senere blive gjort tilgængelige.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1415.data" -#use wml::debian::translation-check translation="1950c925ce7c7db7dd1b57e7e518ffb5d998825c" mindelta="1" diff --git a/danish/security/2007/dsa-1416.wml b/danish/security/2007/dsa-1416.wml deleted file mode 100644 index a6e0f920fb9..00000000000 --- a/danish/security/2007/dsa-1416.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Man har opdaget at Tk, et flerplatforms grafisk værktøj til Tcl, udførte -utilstrækkelig kontrol af inddata i koden, der anvendes til at indlæse -GIF-billeder, hvilket kunne føre til udførelse af vilkårlig kode.

- -

På grund af tekniske begrænsninger i Debians arkivskripter, kan opdateringen -af den gamle stabile distribution (sarge) ikke frigives samtidig med -opdateringen af den stabile distribution. Den vil blive gjort tilgængelig en -af de nærmeste dage.

- -

I den stabile distribution (etch), er dette problem rettet i -version 8.3.5-6etch1.

- -

Vi anbefaler at du opgraderer dine tk8.3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1416.data" -#use wml::debian::translation-check translation="1950c925ce7c7db7dd1b57e7e518ffb5d998825c" mindelta="1" diff --git a/danish/security/2007/dsa-1417.wml b/danish/security/2007/dsa-1417.wml deleted file mode 100644 index 4ac0dbc73bc..00000000000 --- a/danish/security/2007/dsa-1417.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

Tilghman Lesher opdagede at logningsmaskinen i Asterisk, et fri software-PBX -og -telefoniværktøjssæt, udførte utilstrækkelig fornuftighedskontrol af -kaldrelaterede data, hvilket kunne føre til SQL-indspøjtning.

- -

I den gamle stabile distribution (sarge), er dette problem rettet -i version 1:1.0.7.dfsg.1-2sarge6.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1:1.2.13~dfsg-2etch2. Opdaterede pakker til ia64 vil senere blive -gjort tilgængelige.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1417.data" -#use wml::debian::translation-check translation="1950c925ce7c7db7dd1b57e7e518ffb5d998825c" mindelta="1" diff --git a/danish/security/2007/dsa-1418.wml b/danish/security/2007/dsa-1418.wml deleted file mode 100644 index f8c6ff190e6..00000000000 --- a/danish/security/2007/dsa-1418.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at Cacti, en værktøj til overvåge systemer og netværk, -udførte utilstrækkelig fornuftighedskontrol af inddata, hvilket muliggjorde -SQL-indsprøjtning.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 0.8.6c-7sarge5.

- -

I den stabile distribution (etch) er dette problem rettet i -version 0.8.6i-3.2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.8.7a-1.

- -

Vi anbefaler at du opgraderer din cacti-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1418.data" -#use wml::debian::translation-check translation="ab9cd4d5ad476306dc14ea14a60cdd3724b38043" mindelta="1" diff --git a/danish/security/2007/dsa-1419.wml b/danish/security/2007/dsa-1419.wml deleted file mode 100644 index 24bf00bf16e..00000000000 --- a/danish/security/2007/dsa-1419.wml +++ /dev/null @@ -1,26 +0,0 @@ -programmeringsfejl - -

En sårbarhed er opdaget i HSQLDB, standarddatabasemaskinen der distribueres -med OpenOffice.org. Dette kunne medføre udførelse af vilkårlig Java-kode -indlejret i et OpenOffice.org-databasedokument med brugerens rettigheder. -Denne opdatering kræver en opdatering af både OpenOffice.org og hsqldb.

- -

Den gamle stabile distribution (sarge) er ikke påvirket af dette problem.

- -

I den stabile distribution (etch) er dette problem rettet i -version 2.0.4.dfsg.2-7etch4 af OpenOffice.org og i version -1.8.0.7-1etch1 af hsqldb.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.3.1-1 af OpenOffice.org og i version 1.8.0.9-2 af hsqldb.

- -

I den eksperimentelle distribution er dette problem rettet i -version 2.3.1~rc1-1 af OpenOffice.org og i version 1.8.0.9-1 af -hsqldb.

- -

Vi anbefaler at du opgraderer dine OpenOffice.org- og hsqldb-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1419.data" -#use wml::debian::translation-check translation="41702524aa74fdaa480ee880715ea68c9ede9a20" mindelta="1" diff --git a/danish/security/2007/dsa-1420.wml b/danish/security/2007/dsa-1420.wml deleted file mode 100644 index db6a00531e1..00000000000 --- a/danish/security/2007/dsa-1420.wml +++ /dev/null @@ -1,26 +0,0 @@ -programmeringsfejl - -

-Bas van Schaik opdagede at agentd-processen i Zabbix, et system til -netværksovervågning, kunne køre brugerleverede kommandoer som gruppe-id'en -root, og ikke zabbix, hvilket kunne føre til en rettighedsforøgelse. -

- -

-zabbix er ikke indeholdt i den gamle stabile distribution (sarge). -

- -

-I den stabile distribution (etch), er dette problem rettet i version -1:1.1.4-10etch1. -

- -

-Vi anbefaler at du opgraderer dine zabbix-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1420.data" -#use wml::debian::translation-check translation="7246a3e21aeecc8e1d92f20a3b27bc1b642a1fea" mindelta="1" diff --git a/danish/security/2007/dsa-1421.wml b/danish/security/2007/dsa-1421.wml deleted file mode 100644 index 31b07c0dc90..00000000000 --- a/danish/security/2007/dsa-1421.wml +++ /dev/null @@ -1,27 +0,0 @@ -mappegennemløb - -

En sårbarhed er opdaget i Battle for Wesnoth, hvilket gjorde det muligt for -fjernangribere at læse vilkårlige filer, som brugeren der kørte klienten havde -adgang til på maskinen hvor spilklienten kørte.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 0.9.0-7.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.2-3.

- -

I den stabile backports-distribution (etch-backports) er dette problem -rettet i version 1.2.8-1~bpo40+1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.2.8-1.

- -

I den eksperimentelle distribution er dette problem rettet i -version 1.3.12-1.

- -

Vi anbefaler at du opgraderer din wesnoth-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1421.data" -#use wml::debian::translation-check translation="098e01a84fb501baafb03f841289313324b13421" mindelta="1" diff --git a/danish/security/2007/dsa-1422.wml b/danish/security/2007/dsa-1422.wml deleted file mode 100644 index 085601ee902..00000000000 --- a/danish/security/2007/dsa-1422.wml +++ /dev/null @@ -1,20 +0,0 @@ -heltalsoverløb - -

Rafal Wojtczuk fra McAfee AVERT Research opdagede at e2fsprogs, værktøjer og -biblioteker til filsystemet ext2, indeholdt flere heltalsoverløb i -hukommelsesallokeringer, med grundlag i størrelser taget direkte fra -filsystemsoplysninger. Dette kunne medføre heap-baserede overløb, hvilket -potentielt muliggjorde udførelse af vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.39+1.40-WIP-2006.11.14+dfsg-2etch1.

- -

I den ustabile distribution (sid), vil dette problem blive rettet om kort -tid.

- -

Vi anbefaler at du opgraderer din e2fsprogs-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1422.data" -#use wml::debian::translation-check translation="99019cd073bbdb800fe10124c120be474709d6a0" mindelta="1" diff --git a/danish/security/2007/dsa-1423.wml b/danish/security/2007/dsa-1423.wml deleted file mode 100644 index af5c3b6f5c7..00000000000 --- a/danish/security/2007/dsa-1423.wml +++ /dev/null @@ -1,54 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i sitebar, et webbaseret program -til håndtering af bogmærker/favoritter, skrevet i PHP. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-5491 -

    En mappegennemløbssårbarhed i oversættelsesmodulet gjorde det muligt for - fjernautentificerede brugere at chmod'e vilkårlige filer til 0777 gennem - ..-sekvenser i parameteret lang.

    • - -
  • CVE-2007-5492 -

    En statisk kodeindsprøjtningssårbarhed i oversættelsesmodulet gjorde det - muligt for en fjernautentificeret bruger at udføre vilkårlig PHP-kode gennem - parameteret value.

    • - -
  • CVE-2007-5693 -

    En eval-indspøjtningssårbarhed i oversættelsesmodulet gjorde det muligt - for fjernautentificerede brugere at udføre vilkårlig PHP-kode gennem - parameteret edit, i en upd cmd-handling.

    • - -
  • CVE-2007-5694 -

    En mappegennemløbssårbarhed i oversættelsesmodulet gjorde det muligt for - fjernautentificerede brugere at læse vilkårlige filer gennem en absolut sti - i parameteret dir.

    • - -
  • CVE-2007-5695 -

    En fejl i command.php gjorde det muligt for fjernangribere at omdirigere - brugere til vilkårlige websteder gennem parameteret forward i Log - In-handlingen.

    • - -
  • CVE-2007-5692 -

    Flere udførelse af skripter på tværs af servere-fejl gjorde det muligt for - fjernangribere at sprøjte vilkårlige skript- eller HTML-fragmenter ind i - flere skripter.

    • -
- -

I den gamle stabile distribution (sarge), er disse problemer rettet i -version 3.2.6-7.1sarge1.

- -

I den stabile distribution (etch), er disse problemer rettet i version -3.3.8-7etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -3.3.8-12.1.

- -

Vi anbefaler at du opgraderer din sitebar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1423.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1424.wml b/danish/security/2007/dsa-1424.wml deleted file mode 100644 index 0f99e1d9918..00000000000 --- a/danish/security/2007/dsa-1424.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webbrowseren Iceweasel, en -udgave af browseren Firefox. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-5947 - -

    Jesse Ruderman og Petko D. Petkov opdagede at URI-håndteringe af - JAR-arkiver muliggjorde udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2007-5959 - -

    Flere nedbrud i layoutmaskinen blev opdaget, hvilket måske kunne gøre - det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2007-5960 - -

    Gregory Fleischer opdagede en race-tilstand i håndteringen af egenskaben - window.location, hvilket måske kunne føre til forespørgselsforfalskning på - tværs af websteder.

    • - -
- -

Mozilla-produkterne i den gamle stabile distribution (sarge) understøttes -ikke længere med sikkerhedsopdateringer.

- -

I den stabile distribution (etch) er disse problemer rettet i -version 2.0.0.10-0etch1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.0.0.10-2.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1424.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1425.wml b/danish/security/2007/dsa-1425.wml deleted file mode 100644 index ac32e8143fa..00000000000 --- a/danish/security/2007/dsa-1425.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø -til XUL-applikationer. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-5947 - -

    Jesse Ruderman og Petko D. Petkov opdagede at URI-håndteringe af - JAR-arkiver muliggjorde udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2007-5959 - -

    Flere nedbrud i layoutmaskinen blev opdaget, hvilket måske kunne gøre - det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2007-5960 - -

    Gregory Fleischer opdagede en race-tilstand i håndteringen af egenskaben - window.location, hvilket måske kunne føre til forespørgselsforfalskning på - tværs af websteder.

    • - -
- -

Den gamle stabile distribution (sarge) indeholder ikke xulrunner.

- -

I den stabile distribution (etch) er disse problemer rettet i -version 1.8.0.14~pre071019c-0etch1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.8.1.11-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1425.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1426.wml b/danish/security/2007/dsa-1426.wml deleted file mode 100644 index 667bd6893d9..00000000000 --- a/danish/security/2007/dsa-1426.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Flere lokale/fjernudnytbare sårbarheder er opdaget i Qt GUI-biblioteket. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-3388 - -

    Tim Brown og Dirk Müller opdagede flere formatstrengssårbarheder i - håndteringen af fejlmeddelelser, hvilket måske kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2007-4137 - -

    Dirk Müller opdagede et forskudt med én-bufferoverløb i - Unicode-håndteringen, hvilket måske kunne føre til udførelse af vilkårlig - kode.

    • - -
- -

I den gamle stabile distribution (sarge), er disse problemer rettet -i version 3:3.3.4-3sarge3. Pakker til m68k blive senere gjort tilgængelige.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 3:3.3.7-4etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3:3.3.7-8.

- -

Vi anbefaler at du opgraderer dine qt-x11-free-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1426.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1427.wml b/danish/security/2007/dsa-1427.wml deleted file mode 100644 index 8f9e4f79ed6..00000000000 --- a/danish/security/2007/dsa-1427.wml +++ /dev/null @@ -1,30 +0,0 @@ -bufferoverløb - -

-Alin Rad Pop opdagede at Samba, en LanManager-lignende fil- og printerserver -til Unix, var sårbar over for et bufferoverløb i nmbd-koden, som håndterer -GETDC-mailslotforespørgsler, hvilket kunne føre til udførelse af vilkårlig kode. -

- -

-I den gamle stabile distribution (sarge), er dette problem rettet i version -3.0.14a-3sarge11. Pakker til m68k vil blive gjort tilgængelige senere. -

- -

-I den stabile distribution (etch), er dette problem rettet i version -3.0.24-6etch9. -

- -

-I den ustabile distribution (sid), vil dette problem snart blive rettet. -

- -

-Vi anbefaler at du opgraderer dine samba-pakker. -

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1427.data" -#use wml::debian::translation-check translation="9b14789bdc073de3282461b7bc053d011d87b60f" mindelta="1" diff --git a/danish/security/2007/dsa-1428.wml b/danish/security/2007/dsa-1428.wml deleted file mode 100644 index 803fa43f70b..00000000000 --- a/danish/security/2007/dsa-1428.wml +++ /dev/null @@ -1,61 +0,0 @@ -flere sårbarheder - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i Linux-kernen, hvilket -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer.

- -

Dette er en opdatering til 1428-1, som manglede en reference til CVE-2007-5904.

- -
    - -
  • CVE-2007-3104 - -

    Eric Sandeen leverede en backport af Tejun Heos rettelse af en lokal - lammelsesangrebssårbarhed i sysfs. Under hukommelsespres blev en - dentry-struktur måske genanvendt medførende en dårlige pointer-dereference, - forårsagende en ups under en readdir.

    • - -
  • CVE-2007-4997 - -

    Chris Evans opdagede et problem med visse drivere, som anvender - Linux-kernens ieee80211-lag. En fjern bruger kunne generere en ondsindet - 802.11-frame, som kunne medføre et lammelsesangreb (crash). Driveren - ipw2100 vides at være påvirket at dette problem, mens ipw2200 menes ikke at - være det.

    • - -
  • CVE-2007-5500 - -

    Scott James Remnant diagnostificerede en programmeringsfejl i - implementeringen af ptrace, hvilket kunne anvendes af lokale brugere til at - få kernen til at gå ind i en uendelig løkke.

    • - -
  • CVE-2007-5904 - -

    Przemyslaw Wegrzyn opdagede et problem i CIFS-filsystemet, hvilket gjorde - det muligt for en ondsindet server, at forårsage et lammelsesangreb (crash) - ved at få en buffer til at løbe over.

    • - -
- -

I den stabile distribution (etch) er disse problemer er rettet i version -2.6.18.dfsg.1-13etch5.

- -

Følgende matriks viser yderligere pakker, der af kompatibilitetshensyn med -denne opdatering, eller for at kunne benytte sig af den, er blevet -genopbygget:

- -
- - - -
  Debian 4.0 (etch)
fai-kerner 1.17+etch.13etch5
user-mode-linux 2.6.18-1um-2etch.13etch5
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1428.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1429.wml b/danish/security/2007/dsa-1429.wml deleted file mode 100644 index 48d6b63572b..00000000000 --- a/danish/security/2007/dsa-1429.wml +++ /dev/null @@ -1,21 +0,0 @@ -udførelse af skripter på tværs af servere - -

Michael Skibbe opdagede at htdig, et WWW-søgesystem til et intranet eller -små internetsteder, ikke på tilstrækkelig vis indkapslede værdier leveret til -søgeskriptet, hvilket gjorde det muligt for fjernangribere at indsprøjte -vilkårligt skript eller HTML ind i særligt fremstillede links.

- -

I den gamle stabile distribution (sarge), findes dette problem ikke.

- -

I den stabile distribution (etch), er dette problem rettet i version -1:3.2.0b6-3.1etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:3.2.0b6-4.

- -

Vi anbefaler at du opgraderer din htdig-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1429.data" -#use wml::debian::translation-check translation="6932e50648bb9fcbcbe5ae1507aa6aa11f899eb0" mindelta="1" diff --git a/danish/security/2007/dsa-1430.wml b/danish/security/2007/dsa-1430.wml deleted file mode 100644 index a6e2daceb5a..00000000000 --- a/danish/security/2007/dsa-1430.wml +++ /dev/null @@ -1,24 +0,0 @@ -lammelsesangreb - -

Der rapporteres om en race-tilstand i libnss-ldap, et NSS-modul til -anvendelse af LDAP som naming-tjenste, hvilket kunne forårsage -lammelsesangreb (denial of service) hvis applikationer anvender pthreads.

- -

Problemet blev fundet i IMAP/POP-serveren dovecot, men påvirker potentielt -flere programmer.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 238-1sarge1.

- -

I den stabile distribution (etch), er dette problem rettet i version -251-7.5etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 256-1.

- -

Vi anbefaler at du opgraderer din libnss-ldap-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1430.data" -#use wml::debian::translation-check translation="f1d0aaaba962c14f4910a0879894423c56cf66f9" mindelta="1" diff --git a/danish/security/2007/dsa-1431.wml b/danish/security/2007/dsa-1431.wml deleted file mode 100644 index 07cdc235f02..00000000000 --- a/danish/security/2007/dsa-1431.wml +++ /dev/null @@ -1,22 +0,0 @@ -formatstrengssårbarhed - -

Man har opdaget at ruby-gnome2, de GNOME-relaterede bindinger til sproget -Ruby, ikke på korrekt vis fornuftighedskontrollerede inddata før dialoger blev -konstrueret. Dette kunne muliggøre udførelse af vilkårlig kode, hvis inddata -fra en bruger man ikke stoler på, blev vist i en dialog.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 0.12.0-2sarge1.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.15.0-1.1etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.16.0-10.

- -

Vi anbefaler at du opgraderer din ruby-gnome2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1431.data" -#use wml::debian::translation-check translation="10ffe3c477ea5de29adf18e958aed6e39cc92e45" mindelta="1" diff --git a/danish/security/2007/dsa-1432.wml b/danish/security/2007/dsa-1432.wml deleted file mode 100644 index 6e3aebda4bb..00000000000 --- a/danish/security/2007/dsa-1432.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Alin Rad Pop opdagede at link-grammar, Carnegie Mellon Universitys -linkgrammatikfortolker til engelsk, udførte utilstrækkelig kontrol inden for sin -tokenisering, hvilket gøre det muligt for en ondsindet inddatafil at udføre -vilkårlig kode.

- -

I den gamle stabile distribution (sarge), findes pakken ikke.

- -

I den stabile distribution (etch), er dette problem rettet i version -4.2.2-4etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -4.2.5-1.

- -

Vi anbefaler at du opgraderer din link-grammar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1432.data" -#use wml::debian::translation-check translation="ac5c4014dbc29a07c74a0612cee1e0e687d3c6e5" mindelta="1" diff --git a/danish/security/2007/dsa-1433.wml b/danish/security/2007/dsa-1433.wml deleted file mode 100644 index 4ac7b6e0a7c..00000000000 --- a/danish/security/2007/dsa-1433.wml +++ /dev/null @@ -1,28 +0,0 @@ -bufferoverløb - -

-Flere fjernudnytbare sårbarheder er opdaget i centericq, en chatklient der -understøtter flere protokoller og kører i teksttilstand, hvilket kunne gøre det -muligt for fjernangribere at udføre vilkårlig kode på grund af utilstrækkelig -kontrol af grænser. -

- -

-I den gamle stabile distribution (sarge), er disse problemer rettet i -version 4.20.0-1sarge5. -

- -

-I den stabile distribution (etch), er disse problemer rettet i version -4.21.0-18etch1. -

- -

-Vi anbefaler at du opgraderer din centericq-pakke. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1433.data" -#use wml::debian::translation-check translation="f26f20982846e59420d77f783ad2071cfaccad5e" mindelta="1" diff --git a/danish/security/2007/dsa-1434.wml b/danish/security/2007/dsa-1434.wml deleted file mode 100644 index e08ded7ca86..00000000000 --- a/danish/security/2007/dsa-1434.wml +++ /dev/null @@ -1,28 +0,0 @@ -bufferoverløb - -

-Man har opdaget at i MyDNS, en domænenavneserver med en database-backend, kunne -dæmonen bringes til at gå ned gennem ondsindede fjernopdateringsforspørgsler, -hvilket kunne føre til lammelsesangreb (denial of service). -

- -

-Den gamle stabile distribution (sarge) er ikke påvirket. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 1:1.1.0-7etch1. -

- -

-I den ustabile distribution (sid), er dette problem rettet i -version 1.1.0-8. -

- -

Vi anbefaler at du opgraderer dine mydns-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1434.data" -#use wml::debian::translation-check translation="9dde42e220e41424fcbebf6db1c24ab5b249c675" mindelta="1" diff --git a/danish/security/2007/dsa-1435.wml b/danish/security/2007/dsa-1435.wml deleted file mode 100644 index 64addfd2231..00000000000 --- a/danish/security/2007/dsa-1435.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i antivirustoolkittet Clam. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-6335 - -

    Et heltalsoverløb i dekomprimeringskoden til MEW-arkiver kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2007-6336 - -

    En forskudt med én-fejl blev opdaget i MS-ZIP-dekomprimeringskoden, - kunne føre til udførelse af vilkårlig kode.

    • - -
- -

Den gamle stabile distribution (sarge) er ikke påvirket af disse problems. -Men siden clamav-versionen i sarge ikke længere kan behandle alle Clams kendte -malware-signaturer, er understøttelse af ClamAV i sarge nu ophørt. Vi anbefaler -at man opgraderer til den stabile distribution (etch) eller anvender en backport -af den stabile version af programmet.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.90.1-3etch8.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1435.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1436.wml b/danish/security/2007/dsa-1436.wml deleted file mode 100644 index 452a4bd9ccd..00000000000 --- a/danish/security/2007/dsa-1436.wml +++ /dev/null @@ -1,66 +0,0 @@ -flere sårbarheder - - -

Flere lokale sårbarheder er opdaget i Linux-kernen, hvilket kunne føre til -lammelsesangreb (denial of service) eller udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2006-6058 - -

    LMH rapporterede om et problem i filsystemet minix, der gjorde det muligt - for lokale brugere med mount-rettigheder at iværksætte et lammelsesangreb - (printk-oversvømmelse) ved at mounte et særligt fremstillet ødelagt - filsystem.

    • - -
  • CVE-2007-5966 - -

    Warren Togami opdagede et problem i undersystemet hrtimer, der gjorde det - muligt for en lokal bruger at forårsage et lammelsesangreb (soft - lockup) ved at bede om et timer-hvil i et langt tidsrum, førende til et - heltalsoverløb.

    • - -
  • CVE-2007-6063 - -

    Venustech AD-LAB opdagede et bufferoverløb i isdn ioctl-håndteringen, - udnytbart af en lokal bruger.

    • - -
  • CVE-2007-6206 - -

    Blake Frantz opdagede at når der fandtes en core-fil ejet af en bruger - uden root, og en root-ejet proces dumpede core i den, beholdt core-filen sit - oprindelige ejerskab. Dette kunne anvendes af en lokal bruger til at opnå - adgang til følsomme oplysninger.

    • - -
  • CVE-2007-6417 - -

    Hugh Dickins opdagede et problem i filsystemet tmpfs, hvor en kerneside - under sjældne omstændigheder kunne blive tømt, og dermed lække følsom - kernehukommelse til userspace eller medførende et lammelsesangreb - (crash).

    • - -
- -

I den stabile version (etch) er disse problemer er rettet i version -2.6.18.dfsg.1-13etch6.

- -

Følgende matriks viser yderligere pakker, der af kompatibilitetshensyn med -denne opdatering, eller for at kunne benytte sig af den, er blevet -genopbygget:

- -
- - - -
  Debian 4.0 (etch)
fai-kerner 1.17+etch.13etch6
user-mode-linux 2.6.18-1um-2etch.13etch6
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1436.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1437.wml b/danish/security/2007/dsa-1437.wml deleted file mode 100644 index 5d1c691c182..00000000000 --- a/danish/security/2007/dsa-1437.wml +++ /dev/null @@ -1,52 +0,0 @@ -flere sårbarheder - -

-Flere lokalt udnytbare sårbarheder er opdaget i Common UNIX Printing System. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer: -

- -
    - -
  • CVE-2007-5849 - -

    - Wei Wang opdagede et bufferoverløb i SNMP-backend'en, der kunne føre til - udførelse af vilkårlig kode. -

    • - -
  • CVE-2007-6358 - -

    - Elias Pipping opdagede at usikker håndtering af en midlertidig fil i - skriptet pdftops.pl kunne føre til et lokalt lammelsesangreb (denial of - service). Denne sårbarhed er ikke udnytbar i standardopsætningen. -

    • - -
- -

-Den gamle stabile distribution (sarge) er ikke påvirket af CVE-2007-5849. -Det andet problem berettiger ikke en særskilt opdatering og er blevet udskudt. -

- -

-I den stabile distribution (etch), er disse problemer rettet i version -1.2.7-4etch2. -

- -

-I den ustabile distribution (sid), er disse problemer rettet i version -1.3.5-1. -

- -

-Vi anbefaler at du opgraderer dine cupsys-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1437.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1438.wml b/danish/security/2007/dsa-1438.wml deleted file mode 100644 index 215effb393d..00000000000 --- a/danish/security/2007/dsa-1438.wml +++ /dev/null @@ -1,51 +0,0 @@ -flere sårbarheder - -

-Flere sårbarheder er opdaget i GNU Tar. Projektet Common Vulnerabilities og -Exposures har fundet frem til følgende problemer: -

- -
    - -
  • CVE-2007-4131 - -

    - En mappegennemløbssårbarhed gjorde det muligt for angribere med særligt - fremstillede arkiver at udpakke indhold uden for mappetræet oprettet af - tar. -

    • - -
  • CVE-2007-4476 - -

    - Et stakbaseret bufferoverløb i koden til kontrol af filnavne, kunne føre - til udførelse af vilkårlig kode når ondsindet fremstillede arkiver blev - behandlet. -

    • - -
- -

-I den gamle stabile distribution (sarge), er disse problemer -rettet i version 1.14-2.4. -

- -

-I den stabile distribution (etch), er disse problemer rettet i -version 1.16-2etch1. -

- -

-I den ustabile distribution (sid), er disse problemer rettet i -version 1.18-2. -

- -

-Vi anbefaler at du opgraderer din tar-pakke. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1438.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2007/dsa-1439.wml b/danish/security/2007/dsa-1439.wml deleted file mode 100644 index 7c02f98342d..00000000000 --- a/danish/security/2007/dsa-1439.wml +++ /dev/null @@ -1,31 +0,0 @@ -manglende kontrol af inddata - -

-Henning Pingel opdagede at TYPO3, et framework til webindholdshåndtering, -udførte utilstrækkelig fornuftighedskontrol af inddata, hvilket gjorde -systemet sårbar over for SQL-indsprøjtning af indloggede backend-brugere. -

- -

-Den gamle stabile distribution (sarge) indeholder ikke typo3-src. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 4.0.2+debian-4. -

- -

-I den ustabile distribution (sid) og i distributionen testing (lenny), er dette -problem rettet i version 4.1.5-1. -

- -

-Vi anbefaler at du opgraderer dine typo3-src-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1439.data" -#use wml::debian::translation-check translation="ec9d5a39cbce63a0b46176cdbd86938571d94b56" mindelta="1" diff --git a/danish/security/2007/dsa-1440.wml b/danish/security/2007/dsa-1440.wml deleted file mode 100644 index 6ec30e18496..00000000000 --- a/danish/security/2007/dsa-1440.wml +++ /dev/null @@ -1,32 +0,0 @@ -bufferoverløb - -

-Man har opdaget at et bufferoverløb i filnavnshåndteringen i inotify-tools, en -kommandolinjeoverbygning til inotify, kunne føre til udførelse af vilkårlig -kode. Dette påvirker kun det interne bibliotek og ingen af -frontend-værktøjerne, der distribueres af Debian. -

- -

-Den gamle stabile distribution (sarge) indeholder ikke inotify-tools. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 3.3-2. -

- -

-I den ustabile distribution (sid), er dette problem rettet i -version 3.11-1. -

- -

-Vi anbefaler at du opgraderer din inotify-tools-pakke. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1440.data" -#use wml::debian::translation-check translation="1b504c77fbcfe51cf174bf708b4fa909ecb76383" mindelta="1" diff --git a/danish/security/2007/dsa-1441.wml b/danish/security/2007/dsa-1441.wml deleted file mode 100644 index 68e380d1b8a..00000000000 --- a/danish/security/2007/dsa-1441.wml +++ /dev/null @@ -1,31 +0,0 @@ -bufferoverløb - -

-Luigi Auriemma opdagede at PeerCast, en P2P-streaming server til lyd og video, -var sårbar over for et heapoverløb i HTTP-serverkoden, hvilket gjorde det -muligt for fjernangribere at forårsage et lammelsesangreb og muligvis udføre -vilkårlig kode gennem en lang SOURCE-forespørgsel. -

- -

-Den gamle stabile distribution (sarge) indeholder ikke peercast. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 0.1217.toots.20060314-1etch0. -

- -

-I den ustabile distribution (sid), er dette problem rettet i -version 0.1218+svn20071220+2. -

- -

-Vi anbefaler at du opgraderer dine peercast-pakker. -

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1441.data" -#use wml::debian::translation-check translation="1b504c77fbcfe51cf174bf708b4fa909ecb76383" mindelta="1" diff --git a/danish/security/2007/dsa-1442.wml b/danish/security/2007/dsa-1442.wml deleted file mode 100644 index 43b35bd964b..00000000000 --- a/danish/security/2007/dsa-1442.wml +++ /dev/null @@ -1,26 +0,0 @@ -bufferoverløb - -

-Rubert Buchholz opdagede at libsndfile, et bibliotek til læsning og skrivning -af lydfiler, udførte utilstrækkelig grænsekontrol når FLAC-filer blev -behandlet, hvilket kunne føre til udførelse af vilkårlig kode. -

- -

-Den gamle stabile distribution (sarge) er ikke påvirket af dette problem. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 1.0.16-2. -

- -

-Vi anbefaler at du opgraderer dine libsndfile-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2007/dsa-1442.data" -#use wml::debian::translation-check translation="ed62390e4a797ceb016be5838a73d02ee507a066" mindelta="1" diff --git a/danish/security/2007/index.wml b/danish/security/2007/index.wml deleted file mode 100644 index 77beae4fd7a..00000000000 --- a/danish/security/2007/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2007 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2007', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2008/Makefile b/danish/security/2008/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2008/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2008/dsa-1443.wml b/danish/security/2008/dsa-1443.wml deleted file mode 100644 index 048e2911afb..00000000000 --- a/danish/security/2008/dsa-1443.wml +++ /dev/null @@ -1,31 +0,0 @@ -bufferoverløb - - -

-Man har opdaget at flere bufferoverløb i tcpreen, et værktøj til overvågning af -en TCP-forbindelse, kunne føre til lammelsesangreb (denial of service). -

- -

-Den gamle stabile distribution (sarge) indeholder ikke tcpreen. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 1.4.3-0.1etch1. -

- -

-I den ustabile distribution (sid), er dette problem rettet i -version 1.4.3-0.3. -

- -

-Vi anbefaler at du opgraderer din tcpreen-pakke. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1443.data" -#use wml::debian::translation-check translation="d50f0488ee594998343ec08227a55a55bc323dfa" mindelta="1" diff --git a/danish/security/2008/dsa-1444.wml b/danish/security/2008/dsa-1444.wml deleted file mode 100644 index 4f652308c3a..00000000000 --- a/danish/security/2008/dsa-1444.wml +++ /dev/null @@ -1,105 +0,0 @@ -flere sårbarheder - -

-Man opdagede at rettelsen vedrørende -\ -CVE-2007-4659 kunne føre til regressioner i nogle situationer. Rettelsen -er indtil videre blevet ført tilbage, og en revideret opdatering vil blive -gjort tilgængelig med en fremtidig PHP-DSA. -

- -

Til reference er herunder den oprindelige bulletins tekst:

- -

-Flere fjernudnytbare sårbarheder er opdaget i PHP, et serverskriptsprog med -indlejret HTML. Projektet Common Vulnerabilities and Exposures project har -fundet frem til følgende problemer: -

- -
    - -
  • CVE-2007-3799 - -

    - Man har opdaget at funktionen session_start() muliggjorde indsættelse af - attributter i sessions-cookien. -

    • - -
  • CVE-2007-3998 - -

    - Mattias Bengtsson og Philip Olausson opdagede at en programmeringsfejl i - implementeringen af funktionen wordwrap(), muliggjorde et lammelsesangreb - gennem en uendelig løkke. -

    • - -
  • CVE-2007-4658 - -

    - Stanislav Malyshev opdagede at en formatstrengssårbarhed i funktionen - money_format(), kunne muliggøre udførelse af vilkårlig kode. -

    • - -
  • CVE-2007-4659 - -

    - Stefan Esser opdagede at execution control flow i funktionen - zend_alter_ini_entry(), blev håndtereret forkert i tilfælde af overskridelse - af en hukommelsesbegrænsning. -

    • - -
  • CVE-2007-4660 - -

    - Gerhard Wagner opdagede et heltalsoverløb i funktionen chunk_split(). -

    • - -
  • CVE-2007-5898 - -

    - Rasmus Lerdorf opdagede at ukorrekt fortolkning af multibyte-sekvenser kunne - føre til afsløring af hukommelsesindhold. -

    • - -
  • CVE-2007-5899 - -

    - Man har opdaget at funktionen output_add_rewrite_var() kunne lække - sessions-id-oplysninger, medførende informationsafsløring. -

    • - -
- -

Denne opdatering retter også to fra PHP 5.2.4-udgaven, der ikke har -sikkerhedspåvirkning jf. Debians PHP-sikkerhedsretningslinjer -(CVE-2007-4657 -og CVE-2007-4662), -men som ikke desto mindre er blevet rettet.

- -

-Den gamle stabile distribution (sarge) indeholder ikke php5. -

- -

-I den stabile distribution (etch), er disse problemer rettet i -version 5.2.0-8+etch10. -

- -

-I den ustabile distribution (sid), er disse problemer rettet i version 5.2.4-1, -med undtagelse af CVE-2007-5898 -og CVE-2007-5899, -der snart vil blive rettet. Bemærk at Debians version af PHP er styrket -(hardened med Suhosin-rettelsen siden version 5.2.4-1, hvilket gør at -flere sårbarheder er ineffektive. -

- -

-Vi anbefaler at du opgraderer dine php5-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1444.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1445.wml b/danish/security/2008/dsa-1445.wml deleted file mode 100644 index 8950861a8ed..00000000000 --- a/danish/security/2008/dsa-1445.wml +++ /dev/null @@ -1,32 +0,0 @@ -programmeringsfejl - -

-Michael Krieger og Sam Trenholme opdagede en programmeringsfejl i MaraDNS, en -simpel sikkerhedsbevidst Domain Name Service-server, hvilket kunne føre til -lammelsesangreb (denial of service) gennem misdannede DNS-pakker. -

- -

-I den gamle stabile distribution (sarge), er dette problem rettet -i version 1.0.27-2. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 1.2.12.04-1etch2. -

- -

-I den ustabile distribution (sid), er dette problem rettet i -version 1.2.12.08-1. -

- -

-Vi anbefaler at du opgraderer din maradns-pakke. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1445.data" -#use wml::debian::translation-check translation="080bd633edc1e52f90afa7bd3ce75c2225493b85" mindelta="1" diff --git a/danish/security/2008/dsa-1446.wml b/danish/security/2008/dsa-1446.wml deleted file mode 100644 index f8a103dfd49..00000000000 --- a/danish/security/2008/dsa-1446.wml +++ /dev/null @@ -1,48 +0,0 @@ -flere sårbarheder - -

-Flere fjernudnytbare sårbarheder er opdaget i netværkstrafikanalyseringsprogrammet -Wireshark, hvilket kunne føre til lammelsesangreb (denial of service). Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende problemer: -

- -
    - -
  • CVE-2007-6450 - -

    - RPL-dissektoren kunne narres ind i en uendelig løkke. -

    • - -
  • CVE-2007-6451 - -

    - CIP-dissektoren kunne narres til overdreven hukommelsesallokering. -

    • - -
- -

-I den gamle stabile distribution (sarge), er disse problemer rettet i -version 0.10.10-2sarge11. (I sarge blev Wireshark kaldt Ethereal.) -

- -

-I den stabile distribution (etch), er disse problemer rettet i -version 0.99.4-5.etch.2. -

- -

-I den ustabile distribution (sid), er disse problemer rettet i -version 0.99.7-1. -

- -

-Vi anbefaler at du opgraderer dine wireshark-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1446.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1447.wml b/danish/security/2008/dsa-1447.wml deleted file mode 100644 index 51e344f5e2d..00000000000 --- a/danish/security/2008/dsa-1447.wml +++ /dev/null @@ -1,71 +0,0 @@ -flere sårbarheder - -

-Flere fjernudnytbare sårbarheder er opdaget i Tomcats servlet- og JSP-maskine. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer: -

- -
    - -
  • CVE-2007-3382 - -

    - Man har opdaget at enkeltanførselstegn (') i cookier blev behandlet som - skilletegn, hvilket kunne føre til en informationslækage. -

    • - -
  • CVE-2007-3385 - -

    - Man har opdaget at tegnsekvensen \" i cookier blev håndteret ukorrekt, - hvilket kunne føre til en informationslækage. -

    • - -
  • CVE-2007-3386 - -

    - Man har opdaget at en host manager-servlet'en udførte utilstrækkelig - kontrol af inddata, hvilket kunne føre til et angreb i forbindelse med - udførelse af skripter på tværs af websteder (cross-site scripting). -

    • - -
  • CVE-2007-5342 - -

    - Man har opdaget at JULI-logningskomponenten ikke opsatte begrænsninger på - sin målsti, hvilket potentielt kunne medføre lammelsesangreb gennem - filoverskrivninger. -

    • - -
  • CVE-2007-5461 - -

    - Man har opdaget at WebDAV-servlet'en var sårbar over for et absolut - mappegennemløb. -

    • - -
- -

-Den gamle stabile distribution (sarge) indeholder ikke tomcat5.5. -

- -

-I den stabile distribution (etch), er disse problemer rettet i -version 5.5.20-2etch1. -

- -

-I den ustabile distribution (sid) vil disse problemer snart blive rettet. -

- -

-Vi anbefaler at du opgraderer dine tomcat5.5-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1447.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1448.wml b/danish/security/2008/dsa-1448.wml deleted file mode 100644 index 592c9f4adfb..00000000000 --- a/danish/security/2008/dsa-1448.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Man har opdaget at eggdrop, en avanceret IRC-robot, var sårbar over for et -bufferoverløb, hvilket kunne medføre en fjernbrugers udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 1.6.17-3sarge1.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.6.18-1etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.18-1.1

- -

Vi anbefaler at du opgraderer din eggdrop-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1448.data" -#use wml::debian::translation-check translation="b464eb110bfaaf666c8bbfc5e5cd65decb74ff37" mindelta="1" diff --git a/danish/security/2008/dsa-1449.wml b/danish/security/2008/dsa-1449.wml deleted file mode 100644 index fad99cf9784..00000000000 --- a/danish/security/2008/dsa-1449.wml +++ /dev/null @@ -1,19 +0,0 @@ -programmeringsfejl - -

Man har opdaget at loop-aes-utils, værktøjer til mounting og manipulering af -filsystemer, ikke smed priviligerede bruger- og grupperettigheder væk i den -korrekte rækkefølge, i kommandoerne mount og umount. Dette kunne potentielt -muliggøre at en lokal bruger kunne opnå yderligere rettigheder.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 2.12p-4sarge2.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.12r-15+etch1.

- -

Vi anbefaler at du opgraderer din loop-aes-utils-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1449.data" -#use wml::debian::translation-check translation="fc479fc1adbbfbd03a2e856398019df8504f014e" mindelta="1" diff --git a/danish/security/2008/dsa-1450.wml b/danish/security/2008/dsa-1450.wml deleted file mode 100644 index 6df6722c72e..00000000000 --- a/danish/security/2008/dsa-1450.wml +++ /dev/null @@ -1,19 +0,0 @@ -programmeringsfejl - -

Man har opdaget at util-linux, forskellge systemværktøjer, ikke smed -priviligerede bruger- og grupperettigheder væk i den korrekte rækkefølge, i -kommandoerne mount og umount. Dette kunne potentielt muliggøre at en lokal -bruger kunne opnå yderligere rettigheder.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 2.12p-4sarge2.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.12r-19etch1.

- -

Vi anbefaler at du opgraderer din util-linux-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1450.data" -#use wml::debian::translation-check translation="fc479fc1adbbfbd03a2e856398019df8504f014e" mindelta="1" diff --git a/danish/security/2008/dsa-1451.wml b/danish/security/2008/dsa-1451.wml deleted file mode 100644 index 9897fb74883..00000000000 --- a/danish/security/2008/dsa-1451.wml +++ /dev/null @@ -1,60 +0,0 @@ -flere sårbarheder - -

-Flere lokale og fjernudnytbare sårbarheder er opdaget i databaseserveren MySQL. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer: -

- -
    - -
  • CVE-2007-3781 - -

    - Man har opdaget at privilegievalideringen i kildetabellen til - CREATE TABLE LIKE-statements blev håndhævet på utilstrækkelig vis, hvilket - kunne føre til informationsafsløring. Dette kunne kun udnyttes af - autentificerede brugere. -

    • - -
  • CVE-2007-5969 - -

    - Man har opdaget at symbolske links blev håndteret på usikker vis under - oprettelsen af tabeller med DATA DIRECTORY- eler INDEX DIRECTORY-statements, - hvilket kunne føre til lammelsesangreb (denial of service) ved overskrivning - af data. Dette kunne kun udnyttes af autentificerede brugere. -

    • - -
  • CVE-2007-6304 - -

    - Man har opdaget at forespørgsler på data i en FEDERATED tabel kunne føre - til et nedbrud i den lokale databaseserver, hvis fjernserveren returnerede - oplysninger med førre kolonner end forventet, medførende lammelsesangreb. -

    • - -
- -

-Den gamle stabile stabile distribution (sarge) indeholder ikke mysql-dfsg-5.0. -

- -

-I den stabile distribution (etch), er disse problemer rettet i -version 5.0.32-7etch4. -

- -

-I den ustabile distribution (sid), er disse problemer rettet i -version 5.0.51-1. -

- -

-Vi anbefaler at du opgraderer dine mysql-dfsg-5.0-pakker. -

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1451.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1452.wml b/danish/security/2008/dsa-1452.wml deleted file mode 100644 index d924794ee7f..00000000000 --- a/danish/security/2008/dsa-1452.wml +++ /dev/null @@ -1,21 +0,0 @@ -lammelsesangreb - -

k1tk4t opdagede at wzdftpd, en portérbar, modulær, lille og effektiv -ftp-server, ikke på korrekt vis håndterede modtagelse af lange brugernavne. -Dette kunne gøre det muligt for fjernbrugere at få dæmonen til at afslutte.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 0.5.2-1.1sarge3.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.8.1-2etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.8.2-2.1.

- -

Vi anbefaler at du opgraderer din wzdftpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1452.data" -#use wml::debian::translation-check translation="95594c5f038ae0019c0ea77515f31f82f37d58a7" mindelta="1" diff --git a/danish/security/2008/dsa-1453.wml b/danish/security/2008/dsa-1453.wml deleted file mode 100644 index 59a1074527b..00000000000 --- a/danish/security/2008/dsa-1453.wml +++ /dev/null @@ -1,55 +0,0 @@ -flere sårbarheder - -

-Flere fjernudnytbare sårbarheder er opdaget i Tomcats servlet- og JSP-maskine. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer: -

- -
    - -
  • CVE-2007-3382 - -

    - Man har opdaget at enkeltanførselstegn (') i cookier blev behandlet som - skilletegn, hvilket kunne føre til en informationslækage. -

    • - -
  • CVE-2007-3385 - -

    - Man har opdaget at tegnsekvensen \" i cookier blev håndteret ukorrekt, - hvilket kunne føre til en informationslækage. -

    • - -
  • CVE-2007-5461 - -

    - Man har opdaget at WebDAV-servlet'en var sårbar over for et absolut - mappegennemløb. -

    • - -
- -

-Den gamle stabile distribution (sarge) doesn't contain tomcat5. -

- -

-I den stabile distribution (etch), er disse problemer rettet i -version 5.0.30-12etch1. -

- -

-Den ustabile distribution (sid) indeholder ikke længere tomcat5. -

- -

-Vi anbefaler at du opgraderer dine tomcat5-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1453.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1454.wml b/danish/security/2008/dsa-1454.wml deleted file mode 100644 index 8f1263b5b6a..00000000000 --- a/danish/security/2008/dsa-1454.wml +++ /dev/null @@ -1,31 +0,0 @@ -heltalsoverløb - -

-Greg MacManus opdagede et heltalsoverløb i skrifttyphåndteringen i libfreetype, -en FreeType 2-skrifttypemaskine, hvilket kunne føre til lammelsesangreb (denial -of service) eller muligvis udførelse af vilkårlig kode, hvis brugeren narres -til at åbne en misdannet skrifttype. -

- -

-I den gamle stabile distribution (sarge) vil dette problem snart blive rettet. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 2.2.1-5+etch2. -

- -

-I den ustabile distribution (sid), er dette problem rettet i -version 2.3.5-1. -

- -

-Vi anbefaler at du opgraderer dine freetype-pakker. -

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1454.data" -#use wml::debian::translation-check translation="770e747c5256f082d17ccbda2a9f1d4e91aa4019" mindelta="1" diff --git a/danish/security/2008/dsa-1455.wml b/danish/security/2008/dsa-1455.wml deleted file mode 100644 index 32b846e87f3..00000000000 --- a/danish/security/2008/dsa-1455.wml +++ /dev/null @@ -1,44 +0,0 @@ -lammelsesangreb - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i libarchive1, et -enkelt bibliotek til at læse og skrive arkiver i formaterne tar, cpio, pax, -zip og iso9660. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-3641 - -

    Man har opdaget at libarchive1 fejlberegnede længden på en buffer, - medførende et bufferoverløb hvis en anden form for korruption opstod i - pax-udvidelsesheaderen.

    • - -
  • CVE-2007-3644 - -

    Man har opdaget at hvis et arkiv sluttede før tid i en - pax-udvidelsesheader, kunne biblioteket libarchive1 gå ind i en uendelig - løkke.

    • - -
  • CVE-2007-3645 - -

    Hvis et arkiv sluttede før tid i en tar-header, umiddelbart efterfulgt - af en pax-udvidelsesheader, kunne libarchive1 dereferencere en - NULL-pointer.

    • - -
- -

Den gamle stabile distribution (sarge) indeholder ikke denne pakke.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.2.53-2etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.2.4-1.

- -

Vi anbefaler at du opgraderer din libarchive-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1455.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1456.wml b/danish/security/2008/dsa-1456.wml deleted file mode 100644 index 9703a26178a..00000000000 --- a/danish/security/2008/dsa-1456.wml +++ /dev/null @@ -1,30 +0,0 @@ -programmeringsfejl - -

-Daniel B. Cid opdagede at fail2ban, et værktøj til blokering af IP-adresser -som forårsager loginfejl, var for fri i sin håndtering af SSH-logfiler, hvilket -gjorde det muligt for en angriber af blokere enhver IP-adresse. -

- -

-Den gamle stabile distribution (sarge) indeholder ikke fail2ban. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 0.7.5-2etch1. -

- -

-I den ustabile distribution (sid), er dette problem rettet i -version 0.8.0-4. -

- -

-Vi anbefaler at du opgraderer din fail2ban-pakke. -

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1456.data" -#use wml::debian::translation-check translation="8a38b8c945e66f62689abbcd0088f20b11099709" mindelta="1" diff --git a/danish/security/2008/dsa-1457.wml b/danish/security/2008/dsa-1457.wml deleted file mode 100644 index 5fc269b546d..00000000000 --- a/danish/security/2008/dsa-1457.wml +++ /dev/null @@ -1,31 +0,0 @@ -programmeringsfejl - -

-Man har opdaget at Dovecot, en POP3- og IMAP-server, når den blev anvendt med -LDAP-autentifikation og en base indeholdende variabler, kunne gøre det -muligt for en bruger at logge ind på en anden bruges konto med den samme -adgangskode. -

- -

-Den gamle stabile distribution (sarge) er ikke påvirket. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 1.0.rc15-2etch3. -

- -

-I den ustabile distribution (sid), er dette problem rettet i -version 1.0.10-1. -

- -

-Vi anbefaler at du opgraderer dine dovecot-pakker. -

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1457.data" -#use wml::debian::translation-check translation="1bc426985558d9360e496528bb4ab71eee3faf5c" mindelta="1" diff --git a/danish/security/2008/dsa-1458.wml b/danish/security/2008/dsa-1458.wml deleted file mode 100644 index 8ad63f19389..00000000000 --- a/danish/security/2008/dsa-1458.wml +++ /dev/null @@ -1,29 +0,0 @@ -programmeringsfejl - -

-En race-tilstand i filserveren OpenAFS gjorde det muligt for fjernangribere at -forårsage et lammelsesangreb (denial of service, dæmonnedbrud) ved på samme tid -at indhente og tilbagelevere fil-callbacks, hvilket fik håndteringen af -GiveUpAllCallBacks RPC til at udføre hængtet liste-handlinger uden -host_glock-låsen. -

- -

-I den gamle stabile distribution (sarge), er dette problem rettet i -version 1.3.81-3sarge3. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 1.4.2-6etch1. -

- -

-Vi anbefaler at du opgraderer dine openafs-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1458.data" -#use wml::debian::translation-check translation="c937ed4c60272418e762dde21e7ec14644e76860" mindelta="1" diff --git a/danish/security/2008/dsa-1459.wml b/danish/security/2008/dsa-1459.wml deleted file mode 100644 index e1cbf857153..00000000000 --- a/danish/security/2008/dsa-1459.wml +++ /dev/null @@ -1,32 +0,0 @@ -utilstrækkelig kontrol af inddata - -

-Man har opdaget at Gforge, et samarbejdsværktøj til udviklere, ikke på -korrekt vis fornuftighedskontrollerede nogle CGI-parametre, hvilket muliggjorde -SQL-indsprøjtning i skripter i forbindelse med RSS-ekspoteringer. -

- -

-I den gamle stabile distribution (sarge), er dette problem rettet i -version 3.1-31sarge5. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 4.5.14-22etch4. -

- -

-I den ustabile distribution (sid), er dette problem rettet i -version 4.6.99+svn6330-1. -

- -

-Vi anbefaler at du opgraderer dine gforge-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1459.data" -#use wml::debian::translation-check translation="a8368c37d8f45fcec67ec4f2f07e2c3e3e333cb0" mindelta="1" diff --git a/danish/security/2008/dsa-1460.wml b/danish/security/2008/dsa-1460.wml deleted file mode 100644 index 45ea9c46815..00000000000 --- a/danish/security/2008/dsa-1460.wml +++ /dev/null @@ -1,79 +0,0 @@ -flere sårbarheder - -

-Flere lokalt udnytbar sårbarheder er opdaget i PostgreSQL, en objekt-relationel -SQL-database. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende problemer: -

- -
    - -
  • CVE-2007-3278 - -

    - Man har opdaget at modulet DBLink udførte utilstrækkelig tilladelseskontrol. - Dette problem er også registreret som - CVE-2007-6601, - da opstrøms oprindelige rettelse ikke var komplet. -

    • - -
  • CVE-2007-4769 - -

    - Tavis Ormandy og Will Drewry opdagede at en fejl i håndteringen af - tilbage-reference i regulære udtryk-maskinen kunne føre til læsning uden - for grænserne, medførende et nedbrud (crash). Der er kun tale om et - sikkerhedsproblem, hvis en applikation der anvender PostgreSQL, behandler - regulære udtræk fra kilder man ikke stoler på. -

    • - -
  • CVE-2007-4772 - -

    - Tavis Ormandy og Will Drewry opdagede at regulære udtryk kunne narres ind i - en uendelig løkke, medførende lammelsesangreb. Der er kun tale om et - sikkerhedsproblem, hvis en applikation der anvender PostgreSQL, behandler - regulære udtræk fra kilder man ikke stoler på. -

    • - -
  • CVE-2007-6067 - -

    - Tavis Ormandy og Will Drewry opdagede at optimeringen af regulære udtryk - kunne narres til omfattende ressourceforbrug. Der er kun tale om et - sikkerhedsproblem, hvis en applikation der anvender PostgreSQL, behandler - regulære udtræk fra kilder man ikke stoler på. -

    • - -
  • CVE-2007-6600 - -

    - Funktioner i indeksudtryk kunne føre til rettighedsforøgelse. For en mere - uddybende forklaring, se opstrøms annoncering, som er tilgængelig på - http://www.postgresql.org/about/news.905. -

    • - -
- -

-Den gamle stabile distribution (sarge) indeholder ikke postgresql-8.1. -

- -

-I den stabile distribution (etch), er disse problemer rettet i version -postgresql-8.1 8.1.11-0etch1. -

- -

-I den ustabile distribution (sid), er disse problemer rettet i -version 8.2.6-1 of postgresql-8.2. -

- -

-Vi anbefaler at du opgraderer din postgresql-8.1 (8.1.11-0etch1)-pakke. -

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1460.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1461.wml b/danish/security/2008/dsa-1461.wml deleted file mode 100644 index 9948b8fd1b4..00000000000 --- a/danish/security/2008/dsa-1461.wml +++ /dev/null @@ -1,31 +0,0 @@ -manglende kontrol af inddata - -

-Brad Fitzpatrick opdagede at UTF-8-dekodningsfunktionerne i libxml2, GNOMEs -XML-bibliotek, validerede UTF-8-korrekthed på utilstrækkelig vis, hvilket kunne -føre til lammelsesangreb (denial of service) ved at tvinge libxml2 ind i en -uendelig løkke. -

- -

-I den gamle stabile distribution (sarge), er dette problem rettet i -version 2.6.16-7sarge1. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 2.6.27.dfsg-2. -

- -

-I den ustabile distribution (sid), vil dette problem snart blive rettet. -

- -

-Vi anbefaler at du opgraderer dine libxml2-pakker. -

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1461.data" -#use wml::debian::translation-check translation="9b80575690084b040eb6f3e7d9d32984a7e46cd8" mindelta="1" diff --git a/danish/security/2008/dsa-1462.wml b/danish/security/2008/dsa-1462.wml deleted file mode 100644 index 72baa5f10b6..00000000000 --- a/danish/security/2008/dsa-1462.wml +++ /dev/null @@ -1,31 +0,0 @@ -manglende kontrol af inddata - -

-Kees Cook opdagede at værktøjet hpssd fra HP Linux Printing and Imaging System -(HPLIP) udførte utilstrækkelig fornuftighedsinddatakontrol af shell-meta-tegn, -hvilket kunne føre til lokal rettighedsforøgelse af hplip-brugeren. -

- -

-Den gamle stabile distribution (sarge) er ikke påvirket af dette problem. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 1.6.10-3etch1. -

- -

-I den ustabile distribution (sid), er dette problem rettet i -version 1.6.10-4.3. -

- -

-Vi anbefaler at du opgraderer dine hplip-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1462.data" -#use wml::debian::translation-check translation="9b80575690084b040eb6f3e7d9d32984a7e46cd8" mindelta="1" diff --git a/danish/security/2008/dsa-1463.wml b/danish/security/2008/dsa-1463.wml deleted file mode 100644 index f5373275e70..00000000000 --- a/danish/security/2008/dsa-1463.wml +++ /dev/null @@ -1,84 +0,0 @@ -flere sårbarheder - -

-Flere lokalt udnytbar sårbarheder er opdaget i PostgreSQL, en objekt-relationel -SQL-database. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende problemer: -

- -
    - -
  • CVE-2007-3278 - -

    - Man har opdaget at modulet DBLink udførte utilstrækkelig tilladelseskontrol. - Dette problem er også registreret som - CVE-2007-6601, - da opstrøms oprindelige rettelse ikke var komplet. -

    • - -
  • CVE-2007-4769 - -

    - Tavis Ormandy og Will Drewry opdagede at en fejl i håndteringen af - tilbage-reference i regulære udtryk-maskinen kunne føre til læsning uden - for grænserne, medførende et nedbrud (crash). Der er kun tale om et - sikkerhedsproblem, hvis en applikation der anvender ProgreSQL, behandler - regulære udtræk fra kilder man ikke stoler på. -

    • - -
  • CVE-2007-4772 - -

    - Tavis Ormandy og Will Drewry opdagede at regulære udtryk kunne narres ind i - en uendelig løkke, medførende lammelsesangreb. Der er kun tale om et - sikkerhedsproblem, hvis en applikation der anvender ProgreSQL, behandler - regulære udtræk fra kilder man ikke stoler på. -

    • - -
  • CVE-2007-6067 - -

    - Tavis Ormandy og Will Drewry opdagede at optimeringen af regulære udtryk - kunne narres til omfattende ressourceforbrug. Der er kun tale om et - sikkerhedsproblem, hvis en applikation der anvender ProgreSQL, behandler - regulære udtræk fra kilder man ikke stoler på. -

    • - -
  • CVE-2007-6600 - -

    - Funktioner i indeksudtryk kunne føre til rettighedsforøgelse. For en mere - uddybende forklaring, se opstrøms annoncering, som er tilgængelig på - http://www.postgresql.org/about/news.905. -

    • - -
- -

-I den gamle stabile distribution (sarge) er nogle af disse problemer rettet i -version 7.4.7-6sarge6 af pakken postgresql. Bemærk at rettelsen af -CVE-2007-6600 -og håndteringen af regulære udtræk ikke er ført tilbage, på grund af rettelsens -omfattende påvirkning. Vi anbefaler at opgradere til den stabile distribution -hvis disse sårbarheder påvirker din opsætning. -

- -

-I den stabile distribution (etch), er disse problemer rettet i -version 7.4.19-0etch1. -

- -

-Den ustabile distribution (sid) indeholder ikke længere postgres-7.4. -

- -

-Vi anbefaler at du opgraderer dine postgresql-7.4-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1463.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1464.wml b/danish/security/2008/dsa-1464.wml deleted file mode 100644 index ddf10271ed7..00000000000 --- a/danish/security/2008/dsa-1464.wml +++ /dev/null @@ -1,31 +0,0 @@ -null-pointer-dereference - -

-Oriol Carreras opdagede at syslog-ng, en næste generations logningsdæmon, kunne -narres til at dereferencere en NULL-pointer gennem misdannede tidsstemplinger, -hvilket kunne føre til lammelsesangreb og tilsløring af efterfølgende angreb, -som ellers ville blive logget. -

- -

-Den gamle stabile distribution (sarge) er ikke påvirket. -

- -

-I den stabile distribution (etch), er dette problem rettet i -version 2.0.0-1etch1. -

- -

-I den ustabile distribution (sid), er dette problem rettet i -version 2.0.6-1. -

- -

-Vi anbefaler at du opgraderer din syslog-ng-pakke. -

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1464.data" -#use wml::debian::translation-check translation="30c51b2d1994b30ed2daa7cc14415ad0251ba607" mindelta="1" diff --git a/danish/security/2008/dsa-1465.wml b/danish/security/2008/dsa-1465.wml deleted file mode 100644 index c53ff29d55e..00000000000 --- a/danish/security/2008/dsa-1465.wml +++ /dev/null @@ -1,22 +0,0 @@ -programmeringsfejl - -

Felipe Sateler opdagede at apt-listchanges, et værktøj til at oplyse om -pakkeændringer, anvendte usikre stier ved import af dets python-biblioteker. -Dette kunne muliggøre udførelse af vilkårlige shell-kommandoer, hvis -root-brugeren udførte kommandoen i en mappe, som andre lokale brugere kunne -skrive til.

- -

I den gamle stabile distribution (sarge) findes dette problem ikke.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.72.5etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.82.

- -

Vi anbefaler at du opgraderer din apt-listchanges-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1465.data" -#use wml::debian::translation-check translation="6d251c622cc6256a9b0db3ed26f8c32a6ca5c399" mindelta="1" diff --git a/danish/security/2008/dsa-1466.wml b/danish/security/2008/dsa-1466.wml deleted file mode 100644 index 3015284dad8..00000000000 --- a/danish/security/2008/dsa-1466.wml +++ /dev/null @@ -1,66 +0,0 @@ -flere sårbarheder - -

X.org-rettelsen af -\ -CVE-2007-6429 medførte en regression i udvidelsen MIT-SHM, hvilket -forhindrede at nogle få programmer kunne starte. Med denne opdatering gøres -opdaterede pakker tilgængelige til xfree86-versionen i Debians gamle stabile -distribution (sarge) foruden rettede pakker i Debians stabile distributio -(etch), som blev leveret med DSA 1466-2.

- -

Til reference er herunder den oprindelige bulletins tekst:

- -

Flere lokale sårbarheder er opdaget i X.Org's X-server. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-5760 - -

    regenrecht opdagede at manglende kontrol af inddata i udvidelsen - XFree86-Misc kunne føre til lokal rettighedsforøgelse.

    • - -
  • CVE-2007-5958 - -

    Man opdagede at fejlmeddelelser i sikkerhedspolicyfilhåndtering kunne - føre til en mindre informationslækage, afslørende eksistensen af filer, - der ellers er utilgængelige for brugeren.

    • - -
  • CVE-2007-6427 - -

    regenrecht opdagede at manglende kontrol af inddata i udvidelsen - XInput-Misc kunne føre til lokal rettighedsforøgelse.

    • - -
  • CVE-2007-6428 - -

    regenrecht opdagede at manglende kontrol af inddata i udvidelsen - TOG-CUP kunne føre til afsløring af hukommelsesindhold.

    • - -
  • CVE-2007-6429 - -

    regenrecht opdagede at heltalsoverløb i udvidelserne EVI og MIT-SHM - kunne føre til lokal rettighedsforøgelse.

    • - -
  • CVE-2008-0006 -

    Man opdagede at utilstrækkelig kontrol af PCF-skrifttyper kunne føre til - lokal rettighedsforøgelse.

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 4.3.0.dfsg.1-14sarge7 af xfree86.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.1.1-21etch3 af xorg-server og version 1.2.2-2.etch1 af -libxfont.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:1.4.1~git20080118-1 af xorg-server og version 1:1.3.1-2 -af libxfont.

- -

Vi anbefaler at du opgraderer dine X.org-/Xfree86-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1466.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1467.wml b/danish/security/2008/dsa-1467.wml deleted file mode 100644 index 5a35ef45711..00000000000 --- a/danish/security/2008/dsa-1467.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Mantis, et webbaseret -fejlsporingssystem. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2006-6574 - -

    Skræddersyede felter blev ikke beskyttet tilstrækkeligt af pr. - punkt-adgangskontrol, hvilket muliggjorde offentliggørelse af følsomme - data.

    • - -
  • CVE-2007-6611 - -

    Flere problemer med udførelse af skripter på tværs af servere, gjorde - det muligt for fjernangribere at indsætte ondsindet HTML eller webskript i - Mantis-websider.

    • - -
- -

I den gamle stabile distribution (sarge), er disse problemer rettet i -version 0.19.2-5sarge5.

- -

Den stabile distribution (etch) er ikke påvirket af disse problemer.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.8-4.

- -

Vi anbefaler at du opgraderer din mantis-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1467.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1468.wml b/danish/security/2008/dsa-1468.wml deleted file mode 100644 index 29fb7898ff0..00000000000 --- a/danish/security/2008/dsa-1468.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Tomcats servlet- og -JSP-maskine. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2008-0128 - -

    Olaf Kock opdagede at HTTPS-kryptering blev håndhævet på utilstrækkelig - vis hvad angår single-sign-on-cookies, hvilket kunne medføre - informationsafsløring.

    • - -
  • CVE-2007-2450 - -

    Man opdagede at webapplikationerne Manager og Host Manager udførte - utilstrækkelig fornuftighedskontrol, hvilket kunne føre til udførelse af - skripter på tværs af websteder.

    • - -
- -

Denne opdatering tilpasser også pakken tomcat5.5-webapps til de strammede -JULI-rettigheder indført i de tidligere tomcat5.5-DSA'er. Bemærk dog at -tomcat5.5-webapps kun er beregnet til demonstrerings- og dokumenteringsformål, -og ikke bør anvendes på produktionssystemer.

- -

Den gamle stabile distribution (sarge) indeholder ikke tomcat5.5.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 5.5.20-2etch2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine tomcat5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1468.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1469.wml b/danish/security/2008/dsa-1469.wml deleted file mode 100644 index 908c4ea28c9..00000000000 --- a/danish/security/2008/dsa-1469.wml +++ /dev/null @@ -1,21 +0,0 @@ -flere sårbarheder - -

Sean de Regge og Greg Linares opdagede flere heap- og stakbaserede -bufferoverløb i FLAC, Free Lossless Audio Codec, hvilket kunne medføre -udførelse af vilkårlige kode.

- -

I den gamle stabile distribution (sarge), er disse problemer -rettet i version 1.1.1-5sarge1.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.1.2-8.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.2.1-1.

- -

Vi anbefaler at du opgraderer dine flac-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1469.data" -#use wml::debian::translation-check translation="3d8d1e08ba0afff97ba52ec25f7925b703b6d4c4" mindelta="1" diff --git a/danish/security/2008/dsa-1470.wml b/danish/security/2008/dsa-1470.wml deleted file mode 100644 index 4cfcb61faa4..00000000000 --- a/danish/security/2008/dsa-1470.wml +++ /dev/null @@ -1,23 +0,0 @@ -manglende kontrol af inddata - -

Ulf Härnhammar opdagede at HTML-filteret i webapplikationsframeworket Horde -udførte utilstrækkelig fornuftighedskontrol af inddata, hvilket kunne føre til -sletning af e-mail hvis en bruger blev narret til at læse en misdannet e-mail -i en Imp-klient.

- -

Denne opdatering indeholder også tilbageførte fejlrettelser til filteret -vedrørende udførelse af skripter på tværs af websteder og -brugerhåndterings-API'et, fra den seneste udgave af Horde, version 3.1.6.

- -

Den gamle stabile distribution (sarge) er ikke påvirket. Det anbefales -dog at opgradere til etch.

- -

I den stabile distribution (etch), er dette problem rettet i -version 3.1.3-4etch2.

- -

Vi anbefaler at du opgraderer din horde3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1470.data" -#use wml::debian::translation-check translation="d9fdc7911d30dec8a421580b7df64ba3c920f6a1" mindelta="1" diff --git a/danish/security/2008/dsa-1471.wml b/danish/security/2008/dsa-1471.wml deleted file mode 100644 index 15416dbe662..00000000000 --- a/danish/security/2008/dsa-1471.wml +++ /dev/null @@ -1,22 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er fundet i Vorbis General Audio Compression Codec, hvilket -kunne føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode, hvis en bruger narres til at åbne en misdannet Ogg Audio-fil med et -program, der er linket mod libvorbis.

- -

I den gamle stabile distribution (sarge), er disse problemer rettet -i version 1.1.0-2.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.1.2.dfsg-1.3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.2.0.dfsg-1.

- -

Vi anbefaler at du opgraderer dine libvorbis-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1471.data" -#use wml::debian::translation-check translation="0461abd5fa1fd04d71e582bd6237164f9c916005" mindelta="1" diff --git a/danish/security/2008/dsa-1472.wml b/danish/security/2008/dsa-1472.wml deleted file mode 100644 index a4292d1dd5a..00000000000 --- a/danish/security/2008/dsa-1472.wml +++ /dev/null @@ -1,23 +0,0 @@ -bufferoverløb - -

Luigi Auriemma opdagede at medieafspilningsbiblioteket Xine udførte -utilstrækklig fornuftighedskontrol af inddata under håndtering af -RTSP-strømme, hvilket kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (sarge), er dette problem rettet -i version 1.0.1-1sarge6.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.1.2+dfsg-5.

- -

I distributionen testing (lenny), er dette problem rettet i -version 1.1.8-3+lenny1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xine-lib-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1472.data" -#use wml::debian::translation-check translation="3d8d1e08ba0afff97ba52ec25f7925b703b6d4c4" mindelta="1" diff --git a/danish/security/2008/dsa-1473.wml b/danish/security/2008/dsa-1473.wml deleted file mode 100644 index c7cc5ea63f3..00000000000 --- a/danish/security/2008/dsa-1473.wml +++ /dev/null @@ -1,32 +0,0 @@ -designfejl - -

Joachim Breitner opdagede at Subversion-understøttelsen i scponly generelt er -usikker, hvilket gjorde det muligt for udføre vilkårlige kommandoer. Yderligere -undersøgelser viste at rsync- og Unison-understøttelsen var ramt af lignende -problemer. Disse problemer har fået tildelt -\ -CVE-2007-6350.

- -

Desuden opdagede man at det var muligt, at kalde scp med visse -valgmuligheder, der kunne føre til udførelse af vilkårlige kommandoer -(\ -CVE-2007-6415).

- -

Denne opdatering fjerner understøttelse af Subversion, rsync og Unison fra -pakken scponly, og forhindrer scp i at blive kaldt med farlige -valgmuligheder.

- -

I den gamle stabile distribution (sarge), er disse problemer rettet -i version 4.0-1sarge2.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 4.6-1etch1.

- -

Den ustabile distribution (sid) vil snart blive rettet.

- -

Vi anbefaler at du opgraderer din scponly-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1473.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1474.wml b/danish/security/2008/dsa-1474.wml deleted file mode 100644 index 455baed5adb..00000000000 --- a/danish/security/2008/dsa-1474.wml +++ /dev/null @@ -1,17 +0,0 @@ -heltalsoverløb - -

Meder Kydyraliev opdagede et heltalsoverløb i thumbnail-håndteringen i -libexif, biblioteket til manipulering af EXIF/IPTC-metadata, hvilket kunne -medføre udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (sarge) indeholder ikke exiv2-pakker.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.10-1.5.

- -

Vi anbefaler at du opgraderer dine exiv2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1474.data" -#use wml::debian::translation-check translation="3d8d1e08ba0afff97ba52ec25f7925b703b6d4c4" mindelta="1" diff --git a/danish/security/2008/dsa-1475.wml b/danish/security/2008/dsa-1475.wml deleted file mode 100644 index 06aac90fb39..00000000000 --- a/danish/security/2008/dsa-1475.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

José Ramón Palanco opdagede at en sårbarhed forbindelse med udførelse af -skripter på tværs af websteder i GForge, et samarbejdsudviklingsværktøj, gjorde -det muligt for fjernangribere at indsprøjte vilkårligt webskript eller HTML i -konteksten hørende til en indlogget brugers session.

- -

Den gamle stabile distribution (sarge) er ikke påvirket af dette problem.

- -

I den stabile distribution (etch), er dette problem rettet i version -4.5.14-22etch5.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 4.6.99+svn6347-1.

- -

Vi anbefaler at du opgraderer din gforge-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1475.data" -#use wml::debian::translation-check translation="001a593e46a77186792b70dd0c73bf6429ed99b3" mindelta="1" diff --git a/danish/security/2008/dsa-1476.wml b/danish/security/2008/dsa-1476.wml deleted file mode 100644 index dca6f1280d8..00000000000 --- a/danish/security/2008/dsa-1476.wml +++ /dev/null @@ -1,17 +0,0 @@ -programmeringsfejl - -

Marcus Meissner opdagede at lydserveren PulseAudio udførte utilstrækkelige -kontroller når den smed rettighederne væk, hvilket kunne føre til lokal -rettighedsforøgelse.

- -

Den gamle stabile distribution (sarge) indeholder ikke pulseaudio.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.9.5-5etch1.

- -

Vi anbefaler at du opgraderer dine pulseaudio-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1476.data" -#use wml::debian::translation-check translation="d9fdc7911d30dec8a421580b7df64ba3c920f6a1" mindelta="1" diff --git a/danish/security/2008/dsa-1477.wml b/danish/security/2008/dsa-1477.wml deleted file mode 100644 index 68464ac09be..00000000000 --- a/danish/security/2008/dsa-1477.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

Duncan Gilmore opdagede at yarssr, en RSS-samler og -læser, udførte -utilstrækkelig fornuftighedskontrol af inddata, hvilket kunne medføre udførelse -af vilkårlige shell-kommandoer, hvis et misdannet feed blev læst.

- -

På grund af tekniske begrænsninger i arkivhåndteringsskipterne, er det -nødvendigt at udskyde rettelsen af den gamle stabile distribution (sarge) -i nogle få dage.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.2.2-1etch1.

- -

Vi anbefaler at du opgraderer dine yarssr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1477.data" -#use wml::debian::translation-check translation="569360971e8eb7511086aae80595d5518e85c728" mindelta="1" diff --git a/danish/security/2008/dsa-1478.wml b/danish/security/2008/dsa-1478.wml deleted file mode 100644 index 8770ca88cca..00000000000 --- a/danish/security/2008/dsa-1478.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Luigi Auriemma opdagede to bufferoverløb i YaSSL, en SSL-implementering -indeholdt i databasepakken MySQL, hvilket kunne føre til lammelsesangreb -(denial of service) og muligvis udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (sarge) indeholder ikke mysql-dfsg-5.0.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 5.0.32-7etch5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.0.51-3.

- -

Vi anbefaler at du opgraderer din mysql-dfsg-5.0-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1478.data" -#use wml::debian::translation-check translation="45aec85357e975d60f2bbd9bb94fbb55f9ccbf2d" mindelta="1" diff --git a/danish/security/2008/dsa-1479.wml b/danish/security/2008/dsa-1479.wml deleted file mode 100644 index 92b42fa4554..00000000000 --- a/danish/security/2008/dsa-1479.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere lokalt udnytbare sårbarheder er opdaget i Linux-kernen, disse kunne -føre til et lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2007-2878 - -

    Bart Oldeman rapporterede om et lammelsesangrebsproblem (DoS) i - filsystemet VFAT, hvilket gjorde det muligt for lokale brugere at - ødelægge en kernestruktur, medførende systemnedbrud. Dette var kun et - problem på systemer, der anvender VFAT compat ioctl-interfacet, så som - systemer der kører en amd64-udgave af kernen.

    • - -
  • CVE-2007-4571 - -

    Takashi Iwai leverede en rettelse af en hukommelseslækage i modulet - snd_page_alloc. Lokale brugere kunne udnytte dette problem til at få - adgang til følsomme oplysninger fra kernen.

    • - -
  • CVE-2007-6151 - -

    ADLAB opdagede et muligt hukommelsesoverløb i ISDN-undersystemet, - hvilket kunne gøre det muligt for en lokal bruger at overskrive - kernehukommelse ved udsendelse af ioctls med uafsluttede data.

    • - -
  • CVE-2008-0001 - -

    Bill Roman fra Datalight bemærkede en programmeringsfejl i Linux' - VFS-undersystem, der under visse omstændigheder kunne gøre det muligt for - lokale brugere at fjerne mapper, som de ikke skulle har sletterettigheder - til.

    • - -
- -

Disse problemer er rettet i den stabile distribution i version -2.6.18.dfsg.1-17etch1.

- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1479.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1480.wml b/danish/security/2008/dsa-1480.wml deleted file mode 100644 index a16134a37d5..00000000000 --- a/danish/security/2008/dsa-1480.wml +++ /dev/null @@ -1,17 +0,0 @@ -flere sårbarheder - -

Alin Rad Pop opdagede flere bufferoverløb i Poppler PDF-biblioteket, hvilket -kunne gøre det muligt at udføre vilkårlig kode hvis en misdannet PDF-fil blev -åbnet.

- -

Den gamle stabile distribution (sarge) indeholder ikke poppler.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.4.5-5.1etch2.

- -

Vi anbefaler at du opgraderer dine poppler-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1480.data" -#use wml::debian::translation-check translation="42aecd6f7d3beab023a16a76234d15ed8c6f9265" mindelta="1" diff --git a/danish/security/2008/dsa-1481.wml b/danish/security/2008/dsa-1481.wml deleted file mode 100644 index 9c026a937aa..00000000000 --- a/danish/security/2008/dsa-1481.wml +++ /dev/null @@ -1,18 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at en mappegennemløbssårbarhed i CherryPy, et pythonsk -objektorienteret webudviklingsframework, kunne føre til lammelsesandgreb -(denial of service) ved at slette filer gennem ondsindede sessions-id'er i -cookies.

- -

Den gamle stabile distribution (sarge) indeholder ikke python-cherrypy.

- -

I den stabile distribution (etch), er dette problem rettet i -version 2.2.1-3etch1.

- -

Vi anbefaler at du opgraderer dine python-cherrypy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1481.data" -#use wml::debian::translation-check translation="4558f273ac032088b2333235bdd8dedb8e808dd5" mindelta="1" diff --git a/danish/security/2008/dsa-1482.wml b/danish/security/2008/dsa-1482.wml deleted file mode 100644 index 0b0d76f0602..00000000000 --- a/danish/security/2008/dsa-1482.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Man har opdaget at misdannet cacheopdateringssvar mod webproxycachen Squid, -kunne føre til opbrug af systemhukommelse, potentielt medførende lammelsesangreb -(denial of service).

- -

I den gamle stabile distribution (sarge) kan denne opdatering pt. ikke -behandles på buildd-sikkerhedsnetværket på grund af en fejl i -arkivhåndteringsskriptet. Dette vil snart blive løst. En opdatering til -i386 er midlertidigt tilgængelig på -.

- -

I den stabile distribution (etch), er dette problem rettet i -version 2.6.5-6etch1.

- -

Vi anbefaler at du opgraderer dine squid-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1482.data" -#use wml::debian::translation-check translation="534d1b782cfb92f46dc41fd064f779fffc329b12" mindelta="1" diff --git a/danish/security/2008/dsa-1483.wml b/danish/security/2008/dsa-1483.wml deleted file mode 100644 index 211bb3f4a05..00000000000 --- a/danish/security/2008/dsa-1483.wml +++ /dev/null @@ -1,19 +0,0 @@ -designfejl - -

SNMP-agenten (snmp_agent.c) i net-snmp før version 5.4.1 tillod -fjernangribere at forårsage et lammelsesangreb (denial of service, CPU- og -hukommelsesforbrug) gennem en GETBULK-forespørgsel med en stor -max-repeaters-værdi.

- -

I den stabile distribution (etch), er dette problem rettet i -version 5.2.3-7etch2.

- -

I den ustabile distribution og distributionen testing (hhv. sid og lenny), -er dette problem rettet i version 5.4.1~dfsg-2.

- -

Vi anbefaler at du opgraderer din net-snmp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1483.data" -#use wml::debian::translation-check translation="d507cd3a4c18992170ec74f24b200098c7f53da7" mindelta="1" diff --git a/danish/security/2008/dsa-1484.wml b/danish/security/2008/dsa-1484.wml deleted file mode 100644 index 03adc2089ed..00000000000 --- a/danish/security/2008/dsa-1484.wml +++ /dev/null @@ -1,86 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø til -XUL-applikationer. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2008-0412 - -

    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren og Paul - Nickerson opdagede nedbrud i layoutmaskinen, hvilket måske kunne gøre det - muligt at udføre vilkårlig kode.

    • - -
  • CVE-2008-0413 - -

    Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, - shutdown, Philip Taylor og tgirmann opdagede nedbrud i - JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2008-0414 - -

    hong og Gregory Fleischer opdagede at filinddatafokussårbarheder i - filoplægningskontrollen kunne gøre muliggøre informationsafsløring af lokal - filer.

    • - -
  • CVE-2008-0415 - -

    moz_bug_r_a4 og Boris Zbarsky opdagede flere sårbarheder i - JavaScript-håndteringen, hvilket kunne muliggøre - rettighedsforøgelse.

    • - -
  • CVE-2008-0417 - -

    Justin Dolske opdagede at mekanismen til opbevaring af adgangskoder - kunne misbruges af ondsindede websteder til at ødelægge allerede gemte - adgangskoder.

    • - -
  • CVE-2008-0418 - -

    Gerry Eisenhaur og moz_bug_r_a4 opdagede at en - mappegennemløbssårbarhed i chrome: URI-håndteringen føre til - informationsafsløring.

    • - -
  • CVE-2008-0419 - -

    David Bloom opdagede en race-tilstand i billedhåndteringen i - designMode-elementer, hvilket kunne føre til informationsafsløring eller - potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2008-0591 - -

    Michal Zalewski opdagede at timere der beskytter sikkerhedsfølsomme - dialoger (hvilket deaktiverer dialogelementer indtil en timeout er nået) - kunne omgås ved at ændre vinduefokus gennem JavaScript.

    • - -
  • CVE-2008-0592 - -

    Man opdagede at misdannede indholdsdeklarationer på gemte vedhæftelser - kunne forhindre en bruger i at åbne lokale filer med et .txt-filnavn, - medførende et lille lammelsesangreb (denial of service).

    • - -
  • CVE-2008-0593 - -

    Martin Straka opdagede at usikker stylesheet-håndtering under - omdirigeringer kunne føre til informationsafsløring.

    • - -
  • CVE-2008-0594 - -

    Emil Ljungdahl og Lars-Olof Moilanen opdagede at - phishing-beskyttelser kunne omgås med <div>-elementer.

    • - -
- -

Den gamle stabile distribution (sarge) indeholder ikke xulrunner.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.8.0.15~pre080131b-0etch1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1484.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1485.wml b/danish/security/2008/dsa-1485.wml deleted file mode 100644 index 21ae04c17e8..00000000000 --- a/danish/security/2008/dsa-1485.wml +++ /dev/null @@ -1,59 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i mailklienten Icedove, en -version af Thunderbird-klienten. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2008-0412 - -

    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren og Paul - Nickerson opdagede nedbrud i layoutmaskinen, hvilket måske kunne gøre det - muligt at udføre vilkårlig kode.

    • - -
  • CVE-2008-0413 - -

    Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, - shutdown, Philip Taylor og tgirmann opdagede nedbrud i - JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2008-0415 - -

    moz_bug_r_a4 og Boris Zbarsky opdagede flere sårbarheder i - JavaScript-håndteringen, hvilket kunne muliggøre - rettighedsforøgelse.

    • - -
  • CVE-2008-0418 - -

    Gerry Eisenhaur og moz_bug_r_a4 opdagede at en - mappegennemløbssårbarhed i chrome: URI-håndteringen føre til - informationsafsløring.

    • - -
  • CVE-2008-0419 - -

    David Bloom opdagede en race-tilstand i billedhåndteringen i - designMode-elementer, hvilket kunne føre til informationsafsløring og - potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2008-0591 - -

    Michal Zalewski opdagede at timere der beskytter sikkerhedsfølsomme - dialoger (ved deaktivering af dialogelementer indtil en timeout er nået) - kunne omgås ved at ændre vinduefokus gennem JavaScript.

    • - -
- -

Mozilla-produkterne i den gamle stabile distribution (sarge) understøttes -ikke længere med sikkerhedsopdateringer.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.5.0.13+1.5.0.15b.dfsg1-0etch2.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1485.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1486.wml b/danish/security/2008/dsa-1486.wml deleted file mode 100644 index be882331d71..00000000000 --- a/danish/security/2008/dsa-1486.wml +++ /dev/null @@ -1,17 +0,0 @@ -udførelse af skripter på tværs af websteder - - -

r0t opdagede at gnatsweb, en webgrænseflade til GNU GNATS, ikke på -tilstrækkelig vis fornuftighedskontrollerede databaseparametre i det primære -CGI-skript. Dette kunne gøre det muligt at indsprøjte vilkårlig HTML eller -JavaScript-kode.

- -

I den stabile distribution (etch), er dette problem rettet i version -4.00-1etch1.

- -

Vi anbefaler at du opgraderer din gnatsweb-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1486.data" -#use wml::debian::translation-check translation="5322de3681545915ad863dc3c5f47aace131a58c" mindelta="1" diff --git a/danish/security/2008/dsa-1487.wml b/danish/security/2008/dsa-1487.wml deleted file mode 100644 index 8b8d51d7cad..00000000000 --- a/danish/security/2008/dsa-1487.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i EXIF-fortolkningskoden i biblioteket libexif, -hvilket kunne føre til lammelsesangreb (denial of service) eller udførelse af -vilkårlig kode, hvis en bruger blev narret til at åbne et misdannet billede. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-2645 - -

    Victor Stinner opdagede et heltalsoverløb, hvilket måske kunne - medføre lammelsesangreb eller potentielt udførelse af vilkårlig - kode.

    • - -
  • CVE-2007-6351 - -

    Meder Kydyraliev opdagede en uendelig løkke, hvilket måske kunne - medføre lammelsesangreb.

    • - -
  • CVE-2007-6352 - -

    Victor Stinner opdagede et heltalsoverløb, hvilket måske kunne - medføre lammelsesangreb eller potentielt udførelse af vilkårlig - kode.

    • - -
- -

Denne opdatering retter også to potentielle NULL-pointerdereferencer.

- -

I den gamle stabile distribution (sarge), er disse problemer -fixed in 0.6.9-6sarge2.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.6.13-5etch2.

- -

Vi anbefaler at du opgraderer dine libexif-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1487.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1488.wml b/danish/security/2008/dsa-1488.wml deleted file mode 100644 index 7d357b94b90..00000000000 --- a/danish/security/2008/dsa-1488.wml +++ /dev/null @@ -1,55 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i phpBB, et webbaseret -bulletin board (opslagstavle). Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2008-0471 - -

    Forespørgselsforfalskning i forbindelse med private meddelelser på - tværs af servere, hvilket gjorde det muligt at slette alle en brugers - private meddelelser, ved at sende dem til en særligt fremstillet - webside.

    • - -
  • CVE-2006-6841 / CVE-2006-6508 - -

    Forespørgselsforfalskning på tværs af websteder gjorde det muligt for - en angriber at udføre forskellige handlinger på vegne af en indlogget - bruger. (Gælder kun sarge).

    • - -
  • CVE-2006-6840 - -

    Et negativt startparameter kunne gøre det muligt for en angriber at - fremstille udgyldige uddata. (Gælder kun sarge.)

    • - -
  • CVE-2006-6839 - -

    Omdirigeringsmål blev ikke helt kontrolleret, hvilket efterlod - mulighed for uautoriserede eksterne omdirigeringer gennem et - phpBB-forum. (Gælder kun sarge).

    • - -
  • CVE-2006-4758 - -

    En autentificeret forumadministrator kunne uploade filer af enhver - type, ved at anvende særligt fremstillede filnavne. (Gælder kun - sarge.)

    • - -
- -

I den gamle stabile distribution (sarge), er disse problemer -rettet i version 2.0.13+1-6sarge4.

- -

I den stabile distribution (etch), er disse problemer rettet -i version 2.0.21-7.

- -

I den ustabile distribution (sid) er disse problemer rettet -i version 2.0.22-3.

- -

Vi anbefaler at du opgraderer din phpbb2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1488.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1489.wml b/danish/security/2008/dsa-1489.wml deleted file mode 100644 index d7b529e71c3..00000000000 --- a/danish/security/2008/dsa-1489.wml +++ /dev/null @@ -1,87 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webbrowseren Iceweasel, en -version af browseren Firefox. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2008-0412 - -

    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren og Paul - Nickerson opdagede nedbrud i layoutmaskinen, hvilket måske kunne gøre det - muligt at udføre vilkårlig kode.

    • - -
  • CVE-2008-0413 - -

    Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, - shutdown, Philip Taylor og tgirmann opdagede nedbrud i - JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2008-0414 - -

    hong og Gregory Fleischer opdagede at filinddatafokussårbarheder i - filoplægningskontrollen kunne gøre muliggøre informationsafsløring af lokal - filer.

    • - -
  • CVE-2008-0415 - -

    moz_bug_r_a4 og Boris Zbarsky opdagede flere sårbarheder i - JavaScript-håndteringen, hvilket kunne muliggøre - rettighedsforøgelse.

    • - -
  • CVE-2008-0417 - -

    Justin Dolske opdagede at mekanismen til opbevaring af adgangskoder - kunne misbruges af ondsindede websteder til at ødelægge allerede gemte - adgangskoder.

    • - -
  • CVE-2008-0418 - -

    Gerry Eisenhaur og moz_bug_r_a4 opdagede at en - mappegennemløbssårbarhed i chrome: URI-håndteringen føre til - informationsafsløring.

    • - -
  • CVE-2008-0419 - -

    David Bloom opdagede en race-tilstand i billedhåndteringen i - designMode-elementer, hvilket kunne føre til informationsafsløring og - potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2008-0591 - -

    Michal Zalewski opdagede at timere der beskytter sikkerhedsfølsomme - dialoger (ved at deaktivere dialogelementer indtil en timeout er nået) - kunne omgås ved at ændre vinduefokus gennem JavaScript.

    • - -
  • CVE-2008-0592 - -

    Man opdagede at misdannede indholdsdeklarationer på gemte vedhæftelser - kunne forhindre en bruger i at åbne lokale filer med et .txt-filnavn, - medførende et lille lammelsesangreb (denial of service).

    • - -
  • CVE-2008-0593 - -

    Martin Straka opdagede at usikker stylesheet-håndtering under - omdirigeringer kunne føre til informationsafsløring.

    • - -
  • CVE-2008-0594 - -

    Emil Ljungdahl og Lars-Olof Moilanen opdagede at - phishing-beskyttelser kunne omgås med <div>-elementer.

    • - -
- -

Mozilla-produkterne i den gamle stabile distribution (sarge) understøttes -ikke længere med sikkerhedsopdateringer.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.0.0.12-0etch1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1489.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1490.wml b/danish/security/2008/dsa-1490.wml deleted file mode 100644 index fa1ff759d6d..00000000000 --- a/danish/security/2008/dsa-1490.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Man har opdaget at et bufferoverløb i GIF-fortolkningskoden i Tk, et -grafisk toolkit på tværs af platforme, kunne føre til lammelsesangreb -(denial of service) og potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 8.3.5-4sarge1.

- -

I den stabile distribution (etch), er dette problem rettet i -version 8.3.5-6etch2.

- -

Vi anbefaler at du opgraderer dine tk8.3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1490.data" -#use wml::debian::translation-check translation="7b9acd4471e9374b2b2b64208c7501134cd75889" mindelta="1" diff --git a/danish/security/2008/dsa-1491.wml b/danish/security/2008/dsa-1491.wml deleted file mode 100644 index 561ae8e3ddd..00000000000 --- a/danish/security/2008/dsa-1491.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Man har opdaget at et bufferoverløb i GIF-fortolkningskoden i Tk, et -grafisk toolkit på tværs af platforme, kunne føre til lammelsesangreb -(denial of service) og potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 8.4.9-1sarge2.

- -

I den stabile distribution (etch), er dette problem rettet i -version 8.4.12-1etch2.

- -

Vi anbefaler at du opgraderer dine tk8.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1491.data" -#use wml::debian::translation-check translation="7b9acd4471e9374b2b2b64208c7501134cd75889" mindelta="1" diff --git a/danish/security/2008/dsa-1492.wml b/danish/security/2008/dsa-1492.wml deleted file mode 100644 index 5728fe9e217..00000000000 --- a/danish/security/2008/dsa-1492.wml +++ /dev/null @@ -1,18 +0,0 @@ -usikre midlertidige filer - -

Frank Lichtenheld og Nico Golde opdagede at WML, et offline -HTML-genereringstoolkit, oprettede usikre midlertidige filer i eperl- og -ipp-backend'erne samt i skriptet wmg.cgi, hvilket kunne føre til et lokalt -lammelsesangreb (denial of service) ved at overskrive filer.

- -

Den gamle stabile distribution (sarge) er ikke påvirket.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.0.11-1etch1.

- -

Vi anbefaler at du opgraderer dine wml-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1492.data" -#use wml::debian::translation-check translation="7b9acd4471e9374b2b2b64208c7501134cd75889" mindelta="1" diff --git a/danish/security/2008/dsa-1493.wml b/danish/security/2008/dsa-1493.wml deleted file mode 100644 index 486ca94705a..00000000000 --- a/danish/security/2008/dsa-1493.wml +++ /dev/null @@ -1,35 +0,0 @@ -bufferoverløb - -

Flere lokale og fjernudnytbare sårbarheder er op daget i -billedindlæsningsbiblioteket i Simple DirectMedia Layer 1.2. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-6697 - -

    Gynvael Coldwind opdagede et bufferoverløb i GIF-billedbehandlingen, - hvilket kunne medføre lammelsesangreb (denial of service) og potentielt - udførelse af vilkårlig kode.

    • - -
  • CVE-2008-0544 - -

    Man opdagede at et bufferoverløb i IFF ILBM-billedbehandlingen kunne - medføre lammelsesangreb og potentielt udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (sarge), er disse problemer rettet -i version 1.2.4-1etch1. På grund af en klippe-klistre-fejl blev etch1 -føjet til versionsnummeret i stedet for sarge1. Da opdateringen ellers -er teknisk korrekt, vil den ikke blive genopbygget i buildd-netværket.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.2.5-2+etch1.

- -

Vi anbefaler at du opgraderer dine sdl-image1.2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1493.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1494.wml b/danish/security/2008/dsa-1494.wml deleted file mode 100644 index a2f5620de9b..00000000000 --- a/danish/security/2008/dsa-1494.wml +++ /dev/null @@ -1,38 +0,0 @@ -manglende adgangskontroller - -

vmsplice-systemkaldet kontrollerede ikke på korrekt vis adresseargumenter -overført af processer fra brugerrummet, hvilket gjorde det muligt for lokale -angribere at overskrive vilkårlig kernehukommelse, og dermed opnå -root-rettigheder (\ -CVE-2008-0010, -\ -CVE-2008-0600).

- -

I kerner hvor vserver er aktiveret, gjorde en manglende adgangskontrol på -visse symlinks i /proc det muligt for lokale angribere at tilgå ressourcer i -andre vserver'ere (\ -CVE-2008-0163).

- -

Den gamle stabile distribution (sarge) er ikke påvirket af dette problem.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.6.18.dfsg.1-18etch1.

- -

Ud over disse rettelser indeholder denne opdatering også ændringer fra den -kommende punktopdatering af den stabile distribution.

- -

Nogle arkitekturopbygninger var endnu ikke tilgængelige, da DSA-1494-1 -blev udsendt. Med denne opdatering af DSA-1494 er der linux-2.6-pakker til -disse tilbageværende arkitekturer, foruden yderligere binære pakker, som -bygges ud fra kildekode, der følger med linux-2.6.

- -

Den ustabile distribution (sid) og distributionen testing (lenny) vil snart blive -rettet.

- -

Vi anbefaler at du opgraderer din linux-2.6-, fai-kerne- og -user-mode-linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1494.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1495.wml b/danish/security/2008/dsa-1495.wml deleted file mode 100644 index 5844eb7e7a0..00000000000 --- a/danish/security/2008/dsa-1495.wml +++ /dev/null @@ -1,31 +0,0 @@ -bufferoverløb - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i to af plugin'erne -til netværksovervågnings- og håndteringssystemet Nagios. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-5198 - -

    Et bufferoverløb er opdaget i fortolkeren af HTTP Location-headere - (i modulet check_http).

    • - -
  • CVE-2007-5623 - -

    Et bufferoverløb er opdaget i modulet check_snmp.

    • - -
- -

I den gamle stabile distribution (sarge), er disse problemer -rettet i version 1.4-6sarge1.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.4.5-1etch1.

- -

Vi anbefaler at du opgraderer din nagios-plugins-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1495.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1496.wml b/danish/security/2008/dsa-1496.wml deleted file mode 100644 index d15bcbd2a07..00000000000 --- a/danish/security/2008/dsa-1496.wml +++ /dev/null @@ -1,39 +0,0 @@ -bufferoverløb - -

Flere bufferoverløb er opdaget i filmafspilleren MPlayer, hvilket kunne føre -til udførelse af vilkårlig kode. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2008-0485 - -

    Felipe Manzano og Anibal Sacco opdagede et bufferoverløb i demuxer'en til - MOV-filer.

    • - -
  • CVE-2008-0486 - -

    Reimar Doeffinger opdagede et bufferoverløb i - FLAC-header-fortolkningen.

    • - -
  • CVE-2008-0629 - -

    Adam Bozanich opdagede et bufferoverløb i CDDB-tilgangskoden.

    • - -
  • CVE-2008-0630 - -

    Adam Bozanich opdagede et bufferoverløb i URL-fortolkning.

    • - -
- -

Den gamle stabile distribution (sarge) indeholder ikke mplayer.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.0~rc1-12etch2.

- -

Vi anbefaler at du opgraderer dine mplayer-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1496.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1497.wml b/danish/security/2008/dsa-1497.wml deleted file mode 100644 index 546e9f3ab51..00000000000 --- a/danish/security/2008/dsa-1497.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i antivirustoolkittet Clam, hvilket kunne føre -til udførelse af vilkårlig kode eller lokalt lammelsesangreb (denial of -service). Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2007-6595 - -

    Man har opdaget at midlertidige filer blev oprettet på usikker vis, - hvilket måske kunne medføre lokalt lammelsesangreb ved overskrivning af - filer.

    • - -
  • CVE-2008-0318 - -

    Silvio Cesare opdagede et heltalsoverløb i fortolkeren af - PE-headere.

    • - -
- -

Versionen af clamav i den gamle stabile distribution (sarge) er ikke -længere understøttet med sikkerhedsopdateringer.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.90.1dfsg-3etch10. Ud over disse rettelser, indeholder denne -opdatering også ændringer fra den kommende punktopdatering af den stabile -distribution (ikke-fri RAR-håndteringskode er fjernet).

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1497.data" -#use wml::debian::translation-check translation="7fff5583c1ba1038e83c9ec9437aa804adf18aab" mindelta="1" diff --git a/danish/security/2008/dsa-1498.wml b/danish/security/2008/dsa-1498.wml deleted file mode 100644 index 09371432ce6..00000000000 --- a/danish/security/2008/dsa-1498.wml +++ /dev/null @@ -1,16 +0,0 @@ -bufferoverløb - - -

Man opdagede at libimager-perl, en Perl-udvidelse til generering af -24-bits-billeder, ikke på korrekt vis håndterede 8-bits komprimerede billeder, -hvilket kunne gøre det muligt at udføre vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.50-1etch1.

- -

Vi anbefaler at du opgraderer din libimager-perl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1498.data" -#use wml::debian::translation-check translation="cf4600ea6941662ee2eddaafa3700c530e8e3141" mindelta="1" diff --git a/danish/security/2008/dsa-1499.wml b/danish/security/2008/dsa-1499.wml deleted file mode 100644 index 52a8bfca006..00000000000 --- a/danish/security/2008/dsa-1499.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Man opdagede at særligt fremstillede regulære udtryk, der anvendte -codepoints større end 255 kunne forårsage et bufferoverløb i PCRE-biblioteket -(\ -CVE-2008-0674).

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 4.5+7.4-2.

- -

I den stabile distribution (etch), er dette problem rettet i -version 6.7+7.4-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -7.6-1.

- -

Vi anbefaler at du opgraderer din pcre3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1499.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1500.wml b/danish/security/2008/dsa-1500.wml deleted file mode 100644 index 5228ac193ef..00000000000 --- a/danish/security/2008/dsa-1500.wml +++ /dev/null @@ -1,19 +0,0 @@ -rettighedsforøgelse - -

Mike Ashton opdagede at splitvt, et værktøj til at køre to programmer på en -delt skærm, ikke smed grupperettigheder væk før udførelsen af xprop. Dette -kunne gøre det muligt for enhver lokal bruger at få rettighederne fra gruppen -utmp.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.6.5-9etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.6-4.

- -

Vi anbefaler at du opgraderer din splitvt-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1500.data" -#use wml::debian::translation-check translation="facc3b3a6a2b97d5135e47b141ef031aaed7d916" mindelta="1" diff --git a/danish/security/2008/dsa-1501.wml b/danish/security/2008/dsa-1501.wml deleted file mode 100644 index 04ee311cf4d..00000000000 --- a/danish/security/2008/dsa-1501.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Tobias Grützmacher opdagede at det Debian-leverede cron-skript i dspam, et -statistisk spamfilter, indeholdt en databaseadgangskode på kommandolinjen. -Dette gjorde det muligt for en lokal angriber at læse indholdet af -dspam-databasen, så som e-mail.

- -

Den gamle stabile distribution (sarge) indeholder ikke pakken dspam.

- -

I den stabile distribution (etch), er dette problem rettet i version -3.6.8-5etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.6.8-5.1.

- -

Vi anbefaler at du opgraderer din dspam-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1501.data" -#use wml::debian::translation-check translation="1fc1e2c712ec075e9a0e7dda24f4c25e7a56ad9c" mindelta="1" diff --git a/danish/security/2008/dsa-1502.wml b/danish/security/2008/dsa-1502.wml deleted file mode 100644 index b92019a358d..00000000000 --- a/danish/security/2008/dsa-1502.wml +++ /dev/null @@ -1,51 +0,0 @@ -flere sårbarheder - - -

Flere fjernudnytbare sårbarheder er opdaget i wordpress, et weblogprogram. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-3238 - -

    Sårbarhed i forbindelse med udførelse af skripter på tværs af websteder - (XSS) i functions.php i WordPress' standardtema, gjorde det muligt for - fjernautentificerede administratorer at indsprøjte vilkårligt webskript - eller HTML gennem PATH_INFO (REQUEST_URI) til wp-admin/themes.php.

    • - -
  • CVE-2007-2821 - -

    SQL-indspøjtningssårbarhed i wp-admin/admin-ajax.php i WordPress før - version 2.2, gjorde det muligt for fjernangribere at udføre vilkårlige - SQL-kommandoer gennem cookie-parameteret.

    • - -
  • CVE-2008-0193 - -

    Sårbarhed i forbindelse med udførelse af skripter på tværs af websteder - (XSS) i wp-db-backup.php i WordPress 2.0.11 og tidligere, gjorde det - muligt for fjernangribere at indsprøjte vilkårligt webskript eller HTML - gennem backup-parameteret i en wp-db-backup.php-handling til - wp-admin/edit.php.

    • - -
  • CVE-2008-0194 - -

    Mappegennemløbssårbarhed i wp-db-backup.php i WordPress 2.0.3 og - tidligere, gjorde det muligt for fjernangribere at læse vilkårlige filer, - slette vilkårlige filer og forårsage et lammelsesangreb gennem en .. - (punktum punktum) i backup-parameteret i en wp-db-backup.php-handling til - wp-admin/edit.php.

    • - -
- -

Wordpress er ikke i den gamle stabile distribution (sarge).

- -

I den stabile distribution (etch), er disse problemer rettet i version -2.0.10-1etch1.

- -

Vi anbefaler at du opgraderer din wordpress-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1502.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1503.wml b/danish/security/2008/dsa-1503.wml deleted file mode 100644 index b94ba3baab7..00000000000 --- a/danish/security/2008/dsa-1503.wml +++ /dev/null @@ -1,176 +0,0 @@ -flere sårbarheder - -

Flere lokalt udnytbare sårbarheder er opdaget i Linux-kernen, disse kunne -føre til et lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2004-2731 - -

    infamous41md rapporterede om flere heltalsoverløb i Sbus PROM-driveren, - hvilket muliggjorde et lammelsesangreb fra en lokal bruger, og muligvis - udførelse af vilkårlig kode.

    • - -
  • CVE-2006-4814 - -

    Doug Chapman opdagede et potentielt lokalt lammelsesangreb (deadlock) i - funktionen mincore, forårsaget af ukorrekt lock-håndtering.

    • - -
  • CVE-2006-5753 - -

    Eric Sandeen leverede en rettelse af en lokal - hukommelseskorruptionssårbarhed som følge af fejlfortolkede returværdier når - inoder der er markeret som dårlige, blev behandlet.

    • - -
  • CVE-2006-5823 - -

    LMH rapporterede om et potentielt lokalt lammelsesangreb, hvilket kunne - udnyttes af en ondsindet bruger med rettigheder til at mount'e og læse et - korrupt cramfs-filsystem.

    • - -
  • CVE-2006-6053 - -

    LMH rapporterede om et potentielt lokalt lammelsesangreb, hvilket kunne - udnyttes af en ondsindet bruger med rettigheder til at mount'e og læse et - korrupt ext3-filsystem.

    • - -
  • CVE-2006-6054 - -

    LMH rapporterede om et potentielt lokalt lammelsesangreb, hvilket kunne - udnyttes af en ondsindet bruger med rettigheder til at mount'e og læse et - korrupt ext2-filsystem.

    • - -
  • CVE-2006-6106 - -

    Marcel Holtman opdagede flere bufferoverløb i Bluetooth-undersystemet, - hvilket kunne anvendes til at løse et fjern-lammelsesangreb (crash) og - potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2007-1353 - -

    Ilja van Sprundel opdagede at kernehukommelse kunne lækkes gennem - Bluetooth-setsockopt-kaldet på grund af en uinitialiseret stakbuffer. - Dette kunne anvendes af lokale angribere til at læse indholdet af følsom - kernehukommelse.

    • - -
  • CVE-2007-1592 - -

    Masayuki Nakagawa opdagede at flow-labels utilsigtet blev delt mellem - listening sockets og child sockets. Denne fejl kunne udnyttes af lokale - brugere til at forårsage et lammelsesangreb (oops).

    • - -
  • CVE-2007-2172 - -

    Thomas Graf rapporterede om en slåfejl i DECnet-protokolhåndteringen, - der kunne anvendes af en lokal angriber til at få et array til at løbe over - gennem særligt fremstillede pakker, potentielt medførende et lammelsesangreb - (systemcrash). Et lignende problem findes i IPv4-protokolhåndteringen og - vil blive rettet i en efterfølgende opdatering.

    • - -
  • CVE-2007-2525 - -

    Florian Zumbiehl opdagede en hukommelseslækage i PPPOE-undersystemet - som følge af frigivelse af en socket før PPPIOCGCHAN blev kaldt på den. - Dette kunne anvendes af en lokal bruger til at lamme et system ved at - forbruge al tilgængelig hukommelse.

    • - -
  • CVE-2007-3848 - -

    Wojciech Purczynski opdagede at pdeath_signal ikke blev nulstillet på - korrekt vis under visse betingelser, hvilket måske kunne gøre det muligt - for lokale brugere at opnå rettigheder, ved at sende vilkårlige signaler - til binære suid-filer.

    • - -
  • CVE-2007-4308 - -

    Alan Cox rapporterede om et problem i aacraid-driveren, der gjorde det - muligt for brugere uden rettigheder, at anvende ioctl-kald, hvilke burde - være begrænset til administratorrettigheder.

    • - -
  • CVE-2007-4311 - -

    PaX-teamet opdagede et problem i random-driveren, hvor en fejl i - reseedingkoden førte til en reduceret entropi.

    • - -
  • CVE-2007-5093 - -

    Alex Smith opdagede et problem med pwc-driveren til visse webkameraer. - Hvis en enhed blev fjernet mens et program i brugerrammet holdt den åben, - ville driveren vente på at brugerrummet lukkede for enheden, medførende - et blokeret USB-undersystem. Problemet har lav sikkerhedsrisiko, da det - kræver at angriberen enten har fysisk adgang til systemet eller får - overbevist en bruger med lokal adgang til at fjerne enheden på dennes - vegne.

    • - -
  • CVE-2007-6063 - -

    Venustech AD-LAB opdagede et bufferoverløb i isdn ioctl-håndteingen, - udnytbart af en lokal bruger.

    • - -
  • CVE-2007-6151 - -

    ADLAB opdagede et muligt hukommelsesoberløb i ISDN-undersystemet, hvilket - måske kunne gøre det muligt for en lokal bruger at overskrive - kernehukommelse ved udsendelse af ioctl'er med uafsluttede data.

    • - -
  • CVE-2007-6206 - -

    Blake Frantz opdagede, at når en core-fil ejet af en ikke-root-bruger - fandtes, og en root-ejet proces foretog en coredump til den, ville - core-filen beholde sit oprindelige ejerskab. Dette kunne anvendes af en - lokal bruger til at få adgang til følsomme oplysninger.

    • - -
  • CVE-2007-6694 - -

    Cyrill Gorcunov rapporterede om en NULL-pointer-dereference i kode - specifikt til CHRP PowerPC-platforme. Lokale brugere kunne udnytte - problemet til at iværksætte et lammelsesangreb.

    • - -
  • CVE-2008-0007 - -

    Nick Piggin fra SuSE opdagede en række problemer i undersystemet, hvilket - registrerede en faulthåndtering ved hukommelsesmappede områder. Problemet - kunne udnyttes af lokale brugere til at iværksætte et lammelsesangreb og - muligvis udføre vilkårlig kode.

    • - -
- -

Følgende matriks viser yderligere pakker, der af kompatibilitetshensyn med -denne opdatering, eller for at kunne benytte sig af den, er blevet -genopbygget:

- -
- - - - - - - - - - - - - - - - - - - - - - -
  Debian 3.1 (sarge)
alsa-modules-i386 1.0.8+2sarge2
kernel-image-2.4.27-arm 2.4.27-2sarge6
kernel-image-2.4.27-m68k 2.4.27-3sarge6
kernel-image-speakup-i386 2.4.27-1.1sarge5
kernel-image-2.4.27-alpha 2.4.27-10sarge6
kernel-image-2.4.27-s390 2.4.27-2sarge6
kernel-image-2.4.27-sparc 2.4.27-9sarge6
kernel-image-2.4.27-i386 2.4.27-10sarge6
kernel-image-2.4.27-ia64 2.4.27-10sarge6
kernel-patch-2.4.27-mips 2.4.27-10.sarge4.040815-3
kernel-patch-powerpc-2.4.272.4.27-10sarge6
kernel-latest-2.4-alpha 101sarge3
kernel-latest-2.4-i386 101sarge2
kernel-latest-2.4-s390 2.4.27-1sarge2
kernel-latest-2.4-sparc 42sarge3
i2c 1:2.9.1-1sarge2
lm-sensors 1:2.9.1-1sarge4
mindi-kernel 2.4.27-2sarge5
pcmcia-modules-2.4.27-i386 3.2.5+2sarge2
hostap-modules-i386 1:0.3.7-1sarge3
systemimager 3.2.3-6sarge5
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1503.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1504.wml b/danish/security/2008/dsa-1504.wml deleted file mode 100644 index 46535e4c55c..00000000000 --- a/danish/security/2008/dsa-1504.wml +++ /dev/null @@ -1,174 +0,0 @@ -flere sårbarheder - -

Flere lokalt udnytbare sårbarheder er opdaget i Linux-kernen, disse kunne -føre til et lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2006-5823 - -

    LMH rapporterede om et potentielt lokalt lammelsesangreb, hvilket kunne - udnyttes af en ondsindet bruger med rettigheder til at mount'e og læse et - korrupt cramfs-filsystem.

    • - -
  • CVE-2006-6054 - -

    LMH rapporterede om et potentielt lokalt lammelsesangreb, hvilket kunne - udnyttes af en ondsindet bruger med rettigheder til at mount'e og læse et - korrupt ext2-filsystem.

    • - -
  • CVE-2006-6058 - -

    LMH rapporterede om problem i minix-filsystemet, hvilket kunne gøre det - muligt for lokale brugere med mount-rettigheder at iværksætte et - lammelsesangreb (printk flood) ved at mount'e et særligt fremstillet - korrupt filsystem.

    • - -
  • CVE-2006-7203 - -

    OpenVZ Linux' kernelteam rapportede om et problem i smbfs-filsystemet, - hvilket kunne udnyttes af lokale brugere til at forårsage et lammelsesangreb - (oops) under mount.

    • - -
  • CVE-2007-1353 - -

    Ilja van Sprundel opdagede at kernehukommelse kunne lækkes gennem - Bluetooth-setsockopt-kaldet på grund af en uinitialiseret stakbuffer. - Dette kunne anvendes af lokale angribere til at læse indholdet af følsom - kernehukommelse.

    • - -
  • CVE-2007-2172 - -

    Thomas Graf rapporterede om en slåfejl i DECnet-protokolhåndteringen, - der kunne anvendes af en lokal angriber til at få et array til at løbe over - gennem særligt fremstillede pakker, potentielt medførende et lammelsesangreb - (systemcrash). Et lignende problem findes i IPv4-protokolhåndteringen og - vil blive rettet i en efterfølgende opdatering.

    • - -
  • CVE-2007-2525 - -

    Florian Zumbiehl opdagede en hukommelseslækage i PPPOE-undersystemet - som følge af frigivelse af en socket før PPPIOCGCHAN blev kaldt på den. - Dette kunne anvendes af en lokal bruger til at lamme et system ved at - forbruge al tilgængelig hukommelse.

    • - -
  • CVE-2007-3105 - -

    PaX Team opdagede et potential bufferoverløb i generatoren af tilfældige - tal, hvilket kunne gøre det muligt for lokale brugere at forårsage et - lammelsesangreb eller opnå yderligere rettigheder. Problemet menes ikke at - påvirke standard-Debian-installeringer, hvor kun root har tilstrækkelige - rettigheder til at udnytte det.

    • - -
  • CVE-2007-3739 - -

    Adam Litke rapporterede om et potentielt lokalt lammelsesangreb (oops) på - powerpc-platformen, som følge af ukontrolleret VMA-udvidelse ind i adresserum - reserveret til hugetlb-sider.

    • - -
  • CVE-2007-3740 - -

    Steve French rapporterede at CIFS-filsystemer med CAP_UNIX aktiveret, ikke - levede op til en proces' umask, hvilket kunne føre til utilsigtede løsnende - rettigheder. - -

  • CVE-2007-3848 - -

    Wojciech Purczynski opdagede at pdeath_signal ikke blev nulstillet på - korrekt vis under visse betingelser, hvilket måske kunne gøre det muligt - for lokale brugere at opnå rettigheder, ved at sende vilkårlige signaler - til binære suid-filer.

    • - -
  • CVE-2007-4133 - -

    Hugh Dickins opdagede et potentielt lokalt lammelsesangreb (panik) i - hugetlbfs. En miskonvertering af hugetlb_vmtruncate_list til prio_tree - kunne måske gøre det muligt for lokale brugere at udløse et BUG_ON()-kald i - exit_mmap.

    • - -
  • CVE-2007-4308 - -

    Alan Cox rapporterede om et problem i aacraid-driveren, der gjorde det - muligt for brugere uden rettigheder, at anvende ioctl-kald, hvilke burde - være begrænset til administratorrettigheder.

    • - -
  • CVE-2007-4573 - -

    Wojciech Purczynski opdagede en sårbarhed, der kunne udnyttes af en lokal - bruger til at opnå superbrugerrettigheder på x86_64-systemer, som følge af - ukorrekt tømning af high-bits i registre under ia32-systemkaldsemulering. - Denne sårbarhed er relevant for Debians tilpasning til amd64, såvel som for - brugere af i386-tilpasningen, der anvender en amd64-udgave af linux-image. - This vulnerability is relevant.

    • - -
  • CVE-2007-5093 - -

    Alex Smith opdagede et problem med pwc-driveren til visse webkameraer. - Hvis en enhed blev fjernet mens et program i brugerrammet holdt den åben, - ville driveren vente på at brugerrummet lukkede for enheden, medførende - et blokeret USB-undersystem. Problemet har lav sikkerhedsrisiko, da det - kræver at angriberen enten har fysisk adgang til systemet eller får - overbevist en bruger med lokal adgang til at fjerne enheden på dennes - vegne.

    • - -
  • CVE-2007-6063 - -

    Venustech AD-LAB opdagede et bufferoverløb i isdn ioctl-håndteingen, - udnytbart af en lokal bruger.

    • - -
  • CVE-2007-6151 - -

    ADLAB opdagede et muligt hukommelsesoberløb i ISDN-undersystemet, hvilket - måske kunne gøre det muligt for en lokal bruger at overskrive - kernehukommelse ved udsendelse af ioctl'er med uafsluttede data.

    • - -
  • CVE-2007-6206 - -

    Blake Frantz opdagede, at når en core-fil ejet af en ikke-root-bruger - fandtes, og en root-ejet proces foretog en coredump til den, ville - core-filen beholde sit oprindelige ejerskab. Dette kunne anvendes af en - lokal bruger til at få adgang til følsomme oplysninger.

    • - -
  • CVE-2007-6694 - -

    Cyrill Gorcunov rapporterede om en NULL-pointer-dereference i kode - specifikt til CHRP PowerPC-platforme. Lokale brugere kunne udnytte - problemet til at iværksætte et lammelsesangreb.

    • - -
  • CVE-2008-0007 - -

    Nick Piggin fra SuSE opdagede en række problemer i undersystemet, hvilket - registrerede en faulthåndtering ved hukommelsesmappede områder. Problemet - kunne udnyttes af lokale brugere til at iværksætte et lammelsesangreb og - muligvis udføre vilkårlig kode.

    • - -
- -

Følgende matriks viser yderligere pakker, der af kompatibilitetshensyn med -denne opdatering, eller for at kunne benytte sig af den, er blevet -genopbygget:

- -
- - - - - - - - - - - -
  Debian 3.1 (sarge)
kernel-image-2.6.8-alpha 2.6.8-17sarge1
kernel-image-2.6.8-amd64 2.6.8-17sarge1
kernel-image-2.6.8-hppa 2.6.8-7sarge1
kernel-image-2.6.8-i386 2.6.8-17sarge1
kernel-image-2.6.8-ia64 2.6.8-15sarge1
kernel-image-2.6.8-m68k 2.6.8-5sarge1
kernel-image-2.6.8-s390 2.6.8-6sarge1
kernel-image-2.6.8-sparc 2.6.8-16sarge1
kernel-patch-powerpc-2.6.8 2.6.8-13sarge1
fai-kernels 1.9.1sarge8
- -

Vi anbefaler at du omgående opgraderer din kernel-pakke og genstarter -maskinen. Hvis du har bygget en skræddersynet kerne fra kernekildekodenpakke, -skal du genopbygge den for at kunne anvende disse rettelser.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1504.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1505.wml b/danish/security/2008/dsa-1505.wml deleted file mode 100644 index da6e5268316..00000000000 --- a/danish/security/2008/dsa-1505.wml +++ /dev/null @@ -1,27 +0,0 @@ -kernehukommelseslækage - -

Takashi Iwai leverede en rettelse af en hukommelseslækage i modulet -snd_page_alloc. Lokale brugere kunne udnytte problemet til at få adgang til -følsomme oplysninger fra kernen -(\ -CVE-2007-4571).

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 1.0.8-7sarge1. De færdigopbyggede moduler der leveres i -alsa-modules-i386 er blevet genopbygget for at kunne anvende denne -opdatering, og er tilgængelige i version 1.0.8+2sarge2.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.0.13-5etch1. Problemet í den version af ALSA, der leveres med -linux-2.6, blev allerede rettet i forbindelse med DSA 1479.

- -

I den ustabile distributions (sid), er dette problem rettet i version -1.0.15-1.

- -

Vi anbefaler at du opgraderer dine alsa-driver- og -alsa-modules-i386-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1505.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1506.wml b/danish/security/2008/dsa-1506.wml deleted file mode 100644 index 599416eb65d..00000000000 --- a/danish/security/2008/dsa-1506.wml +++ /dev/null @@ -1,87 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i internetprogrampakken Iceape, -en version af Seamonkey Internet Suite. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2008-0412 - -

    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren og Paul - Nickerson opdagede nedbrud i layoutmaskinen, hvilket måske kunne gøre det - muligt at udføre vilkårlig kode.

    • - -
  • CVE-2008-0413 - -

    Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, - shutdown, Philip Taylor og tgirmann opdagede nedbrud i - JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2008-0414 - -

    hong og Gregory Fleischer opdagede at filinddatafokussårbarheder i - filoplægningskontrollen kunne gøre muliggøre informationsafsløring af lokal - filer.

    • - -
  • CVE-2008-0415 - -

    moz_bug_r_a4 og Boris Zbarsky opdagede flere sårbarheder i - JavaScript-håndteringen, hvilket kunne muliggøre - rettighedsforøgelse.

    • - -
  • CVE-2008-0417 - -

    Justin Dolske opdagede at mekanismen til opbevaring af adgangskoder - kunne misbruges af ondsindede websteder til at ødelægge allerede gemte - adgangskoder.

    • - -
  • CVE-2008-0418 - -

    Gerry Eisenhaur og moz_bug_r_a4 opdagede at en - mappegennemløbssårbarhed i chrome: URI-håndteringen føre til - informationsafsløring.

    • - -
  • CVE-2008-0419 - -

    David Bloom opdagede en race-tilstand i billedhåndteringen i - designMode-elementer, hvilket kunne føre til informationsafsløring og - potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2008-0591 - -

    Michal Zalewski opdagede at timere der beskytter sikkerhedsfølsomme - dialoger (hvilket deaktiverer dialogelementer indtil en timeout er nået) - kunne omgås ved at ændre vinduefokus gennem JavaScript.

    • - -
  • CVE-2008-0592 - -

    Man opdagede at misdannede indholdsdeklarationer på gemte vedhæftelser - kunne forhindre en bruger i at åbne lokale filer med et .txt-filnavn, - medførende et lille lammelsesangreb (denial of service).

    • - -
  • CVE-2008-0593 - -

    Martin Straka opdagede at usikker stylesheet-håndtering under - omdirigeringer kunne føre til informationsafsløring.

    • - -
  • CVE-2008-0594 - -

    Emil Ljungdahl og Lars-Olof Moilanen opdagede at - phishing-beskyttelser kunne omgås med <div>-elementer.

    • - -
- -

Mozilla-produkterne i den gamle stabile distribution (sarge) understøttes -ikke længere med sikkerhedsopdateringer.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.0.12~pre080131b-0etch1.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1506.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1507.wml b/danish/security/2008/dsa-1507.wml deleted file mode 100644 index 1bc27f37d40..00000000000 --- a/danish/security/2008/dsa-1507.wml +++ /dev/null @@ -1,22 +0,0 @@ -programmeringsfejl - -

Peter Paul Elfferich opdagede at turba2, en kontakthåndteringskomponent -til horde-frameworket, ikke på korrekt vis kontrollerede adgangsrettigheder -før brugerne fik lov til at redigere adresser. Dette kunne medføre at -registrerede brugere kunne ændre private adresseoptegnelser.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 2.0.2-1sarge1.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.1.3-1etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.1.7-1.

- -

Vi anbefaler at du opgraderer din turba2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1507.data" -#use wml::debian::translation-check translation="21e6cd386e3a3983f6d7e7344070d636f590fafe" mindelta="1" diff --git a/danish/security/2008/dsa-1508.wml b/danish/security/2008/dsa-1508.wml deleted file mode 100644 index a03d9ac6fd7..00000000000 --- a/danish/security/2008/dsa-1508.wml +++ /dev/null @@ -1,23 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Dan Dennison opdagede at Diatheke, et CGI-program til fremstillet af et -bibel-websted, udførte utilstrækkelig fornuftighedskontrol på et parameter, -hvilket gjorde det muligt for fjernangribere at udføre vilkårlige -shell-kommandoer som webserverens bruger.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 1.5.7-7sarge1.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.5.9-2etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.5.9-8.

- - -

Vi anbefaler at du opgraderer din diatheke-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1508.data" -#use wml::debian::translation-check translation="73253956e010a4387a7e74694b2a6d4ee0453904" mindelta="1" diff --git a/danish/security/2008/dsa-1509.wml b/danish/security/2008/dsa-1509.wml deleted file mode 100644 index 83ece497ec4..00000000000 --- a/danish/security/2008/dsa-1509.wml +++ /dev/null @@ -1,47 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i xpdf-koden, der er indeholdt i koffice, en -integreret kontorpakke til KDE. Disse fejl kunne gøre det muligt for en -fjernangriber at udføre vilkårlig kode ved at få brugeren til at importere et -særligt fremstillet PDF-dokment. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-4352 - -

    Arrayindeksfejl i metoden DCTStream::readProgressiveDataUnit i - xpdf/Stream.cc i Xpdf 3.02pl1, som anvendes i poppler, teTeX, KDE, KOffice, - CUPS og andre produkter, gjorde det muligt for fjernangribere at ødeløse - hukommelseskorruption og udføre vilkårlig kode gennem en særligt fremstillet - PDF-fil.

    • - -
  • CVE-2007-5392 - -

    Heltalsoverløb i metoden DCTStream::reset i xpdf/Stream.cc i Xpdf 3.02p11 - gjorde det muligt for fjernangribere at udføre vilkårlig kode gennem en - fabrikeret PDF-fil, medførende et heap-baseret bufferoverløb.

    • - -
  • CVE-2007-5393 - -

    Et heap-baseret bufferoverløb i metoden CCITTFaxStream::lookChar i - xpdf/Stream.cc i Xpdf 3.02p11 gjorde det muligt for fjernangribere at udføre - vilkårlig kode gennem en PDF-fil, der indeholder et fabrikeret - CCITTFaxDecode-filter.

    • - -
- -

Opdateringer til den gamle stabile distribution (sarge), vil hurtigst muligt -blive gjort tilgængelige.

- -

I den stabile distribution (etch), er disse problemer rettet i version -1:1.6.1-2etch2.

- -

Vi anbefaler at du opgraderer din koffice-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1509.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1510.wml b/danish/security/2008/dsa-1510.wml deleted file mode 100644 index ab28212312d..00000000000 --- a/danish/security/2008/dsa-1510.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Chris Evans opdagede et bufferoverløb i farve-space-håndteringskoden i -Ghostscript PostScript/PDF-fortolkeren, hvilket kunne føre til udførelse af -vilkårlig kode hvis en bruger blev narret til at behandle en misdannet fil.

- -

I den stabile distribution (etch), er dette problem rettet i version -8.54.dfsg.1-5etch1 af gs-gpl og 8.15.3.dfsg.1-1etch1 af gs-esp.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 8.01-6 af gs-gpl og 7.07.1-9sarge1 af gs-esp.

- -

Den ustabile distribution (sid) vil snart blive rettet.

- -

Vi anbefaler at du opgraderer dine gs-esp- og gs-gpl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1510.data" -#use wml::debian::translation-check translation="1fcf57ce94e7eda8509835937a8cdfb456c395af" mindelta="1" diff --git a/danish/security/2008/dsa-1511.wml b/danish/security/2008/dsa-1511.wml deleted file mode 100644 index 1bea58b7e3c..00000000000 --- a/danish/security/2008/dsa-1511.wml +++ /dev/null @@ -1,41 +0,0 @@ -forskelligt - -

Flere lokale sårbarheder er opdaget i libicu, International Components for -Unicode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    -
  • - CVE-2007-4770 -

    - libicu i International Components for Unicode (ICU) 3.8.1 og tidligere, - forsøgte at behandle tilbagereferencer til den ikke-eksisterende - capture-gruppe nul (dvs. \0), hvilket kunne gøre det muligt for - indholdsafhængige angribere at læse fra, eller skrive til, hukommelsessteder - uden for grænserne, med relation til korruption af REStackFrames.

    -
    • - -
  • - CVE-2007-4771 -

    - Heap-baseret bufferoverløb i funktionen doInterval i regexcmp.cpp i libicu i - International Components for Unicode (ICU) 3.8.1 og tidligere, gjorde det - muligt for indholdsafhængige angribere at forårsage et lammelsesangreb - (denial of service, hukommelsesforbrug) og muligvis have anden uangiven - indvirken gennem et regulært udtryk, der skriver en stor mængde data til - backtracking-stakken.

    -
    • -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 3.6-2etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.8-6.

- -

Vi anbefaler at du opgraderer din libicu-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1511.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1512.wml b/danish/security/2008/dsa-1512.wml deleted file mode 100644 index 4e65051d009..00000000000 --- a/danish/security/2008/dsa-1512.wml +++ /dev/null @@ -1,24 +0,0 @@ -formatstrengsangreb - -

Ulf Härnhammar opdagede at Evolution, mailprogrammet og groupwaresuiten, -havde en formatstrengssårbarhed i fortolkningen af krypterede mailbeskeder. -Hvis brugeren åbnende en særligt fremstillet e-mail, var det muligt at udføre -kode.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.6.3-6etch2.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 2.0.4-2sarge3. Nogle arkitekturer er endnu ikke færdige med at -opbygge den opdaterede pakke til sarge, de vil blive tilføjet så snart de bliver -tilgængelige.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.12.3-1.1.

- -

Vi anbefaler at du opgraderer din evolution-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1512.data" -#use wml::debian::translation-check translation="a2d7ee4fb8b60f2e470df15f368f6f4fe96fa4b7" mindelta="1" diff --git a/danish/security/2008/dsa-1513.wml b/danish/security/2008/dsa-1513.wml deleted file mode 100644 index faa9199021a..00000000000 --- a/danish/security/2008/dsa-1513.wml +++ /dev/null @@ -1,17 +0,0 @@ -informationsafsløring - -

Man har opdaget at lighttpd, en hurtig webserver med minimalt -hukommelsesforbrug, viste kildekoden til CGI-skripter hvis udførelsen af dem -fejlede under visse omstændigheder.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.4.13-4etch5.

- -

I den ustabile distribution, vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din lighttpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1513.data" -#use wml::debian::translation-check translation="a6b0285f6a5040ef4c396df0c80251e46872bc24" mindelta="1" diff --git a/danish/security/2008/dsa-1514.wml b/danish/security/2008/dsa-1514.wml deleted file mode 100644 index 76b2ecebbea..00000000000 --- a/danish/security/2008/dsa-1514.wml +++ /dev/null @@ -1,63 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i MoinMoin, en Python-klon af -WikiWiki. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2007-2423 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder blev opdaget i vedhæftelseshåndteringen.

    • - -
  • CVE-2007-2637 - -

    Adgangskontrollister til kalendre og includes blev ikke håndhævet - tilstrækkeligt, hvilket kunne føre til informationsafsløring.

    • - -
  • CVE-2008-0780 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder blev opdaget i loginkoden.

    • - -
  • CVE-2008-0781 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder blev opdaget i vedhæftelseshåndteringen.

    • - -
  • CVE-2008-0782 - -

    En mappegennemløbssårbarhed i cookie-håndteringen kunne føre til - lokal lammelsesangreb (denial of service) ved overskrivelse af - filer.

    • - -
  • CVE-2008-1098 - -

    Sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder blev opdaget i GUI-editorformateringen og i koden til - sletning af sider.

    • - -
  • CVE-2008-1099 - -

    Makrokoden validerede adgangskontrollister på utilstrækkelig vis, - hvilket kunne føre til informationsafsløring.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -1.5.3-1.2etch1. Opdateringen indholder også en fejlrettelse vedrørende -encoding af adgangskodepåmindelsesmails, hvilket ikke har -sikkerhedsimplikationer.

- -

Den gamle stabile distribution (sarge) vil ikke blive opdateret på grund af -de mange ændringer, og fordi understøttelse af sarge alligevel ophører ved -månedens udgang. Man rådes til at opgradere til den aktuelle stabile -distribution hvis man kører moinmoin.

- -

Vi anbefaler at du opgraderer din moin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1514.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1515.wml b/danish/security/2008/dsa-1515.wml deleted file mode 100644 index 5a5aae1b091..00000000000 --- a/danish/security/2008/dsa-1515.wml +++ /dev/null @@ -1,32 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i libnet-dns-perl. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -

Man opdagede at libnet-dns-perl meget svage transaktions-id'er ved afsendelse -af forespørgsler (\ -CVE-2007-3377). Med denne opdatering skiftes id-genereringe til Perls -tilfældighedsgenerator, hvilket gør forudsigelsesangreb mere besværlige.

- -

Kompressionsløkker i domænenavne medførte en uendelig løkke i -domænenavnsudfolderen skrevet i Perl (\ -CVE-2007-3409). Debian-pakken anvender som standard en udfolder skrevet i -C, men denne sårbarhed er der ikke desto mindre blevet taget hånd om.

- -

Dekodning af misdannede A-records kunne føre til et nedbrud (gennem en -ikke-fanget Perl-exception) i visse programmer der anvender libnet-dns-perl -(\ -CVE-2007-6341).

- -

I den gamle stabile distribution (sarge), er disse problemer rettet i -version 0.48-1sarge1.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.59-1etch1.

- -

Vi anbefaler at du opgraderer din libnet-dns-perl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1515.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1516.wml b/danish/security/2008/dsa-1516.wml deleted file mode 100644 index f5e4c1dcc3d..00000000000 --- a/danish/security/2008/dsa-1516.wml +++ /dev/null @@ -1,37 +0,0 @@ -rettighedsforøgelse - -

Før denne opdatering var standardopsætningen af Dovecot i Debian, at køre -serverdæmonen med rettigheder til gruppen mail. Dette betød at brugere med -skriveadgang til deres mailmappe på serveren (for eksempel gennem en SSH-konto) -kunne læse og gennem et symbolsk link også slette mailbokse, som var ejet af -andre brugere, og til hvilke de ikke havde direkte adgang -(CVE-2008-1199). -Desuden var der en intern fortolkningskonflik i adgangskodehåndteringen, som -proaktivet er blevet behandlet, selv om den ikke er kendt for at være udnytbar -(CVE-2008-1218).

- -

Bemærk at det kræver manuel indgriben at anvende denne opdatering: -Opsætningsindstillingen mail_extra_groups = mail er blevet erstattet af -mail_privileged_group = mail. Opdateringen vil vise en konflik i -opsætningsfilen i /etc/dovecot/dovecot.conf. Det anbefales at du beholder den -allerede installerede opsætningsfil og retter den påvirkede linje. Til -reference skrives der et eksempel på en opsætningsfil (uden ens egne lokale -ændringer) til /etc/dovecot/dovecot.conf.dpkg-new.

- -

Hvis din nuværende opsætning anvender mail_extra_groups med en værdi, der er -forskellig fra mail, kan det være nødvendigt at anvende opsætningsparameteret -mail_access_groups.

- -

Til den gamle stabile distribution (sarge) har vi ikke lavet en opdatering. -Vi anbefaler, at duovervejer at opgradere til den stabile distribution.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.0.rc15-2etch4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.13-1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1516.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1517.wml b/danish/security/2008/dsa-1517.wml deleted file mode 100644 index 5d366eaa740..00000000000 --- a/danish/security/2008/dsa-1517.wml +++ /dev/null @@ -1,23 +0,0 @@ -programmeringsfejl - -

Don Armstrong opdagede at ldapscripts, en samling af værktøjer til -behandling af brugerkonti i LDAP, sendte en adgangskode som et -kommandolinjeparameter, når LDAP-programmer blev kaldt, hvilket måske kunne -gøre det muligt for en lokal angriber at læse denne adgangskode fra -proceslisten.

- -

Den gamle stabile distribution (sarge) indeholder ikke pakken -ldapscripts.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.4-2etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.7.1-2.

- -

Vi anbefaler at du opgraderer din ldapscripts-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1517.data" -#use wml::debian::translation-check translation="3bae46d953aa9aa9c363c68748a9038d71e3a6cc" mindelta="1" diff --git a/danish/security/2008/dsa-1518.wml b/danish/security/2008/dsa-1518.wml deleted file mode 100644 index 3ba6cfea18d..00000000000 --- a/danish/security/2008/dsa-1518.wml +++ /dev/null @@ -1,23 +0,0 @@ -programmeringsfejl - -

Micha Lenk opdagede at backup-manager, et kommandolinjeværktøj til -sikkerhedskopiering, sendte adgangskoden som et kommandolinjeparameter når en -ftp-klient blev kaldt, hvilket måske kunne gøre det muligt for en lokal angriber -at læse denne adgangskode (der giver adgang til alle sikkerhedskopierede filer) -fra proceslisten.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 0.5.7-1sarge2.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.7.5-4.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.7.6-3.

- -

Vi anbefaler at du opgraderer din backup-manager-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1518.data" -#use wml::debian::translation-check translation="abab0b5e5a4174396129af1bc5155b4782757827" mindelta="1" diff --git a/danish/security/2008/dsa-1519.wml b/danish/security/2008/dsa-1519.wml deleted file mode 100644 index 0cf8b905bdb..00000000000 --- a/danish/security/2008/dsa-1519.wml +++ /dev/null @@ -1,20 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Man opdagede at webapplikationsframeworket Horde tillod fjernangribere at -inkludere vilkårlige filer gennem præferenceparameteret theme.

- -

I den gamle stabile distribution (sarge) er dette problem rettet i -version 3.0.4-4sarge7.

- -

I den stabile distribution (etch) er dette problem rettet i version -3.1.3-4etch3.

- -

I den ustabile distribution (sid) er dette problem rettet i version -3.1.7-1.

- -

Vi anbefaler at du opgraderer din horde3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1519.data" -#use wml::debian::translation-check translation="9cb833ba84fbdd2a76b926b93cafa01e759b832e" mindelta="1" diff --git a/danish/security/2008/dsa-1520.wml b/danish/security/2008/dsa-1520.wml deleted file mode 100644 index 3fc0f20b477..00000000000 --- a/danish/security/2008/dsa-1520.wml +++ /dev/null @@ -1,21 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Man har opdaget at regex-modulet i Smarty, en skabelonmaskine til PHP, tillod -angribere at kalde vilkårlige PHP-funktioner gennem skabeloner anvendende -plugin'en regex_replace ved hjælp af en særligt fremstillet søgestreng.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 2.6.9-1sarge1.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.6.14-1etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.6.18-1.1.

- -

Vi anbefaler at du opgraderer din smarty-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1520.data" -#use wml::debian::translation-check translation="d32ff6c0d603791107e64e31aaa2aebc870915d5" mindelta="1" diff --git a/danish/security/2008/dsa-1521.wml b/danish/security/2008/dsa-1521.wml deleted file mode 100644 index 8134811060a..00000000000 --- a/danish/security/2008/dsa-1521.wml +++ /dev/null @@ -1,16 +0,0 @@ -filafsløring - -

Julien Cayzac opdagede at under visse omstændigheder kunne lighttpd, en -hurtig webserver med minimalt hukommelsesforbrug, tillade læsning af vilkårlige -filer fra systemet. Problemet kunne kun opstå med en ikke-standard -opsætning.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.4.13-4etch6.

- -

Vi anbefaler at du opgraderer din lighttpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1521.data" -#use wml::debian::translation-check translation="58bc02c898a6df1e4cb6eba970a95c277d81dc4c" mindelta="1" diff --git a/danish/security/2008/dsa-1522.wml b/danish/security/2008/dsa-1522.wml deleted file mode 100644 index 34a0d30265d..00000000000 --- a/danish/security/2008/dsa-1522.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Tavis Ormandy opdagede at unzip, ved behandling af sårligt fremstillede -ZIP-arkiver, kunne overføre ugyldige pointere til C-bibliotekets free-rutine, -hvilket potentielt kunne føre til udførelse af vilkårlig kode -(CVE-2008-0888).

- -

I den gamle stabile distribution (sarge), er dette problem rettet -i version 5.52-1sarge5.

- -

I den stabile distribution (etch), er dette problem rettet i -version 5.52-9etch1.

- -

Den ustabile distribution (sid) vil snart blive rettet.

- -

Vi anbefaler at du opgraderer din unzip-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1522.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1523.wml b/danish/security/2008/dsa-1523.wml deleted file mode 100644 index 12d808a9e40..00000000000 --- a/danish/security/2008/dsa-1523.wml +++ /dev/null @@ -1,22 +0,0 @@ -udførelse af skripter på tværs af websteder - -

Josh Triplett opdagede at ikiwiki ikke blokerede for JavaScript i URL'er, -hvilket førte til sårbarheder i forbindelse med udførelse af skripter på tværs -af websteder (\ -CVE-2008-0808, \ -CVE-2008-0809).

- -

Den gamle stabile distribution (sarge) indeholder ikke en ikiwiki-pakke.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.33.4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.31.1.

- -

Vi anbefaler at du opgraderer din ikiwiki-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1523.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1524.wml b/danish/security/2008/dsa-1524.wml deleted file mode 100644 index f4d11fc1170..00000000000 --- a/danish/security/2008/dsa-1524.wml +++ /dev/null @@ -1,46 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i kdc-komponenten i krb5, et -system til autentificering af brugere og tjenester på et netværk. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-0062 - -

    En ikke-autentificeret fjernangriber kunne få en krb4-aktiveret KDC til at -gå ned, udstille oplysninger eller udføre vilkårlig kode. En succesrig -udnyttelse af denne sårbarhed kunne kompromittere Kerberos-nøgledatabasen og -værtssikkerhed på KDC-værten.

    • - -
  • CVE-2008-0063 - -

    En ikke-autentificeret fjernangriber kunne få en krb4-aktiveret KDC til at -udstille oplysninger. Det er teoretisk muligt at de udstillede oplysninger kan -indeholde hemmelige nøgledata på visse platforme.

    • - -
  • CVE-2008-0947 - -

    En ikke-autentificeret fjernangriber kunne forårsage hukommelseskorruption i -processen kadmind, hvilket sandsynligvis vil få kadmind til at gå ned, -medførende et lammelsesangreb (denial of service). Det er om ikke andet -teoretisk muligt for en sådan korruption at medføre databasekorruption eller -udførelse af vilkårlig kode, selv om vi ikke har en sådan udnyttelse og ikke -har kendskab til at nogen sådanne udnyttelser anvendes. I versioner af -MIT Kerberos leveret med Debian, kan denne fejl kun udløses i opsætninger der -tillader store antal åbne fildesciptorer i en proces.

    • - -
- -

I den gamle stabile distribution (sarge), er disse problemer rettet -i version krb5 1.3.6-2sarge6.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.4.4-7etch5.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1524.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1525.wml b/danish/security/2008/dsa-1525.wml deleted file mode 100644 index c1d637328ce..00000000000 --- a/danish/security/2008/dsa-1525.wml +++ /dev/null @@ -1,44 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Asterisk, et fri software PBX -og telefonitoolkit. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgene problemer:

- -
    - -
  • CVE-2007-6430 - -

    Tilghman Lesher opdagede at databasebaserede registreringer blev - valideret på utilstrækkelig vis. Dette påvirker kun konfigurationer, der - er opsat til at køre uden en adgangskode og kun værtsbaseret - autentificering.

    • - -
  • CVE-2008-1332 - -

    Jason Parker opdagede at utilstrækkelig validering af From:-headere - i SIP-kanaldriveren kunne føre til autentificeringsomgåelse og potentiel - ekstern initiering af opkald.

    • - -
  • CVE-2008-1333 - -

    Denne opdatering retter også en formatstrengssårbarhed, der kun kan - udløses gennem opsætningsfiler under kontrol af den lokal administrator. - I senere udgaver af Asterisk er dette problem fjernudnytbart og spores som - \ - CVE-2008-1333.

    • - -
- -

Hvorvidt den gamle stabile distribution (sarge) er påvirket, er pt. ved at -blive undersøgt. Hvis den er påvirket, vil en opdatering blive udgiven gennem -security.debian.org.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1:1.2.13~dfsg-2etch3.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1525.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1526.wml b/danish/security/2008/dsa-1526.wml deleted file mode 100644 index 8e7a8fa3121..00000000000 --- a/danish/security/2008/dsa-1526.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere sårbarheder - -

Steve Kemp fra Debian Security Audit-projektet, opdagede flere lokale -sårbarheder i xwine, en grafisk brugergrænseflade til emulatoren WINE.

- -

Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2008-0930 - -

    Kommandoen xwine anvender lokale midlertidige filer på usikker vis, når - der udskrives. Dette kunne gøre det muligt at fjerne vilkårlige filer - hørende til brugere, der starter programmet.

    • - -
  • CVE-2008-0931 - -

    Kommandoen xwine ændrer rettighederne på den globale WINE-opsætningsfil på - en sådan måde, at den er skrivbar for alle. Dette kunne gøre det muligt for - lokale brugere at redigere filen, så vilkårlige kommandoer kunne udføres når - en lokal bruger udførte et program under WINE.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -1.0.1-1etch1.

- -

Vi anbefaler at du opgraderer din xwine-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1526.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1527.wml b/danish/security/2008/dsa-1527.wml deleted file mode 100644 index 516b6059045..00000000000 --- a/danish/security/2008/dsa-1527.wml +++ /dev/null @@ -1,21 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Thomas de Grenier de Latour opdagede at værktøjet checkrestart i -værktøjessuiten debian-goodies, tillod at lokale brugere kunne opnå rettigheder -gennem shell-metategn i navnet på den eksekvérbare fil i en kørende proces.

- -

I den gamle stabile distribution (sarge), er dette problem rettet i -version 0.24+sarge1.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.27+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.34.

- -

Vi anbefaler at du opgraderer din debian-goodies-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1527.data" -#use wml::debian::translation-check translation="97206df41c425e1c1ec88848d93fd6247c601f33" mindelta="1" diff --git a/danish/security/2008/dsa-1528.wml b/danish/security/2008/dsa-1528.wml deleted file mode 100644 index dc9441dabfe..00000000000 --- a/danish/security/2008/dsa-1528.wml +++ /dev/null @@ -1,20 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Peter Hüwe og Hanno Böck opdagede at Serendipity, en weblogmanager, -ikke på korrekt vis fornuftighedskontrollerede inddata i flere skripter, hvilket -gjorde det muligt at udføre skripter på tværs af servere.

- -

Den gamle stabile distribution (sarge) indeholder ikke pakken serendipity.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.0.4-1+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3-1.

- -

Vi anbefaler at du opgraderer din serendipity-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1528.data" -#use wml::debian::translation-check translation="9e8db2a898fc6cdda58887fb4674cf9592586230" mindelta="1" diff --git a/danish/security/2008/dsa-1529.wml b/danish/security/2008/dsa-1529.wml deleted file mode 100644 index 8041802fa2d..00000000000 --- a/danish/security/2008/dsa-1529.wml +++ /dev/null @@ -1,59 +0,0 @@ -flere sårbarheder - - -

-Flere sikkerhedsproblemer er opdaget i Firebird-databasen, hvilket kunne føre -til udførelse af vilkårlig kode eller lammelsesangreb (denial of service). -

- -

-Denne Debian-sikkerhedsbulletin er lidt usædvanlig. Mens vi normalt altid -tilbagefører sikkerhedsrettelser til ældre versioner, viste det sig at være -ugennemførligt hvad angår Firebird 1.5, på grund af mange -infrasturkturmæssige ændringer for at løse disse problemer. SOm konsekvens -deraf understøttes Firebird 1.5 ikke længere med sikkerhedsopdateringer, -hvorved administratorer der har en Firebird-database, har to muligheder: -

- -
    -
  1. Administratorer der kører Firebird i en fuldstændig intern opsætning - med betroede brugere kan undlade at foretage sig noget.
    2. - -
  2. Alle andre bør opgradere til firebird2.0-pakkerne, der er tilgængelige på - \ - backports.org.

    - - Version 2.0.3.12981.ds1-6~bpo40+1 retter alle kendte problemer.

    - - Se venligst den - \ - generelle backports.org-dokumentation for oplysninger om hvordan man - tilføjer pakkerne til sin pakkehåndteringsopsætning.

    - - Disse pakker er tilbageført til at køre på Debian stable. Da - firebird2.0 ikke er uden videre kan erstatte firebird2 (som er - kildekodepakkenavnet for Firebird 1.5-pakkerne), udgives disse opdateringer - ikke gennem security.debian.org. Rettelser til eventuelle fremtidige - sikkerhedsproblemer som påvirker Debian stabile, vil også blive udgivet - gennem backports.org.

    - - Aftaler, der sikrer at Firebird i den kommende Debian 5.0-udgave, kan - understøttes med regulære tilbageførte sikkerhedsrettelser er indgået.
    3. - -
- -

For en mere detaljeret beskrivelse af sikkerhedsproblemer, kan man læse -registreringerne i Debians fejlsporingssystem refereret oven for, samt på de -følgende URL'er:

- -

-http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf
-http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf
-http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1529.data" -#use wml::debian::translation-check translation="50dd416221c1adf9b4244db818a6dfd2164ed74b" mindelta="1" diff --git a/danish/security/2008/dsa-1530.wml b/danish/security/2008/dsa-1530.wml deleted file mode 100644 index 52e480e7afc..00000000000 --- a/danish/security/2008/dsa-1530.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Flere lokalt og fjernudnytbare sårbarheder er opdaget i cupsys, Common Unix -Printing System. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2008-0047 -

    -Heap-baseret bufferoverløb i CUPS, når printerdeling er aktiveret, gjorde det -muligt for fjernangribere at udføre vilkårlig kode gennem særligt fremstillede -søgeudtryk. -

    -
    • - -
  • CVE-2008-0882 -

    -Dobbelt frigivnings-sårbarheder i funktionen process_browse_data function i CUPS -1.3.5 gjorde det muligt for fjernangribere at forårsage lammelsesangreb (denial -of service; dæmonnedbrud) og muligvis udførelse af vilkårlig kode gennem særligt -fremstillede pakker til cupsd-porten (631/udp), i forbindelse med en uangivet -manipulering af en fjern printer. -

    -
    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.2.7-4etch3.

- -

Vi anbefaler at du opgraderer dine cupsys-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1530.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1531.wml b/danish/security/2008/dsa-1531.wml deleted file mode 100644 index 3d31fd4a230..00000000000 --- a/danish/security/2008/dsa-1531.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikre midlertidige filer - -

Chris Howells opdagede at policyd-weight, en policydæmon til -mailserverprogrammet Postfix, oprettede sin socket på en usikker måde, hvilket -kunne udnyttes til at overskrive eller fjerne vilkårlige filer fra det lokale -system.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.1.14-beta-6etch2.

- -

Den gamle stabile distribution (sarge) indeholder ikke en policyd-weight-pakke.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din policyd-weight-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1531.data" -#use wml::debian::translation-check translation="95bec8db64e736514dc075dfca2cee0197fd4944" mindelta="1" diff --git a/danish/security/2008/dsa-1532.wml b/danish/security/2008/dsa-1532.wml deleted file mode 100644 index 0174e7def72..00000000000 --- a/danish/security/2008/dsa-1532.wml +++ /dev/null @@ -1,81 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø til -XUL-applikationer. Projektet Common Vulnerabilities and Exposures har fundet -frem til følgende problemer:

- -
    - -
  • CVE-2007-4879 - -

    Peter Brodersen og Alexander Klink opdagede at det automatiske valg af - SSL-klientcertifikater kunne føre til at brugere blev sporet, medførende - et privatlivstab.

    • - -
  • CVE-2008-1233 - -

    moz_bug_r_a4 opdagede at varianter af - CVE-2007-3738 og - CVE-2007-5338 - muliggjorde udførelse af vilkårlig kode gennem XPCNativeWrapper.

    • - -
  • CVE-2008-1234 - -

    moz_bug_r_a4 opdagede at usikker håndtering af event-handlere kunne - føre til udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2008-1235 - -

    Boris Zbarsky, Johnny Stenback og moz_bug_r_a4 opdagede at - ukorrekt principal-håndtering kunne føre til udførelse af skripter på tværs - af websteder og udførelse af vilkårlig kode.

    • - -
  • CVE-2008-1236 - -

    Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett og Mats - Palmgren opdagede nedbrud i layout-maskinen, hvilket kunne muliggøre - udførelse af vilkårlig kode.

    • - -
  • CVE-2008-1237 - -

    georgi, tgirmann og Igor Bukanov opdagede nedbrud i - JavaScript-maskinen, hvilket kunne muliggøre udførelse af vilkårlig - kode.

    • - -
  • CVE-2008-1238 - -

    Gregory Fleischer opdagede at HTTP Referrer-headere blev håndteret på - ukorrekt vis i kombination med URL'er indeholdende Basic - Authentication-loginoplysninger med tomme brugernavne, medførende et - potentielt angreb i forbindelse med request-forfalskning på tværs af - websteder.

    • - -
  • CVE-2008-1240 - -

    Gregory Fleischer opdagede at webindhold hentet gennem jar:-protokollen - kunne anvende Java til at forbinde sig til vilkårlige porte. Dette er kun - et problem i forbindelse med den ikke-frie Java-plugin.

    • - -
  • CVE-2008-1241 - -

    Chris Thomas opdagede at baggroundsfaner kunne generere XUL-popup'er - som dækkede den aktuelle fane, potentielt medførende - spoofing-angreb.

    • - -
- -

Mozialla-produkterne fra den gamle stabile distribution (sarge) understøttes -ikke længere.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.8.0.15~pre080323b-0etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.8.1.13-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1532.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1533.wml b/danish/security/2008/dsa-1533.wml deleted file mode 100644 index af446de106a..00000000000 --- a/danish/security/2008/dsa-1533.wml +++ /dev/null @@ -1,42 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Christian Schmid og Meder Kydyraliev (Google Security) opdagede en række -sårbarheder i exiftags, et værktøj til at udtrække EXIF-metadata fra -JPEG-billeder. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende tre problemer:

- -
    - -
  • CVE-2007-6354 - -

    Utilstrækkelig EXIF-property-validering kunne føre til ukorrekt - hokummelsestilgang, hvis udført på et ondsindet fremstillet billede, - potentielt medførende heap-korrouption og udførelse af vilkårlig - kode.

    • - -
  • CVE-2007-6355 - -

    Fejlbehæftet datavalidering kunne føre til heltalsoverløb, medførende - anden ukorrekt hukommelsestilgang, desuden med risiko for - hukommelseskorrpution og vilkårlig udførelse af kode.

    • - -
  • CVE-2007-6356 - -

    Cykliske referencer til EXIF-billedfilmapper (IFD) kunne forårsage et - lammelsesangreb (uendelig løkke).

    • - -
- -

I den gamle stabile distribution (sarge), er disse problemer rettet -i version 0.98-1.1+0sarge1.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.98-1.1+etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.01-0.1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1533.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1534.wml b/danish/security/2008/dsa-1534.wml deleted file mode 100644 index 69be1c30c2d..00000000000 --- a/danish/security/2008/dsa-1534.wml +++ /dev/null @@ -1,78 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i internetprogramsuiten Iceape, -en version af Seamonkey Internet Suite. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-4879 - -

    Peter Brodersen og Alexander Klink opdagede at det automatiske valg af - SSL-klientcertifikater kunne føre til at brugere blev sporet, medførende - et privatlivstab.

    • - -
  • CVE-2008-1233 - -

    moz_bug_r_a4 opdagede at varianter af - CVE-2007-3738 og - CVE-2007-5338 - muliggjorde udførelse af vilkårlig kode gennem XPCNativeWrapper.

    • - -
  • CVE-2008-1234 - -

    moz_bug_r_a4 opdagede at usikker håndtering af event-handlere kunne - føre til udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2008-1235 - -

    Boris Zbarsky, Johnny Stenback og moz_bug_r_a4 opdagede at - ukorrekt principal-håndtering kunne føre til udførelse af skripter på tværs - af websteder og udførelse af vilkårlig kode.

    • - -
  • CVE-2008-1236 - -

    Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett og Mats - Palmgren opdagede nedbrud i layout-maskinen, hvilket kunne muliggøre - udførelse af vilkårlig kode.

    • - -
  • CVE-2008-1237 - -

    georgi, tgirmann og Igor Bukanov opdagede nedbrud i - JavaScript-maskinen, hvilket kunne muliggøre udførelse af vilkårlig - kode.

    • - -
  • CVE-2008-1238 - -

    Gregory Fleischer opdagede at HTTP Referrer-headere blev håndteret på - ukorrekt vis i kombination med URL'er indeholdende Basic - Authentication-loginoplysninger med tomme brugernavne, medførende et - potentielt angreb i forbindelse med request-forfalskning på tværs af - websteder.

    • - -
  • CVE-2008-1240 - -

    Gregory Fleischer opdagede at webindhold hentet gennem jar:-protokollen - kunne anvende Java til at forbinde sig til vilkårlige porte. Dette er kun - et problem i forbindelse med den ikke-frie Java-plugin.

    • - -
  • CVE-2008-1241 - -

    Chris Thomas opdagede at baggroundsfaner kunne generere XUL-popup'er - som dækkede den aktuelle fane, potentielt medførende - spoofing-angreb.

    • - -
- -

Mozialla-produkterne fra den gamle stabile distribution (sarge) understøttes -ikke længere.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.0.13~pre080323b-0etch1.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1534.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1535.wml b/danish/security/2008/dsa-1535.wml deleted file mode 100644 index 4f455453b43..00000000000 --- a/danish/security/2008/dsa-1535.wml +++ /dev/null @@ -1,79 +0,0 @@ -flere sårbarheder - - -

Flere fjernudnytbare sårbarheder er opdaget i webbrowseren Iceweasel, en -version af browseren Firefox. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-4879 - -

    Peter Brodersen og Alexander Klink opdagede at det automatiske valg af - SSL-klientcertifikater kunne føre til at brugere blev sporet, medførende - et privatlivstab.

    • - -
  • CVE-2008-1233 - -

    moz_bug_r_a4 opdagede at varianter af - CVE-2007-3738 og - CVE-2007-5338 - muliggjorde udførelse af vilkårlig kode gennem XPCNativeWrapper.

    • - -
  • CVE-2008-1234 - -

    moz_bug_r_a4 opdagede at usikker håndtering af event-handlere kunne - føre til udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2008-1235 - -

    Boris Zbarsky, Johnny Stenback og moz_bug_r_a4 opdagede at - ukorrekt principal-håndtering kunne føre til udførelse af skripter på tværs - af websteder og udførelse af vilkårlig kode.

    • - -
  • CVE-2008-1236 - -

    Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett og Mats - Palmgren opdagede nedbrud i layout-maskinen, hvilket kunne muliggøre - udførelse af vilkårlig kode.

    • - -
  • CVE-2008-1237 - -

    georgi, tgirmann og Igor Bukanov opdagede nedbrud i - JavaScript-maskinen, hvilket kunne muliggøre udførelse af vilkårlig - kode.

    • - -
  • CVE-2008-1238 - -

    Gregory Fleischer opdagede at HTTP Referrer-headere blev håndteret på - ukorrekt vis i kombination med URL'er indeholdende Basic - Authentication-loginoplysninger med tomme brugernavne, medførende et - potentielt angreb i forbindelse med request-forfalskning på tværs af - websteder.

    • - -
  • CVE-2008-1240 - -

    Gregory Fleischer opdagede at webindhold hentet gennem jar:-protokollen - kunne anvende Java til at forbinde sig til vilkårlige porte. Dette er kun - et problem i forbindelse med den ikke-frie Java-plugin.

    • - -
  • CVE-2008-1241 - -

    Chris Thomas opdagede at baggroundsfaner kunne generere XUL-popup'er - som dækkede den aktuelle fane, potentielt medførende - spoofing-angreb.

    • - -
- -

Mozialla-produkterne fra den gamle stabile distribution (sarge) understøttes -ikke længere.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.0.0.13-0etch1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1535.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1536.wml b/danish/security/2008/dsa-1536.wml deleted file mode 100644 index fab6381527a..00000000000 --- a/danish/security/2008/dsa-1536.wml +++ /dev/null @@ -1,52 +0,0 @@ -flere sårbarheder - -

Flere lokale sårbarheder er opdaget i Xine, et medieafspilningsbibliotek, -gjorde det muligt at iværksætte lammelsesangreb (denial of service) eller -udføre vilkårlig kode, hvilket kunne udnyttes ved visning af ondsindet indhold. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-1246 / CVE-2007-1387 - -

    Funktionen DMO_VideoDecoder_Open satte ikke bitSize før anvendelse i - memcpy, hvilket gjorde det muligt for brugerassisterede fjernangribere at - forårsage et bufferoverløb og muligvis udføre vilkårlig kode (gælder kun - sarge).

    • - -
  • CVE-2008-0073 - -

    Arrayindeksfejl i funktionen sdpplin_parse gjorde det muligt for - fjerne RTSP-servere at udføre vilkårlig kode gennem et langt streamid - SDP-parameter.

    • - -
  • CVE-2008-0486 - -

    Arrayindekssårbarhed i libmpdemux/demux_audio.c kunne gøre det muligt for - fjernangribere at udføre vilkårlig kode gennem et fremstillet FLAC-tag, - hvilket udløste et bufferoverløb (gælder kun etch).

    • - -
  • CVE-2008-1161 - -

    Bufferoverløb i Matroska-demuxer'en gjorde det muligt for fjernangribere - at forårsage et lammelsesangreb (nedbrud) og måske udføre vilkårlig kode - gennem en Matroska-fil med ugyldige frame-størrelser.

    • - -
- -

I den gamle stabile distribution (sarge), er disse problemer rettet i -version 1.0.1-1sarge7.

- -

I den stabile distribution (etch), er disse problemer rettet i version -1.1.2+dfsg-6.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.1.11-1.

- -

Vi anbefaler at du opgraderer din xine-lib-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1536.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1537.wml b/danish/security/2008/dsa-1537.wml deleted file mode 100644 index f4621aa115b..00000000000 --- a/danish/security/2008/dsa-1537.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Alin Rad Pop (Secunia) opdagede en række sårbarheder i xpdf, et sæt værktøjer -til visning og konvertering af Portable Document Format-filer (PDF). Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-4352 - -

    Utilstrækkelig DCT-streamvalidering gjorde det muligt for en angribere at - korruptere hukommelse og potentielt udføre vilkårlig kode ved at levere en - ondsindet fremstillet PDF-fil.

    • - -
  • CVE-2007-5392 - -

    En heltalsoverløbssårbarhed i DCT-strømhåndteringen kunne gøre det muligt - for en angribere at få en heap-buffer til at løbe over, gørende udførelse af - vilkårlig kode mulig.

    • - -
  • CVE-2007-5393 - -

    En bufferoverløbssårbarhed i xpdf's CCITT-billedkomprimeringshåndtering, - muliggjorde overløb på heap'en, hvilket gjorde det muligt for en angribere - at udføre vilkårlig kode ved atlevere et ondsindet fremstillet - CCITTFaxDecode-filter.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 3.01-9.1+etch2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.02-1.3.

- -

Vi anbefaler at du opgraderer dine xpdf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1537.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1538.wml b/danish/security/2008/dsa-1538.wml deleted file mode 100644 index 0816337fdd6..00000000000 --- a/danish/security/2008/dsa-1538.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Erik Sjölund opdagede en bufferoverløbssårbarhed i Ogg -Vorbis-inputplugin'en i programmet til lydafspilning, alsaplayer. Succesrig -udnyttelse af denne sårbarhed gennem åbning af en ondsindet fremstillet -Vorbis-fil, kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (etch), er problemet rettet i -version 0.99.76-9+etch1.

- -

I den ustabile distribution (sid), er problemet rettet i -version 0.99.80~rc4-1.

- -

Vi anbefaler at du opgraderer dine alsaplayer-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1538.data" -#use wml::debian::translation-check translation="1b50e02c2c6ba5015c4777c3af92dbcfbb621735" mindelta="1" diff --git a/danish/security/2008/dsa-1539.wml b/danish/security/2008/dsa-1539.wml deleted file mode 100644 index e1f4802a723..00000000000 --- a/danish/security/2008/dsa-1539.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

Chris Schmidt og Daniel Morissette opdagede to sårbarheder i mapsever, et -udviklingsmiljø til spatile og kortlægningsprogrammer. Projektet Common -Vulnerabilities and Exposures har fundet frem til de følgende to problemer:

- -
    - -
  • CVE-2007-4542 - -

    Manglende fornuftighedskontrol af inddata og manglende indkapsling af - uddata i CGI mapservers skabelonhåndtering og fejlrapporteringsrutiner, - førte til sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2007-4629 - -

    Manglende grænsekontroller i mapservers skabelonhåndtering førte til - en stakbaseret bufferoverløbssårbarhed, hvilket gjorde det muligt for en - fjernangribere at udføre vilkårlig kode under rettighederne hørende til - CGI- eller httpd-brugeren.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 4.10.0-5.1+etch2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.10.3-1.

- -

Vi anbefaler at du opgraderer din mapserver (4.10.0-5.1+etch2)-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1539.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1540.wml b/danish/security/2008/dsa-1540.wml deleted file mode 100644 index 83d32654757..00000000000 --- a/danish/security/2008/dsa-1540.wml +++ /dev/null @@ -1,15 +0,0 @@ -lammelsesangreb - -

Man har opdaget, at lighttpd, en hurtig webserver med minimalt -hukommelseforbrug, ikke håndterede SSL-fejl på korrekt vis. Dette kunne gøre -det muligt for en fjernangriber at afbryde alle aktive SSL-forbindelser.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.4.13-4etch7.

- -

Vi anbefaler at du opgraderer din lighttpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1540.data" -#use wml::debian::translation-check translation="b3a667ddeed074d41a85cf384dd29754984ca4e3" mindelta="1" diff --git a/danish/security/2008/dsa-1541.wml b/danish/security/2008/dsa-1541.wml deleted file mode 100644 index 21f7bcdad88..00000000000 --- a/danish/security/2008/dsa-1541.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i OpenLDAP, en fri implementering -af Lightweight Directory Access Protocol. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-5707 - -

    Thomas Sesselmann opdagede at slapd kunne bringes til at gå ned gennem - misdannede modify-forespørgsler.

    • - -
  • CVE-2007-5708 - -

    Toby Blade opdagede at ukorrekt hukommelseshåndtering i slapo-pcache - kunne føre til lammelsesangreb (denial of service) gennem fremstillede - søgeforespørgsler.

    • - -
  • CVE-2007-6698 - -

    Man opdagede at en programmeringsfejl i grænsefladen til - BDB-storagebackend'en kunne føre til lammelsesangreb gennem fremstillede - modify-forespørgsler.

    • - -
  • CVE-2008-0658 - -

    Man opdagede at en programmeringsfejl i grænsefladen til - BDB-storagebackend'en kunne føre til lammelsesangreb gennem fremstillede - modrdn-forespørgsler.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.3.30-5+etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.4.7-6.1.

- -

Vi anbefaler at du opgraderer dine openldap2.3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1541.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1542.wml b/danish/security/2008/dsa-1542.wml deleted file mode 100644 index 1c888c77833..00000000000 --- a/danish/security/2008/dsa-1542.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

Peter Valchev (Google Security) opdagede en række heltalsoverløbssvagheder i -Cairo, et bibliotek til vektorgrafikrendering anvendt af mange andre programmer. -Hvis et program anvender Cairo til rendering af et ondsindet fremstillet -PNG-billede, gjorde sårbarheden det muligt at udføre vilkårlig kode.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.2.4-4.1+etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.4.10-1.1.

- -

Vi anbefaler at du opgraderer dine libcairo-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1542.data" -#use wml::debian::translation-check translation="1b50e02c2c6ba5015c4777c3af92dbcfbb621735" mindelta="1" diff --git a/danish/security/2008/dsa-1543.wml b/danish/security/2008/dsa-1543.wml deleted file mode 100644 index 00507cf39cd..00000000000 --- a/danish/security/2008/dsa-1543.wml +++ /dev/null @@ -1,73 +0,0 @@ -flere sårbarheder - - -

Luigi Auriemma, Alin Rad Pop, Rémi Denis-Courmont, Quovodis, Guido -Landi, Felipe Manzano, Anibal Sacco og andre opdagede flere sårbarheder i vlc, -et program til afspilning og streaming af lyd og video. I værste fald kunne -disse sårbarheder gøre det muligt for en fjern ikke-autoriseret angriber, at -udføre vilkårlig kode med rettighederne hørende til brugeren, der kører vlc.

- -

Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -otte problemer:

- -
    - -
  • CVE-2007-6681 - -

    En bufferoverløbssårbarhed i undertekst-håndteringen gjorde det muligt - for en angriber at udføre vilkårlig kode gennem åbning af en ondsindet - fremstillet MicroDVD-, SSA- eller Vplayer-fil.

    • - -
  • CVE-2007-6682 - -

    En formatstrengssårbarhed i den HTTP-baserede fjernbetjeningsfunktion i - vlc-programmet tillod at en fjern, ikke-autoriseret angriber kunne udføre - vilkårlig kode.

    • - -
  • CVE-2007-6683 - -

    Usikker parametervalidering gjorde det muligt for en fjernangriber at - overskrive vilkårlige filer, skrivbare for brugeren, der kører vlc, hvis en - ondsindet fremstillet M3U-spilleliste eller MP3-lydfil blev åbnet.

    • - -
  • CVE-2008-0295, - CVE-2008-0296 - -

    Heap-bufferoverløb i RTSP-stream og Session Description - Protocol-håndteringen (SDP) gjorde det muligt for en angriber at udføre - vilkårlig kode hvis en ondsindet fremstillet RTSP-stream blev - afspillet.

    • - -
  • CVE-2008-0073 - -

    Utilstrækkelig heltalsgrænsekontrol i SDP-håndteringen gjorde det muligt - at udføre vilkårlig kode gennem et ondsindet fremstillet - SDP-stream-id-parameter i an RTSP-stream.

    • - -
  • CVE-2008-0984 - -

    Utilstrækkelig integritetskontrol i MP4-demuxer'en gjorde det muligt for - en fjernangriber at overskrive vilkårlig hukommelse og udføre vilkårlig - kode, hvis en ondsindet fremstillet MP4-fil blev åbnet.

    • - -
  • CVE-2008-1489 - -

    En heltalsoverløbssårbarhed i MP4-håndteringen gjorde det muligt for en - fjernangriber at forårsage et heap-bufferoverløb, udløsende et nedbrud og - muligvis udførelse af vilkårlig kode, hvis en ondsindet fremstillet MP4-fil - blev åbnet.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.8.6-svn20061012.debian-5.1+etch2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.8.6.e-2.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1543.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1544.wml b/danish/security/2008/dsa-1544.wml deleted file mode 100644 index 114184dde31..00000000000 --- a/danish/security/2008/dsa-1544.wml +++ /dev/null @@ -1,23 +0,0 @@ -designfejl - -

Amit Klein opdagede at pdns-recursor, en cachende DNS-resolver, anvendte en -svag tilfæligt tal-generator til at fremstille DNS-transaktions-i'er og -UDP-kildeportnumre. Som en følge der, var det simplificeret at iværksætte -cache-forgiftningsangreb. -(\ -CVE-2008-1637) og -\ -CVE-2008-3217)

- -

I den stabile distribution (etch), er disse problemer rettet i -version 3.1.4-1+etch2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.1.7-1.

- -

Vi anbefaler at du opgraderer din pdns-recursor-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1544.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1545.wml b/danish/security/2008/dsa-1545.wml deleted file mode 100644 index 8a3b63d72b4..00000000000 --- a/danish/security/2008/dsa-1545.wml +++ /dev/null @@ -1,17 +0,0 @@ -heltalsoverløb - -

Sebastian Krahmer opdagede et heltalsoverløb i rsyncs kode til håndtering af -udvidede attributter kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 2.6.9-2etch2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.0.2-1.

- -

Vi anbefaler at du opgraderer din rsync-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1545.data" -#use wml::debian::translation-check translation="2270b104e2644799182cfbc95eb2f2be62b359e9" mindelta="1" diff --git a/danish/security/2008/dsa-1546.wml b/danish/security/2008/dsa-1546.wml deleted file mode 100644 index ceeab686ad5..00000000000 --- a/danish/security/2008/dsa-1546.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

Thilo Pfennig og Morten Welinder opdagede flere heltalsoverløbssvagheder i -Gnumeric, et regnearksprogram til GNOME. Disse sårbarheder kunne medføre -udførelse af vilkårlig kode gennem åbning af ondsindet fremstillede -Excel-regneark.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.6.3-5+etch1.

- -

I den ustabile (sid) distribution, these problems were fixed in -version 1.8.1-1.

- -

Vi anbefaler at du opgraderer dine gnumeric-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1546.data" -#use wml::debian::translation-check translation="fa490df4dc17f49850eee2eb78b864294931fb1e" mindelta="1" diff --git a/danish/security/2008/dsa-1547.wml b/danish/security/2008/dsa-1547.wml deleted file mode 100644 index 2297be7160c..00000000000 --- a/danish/security/2008/dsa-1547.wml +++ /dev/null @@ -1,47 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer er opdaget i OpenOffice.org, den frie -kontorpakke. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2007-5745, - CVE-2007-5747 - -

    Fejl er opdaget i den måde hvorpå OpenOffice.org fortolker Quattro - Pro-filer, hvilket måske kunne føre til et heap-overløb, potentielt gørende - det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2007-5746 - -

    Særligt fremstillede EMF-filer kunne udløse et bufferoverløb i heap'en, - hvilket måske kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-0320 - -

    En fejl er opdaget i behandlingen af OLE-filer, hvilket kunne forårsage - et bufferoverløb på heap'en, potentielt gørende det muligt at udføre - vilkårlig kode.

    • - -
- -

Nyligt rapportede problemer i ICU-biblioteket er rettet i den separate -libicu-pakke i forbindelse med DSA 1511, mod hvilket -OpenOffice.org er linket.

- -

I den gamle stabile distribution (sarge) er disse problemer rettet i -version 1.1.3-9sarge9.

- -

I den stabile distribution (etch) er disse problemer rettet i -version 2.0.4.dfsg.2-7etch5.

- -

I testing-distributionen (lenny) og den ustabile distribution (sid) er disse -problemer rettet i version 2.4.0~ooh680m5-1.

- -

Vi anbefaler at du opgraderer dine openoffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1547.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1548.wml b/danish/security/2008/dsa-1548.wml deleted file mode 100644 index 9d52ab8468a..00000000000 --- a/danish/security/2008/dsa-1548.wml +++ /dev/null @@ -1,29 +0,0 @@ -flere sårbarheder - -

Kees Cook opdagede en sårbarhed i xpdf, et sæt værktøjer til visning og -konvertering af Portable Document Format-filer (PDF). Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problem:

- -
    - -
  • CVE-2008-1693 - -

    Xpdf's håndtering af indlejrede skrifttyper manglende tilstrækkelig - validering af typekontrol. Hvis en ondsindet fremstillet PDF-fil blev, - gjorde sårbarheden det muligt at udføre vilkårlig kode med rettighederne - hørende til brugeren, der kører xpdf.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 3.01-9.1+etch4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.02-1.2.

- -

Vi anbefaler at du opgraderer din xpdf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1548.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1549.wml b/danish/security/2008/dsa-1549.wml deleted file mode 100644 index 6341fc4b0a6..00000000000 --- a/danish/security/2008/dsa-1549.wml +++ /dev/null @@ -1,38 +0,0 @@ -bufferoverløb - -

Flere fjernudnytbare sårbarheder er opdaget i værktøjerne Clam anti-virus. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2008-0314 - -

    Damian Put opdagede at et bufferoverløb i håndteringen af binære - PeSpin-filer måske kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-1100 - -

    Alin Rad Pop opdagede at et bufferoverløb i håndteringen af binære - Upack PE-filer måske kunne føre til udførelse af vilkårlig kode.

    - -
  • CVE-2008-1833 - -

    Damian Put og Thomas Pollet opdagede at et bufferoverløb i håndteringen - af binære WWPack-komprimerede PE-filer måske kunne føre til udførelse af - vilkårlig kode.

    • - -
- -

I den stabile distribution (etch) er disse problemer rettet -i version 0.90.1dfsg-3etch11.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.92.1~dfsg2-1.

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1549.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1550.wml b/danish/security/2008/dsa-1550.wml deleted file mode 100644 index ba4e6c8618a..00000000000 --- a/danish/security/2008/dsa-1550.wml +++ /dev/null @@ -1,17 +0,0 @@ -programmeringsfejl - -

Man opdagede at suphp, et Apache-modul til afvikling af PHP-skripter med -ejerrettigheder, håndterede symboliske links på usikker vis, hvilket kunne føre -til lokale brugeres rettighedsforøgelse.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.6.2-1+etch0.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine suphp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1550.data" -#use wml::debian::translation-check translation="e65c06faf993839dce36348f71cc226cfcf68381" mindelta="1" diff --git a/danish/security/2008/dsa-1551.wml b/danish/security/2008/dsa-1551.wml deleted file mode 100644 index 716ada21f3d..00000000000 --- a/danish/security/2008/dsa-1551.wml +++ /dev/null @@ -1,47 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i fortolkeren af programmeringssproget Python. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-2052 - -

    Piotr Engelking opdagede at funktionen strxfrm() i locale-modulet - fejlberegnede længden på en intern buffer, hvilket måske kunne medføre en - mindre informationslækage.

    • - -
  • CVE-2007-4965 - -

    Man opdagede at flere heltalsoverløb imageop-modulet måske kunne føre - til udførelse af vilkårlig kode, hvis en bruger blev narret til at - behandle misdannede billeder. Problemet spores også som - CVE-2008-1679 - på grund af en oprindelig ukomplet rettelse (patch).

    • - -
  • CVE-2008-1721 - -

    Justin Ferguson opdagede at et bufferoverløb i zlib-modulet måske kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-1887 - -

    Justin Ferguson opdagede at utilstrækkelig inddatakontrol i - PyString_FromStringAndSize() måske kunne føre til udførelse af vilkårlig - kode.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.4.4-3+etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.4.5-2.

- -

Vi anbefaler at du opgraderer dine python2.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1551.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1552.wml b/danish/security/2008/dsa-1552.wml deleted file mode 100644 index 286a66ed694..00000000000 --- a/danish/security/2008/dsa-1552.wml +++ /dev/null @@ -1,18 +0,0 @@ -manglende kontrol af inddata - -

Man opdagede at filmafspilleren MPlayer udførte utilstrækkelig -fornuftighedskontrol af inddata fra SDP-sessionsdata, hvilket potentielt kunne -føre til udførelse af vilkårlig kode gennem en misdannet multimediestream.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.0~rc1-12etch3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.0~rc2-10.

- -

Vi anbefaler at du opgraderer din mplayer-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1552.data" -#use wml::debian::translation-check translation="b718cfbc1d4f903d519c88ed5acadc097ec38d05" mindelta="1" diff --git a/danish/security/2008/dsa-1553.wml b/danish/security/2008/dsa-1553.wml deleted file mode 100644 index abeb51ca111..00000000000 --- a/danish/security/2008/dsa-1553.wml +++ /dev/null @@ -1,17 +0,0 @@ -forfalsket forespørgsel på tværs af websteder - -

Man opdagede at ikiwiki, en wiki-implementering, ikke beskyttede adgangskoder -og indhold mod forfalskede forspørgsler på tværs af websteder-angreb (CSRF).

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.33.5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.42.

- -

Vi anbefaler at du opgraderer din ikiwiki-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1553.data" -#use wml::debian::translation-check translation="50dcc63d4c73a8c154f16df5f382af1428cc806d" mindelta="1" diff --git a/danish/security/2008/dsa-1554.wml b/danish/security/2008/dsa-1554.wml deleted file mode 100644 index 28bc3394369..00000000000 --- a/danish/security/2008/dsa-1554.wml +++ /dev/null @@ -1,19 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Roundup, et fejlsporingssystem, indkaplsede ikke på tilstrækkelig vis -HTML-inddata, hvilket gjorde det muligt for en angriber at indsprøjte -klientside-kode (typisk JavaScript) i dokumenter, som kunne vises i -offerets browser.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.2.1-5+etch2.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.3.3-3.1.

- -

Vi anbefaler at du opgraderer dine roundup-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1554.data" -#use wml::debian::translation-check translation="c093fc2ce69faf59e6301d5a82e78b0aaf66da95" mindelta="1" diff --git a/danish/security/2008/dsa-1555.wml b/danish/security/2008/dsa-1555.wml deleted file mode 100644 index bcd600032c2..00000000000 --- a/danish/security/2008/dsa-1555.wml +++ /dev/null @@ -1,17 +0,0 @@ -programmeringsfejl - -

Man opdagede at nedbrud JavaScript-maskinen i Iceweasel, en version af -browseren Firefox, potentielt kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 2.0.0.14-0etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.0.14-1.

- -

Vi anbefaler at du opgraderer din iceweasel-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1555.data" -#use wml::debian::translation-check translation="4d1938e3479ffdfa0aed0f90d6d611d6afea1a6b" mindelta="1" diff --git a/danish/security/2008/dsa-1556.wml b/danish/security/2008/dsa-1556.wml deleted file mode 100644 index 9b446c80867..00000000000 --- a/danish/security/2008/dsa-1556.wml +++ /dev/null @@ -1,19 +0,0 @@ -heap-bufferoverløb - -

Man opdagede at Perl-fortolkeren kunne løbe ind i en bufferoverløbstilstand -når den kompilede visse regulære udtryk indholde Unicode-tegn. Dette skete også -hvis de problematiske tegn var indeholdt i en variabelreference beskyttet af -citatnotationen \Q...\E. Når denne tilstand opstod, gik Perl-fortolkeren -typisk ned, men vilkårlig udførelse af kode kan ikke udelukkes.

- -

I den stabile distribution (etch), er dette problem rettet i -version 5.8.8-7etch3.

- -

Den ustabile distribution (sid) vil snart blive rettet.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1556.data" -#use wml::debian::translation-check translation="6131fd45422f4da95c389b4bd2ef054022891657" mindelta="1" diff --git a/danish/security/2008/dsa-1557.wml b/danish/security/2008/dsa-1557.wml deleted file mode 100644 index 4579e6e5b00..00000000000 --- a/danish/security/2008/dsa-1557.wml +++ /dev/null @@ -1,40 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Flere fjernudnytbare sårbarheder er opdaget i phpMyAdmin, et program til -administrering af MySQL over WWW. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2008-1924 - -

    Angribere med CREATE-rettigheder til tabeller, kunne læse vilkårlige - filer, der var læsbare af webserveren, gennem en fremstillet HTTP - POST-forespørgsel.

    • - -
  • CVE-2008-1567 - -

    PHP's sessionsdatafil indeholdt brugernavnet og adgangskoden på en - indlogget bruger, hvilket i nogle opsætninger kunne læses af en lokal - bruger.

    • - -
  • CVE-2008-1149 - -

    Udførelse af skripter på tværs af websteder og SQL-indsprøjtning var - muligt for angribere, der havde rettigheder til at oprette cookies i det - samme cookie-domæne som phpMyAdmin kører i.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 4:2.9.1.1-7.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4:2.11.5.2-1.

- -

Vi anbefaler at du opgraderer din phpmyadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1557.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1558.wml b/danish/security/2008/dsa-1558.wml deleted file mode 100644 index 40636cd64d1..00000000000 --- a/danish/security/2008/dsa-1558.wml +++ /dev/null @@ -1,17 +0,0 @@ -programmeringsfejl - -

Man har opdaget at nedbrud i JavaScript-maskinen i xulrunner, Gecko-maskinens -bibliotek, potentielt kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.8.0.15~pre080323b-0etch2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.8.1.14-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1558.data" -#use wml::debian::translation-check translation="7a825d7946b5cd956ab75bd9670c68d6aa2299da" mindelta="1" diff --git a/danish/security/2008/dsa-1559.wml b/danish/security/2008/dsa-1559.wml deleted file mode 100644 index bb42a9346fb..00000000000 --- a/danish/security/2008/dsa-1559.wml +++ /dev/null @@ -1,19 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Man har opdaget at phpGedView, et program der giver onlineadgang til -genealogiske oplysninger, udførte utilstrækkelig fornuftighedskontrol på -inddata i nogle parametre, gørende programmet sårbart over for udførelse af -skripter på tværs af websteder.

- -

I den stabile distribution (etch), er dette problem rettet i version -4.0.2.dfsg-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -4.1.e+4.1.1-2.

- -

Vi anbefaler at du opgraderer din phpgedview-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1559.data" -#use wml::debian::translation-check translation="dfa038f5c48a2ac5a2ad0c9ff9ea505a94d508a4" mindelta="1" diff --git a/danish/security/2008/dsa-1560.wml b/danish/security/2008/dsa-1560.wml deleted file mode 100644 index fd5e14c4000..00000000000 --- a/danish/security/2008/dsa-1560.wml +++ /dev/null @@ -1,19 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

"The-0utl4w" opdagede at Kronolith, kalenderkomponent til Horde Framework'et, -ikke på korrekt vis fornuftighedskontrollerede URL-inddata, førende til en -sårbarhed i forbindelse med udførelse af skripter på tværs af websteder i -add event-billedet.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.1.4-1etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1.8-1.

- -

Vi anbefaler at du opgraderer din kronolith2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1560.data" -#use wml::debian::translation-check translation="dfa14f2b5645b5b0902b4da8f0466448817c85ea" mindelta="1" diff --git a/danish/security/2008/dsa-1561.wml b/danish/security/2008/dsa-1561.wml deleted file mode 100644 index c5408196c94..00000000000 --- a/danish/security/2008/dsa-1561.wml +++ /dev/null @@ -1,26 +0,0 @@ -programmeringsfejl - -

Christian Herzog opdagede at i Linux Terminal Server Project var det muligt -at forbinde sig til X på enhver LTSP-klient fra enhver vært på netværket, -gørende klientvinduer og tastetryk synlige på den pågældende vært.

- -

BEMÆRK: De fleste ldm-installeringer er sandsynligvis i chroot-miljøer -eksporteret over NFS, og vil ikke blive opgraderet ved blot at opgradere -serveren selv. Eksempelvis, på i386-arkitekturen, for at opgradere ldm skal -man sandsynligvis gøre følgende:

- -
    chroot /opt/ltsp/i386 apt-get update
-    chroot /opt/ltsp/i386 apt-get dist-upgrade
- -

I den stabile distribution (etch), er dette problem rettet i -version 0.99debian11+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:0.1~bzr20080308-1.

- -

Vi anbefaler at du opgraderer din ldm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1561.data" -#use wml::debian::translation-check translation="dfa14f2b5645b5b0902b4da8f0466448817c85ea" mindelta="1" diff --git a/danish/security/2008/dsa-1562.wml b/danish/security/2008/dsa-1562.wml deleted file mode 100644 index e77f45b41b4..00000000000 --- a/danish/security/2008/dsa-1562.wml +++ /dev/null @@ -1,18 +0,0 @@ -programmeringsfejl - -

Man har opdaget at nedbrud i JavaScript-maskinen i Iceape, en udgave af -internetprogrampakken Seamonkey, potentielt kunne føre til udførelse af -vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.0.13~pre080323b-0etch3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.9-2.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1562.data" -#use wml::debian::translation-check translation="1428a45f9fc2aa1a3ce87cdd460cea658347ea26" mindelta="1" diff --git a/danish/security/2008/dsa-1563.wml b/danish/security/2008/dsa-1563.wml deleted file mode 100644 index 82178bffd4a..00000000000 --- a/danish/security/2008/dsa-1563.wml +++ /dev/null @@ -1,19 +0,0 @@ -programmeringsfejl - -

Joel R. Voss opdagede at IAX2-modulet i Asterisk, et frit software-PBX og -telefonitoolkit, udførte utilstrækkelig fornuftighedskontrol af -IAX2-protokolbeskeder, hvilket måske kunne føre til lammelsesangreb (denial -of service).

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.2.13~dfsg-2etch4.

- -

I den ustabile distribution (sid), er dette problem rettet -i version 1.4.19.1~dfsg-1.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1563.data" -#use wml::debian::translation-check translation="bef16ff60e6c22268f7e9878f386d85126cb548e" mindelta="1" diff --git a/danish/security/2008/dsa-1564.wml b/danish/security/2008/dsa-1564.wml deleted file mode 100644 index a5057a78533..00000000000 --- a/danish/security/2008/dsa-1564.wml +++ /dev/null @@ -1,51 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i WordPress, et -webloghåndteringsprogram. Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-3639 - -

    Utilstrækkelig fornufighedskontrol af inddata gjorde det muligt for - fjernangribere at omdirigere besøgende til eksterne websteder.

    • - -
  • CVE-2007-4153 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder gjorde det muligt for autentificerede administratorer at - indsprøjte vilkårligt webskript eller HTML.

    • - -
  • CVE-2007-4154 - -

    SQL-indsprøjtningssårbarhed gjorde det muligt for fjern autentificerede - administratorer at udføre vilkårlig SQL-kommandoer.

    • - -
  • CVE-2007-0540 - -

    WordPress gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (denial of service, båndbredde- eller tråd-forbrug) via - pingback-servicekald med en kilde-URI, der svarede til en fil med en - binær indholdstype, som blev hentet selv om den ikke kunne indeholde - brugbare pingbackdata.

    • - -
  • [endnu intet CVE-navn] - -

    Utilstrækkelig fornuftighedskontrol af inddata forårsagede at en angriber - med en normal brugerkonto kunne tilgå administratorbrugerfladen.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -2.0.10-1etch2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.2.3-1.

- -

Vi anbefaler at du opgraderer din wordpress-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1564.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1565.wml b/danish/security/2008/dsa-1565.wml deleted file mode 100644 index 7aa4301a7fb..00000000000 --- a/danish/security/2008/dsa-1565.wml +++ /dev/null @@ -1,50 +0,0 @@ -flere sårbarheder - -

Flere lokale sårbarheder er opdaget i Linux-kernen, hvilket måske kan føre -til lammelsesangreb (denial of service) eller udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-6694 - -

    Cyrill Gorcunov rapporterede om en NULL-pointerdeference i koden, der - specifikt har med CHRP PowerPC-platforme at gøre. Lokale brugere kunne - udnytte dette problem til at iværksætte et lammelsesangreb (denial of - service, DoS).

    • - -
  • CVE-2008-0007 - -

    Nick Piggin fra SuSE opdagede en række problemer i undersystemer, der - registrerer en fault handler til hukommelsesmappede områder. Dette problem - kunne udnyttes af lokale brugere til at iværksætte et lammelsesangreb (DoS) - og muligvis udføre vilkårlig kode.

    • - -
  • CVE-2008-1294 - -

    David Peer opdagede at brugere kunne undslippe administratorpålagte - CPU-tids-begrænsninger (RLIMIT_CPU) ved at sætte det til 0.

    • - -
  • CVE-2008-1375 - -

    Alexander Viro opdagede en race-tilstand i - mappenotificeringsundersystemet, hvilket gjorde det muligt for lokale - brugere at forårsage et lammelsesangreb (oops) og muligvis medføre en - rettighedsforøgelse.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -2.6.18.dfsg.1-18etch3.

- -

Den ustabile distribution (sid) og distributionen testing vil snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine Linux-2.6-, fai-kernels- og -user-mode-linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1565.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1566.wml b/danish/security/2008/dsa-1566.wml deleted file mode 100644 index 5a2a889a280..00000000000 --- a/danish/security/2008/dsa-1566.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

Dmitry Levin opdagede en sårbarhed i stihåndteringskoden, der anvendes af -cpio-arkiveringsværktøjet. Svagheden kunne gøre det muligt at iværksætte -lammelsesangreb (denial of service, crash) eller potentielt udførelse af -vilkårlig kode, hvis en sårbar version af cpio blev anvendt til at udpakke -eller vise indholdet af et ondsindet fremstillet arkiv.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.6-18.1+etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.9-5.

- -

Vi anbefaler at du opgraderer dine cpio-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1566.data" -#use wml::debian::translation-check translation="f292b8b9f52ea5900524e7da10a99dbafa11adc9" mindelta="1" diff --git a/danish/security/2008/dsa-1567.wml b/danish/security/2008/dsa-1567.wml deleted file mode 100644 index f3746f21fd6..00000000000 --- a/danish/security/2008/dsa-1567.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - -

Stefan Cornelius opdagede en sårbarhed i billedfortolkeren Radiance High -Dynamic Range (HDR) i Blender, en 3-D-modelleringsapplikation. Svagheden kunne -gøre det muligt at udføre stakbaserede bufferoverløb og udføre vilkårlig kode, -hvis en ondsindet fremstillet HDR-fil blev åbnet, eller hvis en mappe -indeholdende en sådan fil blev browset gennem Blenders billedåbningsdialog.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.42a-7.1+etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.45-5.

- -

Vi anbefaler at du opgraderer dine blender-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1567.data" -#use wml::debian::translation-check translation="7ada9b9e28cf4dd11a98f18fc04e81aa890e11b3" mindelta="1" diff --git a/danish/security/2008/dsa-1568.wml b/danish/security/2008/dsa-1568.wml deleted file mode 100644 index e5d344f0be5..00000000000 --- a/danish/security/2008/dsa-1568.wml +++ /dev/null @@ -1,18 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

"unsticky" opdagede at b2evolution, en blogmaskine, udførte utilstrækkelig -fornuftighedskontrol på inddata, gørende det muligt at udføre skripter på -tværs af servere.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.9.2-3+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.9.2-4.

- -

Vi anbefaler at du opgraderer din b2evolution-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1568.data" -#use wml::debian::translation-check translation="da344fab0612b0b7f67cbd28c5cd44cf3b7eb771" mindelta="1" diff --git a/danish/security/2008/dsa-1569.wml b/danish/security/2008/dsa-1569.wml deleted file mode 100644 index 908488bac5e..00000000000 --- a/danish/security/2008/dsa-1569.wml +++ /dev/null @@ -1,18 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Man har opdaget at Cacti, en frontend til overvågning af systemer og -services, udførte utilstrækkelig fornuftighedskontrol af inddata, førende til at -det var muligt at udføre skripter på tværs af servere og SQL-indsprøjtning.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.8.6i-3.4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.8.7b-1.

- -

Vi anbefaler at du opgraderer din cacti-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1569.data" -#use wml::debian::translation-check translation="c093fc2ce69faf59e6301d5a82e78b0aaf66da95" mindelta="1" diff --git a/danish/security/2008/dsa-1570.wml b/danish/security/2008/dsa-1570.wml deleted file mode 100644 index dfd476784a4..00000000000 --- a/danish/security/2008/dsa-1570.wml +++ /dev/null @@ -1,21 +0,0 @@ -forskelligt - -

Andrews Salomon rapporterede at kazehakase, en GTK+-baseret webbrowser, der -tillader plug-bare fortolkningsmaskiner, indeholdt en indlejret kopi af -PCRE-biblioteket i sit kildekodetræ, hvilket var kompilet ind og blev anvendt i -stedet for systemudgaven af biblioteket.

- -

PCRE-biblioteket er blevet opdateret med rettelser af sikkerhedsproblemerne, -rapporteret mod det i Debians tidligere sikkerhedsbulletiner. Denne opdatering -sikrer at kazehakase anvender dette understøttede bibliotek, og ikke sin egen -indlejrede og usikre version.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.4.2-1etch1.

- -

Vi anbefaler at du opgraderer din kazehakase-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1570.data" -#use wml::debian::translation-check translation="7ecbdc706076a60fb07a54508d4a831527aebe0d" mindelta="1" diff --git a/danish/security/2008/dsa-1571.wml b/danish/security/2008/dsa-1571.wml deleted file mode 100644 index 91868fc42dc..00000000000 --- a/danish/security/2008/dsa-1571.wml +++ /dev/null @@ -1,70 +0,0 @@ -forudsigelig generator af tilfældige tal - -

Luciano Bello opdagede at generatoren af tilfældige tal i Debians -openssl-pakke er forudsigelig. Dette skyldes en ukorrekt Debian-specifik -ændring af openssl-pakken -(\ -CVE-2008-0166). Som følge heraf kan kryptografisk nøglemateriale være -gætbart.

- -

Dette er en Debian-specifik sårbarhed, der ikke påvirker andre styresystemer, -som ikke er baseret på Debian. Dog kan andre systemer inddirekte være påvirket, -hvis svage nøgler importeres ind i dem.

- -

Det anbefales kraftigt at alt kryptografisk nøglemateriale, der er blevet -genereret af OpenSSL-versioner begyndende med 0.9.8c-1 på Debian-systemer, -genereres forfra. Desuden bør alle DSA-nøgler nogensinde anvendt på påvirkede -Debian-systemer til signerings- eller autentifikationsformål, betragtes som -kompromitterede; Digital Signature Algorithm er afhængig af en hemmelig -tilfældig værdi, der anvendes under signaturgenereringen.

- -

Den første sårbare version, 0.9.8c-1, blev uploadet til den ustabile -distribution den 17. september 2006, og har siden bevæget sig til -distributionen testing og den aktuelle stabile distribution (etch). Den gamle -stabile distribution (sarge) er ikke påvirket.

- -

Påvirkede nøgler er SSH-nøgler, OpenVPN-nøgler, DNSSEC-nøgler og -nøglemateriale til brug i X.509-certifikater og sessionsnøgler anvendt i -SSL/TLS-forbindelser. Nøgler genereret med GnuPG eller GNUTLS er dog ikke -påvirket.

- -

En detektor til kendt svagt nøglemateriale vil blive offentliggjort:

- -

-\ -(OpenPGP-signatur)

- -

Vejledning i hvordan man implementerer nøglefornyelse (key rollover) -i forskellige pakker, vil blive offentliggjort på:

- -

https://www.debian.org/security/key-rollover/

- -

Dette websted vil løbende blive opdateret med ny og opdateret vejledning i -nøglefornyelse vedrørende pakker, der anvender SSL-certifikater. Populære -pakker, der ikke er påvirket, vil også blive anført.

- -

Ud over denne kritiske opdatering, er to andre sårbarheder blevet rettet i -openssl-pakken; de var oprindelig planlagt til udgivelse med den næste -punktopdatering af etch. OpenSSL's DTLS-implementering (Datagram TLS, i -princippet "SSL over UDP") implementerede i virkeligheden ikke -DTLS-specifikationen, men en potentielt meget svagere protokol, og indholdt en -sårbarhed, der gjorde det muligt at udføre vilkårlig kode -(\ -CVE-2007-4995). Et side channel-angreb i -heltalsmultipliceringsrutinerne er der også taget vare om -(\ -CVE-2007-3108).

- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.9.8c-4etch3.

- -

I den ustabile distribution (sid) og i distributionen testing -(lenny), er disse problemer rettet i version 0.9.8g-9.

- -

Vi anbefaler at du opgraderer din openssl-pakke og dernæst regenererer alt -krypografisk materiale jf. beskrivelsen herover.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1571.data" -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" diff --git a/danish/security/2008/dsa-1572.wml b/danish/security/2008/dsa-1572.wml deleted file mode 100644 index d07a3705b34..00000000000 --- a/danish/security/2008/dsa-1572.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i PHP, et serverside, HTML-indlejret -skriptsprog. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2007-3806 - -

    Funktionen glob gjorde det muligt for kontekstafhængige angribere at - forårsage et lammelsesangreb (denial of service) og muligvis udføre - vilkårlig kode gennem en ugyldig værdi i flags-parameteret.

    • - -
  • CVE-2008-1384 - -

    Et heltalsoverløb gjorde det muligt for kontektafhængige angribere at - forårsage et lammelsesangreb og muligvis have andre virkninger, gennem et - printf-formatparameter med en stor width-angivelse.

    • - -
  • CVE-2008-2050 - -

    Stakbaseret bufferoverløb i FastCGI SAPI.

    • - -
  • CVE-2008-2051 - -

    API-funktionen escapeshellcmd kunne angribes gennem ukomplette - multibyte-tegn.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 5.2.0-8+etch11.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.2.6-1.

- -

Vi anbefaler at du opgraderer din php5-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1572.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1573.wml b/danish/security/2008/dsa-1573.wml deleted file mode 100644 index 212d2125a73..00000000000 --- a/danish/security/2008/dsa-1573.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i rdesktop, en Remote Desktop -Protocol-klient. Projektet Common Vulnerabilities and Exposures har fundet frem -til følgende problemer:

- -
    - -
  • CVE-2008-1801 - -

    Fjernudnyttelse af en heltalsunderløbssårbarhed gjorde det muligt for - angribere at udføre vilkårlig kode med rettighederne hørende til den - indloggede bruger.

    • - -
  • CVE-2008-1802 - -

    Fjernudnyttelse af en BSS-overløbssårbarhed gjorde det muligt for - angribere at udføre vilkårlig kode med rettighederne hørende til den - indloggede bruger.

    • - -
  • CVE-2008-1803 - -

    Fjernudnyttelse af en heltalsfortegnssårbarhed gjorde det muligt for - angribere at udføre vilkårlig kode med rettighederne hørende til den - indloggede bruger.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.5.0-1etch2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.5.0-4+cvs20071006.

- -

Vi anbefaler at du opgraderer din rdesktop-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1573.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1574.wml b/danish/security/2008/dsa-1574.wml deleted file mode 100644 index 3afedcf27fc..00000000000 --- a/danish/security/2008/dsa-1574.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i mailklienten Icedove, en -udgave af Thunderbird. Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2008-1233 - -

    moz_bug_r_a4 opdagede at varianter af - CVE-2007-3738 og - CVE-2007-5338 - gjorde det muligt af udføre vilkårlig kode gennem XPCNativeWrapper.

    • - -
  • CVE-2008-1234 - -

    moz_bug_r_a4 opdagede at usikker håndtering af event-handlere kunne - føre til udførelse af skripter på tværs af websteder.

    - -
  • CVE-2008-1235 - -

    Boris Zbarsky, Johnny Stenback og moz_bug_r_a4 opdagede at ukorrekt - principal-håndtering kunne føre til udførelse af skripter på tværs af - websteder og udførelse af vilkårlig kode.

    • - -
  • CVE-2008-1236 - -

    Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett og Mats Palmgren - opdagede nedbrud i layoutmaskinen, hvilket kunne gøre det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2008-1237 - -

    georgi, tgirmann og Igor Bukanov opdagede nedbrud i - JavaScript-maskinen, hvilket kunne gøre det muligt at udføre - vilkårlig kode.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1574.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1575.wml b/danish/security/2008/dsa-1575.wml deleted file mode 100644 index a3222c2c43e..00000000000 --- a/danish/security/2008/dsa-1575.wml +++ /dev/null @@ -1,30 +0,0 @@ -lammelsesangreb - -

En sårbarhed er opdaget i Linux-kernen, hvilket kunne føre til et -lammelsesangreb (denial of service). Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2008-1669 - -

    Alexander Viro opdagede en race-tilstand i fcntl-koden, der måske - kunne gøre det muligt for lokale brugere på flerprocessorsystemer at udføre - parallelle kodestier, der ellers ikke var tilladt, samt opnå re-ordered - adgang til descriptor-tabellen.

    • - -
- -

I den stabile distribution (etch), er dette problem rettet i version -2.6.18.dfsg.1-18etch4.

- -

I den ustabile distribution(sid), er dette problem rettet i version -2.6.25-2.

- -

Vi anbefaler at du opgraderer dine Linux-2.6-, fai-kernels- og -user-mode-linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1575.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1576.wml b/danish/security/2008/dsa-1576.wml deleted file mode 100644 index 6bdaa19cc86..00000000000 --- a/danish/security/2008/dsa-1576.wml +++ /dev/null @@ -1,147 +0,0 @@ -forudsigelig generator af tilfældige tal - -

Den nyligt annoncerede sårbarhed i Debians openssl-pakke -(DSA-1571-1, -\ -CVE-2008-0166) påvirker indirekte OpenSSH. Som en følge deraf må alle -bruger- og værts-nøgler genereret ved hjælp af defekte versioner af -openssl-pakken betragtes som upålidelige, selv efter openssl-opdateringen er -foretaget.

- -

1. Installér sikkerhedsopdateringer

- -

Denne opdatering er afhænging af openssl-opdateringen og vil automatisk - installere en rettet version af pakken libssl0.9.8 og en ny pakke, - openssh-blacklist.

- -

Når opdateringen er udført, vil svage brugernøgler automatisk blive - afvist hvor det er muligt (dog kan man ikke identificere dem i alle - situationer). Hvis du anvender sådanne nøgler til brugerautentificering, - vil de omgående holde op med at virke og skal udskiftes (se trin 3).

- -

OpenSSH-værtsnøgler kan regenereres automatisk når - sikkerhedsopdateringen af OpenSSH udført. Opdateringen vil bede om en - bekræftelse, før dette trin udføres.

- -

2. Opdatér OpenSSH's known_hosts-filer

- -

Regenereringe af værtsnøgler vil forårsage at en advarsel vises, når - man forbinder sig til et system gennem SSH, indtil værtsnøglen er blevet - opdatering i filen known_hosts. Advarslen skulle se ud som følger:

- -
-@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
-@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
-Someone could be eavesdropping on you right now (man-in-the-middle attack)!
-It is also possible that the RSA host key has just been changed.
-
- -

I denne situtation er værtsnøglen blot blevet udskiftet, og du bør - opdatere de relevante known_hosts-filer, som angivet i fejlmeddelelsen. - Det anbefales at du anvender en pålidelig måde, at udskifte servernøglen - på. Den ligger i filen /etc/ssh/ssh_host_rsa_key.pub på serveren; det er - et fingeraftryk der kan udskrives med kommandoen:

- -

ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

- -

Ud over brugerspecifikke known_hosts-filer, kan der også være en fil - med kendte værter gældende for hele systemet, /etc/ssh/ssh_known_hosts. Denne - fil anvendes både af ssh-klienten og af sshd i deres hosts.equiv-funktionalitet. - Også denne fil skal opdateres.

- -

3. Kontrollér alle OpenSSH-brugernøgler

- -

Den sikreste fremgangsmåde er at regenerere alle OpenSSH-brugernøgler, - bortset fra hvor der med stor sandsynlighed er tale om en fil, der blev - genereret på et upåvirket system.

- -

Undersøg hvorvidt din nøgle er påvirket, ved at køre værktøjet - ssh-vulnkey, der er indeholdt i sikkerhedsopdateringen. Som standard vil - ssh-vulnkey kigge i standardplaceringer for brugernøgler (~/.ssh/id_rsa, - ~/.ssh/id_dsa og ~/.ssh/identity), din authorized_keys-fil - (~/.ssh/authorized_keys og ~/.ssh/authorized_keys2) samt systemets - værtsnøgler (/etc/ssh/ssh_host_dsa_key og /etc/ssh/ssh_host_rsa_key).

- -

For at kontrollére alle dine egne nøgler, forudsat at de befinder sig i - standardplaceringerne (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity):

- -

ssh-vulnkey

- -

For at kontrollere alle nøgler på dit system:

- -

sudo ssh-vulnkey -a

- -

For at kontrollere en nøgle i en ikke-standardplacering:

- -

ssh-vulnkey /path/to/key

- -

Hvis ssh-vulnkey siger "Unknown (no blacklist information)", så har det - ingen oplysninger om hvorvidt den pågældende nøgle er påvirket eller ej. I - denne situation kan du undersøge filens ændringstidspunkt (mtime) med - "ls -l". Nøgler genereret før september 2006 er ikke påvirket. Vær - opmærksom på, at selv om det er usandsynligt, kan - sikkerhedskopieringsprocedurer have ændret filens dato længere tilbage i - tiden (eller systemuret kan have været indstillet forkert). - Hvis du er i tvivl, så generér en ny nøgle og fjern den gamle fra alle - servere.

- -

4. Regenerér alle påvirkede brugernøgler

- -

OpenSSH-nøgler anvendt til brugerautentificering skal regenereres manuelt, - heriblandt også dem, der siden kan være blevet overført til andre systemer, - efter de er blevet genereret.

- -

Nye nøgler kan genereres ved hjælp af ssh-keygen, fx:

- -
-   $ ssh-keygen
-   Generating public/private rsa key pair.
-   Enter file in which to save the key (/home/user/.ssh/id_rsa):
-   Enter passphrase (empty for no passphrase):
-   Enter same passphrase again:
-   Your identification has been saved in /home/user/.ssh/id_rsa.
-   Your public key has been saved in /home/user/.ssh/id_rsa.pub.
-   The key fingerprint is:
-   00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 user@host
-
- -

5. Opdatér authorized_keys-filer (om nødvendigt)

- -

Når dine brugernøgler er blevet regenereret, skal de relevante offentlige - nøgler overføres til alle authorized_keys-filer (og authorized_keys2-filer, - om nøvendigt) på fjerne systemer. Sørg for at slette linjerne indeholdende - gamle nøgler, fra disse filer.

- - -

Ud over forholdsreglerne over for tilfældighedssårbarheden, rettes der med -denne OpenSSH-opdatering også flere andre sårbarheder:

- -

CVE-2008-1483: - Timo Juhani Lindfors opdagede at, når man anvender X11-viderestilling, - vælger SSH-klienten en X11-viderestillingsport uden at sikre sig, at den kan - knyttes til alle adressefamilier. Hvis systemet er opsat med IPv6 (også selv - om det ikke har en fungerende IPv6-forbindelse), kunne dette gøre det muligt - for en lokal angriber på den fjerne server, at kapre X11-viderestillingen.

- -

CVE-2007-4752: - Jan Pechanec opdagede at ssh går tilbage til at oprette en betroet X11-cookie, - hvis oprettelsen af en ubetroet cookie går galt, potentielt gørende den lokale - skærm tilgængelig for en ondsindet fjern server, når X11-viderestilling - anvendes.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 4.3p2-9etch1. Pt. er kun en del af de understøttede arkitekturer -klar; efterfølgende opdateringer vil følge, når filerne er parate.

- -

I den ustabile distribution (sid) og i distributionen testing (lenny), er -disse problemer rettet i version 4.7p1-9.

- -

Vi anbefaler at du opgraderer dine openssh-pakker og tager de -forholdsregler, som er beskrevet herover.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1576.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1577.wml b/danish/security/2008/dsa-1577.wml deleted file mode 100644 index a4460b400ee..00000000000 --- a/danish/security/2008/dsa-1577.wml +++ /dev/null @@ -1,18 +0,0 @@ -usikre midlertidige filer - -

Stephen Gran og Mark Hymers opdagede at nogle skripter, der køres af GForge, -en samarbejdsudviklingsværktøj, åbner filer i skrivbar tilstand på en potentielt -usikker måde. Dette kunne udnyttes til at overskrive vilkårlige filer på det -lokale system.

- -

I den stabile distribution (etch), er dette problem rettet i version -4.5.14-22etch8.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din gforge-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1577.data" -#use wml::debian::translation-check translation="d9fdc7911d30dec8a421580b7df64ba3c920f6a1" mindelta="1" diff --git a/danish/security/2008/dsa-1578.wml b/danish/security/2008/dsa-1578.wml deleted file mode 100644 index a6cc1cbd918..00000000000 --- a/danish/security/2008/dsa-1578.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i PHP version 4, et serverside, HTML-indlejret -skriptsprog. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2007-3799 - -

    Funktionen session_start gjorde det muligt for fjernangribere at indsætte - vilkårlige attributter i sessions-cookien gennem særlige tegn i en cookie, - hentet fra forskellige parametre.

    • - -
  • CVE-2007-3806 - -

    Et lammelsesangreb (denial of service) var muligt gennem et ondsindet - skript, der misbrugte funktionen glob().

    • - -
  • CVE-2007-3998 - -

    Visse ondsindet fremstillede inddata til funktionen wordwrap() function - kunne føre til et lammelsesangreb.

    • - -
  • CVE-2007-4657 - -

    Store len-værdier fra funktionerne stspn() eller strcspn() kunne gøre det - muligt for en angriber at udløbe et heltalsoverløb, som afslørede hukommelse - eller forårsagede lammelsesangreb.

    • - -
  • CVE-2008-2051 - -

    API-funktionen escapeshellcmd kunne angribes gennem ukomplette - multibyte-tegn.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 6:4.4.4-8+etch6.

- -

php4-pakkerne findes ikke længere i den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer din php4-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1578.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1579.wml b/danish/security/2008/dsa-1579.wml deleted file mode 100644 index d1e6cf5905a..00000000000 --- a/danish/security/2008/dsa-1579.wml +++ /dev/null @@ -1,20 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

En sårbarhed blev opdaget i GIF-læsningsimplementeringen i netpbm-free, en -samling af billedmanipuleringsværktøjer. Utilstrækkelig fornuftighedskontrol -af inddata kunne gøre det muligt med en ondsindet fremstillet GIF-fil, at -få en stakbuffer til at løbe over, potentielt gørende det muligt at udføre -vilkårlig kode.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 2:10.0-11.1+etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2:10.0-11.1.

- -

Vi anbefaler at du opgraderer dine netpbm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1579.data" -#use wml::debian::translation-check translation="b86353bbcec0db93ce26f234fde5866c7eba3d4b" mindelta="1" diff --git a/danish/security/2008/dsa-1580.wml b/danish/security/2008/dsa-1580.wml deleted file mode 100644 index ce4b7c5d248..00000000000 --- a/danish/security/2008/dsa-1580.wml +++ /dev/null @@ -1,28 +0,0 @@ -programmeringsfejl - -

Man har opdaget at phpGedView, et program der giver onlineadgang til -genealogiske data, gjorde det muligt for fjernangribere at opnå -administratorrettigheder på grund af en programmeringsfejl.

- -

Bemærk: Dette problem skyldtes en fundamental designfejl i -grænsefladen (API), der forbinder phpGedView med eksterne programmer så som -content management-systemer. Det var kun muligt at løse problemet ved helt -at ændre API'et, hvilket ikke betragtes som passende i forbindelse med en -sikkerhedsopdatering. Da der er tale om perifære funktioner, der formentlig -ikke anvendes af størstedelen af pakkens brugere, blev det besluttet at fjerne -disse grænseflader. Hvis du ikke desto mindre har brug for grænsefladen, bør -du anvende en version af phpGedView tilbageført fra Debian lenny, der -indeholder det helt ændrede API.

- -

I den stabile distribution (etch), er dette problem rettet i version -4.0.2.dfsg-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.1.e+4.1.5-1.

- -

Vi anbefaler at du opgraderer din phpgedview-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1580.data" -#use wml::debian::translation-check translation="5ebc2f98567ab3dfb70f005c4a5a0caba5c1106b" mindelta="1" diff --git a/danish/security/2008/dsa-1581.wml b/danish/security/2008/dsa-1581.wml deleted file mode 100644 index b4233748c04..00000000000 --- a/danish/security/2008/dsa-1581.wml +++ /dev/null @@ -1,47 +0,0 @@ -flere sårbarheder - -

Flere fjernudbytbare sårbarheder er opdaget i GNUTLS, en implementering af -protokolsuiten SSL/TLS.

- -

Bemærk: Pakken libgnutls13, der leverer GNUTLS-biblioteket, indeholder ikke -logik til automatisk genstart af potentielt påvirkede tjenester. Du er nødt til -manuelt at genstarte påvirkede tjenester (primært Exim, vha. /etc/init.d/exim4 -restart) efter opdateringen er udført, for at ændringerne kan træde hele i -kraft. Alternativt kan du genstarte dit system.

- -

Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2008-1948 - -

    Et præ-autentifikations-heapoverløb i forbindelse med for stor - session resumption-data kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-1949 - -

    Gentagne klient-halloer kunne være til en - præ-autentifikations-lammelsesangrebstilstand (denial of service) på grund - af en null pointer-dereference.

    • - -
  • CVE-2008-1950 - -

    Dekoding af cipher-padding med en ugyldig recordlængde kunne måske - få GNUTLS til at læse hukommelse ud over slutningen af den modtagne record, - førende til en præ-autentifikations-lammelsesangrebstilstand.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.4.4-3+etch1. (Opbygninger til arkitekturen arm er pt. ikke tilgængelige og -vil blive frigivet senere.)

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine GNUTLS-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1581.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1582.wml b/danish/security/2008/dsa-1582.wml deleted file mode 100644 index 354ecc6ee26..00000000000 --- a/danish/security/2008/dsa-1582.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Nico Golde opdagede at PeerCast, en P2P-lyd og video-streaming server, var -sårbar over for et bufferoverløb i kode til HTTP Basic Authentication, hvilket -gjorde det muligt for en fjernangriber at crashe PeerCast eller udføre vilkårlig -kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.1217.toots.20060314-1etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.1218+svn20080104-1.1.

- -

Vi anbefaler at du opgraderer din peercast-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1582.data" -#use wml::debian::translation-check translation="b8c3c0654810b05c68089b0a421694fe2c65b9cf" mindelta="1" diff --git a/danish/security/2008/dsa-1583.wml b/danish/security/2008/dsa-1583.wml deleted file mode 100644 index a5cb89e07d9..00000000000 --- a/danish/security/2008/dsa-1583.wml +++ /dev/null @@ -1,35 +0,0 @@ -bufferoverløb - -

Flere fjernudnytbare sårbarheder er opdaget i GNOME PeerCast, GNOMEs -grænseflade til PeerCast, en P2P-lyd og video-streaming server. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-6454 - -

    Luigi Auriemma opdagede at PeerCast var sårbar over for et heapoverløb i - HTTP-serverkoden, hvilket gjorde det muligt for fjernangribere at forårsage - et lammelsesangreb (denial of service) og muligvis udføre vilkårlig kode - gennem en lang SOURCE-forespørgsel.

    • - -
  • CVE-2008-2040 - -

    Nico Golde opdagede at PeerCast, en P2P-lyd og video-streaming server, - var sårbar over for et bufferoverløb i kode til HTTP Basic Authentication, - hvilket gjorde det muligt for en fjernangriber at crashe PeerCast eller - udføre vilkårlig kode.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.5.4-1.1etch0.

- -

gnome-peercast er fjernet fra den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer din gnome-peercast-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1583.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1584.wml b/danish/security/2008/dsa-1584.wml deleted file mode 100644 index 60a038b8863..00000000000 --- a/danish/security/2008/dsa-1584.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Man opdagede at libfishsound, et simpelt programmeringsinterface der -indpakker Xiph.Org-audiocodecs, ikke på korrekt vis håndterede negative værdier -i et bestemt headerfelt. Dette kunne gøre det muligt for ondsindede filer at -udføre vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.7.0-2etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.7.0-2.2.

- -

Vi anbefaler at du opgraderer din libfishsound-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1584.data" -#use wml::debian::translation-check translation="5d07b92a3effa045fd524ad0fd28fc57fa84e2fe" mindelta="1" diff --git a/danish/security/2008/dsa-1585.wml b/danish/security/2008/dsa-1585.wml deleted file mode 100644 index edcdd4385f6..00000000000 --- a/danish/security/2008/dsa-1585.wml +++ /dev/null @@ -1,15 +0,0 @@ -heltalsoverløb - -

Man opdagede at speex, Speex-codec-kommandolinjeværktøjer, ikke på korrekt -vis håndterede negative offset i et bestemt headerfelt. Dette kunne gøre det -muligt for en ondsindet fil at udføre vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.1.12-3etch1.

- -

Vi anbefaler at du opgraderer din speex-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1585.data" -#use wml::debian::translation-check translation="589149960cb0989bd719ffaabd07bc6c7024a67e" mindelta="1" diff --git a/danish/security/2008/dsa-1586.wml b/danish/security/2008/dsa-1586.wml deleted file mode 100644 index 985b23454a6..00000000000 --- a/danish/security/2008/dsa-1586.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i xine-lib, et bibliotek der leverer det meste -af applikationsfunktionaliteten i multimediaafspilleren xine. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende tre problemer:

- -
    - -
  • CVE-2008-1482 - -

    Heltalsoverløbssårbarheder fandtes i xines FLV-, QuickTime-, RealMedia-, - MVE- og CAK-demuxere, for uden EBML-fortolkeren der anvendes af - Matroska-demuxeren. Disse svagheder gjorde det muligt for en angriber at - få heapbuffere til at løbe over, og potentielt udføre vilkårlig kode ved at - levere en ondsindet fremstillet fil af disse typer.

    • - -
  • CVE-2008-1686 - -

    Utilstrækkelig fornuftighedskontrol af inddata i Speex-implementeringen - anvendt af denne version af xine, gjorde det muligt at tilgå ugyldige - arrays og udføre vilkårlig kode ved at levere en ondsindet fremstillet - Speex-fil.

    • - -
  • CVE-2008-1878 - -

    Utilstrækkelig grænsekontrol i NES Sound Format-demuxeren (NSF) gjorde - det muligt at iværksætte stakbufferoverløb og udføre vilkårlig kode gennem - en ondsindet fremstillet NSF-fil.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.1.2+dfsg-7.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.1.12-2.

- -

Vi anbefaler at du opgraderer dine xine-lib-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1586.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1587.wml b/danish/security/2008/dsa-1587.wml deleted file mode 100644 index 876cf301740..00000000000 --- a/danish/security/2008/dsa-1587.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Adam Zabrocki opdagede at under visse omstændigheder kunne mtr, et -fuldskærms-ncurses og X11-tracerouteværktøj, narres til at udføre vilkårlig kode -gennem alt for lange reverse DNS-records.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.71-2etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.73-1.

- -

Vi anbefaler at du opgraderer din mtr-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1587.data" -#use wml::debian::translation-check translation="170b56b707e5c9505fb62bfe3e2ebe397be8ea20" mindelta="1" diff --git a/danish/security/2008/dsa-1588.wml b/danish/security/2008/dsa-1588.wml deleted file mode 100644 index 23048b69327..00000000000 --- a/danish/security/2008/dsa-1588.wml +++ /dev/null @@ -1,51 +0,0 @@ -lammelsesangreb - -

Flere sårbarheder er opdaget i Linux-kernen, som kunne føre til -lammelsesangreb (denial of service). Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-6712 - -

    Johannes Bauer opdagede en heltalsoverløbstilstand i undersystemet - hrtimer på 64 bit-systemer. Dette kunne udnyttes af lokale brugere til at - udløse et lammelsesangreb (DoS) ved at få kernen til at udføre en uendelig - løkke.

    • - -
  • CVE-2008-1615 - -

    Jan Kratochvil rapporterede om en lokal lammelsesangrebstilstand, der - gjorde det muligt for lokale brugere på systemer, der kører amd64-udgaven - af kernen, at forårsage et systemnedbrud.

    • - -
  • CVE-2008-2136 - -

    Paul Harks opdagede en hukommelseslækage i Simple Internet - Transition-koden (SIT) der anvendes i IPv6 over IPv4-tunneller. Dette - kunne udnyttes af fjernangribere til at forårsage en - lammelsesangrebstilstand.

    • - -
  • CVE-2008-2137 - -

    David Miller og Jan Lieskovsky opdagede problemer med kontrollen af - virtuelle adressespænd i mmaped-regioner på sparc-arkitekturen, hvilket - kunne udnyttes af lokale brugere til at forårsage et - lammelsesangreb.

    • - -
- -

I den stabile distribution (etch), er dette problem rettet i version -2.6.18.dfsg.1-18etch5.

- -

Opbygninger til linux-2.6/s390 og fai-kernels/powerpc var ikke tilgængelige -da denne bulletin blev udsendt. Bulletinen vil blive opdateret når disse -opbygninger bliver tilgængelige.

- -

Vi anbefaler at du opgraderer dine linux-2.6-, fai-kernels- og -user-mode-linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1588.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1589.wml b/danish/security/2008/dsa-1589.wml deleted file mode 100644 index 2d6412fffd9..00000000000 --- a/danish/security/2008/dsa-1589.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Man har opdaget at libxslt, et XSLT-behandlende runtime-bibliotek, kunne -blive tvunget til at udføre vilkårlig kode gennem et bufferoverløb, når en -XSL-stylesheet-fil med en lang XSLT "transformation match"-tilstand medførte -et stort antal trin.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.1.19-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.24-1.

- -

Vi anbefaler at du opgraderer din libxslt-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1589.data" -#use wml::debian::translation-check translation="252420096b6b515c772416f5f846097b363cd7d1" mindelta="1" diff --git a/danish/security/2008/dsa-1590.wml b/danish/security/2008/dsa-1590.wml deleted file mode 100644 index 8ef0b9fc200..00000000000 --- a/danish/security/2008/dsa-1590.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Alin Rad Pop opdagede at Samba indeholdt en bufferoverløbstilstand, når den -behandlede visse svar modtaget mens den fungerede som en klient, førende til -udførelse af vilkårlig kode -(CVE-2008-1105).

- -

I den stabile distribution (etch), er dette problem rettet i version -3.0.24-6etch10.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.0.30-1.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1590.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1591.wml b/danish/security/2008/dsa-1591.wml deleted file mode 100644 index 291127dd6dd..00000000000 --- a/danish/security/2008/dsa-1591.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Flere lokale (fjerne) sårbarheder er opdaget i libvorbis, et bibliotek til -Vorbis' komprimerede audiocodecs til generelle formål. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2008-1419 - -

    libvorbis håndterer ikke på korrekt vis nulværdier, hvilket gjorde det - muligt for fjernangribere at forårsage et lammelsesangreb (denial of - service, crash eller uendelig løkke) eller udløse et - heltalsoverløb.

    • - -
  • CVE-2008-1420 - -

    Heltalsoverløb i libvorbis gjorde det muligt for angribere at udføre - vilkårlig kode gennem en fremstillet OGG-fil, hvilket udløste et - heapoverløb.

    • - -
  • CVE-2008-1423 - -

    Heltalsoverløb i libvorbis gjorde det muligt at forårsage et - lammelsesangreb (crash) eller udføre vilkårlig kode gennem en - fremstillet OGG-fil, hvilket udløste et heapoverløb.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -1.1.2.dfsg-1.4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.2.0.dfsg-3.1.

- -

Vi anbefaler at du opgraderer din libvorbis-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1591.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1592.wml b/danish/security/2008/dsa-1592.wml deleted file mode 100644 index b81985eef0b..00000000000 --- a/danish/security/2008/dsa-1592.wml +++ /dev/null @@ -1,37 +0,0 @@ -heapoverløb - -

To sårbarheder er opdaget i Linux-kernen, hvilket kunne føre til -lammelsesangreb (denial of service) eller udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2008-1673 - -

    Wei Wang fra McAfee rapporterede om et potentielt heapoverløb i - ASN.1-dekodningskoden, som anvendes af undersystemerne SNMP NAT og CIFS. - Udnyttelse af dette problem kunne føre til udførelse af vilkårlig kode. - Problemet menes ikke at være udnytbart med den præ-opbyggede kerneaftry, der - leveres af Debian, men det kan være et problem med skræddersyede kerneaftryk - opbygget ved hjælp af den kildekodepakke, der leveres af Debian.

    • - -
  • CVE-2008-2358 - -

    Brandon Edwards fra McAfee Avert Labs opdagede et problem i - DCCP-undersystemet. På grund af manglende kontrol af feature-længden, var - det muligt at forårsage et overløb, der kunne medføre i fjernudførelse af - vilkårlig kode.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.6.18.dfsg.1-18etch6.

- -

Vi anbefaler at du opgraderer din linux-2.6-, fai-kernels-, og -user-mode-linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1592.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1593.wml b/danish/security/2008/dsa-1593.wml deleted file mode 100644 index b6f561c5648..00000000000 --- a/danish/security/2008/dsa-1593.wml +++ /dev/null @@ -1,18 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget at webapplikationen Host Manager udførte utilstrækkelig -fornuftighedskontrol på inddata, hvilket kunne føre til udførelse af skripter på -tværs af websteder.

- -

I den stabile distribution (etch), er dette problem rettet i -version 5.5.20-2etch3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.5.26-3.

- -

Vi anbefaler at du opgraderer dine tomcat5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1593.data" -#use wml::debian::translation-check translation="edf113caf4e556d8eeee774f8c263f106024503e" mindelta="1" diff --git a/danish/security/2008/dsa-1594.wml b/danish/security/2008/dsa-1594.wml deleted file mode 100644 index 9b1bdb13072..00000000000 --- a/danish/security/2008/dsa-1594.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Stefan Cornelius opdagede to bufferoverløb i Imlibs - et ydedygtigt -billedindlæsnings- og -fortolkningsbibliotek - billedindlæsere til PNM- og -XPM-billeder, hvilket kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.3.0.0debian1-4+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.0-1.1.

- -

Vi anbefaler at du opgraderer din imlib2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1594.data" -#use wml::debian::translation-check translation="1b8b53f85dc5d7a0bbe8723a6e5b8c6ed6ce7287" mindelta="1" diff --git a/danish/security/2008/dsa-1595.wml b/danish/security/2008/dsa-1595.wml deleted file mode 100644 index decf95a7bf0..00000000000 --- a/danish/security/2008/dsa-1595.wml +++ /dev/null @@ -1,58 +0,0 @@ -flere sårbarheder - -

Flere lokale sårbarheder er opdaget i X Window System. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2008-1377 - -

    Manglende kontrol af parametrene til funktionerne - SProcSecurityGenerateAuthorization og SProcRecordCreateContext gjorde det - muligt for en særligt fremstillet forespørgsel, at udløse swapning af bytes - uden for for parameteret til disse forespørgsler, forårsagende - hukommelseskorruption.

    • - -
  • CVE-2008-1379 - -

    Et heltalsoverløb i valideringen af parametrene til forespørgslen - ShmPutImage(), gjorde det muligt at udløse kopiering af vilkårlig - serverhukommelses til et pixmap, der efterfølgende kunne læses af klienten, - til læsning af vilkårlige dele af X-serverens hukommelsesområde.

    • - -
  • CVE-2008-2360 - -

    Et heltalsoverløb kunne opstå i beregningen af størrelsen på den glyph, - der allokeres af funktionen AllocateGlyph(), hvilket forårsagede at mindre - hukommelse end forventet, blev allokeret, senere førende til - heapoverløb.

    • - -
  • CVE-2008-2361 - -

    Et heltalsoverløb kunne opstå i beregningen af størrelsen på den glyph, - der allokeres af funktionen ProcRenderCreateCursor(), hvilket forårsagede - at mindre hukommelse end forventet, blev allokeret, senere førende til - dereferenceret ikke-mappet hukommelse, forårsagende at X-serveren gik - ned.

    • - -
  • CVE-2008-2362 - -

    Heltalsoverløb kunne også optræde i koden, der validerer parametrerne - til funktionen SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient - og SProcRenderCreateConicalGradient, førende til hukommelseskorruption ved - swapning af bytes uden for de tiltænkte forespørgselsparametre.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -2:1.1.1-21etch5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2:1.4.1~git20080517-2.

- -

Vi anbefaler at du opgraderer din xorg-server-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1595.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1596.wml b/danish/security/2008/dsa-1596.wml deleted file mode 100644 index 0defc5c37a6..00000000000 --- a/danish/security/2008/dsa-1596.wml +++ /dev/null @@ -1,25 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i indholdsbehandlingsframeworket -TYPO3.

- -

På grund af ikke tilstrækkeligt sikre standardværdier i TYPO3s -opsætningsvariabel fileDenyPattern, kunne autentificerede backend-brugere -uploade filer, der gjorde det muligt at udføre kode som webserver-brugeren.

- -

Brugerinddata behandlet af fe_adminlib.inc blev ikke filtreret på korrekt -vis for at forhindre udførelse af skripter på tværs af websteder-angreb (XSS), -hvilket blev muligt når visse specifikke plugins anvendtes.

- -

I den stabile distribution (etch), er disse problemer rettet i version -4.0.2+debian-5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.1.7-1.

- -

Vi anbefaler at du opgraderer din typo3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1596.data" -#use wml::debian::translation-check translation="1b8b53f85dc5d7a0bbe8723a6e5b8c6ed6ce7287" mindelta="1" diff --git a/danish/security/2008/dsa-1597.wml b/danish/security/2008/dsa-1597.wml deleted file mode 100644 index 67d317c152c..00000000000 --- a/danish/security/2008/dsa-1597.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Tre sårbarheder er opdaget i audioserveren mt-daapd DAAP (også kendt som -Firefly Media Server). Projektet Common Vulnerabilities and Exposures har -fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-5824 - -

    Utilstrækkelig validering og grænsekontrol af HTTP-headeren Authorization: - muliggjorde et heap-bufferoverløb, potentielt gørende det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2007-5825 - -

    Formatstrengssårbarheder i debug-logningen i autentifikationen af - XML-RPC-forespørgsler, kunne muliggøre udførelse af vilkårlig kode.

    • - -
  • CVE-2008-1771 - -

    En heltalsoverløbssårbarhed i håndteringen af HTTP POST-variable kunne - muliggøre et heap-bufferoverløb og potentielt udførelse af vilkårlig - kode.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.2.4+r1376-1.1+etch2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.9~r1696-1.4.

- -

Vi anbefaler at du opgraderer din mt-daapd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1597.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1598.wml b/danish/security/2008/dsa-1598.wml deleted file mode 100644 index 238bd9d65ec..00000000000 --- a/danish/security/2008/dsa-1598.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Man har opdaget et bufferoverløb i GIF-billedfortolkningskode i Tk, en -grafisk værktøjssamling fungerende på tværs af platforme, hvilket kunne føre -til lammelsesangreb (denial of service) og potentielt udførelse af vilkårlig -kode.

- -

I den stabile distribution (etch), er dette problem rettet i version -1:1.3-15etch2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.3-release-7.

- -

Vi anbefaler at du opgraderer din libtk-img-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1598.data" -#use wml::debian::translation-check translation="e9f5798e72f3ba88a4736d8983d1e394dca842fa" mindelta="1" diff --git a/danish/security/2008/dsa-1599.wml b/danish/security/2008/dsa-1599.wml deleted file mode 100644 index 90da2ee9e86..00000000000 --- a/danish/security/2008/dsa-1599.wml +++ /dev/null @@ -1,18 +0,0 @@ -programmeringsfejl - -

Havoc Pennington opdagede at DBus, et simpelt interprocesmeddelelsessystem, -udførte utilstrækkelig kontrol af sikkerhedsregler, hvilket måske kunne -muliggøre lokal rettighedsforøgelse.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.0.2-1+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.20-1.

- -

Vi anbefaler at du opgraderer dine dbus-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1599.data" -#use wml::debian::translation-check translation="0788c0584b6d9bd4567ae254e7e0b076042020a2" mindelta="1" diff --git a/danish/security/2008/dsa-1600.wml b/danish/security/2008/dsa-1600.wml deleted file mode 100644 index 268ac45a451..00000000000 --- a/danish/security/2008/dsa-1600.wml +++ /dev/null @@ -1,17 +0,0 @@ -lammelsesangreb - -

Man har opdaget at sympa, et moderne postlistehåndteringsprogram, gik ned ved -behandling af visse former for misdannede meddelelser.

- -

I den stabile distribution (etch), er dette problem rettet i version -5.2.3-1.2+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.3.4-4.

- -

Vi anbefaler at du opgraderer din sympa-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1600.data" -#use wml::debian::translation-check translation="995698b1afb7c4734bfa84779c159e3fb0b9c98f" mindelta="1" diff --git a/danish/security/2008/dsa-1601.wml b/danish/security/2008/dsa-1601.wml deleted file mode 100644 index 3263fda5d33..00000000000 --- a/danish/security/2008/dsa-1601.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Wordpress, et weblogprogram. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2007-1599 - -

    WordPress gjorde det muligt for fjernangribere at omdirigere - autentificerede brugere til andre websteder og potentielt få adgang til - følsomme oplysninger.

    • - -
  • CVE-2008-0664 - -

    XML-RPC-implementeringen, når registrering er aktiveret, gjorde det - muligt for fjernangribere at redigere indlæg fra andre - blog-brugere.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.0.10-1etch3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.3.3-1.

- -

Vi anbefaler at du opgraderer din wordpress-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1601.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1602.wml b/danish/security/2008/dsa-1602.wml deleted file mode 100644 index cf55aa3a203..00000000000 --- a/danish/security/2008/dsa-1602.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Tavis Ormandy opdagede at PCRE, biblioteket Perl-Compatible Regular -Expression, kunne løbe ind i en heapoverløbstilstand når der blev kompilet -visse regulære udtryk som invovlerede in-pattern-valgmuligheder og -forgreninger, potentielt førende til udførelse af vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 6.7+7.4-4.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine pcre3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1602.data" -#use wml::debian::translation-check translation="016e35a65fe043180bbd22ed0c9455532edc6853" mindelta="1" diff --git a/danish/security/2008/dsa-1603.wml b/danish/security/2008/dsa-1603.wml deleted file mode 100644 index b86cd5c50a6..00000000000 --- a/danish/security/2008/dsa-1603.wml +++ /dev/null @@ -1,76 +0,0 @@ -DNS-cacheforgiftning - - -

Dan Kaminsky opdagede at medfødte egenskaber i DNS-protokollen kunne føre til -effektive DNS-cacheforgiftningsangreb. Blandt andre kunne succesrige angreb -føre til fejldirigeret webtrafik og e-mail-omdirigering.

- -

Denne opdatering ændrer Debians BIND 9-pakker for at implementere de -anbefalede modforholdsregler: Randomnisering af UDP-forespørgselskildeport. -Ændringen forøger størrelsen på det område, en angriber skal gætte værdier i, -på en bagudkompatibel måde og gør succesrige angreb betydeligt sværere.

- -

Bemærk at denne sikkerhedsopdatering ændrer BINDs netværksvirkemåde på en -fundamental måde, og følgende trin anbefales for at sikre en problemfri -opgradering.

- -

1. Forvis dig om, at din netværksopsætning er kompatibel med -kildeportsrandomnisering. Hvis du beskytter din DNS-opløser (resolver) -med et stateless pakkefilter, kan det være nødvendigt for dig at sikre, -at ingen ikke-DNS-tjenester lytter til UDP-portene mellem 1024 og 65535, samt -at åbne for det i pakkefilteret. Pakkefiltre, der er eksempelvis er baseret -på etchs Linux 2.6.18-kerne, understøtter kun stateless filtrering af -IPv6-pakker, og er derfor ramt af dette ekstra problem. (Hvis du anvender IPv4 -med iptables og ESTABLISHED-regler, vil netværksændringer formentlig ikke være -nødvendige.)

- -

2. Installér BIND 9-opgraderingen ved hjælp af apt-get update -efterfulgt af apt-get install bind9. Kontroller at processen named er -blevet genstartet og svarer på rekursive forespørgsler. (Hvis alle -forespørgsler giver timeouts, er det en indikation af at netværksændringer er -påkrævede; se trin et.)

- -

3. Kontrollér at kildeportrandomnisering er aktiveret. Forvis dig om at -filen /var/log/daemon.log ikke indeholder meddelelser med følgende udseende

- - 
named[6106]: /etc/bind/named.conf.options:28: using specific query-source port suppresses port randomization and can be insecure.
- -

lige efter meddelelserne listening on IPv6 interface og listening -on IPv4 interface, logget af BIND ved programstart. Hvis disse meddelelser -er til stede, bør du fjerne den angivne linje fra opsætningen eller erstatte -portnumre i dem med *-tegnet (udskift fx port 53 med -port *).

- -

For yderligere vished, brug tcpdump eller et andet -netværksovervågningsværktøj for at undersøge om der er skiftende UDP-kildeporte. -Hvis der er en NAT-enhed foran din DNS-opløser, skal du sikre dig at den ikke -annullerer effekten af kildeportsrandomniseringen.

- -

4. Hvis du ikke kan aktivere kildeportsrandomnisering, så overvej at opsætte -BIND 9 til at sende forespørgsler videre til en DNS-opløser, der kan, eventuelt -over en VPN så som OpenVPN, for at oprette det nødvendige betroede netværkslink. -(Brug BIND's forward-only-tilstand i denne situation.)

- -

Andre caching-opløsere, der distribueres af Debian (PowerDNS, MaraDNS, -Unbound) anvender allerede kildeportsrandomnisering, og det er ikke nødvendigt -at opdatere pakkerne. BIND 9.5 op til og med version 1:9.5.0.dfsg-4 -implementerer kun en svag form for kildeportsrandomnisering og skal derfor -også opdateres. For oplysninger om BIND 8 se DSA-1604-1, -og for status på libcs stub-opløser se DSA-1605-1.

- -

De opdaterede bind9-pakker indeholder ændringer oprindelig planlagt til den -næste stabile punktopdatering, deriblandt den ændrede IP-adresse for -L.ROOT-SERVERS.NET (Debian-fejl nummer \ -449148).

- -

I den stabile distribution (etch), er dette problem rettet i -version 9.3.4-2etch3.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din bind9-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1603.data" -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" mindelta="1" diff --git a/danish/security/2008/dsa-1604.wml b/danish/security/2008/dsa-1604.wml deleted file mode 100644 index 2b91da79699..00000000000 --- a/danish/security/2008/dsa-1604.wml +++ /dev/null @@ -1,32 +0,0 @@ -DNS-cacheforgiftning - - -

Dan Kaminsky opdagede at medfødte egenskaber i DNS-protokollen kunne føre til -effektive DNS-cacheforgiftningsangreb. Blandt andre kunne succesrige angreb -føre til fejldirigeret webtrafik og e-mail-omdirigering.

- -

Den gamle BIND 8-kodebase kunne ikke opdateres med de anbefalede -modforholdsregler (kildeportsrandomnisering, se \ -DSA-1603-1 for flere oplysninger). Der er to måder at løse problemet -på:

- -

1. Opgradér til BIND 9 (eller en anden implementering med -kildeportsrandomnisering). Dokumentationen, der følger med BIND 9, indeholder -en migreringsvejledning.

- -

2. Opsæt BIND 8-opløseren (resolver) til at videresende forespørgsler -til en BIND 9-opløser. Forudsat at netværket mellem begge opløsere er betroet, -beskytte dette BIND 8-opløseren fra cacheforgiftningsangreb (med samme grad af -sikkerhed, som BIND 9-opløseren har).

- -

Problemet gælder ikke BIND 8, hvis programmet udelukkende som en -autoritativ DNS-server. Det er teoretisk muligt, på denne måde at anvende BIND -8 på en sikker måde, men opdatering til BIND 9 anbefales kraftigt. BIND 8 -(altså bind-pakken) vil blive fjernet fra distributionen etch i en fremtidig -punktopdatering.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1604.data" -#use wml::debian::translation-check translation="e9bafcd753e828e83ea8a21cadc900565a610f85" mindelta="1" diff --git a/danish/security/2008/dsa-1605.wml b/danish/security/2008/dsa-1605.wml deleted file mode 100644 index 96b765fd154..00000000000 --- a/danish/security/2008/dsa-1605.wml +++ /dev/null @@ -1,29 +0,0 @@ -DNS-cacheforgiftning - - -

Dan Kaminsky opdagede at medfødte egenskaber i DNS-protokollen kunne føre til -effektive DNS-cacheforgiftningsangreb. Blandt andre kunne succesrige angreb -føre til fejldirigeret webtrafik og e-mail-omdirigering.

- -

I øjeblikket er det ikke muligt at implementere de anbefalede -modforholdsregler i GNU libcs stub-opløser (resolver). Følgende -omgåelser af problemet er tilgængelige:

- -

1. Installér en lokal BIND 9-opløser på værtsmaskinen, om muligt i -forward-only-tilstand. BIND 9 vil da anvende kildeportsrandomnisering, når -der sendes forespørgsler over netværket. (Andre cachingopløsere kan anvendes -i stedet.)

- -

2. Vær afhænging af beskyttelse mod IP-adresseforfalskning, hvis det er -tilgængeligt. Succesrige angreb forfalsker adressen på en af opløserne, hvilket -måske ikke er muligt, hvis netværket i korrekt beskyttet mod -IP-forfalskningsangreb (både fra interne og eksterne kilder).

- -

Denne DSA til blive opdateret med rettelser til hærdning af stub-opløseren, -når de bliver tilgængelige.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1605.data" -#use wml::debian::translation-check translation="4651d2e3c74ce0bda82ca3934b94516bb3d1a40c" mindelta="1" diff --git a/danish/security/2008/dsa-1606.wml b/danish/security/2008/dsa-1606.wml deleted file mode 100644 index 459cf37a22d..00000000000 --- a/danish/security/2008/dsa-1606.wml +++ /dev/null @@ -1,19 +0,0 @@ -programmeringsfejl - -

Man har opdaget at poppler, et PDF-præsentationsbibliotek, ikke på korrekt -vis håndterede indlejerede skrifttyper i PDF-filer, hvilket gjorde det muligt -for angribere at udføre vilkårlig kode gennem et fremstillet -skrifttype-objekt.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.4.5-5.1etch3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.8.0-1.

- -

Vi anbefaler at du opgraderer din poppler-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1606.data" -#use wml::debian::translation-check translation="bb1b216d76dd84ea5d77816919368ed4ec9bf371" mindelta="1" diff --git a/danish/security/2008/dsa-1607.wml b/danish/security/2008/dsa-1607.wml deleted file mode 100644 index 6addd00723a..00000000000 --- a/danish/security/2008/dsa-1607.wml +++ /dev/null @@ -1,85 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webbrowseren Iceweasel, en -version af browseren Firefox. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2008-2798 - -

    Devon Hubbard, Jesse Ruderman og Martijn Wargers opdagede nedbrud i - layoutmaskinen, hvilket kunne tillade udførelse af vilkårlig kode.

    • - -
  • CVE-2008-2799 - -

    Igor Bukanov, Jesse Ruderman og Gary Kwong opdagede nedbrud i - JavaScript-maskinen, hvilket kunne tillade udførelse af vilkårlig - kode.

    • - -
  • CVE-2008-2800 - -

    moz_bug_r_a4 opdagede flere sårbarheder i forbindelse med - udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2008-2801 - -

    Collin Jackson og Adam Barth opdagede at JavaScript-kode kunne udføre i - signerede JAR-arkivers kontekst.

    • - -
  • CVE-2008-2802 - -

    moz_bug_r_a4 opdagede at XML-dokumenter kunne forøge rettigheder - ved at tilgå prækompilerede "fastload"-filer.

    • - -
  • CVE-2008-2803 - -

    moz_bug_r_a4 opdagede at manglende fornuftighedskontrol af inddata - i funktionen mozIJSSubScriptLoader.loadSubScript() kunne føre til udførelse - af vilkårlig kode. Iceweasel selv er ikke påvirket, men det er nogle - addon-programmer.

    • - -
  • CVE-2008-2805 - -

    Claudio Santambrogio opdagede at manglende adgangskontrol i - DOM-fortolkning gjorde det muligt for ondsindede websteder at tvinge - browseren til at uploade lokale filer til serveren, hvilket kunne medføre - informationsafsløring.

    • - -
  • CVE-2008-2807 - -

    Daniel Glazman opdagede at en programmeringsfejl i koden til fortolkning - af .properties-filer kunne føre til at hukommelsesindhold blev gjort - tilgængelig for addon-programmer, hvilket kunne føre til - informationsafsløring.

    • - -
  • CVE-2008-2808 - -

    Masahiro Yamada opdagede at fil-URL'er i mappelister ikke på tilstrækkelig - vis var indkapslet.

    • - -
  • CVE-2008-2809 - -

    John G. Myers, Frank Benkstein og Nils Toedtmann opdagede at alternative - navne på selvsignerede certifikater blev håndteret på utilstrækkelig vis, - hvilket kunne føre til forfalskning af sikre forbindelser.

    • - -
  • CVE-2008-2811 - -

    Greg McManus opdagede et nedbrud i block-reflow-koden, hvilket kunne gøre - det muligt at udføre vilkårlig kode.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.0.0.15-0etch1.

- -

Iceweasel fra den ustabile distribution (sid) linker dynamisk mod -biblioteket xulrunner.

- -

Vi anbefaler at du opgraderer din iceweasel-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1607.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1608.wml b/danish/security/2008/dsa-1608.wml deleted file mode 100644 index 26e19580ccc..00000000000 --- a/danish/security/2008/dsa-1608.wml +++ /dev/null @@ -1,25 +0,0 @@ -autorisationsomgåelse - -

Sergei Golubchik opdagede at MySQL, en meget anvendt databaseserver, ikke på -korrekt vis validerede valgfrie data- eller index-mappestier angivet i et -CREATE TABLE-statement, ejheller forhindrede den (under visse omstændigheder) to -databaser i at anvende den samme sti til data- og index-filer. Dette gjorde det -muligt for autentificerede brugere med rettigheder til at oprette tabeller i en -database, at læse, skrive eller slette data fra tabeller efterfølgende oprettet i -andre databaser, uafhængigt af andre GRANT-rettigheder. Projektet Common -Vulnerabilities and Exposures identificerer problemet som -\ -CVE-2008-2079.

- -

I den stabile distribution (etch), er dette problem rettet i -version 5.0.32-7etch6. Bemærk at rettelsen har den konsekvens, at det ikke er -tilladt at vælge data- eller index-stier under databaseroden, hvilket på et -Debian-system er /var/lib/mysql; databaseadministratorer der har behov for at -kontrollere placeringen af filerne på dette sted, skal gøre det på anden vis.

- -

Vi anbefaler at du opgraderer dine mysql-dfsg-5.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1608.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1609.wml b/danish/security/2008/dsa-1609.wml deleted file mode 100644 index 5b694948656..00000000000 --- a/danish/security/2008/dsa-1609.wml +++ /dev/null @@ -1,36 +0,0 @@ -forskellige - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i lighttpd, en hurtig -webserver med minimalt hukommelsesforbrug.

- -

Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2008-0983 -

    lighttpd 1.4.18, og muligvis andre version før 1.5.0, beregnede ikke på - korrekt vis størrelsen på et fildescriptorarray, hvilket gjorde det muligt for - fjernangribere at forårsage lammelsesangreb (denial of service, crash) gennem - et stort antal forbindelser, hvilket udløste tilgang uden for grænserne.

    • - -
  • CVE-2007-3948 -

    connections.c i lighttpd før 1.4.16 kunne måske acceptere flere - forbindelser, end det opsatte maksimum, hvilket gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (mislykket assertion) gennem et - stort antal forbindelser.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.4.13-4etch9.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.4.18-2.

- -

Vi anbefaler at du opgraderer din lighttpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1609.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1610.wml b/danish/security/2008/dsa-1610.wml deleted file mode 100644 index d3e7ffeed07..00000000000 --- a/danish/security/2008/dsa-1610.wml +++ /dev/null @@ -1,17 +0,0 @@ -heltalsoverløb - -

Man har opdaget at gaim, et chatprogram der understøtter flere protokoller, -var sårbar over for flere heltalsoverløb i sin MSN-protokolhåndtering. Dette -kunne gøre det muligt for en fjernangriber at udføre vilkårlig kode.

- -

I den stabile distribution (etch) er dette problem rettet i version -1:2.0.0+beta5-10etch1.

- -

I den ustabile distribution (sid) findes denne pakke ikke.

- -

Vi anbefaler at du opgraderer din gaim-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1610.data" -#use wml::debian::translation-check translation="beff16d80bfcadabfc5c51dac98a278efa6db7e3" mindelta="1" diff --git a/danish/security/2008/dsa-1611.wml b/danish/security/2008/dsa-1611.wml deleted file mode 100644 index 3950cbfd998..00000000000 --- a/danish/security/2008/dsa-1611.wml +++ /dev/null @@ -1,19 +0,0 @@ -rettighedsforøgelse - -

Anders Kaseorg opdagede at afuse, et automounting-filsystem i brugerrummet, -ikke på korrekt vis indkapslede metategn i stier. Dette gjorde det muligt for -en lokal angriber med læseadgang til filsystemet, at udføre kommandoer som -ejeren af filsystemet.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.1.1-1+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.2-3.

- -

Vi anbefaler at du opgraderer din afuse (0.1.1-1+etch1)-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1611.data" -#use wml::debian::translation-check translation="f82e0df2c66e0b1187df28f359d869d262509801" mindelta="1" diff --git a/danish/security/2008/dsa-1612.wml b/danish/security/2008/dsa-1612.wml deleted file mode 100644 index fdd49ec1f3e..00000000000 --- a/danish/security/2008/dsa-1612.wml +++ /dev/null @@ -1,55 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i fortolkeren af Ruby-sproget, hvilket kunne -føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2008-2662 - -

    Drew Yao opdagede at flere heltalsoverløb i strengbehandlingskoden - kunne føre til lammelsesangreb og potentielt udførelse af vilkårlig - kode.

    • - -
  • CVE-2008-2663 - -

    Drew Yao opdagede at flere heltalsoverløb i strengbehandlingskoden - kunne føre til lammelsesangreb og potentielt udførelse af vilkårlig - kode.

    • - -
  • CVE-2008-2664 - -

    Drew Yao opdagede at en programmeringsfejl i strengbehandlingskoden kunne - føre til lammelsesangreb og potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2008-2725 - -

    Drew Yao opdagede at et heltalsoverløb i array-håndteringskoden kunne - føre til lammelsesangreb og potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2008-2726 - -

    Drew Yao opdagede at et heltalsoverløb i array-håndteringskoden kunne - føre til lammelsesangreb og potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2008-2376 - -

    Man opdagede at et heltalsoverløb i array-håndteringskoden kunne - føre til lammelsesangreb og potentielt udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.8.5-4etch2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.8.7.22-2.

- -

Vi anbefaler at du opgraderer dine ruby1.8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1612.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1613.wml b/danish/security/2008/dsa-1613.wml deleted file mode 100644 index 6cd0fd48d33..00000000000 --- a/danish/security/2008/dsa-1613.wml +++ /dev/null @@ -1,52 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i libgd2, et bibliotek til programatisk -grafikfremstilling og -manipulering. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-2445 - -

    Gråskala-PNG-filer indeholdende ugyldige tRNS-chunk-CRC-værdier - kunne forårsage et lammelsesangreb (denial of service, crash), hvis et - ondsindet fremstillet billede blev indlæst i et program ved hjælp af - libgd.

    • - -
  • CVE-2007-3476 - -

    En array-indekseringsfejl i libgds GIF-håndtering kunne medføre et - lammelsesangreb (crash med heap-korruption) hvis eksceptionelt store - farveindeksværdier blev leveret i en ondsindet fremstillet - GIF-billedfil.

    • - -
  • CVE-2007-3477 - -

    Rutinerne imagearc() og imagefilledarc() i libgd gjorde det muligt for en - angriber at kontrollere parametrene anvendt til at angive en bue i disse - tegnefunktioner, til at igangsætte et lammelsesangreb (umådeholdent - CPU-forbrug).

    • - -
  • CVE-2007-3996 - -

    Flere heltalsoverløb fandtes i libgds rutiner til ændring af - billedstørrelser og fremstilling af billeder; disse svagheder gjorde det - muligt for en angriber at kontrollere parametrene overført til rutinerne og - dermed igangsætte et crash eller udføre vilkårlig kode med rettighederne - hørende til brugeren, der kørte et program eller fortolker linket mod - libgd2.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -2.0.33-5.2etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2.0.35.dfsg-1.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1613.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1614.wml b/danish/security/2008/dsa-1614.wml deleted file mode 100644 index 4e4bda2d46d..00000000000 --- a/danish/security/2008/dsa-1614.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webbrowseren Iceweasel, en -version af browseren Firefox. Projektet Common Vulnerabilities and Exposures -har fundet frem til følgende problemer:

- -
    - -
  • CVE-2008-2785 - -

    Man opdagede at manglende grænsekontroller på en referencetæller til - CSS-objekter kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-2933 - -

    Billy Rios opdagede at overførsel af en URL indeholdende et pipe-tegn - til Iceweasel kunne føre til Chrome-rettighedsforøgelse.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.0.0.16-0etch1. Opdaterede pakker til ia64, arm og mips er endnu -ikke tilgængelige, og vil blive frigivet så snart de er blevet opbygget.

- -

I den ustabile distribution (sid), er disse problemer rettet i -xulrunner 1.9.0.1-1 og iceweasel 3.0.1-1.

- -

Vi anbefaler at du opgraderer din iceweasel-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1614.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1615.wml b/danish/security/2008/dsa-1615.wml deleted file mode 100644 index da5a22b7283..00000000000 --- a/danish/security/2008/dsa-1615.wml +++ /dev/null @@ -1,96 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø til -XUL-programmer. Projektet Common Vulnerabilities and Exposures har fundet frem -tli følgende problemer:

- -
    - -
  • CVE-2008-2785 - -

    Man opdagede at manglende grænsekontroller på en referencetæller til - CSS-objekter kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-2798 - -

    Devon Hubbard, Jesse Ruderman og Martijn Wargers opdagede nedbrud i - layout-maskinen, hvilket måske kunne gøre det muligt at udføre vilkårlig - kode.

    • - -
  • CVE-2008-2799 - -

    Igor Bukanov, Jesse Ruderman og Gary Kwong opdagede nedbrud i - JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre vilkårlig - kode.

    • - -
  • CVE-2008-2800 - -

    moz_bug_r_a4 opdagede flere sårbarheder i forbindelse med - udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2008-2801 - -

    Collin Jackson og Adam Barth opdagede at JavaScript-kode kunne udføres i - et signeret JAR-arkivs kontekst.

    • - -
  • CVE-2008-2802 - -

    moz_bug_r_a4 opdagede at XUL-dokumementer kunne forøge rettigheder - ved at tilgå den prækompilerede fastload-fil.

    • - -
  • CVE-2008-2803 - -

    moz_bug_r_a4 opdagede at manglende fornuftighedskontrol af inddata - i funktionen mozIJSSubScriptLoader.loadSubScript() kunne føre til udførelse - af vilkårlig kode. Iceweasel selv er ikke påvirket, men nogle - tilføjelsesprogrammer er.

    • - -
  • CVE-2008-2805 - -

    Claudio Santambrogio opdagede at manglende adgangsvalidering i - DOM-fortolkningen gjorde det muligt for ondsindede websteder at tvinge - browseren til at uploade lokale filer til serveren, hvilket kunne føre - til informationsafsløring.

    • - -
  • CVE-2008-2807 - -

    Daniel Glazman opdagede at en programmeringsfejl i koden til - fortolkning af .properties-filer kunne føre til at hukommelsesindhold - blev afsløret til tilføjelsesprogrammer, hvilket kunne føre til - informationsafsløring.

    • - -
  • CVE-2008-2808 - -

    Masahiro Yamada opdagede at fil-URL'er i mappelister ikke være - indkaplset på tilstrækkelig vis.

    • - -
  • CVE-2008-2809 - -

    John G. Myers, Frank Benkstein og Nils Toedtmann opdagede at alternative - navne på selvsignerede certifikater blev håndteret på utilstrækkelig vis, - hvilket kunne føre til forfalskning af sikre forbindelser.

    • - -
  • CVE-2008-2811 - -

    Greg McManus opdagede et crash i block-reflow-koden, hvilket måske kunne - gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2008-2933 - -

    Billy Rios opdagede at overførsel af en URL indeholdende et pipe-tegn - til Iceweasel kunne føre til Chrome-rettighedsforøgelse.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.8.0.15~pre080614d-0etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.0.1-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1615.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1616.wml b/danish/security/2008/dsa-1616.wml deleted file mode 100644 index dca7b479ba0..00000000000 --- a/danish/security/2008/dsa-1616.wml +++ /dev/null @@ -1,30 +0,0 @@ -lammelsesangreb - -

Damian Put opdagede en sårbarhed i antivirusværktøjet ClamAVs fortolkning af -Petite-pakkede eksekvérbare Win32-filer. Svagheden fører til ugyldig -hukommelsestilgang, og kunne gøre det muligt for en angriber at få clamav til -at gå ned ved at levere en ondsindet fremstillet Petite-komprimeret binær fil -til scanning. I nogle opsætninger, så som når clamav anvendes i kombination -med mailservere, kunne dette føre til en fail open på systemet, -muliggørende et opfølgende virusangreb.

- -

En tidligere version af denne bulletin refererede pakker, der var opbygget -ukorrekt og manglende den tilsigtede rettelse. Problemet blev i pakkerne i --2-revisionen af denne bulletin.

- -

Projektet Common Vulnerabilities and Exposures har registreret denne svaghed -som CVE-2008-2713 -og CVE-2008-3215.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.90.1dfsg-3.1+etch14.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.93.1.dfsg-1.1.

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1616.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1617.wml b/danish/security/2008/dsa-1617.wml deleted file mode 100644 index 613de440be0..00000000000 --- a/danish/security/2008/dsa-1617.wml +++ /dev/null @@ -1,44 +0,0 @@ -inkompatibel policy - -

In DSA-1603-1 udgav Debian en opdatering til BIND 9-domænenavnsserveren, som -introducerede UDP-kildeports-randomnisering til at nedsætte truslen ved -DNS-cache-forgiftningsangreb (registreret af projektet Common Vulnerabilities -and Exposures som CVE-2008-1447). -Om end rettelsen var korrekt, var den inkompatibel med versionen af SELinux -Reference Policy distribueret i Debian etch, hvilket ikke tillod at en proces -kørte i domænet named_t til at forbinde sockets til andre UDP-porte end -standard-'domain'-porten (53). Inkompatibiliteten påvirker måde policypakkerne -'targeted' og 'strict' der følger med denne version af refpolicy.

- -

Denne opdatering af refpolicy-pakkerne giver mulighed for at forbinde en -vilkårlig UDP-port til en named_t-processer. Når de opdaterede pakker er -installeret, vil de forsøge at opdatere bind-policymodulet på systemer, hvor -det tidligere var indlæst og hvor den tidligere version af refpolicy var -0.0.20061018-5 eller lavere.

- -

Da Debians refpolicy-pakker endnu ikke er designet med det formål at kunne -opgradere policymoduler, og fordi SELinux-aktiverede Debian-systemer ofte har -en vis grad af stedspecifik policytilpasning, er det svært at sikre at den nye -bindpolicy kan opgraderes med succes. Til det formål vil pakkeopgraderingen -ikke blive afbrudt hvis bindpolicyopdateringen ikke lykkes. Det nye -policymodul findes i /usr/share/selinux/refpolicy-targeted/bind.pp efter -installeringen. Administratorer, der ønsker at anvende bindservicepolity, kan -kan forene alle policyinkompatibiliteter og derefter manuelt installere -opgraderingen. En mere udførlig beskrivelse af den korrigerende procedure -finde på -\ -https://wiki.debian.org/SELinux/Issues/BindPortRandomization.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.0.20061018-5.1+etch1.

- -

Den ustabile distribution (sid) er ikke påvirket, da efterfølgende -refpolicy-udgivelser indeholder en analog ændring.

- -

Vi anbefaler at du opgraderer dine refpolicy-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1617.data" -#use wml::debian::translation-check translation="5011f532637dc7820b79b151eecfda4ab65aa22f" mindelta="1" diff --git a/danish/security/2008/dsa-1618.wml b/danish/security/2008/dsa-1618.wml deleted file mode 100644 index 558c57d2808..00000000000 --- a/danish/security/2008/dsa-1618.wml +++ /dev/null @@ -1,55 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i fortolkeren af Ruby-sproget, hvilket kunne -føre til lammelsesangreb (debian of service) eller udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2008-2662 - -

    Drew Yao opdagede at flere heltalsoverløb i strengbehandlingskoden - kunne føre til lammelsesangreb og potentielt udførelse af vilkårlig - kode.

    • - -
  • CVE-2008-2663 - -

    Drew Yao opdagede at flere heltalsoverløb i strengbehandlingskoden - kunne føre til lammelsesangreb og potentielt udførelse af vilkårlig - kode.

    • - -
  • CVE-2008-2664 - -

    Drew Yao opdagede at en programmeringsfejl i strengbehandlingskoden kunne - føre til lammelsesangreb og potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2008-2725 - -

    Drew Yao opdagede at et heltalsoverløb i array-håndteringskoden kunne - føre til lammelsesangreb og potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2008-2726 - -

    Drew Yao opdagede at et heltalsoverløb i array-håndteringskoden kunne - føre til lammelsesangreb og potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2008-2376 - -

    Man opdagede at et heltalsoverløb i array-håndteringskoden kunne - føre til lammelsesangreb og potentielt udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.9.0+20060609-1etch2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.0.2-2.

- -

Vi anbefaler at du opgraderer dine ruby1.9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1618.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1619.wml b/danish/security/2008/dsa-1619.wml deleted file mode 100644 index 139b9f9618d..00000000000 --- a/danish/security/2008/dsa-1619.wml +++ /dev/null @@ -1,28 +0,0 @@ -DNS-svarforfalskning - -

Flere svagheder er opdaget i PyDNS, en DNS-klientimplementering til -Python-sproget. Dan Kaminsky fandt frem til en anvendelig angrebsvinkel -i forbindelse med DNS-svarforfalskning og cacheforgiftning, der udnyttede -den begrænsede entropi i en DNS-transaktionsid og manglen på -UDP-kildeports-randomnisering i mange DNS-implementeringer. Scott -Kitterman bemærkede at python-dns er sårbar over for denne forudsigelighed, -den det hverken randomniserer sin transaktionsid eller sin kildekode. -Tilsammen medfører den manglende entropi at programmer der anvender -python-dns til at udføre DNS-forespørgsler meget sårbare over for -svarforfalskning.

- -

Projektet Common Vulnerabilities and Exposures har registreret denne -svaghedsklasse som -CVE-2008-1447 -og denne specifikke forekomst i PyDNS som -CVE-2008-4099.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.3.0-5.2+etch1.

- -

Vi anbefaler at du opgraderer din python-dns-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1619.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1620.wml b/danish/security/2008/dsa-1620.wml deleted file mode 100644 index e74e1610313..00000000000 --- a/danish/security/2008/dsa-1620.wml +++ /dev/null @@ -1,46 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i fortolkeren af Python-sproget. Projektet -Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-2052 - -

    Piotr Engelking opdagede at funktionen strxfrm() i locale-modulet - fejlberegnede længden på en intern buffer, hvilket kunne medføre en - mindre informationsafsløring.

    • - -
  • CVE-2007-4965 - -

    Man har opdaget at flere heltalsoverløb i imageop-modulet kunne føre til - udførelse af vilkårlig kode, hvis en bruger blev narret til at behandle - misdannede billeder. Problemet er også registreret som - CVE-2008-1679 - på grund af en oprindelig ufuldstændig rettelse.

    • - -
  • CVE-2008-1721 - -

    Justin Ferguson opdagede at et bufferoverløb i zlib-modulet kunne føre - til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-1887 - -

    Justin Ferguson opdagede at utilstrækkelig validering af inddata i - PyString_FromStringAndSize() kunne føre til udførelse af vilkårlig - kode.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.5-5+etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.5.2-3.

- -

Vi anbefaler at du opgraderer dine python2.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1620.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1621.wml b/danish/security/2008/dsa-1621.wml deleted file mode 100644 index d165b8f6b6a..00000000000 --- a/danish/security/2008/dsa-1621.wml +++ /dev/null @@ -1,76 +0,0 @@ -flere sårbarheder - -

-Flere fjernudnytbare sårbarheder er opdaget i mailklienten Icedove, en -version af Thunderbird-klienten. Projektet Common Vulnerabilities and -Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2008-0304 - -

    Man har opdaget at et bufferoverløb i MIME-dekodningen kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2008-2785 - -

    Man opdagede at manglende grænsekontroller på en referencetæller til - CSS-objekter kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-2798 - -

    Devon Hubbard, Jesse Ruderman og Martijn Wargers opdagede nedbrud i - layout-maskinen, hvilket måske kunne gøre det muligt at udføre vilkårlig - kode.

    • - -
  • CVE-2008-2799 - -

    Igor Bukanov, Jesse Ruderman og Gary Kwong opdagede nedbrud i - JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre vilkårlig - kode.

    • - -
  • CVE-2008-2802 - -

    moz_bug_r_a4 opdagede at XUL-dokumementer kunne forøge rettigheder - ved at tilgå den prækompilerede "fastload"-fil.

    • - -
  • CVE-2008-2803 - -

    moz_bug_r_a4 opdagede at manglende fornuftighedskontrol af inddata - i funktionen mozIJSSubScriptLoader.loadSubScript() kunne føre til udførelse - af vilkårlig kode. Iceweasel selv er ikke påvirket, men nogle - tilføjelsesprogrammer er.

    • - -
  • CVE-2008-2807 - -

    Daniel Glazman opdagede at en programmeringsfejl i koden til - fortolkning af .properties-filer kunne føre til at hukommelsesindhold - blev afsløret til tilføjelsesprogrammer, hvilket kunne føre til - informationsafsløring.

    • - -
  • CVE-2008-2809 - -

    John G. Myers, Frank Benkstein og Nils Toedtmann opdagede at alternative - navne på selvsignerede certifikater blev håndteret på utilstrækkelig vis, - hvilket kunne føre til forfalskning af sikre forbindelser.

    • - -
  • CVE-2008-2811 - -

    Greg McManus opdagede et crash i block-reflow-koden, hvilket måske kunne - gøre det muligt at udføre vilkårlig kode.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1. Pakker til s390 er endnu ikke -tilgængelige og vil senere blive frigivet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.0.0.16-1.

- -

Vi anbefaler at du opgraderer din icedove-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1621.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1622.wml b/danish/security/2008/dsa-1622.wml deleted file mode 100644 index 0f8954ee61a..00000000000 --- a/danish/security/2008/dsa-1622.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Man har opdaget at newsx, et værktøj til NNTP-indlægudveksling, var påvirket -af et bufferoverløb, hvilket gjorde det muligt for angribere at udføre vilkårlig -kode gennem et nyhedsgruppeindlæg indeholdende et stort antal linjer begyndende -med et punktum.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.6-2etch1.

- -

I distributionen testing (lenny) og i den ustabile distribution (sid), -er dette problem rettet i version 1.6-3.

- -

Vi anbefaler at du opgraderer din newsx-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1622.data" -#use wml::debian::translation-check translation="e3cf6eef78a9a89bbde5f047fe32a5b8eac2cc36" mindelta="1" diff --git a/danish/security/2008/dsa-1623.wml b/danish/security/2008/dsa-1623.wml deleted file mode 100644 index a6bc218ff99..00000000000 --- a/danish/security/2008/dsa-1623.wml +++ /dev/null @@ -1,26 +0,0 @@ -DNS-cacheforgiftning - -

Dan Kaminsky opdagede at medfødte egenskaber i DNS-protokollen kunne føre til -effektive DNS-cacheforgiftningsangreb. Blandt andre kunne succesrige angreb -føre til fejldirigeret webtrafik og e-mail-omdirigering.

- -

Denne opdatering ændrer Debians dnsmasq-pakker for at implementere -anbefalede modforholdsregler: Randomnisering af UDP-forespørgselskildeport. -Ændringen forøger størrelsen på det område, en angriber skal gætte værdier i, -på en bagudkompatibel måde og gør succesrige angreb betydeligt sværere.

- -

Med opdateringen skiftes også til Dan Bernsteins tilfældigt tal-generator, -SURF.

- -

I den stabile distribution (etch), er dette problem rettet i -version 2.35-1+etch4. Pakker til alpha vil blive frigivet senere.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.43-1.

- -

Vi anbefaler at du opgraderer din dnsmasq-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1623.data" -#use wml::debian::translation-check translation="e0e5cb0e04861edce9f9d68d0a32397ed4235b98" mindelta="1" diff --git a/danish/security/2008/dsa-1624.wml b/danish/security/2008/dsa-1624.wml deleted file mode 100644 index 6d1d54165d9..00000000000 --- a/danish/security/2008/dsa-1624.wml +++ /dev/null @@ -1,16 +0,0 @@ -bufferoverløb - -

Chris Evans opdagede at et bufferoverløb i RC4-funktionerne i libexslt kunne -føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.1.19-3.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libxslt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1624.data" -#use wml::debian::translation-check translation="94f2a3c2ae490a3b1fd015392a8702fa00b1c4e7" mindelta="1" diff --git a/danish/security/2008/dsa-1625.wml b/danish/security/2008/dsa-1625.wml deleted file mode 100644 index 65a7483ad95..00000000000 --- a/danish/security/2008/dsa-1625.wml +++ /dev/null @@ -1,37 +0,0 @@ -bufferoverløb - -

Flere fjernudnytbare sårbarheder er opdaget i Common Unix Printing System -(CUPS). Projektet Common Vulnerabilities and Exposures har fundet frem til -følgende problemer:

- -
    - -
  • CVE-2008-0053 - -

    Bufferoverløb i HP-GL-inddatafilteret gjorde det muligt at køre vilkårlig - kode gennem fabrikerede HP-GL-filer.

    • - -
  • CVE-2008-1373 - -

    Bufferoverløb i GIF-filteret gjorde det måske muligt at køre vilkårlig - kode gennem fabrikerede GIF-filer.

    • - -
  • CVE-2008-1722 - -

    Heltalsoverløb i PNG-filteret gjorde det måske muligt at køre vilkårlig - kode gennem fabrikerede PNG-filer.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.2.7-4etch4 af pakken cupsys.

- -

I distributionen testing (lenny) og den ustabile distribution (sid), er -disse problemer rettet i version 1.3.7-2 af pakken cups.

- -

Vi anbefaler at du opgraderer din cupsys-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1625.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1626.wml b/danish/security/2008/dsa-1626.wml deleted file mode 100644 index da5c4e3905e..00000000000 --- a/danish/security/2008/dsa-1626.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Joan Calvet opdagede at httrack, et værktøj til oprettelse af lokale kopier -af websteder, var sårbart over for et bufferoverløb, der potentielt gjorde det -muligt at udføre vilkårlig kode når det modtog ekstremt lange URL'er.

- -

I den stabile distribution (etch), er dette problem rettet i -version 3.40.4-3.1+etch1.

- -

I distributionen testing (lenny) og i den ustabile distribution (sid), er -dette problem rettet i version 3.42.3-1.

- -

Vi anbefaler at du opgraderer din httrack-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1626.data" -#use wml::debian::translation-check translation="c8dceef3acab03e09d81d57d50d19b316cc031f0" mindelta="1" diff --git a/danish/security/2008/dsa-1627.wml b/danish/security/2008/dsa-1627.wml deleted file mode 100644 index 6135af19e7b..00000000000 --- a/danish/security/2008/dsa-1627.wml +++ /dev/null @@ -1,37 +0,0 @@ -programmeringsfejl - -

Chaskiel M Grundman opdagede at opensc, et bibliotek og værktøjer til -håndtering af smartcards, initialiserede smartcards med kortstyresystemet -Siemens CardOS M4 uden de korrekte adgangsrettigheder. Dette gjorde det muligt -for alle at ændre kortets PIN-kode.

- -

I forbindelse med denne fejl kunne alle ændre en bruger-PIN-kode uden at -have PIN- eller PUK-koden eller superbrugerens PIN- eller PUK-kode. Dog kunne -fejlen ikke anvendes til at regne PIN-koden ud. Hvis PIN-koden på dit kort er -den samme som altid, er der en god sandsynlighed for at sårbarheden ikke har -været udnyttet.

- -

Sårbarheden påvirker kun smartcards og USB-cryptotokens baseret på Siemens -CardOS M4, og inden for denne gruppe kun dem, der har været initialiseret med -OpenSC. Brugere af andre smartcard og USB-cryptotokens, eller kort der har været -initialiseret med andet programmel end OpenSC, er ikke påvirket.

- -

Efter opgradering af pakken, vil udførelse af kommendoen -pkcs15-tool -T -vise hvorvidt kortet er i orden eller sårbart. Hvis kortet er sårbart, skal du -ændre sikkerhedsindstillingen ved hjælp af: -pkcs15-tool -T -U.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.11.1-2etch2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.11.4-5.

- -

Vi anbefaler at du opgraderer din opensc-pakke og kontrollerer dine kort med -den oven for beskrevne kommando.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1627.data" -#use wml::debian::translation-check translation="dedec0b6a97af0a07a5f494eb2817d54f4cc95ea" mindelta="1" diff --git a/danish/security/2008/dsa-1628.wml b/danish/security/2008/dsa-1628.wml deleted file mode 100644 index 97a31df44be..00000000000 --- a/danish/security/2008/dsa-1628.wml +++ /dev/null @@ -1,20 +0,0 @@ -DNS-svarforfalskning - -

Brian Dowling opdagede at den autoritative navneserver PowerDNS ikke svarede -på DNS-forespørgsler, der indeholdt visse tegn, med en forøget risiko for -succesrig DNS-forfalskning til følge -(CVE-2008-3337). -Denne opdatering ændrer PowerDNS til i stedet at give SERVFAIL-svaret.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.9.20-8+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.9.21.1-1.

- -

Vi anbefaler at du opgraderer din pdns-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1628.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1629.wml b/danish/security/2008/dsa-1629.wml deleted file mode 100644 index e7956f0cad1..00000000000 --- a/danish/security/2008/dsa-1629.wml +++ /dev/null @@ -1,37 +0,0 @@ -programmeringsfejl - -

Sebastian Krahmer opdagede at Postfix, et mailoverførselsprogram, på ukorrekt -vis kontrollerede ejerskabet af en mailbox. Ved nogle opsætninger var det -dermed muligt som root at tilføje data til vilkårlige filer.

- -

Bemærk at kun speficikke opsætninger er sårbare; Debians standardinstallation -er ikke påvirket. Kun hvis opsætningen lever op til følgende forudsætninger, er -den sårbar:

- -
    -
  • Mailleveringsmetoden er mailbox, med anvendelse af de i Postfix - indbyggede leveringsprogrmamer local(8) eller virtual(8).
    • -
  • Mailspoolmappen (/var/spool/mail) er skrivbar for brugere.
    • -
  • Brugeren kan oprette hardlinks pegende på root-ejede symlinks, - placeret i andre mapper.
    • -
- -

For en detaljeret gennemgang at problemet, se -\ -opstrømsforfatterens gennemgang.

- -

I den stabile distribution (etch), er dette problem rettet i -version 2.3.8-2+etch1.

- -

I distributionen testing (lenny), er dette problem rettet i -version 2.5.2-2lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet -i version 2.5.4-1.

- -

Vi anbefaler at du opgraderer din postfix-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1629.data" -#use wml::debian::translation-check translation="ff3b75ade496b04253cb5dbd461621d02dcf0d05" mindelta="1" diff --git a/danish/security/2008/dsa-1630.wml b/danish/security/2008/dsa-1630.wml deleted file mode 100644 index ae2a662c0f1..00000000000 --- a/danish/security/2008/dsa-1630.wml +++ /dev/null @@ -1,69 +0,0 @@ -lammelsesangreb/informationslækage - -

Flere sårbarheder er opdaget i Linux-kernen. De kan føre til lammelsesangreb -(denial of service) eller udførelse af vilkårlig kode. Projektet Common -Vulnerabilities and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2007-6282 - -

    Dirk Nehring opdagede en sårbarhed i IPsec-koden, der gjorde det muligt - for fjernbrugere at forårsage et lammelsesangreb ved at sende særligt - fremstillede ESP-pakker.

    • - -
  • CVE-2008-0598 - -

    Tavis Ormandy opdagede en sårbarhed, der gjorde det muligt for lokale - brugere at tilgå uinitialiseret kernehukommelse, muligvis lækkende følsomme - oplysninger. Problemet gælder specifikt amd64-udgaven af - kerneaftrykkene.

    • - -
  • CVE-2008-2729 - -

    Andi Kleen opdagede et problem hvor uinitialiseret kernehukommelse blev - lækket til brugerrummet under en exception. Problemet kunne måske gøre det - muligt for lokale brugere at få adgang til følsomme oplysninger. Kun - amd64-udgaven af Debians kerneaftryk er påvirket.

    • - -
  • CVE-2008-2812 - -

    Alan Cox opdagede et problem i flere tty-drivere, der gjorde det muligt - for lokale brugere at udløse et lammelsesangreb (NULL-pointer-dereference) - og muligvis få forøgede rettigheder.

    • - -
  • CVE-2008-2826 - -

    Gabriel Campana opdagede et heltalsoverløb i sctp-koden, som kunne - udnyttes af lokale brugere til at forårsage et lammelsesangreb.

    • - -
  • CVE-2008-2931 - -

    Miklos Szeredi rapporterede om en manglende rettighedskontrol i - funktionen do_change_type(). Dette gjorde det muligt for lokal, - upriviligerede brugere at ændre egenskaberne ved mount-points.

    • - -
  • CVE-2008-3272 - -

    Tobias Klein rapporterede om en lokalt udnytbar datalækage i funktionen - snd_seq_oss_synth_make_info(). Dette kunne måske gøre det muligt for lokale - brugere at få adgang til følsomme oplysninger.

    • - -
  • CVE-2008-3275 - -

    Zoltan Sogor opdagede en programmeringsfejl i VFS, der gjorde det muligt - for lokale brugere at udnytte en kernehukommelseslækage, medførende et - lammelsesangreb.

    • - -
- -

I den stabile distribution (etch), er dette problem rettet i -version 2.6.18.dfsg.1-22etch2.

- -

Vi anbefaler at du opgraderer din linux-2.6-, fai-kernels- og -user-mode-linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1630.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1631.wml b/danish/security/2008/dsa-1631.wml deleted file mode 100644 index 76eadd745bc..00000000000 --- a/danish/security/2008/dsa-1631.wml +++ /dev/null @@ -1,18 +0,0 @@ -lammelsesangreb - -

Andreas Solberg opdagede at libxml2, GNOME XML-bibliotek, kunne tvinges til -rekursivt at evaluere entiteter, indtil tilgængelige CPU- og -hukommelsesressourcer var opbrugt.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.6.27.dfsg-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.6.32.dfsg-3.

- -

Vi anbefaler at du opgraderer din libxml2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1631.data" -#use wml::debian::translation-check translation="e4bb4e0ce45ec09f824435d30416bacc17500005" mindelta="1" diff --git a/danish/security/2008/dsa-1632.wml b/danish/security/2008/dsa-1632.wml deleted file mode 100644 index 459f2a83782..00000000000 --- a/danish/security/2008/dsa-1632.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferunderløb - -

Drew Yao opdagede at libTIFF, et bibliotek til håndtering af Tagged Image -File Format, var sårbar på grund af en programmeringsfejl, der gjorde det -muligt for misdannede tiff-filer at føre til nedbrud eller udførelse af -vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 3.8.2-7+etch1.

- -

I distributionen testing (lenny), er dette problem rettet i -version 3.8.2-10+lenny1.

- -

Den ustabile distribution (sid) vil snart blive rettet.

- -

Vi anbefaler at du opgraderer din tiff-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1632.data" -#use wml::debian::translation-check translation="cbc98d6bb8d3a82b9f813aa4833b25e03ef1df64" mindelta="1" diff --git a/danish/security/2008/dsa-1633.wml b/danish/security/2008/dsa-1633.wml deleted file mode 100644 index 0eda894418b..00000000000 --- a/danish/security/2008/dsa-1633.wml +++ /dev/null @@ -1,21 +0,0 @@ -SQL-indsprøjtning, udførelse af skripter på tværs af websteder - -

Man har opdaget at Slash, Slashdot Like Automated Storytelling Homepage har -to sårbarheder i forbindelse med utilstrækkelig fornuftighedskontrol af -inddata, medførende udførelse af SQL-kommandoer -(CVE-2008-2231) -og udførelse af skripter på tværs af websteder -(CVE-2008-2553).

- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.2.6-8etch1.

- -

I den ustabile distribution (sid), kan pakken slash pt. ikke installeres og -vil snart blive fjernet.

- -

Vi anbefaler at du opgraderer din slash-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1633.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1634.wml b/danish/security/2008/dsa-1634.wml deleted file mode 100644 index e72d531055c..00000000000 --- a/danish/security/2008/dsa-1634.wml +++ /dev/null @@ -1,22 +0,0 @@ -stak- og heapoverløb - -

Rob Holland opdagede flere programmeringsfejl i WordNet, en elektronisk -leksikal database over det engelske sprog. Fejlene kunne muliggøre udførelse af -vilkårlig kode, ved brug af ubetroede inddata, for eksempel når WordNet anvendes -som en backend til en webapplikation.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1:2.1-4+etch1.

- -

I distributionen testing (lenny), er disse problemer rettet i -version 1:3.0-11+lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:3.0-12.

- -

Vi anbefaler at du opgraderer din wordnet-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1634.data" -#use wml::debian::translation-check translation="bbb83a58cccf4123338fb33808d1273168afeb6a" mindelta="1" diff --git a/danish/security/2008/dsa-1635.wml b/danish/security/2008/dsa-1635.wml deleted file mode 100644 index 115fc50ad4a..00000000000 --- a/danish/security/2008/dsa-1635.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - -

Flere lokale sårbarheder er opdaget i freetype, en -FreeType 2-skrifttypemaskine, hvilket kunne gøre det muligt at udføre vilkårlig -kode.

- -

Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2008-1806 -

    Et heltalsoverlø muliggjorde kontekstafhængige angribere at udføre vilkårlig - kode gennem et fremstillet sæt værdier i dictionarytabellen Private i - Printer Font Binary-filen (PFB).

    • - -
  • CVE-2008-1807 -

    Håndteringen af et ugyldigt number of axes-felt i PFB-filen kunne udløse - frigivelse af vilkårlige hukommelsessteder, førende til - hukommelseskorruption.

    • - -
  • CVE-2008-1808 -

    Flere forskudt med én-fejl gjorde det muligt at udføre vilkårlig kode gennem - misdannede tabeller i PFB-filer eller udgyldige SHC-instruktioner i - TTF-filer.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -2.2.1-5+etch3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.3.6-1.

- -

Vi anbefaler at du opgraderer din freetype-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1635.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1636.wml b/danish/security/2008/dsa-1636.wml deleted file mode 100644 index 342bb7c1b83..00000000000 --- a/danish/security/2008/dsa-1636.wml +++ /dev/null @@ -1,72 +0,0 @@ -lammelsesangreb/informationslækage - - -

Flere sårbarheder er opdaget i Linux-kernen, de kunne føre til -lammelsesangreb (denial of service) eller lækning af følsomme oplysninger. -Projektet Common Vulnerabilities and Exposures har fundet frem til følgende -problemer:

- -
    - -
  • CVE-2008-3272 - -

    Tobias Klein rapporterede om en lokalt udnytbar datalækage i funktionen - snd_seq_oss_synth_make_info(). Dette kunne måske gøre det muligt for lokale - brugere at få adgang til følsomme oplysninger.

    • - -
  • CVE-2008-3275 - -

    Zoltan Sogor opdagede en programmeringsfejl i VFS, der gjorde det muligt - for lokale brugere at udnytte en kernehukommelseslækage, medførede et - lammelsesangreb.

    • - -
  • CVE-2008-3276 - -

    Eugene Teo rapporterede om et heltalsoverløb DCCP-undersystemet, der - måske kunne gøre det muligt for fjernangribere at forårsage et - lammelsesangreb i form af kernepanik.

    • - -
  • CVE-2008-3526 - -

    Eugene Teo rapporterede om manglende grænsekontrol i SCTP-undersystemet. - Ved at udnytte et heltalsoverløb i SCTP_AUTH_KEY-håndteringskoden kunne - fjernangribere måske få mulighed for at forårsage et lammelsesangreb i form - af kernepanik.

    • - -
  • CVE-2008-3534 - -

    Kel Modderman rapporterede om et problem i tmpfs-filsystemet, der gjorde - det muligt for lokale brugere at få systemet til at gå ned, ved at udløse en - BUG()-assertion i kernen.

    • - -
  • CVE-2008-3535 - -

    Alexey Dobriyan opdagede en forskud med én-fejl i funktionen - iov_iter_advance, hvilket kunne udnyttes af lokale brugere til at få - systemet til at gå ned, medførende et lammelsesangreb.

    • - -
  • CVE-2008-3792 - -

    Vlad Yasevich rapporterede om flere NULL-pointerdereferencetilstande i - SCTP-undersystemet, hvilket kunne udløses ved at gå ind i - sctp-auth-kodestier, når AUTH-funktionaliteten var inaktiv. Dette kunne - måske gøre det muligt for angribere, at forårsage et lammelsesangreb gennem - systempanik.

    • - -
  • CVE-2008-3915 - -

    Johann Dahm og David Richter rapporterede om et problem i - nfsd-undersystemet, hvilket måske kunne gøre det muligt for fjernangribere - at forårsage et lammelsesangreb gennem et bufferoverløb.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.6.24-6~etchnhalf.5.

- -

Vi anbefaler at du opgraderer dine linux-2.6.24-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1636.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1637.wml b/danish/security/2008/dsa-1637.wml deleted file mode 100644 index 16674b7ea87..00000000000 --- a/danish/security/2008/dsa-1637.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb - -

Der er fundet flere sårbarheder i git-core, kernen i -reversionsstyringssystemet git. Ukorrekte stilængdebegrænsninger i git's diff- -og grep-funktioner, kombineret med ondsindet fremstillede arkiver -(repositories) eller ændringer, kunne muliggøre stakbufferoverløb og potentielt -udførelse af vilkårlig kode.

- -

Projektet Common Vulnerabilities and Exposures har registreret sårbarheden -som \ -CVE-2008-3546.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.4.4.4-2.1+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.5.6.5-1.

- -

Vi anbefaler at du opgraderer dine git-core-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1637.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1638.wml b/danish/security/2008/dsa-1638.wml deleted file mode 100644 index c4fb899e5c6..00000000000 --- a/danish/security/2008/dsa-1638.wml +++ /dev/null @@ -1,32 +0,0 @@ -lammelsesangreb - -

Man har opdaget at signalhandleren, der implementerer login-timeout i -Debians version af OpenSSH-serveren anvender funktioner, der ikke er -async-signal-sikre, førende til en lammelsesangrebssårbarhed (denial of -service) (\ -CVE-2008-4109).

- -

Problemet blev oprindelig rettet i OpenSSH 4.4p1 -(\ -CVE-2006-5051), men rettelsen tilbageført til versionen udgivet med etch var -ukorrekt.

- -

Systemer påvirket af dette problem lider af mange zombie-sshd-processer. -Processer hængende med en "[net]"-procestitel er også observeret. Som tiden går -kunne en tilstrækkelig stor mængde processer hobe sig op, således at yderligere -loginforsøg var umulige. Tilstedeværelsen af disse processer indikerer ikke -aktiv udnyttelse af sårbarheden. Det er muligt at udløse -lammelsesangrebstilstanden ved et uheld.

- -

I den stabile distribution (etch), er dette problem rettet i -version 4.3p2-9etch3.

- -

I den ustabile distribution (sid) og distributionen testing -(lenny), er dette problem rettet i version 4.6p1-1.

- -

Vi anbefaler at du opgraderer dine openssh-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1638.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1639.wml b/danish/security/2008/dsa-1639.wml deleted file mode 100644 index 634b4726354..00000000000 --- a/danish/security/2008/dsa-1639.wml +++ /dev/null @@ -1,18 +0,0 @@ -kommandudførelse - -

Man har opdaget at twiki, et webbaseret samarbejdsværktøj, ikke på korrekt vis -fornuftighedskontrollerede image-parameteret i dets opsætningsskript. Dette -kunne gøre det muligt for fjernbrugere at udføre vilkårlige kommandoer på -systemet eller læse alle filer, som var læsbare for webserver-brugeren.

- -

I den stabile distribution (etch), er dette problem rettet i version -1:4.0.5-9.1etch1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din twiki-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1639.data" -#use wml::debian::translation-check translation="154bf0e2946d56fb2e5f4bb0a6daa63f0752f614" mindelta="1" diff --git a/danish/security/2008/dsa-1640.wml b/danish/security/2008/dsa-1640.wml deleted file mode 100644 index 922e9e15697..00000000000 --- a/danish/security/2008/dsa-1640.wml +++ /dev/null @@ -1,31 +0,0 @@ -flere sårbarheder - -

Simon Willison opdagede at i Django, et Python-webframework, tillod -funktionaliteten til at bevare HTTP POST-data under brugergenautentificering, -at en fjernangriber kunne udføre uautoriseret ændring af data gennem en -forespørgselsforfalskning på tværs af webservere (cross site request forgery). -Dette var muligt på trods af at Django-plugin'en til at forhindre -forespørgselsforfalskning på tværs af webservere var aktiveret. Projektet -Common Vulnerabilities and Exposures har registreret problemet som -CVE-2008-3909.

- -

I denne opdatering er den påvirkede funktionalitet deaktiveret; jf. -opstrømsudviklernes foretrukne løsning af problemet.

- -

Lejligheden er udnyttet til også at medtage en rettelse af et relativt lille -lammelsesangreb (denial of service) i internationaliseringsframeworket, -registreret som -CVE-2007-5712.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.95.1-1etch2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0-1.

- -

Vi anbefaler at du opgraderer din python-django-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1640.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1641.wml b/danish/security/2008/dsa-1641.wml deleted file mode 100644 index aa252e6fe45..00000000000 --- a/danish/security/2008/dsa-1641.wml +++ /dev/null @@ -1,44 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i phpMyAdmin, et værktøj til -administrering af MySQL-databaser over web. Projektet Common Vulnerabilities -and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-4096 - -

    Fjernautentificerede brugere kunne udføre vilkårlig kode på - værtsmaskinen, der kører phpMyAdmin, ved at manipulere med et - skriptparameter.

    • - -
  • CVE-2008-3457 - -

    Udførelse af skripter på tværs af websteder (cross site scripting) - gennem opsætningsskriptet var muligt under sjældne omstændigheder.

    • - -
  • CVE-2008-3456 - -

    Der er tilføjet beskyttelse mod at fjerne websteder indlæser phpMyAdmin - i et frameset.

    • - -
  • CVE-2008-3197 - -

    Forespørgselsforfalskning på tværs af webservere (cross site request - forgery) gjorde det muligt for fjernangribere at oprette en ny database, - men ikke at udføre nogen andre handlinger på den.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 4:2.9.1.1-8.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4:2.11.8.1-2.

- -

Vi anbefaler at du opgraderer din phpmyadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1641.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1642.wml b/danish/security/2008/dsa-1642.wml deleted file mode 100644 index 8f9f1296d4e..00000000000 --- a/danish/security/2008/dsa-1642.wml +++ /dev/null @@ -1,20 +0,0 @@ -udførelse af skripter på tværs af webservere - -

Will Drewry opdagede at Horde gjode det muligt for fjernangribere at sende -en e-mail med en fabrikeret MIME-vedhæftelsesfilnavnsattribut, til at udføre -skripter på tværs af websteder (cross site scripting).

- -

I den stabile distribution (etch), er dette problem rettet i -version 3.1.3-4etch4.

- -

I distributionen testing (lenny), er dette problem rettet i -version 3.2.1+debian0-2+lenny1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din horde3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1642.data" -#use wml::debian::translation-check translation="edc6fab49fbe2a1bf586eda02e1099e5f3b30e38" mindelta="1" diff --git a/danish/security/2008/dsa-1643.wml b/danish/security/2008/dsa-1643.wml deleted file mode 100644 index 7ddce648356..00000000000 --- a/danish/security/2008/dsa-1643.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikker håndtering af midlertidige filer - -

Dmitry E. Oboukhov opdagede at to-upgrade-pluginen i Feta, en -simple grænseflade til APT, dpkg og anden af Debians pakkeværktøjer, oprettede -midlertidige filer på usikker vis, hvilket kunne føre til et lokalt -lammelsesangreb (denial of service) gennem symlinkangreb.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.4.15+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.16+nmu1.

- -

Vi anbefaler at du opgraderer din feta-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1643.data" -#use wml::debian::translation-check translation="3adcbf799534c4e3491fd453a8e6dccb3a48325d" mindelta="1" \ No newline at end of file diff --git a/danish/security/2008/dsa-1644.wml b/danish/security/2008/dsa-1644.wml deleted file mode 100644 index 4757cbd2a1f..00000000000 --- a/danish/security/2008/dsa-1644.wml +++ /dev/null @@ -1,20 +0,0 @@ -heltalsoverløb - -

Felipe Andres Manzano opdagede at mplayer, en multimedieafspiller, var -sårbar over for flere heltalsoverløb i Real video-streamdemuxingkoden. Disse -filer kunne gøre det muligt for en angriber at forårsage et lammelsesangreb -(denial of service, et nedbrud) eller potentielt udførelse af vilkårlig kode -ved at levere ondsindet fremstillede videofiler.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.0~rc1-12etch5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0~rc2-18.

- -

Vi anbefaler at du opgraderer dine mplayer-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1644.data" -#use wml::debian::translation-check translation="0ae0f4f455669a3961e03001ce260a424b11adce" mindelta="1" diff --git a/danish/security/2008/dsa-1645.wml b/danish/security/2008/dsa-1645.wml deleted file mode 100644 index 8176cacf8b1..00000000000 --- a/danish/security/2008/dsa-1645.wml +++ /dev/null @@ -1,39 +0,0 @@ -forskelligt - -

Flere lokale og fjernudnytbare sårbarheder er opdaget i lighttpd, en hurtig -webserver med minimalt hukommelsesforbrug.

- -

Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2008-4298 -

    En hukommelseslækage i funktionen http_request_parse kunne anvendes af - fjernangribere til at få lighttpd til at forbruge hukommelse og forårsge et - lammelsesangreb (denial of service).

    • - -
  • CVE-2008-4359 -

    Inkonsistent håndtering af URL-mønstre kunne føre til at blotlæggelse af - ressourcer, som en serveradministrator ikke havde forudset ved omskrivning - af URL'er.

    • - -
  • CVE-2008-4360 -

    På filsystemer, der ikke håndterer forskelle på store og små bogstaver i - stinavne forskelligt, kunne det være muligt at uforudsete ressourcer ville - blive gjort tilgængelige af mod_userdir.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -1.4.13-4etch11.

- -

I den ustabile distribution (sid), vil disse problems blive rettet om kort -tid.

- -

Vi anbefaler at du opgraderer din lighttpd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1645.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1646.wml b/danish/security/2008/dsa-1646.wml deleted file mode 100644 index 3609f880432..00000000000 --- a/danish/security/2008/dsa-1646.wml +++ /dev/null @@ -1,19 +0,0 @@ -arraygrænsekontrol - -

En svaghed er opdaget i squid, en cachende proxyserver. Fejlen blev -introduceret opstrøms som reaktion på -\ -CVE-2007-6239, og annonceret af Debian i DSA-1482-1. Den involverer -en overagressiv grænsekontrol på en størrelsesændring af et array, og -kunne udnyttes af en autoriseret klient til at iværksætte en -lammelsesangrebstilstand (denial of service) mod squid.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.6.5-6etch2.

- -

Vi anbefaler at du opgraderer dine squid-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1646.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1647.wml b/danish/security/2008/dsa-1647.wml deleted file mode 100644 index 3dc9ea79bdb..00000000000 --- a/danish/security/2008/dsa-1647.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i PHP, et HTML-indlejret skriptsprog på -serversiden. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2008-3658 - -

    Et bufferoverløb i funktionen imageloadfont muliggjorde et - lammelsesangreb (denial of service) eller udførelse af kode gennem en - fabrikeret fontfil.

    • - -
  • CVE-2008-3659 - -

    Et bufferoverløb i funktionen memnstr muliggjorde et lammelsesangreb - eller udførelse af kode gennem et fabrikeret delimiterparameter til - explode-funktionen.

    • - -
  • CVE-2008-3660 - -

    Lammelsesangreb er muligt i FastCGI-modulet for en fjernangriber, der - laver en forespørgsel med flere punktummer før ekstensionen..

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 5.2.0-8+etch13.

- -

I distributionen testing (lenny) og i den ustabile distribution (sid), er -disse problemer rettet i version 5.2.6-4.

- -

Vi anbefaler at du opgraderer din php5-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1647.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1648.wml b/danish/security/2008/dsa-1648.wml deleted file mode 100644 index f56cb49b8b9..00000000000 --- a/danish/security/2008/dsa-1648.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikre midlertidige filer - -

Dmitry E. Oboukhov opdagede at skriptet test.alert, der anvendes i en af -adviseringsfunktionerne i mon, et system til overvågning af værtsmaskiner og -tjenester og advisere om problemer, oprettede midlertidige filer på usikker vis, -hvilket måske kunne føre til et lokalt lammelsesangreb (denial of service) -gennem symlink-angreb.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.99.2-9+etch2.

- -

I distributionen testing (lenny) og i den ustabile distribution (sid), er -dette problem rettet i version 0.99.2-13.

- -

Vi anbefaler at du opgraderer din mon-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1648.data" -#use wml::debian::translation-check translation="46e0aa5ed77e021e78b1181c8decf67621005d94" mindelta="1" diff --git a/danish/security/2008/dsa-1649.wml b/danish/security/2008/dsa-1649.wml deleted file mode 100644 index 79e04d0428e..00000000000 --- a/danish/security/2008/dsa-1649.wml +++ /dev/null @@ -1,95 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webbrowseren Iceweasel, en -udgave af browseren Firefox. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2008-0016 - -

    Justin Schuh, Tom Cross og Peter Williams opdagede et bufferoverløb i - fortolkeren af UTF-8-URL'er, hvilket måske kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2008-3835 - -

    moz_bug_r_a4 opdagede at samme oprindelse-kontrollen i - nsXMLDocument::OnChannelRedirect() kunne omgås.

    • - -
  • CVE-2008-3836 - -

    moz_bug_r_a4 opdagede at flere sårbarheder i feedWriter kunne føre - til Chrome-rettighedsforøgelse.

    • - -
  • CVE-2008-3837 - -

    Paul Nickerson opdagede at en angriber kunne flytte vinduer under et - museklik, medførende uønskede handlinger udløst af træk og slip.

    • - -
  • CVE-2008-4058 - -

    moz_bug_r_a4 opdagede en sårbarhed, der kunne medføre - Chrome-rettighedsforøgelse gennem XPCNativeWrappers.

    • - -
  • CVE-2008-4059 - -

    moz_bug_r_a4 opdagede en sårbarhed, der kunne medføre - Chrome-rettighedsforøgelse gennem XPCNativeWrappers.

    • - -
  • CVE-2008-4060 - -

    Olli Pettay og moz_bug_r_a4 opdagede en - Chrome-rettighedsforøgelsessårbarhed i XSLT-håndteringen.

    • - -
  • CVE-2008-4061 - -

    Jesse Ruderman opdagede et nedbrud i layoutmaskinen, hvilket måske kunne - gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2008-4062 - -

    Igor Bukanov, Philip Taylor, Georgi Guninski og Antoine Labour - opdagede nedbrud i JavaScript-maskinen, hvilket måske kunne gøre det muligt - at udføre vilkårlig kode.

    • - -
  • CVE-2008-4065 - -

    Dave Reed opdagede at nogle Unicode-byterækkefølgemarkeringer blev fjernet - fra JavaScript-kode før udførelse, hvilket kunne medføre at kode blev udført, - som ellers var en del af en streng i anførselstegn.

    • - -
  • CVE-2008-4066 - -

    Gareth Heyes opdagede at nogle Unicode-surrogattegn blev ignoreret af - HTML-fortolkeren.

    • - -
  • CVE-2008-4067 - -

    Boris Zbarsky opdagede at resource:-URL'er tillod mappegennemløb, når - URL-indkasplede skråstreger blev anvendt.

    • - -
  • CVE-2008-4068 - -

    Georgi Guninski opdagede at resource:-URL'er kunne omgå lokale - adgangsbegrænsninger.

    • - -
  • CVE-2008-4069 - -

    Billy Hoffman opdagede at XBM-dekoderen kunne blotlægge uinitialiseret - hukommelse.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.0.0.17-0etch1. Packages for hppa will be provided later.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.0.3 of iceweasel and 1.9.0.3-1 of xulrunner.

- -

Vi anbefaler at du opgraderer din iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1649.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1650.wml b/danish/security/2008/dsa-1650.wml deleted file mode 100644 index 753400e1f56..00000000000 --- a/danish/security/2008/dsa-1650.wml +++ /dev/null @@ -1,18 +0,0 @@ -lammelsesangreb - -

Cameron Hotchkies opdagede at OpenLDAP-serveren slapd, en fri implementering -af Lightweight Directory Access Protocol, kunne bringes til at gå ned ved at -sende misdannede ASN1-forespørgsler.

- -

I den stabile distribution (etch), er dette problem rettet i -version 2.3.30-5+etch2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.10-3 af pakken openldap.

- -

Vi anbefaler at du opgraderer dine openldap2.3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1650.data" -#use wml::debian::translation-check translation="9021e28361378d760db5adcc4b1b2288926f80fd" mindelta="1" diff --git a/danish/security/2008/dsa-1651.wml b/danish/security/2008/dsa-1651.wml deleted file mode 100644 index e10dfd64006..00000000000 --- a/danish/security/2008/dsa-1651.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i fortolkeren af sproget Ruby, hvilket kunne -føre til lammelsesangreb (denial of service) og andre sikkerhedsproblemer. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2008-3655 - -

    Keita Yamaguchi opdagede at flere sikkerhedsniveaubegrænsninger blev - håndhævet på utilstrækkelig vis.

    • - -
  • CVE-2008-3656 - -

    Christian Neukirchen opdagede at modulet WebRick anvendte utilstrækkelige - algoritmer til opsplitning af HTTP-headeren, medførende lammelsesangreb - gennem ressourceudtømning.

    • - -
  • CVE-2008-3657 - -

    Man opdagede at modulet dl ikke udførte forureningskontroller.

    • - -
  • CVE-2008-3790 - -

    Luka Treiber og Mitja Kolsek opdagede at rekursivt bundtede XML-entiteter - kunne føre til lammelsesangreb gennem ressourceudtømning i rexml.

    • - -
  • CVE-2008-3905 - -

    Tanaka Akira opdagede at module resolv anvendte sekventielle - transaktions-id'er og en fast kildeport til DNS-forespørgsler, hvilket - gjorde det mere sårbart over for DNS-forfalskningsangreb.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.8.5-4etch3. Pakker til arm vil senere blive gjort tilgængelige.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.8.7.72-1.

- -

Vi anbefaler at du opgraderer dine ruby1.8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1651.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1652.wml b/danish/security/2008/dsa-1652.wml deleted file mode 100644 index c0ee9523108..00000000000 --- a/danish/security/2008/dsa-1652.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i fortolkeren af sproget Ruby, hvilket kunne -føre til lammelsesangreb (denial of service) og andre sikkerhedsproblemer. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2008-3655 - -

    Keita Yamaguchi opdagede at flere sikkerhedsniveaubegrænsninger blev - håndhævet på utilstrækkelig vis.

    • - -
  • CVE-2008-3656 - -

    Christian Neukirchen opdagede at modulet WebRick anvendte utilstrækkelige - algoritmer til opsplitning af HTTP-headeren, medførende lammelsesangreb - gennem ressourceudtømning.

    • - -
  • CVE-2008-3657 - -

    Man opdagede at modulet dl ikke udførte forureningskontroller.

    • - -
  • CVE-2008-3790 - -

    Luka Treiber og Mitja Kolsek opdagede at rekursivt bundtede XML-entiteter - kunne føre til lammelsesangreb gennem ressourceudtømning i rexml.

    • - -
  • CVE-2008-3905 - -

    Tanaka Akira opdagede at module resolv anvendte sekventielle - transaktions-id'er og en fast kildeport til DNS-forespørgsler, hvilket - gjorde det mere sårbart over for DNS-forfalskningsangreb.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.9.0+20060609-1etch3. Pakker til arm vil senere blive gjort tilgængelige.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.0.2-6.

- -

Vi anbefaler at du opgraderer dine ruby1.9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1652.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1653.wml b/danish/security/2008/dsa-1653.wml deleted file mode 100644 index 0cabeb0f14a..00000000000 --- a/danish/security/2008/dsa-1653.wml +++ /dev/null @@ -1,64 +0,0 @@ -lammelsesangreb/rettighedsforøgelse - -

Flere sårbarheder er opdaget i Linux-kernen, hvilket kunne føre til et -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2007-6716 - -

    Joe Jin rapporterede om en lokal lammelsesangrebssårbarhed, der gjorde - det muligt for systembrugere at udløse en oops på grund af en - ukorrekt initialiseret datastruktur.

    • - -
  • CVE-2008-1514 - -

    Jan Kratochvil rapporterede om en lokal lammelsesangrebssårbarhed i - ptrace-grænsefladen på s390-arkitekturen. Lokale brugere kunne udløse en - ugyldig pointer-dereference, førende til systempanik.

    • - -
  • CVE-2008-3276 - -

    Eugene Teo rapporterede om et heltalsoverløb i undersystemet DCCP, - hvilket måske kunne gøre det muligt for fjernangribere at forårsage et - lammelsesangreb i form af kernepanik.

    • - -
  • CVE-2008-3525 - -

    Eugene Teo rapporterede om manglende kapabilitetskontroller i - kernedriveren til Granch SBNI12-leased line-adaptere (sbni), hvilket - gjorde det muligt for lokale brugere at udføre priviligerede - handlinger.

    • - -
  • CVE-2008-3833 - -

    Bittene S_ISUID/S_ISGID blev ikke tømt under en inode-splice, hvilket, - under visse omstændigheder, kunne udnyttes af lokale brugere til at få - rettighederne til en gruppe, som de ikke er medlemmer af. Mark Fasheh - rapporterede om problemet.

    • - -
  • CVE-2008-4210 - -

    David Watson rapporterede om et problem i systemkaldene open()/creat(), - hvilket, under visse omstændigheder, kunne udnyttes af lokale brugere til at - få rettighederne til en gruppe, som de ikke er medlemmer af.

    • - -
  • CVE-2008-4302 - -

    En programmeringsfejl i undersystemet splice gjorde det muligt for lokale - brugere at forsøge at oplåse en sidestruktur, der ikke var blevet låst, - medførende et systemnedbrud.

    • - -
- -

I den stabile distribution (etch), er dette problem rettet i -version 2.6.18.dfsg.1-22etch3.

- -

Vi anbefaler at du opgraderer din linux-2.6-, fai-kernels- og -user-mode-linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1653.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1654.wml b/danish/security/2008/dsa-1654.wml deleted file mode 100644 index 04b6fe9e32d..00000000000 --- a/danish/security/2008/dsa-1654.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Man har opdaget at libxml2, GNOME's XML-bibliotek, ikke på korrekt vis -håndterede lange entitetsnavne. Derved kunne det være muligt at udføre -vilkårlig kode gennem en ondsindet XML-fil.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.6.27.dfsg-5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.6.32.dfsg-4.

- -

Vi anbefaler at du opgraderer din libxml2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1654.data" -#use wml::debian::translation-check translation="1d149835685574c11b8715b14cacc62ab225f6bf" mindelta="1" diff --git a/danish/security/2008/dsa-1655.wml b/danish/security/2008/dsa-1655.wml deleted file mode 100644 index 38d5e2452d1..00000000000 --- a/danish/security/2008/dsa-1655.wml +++ /dev/null @@ -1,46 +0,0 @@ -lammelsesangreb/informationslækage/rettighedsforøgelse - - -

Flere sårbarheder er opdaget i Linux-kernen, som kunne føre til -lammelsesangreb (denial of service), rettighedsforøgelse eller lækage af -følsomme oplysninger. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2008-1514 - -

    Jan Kratochvil rapporterede om en lokal lammelsesangrebssårbarhed i - ptrace-grænsefladen på s390-arkitekturen. Lokale brugere kunne udløse en - ugyldig pointerdereference, førende til systempanik.

    • - -
  • CVE-2008-3525 - -

    Eugene Teo rapporterede om manglende kapbailitetskontroller i - kernedriveren til Granch SBNI12-leasd line-adaptere (sbni), hvilket gjorde - det muligt for lokale brugere at udføre priviligerede handlinger.

    • - -
  • CVE-2008-3831 - -

    Olaf Kirch opdagede et problem med i915-driveren, der måske kunne gøre - det muligt for lokale brugere at forårsage hukommelseskorruption ved - anvendelse af en ioctl med utilstrækkelige rettighedsbegrænsinger.

    • - -
  • CVE-2008-4113/ - CVE-2008-4445 - -

    Eugene Teo opdagede to problemer i SCTP-undersystemet, hvilket gjode det - muligt for lokale brugere at få adgang til følsom hukommelse, når - SCTP-AUTH-udvidelsen var aktiveret.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.6.24-6~etchnhalf.6.

- -

Vi anbefaler at du opgraderer dine linux-2.6.24-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1655.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1656.wml b/danish/security/2008/dsa-1656.wml deleted file mode 100644 index 15d44b63916..00000000000 --- a/danish/security/2008/dsa-1656.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - -

Flere lokale sårbarheder er opdaget i Common UNIX Printing System. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2008-3639 - -

    Man har opdaget at utilstrækkelige grænsekontroller i SGI-billedfilteret - måske kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-3640 - -

    Man har opdaget at et heltalsoverløb Postscript-konverteringsværktøjet - testtop måske kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-3641 - -

    Man har opdaget at utilstrækkelige grænsekontroller i HPGL-filteret - måske kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.2.7-4etch5.

- -

I den ustabile distribution (sid) og i den kommende stabile distribution -(lenny), er disse problemer rettet i version 1.3.8-1lenny2 af -kildekodepakken cups.

- -

Vi anbefaler at du opgraderer din cupsys-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1656.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1657.wml b/danish/security/2008/dsa-1657.wml deleted file mode 100644 index a9c32e0c6b5..00000000000 --- a/danish/security/2008/dsa-1657.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikre midlertidige filer - -

Dmitry E. Oboukhov opdagede at skriptet qemu-make-debian-root i qemu, en -hurtig processor-emulator, oprettede midlertidige filer på usikker vis, hvilket -måske kunne føre til et lokal lammelsesangreb (denial af service) gennem -symlinks.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.8.2-4etch2.

- -

I distributionen testing (lenny) og i den ustabile distribution (sid), er -dette problem rettet i version 0.9.1-6.

- -

Vi anbefaler at du opgraderer din qemu-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1657.data" -#use wml::debian::translation-check translation="c524c02bc90e4ff2aa42301255a8caf17b651219" mindelta="1" diff --git a/danish/security/2008/dsa-1658.wml b/danish/security/2008/dsa-1658.wml deleted file mode 100644 index e21d412c9c9..00000000000 --- a/danish/security/2008/dsa-1658.wml +++ /dev/null @@ -1,18 +0,0 @@ -programmeringsfejl - -

Colin Walters opdagede at funktionen dbus_signature_validate i dbus, et -simpelt interproces-meddelelsessystem, er sårbar over for lammelsesangreb -(denial of service).

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.0.2-1+etch2.

- -

I distributionen testing (lenny) og i den ustabile distribution (sid) -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din dbus-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1658.data" -#use wml::debian::translation-check translation="182eedf7fd68a42dabe09c3e8bc8ba2782537bb5" mindelta="1" \ No newline at end of file diff --git a/danish/security/2008/dsa-1659.wml b/danish/security/2008/dsa-1659.wml deleted file mode 100644 index e5bd9b00862..00000000000 --- a/danish/security/2008/dsa-1659.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb - -

Dan Kaminsky opdagede at libspf2, en implementering af Sender Policy -Framework (SPF), der anvendes af mailservere til filtrering af mail, håndterede -misdannede TXT-poster på ukorrekt vis, førende til en bufferoverløbstilstand -(CVE-2008-2469).

- -

Bemærk at SPF-konfigurationsskabelonen i Debians Exim-opsætning, anbefaler at -anvende libmail-spf-query-perl, der ikke er ramt af dette problem.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.2.5-4+etch1.

- -

I distributionen testing (lenny), er dette problem rettet i -version 1.2.5.dfsg-5+lenny1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din libspf2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1659.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" \ No newline at end of file diff --git a/danish/security/2008/dsa-1660.wml b/danish/security/2008/dsa-1660.wml deleted file mode 100644 index 4ed393f9075..00000000000 --- a/danish/security/2008/dsa-1660.wml +++ /dev/null @@ -1,26 +0,0 @@ -null pointer-dereference, ressourceudtømning - -

Flere lammelsesangrebssårbarheder (denial of service) er opdaget i -antivirusværktøjet ClamAV:

- -

Utilstrækkelig kontrol af uden for hukommelsen-tilstande medførte -null pointer-dereferencer -(CVE-2008-3912).

- -

Ukorrekt fejlhåndteringslogik førte til hukommelseslækager -(CVE-2008-3913) -og fildescriptorlækager -(CVE-2008-3914).

- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.90.1dfsg-4etch15.

- -

I den ustabile distribution (sid) og i distributionen testing -(lenny), er disse problemer rettet i version 0.94.dfsg-1.

- -

Vi anbefaler at du opgraderer din clamav-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1660.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1661.wml b/danish/security/2008/dsa-1661.wml deleted file mode 100644 index 88a543262b1..00000000000 --- a/danish/security/2008/dsa-1661.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i kontorpakken OpenOffice.org:

- -
    - -
  • CVE-2008-2237 - -

    SureRun Security-holdet opdagede en fejl i WMF-filfortolkeren, der - kunne udløses gennem manipulerede WMF-filer, og kunne føre til - heapoverløb og vilkårlig udførelse af kode.

    • - -
  • CVE-2008-2238 - -

    En anonym efterforsker, der arbejder med iDefense, opdagede en fejl i - EMF-filfortolkeren, der kunne udløses gennem manipulerede EMF-filer, og - kunne føre til heapoverløb og udførelse af vilkrålig kode.

    • - -
- -

I den stabile distribution (etch) er disse problemer rettet i -version 2.0.4.dfsg.2-7etch6.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 2.4.1-12.

- -

I den eksperimentelle distribution er disse problemer rettet i -version 3.0.0~rc3-1.

- -

Vi anbefaler at du opgraderer din OpenOffice.org-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1661.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1662.wml b/danish/security/2008/dsa-1662.wml deleted file mode 100644 index 882c25a9206..00000000000 --- a/danish/security/2008/dsa-1662.wml +++ /dev/null @@ -1,24 +0,0 @@ -autorisationsomgåelse - -

En symlink-gennemløbssårbarhed er opdaget i MySQL, en relationsdatabase-server. -Svagheden kunne gjode det muligt for en angriber, der både har CREATE TABEL-adgang -og mulighed for at udføre shell-kommandoer på databaseserveren, at omgå MySQL's -adgangskontroller og dermed få skriveadgang til tabeller i databaser, som -vedkommende ellers ikke ville have adgang til.

- -

Projektet Common Vulnerabilities and Exposures har registreret sårbarheden som -CVE-2008-4098. -Bemærk at et nært beslægtet problem, registreret som -CVE-2008-4097, -blev løst gennem opdateringen annonceret i DSA-1608-1. Denne nye opdatering -erstatter den tidligere rettelse og løser begge angrebsmuligheder.

- -

I den stabile distribution (etch), er dette problem rettet i -version 5.0.32-7etch8.

- -

Vi anbefaler at du opgraderer dine mysql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1662.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1663.wml b/danish/security/2008/dsa-1663.wml deleted file mode 100644 index f3a17a5770e..00000000000 --- a/danish/security/2008/dsa-1663.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i NET SNMP, en samling af Simple Network -Management Protocol-programmer. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2008-0960 - -

    Wes Hardaker rapporterede at SNMPv3 HMAC-verifikationen er afhængig af - at klienten angiver HMAC-længden, hvilket muliggør forfalskning af - autentificerede SNMPv3-pakker.

    • - -
  • CVE-2008-2292 - -

    John Kortink rapporterede om at et bufferoverløb i funktionen - __snprint_value i snmp_get, forårsagede et lammelsesangreb (denial of - service) og potentielt muliggjorde udførelse af vilkårlig kode gennem en - stor OCTETSTRING i et attribute value pair (AVP).

    • - -
  • CVE-2008-4309 - -

    Der blev rapporteret om at et heltalsoverløb i funktionen - netsnmp_create_subtree_cache i agent/snmp_agent.c, gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb gennem en særligt - fremstillet SNMP GETBULK-forespørgsel.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 5.2.3-7etch4.

- -

I distributionen testing (lenny) og i den ustabile distribution (sid), -er disse problemer rettet i version 5.4.1~dfsg-11.

- -

Vi anbefaler at du opgraderer din net-snmp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1663.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1664.wml b/danish/security/2008/dsa-1664.wml deleted file mode 100644 index b72dc5022a9..00000000000 --- a/danish/security/2008/dsa-1664.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende kontrol af inddata - -

Man har opdaget, at ekg, en Gadu Gadu-klient til konsollen, udførte -utilstrækkelig fornuftighedskontrol af inddata i koden, der fortolker -kontaktbeskrivelser, hvilket måske kunne medføre lammelsesangreb (denial -of service).

- -

I den stabile distribution (etch), er dette problem rettet i -version 1:1.7~rc2-1etch2.

- -

I den ustabile distribution (sid) og i den kommende stabile distribution -(lenny), er dette problem rettet i version 1:1.8~rc1-2 af libgadu.

- -

Vi anbefaler at du opgraderer din ekg-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1664.data" -#use wml::debian::translation-check translation="51653bf06f948a657a4f9786b3e70568f31fe8e0" mindelta="1" diff --git a/danish/security/2008/dsa-1665.wml b/danish/security/2008/dsa-1665.wml deleted file mode 100644 index be614545814..00000000000 --- a/danish/security/2008/dsa-1665.wml +++ /dev/null @@ -1,19 +0,0 @@ -heap-overløb - -

Man har opdaget, at et heap-overløb i CDDB-hentningskoden i libcdaudio, et -bibliotek til kontrol af et cd-rom-drev ved afspilning af lyd-cd'er, kunne -medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.99.12p2-2+etch1. En pakke til hppa vil senere blive stillet til -rådighed.

- -

I den kommende stabile distribution (lenny) og i den ustabile -distribution (sid), er dette problem rettet i version 0.99.12p2-7.

- -

Vi anbefaler at du opgraderer dine libcdaudio-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1665.data" -#use wml::debian::translation-check translation="95a6b66a3a501467f7425ff682c8cdc0de004f9f" mindelta="1" diff --git a/danish/security/2008/dsa-1666.wml b/danish/security/2008/dsa-1666.wml deleted file mode 100644 index f34b5f4ee9e..00000000000 --- a/danish/security/2008/dsa-1666.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i GNOME's XML-bibliotek. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-4225 - -

    Drew Yao opdagede at manglende fornuftighedskontrol af inddata i - funktionen xmlBufferResize() måske kunne føre til en uendelig løkke, - medførende lammelsesangreb (denial of service).

    • - -
  • CVE-2008-4226 - -

    Drew Yao opdagede at et heltalsoverløb i funktionen - xmlSAX2Characters() måske kunne føre til lammelsesangreb eller - udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.6.27.dfsg-6.

- -

I denkommende stabile distribution (lenny) og i den ustabile -distribution (sid), er disse problemer rettet i -version 2.6.32.dfsg-5.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1666.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1667.wml b/danish/security/2008/dsa-1667.wml deleted file mode 100644 index d0813c392a7..00000000000 --- a/danish/security/2008/dsa-1667.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i fortolkeren af Python-sproget. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-2315 - -

    David Remahl opdagede flere heltalsoverløb i modulerne stringobject, - unicodeobject, bufferobject, longobject, tupleobject, stropmodule, - gcmodule og mmapmodule.

    • - -
  • CVE-2008-3142 - -

    Justin Ferguson opdagede at ukorrekt hukommelsesallokering i funktionen - unicode_resize() kunne føre til bufferoverløb.

    • - -
  • CVE-2008-3143 - -

    Flere heltalsoverløb er opdaget i forskellige af Pythons - kernemoduler.

    • - -
  • CVE-2008-3144 - -

    Flere heltalsoverløb er opdaget i funktionen PyOS_vsnprintf().

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.4.4-3+etch2.

- -

I den ustabile distribution (sid) og i den kommende stabile -distribution (lenny), er disse problemer rettet i -version 2.4.5-5.

- -

Vi anbefaler at du opgraderer dine python2.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1667.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1668.wml b/danish/security/2008/dsa-1668.wml deleted file mode 100644 index bd57ab1e716..00000000000 --- a/danish/security/2008/dsa-1668.wml +++ /dev/null @@ -1,18 +0,0 @@ -programmeringsfejl - -

Steve Kemp opdagede at hf, en amatørradioprotokolpakke, der anvender et -lydkort som modem, på usikker vis prøvede at udføre en ekstern kommando, -hvilket kunne føre til rettighedsforøgelse for lokale brugere.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.7.3-4etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.8-8.1.

- -

Vi anbefaler at du opgraderer din hf-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1668.data" -#use wml::debian::translation-check translation="ba0fae4d274595ea4a5ffb51f5c51b365d429851" mindelta="1" diff --git a/danish/security/2008/dsa-1669.wml b/danish/security/2008/dsa-1669.wml deleted file mode 100644 index 195df7c0df4..00000000000 --- a/danish/security/2008/dsa-1669.wml +++ /dev/null @@ -1,152 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø til -XUL-programmer. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2008-0016 - -

    Justin Schuh, Tom Cross og Peter Williams opdagede et bufferoverløb i - fortolkeren af UTF-8-URL'er, hvilket måske kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2008-3835 - -

    moz_bug_r_a4 opdagede at samme-ophav-kontrollen i - nsXMLDocument::OnChannelRedirect() kunne omgås.

    • - -
  • CVE-2008-3836 - -

    moz_bug_r_a4 opdagede at flere sårbarheder i feedWriter kunne føre - til Chrome-rettighedsforøgelse.

    • - -
  • CVE-2008-3837 - -

    Paul Nickerson opdagede at en angriber kunne flytte vinduer under et - museklik, medførende uønskede handlinger udløst af træk og slip.

    • - -
  • CVE-2008-4058 - -

    moz_bug_r_a4 opdagede en sårbarhed, der kunne medføre - Chrome-rettighedsforøgelse gennem XPCNativeWrappers.

    • - -
  • CVE-2008-4059 - -

    moz_bug_r_a4 opdagede en sårbarhed, der kunne medføre - Chrome-rettighedsforøgelse gennem XPCNativeWrappers.

    • - -
  • CVE-2008-4060 - -

    Olli Pettay og moz_bug_r_a4 opdagede en - Chrome-rettighedsforøgelsessårbarhed i XSLT-håndteringen.

    • - -
  • CVE-2008-4061 - -

    Jesse Ruderman opdagede et nedbrud i layoutmaskinen, hvilket kunne gøre - det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2008-4062 - -

    Igor Bukanov, Philip Taylor, Georgi Guninski og Antoine Labour opdagede - nedbrud i JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2008-4065 - -

    Dave Reed opdagede at nogle Unicode-byterækkefølgemarkeringer blev fjernet - fra JavaScript-kode før udførelse, hvilket kunne medføre at kode, der ellers - var en del af en streng i anførselstegn, blev udført.

    • - -
  • CVE-2008-4066 - -

    Gareth Heyes opdagede at nogle Unicode-surrogattegn blev ignoreret af - HTML-fortolkeren.

    • - -
  • CVE-2008-4067 - -

    Boris Zbarsky opdagede at resource:-URL'er tillod mappegennemløb, når - URL-indkapslede skråstreger blev anvendt.

    • - -
  • CVE-2008-4068 - -

    Georgi Guninski opdagede at resource:-URL'er kunne omgå lokale - adgangsbegrænsninger.

    • - -
  • CVE-2008-4069 - -

    Billy Hoffman opdagede at XBM-dekoderen kunne afsløre uinitialiseret - hukommelse.

    • - -
  • CVE-2008-4582 - -

    Liu Die Yu opdagede en informationslækage gennem lokale - shortcut-filer.

    • - -
  • CVE-2008-5012 - -

    Georgi Guninski, Michal Zalewski og Chris Evan opdagede at - canvas-elementet kunne anvendes til at omgå samme - ophav-begræsninger.

    • - -
  • CVE-2008-5013 - -

    Man har opdaget at utilstrækkelige kontroller i Flash-plugins glue-kode - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-5014 - -

    Jesse Ruderman opdagede at en programmeringsfejl i objektet - window.__proto__.__proto__ kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-5017 - -

    Man har opdaget at nedbrud i layoutmaskinen kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2008-5018 - -

    Man har opdaget at nedbrug i JavaScript-maskinen kunne føre til udførelse - af vilkårlig kode.

    • - -
  • CVE-2008-0017 - -

    Justin Schuh opdagede at et bufferoverløb i http-index-format-fortolkeren - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-5021 - -

    Man har opdaget at et nedbrud i nsFrameManager måske kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2008-5022 - -

    moz_bug_r_a4 opdagede at samme ophav-kontrollen i - nsXMLHttpRequest::NotifyEventListeners() kunne omgås.

    • - -
  • CVE-2008-5023 - -

    Collin Jackson opdagede at egenskaben -moz-binding omgik - sikkerhedskontrollerne på codebase principals.

    • - -
  • CVE-2008-5024 - -

    Chris Evans opdagede at citationstegn ikke på korrekt vis blev indkapslet - i standardnavnerummet hørende til E4X-dokumenter.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i version -1.8.0.15~pre080614h-0etch1. Pakker til mips vil senere blive stillet til -rådighed.

- -

I den kommende stabile distribution (lenny) og i den ustabile -distribution (sid), er disse problemer rettet i version 1.9.0.4-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1669.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1670.wml b/danish/security/2008/dsa-1670.wml deleted file mode 100644 index ad15fca8623..00000000000 --- a/danish/security/2008/dsa-1670.wml +++ /dev/null @@ -1,32 +0,0 @@ -bufferoverløb - -

Flere sårbarheder er opdaget i Enscript, et konverteringsprogram fra -ASCII-tekster til Postscript, HTML eller RTF. Projektet Common Vulnerabilities -and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-3863 - -

    Ulf Harnhammer opdagede at et bufferoverløb måske kunne føre til udførelse - af vilkårlig kode.

    • - -
  • CVE-2008-4306 - -

    Kees Cook og Tomas Hoger opdagede at flere bufferoverløb måske kunne føre - til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.6.4-11.1.

- -

I den kommende stabile distribution (lenny) og i den ustabile -distribution (sid), er disse problemer rettet i version 1.6.4-13.

- -

Vi anbefaler at du opgraderer din enscript-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1670.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1671.wml b/danish/security/2008/dsa-1671.wml deleted file mode 100644 index 04c1cf70773..00000000000 --- a/danish/security/2008/dsa-1671.wml +++ /dev/null @@ -1,80 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webbrowseren Iceweasel, en -udgave af browseren Firefox. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    -
  • CVE-2008-0017 - -

    Justin Schuh opdagede at et bufferoverløb i http-index-format-fortolkeren - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-4582 - -

    Liu Die Yu opdagede en informationslækage gennem lokale - shortcut-filer.

    • - -
  • CVE-2008-5012 - -

    Georgi Guninski, Michal Zalewski og Chris Evan opdagede at - canvas-elementet kunne anvendes til at omgå samme - ophav-begræsninger.

    • - -
  • CVE-2008-5013 - -

    Man har opdaget at utilstrækkelige kontroller i Flash-plugins glue-kode - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-5014 - -

    Jesse Ruderman opdagede at en programmeringsfejl i objektet - window.__proto__.__proto__ kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-5017 - -

    Man har opdaget at nedbrud i layoutmaskinen kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2008-5018 - -

    Man har opdaget at nedbrug i JavaScript-maskinen kunne føre til udførelse - af vilkårlig kode.

    • - - -
  • CVE-2008-5021 - -

    Man har opdaget at et nedbrud i nsFrameManager måske kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2008-5022 - -

    moz_bug_r_a4 opdagede at samme ophav-kontrollen i - nsXMLHttpRequest::NotifyEventListeners() kunne omgås.

    • - -
  • CVE-2008-5023 - -

    Collin Jackson opdagede at egenskaben -moz-binding omgik - sikkerhedskontrollerne på codebase principals.

    • - -
  • CVE-2008-5024 - -

    Chris Evans opdagede at citationstegn ikke på korrekt vis blev indkapslet - i standardnavnerummet hørende til E4X-dokumenter.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.0.0.18-0etch1.

- -

I den kommende stabile distribution (lenny) og i den ustabile distribution -(sid), er disse problemer rettet i version 3.0.4-1 af iceweasel -og version 1.9.0.4-1 af xulrunner. Pakker til arm og mips vil senere blive -stillet til rådighed.

- -

Vi anbefaler at du opgraderer din iceweasel-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1671.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1672.wml b/danish/security/2008/dsa-1672.wml deleted file mode 100644 index 9eab3399381..00000000000 --- a/danish/security/2008/dsa-1672.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Julien Danjou og Peter De Wachter opdagede at et bufferoverløb i -XPM-indlæseren i Imlib2, et ydedygtigt billedindlæsning- og -renderingsbibliotek, måske kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.3.0.0debian1-4+etch2.

- -

I den kommende stabile distribution (lenny) og i den unstabile -distribution (sid), er dette problem rettet i version 1.4.0-1.2.

- -

Vi anbefaler at du opgraderer dine imlib2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1672.data" -#use wml::debian::translation-check translation="a1473ca5fd414b8b776351325e2c4a72e6b147e9" mindelta="1" diff --git a/danish/security/2008/dsa-1673.wml b/danish/security/2008/dsa-1673.wml deleted file mode 100644 index 5aed77940dd..00000000000 --- a/danish/security/2008/dsa-1673.wml +++ /dev/null @@ -1,57 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i -netværkstrafikanalyseringsprogrammet Wireshark. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-3137 - -

    GSM SMS-dissektoren var sårbar over for et lammelsesangreb (denial of - service).

    • - -
  • CVE-2008-3138 - -

    PANA- og KISMET-dissektorerne var sårbare over for lammelsesangreb.

    • - -
  • CVE-2008-3141 - -

    RMI-dissektoren kunne afsløre systemhukommelse.

    • - -
  • CVE-2008-3145 - -

    Pakke-gensamlingsmodulet var sårbart over for lammelsesangreb.

    • - -
  • CVE-2008-3933 - -

    zlib-udpakningsmodulet var sårbart over for lammelsesangreb.

    • - -
  • CVE-2008-4683 - -

    Bluetooth ACL-dissektoren var sårbar over for lammelsesangreb.

    • - -
  • CVE-2008-4684 - -

    PRP- og MATE-dissektorerne var sårbare over for lammelsesangreb.

    • - -
  • CVE-2008-4685 - -

    Q931-dissektoren var sårbar over for lammelsesangreb.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.99.4-5.etch.3.

- -

I den kommende stabile distribution (lenny), er disse problemer -rettet i version 1.0.2-3+lenny2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1673.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1674.wml b/danish/security/2008/dsa-1674.wml deleted file mode 100644 index f145e8b9eb6..00000000000 --- a/danish/security/2008/dsa-1674.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikker generering af midlertidig fil - -

Javier Fernandez-Sanguino Pena opdagede at updatejail, en komponent hørende -til chroot-vedligeholdelsesværktøjet Jailer, oprettede et forudsigeligt -midlertidigt filnavn, hvilket måske kunne føre til lammelsesangreb (denial of -service) gennem et symlink-angreb.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.4-9+etch1.

- -

I den kommande stabile distribution (lenny) og i den unstabile -distribution (sid), er dette problem rettet i version 0.4-10.

- -

Vi anbefaler at du opgraderer din jailer-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1674.data" -#use wml::debian::translation-check translation="3fca68678ea6ba7ddb95e5662a84ce47833c69ba" mindelta="1" diff --git a/danish/security/2008/dsa-1675.wml b/danish/security/2008/dsa-1675.wml deleted file mode 100644 index b25b5492ab4..00000000000 --- a/danish/security/2008/dsa-1675.wml +++ /dev/null @@ -1,23 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Masako Oono opdagede at phpMyAdmin, en webbaseret administrativ grænseflade -til MySQL, på utilstrækkeligvis fornuftighedskontrollerede inddata, hvorved en -fjernangriber kunne indsamle følsomme oplysninger gennem udførelse af skripter -på tværs af servere, forudsat at brugeren anvendte webbrowseren Internet -Explorer.

- -

Denne opdatering retter også en regression der opstod i forbindelse med DSA -1641, der ødelagde skift af sprog og tegnsæt på loginbilledet.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 4:2.9.1.1-9.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4:2.11.8.1-3.

- -

Vi anbefaler at du opgraderer din phpmyadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1675.data" -#use wml::debian::translation-check translation="3038f2c5d4858f2f82245cc5c45c078c802666c4" mindelta="1" diff --git a/danish/security/2008/dsa-1676.wml b/danish/security/2008/dsa-1676.wml deleted file mode 100644 index 4efd20ef0cb..00000000000 --- a/danish/security/2008/dsa-1676.wml +++ /dev/null @@ -1,18 +0,0 @@ -usikker generering af midlertidig fil - -

Dmitry E. Oboukhov opdagede at flamethrower opretter forudsigelige -midlertidige filnavne, hvilket måske kunne føre til et lokalt lammelsesangreb -(denial of service) gennem et symlink-angreb.

- -

I den stabile distribution (etch), er dette problem rettet i version -0.1.8-1+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.1.8-2.

- -

Vi anbefaler at du opgraderer din flamethrower-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1676.data" -#use wml::debian::translation-check translation="841454d0837efbb6d81e99ed49052c4a3d55516a" mindelta="1" diff --git a/danish/security/2008/dsa-1677.wml b/danish/security/2008/dsa-1677.wml deleted file mode 100644 index 17979c03fe6..00000000000 --- a/danish/security/2008/dsa-1677.wml +++ /dev/null @@ -1,20 +0,0 @@ -heltalsoverløb - -

Et heltalsoverløb er opdaget i billedvalideringskoden i cupsys, Common UNIX -Printing System. En angriber kunne udløse fejlen ved at levere en ondsindet -fremstillet grafisk fil, der kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.2.7-4etch6.

- -

I distributionen testing (lenny) vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.3.8-1lenny4.

- -

Vi anbefaler at du opgraderer dine cupsys-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1677.data" -#use wml::debian::translation-check translation="b52cc69ac2876df7be786758308998e89884713e" mindelta="1" diff --git a/danish/security/2008/dsa-1678.wml b/danish/security/2008/dsa-1678.wml deleted file mode 100644 index 4db2692038b..00000000000 --- a/danish/security/2008/dsa-1678.wml +++ /dev/null @@ -1,24 +0,0 @@ -designfejl - -

Paul Szabo genopdagede en sårbarhed i funktionen File::Path::rmtree i Perl. -Det var muligt at udnytte en race-tilstand til at oprette binære setuid-filer i -et mappetræ eller fjerne vilkårlige filer, når en proces var ved at slette dette -træ. Problemet var oprindelig kendt som -CVE-2005-0448 -og CVE-2004-0452, -der blev løst af DSA-696-1 og DSA-620-1. Desværre opstod problemet igen senere.

- -

I den stabile distribution (etch), er disse problemer rettet i -version 5.8.8-7etch5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.10.0-18 og vil blive overført til distributionen testing (lenny) om -kort tid.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1678.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" - diff --git a/danish/security/2008/dsa-1679.wml b/danish/security/2008/dsa-1679.wml deleted file mode 100644 index 51051979e93..00000000000 --- a/danish/security/2008/dsa-1679.wml +++ /dev/null @@ -1,19 +0,0 @@ -udførelse af skripter på tværs af websteder - -

Morgan Todd opdagede en sårbarhed i forbindelse med udførelse af skripter på -tværs af websteder i awstats, et logfilanalyseringsprogram, som involverede -config-forespørgselsparameteret (og muligvis andre -CVE-2008-3714).

- -

I den stabile distribution (etch), er dette problem rettet i version -6.5+dfsg-1+etch1.

- -

I den ustabile distribution (sid) og i distributionen testing (lenny) vil -problemet snart blive løst.

- -

Vi anbefaler at du opgraderer din awstats-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1679.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1680.wml b/danish/security/2008/dsa-1680.wml deleted file mode 100644 index 07f959367cf..00000000000 --- a/danish/security/2008/dsa-1680.wml +++ /dev/null @@ -1,27 +0,0 @@ -bufferoverløb, stakforbrug - -

Moritz Jodeit opdagede at ClamAV, en antivirus-løsning, var ramt af en -forskud med en-fejl i behandlingen VBA-projektfiler, førende til et heapbaseret -bufferoverløb og potentielt udførelse af vilkårlig kode -(CVE-2008-5050).

- -

Ilja van Sprundel opdagede at ClamAV indeholdt en lammelsesangrebstilstand -(denial of service) i behandlingen af JPEG-filer, fordi det ikke begrænsede -gennemløbsdybden ved behandling af JPEG-thumbnailfiler -(CVE-2008-5314).

- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.90.1dfsg-4etch16.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.94.dfsg.2-1.

- -

Distributionen testing (lenny) vil snart blive rettet.

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1680.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" - diff --git a/danish/security/2008/dsa-1681.wml b/danish/security/2008/dsa-1681.wml deleted file mode 100644 index 3f6a8c30764..00000000000 --- a/danish/security/2008/dsa-1681.wml +++ /dev/null @@ -1,95 +0,0 @@ -lammelsesangreb/rettighedsforøgelse - - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke måske kunne føre til -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-3528 - -

    Eugene Teo rapporterede om et lokalt lammelsesangrebsproblem i ext2- og - ext3-filsystemerne. Lokale brugere, med tilstrækkelige rettigheder til at - montere et filsystem, kunne fremstille et ødelagt filsystem, der fik kernen - til at udskrive fejlmeddelelser i en uendelig løkke.

    • - -
  • CVE-2008-4554 - -

    Milos Szeredi rapporterede, at anvendelse af splice() på filer åbnet med - O_APPEND tillod brugere at skrive til filen på vilkårlige positioner, - hvilket gjorde det muligt at omgå mulig formodet semantik ved - O_APPEND-flaget.

    • - -
  • CVE-2008-4576 - -

    Vlad Yasevich rapporterede om et problem i SCTP-undersystemet, der måske - kunne gøre det muligt for fjernbrugere at forårsage et lokalt - lammelsesangreb ved at udløse en kerne-oops.

    • - -
  • CVE-2008-4618 - -

    Wei Yongjun rapporterede om et problem i SCTP-undersystemet, der måske - kunne gøre det muligt for fjernbrugere at forårsage et lokalt - lammelsesangreb ved at løse en kerne-panik.

    • - -
  • CVE-2008-4933 - -

    Eric Sesterhenn rapporterede om et lokalt lammelsesangrebsproblem i - hfsplus-filsystemet. Lokale brugere, med tilstrækkelige rettigheder til at - montere et filsystem, kunne fremstille et ødelagt filsystem, der fik kernen - til at få en buffer til at løbe over, medførende en system-oops eller - hukommelseskorruption.

    • - -
  • CVE-2008-4934 - -

    Eric Sesterhenn rapporterede om et lokalt lammelsesangrebsproblem i - hfsplus-filsystemet. Lokale brugere, med tilstrækkelige rettigheder til at - montere et filsystem, kunne fremstille et ødelagt filsystem, der fik kernen - til at få en buffer til at løbe over, medførende en kerne-oops på grund af - en ikke-aflæst returværdi.

    • - -
  • CVE-2008-5025 - -

    Eric Sesterhenn rapporterede om et lokalt lammelsesangrebsproblem i - hfsplus-filsystemet. Lokale brugere, med tilstrækkelige rettigheder til at - montere et filsystem, kunne fremstille et filsystem med en ødelagt - katalognavnelængde, medførende et system-oops eller - hukommelseskorruption.

    • - -
  • CVE-2008-5029 - -

    Andrea Bittau rapporterede om et lammelsesangrebsproblem i - Unix-socket-undersystemet, hvilket gjorde det muligt for en lokal bruger at - forårsage hukommelseskorruption, medførende en kernepanik.

    • - -
  • CVE-2008-5134 - -

    Johannes Berg rapporterede om et fjernudnytbart lammelsesangrebsproblem i - den trådløse libertas-driver, hvilket kunne udløses af et særligt fremstillet - beacon/probe-svar.

    • - -
  • CVE-2008-5182 - -

    Al Viro rapporterede om en race-tilstand i inotify-undersystemet, hvilket - måske kunne gøre det muligt for lokale brugere for opnå forøgede - rettigheder.

    • - -
  • CVE-2008-5300 - -

    Dann Frazier rapporterede om et lammelsesangrebsproblem, der gjorde det - muligt for lokale brugere at forårsage, at opbrugt hukommelses-håndteringen - dræbte priviligerede processer eller udløste bløde låsninger, på grund af - et udsultningsproblem i Unix-socket-undersystemet.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.6.24-6~etchnhalf.7.

- -

Vi anbefaler at du opgraderer dine linux-2.6.24-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1681.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1682.wml b/danish/security/2008/dsa-1682.wml deleted file mode 100644 index e66c638d8cd..00000000000 --- a/danish/security/2008/dsa-1682.wml +++ /dev/null @@ -1,19 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Ivan Markovic opdagede at SquirrelMail, en webmailapplikation, ikke på -tilstrækkelig vis fornuftighedskontrollede indkommende HTML-e-mails, hvilket -gjorde det muligt for en angriber at udføre skripter på tværs af websteder, -ved at sende en ondsindet HTML-e-mail.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.4.9a-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.15-4.

- -

Vi anbefaler at du opgraderer din squirrelmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1682.data" -#use wml::debian::translation-check translation="4c1fc112b24844800ddca9357c27590a7a23a761" mindelta="1" diff --git a/danish/security/2008/dsa-1683.wml b/danish/security/2008/dsa-1683.wml deleted file mode 100644 index 1f5db97879a..00000000000 --- a/danish/security/2008/dsa-1683.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Flere bufferoverløb i forbindelse med fortolkning af HTTP-headere og -spillelister, er opdaget i streamripper -(CVE-2007-4337, -CVE-2008-4829).

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.61.27-1+etch1.

- -

I den ustabile distribution (sid) og i distributionen testing (lenny), -er disse problemer rettet i version 1.63.5-2.

- -

Vi anbefaler at du opgraderer din streamripper-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1683.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1684.wml b/danish/security/2008/dsa-1684.wml deleted file mode 100644 index f1f572000a5..00000000000 --- a/danish/security/2008/dsa-1684.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

To sårbarheder er fundet i lcms, et bibliotek og samling af -kommandolinjeværktøjer til håndteringer af farver i billeder. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-5316 - -

    Utilstrækkelig håndhævelse fast længde-buffergrænser gjorde det muligt - for en angriber at få en buffer på stakken til at løbe over, hvilket - potentielt gjorde det muligt at udføre vilkårlig kode når et - ondsindet fremstillet billede blev åbnet.

    • - -
  • CVS-2008-5317 - -

    En heltalsfortegnsfejl ved læsning af billeders gammadata, kunne gøre - det muligt for en angriber at forårsage at en for lille buffer blev - allokeret til efterfølgende data, med ukendte konsekvenser, potentielt - mulighed for at udføre vilkårlig kode, hvis et ondsindet fremstillet - billede blev åbnet.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.15-1.1+etch1.

- -

I den kommende stabile distribution (lenny), og i den ustabile distribution -(sid), er disse problemer rettet i version 1.17.dfsg-1.

- -

Vi anbefaler at du opgraderer dine lcms-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1684.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1685.wml b/danish/security/2008/dsa-1685.wml deleted file mode 100644 index f75512137f6..00000000000 --- a/danish/security/2008/dsa-1685.wml +++ /dev/null @@ -1,26 +0,0 @@ -bufferoverløb, null pointer dereference - -

To sårbarheder er fundet i uw-imap, en IMAP-implementering. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -

Man opdagede at flere bufferoverløb kunne udløses gennem et langt -mappe-extension-argument til- tmail eller dmail-programmet. Det kunne føre til -udførelse af vilkårlig kode -(CVE-2008-5005).

- -

Man opdagede at en NULL-pointerdereference kunne udløses af et ondsindet svar -til QUIT-kommandoen, førende til lammelsesangreb -(CVE-2008-5006).

- -

I den stabile distribution (etch), er disse problemer rettet i -version 2002edebian1-13.1+etch1.

- -

I den ustabile distribution (sid) og i distribution testing (lenny), -er disse problemer rettet i version 2007d~dfsg-1.

- -

Vi anbefaler at du opgraderer dine uw-imap-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1685.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1686.wml b/danish/security/2008/dsa-1686.wml deleted file mode 100644 index 820a6a51e79..00000000000 --- a/danish/security/2008/dsa-1686.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Et bufferoverløb er opdaget i HTTP-fortolkeren i dynamisk -DNS-opdateringsklienten til No-IP.com, hvilket mÃ¥ske kunne medføre udførelse -af vilkÃ¥rlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 2.1.1-4+etch1.

- -

I den kommende stabile distribution (lenny) og i den ustabile distribution -(sid), er dette problem rettet i version 2.1.7-11.

- -

Vi anbefaler at du opgraderer din no-ip-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1686.data" -#use wml::debian::translation-check translation="984732e3abeb0b0545d23e4abcbda42fb74fbe34" mindelta="1" diff --git a/danish/security/2008/dsa-1687.wml b/danish/security/2008/dsa-1687.wml deleted file mode 100644 index 19e5d4a7d70..00000000000 --- a/danish/security/2008/dsa-1687.wml +++ /dev/null @@ -1,106 +0,0 @@ -lammelsesangreb/rettighedsforøgelse - - -

Flere sårbarheder er opdaget i Linux-kernen, hvilket måske kunne føre til -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-3527 - -

    Tavis Ormandy rapporterede om et lokalt lammelsesangreb og potentiel - rettighedsforøgelse i implementeringen af Virtual Dynamic Shared Objects - (vDSO).

    • - -
  • CVE-2008-3528 - -

    Eugene Teo rapporterede om et lokalt lammelsesangrebsproblem i ext2- og - ext3-filsystemerne. Lokale brugere, med tilstrækkelige rettigheder til at - montere et filsystem, kunne fremstille et ødelagt filsystem, der fik kernen - til at udskrive fejlmeddelelser i en uendelig løkke.

    • - -
  • CVE-2008-4554 - -

    Milos Szeredi rapporterede, at anvendelse af splice() på filer åbnet med - O_APPEND tillod brugere at skrive til filen på vilkårlige positioner, - hvilket gjorde det muligt at omgå mulig formodet semantik ved - O_APPEND-flaget.

    • - -
  • CVE-2008-4576 - -

    Vlad Yasevich rapporterede om et problem i SCTP-undersystemet, der måske - kunne gøre det muligt for fjernbrugere at forårsage et lokalt - lammelsesangreb ved at udløse en kerne-oops.

    • - -
  • CVE-2008-4933 - -

    Eric Sesterhenn rapporterede om et lokalt lammelsesangrebsproblem i - hfsplus-filsystemet. Lokale brugere, med tilstrækkelige rettigheder til at - montere et filsystem, kunne fremstille et ødelagt filsystem, der fik kernen - til at få en buffer til at løbe over, medførende en system-oops eller - hukommelseskorruption.

    • - -
  • CVE-2008-4934 - -

    Eric Sesterhenn rapporterede om et lokalt lammelsesangrebsproblem i - hfsplus-filsystemet. Lokale brugere, med tilstrækkelige rettigheder til at - montere et filsystem, kunne fremstille et ødelagt filsystem, der fik kernen - til at få en buffer til at løbe over, medførende en kerne-oops på grund af - en ikke-aflæst returværdi.

    • - -
  • CVE-2008-5025 - -

    Eric Sesterhenn rapporterede om et lokalt lammelsesangrebsproblem i - hfsplus-filsystemet. Lokale brugere, med tilstrækkelige rettigheder til at - montere et filsystem, kunne fremstille et filsystem med en ødelagt - katalognavnelængde, medførende et system-oops eller - hukommelseskorruption.

    • - -
  • CVE-2008-5029 - -

    Andrea Bittau rapporterede om et lammelsesangrebsproblem i - Unix-socket-undersystemet, hvilket gjorde det muligt for en lokal bruger at - forårsage hukommelseskorruption, medførende en kernepanik.

    • - -
  • CVE-2008-5079 - -

    Hugo Dias rapporterede om en lammelsesangrebstilstand i - ATM-undersystemet, der kunne udløses af en lokal bruger ved at kalde - funktionen svc_listen to gange på den samme socket og læse - /proc/net/atm/*vc.

    • - -
  • CVE-2008-5182 - -

    Al Viro rapporterede om en race-tilstand i inotify-undersystemet, hvilket - måske kunne gøre det muligt for lokale brugere for opnå forøgede - rettigheder.

    • - -
  • CVE-2008-5300 - -

    Dann Frazier rapporterede om et lammelsesangrebsproblem, der gjorde det - muligt for lokale brugere at forårsage, at opbrugt hukommelses-håndteringen - dræbte priviligerede processer eller udløste bløde låsninger, på grund af - et udsultningsproblem i Unix-socket-undersystemet.

    • - -
- -

I den stabile distribution (etch), er dette problem rettet i -version 2.6.18.dfsg.1-23etch1.

- -

Vi anbefaler at du opgraderer dine linux-2.6-, fai-kernels- og -user-mode-linux-pakker.

- -

Bemærk: Debian 'etch' indeholder linux-kernepakker baseret på både linux -2.6.18- og 2.6.24-udgaverne. Alle kendte sikkerhedsproblemer er omhyggeligt -sporet mod begge pakker, og begge pakker vil blive sikkerhedsopdateret indtil -sikkerhedsunderstøttelsen i Debian 'etch' ophører. Men på grund af den høje -frekvens hvormed der findes sikkerhedsproblemer af lav alvorlighedsgrad i -kernen samt på grund af de ressoucer det kræver, at gennemføre en opdatering, -vil opdateringer til 2.6.18 og 2.6.24 med en lav alvorlighedsgrad typisk blive -frigivet i "klumper".

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1687.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1688.wml b/danish/security/2008/dsa-1688.wml deleted file mode 100644 index f41482abc0e..00000000000 --- a/danish/security/2008/dsa-1688.wml +++ /dev/null @@ -1,22 +0,0 @@ -SQL-indsprøjtning - -

To SQL-indsprøjtningssårbarheder er fundet i courier-authlib, -autentificeringsbiblioteket courier. MySQL-databasegrænsefladen anvendte -utilstrækkelig indkapslingsmekanismer ved konstruktion af SQL-statements, -førende til SQL-indsprøjtningssårbarheder hvis visse tegnsæt blev anvendt -(CVE-2008-2380). -Et lignende problem påvirker PostgreSQL-databasegrænsefladen -(CVE-2008-2667).

- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.58-4+etch2.

- -

I distributionen testing (lenny) og i den ustabile distribution -(sid), er disse problemer rettet i version 0.61.0-1+lenny1.

- -

Vi anbefaler at du opgraderer dine courier-authlib-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1688.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1689.wml b/danish/security/2008/dsa-1689.wml deleted file mode 100644 index 4e693f09305..00000000000 --- a/danish/security/2008/dsa-1689.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Maksymilian Arciemowicz fra securityreason.com rapporterede, at ProFTPD var -sårbar over for forespørgselsforfalskninger på tværs af websteder (cross-site -request forgery, CSRF) og udførte vilkårlige ftp-kommandoer gennem en lang -ftp://-URI, der anvender en eksisterende session fra ftp-klientimplementeringen -i en webbrowser.

- -

I den stabile distribution (etch) er dette problem rettet i -version 1.3.0-19etch2 og version 1.3.1-15~bpo40+1 i backports.

- -

I distributionen testing (lenny) og i den ustabile (sid) distribution, er -dette problem rettet i version 1.3.1-15.

- -

Vi anbefaler at du opgraderer din proftpd-dfsg-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1689.data" -#use wml::debian::translation-check translation="a3c546fb0001552804611188e849e6b129c6cf1e" mindelta="1" diff --git a/danish/security/2008/dsa-1690.wml b/danish/security/2008/dsa-1690.wml deleted file mode 100644 index 7ba7e37f98a..00000000000 --- a/danish/security/2008/dsa-1690.wml +++ /dev/null @@ -1,25 +0,0 @@ -assert-fejl - -

To lammelsesangrebstilstande (denial of service) er opdaget i avahi, en -implementering af Multicast DNS.

- -

Huge Dias opdagede at avahi-dæmonen afbrød med en assert-fejl, hvis den -stødte på en UDP-pakke med kildeport 0 -(CVE-2008-5081).

- -

Man opdagede at avahi-dæmon afbrød med en assert-fejl, hvis den modtog en tom -TXT-post over D-Bus -(CVE-2007-3372).

- -

I den stabile distribution (etch), er disse problemer rettet i -version 0.6.16-3etch2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.6.23-3.

- -

Vi anbefaler at du opgraderer dine avahi-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1690.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1691.wml b/danish/security/2008/dsa-1691.wml deleted file mode 100644 index 91a2b8e44d7..00000000000 --- a/danish/security/2008/dsa-1691.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere sårbarheder - - -

Flere fjernudnytbare sårbarheder er opdaget i Moodle, et -online-kursushåndteringssystem. Følgende problemer er løst i forbindelse med -denne opdatering, spændende fra udførelse af skripter på tværs af webservere til -fjernudførelse af kode.

- -

Forskellige problemer i forbindelse med udførelse af skripter på tværs af -servere i Moodles kodebase -(CVE-2008-3326, -CVE-2008-3325, -CVE-2007-3555, -CVE-2008-5432, -MSA-08-0021, MDL-8849, MDL-12793, MDL-11414, MDL-14806, MDL-10276).

- -

Forskellige problemer i forbindelse med forespørgselsforfalskninger på tværs -af servere Moodles kodebase -(CVE-2008-3325, -MSA-08-0023).

- -

Rettighedsforøgelsesfejl i Moodles kodebase (MSA-08-0001, MDL-7755).

- -

SQL-indsprøjtningsproblem i hotpot-modulet (MSA-08-0010).

- -

En indlejret kopi af Smarty havde flere sårbarheder -(CVE-2008-4811, -CVE-2008-4810). -En indlejret kopi af Snoopy var sårbar over for udførelse af skripter på tværs af servere -(CVE-2008-4796). -En indlejret kopi af Kses var sårbar over for udførelse af skripter på tværs af servere -(CVE-2008-1502).

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.6.3-2+etch1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.8.2.dfsg-2.

- -

Vi anbefaler at du opgraderer din moodle (1.6.3-2+etch1)-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1691.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/dsa-1692.wml b/danish/security/2008/dsa-1692.wml deleted file mode 100644 index 6dd0a332e80..00000000000 --- a/danish/security/2008/dsa-1692.wml +++ /dev/null @@ -1,28 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

-Man har opdaget at php-xajax, et bibliotek til udvikling af Ajax-applikationer, -ikke på tilstrækkelig vis fornuftighedskontrollerede URL'er, hvilket gjorde det -muligt for angribere at udføre skripter på tværs af websteder, ved at anvende -ondsindede URL'er. -

- -

-I den stabile distribution (etch) er dette problem rettet i version 0.2.4-2+etch1. -

- -

-I distributionerne testing (lenny) og unstable (sid) er dette problem rettet i -version 0.2.5-1. -

- -

-Vi anbefaler at du opgraderer din php-xajax-pakke. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1692.data" -#use wml::debian::translation-check translation="0678496e7564aa15e1e3f67f177f7c04d5b39c71" mindelta="1" - diff --git a/danish/security/2008/dsa-1693.wml b/danish/security/2008/dsa-1693.wml deleted file mode 100644 index 013ecc615e8..00000000000 --- a/danish/security/2008/dsa-1693.wml +++ /dev/null @@ -1,54 +0,0 @@ -flere sårbarheder - -

-Flere fjernudnytbare sårbarheder er opdaget i phpPgAdmin, et værktøj til -webadministrering af PostgreSQL-databaser. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer: -

- -
    - -
  • CVE-2007-2865 - -

    - Udførelse af skripter på tværs af websteder gjorde det muligt for - fjernangribere at indsprøjte vilkårligt webskript eller HTML gennem - server-parameteret. -

    • - -
  • CVE-2007-5728 - -

    - Udførelse af skripter på tværs af websteder gjorde det muligt for - fjernangribere at indsprøjte vilkårligt webskript eller HTML gennem - PHP_SELF. -

    • - -
  • CVE-2008-5587 - -

    - En mappegennemløbssårbarhed gjorde det muligt for fjernangribere at læse - vilkårlige filer gennem _language-parameteret. -

    • - -
- -

-I den stabile distribution (etch), er disse problemer rettet i -version 4.0.1-3.1etch2. -

- -

-I den ustabile distribution (sid), er disse problemer rettet i -version 4.2.1-1.1. -

- -

-Vi anbefaler at du opgraderer din phppgadmin-pakke. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2008/dsa-1693.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2008/index.wml b/danish/security/2008/index.wml deleted file mode 100644 index 0b5d5c0f7ad..00000000000 --- a/danish/security/2008/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2008 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2008', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2009/Makefile b/danish/security/2009/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2009/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2009/dsa-1694.wml b/danish/security/2009/dsa-1694.wml deleted file mode 100644 index 765d9d5ea26..00000000000 --- a/danish/security/2009/dsa-1694.wml +++ /dev/null @@ -1,22 +0,0 @@ -designfejl - -

Paul Szabo opdagede at xterm, en terminalemulator til X Window System, -indsatte vilkårlige tegn i inputbufferen, når visse fabrikerede -escape-sekvenser blev vist - (CVE-2008-2383).

- -

Som en yderligere sikkerhedsforanstaltning, deaktiverer denne opdatering -også ændring af skripttyper, brugerdefinerede taster og X-egenskaber gennem -escape-sekvenser.

- -

I den stabile distribution (etch), er dette problem rettet i -version 222-1etch3.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din xterm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1694.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1695.wml b/danish/security/2009/dsa-1695.wml deleted file mode 100644 index 6af73dffe81..00000000000 --- a/danish/security/2009/dsa-1695.wml +++ /dev/null @@ -1,25 +0,0 @@ -hukommelseslækage - -

Regulære udtryk-maskinen i Ruby, et skriptsprog, indeholdt en -hukommelseslækage, der kunne fjernudløses under visse omstændigheder, -førende til en lammelsesangrebstilstand - (CVE-2008-3443).

- -

Desuden tager denne sikkerhedsopdatering hånd om en regression i REXML -XML-fortolkeren i ruby1.8-pakken; regressionen opstod i forbindelse med -DSA-1651-1.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.8.5-4etch4 af ruby1.8-pakken, og version 1.9.0+20060609-1etch4 af -ruby1.9-pakken.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.8.7.72-1 af ruby1.8-pakken. ruby1.9-pakken vil snart blive rettet.

- -

Vi anbefaler at du opgraderer dine Ruby-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1695.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" - diff --git a/danish/security/2009/dsa-1696.wml b/danish/security/2009/dsa-1696.wml deleted file mode 100644 index d4e7bafa398..00000000000 --- a/danish/security/2009/dsa-1696.wml +++ /dev/null @@ -1,171 +0,0 @@ -flere sårbarheder - - -

Flere fjernudnytbare sårbarheder er opdaget i mailklienten Icedove, -en version af mailklienten Thunderbird. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-0016 - -

    Justin Schuh, Tom Cross og Peter Williams opdagede et bufferoverløb i - fortolkeren af UTF-8-URL'er, hvilket måske kunne føre til udførelse af - vilkårlig kode. (MFSA 2008-37)

    • - -
  • CVE-2008-1380 - -

    Man opdagede at nedbrud i JavaScript-maskinen potentielt kunne føre til - udførelse af vilkårlig kode. (MFSA 2008-20)

    • - -
  • CVE-2008-3835 - -

    moz_bug_r_a4 opdagede at samme ophav-kontrollen i - nsXMLDocument::OnChannelRedirect() kunne omgås. (MFSA 2008-38)

    • - -
  • CVE-2008-4058 - -

    moz_bug_r_a4 opdagede en sårbarhed, der kunne medføre en - Chrome-rettighedsforøgelse gennem XPCNativeWrappers. (MFSA 2008-41)

    • - -
  • CVE-2008-4059 - -

    moz_bug_r_a4 opdagede en sårbarhed, der kunne medføre en - Chrome-rettighedsforøgelse gennem XPCNativeWrappers. (MFSA 2008-41)

    • - -
  • CVE-2008-4060 - -

    Olli Pettay og moz_bug_r_a4 opdagede en - Chrome-rettighedsforøgelsessårbarhed i XSLT-håndtering. - (MFSA 2008-41)

    • - -
  • CVE-2008-4061 - -

    Jesse Ruderman opdagede et nedbrud i layout-maskinen, hvilket måske kunne - gøre det muligt at udføre vilkårlig kode. (MFSA 2008-42)

    • - -
  • CVE-2008-4062 - -

    Igor Bukanov, Philip Taylor, Georgi Guninski og Antoine Labour opdagede - nedbrud i JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre - vilkårlig kode. (MFSA 2008-42)

    • - -
  • CVE-2008-4065 - -

    Dave Reed opdagede at nogle Unicode-byterækkefølgemarkeringer blev fjernet - fra JavaScript-kode før udførelse, hvilket kunne medføre udførelse af kode, - der ellers var del af en streng i anførselstegn. (MFSA 2008-43)

    • - -
  • CVE-2008-4067 - -

    Man opdagede at et mappegennemløb gjorde det muligt for angribere at læse - vilkårlige filer via et bestemt tegn. (MFSA 2008-44)

    • - -
  • CVE-2008-4068 - -

    Man opdagede at et mappegennemløb gjorde det muligt for angribere at omgå - sikkerhedsbegrænsninger og få fat i følsomme oplysninger. - (MFSA 2008-44)

    • - -
  • CVE-2008-4070 - -

    Man opdagede at et bufferoverløb kunne udløses gennem en lang header i en - nyhedsartikel, hvilket kunne føre til udførelse af vilkårlig kode. - (MFSA 2008-46)

    • - -
  • CVE-2008-4582 - -

    Liu Die Yu og Boris Zbarsky opdagede en informationslækage gennem lokale - genvejsfiler. (MFSA 2008-47, MFSA 2008-59)

    • - -
  • CVE-2008-5012 - -

    Georgi Guninski, Michal Zalewski og Chris Evan opdagede at - canvas-elementet kunne anvendes til at omgå samme - ophav-begrænsninger. (MFSA 2008-48)

    • - -
  • CVE-2008-5014 - -

    Jesse Ruderman opdagede at en programmingsfejl i objektet - window.__proto__.__proto__ kunne føre til udførelse af vilkårlig kode. - (MFSA 2008-50)

    • - -
  • CVE-2008-5017 - -

    Man opdagede at nedbrud i layout-maskinen kunne føre til udførelse af - vilkårlig kode. (MFSA 2008-52)

    • - -
  • CVE-2008-5018 - -

    Man opdagede at nedbrud i JavaScript-maskinen kunne føre til udførelse af - vilkårlig kode. (MFSA 2008-52)

    • - -
  • CVE-2008-5021 - -

    Man opdagede at et nedbrud i nsFrameManager måske kunne føre til udførelse - af vilkårlig kode. (MFSA 2008-55)

    • - -
  • CVE-2008-5022 - -

    moz_bug_r_a4 opdagede at samme ophav-kontroller i - nsXMLHttpRequest::NotifyEventListeners() kunne omgås. (MFSA 2008-56)

    • - -
  • CVE-2008-5024 - -

    Chris Evans opdagede at anførselstegn blev indkaplset på ukorrekt vis i - standardnavnerummet i E4X-dokumenter. (MFSA 2008-58)

    • - -
  • CVE-2008-5500 - -

    Jesse Ruderman opdagede at layout-maskinen var sårbar over for - lammelsesangreb (DoS), der måske kunne udløse hukommelseskorruption og - heltalsoverløb. (MFSA 2008-60)

    • - -
  • CVE-2008-5503 - -

    Boris Zbarsky opdagede at et informationsafsløringsangreb kunne udføres - gennem XBL-bindinger. (MFSA 2008-61)

    • - -
  • CVE-2008-5506 - -

    Marius Schilder opdagede at det var muligt at få fat i følsomme - oplysninger gennem XMLHttpRequest. (MFSA 2008-64)

    • - -
  • CVE-2008-5507 - -

    Chris Evans opdagede at det var muligt at få fat i følsomme oplysninger - gennem en JavaScript-URL. (MFSA 2008-65)

    • - -
  • CVE-2008-5508 - -

    Chip Salzenberg opdagede mulige phising-angreb gennem URL'er med - foranstillet whitespace eller kontroltegn. (MFSA 2008-66)

    • - -
  • CVE-2008-5511 - -

    Man opdagede at det var muligt at udføre skripter på tværs af websteder - gennem en XBL-binding til et "unloaded document." (MFSA 2008-68)

    • - -
  • CVE-2008-5512 - -

    Man opdagede at det var muligt at køre vilkårligt JavaScript med - Chrome-rettigheder gennem ukendte angrebsvinkler. (MFSA 2008-68)

    • - -
- -

I den stabile distribution (etch) er disse problemer rettet i version -1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1. Pakker til s390 vil blive -stillet til rådighed senere.

- -

I den kommende stabile distribution (lenny) vil disse problemer snart blive -rettet.

- -

I den ustabile (sid) distribution er disse problemer rettet i -version 2.0.0.19-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1696.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" \ No newline at end of file diff --git a/danish/security/2009/dsa-1697.wml b/danish/security/2009/dsa-1697.wml deleted file mode 100644 index f95d9fe748c..00000000000 --- a/danish/security/2009/dsa-1697.wml +++ /dev/null @@ -1,272 +0,0 @@ -flere sårbarheder - - -

Flere fjernudnytbare sårbarheder er opdaget i Iceape, en version af -internetprogrampakken Seamonkey. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-0016 - -

    Justin Schuh, Tom Cross og Peter Williams opdagede et bufferoverløb i - fortolkeren af UTF-8-URL'er, hvilket måske kunne føre til udførelse af - vilkårlig kode. (MFSA 2008-37)

    • - -
  • CVE-2008-0304 - -

    Man opdagede at et bufferoverløb i MIME-dekodningen kunne føre til - udførelse af vilkårlig kode. (MFSA 2008-26)

    • - -
  • CVE-2008-2785 - -

    Man opdagede at manglende grænsekontroller på en referencetæller i - CSS-objekter kunne føre til udførelse af vilkårlig kode. - (MFSA 2008-34)

    • - -
  • CVE-2008-2798 - -

    Devon Hubbard, Jesse Ruderman og Martijn Wargers opdagede nedbrud i - layout-maskinen, hvilket måske kunne føre til udførelse af vilkårlig - kode. (MFSA 2008-21)

    • - -
  • CVE-2008-2799 - -

    Igor Bukanov, Jesse Ruderman og Gary Kwong opdagede nedbrud i - JavaScript-maskinen, hvilket måske kunne føre til udførelse af vilkårlig - kode. (MFSA 2008-21)

    • - -
  • CVE-2008-2800 - -

    moz_bug_r_a4 opdagede flere sårbarheder i forbindelse med - udførelse af skripter på tværs af websteder. (MFSA 2008-22)

    • - -
  • CVE-2008-2801 - -

    Collin Jackson og Adam Barth opdagede at JavaScript-kode kunne udføres i - konteksten eller i signerede JAR-arkiver. (MFSA 2008-23)

    • - -
  • CVE-2008-2802 - -

    moz_bug_r_a4 opdagede at XUL-dokumenter kunne forøge rettigheder - ved at tilgå den prækompilerede "fastload"-fil. (MFSA 2008-24)

    • - -
  • CVE-2008-2803 - -

    moz_bug_r_a4 opdagede at manglende fornuftighedskontrol af inddata - i funktionen mozIJSSubScriptLoader.loadSubScript() kunne føre til udførelse - af vilkårlig kode. Iceape selv er ikke påvirket, men nogle udvidelser er - det. (MFSA 2008-25)

    • - -
  • CVE-2008-2805 - -

    Claudio Santambrogio opdagede at manglende adgangsvalidering i - DOM-fortolkning gjorde det muligt for ondsindede websteder, at tvinger - webbroseren til at uploade lokale filer til serveren, hvilket kunne føre - til informationsafsløring. (MFSA 2008-27)

    • - -
  • CVE-2008-2807 - -

    Daniel Glazman opdagede at en programmeringsfejl i koden til fortolkning - af .properties-filer kunne føre til at hukommelsesindhold blev afsløret til - udvidelser, hvilket kunne føre til informationsafsløring. - (MFSA 2008-29)

    • - -
  • CVE-2008-2808 - -

    Masahiro Yamada opdagede at fil-URL'er i mappevisninger blev indkapslet - utilstrækkeligt. (MFSA 2008-30)

    • - -
  • CVE-2008-2809 - -

    John G. Myers, Frank Benkstein og Nils Toedtmann opdagede at alternative - navne på selvsignerede certifikater blev håndteret på utilstrækkelig vis, - hvilket kunne føre til svindel med sikre forbindelser. (MFSA 2008-31)

    • - -
  • CVE-2008-2810 - -

    Man opdagede at URL-genvejsfiler kunne anvendes til at omgå samme - ophav-begrænsninger. Problemet påvirker ikke den aktuelle Iceape, men kan - opstå hvis ekstra udvidelser er installeret. (MFSA 2008-32)

    • - -
  • CVE-2008-2811 - -

    Greg McManus opdagede et nedbrud i blok-reflow-koden, hvilket måske kunne - gøre det muligt af udføre vilkårlig kode. (MFSA 2008-33)

    • - -
  • CVE-2008-2933 - -

    Billy Rios opdagede at overførsel af en URL indeholdende et pipe-tegn til - Iceape kunne føre til Chrome-rettighedsforøgelse. (MFSA 2008-35)

    • - -
  • CVE-2008-3835 - -

    moz_bug_r_a4 opdagede at samme ophav-kontrollen i - nsXMLDocument::OnChannelRedirect() kunne omgås. (MFSA 2008-38)

    • - -
  • CVE-2008-3836 - -

    moz_bug_r_a4 opdagede at flere sårbarheder i feedWriter kunne føre - til Chrome-rettighedsforøgelse. (MFSA 2008-39)

    • - -
  • CVE-2008-3837 - -

    Paul Nickerson opdagede at en angriber kunne flytte vinduer mens der blev - klikket på musen, medførende uønskede handlinger udløst af træk og - slip. (MFSA 2008-40)

    • - -
  • CVE-2008-4058 - -

    moz_bug_r_a4 opdagede en sårbarhed, der kunne medføre en - Chrome-rettighedsforøgelse gennem XPCNativeWrappers. (MFSA 2008-41)

    • - -
  • CVE-2008-4059 - -

    moz_bug_r_a4 opdagede en sårbarhed, der kunne medføre en - Chrome-rettighedsforøgelse gennem XPCNativeWrappers. (MFSA 2008-41)

    • - -
  • CVE-2008-4060 - -

    Olli Pettay og moz_bug_r_a4 opdagede en - Chrome-rettighedsforøgelsessårbarhed i XSLT-håndtering. - (MFSA 2008-41)

    • - -
  • CVE-2008-4061 - -

    Jesse Ruderman opdagede et nedbrud i layout-maskinen, hvilket måske kunne - gøre det muligt at udføre vilkårlig kode. (MFSA 2008-42)

    • - -
  • CVE-2008-4062 - -

    Igor Bukanov, Philip Taylor, Georgi Guninski og Antoine Labour opdagede - nedbrud i JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre - vilkårlig kode. (MFSA 2008-42)

    • - -
  • CVE-2008-4065 - -

    Dave Reed opdagede at nogle Unicode-byterækkefølgemarkeringer blev fjernet - fra JavaScript-kode før udførelse, hvilket kunne medføre udførelse af kode, - der ellers var del af en streng i anførselstegn. (MFSA 2008-43)

    • - -
  • CVE-2008-4067 - -

    Man opdagede at et mappegennemløb gjorde det muligt for angribere at læse - vilkårlige filer via et bestemt tegn. (MFSA 2008-44)

    • - -
  • CVE-2008-4068 - -

    Man opdagede at et mappegennemløb gjorde det muligt for angribere at omgå - sikkerhedsbegrænsninger og få fat i følsomme oplysninger. - (MFSA 2008-44)

    • - -
  • CVE-2008-4069 - -

    Billy Hoffman opdagede at XBM-dekoderen kunne afsløre uinitialiseret - hukommelse. (MFSA 2008-45)

    • - -
  • CVE-2008-4070 - -

    Man opdagede at et bufferoverløb kunne udløses gennem en lang header i en - nyhedsartikel, hvilket kunne føre til udførelse af vilkårlig kode. - (MFSA 2008-46)

    • - -
  • CVE-2008-5012 - -

    Georgi Guninski, Michal Zalewski og Chris Evan opdagede at - canvas-elementet kunne anvendes til at omgå samme - ophav-begrænsninger. (MFSA 2008-48)

    • - -
  • CVE-2008-5013 - -

    Man opdagede at utilstrækkelige kontroller i Flash-plugin'ens glue-kode - kunne føre til vilkårlig udførelse af kode. (MFSA 2008-49)

    • - -
  • CVE-2008-5014 - -

    Jesse Ruderman opdagede at en programmingsfejl i objektet - window.__proto__.__proto__ kunne føre til udførelse af vilkårlig kode. - (MFSA 2008-50)

    • - -
  • CVE-2008-5017 - -

    Man opdagede at nedbrud i layout-maskinen kunne føre til udførelse af - vilkårlig kode. (MFSA 2008-52)

    • - -
  • CVE-2008-5018 - -

    Man opdagede at nedbrud i JavaScript-maskinen kunne føre til udførelse af - vilkårlig kode. (MFSA 2008-52)

    • - -
  • CVE-2008-0017 - -

    Justin Schuh opdagede at et bufferoverløb i http-index-format-fortolkeren - kunne føre til udførelse af vilkårlig kode. (MFSA 2008-54)

    • - -
  • CVE-2008-5021 - -

    Man opdagede at et nedbrud i nsFrameManager måske kunne føre til udførelse - af vilkårlig kode. (MFSA 2008-55)

    • - -
  • CVE-2008-5024 - -

    Chris Evans opdagede at anførselstegn blev indkaplset på ukorrekt vis i - standardnavnerummet i E4X-dokumenter. (MFSA 2008-58)

    • - -
  • CVE-2008-4582 - -

    Liu Die Yu og Boris Zbarsky opdagede en informationslækage gennem lokale - genvejsfiler. (MFSA 2008-47, MFSA 2008-59)

    • - -
  • CVE-2008-5500 - -

    Jesse Ruderman opdagede at layout-maskinen var sårbar over for - lammelsesangreb (DoS), der måske kunne udløse hukommelseskorruption og - heltalsoverløb. (MFSA 2008-60)

    • - -
  • CVE-2008-5503 - -

    Boris Zbarsky opdagede at et informationsafsløringsangreb kunne udføres - gennem XBL-bindinger. (MFSA 2008-61)

    • - -
  • CVE-2008-5506 - -

    Marius Schilder opdagede at det var muligt at få fat i følsomme - oplysninger gennem XMLHttpRequest. (MFSA 2008-64)

    • - -
  • CVE-2008-5507 - -

    Chris Evans opdagede at det var muligt at få fat i følsomme oplysninger - gennem en JavaScript-URL. (MFSA 2008-65)

    • - -
  • CVE-2008-5508 - -

    Chip Salzenberg opdagede mulige phising-angreb gennem URL'er med - foranstillet whitespace eller kontroltegn. (MFSA 2008-66)

    • - -
  • CVE-2008-5511 - -

    Man opdagede at det var muligt at udføre skripter på tværs af websteder - gennem en XBL-binding til et "unloaded document." (MFSA 2008-68)

    • - -
  • CVE-2008-5512 - -

    Man opdagede at det var muligt at køre vilkårligt JavaScript med - Chrome-rettigheder gennem ukendte angrebsvinkler. (MFSA 2008-68)

    • - -
- -

I den stabile distribution (etch) er disse problemer rettet i -version 1.0.13~pre080614i-0etch1.

- -

I den kommende stabile distribution (lenny) vil disse problemer snart blive -rettet.

- -

I den ustabile (sid) distribution er disse problemer rettet i -version 1.1.14-1.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1697.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" \ No newline at end of file diff --git a/danish/security/2009/dsa-1698.wml b/danish/security/2009/dsa-1698.wml deleted file mode 100644 index 0b111ee14dd..00000000000 --- a/danish/security/2009/dsa-1698.wml +++ /dev/null @@ -1,18 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Man opdagede at GForge, et samarbejdsudviklingsværktøj, på utilstrækkelig vis -fornufighedskontrollerede nogle inddata, hvilket gjorde det muligt for -fjernangribere at udføre SQL-indspøjtning.

- -

I den stabile distribution (etch), er dette problem rettet i -version 4.5.14-22etch10.

- -

I distributionerne testing (lenny) og unstable (sid), er disse problemer -rettet rettet i version 4.7~rc2-7.

- -

Vi anbefaler at du opgraderer din gforge-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1698.data" -#use wml::debian::translation-check translation="49c7ec55d38a868863616b524ccd396e8960ac76" mindelta="1" diff --git a/danish/security/2009/dsa-1699.wml b/danish/security/2009/dsa-1699.wml deleted file mode 100644 index aa069d51ea6..00000000000 --- a/danish/security/2009/dsa-1699.wml +++ /dev/null @@ -1,19 +0,0 @@ -arrayindeksfejl - -

En arrayindeksfejl i zaptel, en samling drivere til telefonihardware, kunne -gøre det muligt for brugere at få systemet til at gå ned eller forøge deres -rettigheder ved at overskrive kernehukommelse -(CVE-2008-5396).

- -

I den stabile distribution (etch), er dette problem rettet i version -1.2.11.dfsg-1+etch1.

- -

I den ustabile distribution (sid) og i distributionen testing (lenny), er -dette problem rettet i version 1.4.11~dfsg-3.

- -

Vi anbefaler at du opgraderer din zaptel-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1699.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1700.wml b/danish/security/2009/dsa-1700.wml deleted file mode 100644 index cd525d25141..00000000000 --- a/danish/security/2009/dsa-1700.wml +++ /dev/null @@ -1,18 +0,0 @@ -ukorrekt API-anvendelse - -

Man opdagede at Lasso, et bibliotek til Liberty Alliance- og -SAML-protokollerne udførte utilstrækkelig kontrol af returværdien fra -OpenSSL's DSA_verify()-funktion.

- -

I den stabile distribution (etch), er dette problem rettet i -version 0.6.5-3+etch1.

- -

I den kommende stabile distribution (lenny) og i den ustabile -distribution (sid), er dette problem rettet i version 2.2.1-2.

- -

Vi anbefaler at du opgraderer din lasso-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1700.data" -#use wml::debian::translation-check translation="39643cb48ad78ee12abce89d0624ad58dbc63c41" mindelta="1" diff --git a/danish/security/2009/dsa-1701.wml b/danish/security/2009/dsa-1701.wml deleted file mode 100644 index fe513285c1c..00000000000 --- a/danish/security/2009/dsa-1701.wml +++ /dev/null @@ -1,22 +0,0 @@ -fortolkningskonflikt - -

Man opdagede at OpenSSL ikke på korrekt vis kontrollerede DSA-signaturer på -X.509-certifikater, på grund af forkert anvendelse af et API, potentielt førende -til accept af ukorrekte X.509-certifikater som værende ægte -(CVE-2008-5077).

- -

I den stabile distribution (etch), er dette problem rettet i version -0.9.8c-4etch4 af pakken openssl, og version 0.9.7k-3.1etch2 af pakken -openssl097.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.9.8g-15.

- -

I testing-distributionen (lenny) vil det snart blive rettet.

- -

Vi anbefaler at du opgraderer dine OpenSSL-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1701.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1702.wml b/danish/security/2009/dsa-1702.wml deleted file mode 100644 index b725fe46ae9..00000000000 --- a/danish/security/2009/dsa-1702.wml +++ /dev/null @@ -1,21 +0,0 @@ -fortolkningskonflikt - -

Man har opdaget at NTP, en implementering af Network Time Protocol, ikke på -korrekt vis kontrollerede kryptografiske signaturer, hvilket slutteligt kunne -føre til accept af uautentificerede tidsoplysninger. (Bemærk at krytografisk -autentifikation af time-servere ofte slet ikke er aktiveret.)

- -

I den stabile distribution (etch), er dette problem rettet i -version 4.2.2.p4+dfsg-2etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.2.4p4+dfsg-8.

- -

I testing-distributionen (lenny) det det snart blive rettet.

- -

Vi anbefaler at du opgraderer din ntp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1702.data" -#use wml::debian::translation-check translation="0e5a8b419ccf083aca5abdad79b4e2f940c2bb5e" mindelta="1" diff --git a/danish/security/2009/dsa-1703.wml b/danish/security/2009/dsa-1703.wml deleted file mode 100644 index df8fd4ee4a9..00000000000 --- a/danish/security/2009/dsa-1703.wml +++ /dev/null @@ -1,20 +0,0 @@ -fortolkningskonflikt - -

Man opdagede at BIND, en implementering af DNS-protokolsuiten, ikke på -korrekt vis kontrollerede resultatet af en OpenSSL-funktion, der anvedes til at -vertificere krytografiske DSA-signaturer. Som følge deraf, kunne ukorrekte -DNS-ressourceposter i zoner beskyttet af DNSSEC blive accepteret som værende -ægte.

- -

I den stabile distribution (etch), er dette problem rettet i version -9.3.4-2etch4.

- -

I den ustabile distribution (sid) og i distributionen testing (lenny), -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine BIND-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1703.data" -#use wml::debian::translation-check translation="0e5a8b419ccf083aca5abdad79b4e2f940c2bb5e" mindelta="1" diff --git a/danish/security/2009/dsa-1704.wml b/danish/security/2009/dsa-1704.wml deleted file mode 100644 index 7faf75250dd..00000000000 --- a/danish/security/2009/dsa-1704.wml +++ /dev/null @@ -1,58 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtime-miljø til -XUL-applikationer. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2008-5500 - -

    Jesse Ruderman opdagede at layout-maskinen var sårbar over for - lammelsesangreb (DoS), der måske kunne udløse hukommelseskorruption og - heltalsoverløb. (MFSA 2008-60)

    • - -
  • CVE-2008-5503 - -

    Boris Zbarsky opdagede at et informationsafsløringsangreb kunne udføres - gennem XBL-bindinger. (MFSA 2008-61)

    • - -
  • CVE-2008-5506 - -

    Marius Schilder opdagede at det var muligt at få fat i følsomme - oplysninger gennem XMLHttpRequest. (MFSA 2008-64)

    • - -
  • CVE-2008-5507 - -

    Chris Evans opdagede at det var muligt at få fat i følsomme oplysninger - gennem en JavaScript-URL. (MFSA 2008-65)

    • - -
  • CVE-2008-5508 - -

    Chip Salzenberg opdagede mulige phising-angreb gennem URL'er med - foranstillet whitespace eller kontroltegn. (MFSA 2008-66)

    • - -
  • CVE-2008-5511 - -

    Man opdagede at det var muligt at udføre skripter på tværs af websteder - gennem en XBL-binding til et "unloaded document." (MFSA 2008-68)

    • - -
  • CVE-2008-5512 - -

    Man opdagede at det var muligt at køre vilkårligt JavaScript med - Chrome-rettigheder gennem ukendte angrebsvinkler. (MFSA 2008-68)

    • - -
- -

I den stabile distribution (etch) er disse problemer rettet i -version 1.8.0.15~pre080614i-0etch1.

- -

I distributionen testing (lenny) og i den ustabile distribution (sid) -er disse problemer rettet i version 1.9.0.5-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1704.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1705.wml b/danish/security/2009/dsa-1705.wml deleted file mode 100644 index d3ff35c00db..00000000000 --- a/danish/security/2009/dsa-1705.wml +++ /dev/null @@ -1,24 +0,0 @@ -manglende kontrol af inddata - -

Man opdagede at netatalk, en implementering af AppleTalk-suiten, var påvirket -af en kommandoindspøjtningssårbarhed når PostScript-streams via papd blev -behandlet. Dette kunne føre til udførelse af vilkårlig kode. Bemærk at dette -kun påvirker installationer, som er opsat til at anvende en pipe-kommando -kombineret med wildcard-symboler erstattet af værdier hørende til det -udskrevne job.

- -

I den stabile distribution (etch) er dette problem rettet i -version 2.0.3-4+etch1.

- -

I den kommende stabile distribution (lenny) er dette problem rettet -i version 2.0.3-11+lenny1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.0.4~beta2-1.

- -

Vi anbefaler at du opgraderer din netatalk-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1705.data" -#use wml::debian::translation-check translation="ee863f5e660da19991a12f139465b06f6af580fb" mindelta="1" diff --git a/danish/security/2009/dsa-1706.wml b/danish/security/2009/dsa-1706.wml deleted file mode 100644 index 8f5bd29d522..00000000000 --- a/danish/security/2009/dsa-1706.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

Tobias Klein opdagede at heltalsoverløb i den kode, som medieafspilleren -Amarak anvender til at fortolke Audible-filer, måske kunne føre til udførelse -af vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i version -1.4.4-4etch1. Opdaterede pakker til sparc og arm vil senere blive stillet til -rådighed.

- -

I den kommende stabile distribution (lenny) og i den ustabile distribution -(sid), er dette problem rettet i version 1.4.10-2.

- -

Vi anbefaler at du opgraderer dine amarok-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1706.data" -#use wml::debian::translation-check translation="ee863f5e660da19991a12f139465b06f6af580fb" mindelta="1" diff --git a/danish/security/2009/dsa-1707.wml b/danish/security/2009/dsa-1707.wml deleted file mode 100644 index 41dd827f3b1..00000000000 --- a/danish/security/2009/dsa-1707.wml +++ /dev/null @@ -1,79 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webbrowseren Iceweasel, en -version af browseren Firefox. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2008-5500 - -

    Jesse Ruderman opdagede at layout-maskinen var sårbar over for - lammelsesangreb (DoS), der måske kunne udløse hukommelseskorruption og - heltalsoverløb. (MFSA 2008-60)

    • - -
  • CVE-2008-5504 - -

    Man opdagede at angribere kunne køre vilkårligt JavaScript med - chrome-rettigheder via angrebsvinkler i forbindelse med feed-previewet. - (MFSA 2008-62)

    • - -
  • CVE-2008-5503 - -

    Boris Zbarsky opdagede at et informationsafsløringsangreb kunne udføres - gennem XBL-bindinger. (MFSA 2008-61)

    • - -
  • CVE-2008-5506 - -

    Marius Schilder opdagede at det var muligt at få fat i følsomme - oplysninger gennem XMLHttpRequest. (MFSA 2008-64)

    • - -
  • CVE-2008-5507 - -

    Chris Evans opdagede at det var muligt at få fat i følsomme oplysninger - gennem en JavaScript-URL. (MFSA 2008-65)

    • - -
  • CVE-2008-5508 - -

    Chip Salzenberg opdagede mulige phising-angreb gennem URL'er med - foranstillet whitespace eller kontroltegn. (MFSA 2008-66)

    • - -
  • CVE-2008-5510 - -

    Kojima Hajime og Jun Muto opdagede at indkapslede null-tegn blev ignoreret - af CSS-fortolkeren og kunne føre til omgåelse af beskyttelsesmekanismer - (MFSA 2008-67)

    • - -
  • CVE-2008-5511 - -

    Man opdagede at det var muligt at udføre skripter på tværs af websteder - gennem en XBL-binding til et "unloaded document." (MFSA 2008-68)

    • - -
  • CVE-2008-5512 - -

    Man opdagede at det var muligt at køre vilkårligt JavaScript med - Chrome-rettigheder gennem ukendte angrebsvinkler. (MFSA 2008-68)

    • - -
  • CVE-2008-5513 - -

    moz_bug_r_a4 opdagede at session-restore-funktionen ikke på korrekt - vis fornuftighedskontrollerede inddata, førende til vilkårlige - indsprøjtninger. Dette problem kunne anvendes til at udføre et XSS-angreb - eller køre vilkårligt JavaScript med chrome-rettigheder. - (MFSA 2008-69)

    • - -
- -

I den stabile distribution (etch) er disse problemer rettet i version -2.0.0.19-0etch1.

- -

I distributionen testing (lenny) og i den ustabile distribution (sid) er -disse problemer rettet i version 3.0.5-1. Bemærk at iceweasel i lenny linker -dynamisk til xulrunner.

- -

Vi anbefaler at du opgraderer din iceweasel-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1707.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1708.wml b/danish/security/2009/dsa-1708.wml deleted file mode 100644 index 5bfd5da6f2e..00000000000 --- a/danish/security/2009/dsa-1708.wml +++ /dev/null @@ -1,30 +0,0 @@ -shellkommandoindspøjtning - -

Man opdagede at gitweb, webgrænsefladen til versionsstyringssystemet Git, -indeholdt flere sårbarheder:

- -

Fjernangribere kunne anvende fabrikerede forspørgsler til at udføre -shellkommandoer på webserveren, ved hjælp af snapshot-genereringen og -pickaxe-søgefunktionaliteten -(CVE-2008-5516).

- -

Lokale brugere med skriveadgang til opsætningen af et Git-arkiv, som gitweb -tilgår, kunne få gitweb til at udføre vilkårlige shellkommnaoder med -rettighederne hørende til webserveren -(CVE-2008-5516, -CVE-2008-5517).

- -

I den stabile distribution (etch), er disse problemer rettet i -version 1.4.4.4-4+etch1.

- -

I den ustabile distribution (sid) og i distributionen testing (lenny), er -fjernindsprøjtning af shellkommandoer-problemet -(CVE-2008-5516) -rettet i version 1.5.6-1. Det andet problem vil snart blive rettet.

- -

Vi anbefaler at du opgraderer dine Git-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1708.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1709.wml b/danish/security/2009/dsa-1709.wml deleted file mode 100644 index f7a0a143874..00000000000 --- a/danish/security/2009/dsa-1709.wml +++ /dev/null @@ -1,20 +0,0 @@ -race-tilstand - -

Paul Szabo opdagede at login, systems login-værktøj, ikke på korrekt vis -håndterede symlinks når tty-rettigheder blev sat op. Hvis en lokal angriber -kunne få kontrol over systemets utmp-fil, kunne vedkommende få login til at -ændre ejerskab og rettigheder på vilkårlige filer, førende til en -root-rettighedsforøgelse.

- -

I den stabile distribution (etch), er dette problem rettet i -version 4.0.18.1-7+etch1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.1.1-6.

- -

Vi anbefaler at du opgraderer din shadow-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1709.data" -#use wml::debian::translation-check translation="bfa9f4b2f0a010d1baec4505c971074626ee58f4" mindelta="1" diff --git a/danish/security/2009/dsa-1710.wml b/danish/security/2009/dsa-1710.wml deleted file mode 100644 index 1866e127ed0..00000000000 --- a/danish/security/2009/dsa-1710.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Spike Spiegel opdagede et stakbaseret bufferoverløb i gmetad, metadæmonen til -klyngeovervågningsværktøjssættet ganglia, hvilket kunne udløses gennem en -forespørgsel med lange stinavne og gjorde det måske muligt at udføre vilkårlig -kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 2.5.7-3.1etch1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.5.7-5.

- -

I distributionen testing (lenny), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine ganglia-monitor-core-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1710.data" -#use wml::debian::translation-check translation="2ef23b8cf5bc8f8ae53031628b8414727e309ea9" mindelta="1" diff --git a/danish/security/2009/dsa-1711.wml b/danish/security/2009/dsa-1711.wml deleted file mode 100644 index 626575d93ef..00000000000 --- a/danish/security/2009/dsa-1711.wml +++ /dev/null @@ -1,51 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webindholdshåndteringsprogrammet -TYPO3. Projektet Common Vulnerabilities and Exposures har registreret følgende -problems:

- -
    - -
  • CVE-2009-0255 -

    Chris John Riley opdagede at krypteringsnøglen der anvendes i TYPO3, blev - genereret med en utilstrækkelig tilfældig seed, medførende lav entropi, - hvilket gjorde det lettere for angribere at knække denne nøgle.

    • - -
  • CVE-2009-0256 -

    Marcus Krause opdagede at TYPO3 ikke invaliderede en leveret session ved - autentifikation, hvilket gjorde det muligt for en angriber at overtage et - offers session gennem et sessionfikseringsangreb.

    • - -
  • CVE-2009-0257 -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder, gjorde det muligt for fjernangribere at indsprøjte vilkårligt - webskript eller HTML gennem forskellige parametre og brugerleverede - strenge, anvendt udvidelsen med det indekserede søgesystem, - testskripter til adodb-udvidelsen eller i workspace-modulet.

    • - -
  • CVE-2009-0258 -

    Mads Olesen opdagede en sårbarhed i forbindelse med fjernindspøjtning af - kommandoer i udvidelsen med det indekserede søgesystem, hvilket gjorde det - muligt for angribere at udføre vilkårlig kode gennem et fabrikeret filnavn, - der blev leveret uindkapslet til forskellige systemværktøjer, der udtrækker - filindhold til indekseringen.

    • - -
- - -

På grund af CVE-2009-0255, -er det vigtigt at sikre sig, ud over at installere denne opdatering, at man -efter installeringen genererer en ny krypteringsnøgle.

- -

I den stabile distribution (etch) er disse problemer rettet i -version 4.0.2+debian-7.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.2.5-1.

- -

Vi anbefaler at du opgraderer dine TYPO3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1711.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1712.wml b/danish/security/2009/dsa-1712.wml deleted file mode 100644 index 33a852b1471..00000000000 --- a/danish/security/2009/dsa-1712.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

Man opdagede at et heltalsoverløb i Probe Request-pakkefortolkeren i -trådløsdriverne til Ralinktech måske kunne føre til fjernudført lammelsesangreb -(denial of service) eller udførelse af vilkårlig kode.

- -

Bemærk at du skal genopbygge din driver ud fra kildekodepakken, for at denne -opdatering kan træde i kraft. Udførlig vejledning findes i -/usr/share/doc/rt2400-source/README.Debian

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.2.2+cvs20060620-4+etch1.

- -

I den kommende stabile distribution (lenny) og i den ustabile -distribution (sid), er dette problem rettet i version -1.2.2+cvs20080623-3.

- -

Vi anbefaler at du opgraderer din rt2400-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1712.data" -#use wml::debian::translation-check translation="ba24834eb3910e05e508f4d6bc7798581617627e" mindelta="1" diff --git a/danish/security/2009/dsa-1713.wml b/danish/security/2009/dsa-1713.wml deleted file mode 100644 index 926ff96595b..00000000000 --- a/danish/security/2009/dsa-1713.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

Man opdagede at et heltalsoverløb i Probe Request-pakkefortolkeren i -trådløsdriverne til Ralinktech måske kunne føre til fjernudført lammelsesangreb -(denial of service) eller udførelse af vilkårlig kode.

- -

Bemærk at du skal genopbygge din driver ud fra kildekodepakken, for at denne -opdatering kan træde i kraft. Udførlig vejledning findes i -/usr/share/doc/rt2500-source/README.Debian

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.1.0+cvs20060620-3+etch1.

- -

I den kommende stabile distribution (lenny) og i den ustabile -distribution (sid), er dette problem rettet i version -1:1.1.0-b4+cvs20080623-3.

- -

Vi anbefaler at du opgraderer din rt2500-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1713.data" -#use wml::debian::translation-check translation="ba24834eb3910e05e508f4d6bc7798581617627e" mindelta="1" diff --git a/danish/security/2009/dsa-1714.wml b/danish/security/2009/dsa-1714.wml deleted file mode 100644 index 6cad93e2955..00000000000 --- a/danish/security/2009/dsa-1714.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

Man opdagede at et heltalsoverløb i Probe Request-pakkefortolkeren i -trådløsdriverne til Ralinktech måske kunne føre til fjernudført lammelsesangreb -(denial of service) eller udførelse af vilkårlig kode.

- -

Bemærk at du skal genopbygge din driver ud fra kildekodepakken, for at denne -opdatering kan træde i kraft. Udførlig vejledning findes i -/usr/share/doc/rt2570-source/README.Debian

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.1.0+cvs20060620-3+etch1.

- -

I den kommende stabile distribution (lenny) og i den ustabile -distribution (sid), er dette problem rettet i version -1.1.0+cvs20080623-2.

- -

Vi anbefaler at du opgraderer din rt2570-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1714.data" -#use wml::debian::translation-check translation="ba24834eb3910e05e508f4d6bc7798581617627e" mindelta="1" diff --git a/danish/security/2009/dsa-1715.wml b/danish/security/2009/dsa-1715.wml deleted file mode 100644 index fdc11bd6fd7..00000000000 --- a/danish/security/2009/dsa-1715.wml +++ /dev/null @@ -1,24 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Man opdagede at AttachFile-handlingen i moin, en Python-klon af WikiWiki, er -sårbar over for angreb i forbindelse med udførelse af skripter på tværs af -websteder (CVE-2009-0260). -En anden sårbarhed af samme slags blev opdaget i antispam-funktionen -(CVE-2009-0312).

- -

I den stabile distribution (etch) er disse problemer rettet i -version 1.5.3-1.2etch2.

- -

I distributionen testing (lenny) er disse problemer rettet i -version 1.7.1-3+lenny1.

- -

I den ustabile (sid) distribution er disse problemer rettet i -version 1.8.1-1.1.

- -

Vi anbefaler at du opgraderer dine moin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1715.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1716.wml b/danish/security/2009/dsa-1716.wml deleted file mode 100644 index 86a4147dde1..00000000000 --- a/danish/security/2009/dsa-1716.wml +++ /dev/null @@ -1,20 +0,0 @@ -heltalsoverløb - -

Man opdagede at xvnc4viewer, et X-klientprogram til virtuelle netværk var -sårbar over for et heltalsoverløb gennem ondsindede indkapslingsværdier, der -kunne føre til udførelse af vilkålrig kode.

- -

I den stabile distribution (etch) er dette problem rettet i -version 4.1.1+X4.3.0-21+etch1.

- -

I den ustabile (sid) distribution er dette problem rettet i -version 4.1.1+X4.3.0-31.

- -

I distributionen testing (lenny) vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine vnc4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1716.data" -#use wml::debian::translation-check translation="a7f68578ee2ad60836873bdea79d1334004b6a71" mindelta="1" diff --git a/danish/security/2009/dsa-1717.wml b/danish/security/2009/dsa-1717.wml deleted file mode 100644 index 8bcdc6bbce1..00000000000 --- a/danish/security/2009/dsa-1717.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Stefan Cornelius opdagede et bufferoverløb i devil, et værktøj til indlæsning -og behandling af billeder på tværs af platforme, hvilket kunne udløses gennem en -fabrikeret Radiance RGBE-fil. Det kunne potentielt føre til udførelse af -vilkårlig kode.

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.6.7-5+etch1.

- -

For the testing distribution (lenny), er dette problem rettet i -version 1.6.8-rc2-3+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.7.5-4.

- -

Vi anbefaler at du opgraderer din devil-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1717.data" -#use wml::debian::translation-check translation="7460cb8ebbbe1f7129f0883195c56fc05a8f9c48" mindelta="1" diff --git a/danish/security/2009/dsa-1718.wml b/danish/security/2009/dsa-1718.wml deleted file mode 100644 index e6c1522032c..00000000000 --- a/danish/security/2009/dsa-1718.wml +++ /dev/null @@ -1,21 +0,0 @@ -ukorrekt brug af API - -

Man opdagede at hovedklienten til den distribuerede beregningsinfrastruktur -BOINC udførte utilstrækkelig validering af returværdier fra OpenSSL's -RSA-funktioner.

- -

I den stabile distribution (etch), er dette problem rettet i -version 5.4.11-4+etch1.

- -

I den kommende stabile distribution (lenny), er dette problem -rettet i version 6.2.14-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 6.2.14-3.

- -

Vi anbefaler at du opgraderer dine boinc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1718.data" -#use wml::debian::translation-check translation="290a9d071dfd5716d37e393c98181d4c1e6e0e7b" mindelta="1" diff --git a/danish/security/2009/dsa-1719.wml b/danish/security/2009/dsa-1719.wml deleted file mode 100644 index 20e951789a2..00000000000 --- a/danish/security/2009/dsa-1719.wml +++ /dev/null @@ -1,26 +0,0 @@ -designfejl - -

Martin von Gagern opdagede at GNUTLS, en implementering af -TLS/SSL-protokollen, håndterede kontrol af X.509-certifikatkæder på ukorrekt vis -hvis et selv-signeret certifikat var opsat som et man har tillid til. Dette -kunne medføre, at klienter accepterede forfalskede servercertifikater som ægte. -(CVE-2008-4989)

- -

Desuden skærper denne opdatering kontrollerne af X.509v1-certifikater, -hvilket får GNUTLS til at afvise visse certifikatkæder, som tidligere blev -accepteret. (I behandlingen af certifikatkæder, anerkender GNUTLS ikke -X.509v1-certifikater som gyldige med mindre applikationen eksplicit beder om -det.)

- -

I den stabile distribution (etch), er dette problem rettet i -version 1.4.4-3+etch3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.2-3 af pakken gnutls26.

- -

Vi anbefaler at du opgraderer dine gnutls13-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1719.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1720.wml b/danish/security/2009/dsa-1720.wml deleted file mode 100644 index 444fda81872..00000000000 --- a/danish/security/2009/dsa-1720.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i -webindholdshåndterings-frameworket TYPO3.

- -

Marcus Krause og Michael Stucki fra TYPO3's sikkerhedshold opdagede at -jumpUrl-mekanismen afslørede hemmelige hashes, hvilket gjorde det muligt for en -fjernangriber at omgå adgangskontrol ved at indsende den korrekte værdi som et -URL-parameter og dermed få mulighed for at læse indholdet af vilkårlige -filer.

- -

Jelmer de Hen og Dmitry Dulepov opdagede flere sårbarheder i forbindelse med -udførelse af skripter på tværs af websteder i backend'ens brugergrænseflade, -hvilket gjorde det muligt for fjernangribere at indsprøjte vilkårligt webskript -eller HTML.

- -

Det det er meget sandsynligt, at din krypteringsnøgle er blevet blotlagt, -anbefaler vi kraftigt at ændre din krypteringsnøgle ved hjælp af -installeringsværktøjet, efter at have installeret opdateringen.

- -

I den stabile distribution (etch) er disse problemer rettet i -version 4.0.2+debian-8.

- -

I distributionen testing (lenny) er disse problemer rettet i -version 4.2.5-1+lenny1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.2.6-1.

- -

Vi anbefaler at du opgraderer din typo3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1720.data" -#use wml::debian::translation-check translation="efe2a380651d51ff9da2564cfbc4359842f9b975" mindelta="1" diff --git a/danish/security/2009/dsa-1721.wml b/danish/security/2009/dsa-1721.wml deleted file mode 100644 index b6e4d1d2d5c..00000000000 --- a/danish/security/2009/dsa-1721.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere lokale sårbarheder er opdaget i PAM-modulet til MIT Kerberos. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-0360 - -

    Russ Allbery opdagede at Kerberos' PAM-modul fortolkede - konfigurationsindstillinger fra miljøvariable, når der blev kørt fra en - setuid-kontekst. Det kunne føre til lokal rettighedsforøgelse hvis en - angriber pegede et setuid-program, som anvender PAM-autentifikation, hen på - en Kerberos-opsætning under vedkommendes kontrol.

    • - -
  • CVE-2009-0361 - -

    Derek Chan opdagede at Kerberos' PAM-modul tillod geninitialisering af - brugeroplysninger, når det blev kørt fra en setuid-kontekst, potentielt - medførende et lokalt lammelsesangreb (denial of service) ved at overskrive - oplysningscachefilen eller førende til rettighedsforøgelse.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.6-1etch1.

- -

I den kommende stabile distribution (lenny), er disse problemer -rettet i version 3.11-4.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din libpam-krb5-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1721.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1722.wml b/danish/security/2009/dsa-1722.wml deleted file mode 100644 index f7f63f20a01..00000000000 --- a/danish/security/2009/dsa-1722.wml +++ /dev/null @@ -1,22 +0,0 @@ -programmeringsfejl - -

Derek Chan opdagede at PAM-modulet til implementeringen af Heimdal Kerberos -tillod geninitialisering af brugeroplysninger, når det blev kørt fra en -setuid-kontekst, potentielt medførende et lokalt lammelsesangreb (denial of -service) ved at overskrive oplysningscachefilen eller førende til -rettighedsforøgelse.

- -

I den stabile distribution (etch), er dette problem rettet i -version 2.5-1etch1.

- -

I den kommende stabile distribution (lenny), er dette problem -rettet i version 3.10-2.1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din libpam-heimdal-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1722.data" -#use wml::debian::translation-check translation="c8e308c0d709e2099924234284c26672935455e5" mindelta="1" diff --git a/danish/security/2009/dsa-1723.wml b/danish/security/2009/dsa-1723.wml deleted file mode 100644 index 383774261de..00000000000 --- a/danish/security/2009/dsa-1723.wml +++ /dev/null @@ -1,19 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Michael Brooks opdagede at phpMyAdmin, et værktøj til administrering af -MySQL via web, udførte utilstrækkelig fornuftighedskontrol af inddata, hvilket -gjorde det muligt for en brugerassisteret fjernangriber at udføre kode på -webserveren.

- -

I den stabile distribution (etch), er dette problem rettet i version -2.9.1.1-10.

- -

I distributionen testing (lenny) og i den ustabile distribution (sid), er -dette problem rettet i version 2.11.8.1-5.

- -

Vi anbefaler at du opgraderer din phpmyadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1723.data" -#use wml::debian::translation-check translation="c8e308c0d709e2099924234284c26672935455e5" mindelta="1" diff --git a/danish/security/2009/dsa-1724.wml b/danish/security/2009/dsa-1724.wml deleted file mode 100644 index 4ac99a6c92f..00000000000 --- a/danish/security/2009/dsa-1724.wml +++ /dev/null @@ -1,44 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget Moodle, et onlinesystem til kursushåndtering. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-0500 - -

    Man opdagede at oplysningerne gemt i logtabellerne ikke var - fornuftighedskontrollet på rettet vis, hvilket kunne gøre det muligt for - angribere at indsprøjte vilkårlig webkode.

    • - -
  • CVE-2009-0502 - -

    Man opdagede at visse inddata gennem funktionen "Login as" ikke på - korrekt vis for fornuftighedskontrollerede, hvilket kunne føre til - indsprøjtning af vilkårligt webskript.

    • - -
  • CVE-2008-5153 - -

    Dmitry E. Oboukhov opdagede at plugin'en SpellCheker oprettede - midlertidige filer på usikker vis, hvilket muliggjorde lammelsesangreb - (denial of service). Da plugin'en ikke blev anvendt, er den fjernet i - denne opdatering.

    • - -
- -

I den stabile distribution (etch) er disse problemer rettet i -version 1.6.3-2+etch2.

- -

I distributionen testing (lenny) er disse problemer rettet i -version 1.8.2.dfsg-3+lenny1.

- -

I den ustabile (sid) distribution er disse problemer rettet i -version 1.8.2.dfsg-4.

- -

Vi anbefaler at du opgraderer din moodle-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1724.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1725.wml b/danish/security/2009/dsa-1725.wml deleted file mode 100644 index 87681b62aa9..00000000000 --- a/danish/security/2009/dsa-1725.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Bas van Schaik opdagede at WebSVN, et værktøj til at se Subversion-arkiver -over nettet, ikke på korrekt vis begrænsede adgang til private arkiver, hvilket -gjorde det muligt for en fjernangriber at læse omfattende dele af deres -indhold.

- -

Den gamle stabile distribution (etch) er ikke påvirket af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.0-4+lenny1.

- -

I den ustabile distribution (sid), er dette problem også rettet i -version 2.0-4+lenny1.

- -

Vi anbefaler at du opgraderer din websvn-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1725.data" -#use wml::debian::translation-check translation="eb155426b4699837c9fb88b6e695cb70e2e0fd39" mindelta="1" diff --git a/danish/security/2009/dsa-1726.wml b/danish/security/2009/dsa-1726.wml deleted file mode 100644 index 0c7c5089a8d..00000000000 --- a/danish/security/2009/dsa-1726.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Mike Wiacek opdagede at et bufferoverløb i ARC2-implementeringen i Python -Crypto, en samling kryptografiske algoritmer og protokoller til Python, gjorde -det muligt at iværksætte lammelsesangreb (denial of service) og potentielt -udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.0.1+dfsg1-2.3+lenny0.

- -

På grund af tekniske begrænsninger i Debians skripter til arkivhåndtering, -kan opdateringen til den gamle stabile distribution (etch) ikke udgives -synkront. Problemet vil snart blive rettet i version 2.0.1+dfsg1-1.2+etch0.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din python-crypto-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1726.data" -#use wml::debian::translation-check translation="f772883067add20767982da8f7fb03fa39f41d27" mindelta="1" diff --git a/danish/security/2009/dsa-1727.wml b/danish/security/2009/dsa-1727.wml deleted file mode 100644 index 7d372a19b97..00000000000 --- a/danish/security/2009/dsa-1727.wml +++ /dev/null @@ -1,40 +0,0 @@ -SQL-indsprøjtningssårbarheder - -

To SQL-indsprøjtningssårbarheder er opdaget i proftpd, en ftp-dæmon til -virtuel hosting. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2009-0542 - -

    Shino opdagede at proftpd var sårbar over for en - SQL-indsprøjtningssårbarhed gennem anvendelse af visse tegn i - brugernavnet.

    • - -
  • CVE-2009-0543 - -

    TJ Saunders opdagede at proftpd var sårbar over for en - SQL-indsprøjtningssårbarhed på grund af utilstrækkelig anvendelse af - indkapslingsmekanismer, når multibyte-tegnindkapslinger anvendtes.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.3.1-17lenny1.

- -

I den gamle stabile distribution (etch), vil disse problemer snart blive -rettet.

- -

I distributionen testing (squeeze), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.3.2-1.

- -

Vi anbefaler at du opgraderer din proftpd-dfsg-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1727.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1728.wml b/danish/security/2009/dsa-1728.wml deleted file mode 100644 index eff51903cb7..00000000000 --- a/danish/security/2009/dsa-1728.wml +++ /dev/null @@ -1,20 +0,0 @@ -ukorrekt assertion - -

Man opdagede at dkim-milter, en implementering af protokollen DomainKeys -Identified Mail, kunne gå ned under DKIM-verifikation, hvis det stødte på en -særligt fremstillet eller tilbagetrukket offentlig nøgle-registrering i DNS.

- -

Den gamle stabile distribution (etch) indeholder ikke dkim-milter-pakker.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.6.0.dfsg-1+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.6.0.dfsg-2.

- -

Vi anbefaler at du opgraderer dine dkim-milter-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1728.data" -#use wml::debian::translation-check translation="bf59de109045bd0bb4ce8862844c5964a608381d" mindelta="1" diff --git a/danish/security/2009/dsa-1729.wml b/danish/security/2009/dsa-1729.wml deleted file mode 100644 index f22c6cce27e..00000000000 --- a/danish/security/2009/dsa-1729.wml +++ /dev/null @@ -1,44 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i gst-plugins-bad0.10, en samling af forskellige -GStreamer-plugins. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-0386 - -

    Tobias Klein opdagede et bufferoverløb i quicktime-stream-demuxer'eren -(qtdemux), hvilket potentielt kunne føre til udførelse af vilkårlig kode gennem -fabrikerede .mov-filer.

    • - -
  • CVE-2009-0387 - -

    Tobias Klein opdagede en arrayindeksfejl i quicktime-stream-demuxer'eren -(qtdemux), hvilket potentielt kunne føre til udførelse af vilkårlig kode gennem -fabrikerede .mov-filer.

    • - -
  • CVE-2009-0397 - -

    Tobias Klein opdagede et bufferoverløb i quicktime-stream-demuxer'eren -(qtdemux) svarende til problemet rapporteret i -CVE-2009-0386, -hvilket også kunne føre til udførelse af vilkårlig kode gennem fabrikerede -.mov-filer.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 0.10.3-3.1+etch1.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -0.10.8-4.1~lenny1 af gst-plugins-good0.10, da den påvirkede plugin er blevet -flyttet dertil. Rettelsen var allerede indeholdt i lenny-udgaven.

- -

I den ustabile distribution (sid) og i distributionen testing (squeeze), er -disse problemer rettet i version 0.10.8-4.1 af gst-plugins-good0.10.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1729.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1730.wml b/danish/security/2009/dsa-1730.wml deleted file mode 100644 index c2055906b7d..00000000000 --- a/danish/security/2009/dsa-1730.wml +++ /dev/null @@ -1,44 +0,0 @@ -SQL-indsprøjtningssårbarheder - -

Sikkerhedsopdateringen til proftpd-dfsg i DSA-1727-1 forårsagede en -regression i postgresql-backend'en. Denne opdatering retter fejlen. Man har -også opdaget at den gamle stabile distribution (etch) ikke er påvirket af -sikkerhedsproblemerne. Til reference følger herunder det oprindelige -bulletin.

- -

To SQL-indsprøjtningssårbarheder er opdaget i proftpd, en ftp-dæmon til -virtuel hosting. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2009-0542 - -

    Shino opdagede at proftpd var sårbar over for en - SQL-indsprøjtningssårbarhed gennem anvendelse af visse tegn i - brugernavnet.

    • - -
  • CVE-2009-0543 - -

    TJ Saunders opdagede at proftpd var sårbar over for en - SQL-indsprøjtningssårbarhed på grund af utilstrækkelig anvendelse af - indkapslingsmekanismer, når multibyte-tegnindkapslinger anvendtes.

    • - -
- -

Den gamle stabile distribution (etch) er ikke påvirket af disse -problemer.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.3.1-17lenny2.

- -

I distributionen testing (squeeze), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.3.2-1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1730.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1731.wml b/danish/security/2009/dsa-1731.wml deleted file mode 100644 index 1078f71f73b..00000000000 --- a/danish/security/2009/dsa-1731.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Anders Kaseorg opdagede at ndiswrapper var ramt af et bufferoverløb gennem -særligt fremstillet trådløs netværkstrafik, på grund af ukorrekt håndtering af -lange ESSID'er. Dette kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.28-1+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.53-2, der allerede er med i den udgivne lenny.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 1.53-2.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1731.data" -#use wml::debian::translation-check translation="93c094b304c102f4cae503099c0af45f1210540f" mindelta="1" diff --git a/danish/security/2009/dsa-1732.wml b/danish/security/2009/dsa-1732.wml deleted file mode 100644 index aa512283998..00000000000 --- a/danish/security/2009/dsa-1732.wml +++ /dev/null @@ -1,19 +0,0 @@ -lammelsesangreb - -

Joshua Morin, Mikko Varpiola og Jukka Taimisto opdagede en assertion-fejl i -squid3, en komplet webproxycache, hvilket kunne føre til et lammelsesangreb -(denial of service).

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 3.0.PRE5-5+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.0.STABLE8-3, der allerede er med i den udgivne lenny.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 3.0.STABLE8-3.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1732.data" -#use wml::debian::translation-check translation="e931be0ac8e49c7c57d585c7e91071de3ad42a13" mindelta="1" diff --git a/danish/security/2009/dsa-1733.wml b/danish/security/2009/dsa-1733.wml deleted file mode 100644 index 4233eaf456c..00000000000 --- a/danish/security/2009/dsa-1733.wml +++ /dev/null @@ -1,55 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i vim, en udvidet vi-editor. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-2712 - -

    Jan Minar opdagede at vim ikke på korrekt vis fornuftighedskontrollerede - inddata, før kald af execute- eller systemfunktioner fra vim-skripter. - Det kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-3074 - -

    Jan Minar opdagede at tar-plugin'en i vim ikke på korrekt vis - fornuftighedskontrollerede filnavnene i tar-arkivet eller navnet på selve - arkivet, hvilket udsatte den for udførelse af vilkårlig kode.

    • - -
  • CVE-2008-3075 - -

    Jan Minar opdagede at zip-plugin'en i vim ikke på korrekt vis - fornuftighedskontrollerede filnavnene i tar-arkivet eller navnet på selve - arkivet, hvilket udsatte den for udførelse af vilkårlig kode.

    • - -
  • CVE-2008-3076 - -

    Jan Minar opdagede at netrw-plugin'en i vim ikke på korrekt vis - fornuftighedskontrollerede fil- eller mappenavne, den modtager. Det - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-4101 - -

    Ben Schmidt opdagede at vim ikke på korrekt vis indkapslede escape-tegn, - når der blev udført keyword- eller tag-opslag. Det kunne føre til udførelse - af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 1:7.0-122+1etch5.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1:7.1.314-3+lenny1, der allerede er med i den udgivne lenny.

- -

I distributionen testing (squeeze), er disse problemer rettet -i version 1:7.1.314-3+lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2:7.2.010-1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1733.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1734.wml b/danish/security/2009/dsa-1734.wml deleted file mode 100644 index 54648687cca..00000000000 --- a/danish/security/2009/dsa-1734.wml +++ /dev/null @@ -1,25 +0,0 @@ -programmeringsfejl - -

b.badrignans opdagede at OpenSC, en samling smart card-værktøjer, kunne gemme -private data på et smart card uden tilstrækkelige adgangsbegrænsninger.

- -

Kun blanke kord initialiseret med OpenSC er påvirkede af problemet. -Opdateringen forbedrer kun oprettelsen af nye private data-objekter, men kort -der allerede er initialiseret med sådanne private data-objekter, skal ændres for -at reparere adgangskontrolbetingelserne. Vejledning til en række situationer -findes på OpenSC's websted: http://www.opensc-project.org/security.html

- -

Den gamle stabile distribution (etch) er ikke påvirket af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.11.4-5+lenny1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din opensc-pakke og genoprette alle private -data-objekter gemt på dine smart card.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1734.data" -#use wml::debian::translation-check translation="b9a9eec77394c4d79d827b9f35ea4d5f9a5643a6" mindelta="1" diff --git a/danish/security/2009/dsa-1735.wml b/danish/security/2009/dsa-1735.wml deleted file mode 100644 index 4abfb36902c..00000000000 --- a/danish/security/2009/dsa-1735.wml +++ /dev/null @@ -1,23 +0,0 @@ -manglende fornuftighedskontrol af inddata - -

Man opdagede at znc, en IRC-proxy/-bouncer, ikke på korrekt vis -fornuftighedskontrollerede inddata i opsætningsændringsforespørgsler til -webadmin-grænsefladen. Det gjorde det muligt for autentificerede brugere at -forøge deres rettigheder og indirekte udføre vilkårlige kommandoer -(CVE-2009-0759).

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.045-3+etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.058-2+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.066-1.

- -

Vi anbefaler at du opgraderer dine znc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1735.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1736.wml b/danish/security/2009/dsa-1736.wml deleted file mode 100644 index 8cb12fee313..00000000000 --- a/danish/security/2009/dsa-1736.wml +++ /dev/null @@ -1,20 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Man opdagede at mahara, en elektronisk portefølje, weblog og CV-opbygger, var -sårbar over for udførelse af skripter på tværs af websteder, hvilket gjorde det -muligt at indspøjte vilkårlig Java- eller HTML-kode.

- -

Den gamle stabile distribution (etch) indeholder ikke mahara.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.4-4+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din mahara-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1736.data" -#use wml::debian::translation-check translation="c8e81723890a20363ede02ef62a940cb9ab48bec" mindelta="1" diff --git a/danish/security/2009/dsa-1737.wml b/danish/security/2009/dsa-1737.wml deleted file mode 100644 index f4efd489579..00000000000 --- a/danish/security/2009/dsa-1737.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - - -

Flere sikkerhedsproblemer er opdaget i wesnoth, et fantasy-strategispil. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-0366 - -

    Daniel Franke opdagede at wesnoth-serveren var sårbar over for et -lammelsesangreb (denial of service) når den modtog særligt fremstillede -komprimerede data.

    • - -
  • CVE-2009-0367 - -

    Daniel Franke opdagede at sandkasseimplementeringen til python-AI'er kunne -anvendes til at udføre vilkårlig python-kode på wesnoth-klienter. For at -forhindre problemet, er python-understøttelsen blevet deaktiveret. En -kompatibilitetsrettelse er indeholdt, så en påvirket kampagne stadig fungerer -korrekt.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.4.4-2+lenny1.

- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 1.2-5.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 1.4.7-4.

- -

Vi anbefaler at du opgraderer dine wesnoth-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1737.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1738.wml b/danish/security/2009/dsa-1738.wml deleted file mode 100644 index c376ec03db2..00000000000 --- a/danish/security/2009/dsa-1738.wml +++ /dev/null @@ -1,29 +0,0 @@ -vilkårlig filadgang - -

David Kierznowski opdagede at libcurl, et filoverførselsbibliotek der -understøtter flere protokoller, når det var opsat til at følge -URL-viderestillinger automatisk, ikke betvivlede det nye mål. Da libcurl også -understøtter URL'er af typen file:// og scp:// - afhængigt af opsætningen - -kunne en ikke-betroet server anvende dette, til at blotlægge lokale filer, -overskrive lokale filer eller endda udføre vilkårlig kode gennem en ondsindet -URL-viderestilling.

- -

Opdateringen indeholder en ny indstillingsmulighed kaldet -CURLOPT_REDIR_PROTOCOLS, der som standard ikke gælder håndteringen af scp- og -file-protokollerne.

- -

I den gamle stabile distribution (etch) er dette problem rettet i -version 7.15.5-1etch2.

- -

I den stabile distribution (lenny) er dette problem rettet i -version 7.18.2-8lenny2.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 7.18.2-8.1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1738.data" -#use wml::debian::translation-check translation="ffbe9426c64ff19b2983afc0eba5588a486c7cdb" mindelta="1" diff --git a/danish/security/2009/dsa-1739.wml b/danish/security/2009/dsa-1739.wml deleted file mode 100644 index 7f0780843c0..00000000000 --- a/danish/security/2009/dsa-1739.wml +++ /dev/null @@ -1,19 +0,0 @@ -stigennemløb - -

Man opdagede at mldonkey, en klient til flere P2P-netværk, gjorde det muligt -for angribere at downloade vilkårlige filer ved hjælp af fabrikerede -forespørgsler til HTTP-konsollen.

- -

Den gamle stabile distribution (etch) er ikke påvirket af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.9.5-2+lenny1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine mldonkey-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1739.data" -#use wml::debian::translation-check translation="6f1c76b629db882e885953e7e9aae3d43f0baf3e" mindelta="1" diff --git a/danish/security/2009/dsa-1740.wml b/danish/security/2009/dsa-1740.wml deleted file mode 100644 index 16c2e6e46b2..00000000000 --- a/danish/security/2009/dsa-1740.wml +++ /dev/null @@ -1,21 +0,0 @@ -lammelsesangreb - -

Man opdagede at yaws, en højtydende HTTP 1.1-webserver, var sårbar over for -et lammelsesangreb (denial of service) gennem en forespørgsel med en stor -HTTP-header.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.77-3+lenny1.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.65-4etch1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 1.80-1.

- -

Vi anbefaler at du opgraderer din yaws-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1740.data" -#use wml::debian::translation-check translation="329fb0b8956d47249947b940825aa7fa65982bd1" mindelta="1" diff --git a/danish/security/2009/dsa-1741.wml b/danish/security/2009/dsa-1741.wml deleted file mode 100644 index 3c70c987f07..00000000000 --- a/danish/security/2009/dsa-1741.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsoverløb - -

Jesus Olmos Gonzalez opdagede et heltalsoverløb i PSI Jabber-klienten, der -kunne føre til et fjernudført lammelsesangreb (denial of service).

- -

Den gamle stabile distribution (etch) er ikke påvirket.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.11-9.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.12.1-1.

- -

Vi anbefaler at du opgraderer din psi-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1741.data" -#use wml::debian::translation-check translation="6f1c76b629db882e885953e7e9aae3d43f0baf3e" mindelta="1" diff --git a/danish/security/2009/dsa-1742.wml b/danish/security/2009/dsa-1742.wml deleted file mode 100644 index f8ae219d2b6..00000000000 --- a/danish/security/2009/dsa-1742.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - - -

Alan Rad Pop opdagede at libsndfile, et bibliotek til at læse og skrive -samplede lyddata, var sårbar over for et heltalsoverløb. Det forårsagede et -heap-baseret bufferoverløb når der blev behandlede fabrikerede -CAF-beskrivelses-chunks, muligvis førende til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (etch) er dette problem rettet i -version 1.0.16-2+etch1.

- -

I den stabile distribution (lenny) er dette problem rettet i -version 1.0.17-4+lenny1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 1.0.19-1.

- -

Vi anbefaler at du opgraderer dine libsndfile-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1742.data" -#use wml::debian::translation-check translation="da2b022c6d2ed7952a265d861bda76d978ea05e5" mindelta="1" diff --git a/danish/security/2009/dsa-1743.wml b/danish/security/2009/dsa-1743.wml deleted file mode 100644 index d1c2e3c7dd4..00000000000 --- a/danish/security/2009/dsa-1743.wml +++ /dev/null @@ -1,36 +0,0 @@ -bufferoverløb - -

To bufferoverløb er opdaget i GIF-billedfortolkningskoden i Tk, en grafisk -værktøjskasse der fungerer på tværs af platforme, hvilket kunne føre til -udførelse af vilkårlig kode. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2007-5137 - -

    Man opdagede at libtk-img var sårbar over for et bufferoverløb gennem særligt -fremstillede multi-frame interlacede GIF-filer.

    • - -
  • CVE-2007-5378 - -

    Man opdagede at libtk-img var sårbar over for et bufferoverløb gennem særligt -fremstillede GIF-filer med visse subimage-størrelser.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.3-release-7+lenny1.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 1.3-15etch3.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 1.3-release-8.

- -

Vi anbefaler at du opgraderer dine libtk-img-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1743.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1744.wml b/danish/security/2009/dsa-1744.wml deleted file mode 100644 index 6a3473d58ac..00000000000 --- a/danish/security/2009/dsa-1744.wml +++ /dev/null @@ -1,24 +0,0 @@ -manglende fornuftighedskontrol af inddata - -

Sebastien Helleu opdagede at en fejl i håndteringen af farvekoder i -IRC-klienten weechat, kunne forårsage læsning uden for grænserne i et internt -farvearray. Det kunne udnyttes af en angriber til at få brugerklienter til at -gå ned ved hjælp af en særligt fabrikeret PRIVMSG-kommando.

- -

Versionen af weechat i den gamle stabile distribution (etch) er ikke påvirket -af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.2.6-1+lenny1.

- -

I distribution testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.2.6.1-1.

- -

Vi anbefaler at du opgraderer dine weechat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1744.data" -#use wml::debian::translation-check translation="fc574375f17b0d5b28ca43df7c81c5f5d9d10317" mindelta="1" diff --git a/danish/security/2009/dsa-1745.wml b/danish/security/2009/dsa-1745.wml deleted file mode 100644 index 7938831e11d..00000000000 --- a/danish/security/2009/dsa-1745.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsproblemer er opdaget i lcms, et farvehåndteringsbibliotek. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-0581 - -

    Chris Evans opdagede at lcms er påvirket af en hukommelseslækage, hvilket -kunne medføre et lammelsesangreb (denial of service) gennem særligt fremstillede -billedfiler.

    • - -
  • CVE-2009-0723 - -

    Chris Evans opdagede at lcms er sårbar over for flere heltalsoverløb gennem -særligt fremstillede billedfiler, hvilket kunne føre til udførelse af vilkårlig -kode.

    • - -
  • CVE-2009-0733 - -

    Chris Evans opdagede at der manglende kontrol af øvre grænser på størrelser, -førende til et bufferoverløb, hvilket kunne anvendes til at udføre vilkårlig -kode.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.17.dfsg-1+lenny1.

- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 1.15-1.1+etch2.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine lcms-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1745.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1746.wml b/danish/security/2009/dsa-1746.wml deleted file mode 100644 index 041d68cd292..00000000000 --- a/danish/security/2009/dsa-1746.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

To sikkerhedsproblemer er opdaget i ghostscript, GPL Ghostscript -PostScript-/PDF-fortolkeren. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2009-0583 - -

    Jan Lieskovsky opdagede flere heltalsoverløb i ICC-biblioteket, hvilket -gjorde det muligt at udføre vilkårlig kode gennem fabrikerede ICC-profiler i -PostScript-filer med indlejrede billeder.

    • - -
  • CVE-2009-0584 - -

    Jan Lieskovsky opdagede at der var utilstrækkelige øvre grænse-kontroller på -visse variable størrelser i ICC-biblioteket, hvilket gjorde det muligt at udføre -vilkårlig kode gennem fabrikerede ICC-profiler i PostScript-filer med indlejrede -billeder.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 8.62.dfsg.1-3.2lenny1.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i version -8.54.dfsg.1-5etch2. Bemærk at pakken hedder gs-gpl i den gamle stabile -distribution.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine ghostscript/gs-gpl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1746.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1747.wml b/danish/security/2009/dsa-1747.wml deleted file mode 100644 index bec10459df6..00000000000 --- a/danish/security/2009/dsa-1747.wml +++ /dev/null @@ -1,24 +0,0 @@ -heltalsoverløb - -

Diego Pettenò opdagede at glib2.0, GLib's bibliotek med C-rutiner, -håndterede store strenge på usikker vis gennem dets -Base64-indkapslingsfunktioner. Det kunne mÃ¥ske føre til udførelse af -vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.16.6-1+lenny1.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.12.4-2+etch1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.20.0-1.

- -

Vi anbefaler at du opgraderer dine glib2.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1747.data" -#use wml::debian::translation-check translation="1dc9c4eafc8c4f6356ae08e1f599af20dfd5bf71" mindelta="1" diff --git a/danish/security/2009/dsa-1748.wml b/danish/security/2009/dsa-1748.wml deleted file mode 100644 index 0d91a6f59e5..00000000000 --- a/danish/security/2009/dsa-1748.wml +++ /dev/null @@ -1,21 +0,0 @@ -heltalsoverløb - -

Man opdagede at libsoup, et HTTP-bibliotek implementeret i C, håndterede -store strenge på usikker vis gennem dets Base64-indkapslingsfunktioner. Det -kunne måske føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.2.98-2+etch1.

- -

Den gamle stabile distribution (lenny), er ikke påvirket af dette -problem.

- -

Distributionen testing (squeeze) og den ustabile distribution (sid) -er ikke påvirket af dette problem.

- -

Vi anbefaler at du opgraderer dine libsoup-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1748.data" -#use wml::debian::translation-check translation="f9d445d37e91829181648356e7054a89f32cc38c" mindelta="1" diff --git a/danish/security/2009/dsa-1749.wml b/danish/security/2009/dsa-1749.wml deleted file mode 100644 index 16e0078d1bf..00000000000 --- a/danish/security/2009/dsa-1749.wml +++ /dev/null @@ -1,87 +0,0 @@ -lammelsesangreb/rettighedsforøgelse/lækage af følsom hukommelse - -

Flere sårbarheder er opdaget i Linux-kernen, hvilket måske kan føre til -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-0029 - -

    Christian Borntraeger opdagede et problem, der påvirkede arkitekturerne - alpha, mips, powerpc, s390 og sparc64, som gjorde det muligt for lokale - brugere at forårsage et lammelsesangreb eller potentielt få forøgede - rettigheder.

    • - -
  • CVE-2009-0031 - -

    Vegard Nossum opdagede en hukommelseslækage i keyctl-subsystemet, der - gjorde det muligt for lokale brugere at forårsage et lammelsesangreb ved at - forbruge al kernehukommelsen.

    • - -
  • CVE-2009-0065 - -

    Wei Yongjun opdagede et hukommelsesoverløb i SCTP-implementeringen, der - kunne udløses af fjernbrugere.

    • - -
  • CVE-2009-0269 - -

    Duane Griffin leverede en rettelse til et problem i eCryptfs-subsystemet, - der gjorde det muligt for lokale brugere at forårsage et lammelsesangreb - (nedbrud eller hukommelseskorruption).

    • - -
  • CVE-2009-0322 - -

    Pavel Roskin leverede en rettelse til et problem i dell_rbu-driveren, der - gjorde gjorde det muligt for en lokal bruger at forårsage et lammelsesangreb - (oops) ved at læse 0 bytes fra et sysfs-entry.

    • - -
  • CVE-2009-0676 - -

    Clement LECIGNE opdagede en fejl i funktionen sock_getsockopt, der måske - kunne medføre lækage af følsom kernehukommelse.

    • - -
  • CVE-2009-0675 - -

    Roel Kluin opdagede omvendt logik i skfddi-driveren, der tillod at - lokale brugere uden rettigheder, kunne nulstille - driverstatistikken.

    • - -
  • CVE-2009-0745 - -

    Peter Kerwien opdagede et problem i ext4-filsystemet, der gjorde det - muligt for lokale brugere at forårsage et lammelsesangreb (kerne-oops) under - en resize-handling.

    • - -
  • CVE-2009-0746 - -

    Sami Liedes rapporterede om et problem i ext4-filsystemet, der gjorde det - muligt for lokale brugere at forårsage et lammelsesangreb (kerne-oops) når - et særligt fremstillet korrupt filsystem blev tilgået.

    • - -
  • CVE-2009-0747 - -

    David Maciejak rapporterede om et problem i ext4-filsystemet, der gjorde - det muligt for lokale brugere at forårsage et lammelsesangreb (kerne-oops), - når et særligt fremstillet filsystem blev mountet.

    • - -
  • CVE-2009-0748 - -

    David Maciejak rapporterede om yderligere et problem i ext4-filsystemet, - der gjorde det muligt for lokale brugere at forårsage et lammelsesangreb - (kerne-oops), når et særligt fremstillet filsystem blev mountet.

    • - -
- -

I den gamle stabile distribution (etch), vil disse problemer, hvor relevant, -blive rettet i en fremtidig opdatering af linux-2.6 og linux-2.6.24.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.6.26-13lenny2.

- -

Vi anbefaler at du opgraderer dine linux-2.6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1749.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1750.wml b/danish/security/2009/dsa-1750.wml deleted file mode 100644 index 7052e79054e..00000000000 --- a/danish/security/2009/dsa-1750.wml +++ /dev/null @@ -1,68 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i libpng, et bibliotek til læsning og skrivning -af PNG-filer. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2007-2445 - -

    Funktionen png_handle_tRNS gjorde det muligt for angribere, at forårsage - et lammelsesangreb (programnedbrud) gennem et PNG-billede i gråskala, med en - defekt CRC-værdi i en tRNS-chuck.

    • - -
  • CVE-2007-5269 - -

    Visse former chunk-håndtering gjorde det muligt for angribere at forårsage - et lammelsesangreb (nedbrud) gennemt fabrikerede pCAL-, sCAL-, tEXt-, iTXt- - og ztXT-chunking i PNG-billeder, hvilket udløste læsning uden for - grænserne.

    • - -
  • CVE-2008-1382 - -

    libpng tillod at kontekstafhængige angribere kunne forårsage et - lammelsesangreb (nedbrud) og muligvis udføre vilkårlig kode gennem en PNG-fil - med "ukendte" chunks med en længde på nul, hvilket udløste tilgang til - uinitialiseret hukommelse.

    • - -
  • CVE-2008-5907 - -

    png_check_keyword tillod måske at kontekstafhængige angribere kunne - opsætte værdien på et vilkårligt hukommelsesområde til nul, gennem - angrebsvinkler der involverede fabrikation af PNG-filer med keywords.

    • - -
  • CVE-2008-6218 - -

    En hukommelseslækage i funktionen png_handle_tEXt gjorde det muligt for - kontaktafhængige angribere at forårsage et lammelsesangreb - (hukommelsesudmattelse) gennem en fabrikeret PNG-fil.

    • - -
  • CVE-2009-0040 - -

    libpng gjorde det muligt for kontaktafhængige angribere at forårsage et - lammelsesangreb (programnedbrud) eller muligvis udførelse af vilkårlig kode - gennem en fabrikeret PNG-fil, der udløste frigivelse af en uinitialiseret - pointer i (1) funktionen png_read_png, (2) pCAL-chunkhåndtering eller (3) - opsætning af 16-bits-gammatabeller.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 1.2.15~beta5-1+etch2.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.2.27-2+lenny2. (Kun CVE-2008-5907, -CVE-2008-5907 og -CVE-2009-0040 -påvirker i den stabile distribution.)

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.2.35-1.

- -

Vi anbefaler at du opgraderer dine libpng-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1750.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1751.wml b/danish/security/2009/dsa-1751.wml deleted file mode 100644 index bc45e3ba05f..00000000000 --- a/danish/security/2009/dsa-1751.wml +++ /dev/null @@ -1,59 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø til -XUL-applikationer så som webbrowseren Iceweasel. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-0771 - -

    Martijn Wargers, Jesse Ruderman og Josh Soref opdagede nedbrud i - layoutmaskinen, hvilket måske kunne gøre det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2009-0772 - -

    Jesse Ruderman opdagede nedbrud i layoutmaskinen, hvilket måske kunne - gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2009-0773 - -

    Gary Kwong og Timothee Groleau opdagede nedbrud i JavaScript-maskinen, - hvilket måske kunne gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2009-0774 - -

    Gary Kwong opdagede nedbrud i JavaScript-maskinen, hvilket måske kunne - gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2009-0775 - -

    Man opdagede at ukorrekt hukommelseshåndtering i DOM-elementhåndteringen, - måske kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2009-0776 - -

    Georgi Guninski opdagede en overtrædelse af samme ophav-reglen gennem - RDFXMLDataSource- og cross-domain-viderestillinger.

    • - -
- -

Som indikeret i udgivelsesbemærkningerne til etch, stopper -sikkerhedsunderstøttelsen af Mozilla-produkterne i den gamle stabile -distribution før det regulære ophør af sikkerhedsvedligeholden i etch. -Du opfordres kraftigt til at opgradere til den stabile distribution eller -skifte til en stadig understøttet browser.

- -

I den stabile distribution (lenny), er disse problemer rettet -i version 1.9.0.7-0lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.0.7-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1751.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1752.wml b/danish/security/2009/dsa-1752.wml deleted file mode 100644 index 6afa3707aba..00000000000 --- a/danish/security/2009/dsa-1752.wml +++ /dev/null @@ -1,19 +0,0 @@ -formatstrengssårbarhed - -

Wilfried Goesgens opdagede at WebCit, den webbaserede brugergrænseflade til -groupwaresystemet Citadel, indeholdt en formatstrengssårbarhed i komponenten -mini_calendar, hvilket måske gjorde det muligt at udføre vilkårlig kode -(CVE-2009-0364).

- -

I den stabile distribution (lenny), er dette problem rettet i -version 7.37-dfsg-7.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.38b-dfsg-2.

- -

Vi anbefaler at du opgraderer dine webcit-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1752.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1753.wml b/danish/security/2009/dsa-1753.wml deleted file mode 100644 index 207feb3e0d5..00000000000 --- a/danish/security/2009/dsa-1753.wml +++ /dev/null @@ -1,22 +0,0 @@ -ophør af understøttelse af Iceweasel i den gamle stabile distribution - - -

Som indikeret i udgivelsesbemærkningerne til etch, er det nødvendigt at lade -sikkerhedsunderstøttelsen af Iceweasel ophøre i den gamle stabile distribution -(etch), før det generelle ophør af sikkerhedsunderstøttelsen i denne -distribution.

- -

Du opfordres kraftigt til at opgradere til den stabile distribution eller -skifte til en browser, der stadig er understøttet.

- -

Som en sidebemærkning, linker udgaven af Iceweasel i Debians stabile -distribution (lenny) - den varemarkefrie udgave af browseren Firefox - -dynamisk mod biblioteket Xulrunner. Dermed skal de fleste sårbarheder, der -bliver fundet i Firefox, kun rettes i Xulrunner-pakken og kræver ikke længere -opdateringer af Iceweasel-pakken.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1753.data" -#use wml::debian::translation-check translation="844099c5d05f2d87eca00b17e02237cdd99dda28" mindelta="1" diff --git a/danish/security/2009/dsa-1754.wml b/danish/security/2009/dsa-1754.wml deleted file mode 100644 index 0376a99f517..00000000000 --- a/danish/security/2009/dsa-1754.wml +++ /dev/null @@ -1,23 +0,0 @@ -utilstrækkelige adgangskontroller - -

Man opdagede at roundup, et sagssporingssystem med en kommandolinje-, web- og -e-mail-grænseflade, tillod brugerene at redigere ressourcer på uautoriserede -måder, herunder give sig selv administratorrettigheder.

- -

Denne opdateringer introducerer strengere adgangskontroller, i virkeligheden -udøvelse af de opsatte rettigheder og roller. Det betyder, at opsætningen måske -skal opdateres. Desuden er brugerregistrering via webgrænseflade blevet -deaktiveret; anvend i stedet programmet "roundup-admin" fra kommandolinjen.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.2.1-10+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.4.4-4+lenny1.

- -

Vi anbefaler at du opgraderer din roundup-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1754.data" -#use wml::debian::translation-check translation="7da00370a2e3d97493e5c21f2b07ae7c588b9679" mindelta="1" diff --git a/danish/security/2009/dsa-1755.wml b/danish/security/2009/dsa-1755.wml deleted file mode 100644 index 25d92e76d17..00000000000 --- a/danish/security/2009/dsa-1755.wml +++ /dev/null @@ -1,20 +0,0 @@ -race-tilstand - -

Erik Sjoelund opdagede at en race-tilstand i stap-værktøjet, der leveres med -Systemtap, en instrumenteringssystem til Linux 2.6, gjorde det muligt for -medlemmer af stapusr-gruppen, at foretage en en lokal rettighedsforøgelse.

- -

Den gamle stabile distribution (etch) er ikke påvirket.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.0.20080705-1+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.0.20090314-2.

- -

Vi anbefaler at du opgraderer din systemtap-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1755.data" -#use wml::debian::translation-check translation="a7dfb027d06ba0e91610b7c291239c9cfdbb45c0" mindelta="1" diff --git a/danish/security/2009/dsa-1756.wml b/danish/security/2009/dsa-1756.wml deleted file mode 100644 index e8513e31ad0..00000000000 --- a/danish/security/2009/dsa-1756.wml +++ /dev/null @@ -1,47 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø til -XUL-applikationer, så som webbrowseren Iceweasel. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-1169 - -

    Sikkerhedsefterforskeren Guido Landi opdagede at XSL-stylesheet kunne - anvendes til at få browseren til at gå ned under en XSL-transformation. En - angriber kunne potentielt anvende dette nedbrud til at køre vilkårlig kode - på offerets computer.

    • - -
  • CVE-2009-1044 - -

    Sikkerhedsefterforskeren Nils rapporterede gennem TippingPoints Zero Day - Initiative at XUL-træmetoden _moveToEdgeShift i nogle tilfælde udløste - garbage-collection-rutiner på objekter, der stadig var i brug. I sådanne - tilfælde, gik browseren ned når den forsøgte at tilgå et tidligere - destrueret objekt, og nedbruddet kunne anvendes af en angriber til at køre - vilkårlig kode på offerets computer.

    • - -
- -

Bemærk, efter at have installeret disse opdatering, skal du genstarte alle -pakker, der anvender xulrunner, typisk iceweasel eller epiphany.

- -

Som indikeret i udgivelsesbemærkningerne til etch, er det nødvendigt at lade -sikkerhedsunderstøttelsen af Mozilla-produkter ophøre i den gamle stabile -distribution (etch), før det generelle ophør af sikkerhedsunderstøttelsen i -denne distribution. Du opfordres kraftigt til at opgradere til den stabile -distribution eller skifte til en browser, der stadig er understøttet.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -1.9.0.7-0lenny2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.0.8-1

- -

Vi anbefaler at du opgraderer din xulrunner-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1756.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1757.wml b/danish/security/2009/dsa-1757.wml deleted file mode 100644 index a4c232e6236..00000000000 --- a/danish/security/2009/dsa-1757.wml +++ /dev/null @@ -1,23 +0,0 @@ -SQL-indsprøjtning - - -

Man opdagede at auth2db, en IDS-logger, logviser og alarmgenerator, var -sårbar over for en SQL-indspøjtningssårbarhed, når der blev anvendt -multibyte-tegnindkapsling.

- -

Den gamle stabile distribution (etch) indeholder ikke auth2db.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.2.5-2+dfsg-1+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.2.5-2+dfsg-1.1.

- -

Vi anbefaler at du opgraderer dine auth2db-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1757.data" -#use wml::debian::translation-check translation="c2461915f178beb685dd131e7cca03cf36174211" mindelta="1" diff --git a/danish/security/2009/dsa-1758.wml b/danish/security/2009/dsa-1758.wml deleted file mode 100644 index dc9408e8732..00000000000 --- a/danish/security/2009/dsa-1758.wml +++ /dev/null @@ -1,22 +0,0 @@ -usikker oprettelse af opsætningsfil - -

Leigh James opdagede at nss-ldapd, et NSS-modul til brug af LDAP som -navngivelsestjenste, som standard oprettede opsætningsfilen -/etc/nss-ldapd.conf med læsbarhed for alle, hvilket kunne blotlægge den -opsatte LDAP-adgangskode, hvis der blev anvendt en ved tilslutning til -LDAP-serveren.

- -

Den gamle stabile distribution (etch) indeholder ikke nss-ldapd.

- -

I den stabile distribution (lenny) er dette problem rettet i -version 0.6.7.1.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 0.6.8.

- -

Vi anbefaler at du opgraderer din nss-ldapd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1758.data" -#use wml::debian::translation-check translation="74a0bb305c49bb01b982062b8b85e4b878211014" mindelta="1" diff --git a/danish/security/2009/dsa-1759.wml b/danish/security/2009/dsa-1759.wml deleted file mode 100644 index bce451c650f..00000000000 --- a/danish/security/2009/dsa-1759.wml +++ /dev/null @@ -1,22 +0,0 @@ -lammelsesangreb - - -

Gerd v. Egidy opdagede at Pluto IKE-dæmonen i strongswan, en -IPSec-implementering til linux, var sårbar over for lammelsesangreb gennem en -ondsindet pakke.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.8.0+dfsg-1+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 4.2.4-5+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1759.data" -#use wml::debian::translation-check translation="6afa0aa84260ae1468c97999d716ca879170cdaa" mindelta="1" diff --git a/danish/security/2009/dsa-1760.wml b/danish/security/2009/dsa-1760.wml deleted file mode 100644 index c03d68b0b4c..00000000000 --- a/danish/security/2009/dsa-1760.wml +++ /dev/null @@ -1,37 +0,0 @@ -lammelsesangreb - - -

To sårbarheder er opdaget i openswan, en IPSec-implementering til linux. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2008-4190 - -

    Dmitry E. Oboukhov opdagede at livetest-værktøjet anvendte midlertidige filer -på usikker vis, hvilket kunne føre til lammelsesangreb (denial of -service).

    • - -
  • CVE-2009-0790 - -

    Gerd v. Egidy opdagede at Pluto IKE-dæmonen i strongswan, var sårbar over for -lammelsesangreb gennem en ondsindet pakke.

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.4.6+dfsg.2-1.1+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.4.12+dfsg-1.3+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine openswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1760.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1761.wml b/danish/security/2009/dsa-1761.wml deleted file mode 100644 index 77b40e6bf85..00000000000 --- a/danish/security/2009/dsa-1761.wml +++ /dev/null @@ -1,28 +0,0 @@ -manglende fornuftighedskontrol af inddata - - -

Christian J. Eibl opdagede at TeX-filteret i Moodle, et webbaseret -kursushåndteringssystem, ikke på korrekt vis kontrollerede brugerinddata fra -visse TeX-kommandoer, hvilket gjorde det muligt for en angriber at include og -vise indholdet af vilkårlige systemfiler.

- -

Bemærk at det ikke påvirker installationer, der kun anvender -mimetex-miljøet.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.6.3-2+etch3.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.8.2.dfsg-3+lenny2.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.8.2.dfsg-5.

- -

Vi anbefaler at du opgraderer dine moodle-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1761.data" -#use wml::debian::translation-check translation="4f17670c2aa4793abd191a9f90de899d9006e25a" mindelta="1" diff --git a/danish/security/2009/dsa-1762.wml b/danish/security/2009/dsa-1762.wml deleted file mode 100644 index 74ea86e834f..00000000000 --- a/danish/security/2009/dsa-1762.wml +++ /dev/null @@ -1,22 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Man opdagede at icu, de interne komponenter til Unicode, ikke på korrekt vis -udførte fornuftighedskontrol af ugyldigt indkapslede data, hvilket kunne føre -til udførelse af skripter på tværs af websteder.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 3.6-2etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.8.1-3+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 4.0.1-1.

- -

Vi anbefaler at du opgraderer dine icu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1762.data" -#use wml::debian::translation-check translation="8b289073ceda857e2acbd29989410e15edf43e92" mindelta="1" diff --git a/danish/security/2009/dsa-1763.wml b/danish/security/2009/dsa-1763.wml deleted file mode 100644 index 57be0489701..00000000000 --- a/danish/security/2009/dsa-1763.wml +++ /dev/null @@ -1,22 +0,0 @@ -programmeringsfejl - -

Man opdagede at utilstrækkelige længdevalideringer i ASN.1-håndteringen i -OpenSSLs crypto-bibliotek, kunne føre til lammelsesangreb, når der blev -behandlet et manipuleret certifikat.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.9.8c-4etch5 af pakken openssl og i version 0.9.7k-3.1etch3 af pakken -openssl097.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.9.8g-15+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.9.8g-16.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1763.data" -#use wml::debian::translation-check translation="d3e042bb6fae38b8f35ca1fb5c2ee97f25a5721d" mindelta="1" diff --git a/danish/security/2009/dsa-1764.wml b/danish/security/2009/dsa-1764.wml deleted file mode 100644 index 61d7ed3e1b5..00000000000 --- a/danish/security/2009/dsa-1764.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i Tunapie, en GUI-frontend til video- og -radiostreams. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2009-1253 - -

    Kees Cook opdagede at usikker håndtering af midlertidige filer måske - kunne føre til et lokalt lammelsesnagreb (denial of service) gennem - symlink-angreb.

    • - -
  • CVE-2009-1254 - -

    Mike Coleman opdagede at utilstrækkelig indkapsling af stream-URL'er - måske kunne føre til udførelse af vilkårlige kommandoer, hvis en bruger - blev narret til at åbne et misdannet stream-URL.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i version -1.3.1-1+etch2. På grund af tekniske problemer, kan denne opdatering ikke -udgives synkront med den stabile (lenny) version, men vil snart være klar.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.1.8-2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din tunapie-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1764.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1765.wml b/danish/security/2009/dsa-1765.wml deleted file mode 100644 index f901043b3c7..00000000000 --- a/danish/security/2009/dsa-1765.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i horde3, webapplikationsframeworket horde. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-0932 - -

    Gunnar Wrobel opdagede en mappegennemløbssårbarhed, der gjorde det muligt for -angribere at include og udføre vilkårlige lokale filer gennem driver-parameteret -i Horde_Image.

    • - -
  • CVE-2008-3330 - -

    Man opdagede at en angriber kunne udføre skripter på tværs af websteder -gennem kontaktnavnet, hvilket gjorde det muligt for angribere at indsprøjte -vilkårlig HTML-kode. Det krævede at angribere havde adgang til at oprette -kontakter.

    • - -
  • CVE-2008-5917 - -

    Man opdagede at hordes XSS-filer var sårbar over for udførelse af skripter på -tværs af websteder, hvilket gjorde det muligt for angribere at indsprøjte -vilkårlig HTML-kode. Det var kun udnytbart når Internet Explorer blev -anvendt.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 3.1.3-4etch5.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 3.2.2+debian0-2, som allerede var med i udgivelsen af lenny.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 3.2.2+debian0-2.

- -

Vi anbefaler at du opgraderer dine horde3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1765.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1766.wml b/danish/security/2009/dsa-1766.wml deleted file mode 100644 index 0cd673ca1a5..00000000000 --- a/danish/security/2009/dsa-1766.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i MIT's referenceimplementering af Kerberos V5, -et system til autentifikation af brugere og tjenster på et netværk. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-0844 -

    Apple Product Security-holdet opdagede at SPNEGO GSS-API-mekanismen manglede -grænsekontroller, når der blev læst fra en netværksinputbuffer, medførende en -ugyldig læsning, der fik applikationen til at gå ned eller muligvis lække -oplysninger.

    • - -
  • CVE-2009-0845 -

    Under visse omstændigheder, refererede SPNEGO GSS-API-mekanismen til en -null-pointer, hvilket fik applikationen, der anvender biblioteket, til at gå -ned.

    • - -
  • CVE-2009-0847 -

    En ukorrekt længdekontrol inde i ASN.1-dekoderen i MIT krb5-implementeringen -gjorde det muligt for en uautoriseret fjernangriber at få kinit- eller -KDC-programmet til at gå ned.

    • - -
  • CVE-2009-0846 -

    Under visse omstændigheder i ASN.1-dekoderen frigav MIT krb5-implementeringen -en uinitialiseret pointer, hvilket kunne føre til lammelsesangreb (denial of -service) og muligvis udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.4.4-7etch7.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.6.dfsg.4~beta1-5lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.dfsg.4~beta1-13.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1766.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1767.wml b/danish/security/2009/dsa-1767.wml deleted file mode 100644 index 91c9a15248e..00000000000 --- a/danish/security/2009/dsa-1767.wml +++ /dev/null @@ -1,26 +0,0 @@ -usikre filrettigheder - - -

Man opdagede at multipathd fra multipath-tools, en værktøjskæde til -håndtering af disk-multipath-devicemap, anvendte usikre rettigheder på sin -unix-domain-control-socket, hvilket gjorde det muligt for lokale angribere at -sende kommandoer til multipathd, forhindre adgang til lagringsenheder eller -ødelægge filsystemsdata.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.4.7-1.1etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.4.8-14+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.4.8-15.

- -

Vi anbefaler at du opgraderer dine multipath-tools-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1767.data" -#use wml::debian::translation-check translation="f8beebfc73a0d37fdc6323b166cea255f61f3fe8" mindelta="1" diff --git a/danish/security/2009/dsa-1768.wml b/danish/security/2009/dsa-1768.wml deleted file mode 100644 index 85d7748d285..00000000000 --- a/danish/security/2009/dsa-1768.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

To sårbarheder blev opdaget i klientdelen af OpenAFS, et distribueret -filsystem.

- -
    - -
  • CVE-2009-1251 -

    En angriber med kontrol over en filserver eller evnen til at forfalske -RX-pakker, kunne måske udføre vilkårlig kode i kernetilstand på en -OpenAFS-klient, på grund af en sårbarhed i XDR-array-dekodning.

    • - -
  • CVE-2009-1250 -

    En angriber med kontrol over en filserver eller evnen til at forfalske -RX-pakker, kunne måske få OpenAFS-klienter til at gå ned, på grund af forkert -håndterede fejlreturkoder i kernemodulet.

    • - -
- -

Bemærk, at for at installere denne sikkerhedsopdatering, skal du genopbygge -OpenAFS' kernemodul. Sørg for også at opgradere openafs-modules-source, opbygge -et nyt kernemodel til dit system jf. vejledningen i -/usr/share/doc/openafs-client/README.modules.gz og dernæst enten stoppe og -genstarte openafs-client eller genstarte systemet, for at genindlæse -kernemodulet.

- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 1.4.2-6etch2.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.4.7.dfsg1-6+lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.4.10+dfsg1-1.

- -

Vi anbefaler at du opgraderer dine openafs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1768.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1769.wml b/danish/security/2009/dsa-1769.wml deleted file mode 100644 index d3e4a3563ee..00000000000 --- a/danish/security/2009/dsa-1769.wml +++ /dev/null @@ -1,59 +0,0 @@ -flere sårbarheder - -

Flere sårbarhede er opdaget i OpenJDK, en implementering af Java -SE-platformen.

- -
    - -
  • CVE-2006-2426 - -

    Oprettelse af store, midlertidige fonte, kunne opbruge den tilgængelige - diskplads, førende til en lammelsesangrebstilstad (denial of service).

    - -
    • - -
  • CVE-2009-0581 / CVE-2009-0723 / CVE-2009-0733 / CVE-2009-0793 - -

    Flere sårbarheder fandtes i det indlejrede LittleCMS-bibliotek, udnytbare - gennem fabrikerede billeder: en hukommelseslækage, medførende en - lammelsesangrebstilstand (CVE-2009-0581), - heap-baserede bufferoverløb, potentielt gørende det muligt at udføre - vilkårlig kode (CVE-2009-0723, - CVE-2009-0733), - og en null-pointer-dereference, førende til et lammelsesangreb - (CVE-2009-0793).

    • - -
  • CVE-2009-1093 - -

    LDAP-serverimplementeringen (i com.sun.jdni.ldap) lukkede ikke sockets på - korrekt vis, hvis der opstod en fejl, førende til en - lammelsesangrebstilstand.

    • - -
  • CVE-2009-1094 - -

    LDAP-klientimplementeringen (i com.sun.jdni.ldap) tillod at ondsindede - LDAP-servere kunne udføre vilkårlig kode på klienten.

    • - -
  • CVE-2009-1101 - -

    HTTP-serverimplementeringen (sun.net.httpserver) indeholdt en - uspecificeret lammelsesangrebssårbarhed.

    • - -
  • CVE-2009-1095 / CVE-2009-1096 / CVE-2009-1097 / CVE-2009-1098 - -

    Flere problemer i Java Web Start er blevet løst. Debians pakker - understøtter i øjeblikket ikke Java Web Start, så disse problemer er ikke - direkte udnytbare, men den relevante kode er ikke desto mindre blevet - opdateret.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 9.1+lenny2.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1769.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1770.wml b/danish/security/2009/dsa-1770.wml deleted file mode 100644 index d4e5c965e3d..00000000000 --- a/danish/security/2009/dsa-1770.wml +++ /dev/null @@ -1,39 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Flere sårbarheder er opdaget i imp4, en webmail-komponent til -horde-frameworket. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2008-4182 - -

    Man opdagede at imp4 indeholdt en sårbarhed i forbindelse med udførelse af -skripter på tværs af websteder (XSS) gennem brugerfeltet i en IMAP-session, -hvilket gjorde det muligt for angribere at indsprøjte vilkårlig -HTML-kode.

    • - -
  • CVE-2009-0930 - -

    Man opdagede at imp4 var sårbar over for flere angreb i forbindelse med -udførelse af skripter på tværs af websteder (XSS) gennem flere vektorer i -mailkode, der gjorde det muligt for angribere at indsprøjte vilkårlig -HTML-kode.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 4.1.3-4etch1.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 4.2-4, der allerede var indeholdt i udgivelsen af lenny.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 4.2-4.

- -

Vi anbefaler at du opgraderer dine imp4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1770.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1771.wml b/danish/security/2009/dsa-1771.wml deleted file mode 100644 index a919108dce7..00000000000 --- a/danish/security/2009/dsa-1771.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i ClamAV antivirus-værktøjet:

- -
    - -
  • CVE-2008-6680 - -

    Angribere kunne forårsage et lammelsesangreb (crash) gennem en fabrikeret - EXE-fil, der udløste en division med nul-fejl.

    • - -
  • CVE-2009-1270 - -

    Angribere kunne forårsage et lammelsesangreb (uendelig løkke) gennem en - fabrikeret tar-fil, der fik (1) clamd og (2) clamscan til at hænge.

    • - -

  • (no CVE Id yet)

    - -

    Angribere kunne forårsage et lammelsesangreb (crash) gennem en fabrikeret - EXE-fil, der fik udpakningsprogrammet UPack til at crashe.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 0.90.1dfsg-4etch19.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 0.94.dfsg.2-1lenny2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.95.1+dfsg-1.

- -

Vi anbefaler at du opgraderer dine clamav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1771.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1772.wml b/danish/security/2009/dsa-1772.wml deleted file mode 100644 index 90fee2bde9d..00000000000 --- a/danish/security/2009/dsa-1772.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

Sebastian Kramer opdagede to sårbarheder i udev, håndteringsdæmonen til /dev -og hotplug.

- -
    - -
  • CVE-2009-1185 - -

    udev kontrollede ikke NETLINK-meddelelesers oprindelise, hvilket gjorde - det muligt for lokale brugere at få root-rettigheder.

    • - -
  • CVE-2009-1186 - -

    udev indeholdt en bufferoverløbstilstand i path-indkapslingen, potentielt - gørende det muligt at udføre vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 0.105-4etch1.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 0.125-7+lenny1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din udev-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1772.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1773.wml b/danish/security/2009/dsa-1773.wml deleted file mode 100644 index 2da99122a1b..00000000000 --- a/danish/security/2009/dsa-1773.wml +++ /dev/null @@ -1,22 +0,0 @@ -heltalsoverløb - - -

Man opdagede at imagetops-filteret i cups, Common UNIX Printing System, var -sårbart over for et heltalsoverløb ved læsning af ondsindet fremstillede -TIFF-billeder.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.2.7-4etch7.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.3.8-1lenny5.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1773.data" -#use wml::debian::translation-check translation="7b05398c28d7d8d0cd6dc156e73f78cb13417b9b" mindelta="1" diff --git a/danish/security/2009/dsa-1774.wml b/danish/security/2009/dsa-1774.wml deleted file mode 100644 index fe0b21e3a1f..00000000000 --- a/danish/security/2009/dsa-1774.wml +++ /dev/null @@ -1,24 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Man opdagede at ejabberd, en distribueret og fejltolerant -Jabber-/XMPP-server, ikke på tilstrækkeligvis fornuftighedskontrollerede -MUC-logninger, hvilket gjorde det muligt for fjernangribere at udføre -skripter på tværs af websteder (XSS).

- -

Den gamle stabile distribution (etch) er ikke påvirket af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.0.1-6+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.5-1.

- -

Vi anbefaler at du opgraderer dine ejabberd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1774.data" -#use wml::debian::translation-check translation="7b05398c28d7d8d0cd6dc156e73f78cb13417b9b" mindelta="1" diff --git a/danish/security/2009/dsa-1775.wml b/danish/security/2009/dsa-1775.wml deleted file mode 100644 index 6be2cc1bd09..00000000000 --- a/danish/security/2009/dsa-1775.wml +++ /dev/null @@ -1,24 +0,0 @@ -lammelsesangreb - - -

Man opdagede at php-json-ext, en JSON-serialiser til PHP, var sårbar over for -et lammelsesangreb (deniel of service), når der blev modtaget en misdannet -streng gennem funktionen json_decode.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.2.1-3.2+etch1.

- -

Den stabile distribution (lenny) indeholder ikke en separat -php-json-ext-pakke, men det er indeholdt i php5-pakkerne, der snart vil blive -rettet.

- -

Distribution testing (squeeze) og den ustabile distribution (sid) -indeholder ikke en separat php-json-ext-pakke, men det er indeholdt i -php5-pakkerne.

- -

Vi anbefaler at du opgraderer dine php-json-ext-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1775.data" -#use wml::debian::translation-check translation="2a7dbf7fe8eb6bb4b4ec5a107535129e2e0b3893" mindelta="1" diff --git a/danish/security/2009/dsa-1776.wml b/danish/security/2009/dsa-1776.wml deleted file mode 100644 index d1732e5a46f..00000000000 --- a/danish/security/2009/dsa-1776.wml +++ /dev/null @@ -1,22 +0,0 @@ -programmeringsfejl - -

Man opdagede at Simple Linux Utility for Resource Management (SLURM), et -klyngejobhåndterings- og scheduleringssystem, ikke smed supplerende grupper væk. -Disse grupper kunne være systemgrupper med forøgede rettigheder, hvilket måske -kunne gøre det muligt for en gyldig SLURM-bruger, at opnå forøgede -rettigheder.

- -

Den gamle stabile distribution (etch) indeholder ikke en slurm-llnl-pakke.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.3.6-1lenny3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3.15-1.

- -

Vi anbefaler at du opgraderer din slurm-llnl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1776.data" -#use wml::debian::translation-check translation="41a6d459c77258b2fd767f1a301b8b323a07e733" mindelta="1" diff --git a/danish/security/2009/dsa-1777.wml b/danish/security/2009/dsa-1777.wml deleted file mode 100644 index 799861f045e..00000000000 --- a/danish/security/2009/dsa-1777.wml +++ /dev/null @@ -1,26 +0,0 @@ -filrettighedsfejl - -

Peter Palfrader opdagede at i revisionskontrolsystemet Git, på visse -arkitekturer, var filer under /usr/share/git-core/templates/ ejet af en -ikke-root-bruger. Dette gjorde det muligt for en bruger med denne uid på det -lokale system, at skrive til disse filer og muligvis forøge sine -rettigheder.

- -

Problemet påvirker kun arkitekturerne DEC Alpha og MIPS (stor og lille -endian).

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.4.4.4-4+etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.5.6.5-3+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.2.1-1.

- -

Vi anbefaler at du opgraderer din git-core-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1777.data" -#use wml::debian::translation-check translation="41a6d459c77258b2fd767f1a301b8b323a07e733" mindelta="1" diff --git a/danish/security/2009/dsa-1778.wml b/danish/security/2009/dsa-1778.wml deleted file mode 100644 index d3a3c9d1b5c..00000000000 --- a/danish/security/2009/dsa-1778.wml +++ /dev/null @@ -1,24 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Man opdagede et mahara, en elektronisk portfolio-, weblog- og CV-program, var -sårbart over for udførelse af skripter på tværs af websteder (XSS), på grund af -manglende fornuftighedskontrol af inddata i introduktionstekstfeltet i -brugerprofiler og alle tekstfelter i brugervisningen.

- -

Den gamle stabile distribution (etch) indeholder ikke mahara.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.4-4+lenny2.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.3-1.

- -

Vi anbefaler at du opgraderer dine mahara-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1778.data" -#use wml::debian::translation-check translation="dfb900886540cfd21954cb1c33a2ed082a8b23e4" mindelta="1" diff --git a/danish/security/2009/dsa-1779.wml b/danish/security/2009/dsa-1779.wml deleted file mode 100644 index 8bcae563ccd..00000000000 --- a/danish/security/2009/dsa-1779.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

To sårbarheder er opdaget i APT, den velkendte frontend til dpkg. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-1300 - -

    I tidszoner hvor sommertid indføres ved midnat, fejlede apts - cron.daily-skript, og forhindrede dermed nye sikkerhedsopdateringer i at - blive udført automatisk.

    • - -
  • CVE-2009-1358 - -

    Et arkiv, signeret med en udløbet eller tilbagekaldt OpenPGP-nøgle, - blev stadig betragtet som gyldigt af APT.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 0.6.46.4-0.1+etch1.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 0.7.20.2+lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.7.21.

- -

Vi anbefaler at du opgraderer din apt-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1779.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1780.wml b/danish/security/2009/dsa-1780.wml deleted file mode 100644 index ee1a9698ee7..00000000000 --- a/danish/security/2009/dsa-1780.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

To sårbarheder er opdaget i libdbd-pg-perl, DBI-drivermodulet til -PostgreSQL-databaseadgang (DBD::Pg).

- -
    - -
  • CVE-2009-0663 - -

    Et heap-baseret bufferoverløb kunne måske gøre det muligt for angribere at - udføre vilkårlig kode gennem applikationer, der læser rækker fra databasen - ved hjælp af funktionerne pg_getline og getline functions. (Mere almindelige - hentningsmetoder, så som selectall_arrayref og fetchrow_array, er ikke - påvirkede.)

    • - -
  • CVE-2009-1341 - -

    En hukommelseslækage i rutinenen, der fjerner citationstegn omkring - BYTEA-værdier returneret fra databasen, gjorde det muligt for angribere at - forårsage et lammelsesangreb (denial of service).

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 1.49-2+etch1.

- -

I den stabile distribution (lenny) og i den ustabile distribution (sid), -var disse problemer rettet i version 2.1.3-1 før udgivelsen af lenny.

- -

Vi anbefaler at du opgraderer din libdbd-pg-perl-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1780.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1781.wml b/danish/security/2009/dsa-1781.wml deleted file mode 100644 index b9d0cd239ac..00000000000 --- a/danish/security/2009/dsa-1781.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i ffmpeg, en multimedieafspiller, -server og --encoder. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2009-0385 - -

    Man opdagede at visning af misdannede 4X-filmfiler, kunne føre til -udførelse af vilkårlig kode.

    • - -
  • CVE-2008-3162 - -

    Man opdagede at anvendelse af en fabrikeret STR-fil, kunne føre til -udførelse afvilkårlig kode.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 0.cvs20060823-8+etch1.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 0.svn20080206-17+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 0.svn20080206-16.

- -

Vi anbefaler at du opgraderer dine ffmpeg-debian-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1781.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1782.wml b/danish/security/2009/dsa-1782.wml deleted file mode 100644 index 366c8589753..00000000000 --- a/danish/security/2009/dsa-1782.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i mplayer, en filmafspiller til Unix-lignende -systemer. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2009-0385 - -

    Man opdagede at visning af misdannede 4X-filmfiler, kunne føre til -udførelse af vilkårlig kode.

    • - -
  • CVE-2008-4866 - -

    Man opdagede at flere bufferoverløb kunne føre til udførelse af vilkårlig -kode.

    • - -
  • CVE-2008-5616 - -

    Man opdagede at visning af en misdannet TwinVQ-fil kunne føre til udførelse -af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 1.0~rc1-12etch7.

- -

I den stabile distribution (lenny), linker mplayer mod ffmpeg-debian.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), linker mplayer mod ffmpeg-debian.

- -

Vi anbefaler at du opgraderer dine mplayer-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1782.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1783.wml b/danish/security/2009/dsa-1783.wml deleted file mode 100644 index 553d767dcd6..00000000000 --- a/danish/security/2009/dsa-1783.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget, som påvirker MySQL, en relationsdatabaseserver, -og dens tilknyttede interaktive klientapplikation. Projektet Common -Vulnerabilities and Exposures har registeret følgende to problemer:

- -
    - -
  • CVE-2008-3963 - -

    Kay Roepke rapporterede, at MySQL-serveren ikke på korrekt vis håndterede - en tom bit-string-literal i et SQL-statement, hvilket gjorde det muligt for - en autentificeret angriber, at forårsage et lammelsesangreb (crash) i - mysqld. Problemet påvirker den gamle stabile distribution (etch), men ikke - den stabile distribution (lenny).

    • - -
  • CVE-2008-4456 - -

    Thomas Henlich rapporterede at MySQL's kommandelinjeklientapplikation - ikke indkapslede særlige HTML-tegn, når den kørte i HTML-uddatatilstand - (det vil sige "mysql --html ..."). Det kunne potentielt føre til udførelse - af skripter på tværs af websteder (cross-site scripting) eller utilsigtet - skript-rettighedsforøgelse, hvis uddataene blev vist i en browser eller - anvendt på et websted.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 5.0.32-7etch10.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 5.0.51a-24+lenny1.

- -

Vi anbefaler at du opgraderer dine mysql-dfsg-5.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1783.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1784.wml b/danish/security/2009/dsa-1784.wml deleted file mode 100644 index 11ed3c99ed1..00000000000 --- a/danish/security/2009/dsa-1784.wml +++ /dev/null @@ -1,25 +0,0 @@ -heltalsoverløb - - -

Tavis Ormandy opdagede flere heltalsoverløb i FreeType, et bibliotek til -behandling af og tilgang til skrifttypefiler, medførende et heap- eller -stakbaseret bufferoverløb, der fik applikationer til at gå ned eller gjorde -det muligt at udføre vilkårlig kode gennem fabrikerede skrifttypefiler.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.2.1-5+etch4.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.3.7-2+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.3.9-4.1.

- -

Vi anbefaler at du opgraderer dine freetype-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1784.data" -#use wml::debian::translation-check translation="82680090e697771dc380c8bad8404932d9ab2aba" mindelta="1" diff --git a/danish/security/2009/dsa-1785.wml b/danish/security/2009/dsa-1785.wml deleted file mode 100644 index af8455914e3..00000000000 --- a/danish/security/2009/dsa-1785.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i -netværkstrafik-analyseringsprogrammet Wireshark, hvilket måske kunne føre til -lammelsesangreb (denial of service) eller udførelse af vilkårlig kode. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-1210 - -

    En formatstrengssårbarhed blev opdaget i PROFINET-dissektoren.

    • - -
  • CVE-2009-1268 - -

    Dissektoren til Check Point High-Availability Protocol kunne tvinges til - at gå ned.

    • - -
  • CVE-2009-1269 - -

    Misdannede Tektronix-filer kunne føre til et nedbrud.

    • - -
- -

Den gamle stabile distribution (etch), er kun påvirket af CPHAP-nedbrudet, -der ikke i sig selv forudsætter en opdatering. Rettelsen vil blive gemt til -en kommende sikkerhedsopdatering eller punktopdatering.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.0.2-3+lenny5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.7-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1785.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1786.wml b/danish/security/2009/dsa-1786.wml deleted file mode 100644 index d9a66a2a096..00000000000 --- a/danish/security/2009/dsa-1786.wml +++ /dev/null @@ -1,22 +0,0 @@ -lammelsesangreb - - -

Man opdagede at acpid, en dæmon til levering af ACPI-begivenheder, var sårbar -over for et lammelsesangreb (denial of service) ved at åbne et stort antal -UNIX-sockets, der ikke blev lukket korrekt.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.8-1lenny1.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.0.4-5etch1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 1.0.10-1.

- -

Vi anbefaler at du opgraderer dine acpid-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1786.data" -#use wml::debian::translation-check translation="8678a34697a60c77009995210cf44a18ff9f5708" mindelta="1" diff --git a/danish/security/2009/dsa-1787.wml b/danish/security/2009/dsa-1787.wml deleted file mode 100644 index e594bd3a2b6..00000000000 --- a/danish/security/2009/dsa-1787.wml +++ /dev/null @@ -1,175 +0,0 @@ -lammelsesangreb/rettighedsforøgelse/informationslækage - - -

Flere sårbarheder er opdaget i Linux-kernen, hvilket måske kan føre til et -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-4307 - -

    Bryn M. Reeves rapporterede om et lammelsesangreb i NFS-filsystemet. - Lokale brugere kunne udløse en kerne-BUG() på grund af en race-tilstand i - funktionen do_setlk.

    • - -
  • CVE-2008-5079 - -

    Hugo Dias rapporterede om en lammelsesangrebstilstand i - ATM-undersystemet, der kunne udløses af en lokal bruger, ved at kalde - funktionen svc_listen to gange på den samme socket og læse - /proc/net/atm/*vc.

    • - -
  • CVE-2008-5395 - -

    Helge Deller opdagede en lammelsesangrebstilstand, der gjorde det muligt - for lokale brugere på PA-RISC-systemer, at få det til at gå ned, ved at - forsøge at afvikle en stak indeholdende adresser fra brugerrummet.

    • - -
  • CVE-2008-5700 - -

    Alan Cox opdagede at der manglende minimumstimeouts på - SG_IO-forespørgsler, hvilket gjorde det muligt for lokale brugere af - systemer, der anvender ATA, at forårsage et lammelsesangreb ved at - tvinge drev i PIO-tilstand.

    • - -
  • CVE-2008-5701 - -

    Vlad Malov rapporterede om et problem på 64-bit MIPS-systemer, hvor en - lokal bruger kunne forårsage et systemnedbrud ved at fabrikere en ondsindet - binær fil, der foretog o32-syscalls, med et nummer lavere end 4000.

    • - -
  • CVE-2008-5702 - -

    Zvonimir Rakamaric rapporterede om en forskud med en-fejl i - ib700wdt-watchdogdriveren, hvilket gjorde det muligt for lokale brugere at - forårsage et bufferunderløb, ved at foretage et fabrikeret - WDIOC_SETTIMEOUT-ioctl-kald.

    • - -
  • CVE-2009-0028 - -

    Chris Evans opdagede en situation, hvor en childproces kunne sende - vilkårlige signaler til sit ophav.

    • - -
  • CVE-2009-0029 - -

    Christian Borntraeger opdagede at problem, der påvirkede arkitekturerne - alpha, mips, powerpc, s390 og sparc64, hvilket gjorde det muligt for lokale - brugere at forårsage et lammelsesangreb eller potentielt få forøgede - rettigheder.

    • - -
  • CVE-2009-0031 - -

    Vegard Nossum opdagede en hukommelseslækage i keyctl-undersystemet, - hvilket gjorde det muligt for lokale brugere at forårsage et lammelsesangreb - ved at opbruge al kernehukommelse.

    • - -
  • CVE-2009-0065 - -

    Wei Yongjun opdagede et hukommelsesoverløb i SCTP-implementeringen, der - kunne udløses af fjernbrugere, gørende det muligt at fjernudføre - kode.

    • - -
  • CVE-2009-0269 - -

    Duane Griffin leverede en rettelse til et problem i - eCryptfs-undersystemet, der gjorde det muligt for lokale brugere at - forårsage et lammelsesanreb (fault eller hukommelseskorruption).

    • - -
  • CVE-2009-0322 - -

    Pavel Roskin leverede en rettelse til et problem dell_rbu-driveren, der - gjorde det muligt for en lokal bruger at forårsage et lammelsesangreb (oops) - ved at læse 0 bytes fra en sysfs-post.

    • - -
  • CVE-2009-0675 - -

    Roel Kluin opdagede omvendt logik i skfddi-driveren, der tillod at lokale - upriviligerede brugere at nulstille driverens statistik.

    • - -
  • CVE-2009-0676 - -

    Clement LECIGNE opdagede en fejl i funktionen sock_getsockopt, der måske - kunne medføre lækage af følsom kernehukommelse.

    • - -
  • CVE-2009-0745 - -

    Peter Kerwien opdagede et problem i ext4-filsystemet, der gjorde det - muligt for lokale brugere at forårsage et lammelsesangreb (kerne-oops) - under en resize-handling.

    • - -
  • CVE-2009-0834 - -

    Roland McGrath opdagede et problem i amd64-kerner, der gjorde det - muligt for lokale brugere at omgå systemkaldsauditopsætninger, der - filtrerer baseret på syscall-numre eller argument-detaljer.

    • - -
  • CVE-2009-0859 - -

    Jiri Olsa opdagede at en lokal bruger kunne forårsage et lammelsesangreb - (hængende system) ved hjælp af SHM_INFO-shmctl-kaldet i kerner kompileret - med CONFIG_SHMEM slået fra. Dette problem påvirker præopbyggede - Debian-kerner.

    • - -
  • CVE-2009-1046 - -

    Mikulas Patocka rapporterede om et problem i console-undersystemet, der - gjorde det muligt for en lokal bruger at forårsage hukommelseskorruption ved - at vælge et lille antal UTF-8-tegn på tre byte.

    • - -
  • CVE-2009-1192 - -

    Shaohua Li rapporterede om et problem i AGP-undersystemet, der måske - kunne gøre det muligt for lokale brugere, at læse følsom kernehukommelse på - grund af en lækage af uinitialiseret hukommelse.

    • - -
  • CVE-2009-1242 - -

    Benjamin Gilbert rapporterede om en lokal lammelsesangrebssårbarhed i - KVM VMX-implementeringen, der gjorde det muligt for lokale brugere at udløse - en oops.

    • - -
  • CVE-2009-1265 - -

    Thomas Pollet rapporterede om et overløb i af_rose-implementeringen, - der gjorde det muligt for fjernangribere at hente uinitialiseret - kernehukommelse, som måske kunne indeholde følsomme oplysninger.

    • - -
  • CVE-2009-1337 - -

    Oleg Nesterov opdagede et problem i funktionen exit_notify, der gjorde - det muligt for lokale brugere at sende et vilkårlig signal til en proces, - ved at køre et problem, der ændrede feltet exit_signal og dernæst anvendte - et exec-systemkald til at starte en setuid-applikation.

    • - -
  • CVE-2009-1338 - -

    Daniel Hokka Zakrisson opdagede at en kill(-1) havde tilladelse til at - nå processer uden for den aktuelle proces' navnerum.

    • - -
  • CVE-2009-1439 - -

    Pavan Naregundi rapporterede om et problem i CIFS-filsystemkoden, der - gjorde det muligt for fjernbrugere at overskrive hukommelse gennem et - langt nativeFileSystem-felt i et Tree Connect-svar under mount.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 2.6.24-6~etchnhalf.8etch1.

- -

Vi anbefaler at du opgraderer dine linux-2.6.24-pakker.

- -

Bemærk: Debian 'etch' indeholder linux-kernepakker baseret både på udgaverne -2.6.18 og 2.6.24. Alle kendte sikkerhedsproblemer er omhyggeligt sporet mod -begge pakker, og begge pakker vil modtage sikkerhedsopdateringer indtil Debians -sikkerhedsunderstøttelse af 'etch' ophører. Men den store mængde -sikkerhedsproblemer af lav prioritet, der opdages i kernen og ressourcekravene -til at foretage en opdatering, taget i betragtning, vil problemer af lavere -sikkerhedsprioritet i 2.6.18 og 2.6.24 typisk blive opsamlet og udgivet i større -klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1787.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1788.wml b/danish/security/2009/dsa-1788.wml deleted file mode 100644 index 2ca62d597d2..00000000000 --- a/danish/security/2009/dsa-1788.wml +++ /dev/null @@ -1,21 +0,0 @@ -ukorrekt assertion - -

Man opdagede at Quagga, en IP-routingdæmon, ikke længere kunne behandle -internets routingtabel, på grund af defekt håndtering af flere AS-numre på fire -byte i en AS-sti. Hvis et sådant præfiks blev modtaget, gik BGP-dæmonen ned med -en assert-fejl, førende til et lammelsesangreb (denial of service).

- -

Den gamle stabile distribution (etch) er ikke påvirket af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.99.10-1lenny2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.99.11-2.

- -

Vi anbefaler at du opgraderer din quagga-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1788.data" -#use wml::debian::translation-check translation="a93c2621cebe96d479eae8e01c2c94b21b200be0" mindelta="1" diff --git a/danish/security/2009/dsa-1789.wml b/danish/security/2009/dsa-1789.wml deleted file mode 100644 index 8e0ffeb1861..00000000000 --- a/danish/security/2009/dsa-1789.wml +++ /dev/null @@ -1,95 +0,0 @@ -flere sårbarheder - - -

Flere fjernudnytbare sårbarheder er opdaget i hypertekst-præprocessoren -PHP 5. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer.

- -

Følgende fire sårbarheder blev allerede rettet i den stabile (lenny) -version af php5, før lenny blev udgivet. Opdateringen tager nu også hånd om -problemerne i etch (oldstable):

- -
    - -
  • CVE-2008-2107 / - CVE-2008-2108 - -

    Makroen GENERATE_SEED havde flere problemer, der gjorde det lettere at - forudsige tilfældige tal, hvorved angreb mod foranstaltninger, der - anvender rand() eller mt_rand() som en del af en beskyttelse, blev - gjort nemmere.

    • - -
  • CVE-2008-5557 - -

    Et bufferoverløb i mbstring-udvidelsen, gjorde det muligt for angribere - at udføre vilkårlig kode gennem en fabrikeret streng indeholdende en - HTML-entitet.

    • - -
  • CVE-2008-5624 - -

    Variablerne page_uid og page_gid var ikke korrekt opsat, hvilket gjorde - det muligt at anvende noget funktionalitet, som skulle være begrænset til - root.

    • - -
  • CVE-2008-5658 - -

    En mappegennemløbssårbarhed i funktionen ZipArchive::extractTo, gjorde - det muligt for angribere at skrive vilkårlige filer gennem en ZIP-fil med - en fil, hvis navn indeholdt sekvenser med .. (punktum-punktum).

    • - -
- -

Opdateringen dækker desuden følgende tre sårbarheder, der fandtes i både -oldstable (etch) og stable (lenny):

- -
    - -
  • CVE-2008-5814 - -

    Sårbarhed i forbindelse med udførelse af skripter på tværs af websteder - (XSS), når display_errors var slået til, gjorde det muligt for - fjernangribere at indsprøjte vilkårligt webskript eller HTML.

    • - -
  • CVE-2009-0754 - -

    Ved afvikling under Apache, tillod PHP at lokale brugere kunne ændre - andre websteders virkemåde, hvis de var hosted på den samme webserver, ved - at ændre indstillingen mbstring.func_overload i .htaccess, hvilket medførte - at denne indstilling også blev anvendt på andre virtuelle hosts på den - samme server.

    • - -
  • CVE-2009-1271 - -

    Funktionen JSON_parser tillod et lammelsesangreb (segmenteringsfejl) - gennem en misdannet streng til json_decode-API-funktionen.

    • - -
- -

Desuden er to opdateringer, som oprindelig var planlagt til den næste -punktopdateringer af oldstabel, medtaget i etch-pakken:

- -
    - -

  • Lad PHP anvende systems tidszonedatabase i stedet for den indlejrede - database, der er forældet.

    • - -

  • Det uanvendte 'dbase'-modul er fjernet fra kildekode-tarball'en, - på grund af licenseringsproblemer.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 5.2.0+dfsg-8+etch15.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 5.2.6.dfsg.1-1+lenny3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.2.9.dfsg.1-1.

- -

Vi anbefaler at du opgraderer din php5-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1789.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1790.wml b/danish/security/2009/dsa-1790.wml deleted file mode 100644 index 7906698b2c2..00000000000 --- a/danish/security/2009/dsa-1790.wml +++ /dev/null @@ -1,106 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i xpdf, en samling værktøjer til visning og -konvertering af Portable Document Format-filer (PDF).

- -

Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-0146 - -

    Flere bufferoverløb i JBIG2-dekoderen i Xpdf 3.02pl2 og tidligere, CUPS - 1.3.9 og tidligere, samt andre produkter, gjorde det muligt for - fjernangribere at forårsage lammelsesangreb (crash) gennem en fabrikeret - PDF-fil, i forbindelse med (1) JBIG2SymbolDict::setBitmap og (2) - JBIG2Stream::readSymbolDictSeg.

    • - -
  • CVE-2009-0147 - -

    Flere bufferoverløb i JBIG2-dekoderen i Xpdf 3.02pl2 og tidligere, CUPS - 1.3.9 og tidligere, samt andre produkter, gjorde det muligt for - fjernangribere at forårsage lammelsesangreb (crash) gennem en fabrikeret - PDF-fil, i forbindelse med (1) JBIG2Stream::readSymbolDictSeg, (2) - JBIG2Stream::readSymbolDictSeg og (3) JBIG2Stream::readGenericBitmap.

    • - -
  • CVE-2009-0165 - -

    Heltalsoverløb i JBIG2-dekoderen i Xpdf 3.02pl2 og tidligere, anvendt i - Poppler og andre produkter, når der afvikles under Mac OS X, har et - uspecificeret påvirkning i forbindelse med "g*allocn."

    • - -
  • CVE-2009-0166 - -

    JBIG2-dekoderen i Xpdf 3.02pl2 og tidligere, CUPS 1.3.9 og tidligere, - samt andre produkter, gjorde det muligt for fjernangribere at forårsage - et lammelsesangreb (crash) gennem en fabrikeret PDF-fil, der udløste en - frigivelse af uinitialiseret hukommelse.

    • - -
  • CVE-2009-0799 - -

    JBIG2-dekoderen i Xpdf 3.02pl2 og tidligere, CUPS 1.3.9 og tidligere, - Poppler før 0.10.6, samt andre produkter, gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (crash) gennem en fabrikeret - PDF-fil, der udløste en læsning uden for grænserne.

    • - -
  • CVE-2009-0800 - -

    Flere fejl i forbindelse med validering af inddata i JBIG2-dekoderen i - Xpdf 3.02pl2 og tidligere, CUPS 1.3.9 og tidligere, Poppler før 0.10.6, samt - andre produkter, gjorde det muligt for fjernangribere at udføre vilkårlig - kode gennem en fabrikeret PDF-fil.

    • - -
  • CVE-2009-1179 - -

    Heltalsoverløb i JBIG2-dekoderen i Xpdf 3.02pl2 og tidligere, CUPS 1.3.9 - og tidligere, Poppler før 0.10.6, samt andre produkter, gjorde det muligt - for fjernangribere at udføre vilkårlig kode gennem en fabrikeret - PDF-fil.

    • - -
  • CVE-2009-1180 - -

    JBIG2-dekoderen i Xpdf 3.02pl2 og tidligere, CUPS 1.3.9 og tidligere, - Poppler før 0.10.6, samt andre produkter, gjorde det muligt for - fjernangribere at udføre vilkårlig kode gennem en fabrikeret PDF-fil, der - udløste en frigivelse af ugyldige data.

    • - -
  • CVE-2009-1181 - -

    JBIG2-dekoderen i Xpdf 3.02pl2 og tidligere, CUPS 1.3.9 og tidligere, - Poppler før 0.10.6, samt andre produkter, gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (crash) gennem en fabrikeret - PDF-fil, der udløste en NULL-pointer-dereference.

    • - -
  • CVE-2009-1182 - -

    Flere bufferoverløb i JBIG2 MMR-dekoderen i Xpdf 3.02pl2 og tidligere, - CUPS 1.3.9 og tidligere, Poppler før 0.10.6, samt andre produkter, gjorde - det muligt for fjernangribere at udføre vilkårlig kode gennem en - fabrikeret PDF-fil.

    • - -
  • CVE-2009-1183 - -

    JBIG2 MMR-dekoderen i Xpdf 3.02pl2 og tidligere, CUPS 1.3.9 og tidligere, - Poppler før 0.10.6, samt andre produkter, gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (uendelig løkke) gennem en - fabrikeret PDF-fil.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i version -3.01-9.1+etch6.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -3.02-1.4+lenny1.

- -

I den ustabile distribution (sid), vil disse problemer blive rettet i en -kommende version.

- -

Vi anbefaler at du opgraderer dine xpdf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1790.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1791.wml b/danish/security/2009/dsa-1791.wml deleted file mode 100644 index 3620dd505ae..00000000000 --- a/danish/security/2009/dsa-1791.wml +++ /dev/null @@ -1,22 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Man opdagede at handlingen AttachFile i moin, en python-klon af WikiWiki, -var sårbar over angreb i forbindelse med udførelse af skripter på tværs af -websteder, ved omdøbning af vedhæftede filer eller udførelse af andre -delhandlinger.

- -

Den gamle stabile distribution (etch) er ikke sårbar.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.7.1-3+lenny2.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine moin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1791.data" -#use wml::debian::translation-check translation="fd03c926781cce6692883556618f3c91c8ca37a1" mindelta="1" diff --git a/danish/security/2009/dsa-1792.wml b/danish/security/2009/dsa-1792.wml deleted file mode 100644 index 64483b03432..00000000000 --- a/danish/security/2009/dsa-1792.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i drupal, et webindholdshåndteringssystem. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-1575 - -

    pod.Edge opdagede en sårbarhed i forbindelse med udførelse af skripter - på tværs af websteder, der kunne udløses når nogle browsere fortolkede - UTF-8-strenge som UTF-7, hvis de viste sig før det genererede HTML-dokument - havde defineret sin Content-Type. Det gjorde det muligt for en ondsindet - bruger at udføre vilkårligt JavaScript i webstedets kontekst, hvis - vedkommende var tildelt rettigheder til at offentliggøre indhold.

    • - -
  • CVE-2009-1576 - -

    Moritz Naumann opdagede en informationsblotlæggelsessårbarhed. Hvis en - bruger blev narret til at besøge webstedet gennem en særligt fremstillet - URL og dernæst submit'ede en formular (så som en søgeboks) fra denne side, - kunne de indsendte oplysninger blive omdirigeret til en tredjeparts websted - afgjort af URL'en og dermed afslørede til pågældende tredjepart. - Tredjepartens websted kunne dernæst udføre et angreb i forbindelse med - forespørgsforfalsking på tværs af webstederne, mod den indsendte - formular.

    • - -
- -

Den gamle stabile distribution (etch) indeholder ikke drupal og er dermed -ikke berørt.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -6.6-3lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 6.11-1

- -

Vi anbefaler at du opgraderer din drupal6-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1792.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1793.wml b/danish/security/2009/dsa-1793.wml deleted file mode 100644 index cef867fc057..00000000000 --- a/danish/security/2009/dsa-1793.wml +++ /dev/null @@ -1,95 +0,0 @@ -flere sårbarheder - - -

kpdf, et KDE-program til visning af Portable Document Format-filer (PDF), er -baseret på programmet xdpf, og er derfor ramt af fejl svarende til dem, der er -beskrevet i DSA-1790.

- -

Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-0146 - -

    Flere bufferoverløb i JBIG2-dekoderen i kpdf gjorde det muligt for - fjernangribere at forårsage lammelsesangreb (crash) gennem en fabrikeret - PDF-fil, i forbindelse med (1) JBIG2SymbolDict::setBitmap og (2) - JBIG2Stream::readSymbolDictSeg.

    • - -
  • CVE-2009-0147 - -

    Flere bufferoverløb i JBIG2-dekoderen i kpdf gjorde det muligt for - fjernangribere at forårsage lammelsesangreb (crash) gennem en fabrikeret - PDF-fil, i forbindelse med (1) JBIG2Stream::readSymbolDictSeg, (2) - JBIG2Stream::readSymbolDictSeg og (3) JBIG2Stream::readGenericBitmap.

    • - -
  • CVE-2009-0165 - -

    Heltalsoverløb i JBIG2-dekoderen i kpdf havde en - uspecificeret påvirkning i forbindelse med "g*allocn."

    • - -
  • CVE-2009-0166 - -

    JBIG2-dekoderen i kpdf gjorde det muligt for fjernangribere at forårsage - et lammelsesangreb (crash) gennem en fabrikeret PDF-fil, der udløste en - frigivelse af uinitialiseret hukommelse.

    • - -
  • CVE-2009-0799 - -

    JBIG2-dekoderen i kpdf gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (crash) gennem en fabrikeret - PDF-fil, der udløste en læsning uden for grænserne.

    • - -
  • CVE-2009-0800 - -

    Flere fejl i forbindelse med validering af inddata i JBIG2-dekoderen i - kpdf gjorde det muligt for fjernangribere at udføre vilkårlig - kode gennem en fabrikeret PDF-fil.

    • - -
  • CVE-2009-1179 - -

    Heltalsoverløb i JBIG2-dekoderen i kpdf gjorde det muligt - for fjernangribere at udføre vilkårlig kode gennem en fabrikeret - PDF-fil.

    • - -
  • CVE-2009-1180 - -

    JBIG2-dekoderen i kpdf gjorde det muligt for - fjernangribere at udføre vilkårlig kode gennem en fabrikeret PDF-fil, der - udløste en frigivelse af ugyldige data.

    • - -
  • CVE-2009-1181 - -

    JBIG2-dekoderen i kpdf gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (crash) gennem en fabrikeret - PDF-fil, der udløste en NULL-pointer-dereference.

    • - -
  • CVE-2009-1182 - -

    Flere bufferoverløb i JBIG2 MMR-dekoderen i kpdf gjorde - det muligt for fjernangribere at udføre vilkårlig kode gennem en - fabrikeret PDF-fil.

    • - -
  • CVE-2009-1183 - -

    JBIG2 MMR-dekoderen i kpdf, gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (uendelig løkke) gennem en - fabrikeret PDF-fil.

    • - -
- -

Den gamle stabile distribution (etch), er disse problemer rettet i version -3.5.5-3etch3.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -3.5.9-3+lenny1.

- -

I den ustabile distribution (sid), vil disse problems snart blive rettet.

- -

Vi anbefaler at du opgraderer dine kdegraphics-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1793.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1794.wml b/danish/security/2009/dsa-1794.wml deleted file mode 100644 index 572ffac7ffb..00000000000 --- a/danish/security/2009/dsa-1794.wml +++ /dev/null @@ -1,141 +0,0 @@ -lammelsesangreb/rettighedsforøgelse/informationslækage - - -

Flere sårbarheder er opdaget i Linux-kernen, hvilket måske kan føre til et -lammelsesangreb (denial of service), rettighedsforøgelse eller -informationslækage. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2008-4307 - -

    Bryn M. Reeves rapporterede om et lammelsesangreb i NFS-filsystemet. - Lokale brugere kunne udløse en kerne-BUG() på grund af en race-tilstand i - funktionen do_setlk.

    • - -
  • CVE-2008-5395 - -

    Helge Deller opdagede en lammelsesangrebstilstand, der gjorde det muligt - for lokale brugere på PA-RISC-systemer, at få det til at gå ned, ved at - forsøge at afvikle en stak indeholdende adresser fra brugerrummet.

    • - - -
  • CVE-2008-5701 - -

    Vlad Malov rapporterede om et problem på 64-bit MIPS-systemer, hvor en - lokal bruger kunne forårsage et systemnedbrud ved at fabrikere en ondsindet - binær fil, der foretog o32-syscalls, med et nummer lavere end 4000.

    • - -
  • CVE-2008-5702 - -

    Zvonimir Rakamaric rapporterede om en forskud med en-fejl i - ib700wdt-watchdogdriveren, hvilket gjorde det muligt for lokale brugere at - forårsage et bufferunderløb, ved at foretage et fabrikeret - WDIOC_SETTIMEOUT-ioctl-kald.

    • - -
  • CVE-2009-0028 - -

    Chris Evans opdagede en situation, hvor en childproces kunne sende - vilkårlige signaler til sit ophav.

    • - -
  • CVE-2009-0029 - -

    Christian Borntraeger opdagede at problem, der påvirkede arkitekturerne - alpha, mips, powerpc, s390 og sparc64, hvilket gjorde det muligt for lokale - brugere at forårsage et lammelsesangreb eller potentielt få forøgede - rettigheder.

    • - -
  • CVE-2009-0031 - -

    Vegard Nossum opdagede en hukommelseslækage i keyctl-undersystemet, - hvilket gjorde det muligt for lokale brugere at forårsage et lammelsesangreb - ved at opbruge al kernehukommelse.

    • - -
  • CVE-2009-0065 - -

    Wei Yongjun opdagede et hukommelsesoverløb i SCTP-implementeringen, der - kunne udløses af fjernbrugere, gørende det muligt at fjernudføre - kode.

    • - -
  • CVE-2009-0322 - -

    Pavel Roskin leverede en rettelse til et problem dell_rbu-driveren, der - gjorde det muligt for en lokal bruger at forårsage et lammelsesangreb (oops) - ved at læse 0 bytes fra en sysfs-post.

    • - -
  • CVE-2009-0675 - -

    Roel Kluin opdagede omvendt logik i skfddi-driveren, der tillod at lokale - upriviligerede brugere at nulstille driverens statistik.

    • - -
  • CVE-2009-0676 - -

    Clement LECIGNE opdagede en fejl i funktionen sock_getsockopt, der måske - kunne medføre lækage af følsom kernehukommelse.

    • - -
  • CVE-2009-0834 - -

    Roland McGrath opdagede et problem i amd64-kerner, der gjorde det - muligt for lokale brugere at omgå systemkaldsauditopsætninger, der - filtrerer baseret på syscall-numre eller argument-detaljer.

    • - -
  • CVE-2009-0859 - -

    Jiri Olsa opdagede at en lokal bruger kunne forårsage et lammelsesangreb - (hængende system) ved hjælp af SHM_INFO-shmctl-kaldet i kerner kompileret - med CONFIG_SHMEM slået fra. Dette problem påvirker præopbyggede - Debian-kerner.

    • - -
  • CVE-2009-1192 - -

    Shaohua Li rapporterede om et problem i AGP-undersystemet, der måske - kunne gøre det muligt for lokale brugere, at læse følsom kernehukommelse på - grund af en lækage af uinitialiseret hukommelse.

    • - -
  • CVE-2009-1265 - -

    Thomas Pollet rapporterede om et overløb i af_rose-implementeringen, - der gjorde det muligt for fjernangribere at hente uinitialiseret - kernehukommelse, som måske kunne indeholde følsomme oplysninger.

    • - -
  • CVE-2009-1336 - -

    Trond Myklebust rapporterede om et problem i funktionen encode_lookup() - i nfs-server-undersystemet, der gjorde det muligt for lokale brugere at - forårsage et lammelsesangreb (oops i encode_lookup()) ved anvendelse af et - langt filnavn.

    • - -
  • CVE-2009-1337 - -

    Oleg Nesterov opdagede et problem i funktionen exit_notify, der gjorde - det muligt for lokale brugere at sende et vilkårlig signal til en proces, - ved at køre et problem, der ændrede feltet exit_signal og dernæst anvendte - et exec-systemkald til at starte en setuid-applikation.

    • - -
  • CVE-2009-1439 - -

    Pavan Naregundi rapporterede om et problem i CIFS-filsystemkoden, der - gjorde det muligt for fjernbrugere at overskrive hukommelse gennem et - langt nativeFileSystem-felt i et Tree Connect-svar under mount.

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.6.18.dfsg.1-24etch2.

- -

Vi anbefaler at du opgraderer din linux-2.6, fai-kernels- og -user-mode-linux-pakker.

- -

Bemærk: Debian holder omhyggeligt rede på alle kendte sikkerhedsproblemer på -tværs af alle linux-kerne-pakker i alle udgivelser med aktiv -sikkerhedsunderstøttelse. Men den store mængde sikkerhedsproblemer af lav -prioritet, der opdages i kernen og ressourcekravene til at foretage en -opdatering, taget i betragtning, vil problemer af lavere sikkerhedsprioritet -typisk ikke blive udgivet til alle kerner på samme tid. I stedet vil de blive -opsamlet og udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1794.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1795.wml b/danish/security/2009/dsa-1795.wml deleted file mode 100644 index 603a6efad38..00000000000 --- a/danish/security/2009/dsa-1795.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb - -

Stefan Kaltenbrunner opdagede at ldns, et bibliotek og værktøjssæt til at -lette DNS-programmering, ikke på korrekt vis implementerede en kontrol af -buffergrænser i sin RR DNS-post-fortolker. Svagheden kunne gør det muligt -for en heapbuffer at løbe over, hvis en ondsindet fremstillet DNS-post blev -fortolket, potentielt gørende det muligt at udføre vilkårlig kode. Omfanget -af sårbarheden varierede alt efter i hvilken kontekst, ldns blev anvendt, og -kunne enten være en lokal eller fjern angrebsvinkel.

- -

Den gamle stabile distribution (etch) er ikke påvirket af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.4.0-1+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.5.1-1.

- -

Vi anbefaler at du opgraderer dine ldns-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1795.data" -#use wml::debian::translation-check translation="9ed6c472aed0557d35aac94f8a5a1a4f3f0c57dd" mindelta="1" diff --git a/danish/security/2009/dsa-1796.wml b/danish/security/2009/dsa-1796.wml deleted file mode 100644 index fb9d7fa09ab..00000000000 --- a/danish/security/2009/dsa-1796.wml +++ /dev/null @@ -1,26 +0,0 @@ -pointeranvendelse efter frigivelse - - -

Tavis Ormandy opdagede at den indlejrede kopi af GD-biblioteket libwmf, et -bibliotek til fortolkning af Windows-metafiler (WMF), anvendte en pointer -efter den allerede var frigivet. En angriber, der anvendte en særligt -fremstillet WMF-fil kunne forårsage et lammelsesangreb eller muligvis udføre -vilkårlig kode gennem applikationer, der anvender dette bibliotek.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.2.8.4-2+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.2.8.4-6+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.2.8.4-6.1.

- -

Vi anbefaler at du opgraderer dine libwmf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1796.data" -#use wml::debian::translation-check translation="0131e070fe56375144e24d15c0e096ec1f1ba575" mindelta="1" diff --git a/danish/security/2009/dsa-1797.wml b/danish/security/2009/dsa-1797.wml deleted file mode 100644 index cf191f96bd7..00000000000 --- a/danish/security/2009/dsa-1797.wml +++ /dev/null @@ -1,91 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø til -XUL-applikationer, så som webbrowseren Iceweasel. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-0652 - -

    Moxie Marlinspike opdagede at Unicode-tegnene til tegning af kasser, hvis - de blev anvendt i internationaliserede domænenavne, kunne anvendes i - phishing-angreb.

    • - -
  • CVE-2009-1302 - -

    Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman - og Gary Kwong rapporterede om nedbrud i layoutmaskinen, der måske kunne gøre - det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2009-1303 - -

    Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman - og Gary Kwong rapporterede om nedbrud i layoutmaskinen, der måske kunne gøre - det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2009-1304 - -

    Igor Bukanov og Bob Clary opdagede nedbrud i JavaScript-maskinen, der - måske kunne gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2009-1305 - -

    Igor Bukanov og Bob Clary opdagede nedbrud i JavaScript-maskinen, der - måske kunne gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2009-1306 - -

    Daniel Veditz opdagede at Content-Disposition:-headeren blev ignoreret - i jar:-URI-systemet.

    • - -
  • CVE-2009-1307 - -

    Gregory Fleischer opdagede at samme ophav-reglen for Flash-filer på - ukorrekt vis blev anvendt på filer indlæst gennem view-source-systemet, - hvilket måske kunne medføre omgåelse af begrænsninger på tværs af - domæner.

    • - -
  • CVE-2009-1308 - -

    Cefn Hoile opdagede at websteder, der tillader indlejring af - tredjeparts stylesheets, var sårbare over for angreb i forbindelse med - udførelse af skripter på tværs af websteder gennem XBL-bindinger.

    • - -
  • CVE-2009-1309 - -

    moz_bug_r_a4 opdagede omgåelser af samme ophav-reglen i - XMLHttpRequest-Javascript-API'et og i XPCNativeWrapper.

    • - -
  • CVE-2009-1311 - -

    Paolo Amadini opdagede at ukorrekt håndtering af POST-data når et websted - indeholdende en indlejret frame blev gemt, kunne føre til - informationslækage.

    • - -
  • CVE-2009-1312 - -

    Man opdagede at Iceweasel tillod Refresh:-headerere at omdirigere til - JavaScript-URI'er, medførende udførelse af skripter på tværs af - websteder.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet -i version 1.9.0.9-0lenny2.

- -

Som angivet i udgivelsesbemærkningerne til etch, var det nødvendigt at -lade sikkerhedsunderstøttelsen til Mozilla-produkter ophøre i den gamle -stabile distribution, før ophøret af den generelle sikkerhedsunderstøttelse -i etch. Du opfordres kraftigt til at opgradere til den stabile distribution -eller skifte til en stadig understøttet browser.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.0.9-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1797.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1798.wml b/danish/security/2009/dsa-1798.wml deleted file mode 100644 index 02e3a63de8f..00000000000 --- a/danish/security/2009/dsa-1798.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - - -

Will Drewry opdagede at pango, et system til layout og fortolkning af -internationaliseret tekst, var sårbar over for et heltalsoverløb gennem lange -glyph-strenge. Det kunne medføre udførelse af vilkårlig kode når der blev vist -fabrikerede data gennem en applikation, der anvender pango-biblioteket.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.14.8-5+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.20.5-3+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 1.24-1.

- -

Vi anbefaler at du opgraderer dine pango1.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1798.data" -#use wml::debian::translation-check translation="dbc1edd9b8a0599a58b77f05e55e2e82bf672f4e" mindelta="1" diff --git a/danish/security/2009/dsa-1799.wml b/danish/security/2009/dsa-1799.wml deleted file mode 100644 index 11a08cff4d3..00000000000 --- a/danish/security/2009/dsa-1799.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i processoremulatoren QEMU. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2008-0928 - -

    Ian Jackson opdagede at range-kontroller på filhandlinger i emulerede - diskenheder på håndhævet på utilstrækkelig vis.

    • - -
  • CVE-2008-1945 - -

    Man opdagede at en fejl i den automatiske formatidentifikation ved - flytbare medier, kunne føre til blotlæggelse af filer på - værtssystemet.

    • - -
  • CVE-2008-4539 - -

    Et bufferoverløb blev opdaget i emuleringen af - Cirrus-grafikadapteren.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 0.8.2-4etch3.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 0.9.1-10lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.9.1+svn20081101-1.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1799.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1800.wml b/danish/security/2009/dsa-1800.wml deleted file mode 100644 index 21676f97d31..00000000000 --- a/danish/security/2009/dsa-1800.wml +++ /dev/null @@ -1,110 +0,0 @@ -lammelsesangreb/rettighedsforøgelse/lækage af følsom hukommelse - - -

Flere sårbarheder er opdaget i Linux-kernen, hvilket måske kan føre til et -lammelsesangreb (denial of service), rettighedsforøgelse eller en lækage af -følsom hukommelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-0028 - -

    Chris Evans opdagede en situation, hvor en childproces kunne sende - vilkårlige signaler til sit ophav.

    • - -
  • CVE-2009-0834 - -

    Roland McGrath opdagede et problem i amd64-kerner, der gjorde det - muligt for lokale brugere at omgå systemkaldsauditopsætninger, der - filtrerer baseret på syscall-numre eller argument-detaljer.

    • - -
  • CVE-2009-0835 - -

    Roland McGrath opdagede et problem i amd64-kerner hvor CONFIG_SECCOMP er - aktiveret. Ved at fremstille et særligt syscall, kunne lokale brugere omgå - adgangsbegrænsninger.

    • - -
  • CVE-2009-0859 - -

    Jiri Olsa opdagede at en lokal bruger kunne forårsage et lammelsesangreb - (hængende system) ved hjælp af SHM_INFO-shmctl-kaldet i kerner kompileret - med CONFIG_SHMEM slået fra. Dette problem påvirker præopbyggede - Debian-kerner.

    • - -
  • CVE-2009-1046 - -

    Mikulas Patocka rapporterede om et problem i console-undersystemet, der - gjorde det muligt fo en lokal bruger at forårsage hukommelseskorruption ved - at vælge et lille antal UTF-8-tegn på 3 byte.

    • - -
  • CVE-2009-1072 - -

    Igor Zhbanov rapporterede at nfsd ikke på korrekt vis smed CAP_MKNOD væk, - hvilket gjorde det muligt for brugere at oprette enheds-nodes på filsystemer - eksporteret med root_squash.

    • - -
  • CVE-2009-1184 - -

    Dan Carpenter rapporterede om et programmeringsproblem i - selinx-undersystemet, der gjorde det muligt for lokale brugere at omgå visse - netværkskontroller, når der køres med compat_net=1.

    • - -
  • CVE-2009-1192 - -

    Shaohua Li rapporterede om et problem i AGP-undersystemet, der måske - kunne gøre det muligt for lokale brugere, at læse følsom kernehukommelse på - grund af en lækage af uinitialiseret hukommelse.

    • - -
  • CVE-2009-1242 - -

    Benjamin Gilbert rapporterede om en lokal lammelsesangrebssårbarhed i - KVM VMX-implementeringen, der gjorde det muligt for lokale brugere at udløse - en oops.

    • - -
  • CVE-2009-1265 - -

    Thomas Pollet rapporterede om et overløb i af_rose-implementeringen, - der gjorde det muligt for fjernangribere at hente uinitialiseret - kernehukommelse, som måske kunne indeholde følsomme oplysninger.

    • - -
  • CVE-2009-1337 - -

    Oleg Nesterov opdagede et problem i funktionen exit_notify, der gjorde - det muligt for lokale brugere at sende et vilkårlig signal til en proces, - ved at køre et problem, der ændrede feltet exit_signal og dernæst anvendte - et exec-systemkald til at starte en setuid-applikation.

    • - -
  • CVE-2009-1338 - -

    Daniel Hokka Zakrisson opdagede at kill(-1) måtte tilgå processer uden - for det aktuelle procesnavnerum.

    • - -
  • CVE-2009-1439 - -

    Pavan Naregundi rapporterede om et problem i CIFS-filsystemkoden, der - gjorde det muligt for fjernbrugere at overskrive hukommelse gennem et - langt nativeFileSystem-felt i et Tree Connect-svar under mount.

    • - -
- -

I den gamle stabile distribution (etch), vil disse problemer, hvor relevant, -blive rettet i fremtidige opdateringer af linux-2.6 og linux-2.6.24.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.6.26-15lenny2.

- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- -

Bemærk: Debian holder omhyggeligt rede på alle kendte sikkerhedsproblemer på -tværs af alle linux-kerne-pakker i alle udgivelser med aktiv -sikkerhedsunderstøttelse. Men den store mængde sikkerhedsproblemer af lav -prioritet, der opdages i kernen og ressourcekravene til at foretage en -opdatering, taget i betragtning, vil problemer af lavere sikkerhedsprioritet -typisk ikke blive udgivet til alle kerner på samme tid. I stedet vil de blive -opsamlet og udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1800.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1801.wml b/danish/security/2009/dsa-1801.wml deleted file mode 100644 index 7e1c6cca1b0..00000000000 --- a/danish/security/2009/dsa-1801.wml +++ /dev/null @@ -1,36 +0,0 @@ -bufferoverløb - -

Flere fjernudnytbare sårbarheder er opdaget i NTP, referenceimplementeringen -af Network Time Protocol. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-0159 - -

    Et bufferoverløb i ntpq gjorde det muligt for en fjern NTP-server, at - iværksætte et lammelsesangreb (denial of service) eller udføre vilkårlig - kode gennem et fabrikeret svar.

    • - -
  • CVE-2009-1252 - -

    Et bufferoverløb i ntpd gjorde det muligt for en fjernangriber, at - iværksætte et lammelsesangreb eller udføre vilkårlig kode, når - autokey-funktionaliteten var aktiveret.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 4.2.2.p4+dfsg-2etch3.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 4.2.4p4+dfsg-8lenny2.

- -

Den ustabile distribution (sid) vil snart blive rettet.

- -

Vi anbefaler at du opgraderer din ntp-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1801.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1802.wml b/danish/security/2009/dsa-1802.wml deleted file mode 100644 index 8948de7db72..00000000000 --- a/danish/security/2009/dsa-1802.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i SquirrelMail, en -webmailapplikation. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-1578 - -

    Udførelse af skripter på tværs af websteder var muligt gennem en række - sider, der gjorde det muligt for en angriber at stjæle følsomme - sessionsoplysninger.

    • - -
  • CVE-2009-1579, - CVE-2009-1381 - -

    Kodeindspøjtning var mulig, når SquirrelMail var opsat til at anvende - funktionen map_yp_alias til autentifikation af brugere. Det er ikke - standardopsætningen.

    • - -
  • CVE-2009-1580 - -

    Det var muligt at kapre en aktiv brugers session, ved at plante en - særligt fremstillet cookie i brugerens browser.

    • - -
  • CVE-2009-1581 - -

    Særligt fremstillede HTML-e-mails kunne anvende CSS' mulighed for - placering af elementer, til at placere mailindhold over SquirrelMails - brugerflade, hvilket muliggjorde phishing.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 1.4.9a-5.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.4.15-4+lenny2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.4.19-1.

- -

Vi anbefaler at du opgraderer din squirrelmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1802.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1803.wml b/danish/security/2009/dsa-1803.wml deleted file mode 100644 index 95173d93634..00000000000 --- a/danish/security/2009/dsa-1803.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Ilja van Sprundel opdagede at et bufferoverløb i NSD, en autoritativ -navneservicedæmon, kunne få serveren til at crashe ved at sende en fabrikeret -pakket, medførende et lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.3.6-1+etch1 af pakken nsd.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.3.7-1.1+lenny1 af pakken nsd og version 3.0.7-3.lenny2 -af pakken nsd3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.3.7-3 hvad angår nsd; nsd3 vil snart blive rettet.

- -

Vi anbefaler at du opgraderer din nsd or nsd3-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1803.data" -#use wml::debian::translation-check translation="0e16e1b8740163a0dbeeece5a230b83b3ff38288" mindelta="1" diff --git a/danish/security/2009/dsa-1804.wml b/danish/security/2009/dsa-1804.wml deleted file mode 100644 index b2b7e4951e3..00000000000 --- a/danish/security/2009/dsa-1804.wml +++ /dev/null @@ -1,39 +0,0 @@ -null-pointerdereference, hukommelseslækager - -

Flere fjernudnytbare sårbarheder er opdaget i racoon, ipsec-tools' Internet -Key Exchange-dæmon. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-1574 - -

    Neil Kettle opdagede en NULL-pointerdereference ved fabrikerede fragmenterede -pakker uden indhold. Det medførte at dæmonen gik ned, hvilket kunne anvendes -i lammelsesangreb (denial of service).

    • - -
  • CVE-2009-1632 - -

    Forskellige hukommelseslækager i autentificeringshåndteringen af -X.509-certifikater og implementeringen af NAT-Traversal-keepalive, kunne medføre -opbrugt hukommelse og dermed lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.6.6-3.1etch3.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.7.1-1.3+lenny2.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:0.7.1-1.5.

- -

Vi anbefaler at du opgraderer dine ipsec-tools-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1804.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1805.wml b/danish/security/2009/dsa-1805.wml deleted file mode 100644 index 4b8f2cd4130..00000000000 --- a/danish/security/2009/dsa-1805.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i Pidgin, en grafisk chatklient der understøtter -flere protokoller. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-1373 - -

    Et bufferoverløb i Jabber-filoverførselskoden kunne måske føre til - lammelsesangreb (denial of service) eller udførelse af vilkårlig - kode.

    • - -
  • CVE-2009-1375 - -

    Hukommelseskorruption i et internt bibliotek kunne måske føre til - lammelsesangreb.

    • - -
  • CVE-2009-1376 - -

    Rettelsen til sikkerhedsproblemet registreret som - CVE-2008-2927 - - heltalsoverløb MSN-protokolhåndteringen - viste sig ikke at være - komplet.

    • - -
- -

Den gamle stabile distribution (etch) er påvirket under kildekodepakkenavnet -gaim. Men på grund af opbygningsproblemer, kunne de opdaterede pakker ikke -udgives sammen med den stabile version. De vil blive udgivet når -opbygningsproblemet er løst.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.4.3-4lenny2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.5.6-1.

- -

Vi anbefaler at du opgraderer dine pidgin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1805.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1806.wml b/danish/security/2009/dsa-1806.wml deleted file mode 100644 index aa2d90e6930..00000000000 --- a/danish/security/2009/dsa-1806.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Matt Murphy opdagede at cscope, et værktøj til at kigge på kildekode, ikke -kontrollerede længden på filnavne angivet i include-statements, hvilket -potentielt kunne føre til udførelse af vilkårlig kode gennem særligt -fremstillede kildekodefiler.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 15.6-6+lenny1.

- -

På grund af tekniske begrænsninger i Debians arkivhåndteringsskripter, -kunne opdateringen i den gamle stabile distribution (etch) ikke udgives -synkront. Det vil snart blive rettet i version 15.6-2+etch1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din cscope-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1806.data" -#use wml::debian::translation-check translation="6b8fa05b90c1104dbc30fe1657e7149bbd2f3f0d" mindelta="1" diff --git a/danish/security/2009/dsa-1807.wml b/danish/security/2009/dsa-1807.wml deleted file mode 100644 index fe9a77242c6..00000000000 --- a/danish/security/2009/dsa-1807.wml +++ /dev/null @@ -1,55 +0,0 @@ -bufferoverløb - -

James Ralston opdagede at funktionen sasl_encode64() i cyrus-sasl2, et frit -tilgængeligt bibliotek som implementerer Simple Authentication and Security -Layer, var ramt af en manglende null-terminering i visse situationer. Det -forårsagede flere bufferoverløb i situationer hvor cyrus-sasl2 selv krævede at -strengen var null-termineret, hvilket kunne føre til lammelsesangreb (denial of -service) eller udførelse af vilkårlig kode.

- -

Vigtig bemærkning (citat fra US-CERT): -Mens denne rettelse retter aktuelt sårbar kode, kan det medføre at ikke-sårbar -eksisterende kode holder op med at virke. Her er en funktion-prototype fra -include/saslutil.h til forklaring:

- -
/* base64 encode
-* in -- inputdata
-* inlen -- inputdatalængde
-* out -- outputbuffer (vil være NUL-termineret)
-* outmax -- maks.størrelse på outputbuffer
-* result:
-* outlen -- henter aktuel længde på outputbuffer (valgfri)
-*
-* Returnerer SASL_OK ved succes, SASL_BUFOVER hvis resultatet ikke passer
-*/
-LIBSASL_API int sasl_encode64(const char *in, unsigned inlen,
-char *out, unsigned outmax,
-unsigned *outlen);
- -

Forestil dig en situation, hvor den kaldende kode er skrevet på en sådan måde, -at den på forhånd beregner den nøjagtige størrelse krævet til base64-indkapsling, -dernæst allokerer en buffer på præcis den størrelse, leverer en pointer til -bufferen til sasl_encode64() som *out. Så længe koden ikke forventer at bufferen -er NUL-termineret (ikke kalder strenghåndteringsfunktioenr så som strlen()), vil -den fungere og vil ikke være sårbar.

- -

Når rettelsen er taget i brug, vil den samme kode holde op med at fungere, -fordi sasl_encode64() vil begynde at returnere SASL_BUFOVER.

- -

I den gamle stabile distribution (etch), er dette problem rettet i version -2.1.22.dfsg1-8+etch1 af cyrus-sasl2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.1.22.dfsg1-23+lenny1 af cyrus-sasl2 og cyrus-sasl2-heimdal.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1.23.dfsg1-1 af cyrus-sasl2 og cyrus-sasl2-heimdal.

- -

Vi anbefaler at du opgraderer dine cyrus-sasl2/cyrus-sasl2-heimdal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1807.data" -#use wml::debian::translation-check translation="6c06332acc7d6a085b22fe588a38d80cfadcd231" mindelta="1" diff --git a/danish/security/2009/dsa-1808.wml b/danish/security/2009/dsa-1808.wml deleted file mode 100644 index 3ed5377603d..00000000000 --- a/danish/security/2009/dsa-1808.wml +++ /dev/null @@ -1,22 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Markus Petrux opdagede en sårbarhed i forbindelse med udførelse af skripter -på tværs af websteder i taxonomy-modulet i drupal6, et komplet -indholdshåndteringsframework. Det er også muligt, at visse browsere anvendende -UTF-7-indkapslingen var sårbare for en anden, tilsvarende sårbarhed.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 6.6-3lenny2.

- -

Den gamle stabile distribution (etch) indeholder ikke drupal6.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 6.11-1.1.

- -

Vi anbefaler at du opgraderer dine drupal6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1808.data" -#use wml::debian::translation-check translation="7cd16b61e65e2f2246f6cec4815ede33476644f2" mindelta="1" diff --git a/danish/security/2009/dsa-1809.wml b/danish/security/2009/dsa-1809.wml deleted file mode 100644 index 14ac33b23d6..00000000000 --- a/danish/security/2009/dsa-1809.wml +++ /dev/null @@ -1,52 +0,0 @@ -lammelsesangreb, rettighedsforøgelse - -

Flere sårbarheder er opdaget discovered i Linux-kernen, hvilket måske kunne -føre til lammelsesangreb (denial of service) eller rettighedsforøgelse. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-1630 - -

    Frank Filz opdagede at lokale brugere måske kunne udføre filer uden - udførelsesrettighed, når tilgået gennem en nfs4-mount.

    • - -
  • CVE-2009-1633 - -

    Jeff Layton og Suresh Jayaraman rettede flere bufferoverløb i - CIFS-filsystemet, hvilket tillod fjernservere at forårsage - hukommelseskorruption.

    • - -
  • CVE-2009-1758 - -

    Jan Beulich opdagede et problem i Xen, hvor lokale gæstebrugere kunne - forårsage et lammelsesangreb (oops).

    • - -
- -

Opdateringen retter også en regression introduceeret af rettelsen til -CVE-2009-1184 -i 2.6.26-15lenny3. Det forhindrer panik ved boottidspunktet på systemer -hvor SELinux er aktiveret.

- -

I den gamle stabile distribution (etch), vil disse problemer, hvor relevant, -blive rettet i fremtidige opdateringer til linux-2.6 og linux-2.6.24.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.6.26-15lenny3.

- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- -

Bemærk: Debian holder omhyggeligt rede på alle kendte sikkerhedsproblemer på -tværs af alle linux-kerne-pakker i alle udgivelser med aktiv -sikkerhedsunderstøttelse. Men den store mængde sikkerhedsproblemer af lav -prioritet, der opdages i kernen og ressourcekravene til at foretage en -opdatering, taget i betragtning, vil problemer af lavere sikkerhedsprioritet -typisk ikke blive udgivet til alle kerner på samme tid. I stedet vil de blive -opsamlet og udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1809.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1810.wml b/danish/security/2009/dsa-1810.wml deleted file mode 100644 index c111610c17e..00000000000 --- a/danish/security/2009/dsa-1810.wml +++ /dev/null @@ -1,23 +0,0 @@ -informationsafsløring - -

En informationsafsløringsfejl blev fundet i mod_jk, Tomcat Connector-modulet -til Apache. Hvis en fejlbehæftet klient medtog Content-Length-headeren -uden at levere data fra forespørgslens krop, eller hvis en klient sendte -gentagne forespørgsler meget hurtigt, kunne en klient modtage et svar der var -beregnet til en anden klient.

- -

I den gamle distribution (etch), er dette problem rettet i -version 1:1.2.18-3etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1:1.2.26-2+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 1:1.2.26-2.1.

- -

Vi anbefaler at du opgraderer dine libapache-mod-jk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1810.data" -#use wml::debian::translation-check translation="8b235e83cfc5d63e3cba964a9ddf757cffc4a26c" mindelta="1" diff --git a/danish/security/2009/dsa-1811.wml b/danish/security/2009/dsa-1811.wml deleted file mode 100644 index 3151215f272..00000000000 --- a/danish/security/2009/dsa-1811.wml +++ /dev/null @@ -1,26 +0,0 @@ -null-pointerdereference - - -

Anibal Sacco opdagede at cups, et generelt udskriftssystem til UNIX-systemer, -var ramt af en null-pointerdereference, fordi dets håndtering af to på hinanden -følgende IPP-pakker med visse tag-attributtter, der behandles som -IPP_TAG_UNSUPPORTED-tags. Det gjorde det muligt for uautoriserede angribere, at -udføre lammelsesangreb (denial of service) ved at få cups-dæmonen til at gå -ned.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.2.7-4+etch8 of cupsys.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.3.8-1+lenny6 of cups.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine cups/cupsys-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1811.data" -#use wml::debian::translation-check translation="15b6d1c213189cb41624d20cd78844dd13bf77e1" mindelta="1" diff --git a/danish/security/2009/dsa-1812.wml b/danish/security/2009/dsa-1812.wml deleted file mode 100644 index 0f2a634131c..00000000000 --- a/danish/security/2009/dsa-1812.wml +++ /dev/null @@ -1,44 +0,0 @@ -lammelsesangreb - -

Apr-util, biblioteket Apache Portable Runtime Utility, anvendes af Apache -2.x, Subversion og andre applikationer. To lammelsesangreb (denial of service) -er fundet i apr-util:

- -
    - -

  • kcope opdagede en fejl i håndteringen af interne XML-entiteter i -interfacet apr_xml_*, der kunne udnyttes til at opbruge al tilgængelig -hukommelse. Lammelsesangrebet kunne fjernudløses i Apaches moduler mod_dav og -mod_dav_svn. (Endnu ingen CVE-id.)

    • - -
  • CVE-2009-0023 -

    Matthew Palmer opdagede et underløb i funktionen apr_strmatch_precompile, -der kunne udnyttes til at forårsage et dæmon-crash. Sårbarheden kunne -fjernudløses (1) i mod_dav_svn til Apache hvis direktivet "SVNMasterURI" -anvendes, (2) i mod_apreq2 til Apache eller andre applikationer som anvender -libapreq2 eller (3) lokalt i Apache ved hjælp af en fabrikeret -.htaccess-fil.

    • - -
- -

Andre udnyttelsesmuligheder i andre applikationer, som anvender apr-util, -findes måske også.

- -

Hvis du bruger Apache, eller svnserve i standalone-tilstand, skal du -genstarte tjenesterne efter pakken libaprutil1 er blevet opgraderet.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 1.2.7+dfsg-2+etch2.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.2.12+dfsg-8+lenny2.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine apr-util-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1812.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1813.wml b/danish/security/2009/dsa-1813.wml deleted file mode 100644 index 8f2748a4a9d..00000000000 --- a/danish/security/2009/dsa-1813.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er fundet i evolution-data-server, databasebackend'en til -groupwareprogrampakken evolution. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-0587 - -

    Man opdagede at evolution-data-server var sårbar over for heltalsoverløb -udløst af store base64-strenge.

    • - -
  • CVE-2009-0547 - -

    Joachim Breitner opdagede at S/MIME-signaturer ikke blev kontrolleret -korrekt, hvilket kunne føre til forfalskningsangreb.

    • - -
  • CVE-2009-0582 - -

    Man opdagede at NTLM-autentifikations-challenge-pakker ikke blev -kontrolleret korrekt, når der blev anvendt NTLM-autentifikationsmetoden, hvilket -kunne føre til informationsafsløring eller et lammelsesangreb (denial of -service).

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 1.6.3-5etch2.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.22.3-1.1+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 2.26.1.1-1.

- -

Vi anbefaler at du opgraderer dine evolution-data-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1813.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1814.wml b/danish/security/2009/dsa-1814.wml deleted file mode 100644 index 300825332d6..00000000000 --- a/danish/security/2009/dsa-1814.wml +++ /dev/null @@ -1,43 +0,0 @@ -heap-baseret bufferoverløb - - -

To sårbarheder er opdaget i libsndfile, et bibliotek til læsning og skrivning -af samplede lyddata. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-1788 -

    Tobias Klein opdagede at VOC-fortolkningsrutinerne var ramt af et -heap-baseret bufferoverløb, hvilket kunne udløses af en angriber gennem en -fabrikeret VOC-header.

    • - -
  • CVE-2009-1791 -

    Forhandleren opdagede at AIFF-fortolkningsrutinerne var ramt af et -heap-baseret bufferoverløb svarende til -CVE-2009-1788, -der kunne udløses af en angriber gennem en fabrikeret AIFF-header.

    • - -
- -

I begge tilfælde er de overløbende data ikke fuldstændigt kontrollerede af -angriberen, men fører stadig til at applikationen går ned, eller under visse -omstændigheder kan det måske stadig føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.0.16-2+etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.17-4+lenny2.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.0.20-1.

- -

Vi anbefaler at du opgraderer dine libsndfile-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1814.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1815.wml b/danish/security/2009/dsa-1815.wml deleted file mode 100644 index 8115c009e53..00000000000 --- a/danish/security/2009/dsa-1815.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Man opdagede at Rasterbar Bittorrent-biblioteket udførte utilstrækkelig -kontrol af stinavne angivet i torrent-filer, hvilket kunne føre til -lammelsesangreb (denial of service) ved at overskrive filer.

- -

Den gamle stabile distribution (etch) indeholder ikke -libtorrent-rasterbar.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.13.1-2+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.14.4-1.

- -

Vi anbefaler at du opgraderer din libtorrent-rasterbar-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1815.data" -#use wml::debian::translation-check translation="0ea4bc5fcd2ddd89c66d3795bdf4e735570762af" mindelta="1" diff --git a/danish/security/2009/dsa-1816.wml b/danish/security/2009/dsa-1816.wml deleted file mode 100644 index e6fe45340c3..00000000000 --- a/danish/security/2009/dsa-1816.wml +++ /dev/null @@ -1,38 +0,0 @@ -utilstrækkelig sikkerhedskontrol - -

Man opdagede at webserveren Apache ikke på korrekt vis håndterede parameteret -Options= hørende til AllowOverride-kommandoen:

- -
    - -

  • I den stabile distribution (lenny), kunne lokale brugere (gennem -.htaccess) aktivere skriptudførelse i Server Side Includes, selv i -opsætninger hvor AllowOverride-kommandoen kun indeholdt -Options=IncludesNoEXEC.

    • - -

  • I den gamle stabile distribution (etch), kunne lokale brugere (gennem -.htaccess) aktivere skriptudførelse i Server Side Includes og -CGI-skriptudførelse i opsætninger, hvor AllowOverride-kommandoen indeholdt -enhver Options=-værdi.

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.2.3-4+etch8.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.2.9-10+lenny3.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem blive rettet i version 2.2.11-6.

- -

Med denne bulletin leveres også opdaterede apache2-mpm-itk-pakker, der er -blevet genkompileret mod de nye apache2-pakker (bortset fra s390-arkitekturen, -hvortil opdaterede pakker vil følge om kort tid).

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1816.data" -#use wml::debian::translation-check translation="9f1c76798294e34ac1dd25c5587369148730d558" mindelta="1" diff --git a/danish/security/2009/dsa-1817.wml b/danish/security/2009/dsa-1817.wml deleted file mode 100644 index 1f84a9c43b0..00000000000 --- a/danish/security/2009/dsa-1817.wml +++ /dev/null @@ -1,24 +0,0 @@ -stak-baseret bufferoverløb - - -

Michael Brooks opdagede at ctorrent, en bittorrentklient til konsollen, ikke -kontrollerede længden på filstier i torrent-filer. En angriber kunne udnytte -det gennem en fabrikeret torrent, indeholdende en lang filsti, til at udføre -vilkårlig kode med rettighederne hørende til den bruger, der åbnede filen.

- -

Den gamle stabile distribution (etch) indeholder ikke.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.3.4-dnh3.2-1+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3.4-dnh3.2-1.1.

- -

Vi anbefaler at du opgraderer dine ctorrent-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1817.data" -#use wml::debian::translation-check translation="38cf5b404abf81ddd8de41f360059bb554f83b9d" mindelta="1" diff --git a/danish/security/2009/dsa-1818.wml b/danish/security/2009/dsa-1818.wml deleted file mode 100644 index 1d6e1b72ca2..00000000000 --- a/danish/security/2009/dsa-1818.wml +++ /dev/null @@ -1,28 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Laurent Almeras og Guillaume Smet opdagede mulige sårbarheder i forbindelse -med indsprøjtning af SQL og udførelse af skripter på tværs af websteder, i -gforge, et værktøj til samarbejdsudvikling. På grund af utilstrækkelig kontrol -af inddata, var det muligt at indsprøjte vilkårlige SQL-kommandoer og anvende -flere parametre, for at iværksætte angreb i forbindelse med udførelse af -skripter på tværs af websteder.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 4.7~rc2-7lenny1.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 4.5.14-22etch11.

- -

I distributionen testing (squeeze), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.7.3-2.

- -

Vi anbefaler at du opgraderer dine gforge-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1818.data" -#use wml::debian::translation-check translation="310bab32a314be3c443462e81220c586080581fa" mindelta="1" diff --git a/danish/security/2009/dsa-1819.wml b/danish/security/2009/dsa-1819.wml deleted file mode 100644 index 6c76d4233de..00000000000 --- a/danish/security/2009/dsa-1819.wml +++ /dev/null @@ -1,67 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i vlc, en multimedieafspiller og -streamer. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2008-1768 - -

    Drew Yao opdagede at flere heltalsoverløb i MP4-demuxeren, Real-demuxeren og -Cinepak-codec'et kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2008-1769 - -

    Drew Yao opdagede at Cinepak-codec'en var sårbar over for et tilfælde af -hukommelseskorruption, hvilket kunne udløses af en fabrikeret -Cinepak-fil.

    • - -
  • CVE-2008-1881 - -

    Luigi Auriemma opdagede at det var muligt at udføre vilkårlig kode gennem en -lang undertekst i en SSA-fil.

    • - -
  • CVE-2008-2147 - -

    Man opdagede at vlc var ramt af en søgestissårbarhed, hvilket gjorde det -muligt for lokale brugere at foretage en rettighedsforøgelse.

    • - -
  • CVE-2008-2430 - -

    Alin Rad Pop opdagede at det var muligt at udføre vilkårlig kode, når der -blev åbnet en WAV-fil indeholdende en stor fmt-chunk.

    • - -
  • CVE-2008-3794 - -

    Pınar Yanardağ opdagede at det var muligt at udføre vilkårlig kode, når der -blev åbnet et fabrikeret mmst-link.

    • - -
  • CVE-2008-4686 - -

    Tobias Klein opdagede at det var muligt at udføre vilkårlig kode, når der -blev åbnet en fabrikeret .ty-fil.

    • - -
  • CVE-2008-5032 - -

    Tobias Klein opdagede at det var muligt at udføre vilkårlig kode, når der -blev åbnet en ugyldig CUE-billedfil med en fabrikeret header.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 0.8.6-svn20061012.debian-5.1+etch3.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 0.8.6.h-4+lenny2, der allerede var indeholdt i den udgivne lenny.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 0.8.6.h-5.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1819.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1820.wml b/danish/security/2009/dsa-1820.wml deleted file mode 100644 index 223a69168bc..00000000000 --- a/danish/security/2009/dsa-1820.wml +++ /dev/null @@ -1,94 +0,0 @@ -flere sårbarheder - - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, en runtimemiljø til -XUL-applikationer, så som webbrowseren Iceweasel. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-1392 - -

    Flere problemer i browsermaskinen er opdaget, hvilke kunne medføre udførelse -af vilkårlig kode. (MFSA 2009-24)

    • - -
  • CVE-2009-1832 - -

    Det var muligt at udføre vilkårlig kode gennem angrebsvektorer, som -involverede dobbelt frame-konstruktion. (MFSA 2009-24)

    • - -
  • CVE-2009-1833 - -

    Jesse Ruderman og Adam Hauner opdagede et problem i JavaScript-maskinen, -hvilket kunne føre til udførelse af vilkårlig kode. (MFSA 2009-24)

    • - -
  • CVE-2009-1834 - -

    Pavel Cvrcek opdagede at potentielt problem førende til et -forfalskningsangreb i placeringsbjælken, relateret til visse ugyldige -unicode-tegn. (MFSA 2009-25)

    • - -
  • CVE-2009-1835 - -

    Gregory Fleischer opdagede at det var muligt at læse vilkårlige cookier -gennem et fabrikeret HTML-dokument. (MFSA 2009-26)

    • - -
  • CVE-2009-1836 - -

    Shuo Chen, Ziqing Mao, Yi-Min Wang og Ming Zhang rapporterede om et -potentielt manden i midten-angreb, når man anvende en proxy, på grund af -utilstrækkelige kontroller på visse proxysvar. (MFSA 2009-27)

    • - -
  • CVE-2009-1837 - -

    Jakob Balle og Carsten Eiram rapporterede om en race-tilstand i funktionen -NPObjWrapper_NewResolve, hvilket kunne anvendes til at udføre vilkårlig kode. -(MFSA 2009-28)

    • - -
  • CVE-2009-1838 - -

    moz_bug_r_a4 opdagede at det var muligt at udføre vilkårligt JavaScript med -chrome-rettigheder på grund af en fejl i implementeringen af garbage-collection. -(MFSA 2009-29)

    • - -
  • CVE-2009-1839 - -

    Adam Barth og Collin Jackson rapporterede om en potentiel rettighedsforøgelse -når der blev hentet en file::resource gennem placeringsbjælken. -(MFSA 2009-30)

    • - -
  • CVE-2009-1840 - -

    Wladimir Palant opdagede at det var muligt at omgå adgangsbegrænsninger på -grund af manglende indholdspolicykontrol, når der blev indlæst en skriptfil i -et XUL-dokument. (MFSA 2009-31)

    • - -
  • CVE-2009-1841 - -

    moz_bug_r_a4 rapporterede at det var muligt for skripter fra sideindhold, -at køre med forøgede rettigheder og dermed potentielt udføre vilkårlig kode -med objektets chrome-rettigheder. (MFSA 2009-32)

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.9.0.11-0lenny1.

- -

Som angivet i udgivelsesbemærkningerne til etch, var det nødvendigt at -lade sikkerhedsunderstøttelsen til Mozilla-produkter ophøre i den gamle -stabile distribution, før ophøret af den generelle sikkerhedsunderstøttelse -i etch. Du opfordres kraftigt til at opgradere til den stabile distribution -eller skifte til en stadig understøttet browser.

- -

I distributionen testing (squeeze), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.0.11-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1820.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1821.wml b/danish/security/2009/dsa-1821.wml deleted file mode 100644 index 81081c9b8c1..00000000000 --- a/danish/security/2009/dsa-1821.wml +++ /dev/null @@ -1,24 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Sam Hocevar opdagede at amule, en klient til eD2k- og Kad-netværkene, ikke -på korrekt vis fornuftighedskontrollere filnavnet, når preview-funktionen blev -anvendt. Det kunne føre til indsprøjtning af vilkårlige kommandoer overført til -videoafspilleren.

- -

Den gamle distribution (etch) er ikke påvirket af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.2.1-1+lenny2.

- -

I distributionen testing (squeeze) vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.2.5-1.1.

- -

Vi anbefaler at du opgraderer dine amule-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1821.data" -#use wml::debian::translation-check translation="d9fbbc5b283654ddd1993fe6806d8ae36de36893" mindelta="1" diff --git a/danish/security/2009/dsa-1822.wml b/danish/security/2009/dsa-1822.wml deleted file mode 100644 index 89d56217620..00000000000 --- a/danish/security/2009/dsa-1822.wml +++ /dev/null @@ -1,25 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Man opdagede et mahara, et elektronisk portfolio-, weblog- og CV-program, var -sårbart over for flere angreb i forbindelse med udførelse af skripter på tværs -af websteder, hvilket gjorde det muligt for en angriber, at indsprøjte -vilkårlig HTML- eller skriptkode samt stjæle potentielt følsomme data fra andre -brugere.

- -

Den gamle stabile distribution (etch) indeholder ikke mahara.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.4-4+lenny3.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.5-1.

- -

Vi anbefaler at du opgraderer dine mahara-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1822.data" -#use wml::debian::translation-check translation="29e64172d8776439167db79a794ffb4706af6293" mindelta="1" diff --git a/danish/security/2009/dsa-1823.wml b/danish/security/2009/dsa-1823.wml deleted file mode 100644 index 33ab1417334..00000000000 --- a/danish/security/2009/dsa-1823.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i Samba, en SMB/CIFS-fil, print- og loginserver. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-1886 - -

    Værktøjet smbclient indeholdt en formatstrengssårbarhed, hvor kommandoer - i forbindelse med filnavne, behandlede brugerinddata som formatstrenge til - asprintf.

    • - -
  • CVE-2009-1888 - -

    I smbd-dæmonen, hvis en bruger forsøgte at ændre en adgangskontrolliste - (ACL) og blev nægtet adgang, ville nægtelsen måske blive overtrumfet, hvis - parameteret "dos filemode" var sat til "yes" i smb.conf og brugeren allerede - havde skriveadgang til filen.

    • - -
- -

Den gamle stabile distribution (etch) er ikke påvirket af disse problemer.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 3.2.5-4lenny6.

- -

Den ustabile distribution (sid), som kun er påvirket af -CVE-2009-1888, -vil snart blive rettet.

- -

Vi anbefaler at du opgraderer din samba-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1823.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1824.wml b/danish/security/2009/dsa-1824.wml deleted file mode 100644 index c3b318a0c30..00000000000 --- a/danish/security/2009/dsa-1824.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i phpMyAdmin, et værktøj til -webadministrering af MySQL. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-1150 - -

    Udførelse af skripter på tværs af websteder i eksportsiden, gjorde det - muligt for en angriber, der kunne placere fabrikerede cookies hos brugeren, - at indsprøjte vilkårligt webskript eller HTML.

    • - -
  • CVE-2009-1151 - -

    En statisk kodeindsprøjtning gjorde det muligt for en fjernangriber at - sprøjte vilkårlig kode ind i phpMyAdmin gennem skriptet setup.php. Skriptet - er under normale omstændigheder beskyttet af Apaches autentifikation i Debian. - Men på grund af en nyligt opdaget orm, der er baseret på denne sårbarhed, - retter vi alligevel problemet, for at beskytte installationer, som på en - eller anden måde udstiller skriptet setup.php.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 2.9.1.1-11.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.11.8.1-5+lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.1.3.1-1.

- -

Vi anbefaler at du opgraderer din phpmyadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1824.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1825.wml b/danish/security/2009/dsa-1825.wml deleted file mode 100644 index 621b73f7c65..00000000000 --- a/danish/security/2009/dsa-1825.wml +++ /dev/null @@ -1,28 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Man opdagede at statuswml.cgi et skript i nagios, et overvågnings- og -håndteringsssytem til hosts, services og netværk, var havde en sårbarhed i -forbindelse med kommandoindsprøjtning. Inddata til ping- og -traceroute-parametrene i skriptet, blev ikke korrekt valideret, hvilket gjorde -det muligt for en angriber at udføre vilkårlig shell-kommandoer ved at levere -en fabrikeret værdi til disse parametre.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.6-2+etch3 of nagios2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.0.6-4~lenny2 of nagios3.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 3.0.6-5 of nagios3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.0.6-5 of nagios3.

- -

Vi anbefaler at du opgraderer dine nagios2/nagios3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1825.data" -#use wml::debian::translation-check translation="20c900a34523b1795b4c7c0deb5634d3d30f4fa9" mindelta="1" diff --git a/danish/security/2009/dsa-1826.wml b/danish/security/2009/dsa-1826.wml deleted file mode 100644 index 0a632acbb90..00000000000 --- a/danish/security/2009/dsa-1826.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i eggdrop, en avanceret IRC-robot. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2007-2807 - -

    Man opdagede at eggdrop var sårbar over for et bufferoverløb, hvilket kunne -medføre at en fjernbruger kunne udføre vilkårlig kode. Den tidligere DSA -(DSA-1448-1) løste ikke problemet på korrekt vis.

    • - -
  • CVE-2009-1789 - -

    Man opdagede at eggdrop var sårbar over for et lammelsesangreb (denial of -service), der gjorde det muligt for fjernangribere at forårsage et nedbrud -gennem en fabrikeret PRIVMSG.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.6.19-1.1+lenny1.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 1.6.18-1etch2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.19-1.2

- -

Vi anbefaler at du opgraderer din eggdrop-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1826.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1827.wml b/danish/security/2009/dsa-1827.wml deleted file mode 100644 index e4870da6542..00000000000 --- a/danish/security/2009/dsa-1827.wml +++ /dev/null @@ -1,23 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Man opdagede at ipplan, et webbaseret program til håndtering af og holden -styr på IP-adresser, ikke på tilstrækkelig indkapslede visse inddataparametre, -hvilket gjorde det muligt for fjernangribere at udføre skriptangreb på tværs af -websteder (cross site scriping).

- -

Den gamle stabile distribution (etch) indeholder ikke ipplan.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 4.86a-7+lenny1.

- -

I distributionen testing (squeeze) vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.91a-1.1.

- -

Vi anbefaler at du opgraderer dine ipplan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1827.data" -#use wml::debian::translation-check translation="3dba2ce8874659936ed5820dcd0b3d1aa5dda78a" mindelta="1" diff --git a/danish/security/2009/dsa-1828.wml b/danish/security/2009/dsa-1828.wml deleted file mode 100644 index 40fe88d09e0..00000000000 --- a/danish/security/2009/dsa-1828.wml +++ /dev/null @@ -1,29 +0,0 @@ -usikker modulsøgesti - - -

Man opdagede at ocsinventory-agent, som er en del af ocsinventory-suiten, en -tjeneste til konfigurationsindeksering af hard- og software, var sårbar over for -en usikker perl-modulsøgesti. Da agentprogrammet startes via cron og den -aktuelle mappe (/ i dette tilfælde) er indeholdt i perls standard-modulsti, -gennemsøgte agentprogrammet alle mapper på systemet efter sine perl-moduler. -Det gjorde det muligt for en angriber, at udføre vilkårlig kode gennem et -fabrikeret perl-modul til ocsinventory-agent, placeret på systemet.

- -

Den gamle stabile distribution (etch) indeholder ikke ocsinventory-agent.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1:0.0.9.2repack1-4lenny1.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 1:0.0.9.2repack1-5

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:0.0.9.2repack1-5.

- - -

Vi anbefaler at du opgraderer dine ocsinventory-agent-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1828.data" -#use wml::debian::translation-check translation="6f1cc87e85bbb35c215306cf9d79a275d8073f59" mindelta="1" diff --git a/danish/security/2009/dsa-1829.wml b/danish/security/2009/dsa-1829.wml deleted file mode 100644 index 37c70ce4d70..00000000000 --- a/danish/security/2009/dsa-1829.wml +++ /dev/null @@ -1,24 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Man opdagede at sork-passwd-h3, et Horde3-modul der gør at brugerne kan -ændre deres adgangskoder, var sårbar over et angreb i forbindelse med udførelse -af skripter på tværs af websteder gennem backend-parameteret.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 3.0-2+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.0-2+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.1-1.1.

- -

Vi anbefaler at du opgraderer dine sork-passwd-h3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1829.data" -#use wml::debian::translation-check translation="d36f39ac771b967196953710e2ee322fb519b96d" mindelta="1" diff --git a/danish/security/2009/dsa-1830.wml b/danish/security/2009/dsa-1830.wml deleted file mode 100644 index 531173bbcea..00000000000 --- a/danish/security/2009/dsa-1830.wml +++ /dev/null @@ -1,129 +0,0 @@ -flere sårbarheder - - -

Flere fjernudnytbare sårbarheder er opdaget i mailklienten Icedove, en -version af mailklienten Thunderbird. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-0040 - -

    Udførelse af vilkårlig kode var måske mulig gennem en fabrikeret PNG-fil, der -udløste en frigivelse af en uinitialiseret pointer i (1) funktionen -png_read_png, (2) pCAL-chunkhåndtering eller (3) opsætning af -16 bit-gammatabeller. (MFSA 2009-10)

    • - -
  • CVE-2009-0352 - -

    Det var muligt at udføre vilkårlig kode gennem angrebsvinkler i forbindelse -med layoutmaskinen. (MFSA 2009-01)

    • - -
  • CVE-2009-0353 - -

    Det var muligt at udføre vilkårlig kode gennem angrebsvinkler i forbindelse -med JavaScript-maskinen. (MFSA 2009-01)

    • - -
  • CVE-2009-0652 - -

    Bjoern Hoehrmann og Moxie Marlinspike opdagede et muligt forfalskningsangreb -gennem Unicode-tegnene til tegning af rammer i internationaliserede -domænenavne. (MFSA 2009-15)

    • - -
  • CVE-2009-0771 - -

    Hukommelseskorruption og assertion-fejl blev opdaget i layoutmaskinen, -muligvis førende til udførelse af vilkårlig kode. (MFSA 2009-07)

    • - -
  • CVE-2009-0772 - -

    Layoutmaskinen tillod udførelse af vilkårlig kode gennem angrebsvinkler i -forbindelse med nsCSSStyleSheet::GetOwnerNode, events og -garbage-collection. (MFSA 2009-07)

    • - -
  • CVE-2009-0773 - -

    JavaScript-maskinen var sårbar over for udførelse af vilkårlig kode gennem -flere angrebsvinkler. (MFSA 2009-07)

    • - -
  • CVE-2009-0774 - -

    Layoutmaskinen tillod udførelse af vilkårlig kode gennem angrebsvinkler i -forbindelse med gczeal. (MFSA 2009-07)

    • - -
  • CVE-2009-0776 - -

    Georgi Guninski opdagede at det var muligt få adgang til xml-data gennem et -problem i forbindelse med nsIRDFService. (MFSA 2009-09)

    • - -
  • CVE-2009-1302 - -

    Browsermaskinen var sårbar over for en mulig hukommelseskorruption gennem -flere angrebsvinkler.. (MFSA 2009-14)

    • - -
  • CVE-2009-1303 - -

    Browsermaskinen var sårbar over for en mulig hukommelseskorruption gennem -funktionen nsSVGElement::BindToTree. (MFSA 2009-14)

    • - -
  • CVE-2009-1307 - -

    Gregory Fleischer opdagede at det var muligt at omgå Same Origin Policy, når -en Flash-fil blev åbnet gennem view-source:-funktionen. (MFSA 2009-17)

    • - -
  • CVE-2009-1832 - -

    Der blev opdaget mulig udførelse af vilkårlig kode gennem angrebsvinkler, der -involverer "double frame construction." (MFSA 2009-24)

    • - -
  • CVE-2009-1392 - -

    Flere problemer blev opdaget i browsermaskinen, der anvendes af icedove, -hvilket måske kunne føre til udførelse af vilkårlig kode. -(MFSA 2009-24)

    • - -
  • CVE-2009-1836 - -

    Shuo Chen, Ziqing Mao, Yi-Min Wang og Ming Zhang rapporterede om et -potentielt manden i midten-angreb, når der blev anvendt en proxy, på grund af -utilstrækkelig kontroller på visse proxysvar. (MFSA 2009-27)

    • - -
  • CVE-2009-1838 - -

    moz_bug_r_a4 opdagede at det var muligt at udføre vilkårligt JavaScript med -chrome-rettigheder, på grund af en fejl i implementeringen af -garbage-collection. (MFSA 2009-29)

    • - -
  • CVE-2009-1841 - -

    moz_bug_r_a4 rapporterede at det var muligt for skripter fra sideindhold, at -køre med forøgede rettigheder og dermed potentielt udføre vilkårlig kode med -objektets chrome-rettigheder. (MFSA 2009-32)

    • - -
  • Endnu ingen CVE-identifikation - -

    Bernd Jendrissek opdagede et potentielt udnytbart nedbrud ved visning af -en multipart/alternative-mail med en text/enhanced-del. (MFSA 2009-33)

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.0.0.22-0lenny1.

- -

Som angivet i udgivelsesbemærkningerne til etch, var det nødvendigt at -lade sikkerhedsunderstøttelsen til Mozilla-produkter ophøre i den gamle -stabile distribution, før ophøret af den generelle sikkerhedsunderstøttelse -i etch. Du opfordres kraftigt til at opgradere til den stabile distribution -eller skifte til en stadig understøttet browser.

- -

I distributionen testing (squeeze) vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.0.0.22-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1830.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1831.wml b/danish/security/2009/dsa-1831.wml deleted file mode 100644 index 51c9b9a2257..00000000000 --- a/danish/security/2009/dsa-1831.wml +++ /dev/null @@ -1,22 +0,0 @@ -programmeringsfejl - -

Matthew Dempsky opdagede at Daniel J. Bernsteins djbdns, en Domain Name -System-server, ikke begrænsede offset på den krævede måde, hvilket gjorde det -muligt for fjernangribere med kontrol over en tredjeparts subdomæne betjent af -tinydns og axfrdns, at udløse DNS-svar indeholdende vilkårlige poster gennem -fabrikerede zonedata for dette subdomæne.

- -

Den gamle stabile distribution (etch) indeholder ikke djbdns.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.05-4+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.05-5.

- -

Vi anbefaler at du opgraderer din djbdns-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1831.data" -#use wml::debian::translation-check translation="cc93de23eaa3aae0fd490bd0b66f20910a728e8f" mindelta="1" diff --git a/danish/security/2009/dsa-1832.wml b/danish/security/2009/dsa-1832.wml deleted file mode 100644 index ecc87dda2f8..00000000000 --- a/danish/security/2009/dsa-1832.wml +++ /dev/null @@ -1,21 +0,0 @@ -heltalsoverløb - -

Tielei Wang opdagede at CamlImages, et open source-billedbehandlingsbibliotek, -var ramt af flere heltalsoverløb, hvilket måske kunne føre til et potentielt -udnytbart heapoverløb og medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.20-8+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.2.0-4+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.0.1-2.

- -

Vi anbefaler at du opgraderer din camlimages-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1832.data" -#use wml::debian::translation-check translation="cc93de23eaa3aae0fd490bd0b66f20910a728e8f" mindelta="1" diff --git a/danish/security/2009/dsa-1833.wml b/danish/security/2009/dsa-1833.wml deleted file mode 100644 index 7fc0bf0325b..00000000000 --- a/danish/security/2009/dsa-1833.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i ISC's DHCP-implementering:

- -
    - -
  • CVE-2009-0692 - -

    Man opdagede at dhclient ikke på korrekt vis håndterede for lange -subnet-mask-valgmuligheder, førende til et stakbaseret bufferoverløb og -muligvis udførelse af vilkårlig kode.

    • - -
  • CVE-2009-1892 - -

    Christoph Biedl opdagede at DHCP-server måske ville afslutte, når den -modtog visse veldannede DHCP-forespørgsler, forudsat at serveropsætningen -kombinerede host-definitioner ved hjælp af "dhcp-client-identifier" og -"hardware ethernet". Sårbarheden påvirker kun lenny-versionerne af -dhcp3-server og dhcp3-server-ldap.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 3.0.4-13+etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.1.1-6+lenny2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine dhcp3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1833.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1834.wml b/danish/security/2009/dsa-1834.wml deleted file mode 100644 index 9f2d965ecd6..00000000000 --- a/danish/security/2009/dsa-1834.wml +++ /dev/null @@ -1,43 +0,0 @@ -lammelsesangreb - - -
    - -
  • CVE-2009-1890 - -

    En lammelsesangrebsfejl (denial of service) blev fundet i Apache-modulet -mod_proxy, når det blev anvendt som en reverse proxy. En fjernangriber kunne -anvende fejlen til at tvinge proxyprocessen til at forbruge store mængder -CPU-tid. Problemet påvirker ikke Debian 4.0 "etch".

    • - -
  • CVE-2009-1891 - -

    En lammelsesangrebsfejl blev fundet i Apache-modulet mod_deflate. Modulet -fortsatte med at komprimere store filer indtil kompressionen var afsluttet, også -selv om netværksforbindelsen der bad om indholdet, var lukket før komprimeringen -var afsluttet. Det fik mod_deflate til at forbruge store mængder CPU-tid, hvis -mod_deflate blev kaldt i forbindelse med en stor fil. En lignende fejl med -relation til HEAD-forespørgsler til komprimeret indhold blev også -rettet.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 2.2.3-4+etch9.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.2.9-10+lenny4.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil disse problemer blive rettet i version 2.2.11-7.

- -

Med denne bulletin leveres også en opdateret apache2-mpm-itk-pakke, som er -blevet genkompileret mod de nye apache2-pakker.

- -

Opdaterede pakker til s390- og mipsel-arkitekturerne er endnu ikke klar. De -vil blive frigivet så snart de er klar.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1834.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1835.wml b/danish/security/2009/dsa-1835.wml deleted file mode 100644 index d1d055432e7..00000000000 --- a/danish/security/2009/dsa-1835.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i biblioteket til Tag Image File Format (TIFF). -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-2285 - -

    Man opdagede at misdannede TIFF-billeder kunne føre til et nedbrud i - dekomprimeringskoden, medførende lammelsesangreb (denial of - service).

    • - -
  • CVE-2009-2347 - -

    Andrea Barisani opdagede flere heltalsoverløb, hvilket kunne føre til - udførelse af vilkårlig kode, hvis misdannede billeder blev sendt til - værktøjerne rgb2ycbcr eller tiff2rgba.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 3.8.2-7+etch3.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 3.8.2-11.2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1835.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1836.wml b/danish/security/2009/dsa-1836.wml deleted file mode 100644 index 72e351de8d1..00000000000 --- a/danish/security/2009/dsa-1836.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Vinny Guido opdagede at flere sårbarheder i forbindelse med -fornuftighedskontrol af inddata i Fckeditor, en rich-tekst-webeditorkomponent, -kunne føre til udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (etch) indeholder ikke fckeditor.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1:2.6.2-1lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:2.6.4.1-1.

- -

Vi anbefaler at du opgraderer din fckeditor-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1836.data" -#use wml::debian::translation-check translation="1d191c6b42bb95ff48ef329e3a1ba44eb0006e73" mindelta="1" diff --git a/danish/security/2009/dsa-1837.wml b/danish/security/2009/dsa-1837.wml deleted file mode 100644 index 0b619d17d0b..00000000000 --- a/danish/security/2009/dsa-1837.wml +++ /dev/null @@ -1,25 +0,0 @@ -programmeringsfejl - - -

Man opdagede at funktionen dbus_signature_validate i dbus, et system til at -sende beskeder mellem processer, var sårbar over for et lammelsesangreb (denial -of service). Problemet var forårsaget af en ukorrekt rettelse af -DSA-1658-1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.2.1-5+lenny1.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.0.2-1+etch3.

- -

Pakker til ia64 og s390 vil blive udgivet når de er klar.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 1.2.14-1.

- -

Vi anbefaler at du opgraderer dine dbus-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1837.data" -#use wml::debian::translation-check translation="cc335b08ae3d1937bd7f998f6e07dc045f6bc834" mindelta="1" diff --git a/danish/security/2009/dsa-1838.wml b/danish/security/2009/dsa-1838.wml deleted file mode 100644 index 0d66a20fdda..00000000000 --- a/danish/security/2009/dsa-1838.wml +++ /dev/null @@ -1,19 +0,0 @@ -rettighedsforøgelse - -

Tavis Ormandy og Julien Tinnes opdagede at pulseaudio-dæmonen ikke smed -sine rettigheder væk, før den genstartede sig selv, hvilket gjorde det muligt -for lokale angribere at forøge deres rettigheder.

- -

Den gamle stabile distribution (etch) er ikke påvirket af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.9.10-3+lenny1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine pulseaudio-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1838.data" -#use wml::debian::translation-check translation="8c7d2cc74cc85d93122bb9456f4f27a8b015edeb" mindelta="1" diff --git a/danish/security/2009/dsa-1839.wml b/danish/security/2009/dsa-1839.wml deleted file mode 100644 index e172533682f..00000000000 --- a/danish/security/2009/dsa-1839.wml +++ /dev/null @@ -1,25 +0,0 @@ -heltalsoverløb - - -

Man opdagede at gst-plugins-good0.10, GStreamer-plugin'erne fra det -gode sæt, var sårbar over for et heltalsoverløb når der blev behandlet -en stor PNG-fil. Det kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.10.8-4.1~lenny2.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.10.4-4+etch1.

- -

Pakker til arkitekturerne s390 og hppa vil blive gjort tilgænglige -når de er klar.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 0.10.15-2.

- -

Vi anbefaler at du opgraderer dine gst-plugins-good0.10-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1839.data" -#use wml::debian::translation-check translation="529fd123145845e2590626ade3e000aa06636d69" mindelta="1" diff --git a/danish/security/2009/dsa-1840.wml b/danish/security/2009/dsa-1840.wml deleted file mode 100644 index 34a1563aa76..00000000000 --- a/danish/security/2009/dsa-1840.wml +++ /dev/null @@ -1,81 +0,0 @@ -flere sårbarheder - - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø til -XUL-applikationer, så som webbrowseren Iceweasel. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-2462 - -

    Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay og Blake Kaplan -opdagede flere problemer i browsermaskinen, hvilket potentielt kunne føre til -udførelse af vilkårlig kode. (MFSA 2009-34)

    • - -
  • CVE-2009-2463 - -

    monarch2020 rapporterede om et heltalsoverløb i base64-dekodningsfunktionen. -(MFSA 2009-34)

    • - -
  • CVE-2009-2464 - -

    Christophe Charron rapporterede om et muligvis udnytbart crash, der opstod -når flere RDF-filer blev indlæst i et XUL-træelement. (MFSA 2009-34)

    • - -
  • CVE-2009-2465 - -

    Yongqian Li rapporterede om en usikker hukommelsesstilstand kunne etableres -af et særligt fremstillet dokument. (MFSA 2009-34)

    • - -
  • CVE-2009-2466 - -

    Peter Van der Beken, Mike Shaver, Jesse Ruderman og Carsten Book opdagede -flere problemer i JavaScript-maskinen, der måske kunne føre til udførelse af -vilkårligt JavaScript. (MFSA 2009-34)

    • - -
  • CVE-2009-2467 - -

    Attila Suszter opdagede et problem relateret til et særlig fremstillet -Flash-objekt, hvilket kunne anvendes til at køre vilkårlig -kode. (MFSA 2009-35)

    • - -
  • CVE-2009-2469 - -

    PenPal opdagede at det var muligt at udføre vilkårlig kode gennem et særlig -fremstillet SVG-element. (MFSA 2009-37)

    • - -
  • CVE-2009-2471 - -

    Blake Kaplan opdagede en fejl i JavaScript-maskinen, der måske kunne gøre det -muligt for en angriber at udføre vilkårligt JavaScript med chrome-rettigheder. -(MFSA 2009-39)

    • - -
  • CVE-2009-2472 - -

    moz_bug_r_a4 opdagede at problem i JavaScript-maskinen, der kunne anvendes -til at iværksætte angreb med udførelse af skripter på tværs af websteder. -(MFSA 2009-40)

    • -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.9.0.12-0lenny1.

- -

Som angivet i udgivelsesbemærkningerne til etch, var det nødvendigt at -lade sikkerhedsunderstøttelsen til Mozilla-produkter ophøre i den gamle -stabile distribution, før ophøret af den generelle sikkerhedsunderstøttelse -i etch. Du opfordres kraftigt til at opgradere til den stabile distribution -eller skifte til en stadig understøttet browser.

- -

I distributionen testing (squeeze), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.0.12-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1840.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1841.wml b/danish/security/2009/dsa-1841.wml deleted file mode 100644 index 3bd708af915..00000000000 --- a/danish/security/2009/dsa-1841.wml +++ /dev/null @@ -1,29 +0,0 @@ -lammelsesangreb - -

Man opdagede at git-daemon, der er en del af git-core, et populært -distribueret versionsstyringssystem, var sårbar over for lammelsesangreb -(denial of service) forårsaget af en programmeringsfejl i håndtering af -forespørgsler indeholdende ekstra ikke-genkendte parametre, hvilket -medførte en uendelig løkke. Mens det ikke er et problem for dæmonen selv, -da alle forespørgsler udløser en ny instans af git-daemon, vil det stadig -medføre et meget højt CPU-forbrug og kan måske føre til -lammelsesangrebsstilstande.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.4.4.4-4+etch3.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.5.6.5-3+lenny2.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 1:1.6.3.3-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.6.3.3-1.

- -

Vi anbefaler at du opgraderer dine git-core-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1841.data" -#use wml::debian::translation-check translation="21473f8f2a462237252bf25bf08255599eaeb35d" mindelta="1" diff --git a/danish/security/2009/dsa-1842.wml b/danish/security/2009/dsa-1842.wml deleted file mode 100644 index e7a0697964c..00000000000 --- a/danish/security/2009/dsa-1842.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i billedbiblioteket OpenEXR, hvilket kunne føre -til udførelse af vilkårlig kode. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2009-1720 - -

    Drew Yao opdagede heltalsoverløb i kode til forhåndsvisning og - komprimering.

    • - -
  • CVE-2009-1721 - -

    Drew Yao opdagede at en uinitialiseret pointer kunne blive frigivet i - dekomprimeringskoden.

    • - -
  • CVE-2009-1722 - -

    Et bufferoverløb blev opdaget i komprimeringskoden.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 1.2.2-4.3+etch2.

- -

I den stabile distribution (lenny), er disse problemer rettet -i version 1.6.1-3+lenny3.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine openexr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1842.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1843.wml b/danish/security/2009/dsa-1843.wml deleted file mode 100644 index 90058d95927..00000000000 --- a/danish/security/2009/dsa-1843.wml +++ /dev/null @@ -1,23 +0,0 @@ -flere sårbarheder - -

Man opdagede at squid3, en højtydende proxy-caching-server til webklienter, -var sårbar over for flere lammelsesangreb (denial of service). På grund af -ukorrekte grænsekontroller og utilstrækkelig validering mens svar- og -forespørgselsdata blev behandlet, kunne en angriber crashe squid-dæmonen gennem -fabrikerede forespørgsler og svar.

- -

squid-pakken i den gamle stabile distribution (etch) er ikke påvirket -af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.0.STABLE8-3+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine squid3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1843.data" -#use wml::debian::translation-check translation="bbb6fd138b9a23cd97d648dbd406c02452c4696a" mindelta="1" diff --git a/danish/security/2009/dsa-1844.wml b/danish/security/2009/dsa-1844.wml deleted file mode 100644 index 7f529ced9fb..00000000000 --- a/danish/security/2009/dsa-1844.wml +++ /dev/null @@ -1,83 +0,0 @@ -lammelsesangreb/rettighedsforøgelse - - -

Flere sårbarheder er opdaget i Linux-kernen, hvilket måske kan føre til -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-1385 - -

    Neil Horman opdagede en manglende rettelse fra e1000-netværksdriveren. - En fjernbruger kunne måske forårsage et lammelsesangreb i form af en - kernepanik udløst af særligt fremstillet framestørrelser.

    • - -
  • CVE-2009-1389 - -

    Michael Tokarev opdagede et problem i r8169-netværksdriveren. - Fjernbrugere på det samme LAN kunne måske forårsage et lammelsesangreb - i form af en kernepanik udløst af at modtage en stor - størrelsesframe.

    • - -
  • CVE-2009-1630 - -

    Frank Filz opdagede at lokale brugere måske kunne udføre filer uden - udførelsesrettigheder, når de blev tilgået via en nfs4-mount.

    • - -
  • CVE-2009-1633 - -

    Jeff Layton og Suresh Jayaraman rettede flere bufferoverløb i - CIFS-filsystemet, hvilket havde gjort det muligt for fjernservere at - forårsage hukommelseskorruption.

    • - -
  • CVE-2009-1895 - -

    Julien Tinnes og Tavis Ormandy rapporterede om et problem i Linux' - personlighedskode. Lokale brugere kunne drage nytte af en setuid binær - fil, der enten kunne fås til at foretage en NULL-pointer-dereference eller - smide rettigheder væk og overdrage kontrollen til brugeren. Det gjorde det - muligt for en bruger, at omgå mmap_min_addr-begrænsninger, hvilket kunne - udnyttes til at udføre vilkårlig kode.

    • - -
  • CVE-2009-1914 - -

    Mikulas Patocka opdagede et problem i sparc64-kerner, der gjorde det - muligt for lokale brugere at forårsage et lammelsesangreb (crash) ved at - læse filen /proc/iomem.

    • - -
  • CVE-2009-1961 - -

    Miklos Szeredi rapporterede om et problem i ocfs2-filsystemet. Lokale - brugere kunne iværksætte et lammelsesangreb (filsystem-deadlock) ved hjælp - af en bestemt sekvens af splice-systemkald.

    • - -
  • CVE-2009-2406 -CVE-2009-2407 - -

    Ramon de Carvalho Valle opdagede to problemer med det lagopdelte - filsystem eCryptfs, ved anvendelse af værktøjet fsfuzzer. En lokal bruger - med rettigheder til at udføre en eCryptfs-mount kunne ændre indholdet af en - eCryptfs-fil, og dermed få stakken til at løbe over og potentielt få - forøgede rettigheder.

    • - -
- -

I den stabile distribution (etch), er disse problemer rettet i -version 2.6.24-6~etchnhalf.8etch2.

- -

Vi anbefaler at du opgraderer dine linux-2.6.24-pakker.

- -

Bemærk: Debian etch indeholder linux-kernepakker baseret på både -Linux-udgivelserne 2.6.18 og 2.6.24. Debian holder omhyggeligt rede på alle -kendte sikkerhedsproblemer i begge pakker og begge pakker vil modtage -sikkerhedsopdateringer indtil sikkerhedsunderstøttelsen af Debian etch ophører. -Men den store mængde sikkerhedsproblemer af lav prioritet, der opdages i kernen -og ressourcekravene til at foretage en opdatering, taget i betragtning, vil -problemer af lavere sikkerhedsprioritet typisk blive udgivet til 2.6.18 og -2.6.24 udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1844.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1845.wml b/danish/security/2009/dsa-1845.wml deleted file mode 100644 index 17f2c2d8945..00000000000 --- a/danish/security/2009/dsa-1845.wml +++ /dev/null @@ -1,57 +0,0 @@ -lammelsesangreb, rettighedsforøgelse - -

Flere sårbarheder er opdaget i Linux-kernen, hvilket måske kan føre til -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-1895 - -

    Julien Tinnes og Tavis Ormandy rapporterede om et problem i Linux' - personlighedskode. Lokale brugere kunne drage nytte af en setuid binær - fil, der enten kunne fås til at foretage en NULL-pointer-dereference eller - smide rettigheder væk og overdrage kontrollen til brugeren. Det gjorde det - muligt for en bruger, at omgå mmap_min_addr-begrænsninger, hvilket kunne - udnyttes til at udføre vilkårlig kode.

    • - -
  • CVE-2009-2287 - -

    Matt T. Yourst opdagede at problem i undersystemet kvm. Lokale brugere - med rettigheder til at tilgå /dev/kvm kunne forårsage et lammelsesangreb - (hængende proces) ved at levere en ugyldig cr3-værdi til kaldet - KVM_SET_SREGS call.

    • - -
  • CVE-2009-2406 og - CVE-2009-2407 - -

    Ramon de Carvalho Valle opdagede to problemer med det lagopdelte - filsystem eCryptfs, ved anvendelse af værktøjet fsfuzzer. En lokal bruger - med rettigheder til at udføre en eCryptfs-mount kunne ændre indholdet af en - eCryptfs-fil, og dermed få stakken til at løbe over og potentielt få - forøgede rettigheder.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.6.26-17lenny1.

- -

I den gamle stabile distribution (etch), these problems, where -applicable, will be fixed in updates to linux-2.6 and linux-2.6.24.

- -

We recommend that you upgrade your linux-2.6 and user-mode-linux -packages.

- -

Bemærk: Debian etch indeholder linux-kernepakker baseret på både -Linux-udgivelserne 2.6.18 og 2.6.24. Debian holder omhyggeligt rede på alle -kendte sikkerhedsproblemer i begge pakker og begge pakker vil modtage -sikkerhedsopdateringer indtil sikkerhedsunderstøttelsen af Debian etch ophører. -Men den store mængde sikkerhedsproblemer af lav prioritet, der opdages i kernen -og ressourcekravene til at foretage en opdatering, taget i betragtning, vil -problemer af lavere sikkerhedsprioritet typisk blive udgivet til 2.6.18 og -2.6.24 udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1845.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1846.wml b/danish/security/2009/dsa-1846.wml deleted file mode 100644 index fb4255fd5f5..00000000000 --- a/danish/security/2009/dsa-1846.wml +++ /dev/null @@ -1,19 +0,0 @@ -lammelsesangreb - -

Matt T. Yourst opdagede at problem i undersystemet kvm. Lokale brugere -med rettigheder til at tilgå /dev/kvm kunne forårsage et lammelsesangreb -(hængende proces) ved at levere en ugyldig cr3-værdi til kaldet -KVM_SET_SREGS call.

- -

I den stabile distribution (lenny), er disse problemer rettet -i version 72+dfsg-5~lenny2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine kvm-pakker og genopbygger alle -kernemoduler, du har opbygget fra en kvm-source-pakkeversion.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1846.data" -#use wml::debian::translation-check translation="eb43c907a09c006ec7c0cd4b77433b8675e27ace" mindelta="1" diff --git a/danish/security/2009/dsa-1847.wml b/danish/security/2009/dsa-1847.wml deleted file mode 100644 index b0e6ba101fd..00000000000 --- a/danish/security/2009/dsa-1847.wml +++ /dev/null @@ -1,24 +0,0 @@ -ukorrekt assert - -

Man opdagede at BIND DNS-serveren afsluttede når den behandlede en særligt -fremstillet dynamisk DNS-opdatering. Denne sårbarhed påvirker alle -BIND-servere, der betjener mindst en DNS-zone autoritativt, som en master, -selv hvis dynamiske opdateringer ikke er slået til. Debians standardopsætning -for resolvere indeholder desuden flere autoritative zoner, så resolvere er også -påvirket af dette problem, med mindre disse zoner er blevet fjernet.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 9.3.4-2etch5.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 9.5.1.dfsg.P3-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:9.6.1.dfsg.P1-1.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1847.data" -#use wml::debian::translation-check translation="eb43c907a09c006ec7c0cd4b77433b8675e27ace" mindelta="1" diff --git a/danish/security/2009/dsa-1848.wml b/danish/security/2009/dsa-1848.wml deleted file mode 100644 index a33e3262eac..00000000000 --- a/danish/security/2009/dsa-1848.wml +++ /dev/null @@ -1,21 +0,0 @@ -mappegenneløb - -

Man opdagede at znc, en IRC-proxy, ikke på korrekt vis behandlede visse -DCC-forespørglser, hvilket gjorde det muligt for angribere at uploade vilkårlige -filer.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.045-3+etch3.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.058-2+lenny3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.074-1.

- -

Vi anbefaler at du opgraderer din znc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1848.data" -#use wml::debian::translation-check translation="1f56ea60b482e10bcccbbc0e9d2ebdffc110e1ca" mindelta="1" diff --git a/danish/security/2009/dsa-1849.wml b/danish/security/2009/dsa-1849.wml deleted file mode 100644 index cb764ac8c74..00000000000 --- a/danish/security/2009/dsa-1849.wml +++ /dev/null @@ -1,24 +0,0 @@ -designfejl - -

Man opdagede at W3C XML Signature-anbefalingen indeholder sårbarhed på -protokolniveau i forbindelse med trunkering af HMAC-uddata. Denne opdatering -implementerer den foreslåede omgåelse af problemet i C++-versionen af -Apache-implementeringen af standarden, xml-security-c, ved at forhindre -trunkering af uddatastrenge kortere end 80 bit eller det halve af de -oprindelige HMAC-uddata, alt efter hvilken er den største.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.2.1-3+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.4.0-3+lenny2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.0-4.

- -

Vi anbefaler at du opgraderer dine xml-security-c-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1849.data" -#use wml::debian::translation-check translation="1f56ea60b482e10bcccbbc0e9d2ebdffc110e1ca" mindelta="1" diff --git a/danish/security/2009/dsa-1850.wml b/danish/security/2009/dsa-1850.wml deleted file mode 100644 index b57e951fe87..00000000000 --- a/danish/security/2009/dsa-1850.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i libmodplug, de delte biblioteker til mod-musik -baseret på ModPlug. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-1438 - -

    Man opdagede at libmodplug var sårbar over for et heltalsoverløb, når der -blev behandlet en MED-fil med en fabrikeret sangkommentar eller -navn.

    • - -
  • CVE-2009-1513 - -

    Man opdagede at libmodplug var sårbar over for et bufferoverløb i funktionen -PATinst, når lange instrumentnavne blev behandlet.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 1:0.7-5.2+etch1.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1:0.8.4-1+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 1:0.8.7-1.

- -

Vi anbefaler at du opgraderer dine libmodplug-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1850.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1851.wml b/danish/security/2009/dsa-1851.wml deleted file mode 100644 index 3fea5bb8c6e..00000000000 --- a/danish/security/2009/dsa-1851.wml +++ /dev/null @@ -1,22 +0,0 @@ -heltalsoverløb - - -

Man opdagede at gst-plugins-bad0.10, GStreamer-plugin'erne fra det "dårlige" -sæt, var sårbar over for et heltalsoverløb når der behandledes en MED-fil med en -fabrikeret sangkommentar eller sangnavn.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.10.3-3.1+etch3.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.10.7-2+lenny2.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), linker gst-plugins-bad0.10 mod libmodplug.

- -

Vi anbefaler at du opgraderer dine gst-plugins-bad0.10-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1851.data" -#use wml::debian::translation-check translation="6a77bf809bfff1268ec23a140cd5d86bc9990643" mindelta="1" diff --git a/danish/security/2009/dsa-1852.wml b/danish/security/2009/dsa-1852.wml deleted file mode 100644 index 9ed8d866f64..00000000000 --- a/danish/security/2009/dsa-1852.wml +++ /dev/null @@ -1,32 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Man opdagede at fetchmail, et omfattende værktøj til fjernhentning og -videresendelse af mail, var sårbar over for det "Null Prefix Attacks Against -SSL/TLS Certificates" der nyligt blev offentliggjort på Blackhat-konferencen. -Det gjorde det muligt for en angriber, at udføre uopdagede manden i -midten-angreb gennem et fabrikeret ITU-T X.509-certifikat med en indsprøjtning -af null-byte i felterne subjectAltName eller Common Name.

- -

Bemærk, som fetchmail-bruger bør du altid anvende striks certifikatvalidering -gennem en af disse kombinationer: - sslcertck ssl sslproto ssl3 (for service på SSL-wrappede porte) -eller - sslcertck sslproto tls1 (for STARTTLS-baserede services)

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 6.3.6-1etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 6.3.9~rc2-4+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 6.3.9~rc2-6.

- -

Vi anbefaler at du opgraderer dine fetchmail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1852.data" -#use wml::debian::translation-check translation="8e53807fdc57617d3cc04b2ca798e581353cfc1f" mindelta="1" diff --git a/danish/security/2009/dsa-1853.wml b/danish/security/2009/dsa-1853.wml deleted file mode 100644 index 58eb7aa4d75..00000000000 --- a/danish/security/2009/dsa-1853.wml +++ /dev/null @@ -1,23 +0,0 @@ -heap-baseret bufferoverløb - -

Ronald Volgers opdagede at memcached, et højtydende system til caching af -hukommelsesobjekter, var sårbart over for flere heap-baserede bufferoverløb på -grund af heltalskonverteringer når der blev behandlet visse længdeattributter. -En angriber kunne anvende dette til at udføre vilkårlig kode på systemet, der -kører memcached (på etch med root-rettigheder).

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.1.12-1+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.2.2-1+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine memcached-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1853.data" -#use wml::debian::translation-check translation="c8794af6ced77affeb6b1107a0e815104038b2e2" mindelta="1" diff --git a/danish/security/2009/dsa-1854.wml b/danish/security/2009/dsa-1854.wml deleted file mode 100644 index 905872ddfc5..00000000000 --- a/danish/security/2009/dsa-1854.wml +++ /dev/null @@ -1,22 +0,0 @@ -heap-bufferoverløb - -

Matt Lewis opdagede at hukkommelseshåndteringskoden i Apache Portable -Runtime-biblioteket (APR) ikke var sikret mod en wrap-around under -størrelsesberegninger. Det kunne forårsage at biblioteket returnerede et -hukommelsesareal, der var mindre end bedt om, medførende et heap-overløb og -muligvis udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (etch), er dette problem rettet i version -1.2.7-9 af pakken apr og version 1.2.7+dfsg-2+etch3 af pakken apr-util.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.2.12-5+lenny1 af pakken apr og version 1.2.12-5+lenny1 af pakken apr-util.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine APR-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1854.data" -#use wml::debian::translation-check translation="ac08f06e84aff92997a48af736efddd68db3b481" mindelta="1" diff --git a/danish/security/2009/dsa-1855.wml b/danish/security/2009/dsa-1855.wml deleted file mode 100644 index 09d8e940a5a..00000000000 --- a/danish/security/2009/dsa-1855.wml +++ /dev/null @@ -1,22 +0,0 @@ -heap-overløb - -

Matt Lewis opdagede at Subversion udførte utilstrækkelig fornuftighedskontrol -af svndiff-strømme. Ondsindede servere kunne forårsage heap-overløb i klienter, -og ondsindede klienter med commit-adgang kunne forårsage heap-overløb i servere, -muligvis førende til udførelse af vilkårlig kode i begge tilfælde.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.4.2dfsg1-3.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.5.1dfsg1-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.4dfsg-1.

- -

Vi anbefaler at du opgraderer dine Subversion-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1855.data" -#use wml::debian::translation-check translation="ac08f06e84aff92997a48af736efddd68db3b481" mindelta="1" diff --git a/danish/security/2009/dsa-1856.wml b/danish/security/2009/dsa-1856.wml deleted file mode 100644 index 79631a30f35..00000000000 --- a/danish/security/2009/dsa-1856.wml +++ /dev/null @@ -1,27 +0,0 @@ -informationslækage - -

Man opdagede at pakken Debian Mantis, et webbaseret fejlsporingssystem, -installerede databaseadgangsoplysningerne i en fil med verdensskrivbare -rettigheder på det lokale filsystem. Det gjorde det muligt for lokale -brugere at få adgang til oplysningerne, der anvendes til at kontrollere -Mantis-databasen.

- -

Denne opdaterede pakke retter problemet ved nyinstalleringer og vil -omhyggeligt forsøge at updatere eksisterende installationer. Administratorer -kan kontrollere rettighederne hørende til filen /etc/mantis/config_db.php for at -se om de er sikre i deres miljø.

- -

Den gamle stabile distribution (etch) indeholder ikke pakken mantis.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.1.6+dfsg-2lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.8+dfsg-2.

- -

Vi anbefaler at du opgraderer din mantis-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1856.data" -#use wml::debian::translation-check translation="ac08f06e84aff92997a48af736efddd68db3b481" mindelta="1" diff --git a/danish/security/2009/dsa-1857.wml b/danish/security/2009/dsa-1857.wml deleted file mode 100644 index 7b1919cba3f..00000000000 --- a/danish/security/2009/dsa-1857.wml +++ /dev/null @@ -1,24 +0,0 @@ -heltalsoverløb - -

Tielei Wang opdagede at CamlImages, et open source-billedbehandlingsbibliotek, -var ramt af flere heltalsoverløbs, hvilket potentielt kunne føre til et udnytbart -heap-overløb og medføre udførelse af vilkårlig kode. Denne bulletin løser -problemer med læsning af JPEG- og GIF-billeder, mens -DSA 1832-1 løste problemet med -hensyn til PNG-billeder.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.20-8+etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1:2.2.0-4+lenny2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:3.0.1-3.

- -

Vi anbefaler at du opgraderer din camlimages-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1857.data" -#use wml::debian::translation-check translation="5d72ef310e1ee1c84a08bccf7b9fe046dfb4b114" mindelta="1" diff --git a/danish/security/2009/dsa-1858.wml b/danish/security/2009/dsa-1858.wml deleted file mode 100644 index 5c1883f69e8..00000000000 --- a/danish/security/2009/dsa-1858.wml +++ /dev/null @@ -1,92 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i imagemagick-billedbehandlingsprogrammerne, -hvilket kan føre udførelse af vilkårlig kode, blotlæggelse af følsomme -oplysninger eller forårsage lammelsesangreb (denial of service). Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2007-1667 - -

    Flere heltalsoverløb i funktionen XInitImage i ImageMagicks xwd.c, gjorde - det muligt for brugerhjulpne fjernangribere at forårsage et lammelsesangreb - (crash) eller opnå følsomme oplysninger gennem fabrikerede billeder med store - eller negative værdier, der udløste et bufferoverløb. Det påvirker kun den - gamle stabile distribution (etch).

    • - -
  • CVE-2007-1797 - -

    Flere heltalsoverløb gjorde det muligt for fjernangribere at udføre - vilkårlig kode gennem et fabrikeret DCM-billede, eller farver eller - kommentarfelter i et fabrikeret XWD-billede. Det påvirker kun den gamle - stabile distribution (etch).

    • - -
  • CVE-2007-4985 - -

    En fabrikeret billedfil kunne udløse en uendelig løkke i funktionen - ReadDCMImage eller i funktionen ReadXCFImage. Det påvirker kun den gamle - stabile distribution (etch).

    • - -
  • CVE-2007-4986 - -

    Flere heltalsoverløb gjorde det muligt for kontektafhængige angribere at - udføre vilkårlig kode gennem en fabrikeret .dcm-, .dib-, .xbm-, .xcf- eller - .xwd-billedfil, hvilket udløste et heap-baseret bufferoverløb. Det påvirker - kun den gamle stabile distribution (etch).

    • - -
  • CVE-2007-4987 - -

    En forskudt med én-fejl gjorde det muligt for kontaktafhængige angribere - at udføre vilkårlig kode gennem en fabrikeret billedfil, hvilket udløste - skrivning af tegnet '\0' til en adresse uden for grænserne. Det påvirker kun - den gamle stabile distribution (etch).

    • - -
  • CVE-2007-4988 - -

    En "sign extension"-fejl gjorde det muligt for kontektafhængige angribere - at udføre vilkårlig kode gennem en fabrikeret breddeværdi i en billedfil, - hvilket udløste et heltalsoverløb og et heap-baseret bufferoverløb. Det - påvirker kun den gamle stabile distribution (etch).

    • - -
  • CVE-2008-1096 - -

    Funktionen load_tile i XCF-coderen gjorde det muligt for brugerhjulpne - angribere at forårsage et lammelsesangreb eller muligvis udføre vilkårlig - kode gennem en fabrikeret .xcf-fil, der udløste en heap-skrivning uden for - grænserne. Det påvirker kun den gamle stabile distribution (etch).

    • - -
  • CVE-2008-1097 - -

    Et heap-baseret bufferoverløb i PCX-coder'en gjorde det muligt for - brugerhjulpne angribere at forårsage et lammelsesangreb eller muligvis udføre - vilkårlig kode gennem en fabrikeret .pcx-fil, der udløste en ukorrekt - hukommelsesallokering til scanline-array'et, førende til - hukommelseskorruption. Det påvirker kun den gamle stabile distribution - (etch).

    • - -
  • CVE-2009-1882 - -

    Heltalsoverløb gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (crash) og muligvis udføre vilkårlig kode gennem en - fabrikeret TIFF-fil, der udløste et bufferoverløb.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 7:6.2.4.5.dfsg1-0.15+etch1.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 7:6.3.7.9.dfsg2-1~lenny3.

- -

I den kommende stabile distribution (squeeze) og i den ustabile -distribution (sid), er disse problemer rettet i version -7:6.5.1.0-1.1.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1858.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1859.wml b/danish/security/2009/dsa-1859.wml deleted file mode 100644 index dedf45fbafe..00000000000 --- a/danish/security/2009/dsa-1859.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Rauli Kaksonen, Tero Rontti og Jukka Taimisto opdagede flere sårbarheder i -libxml2, et bibliotek til fortolkning og håndtering af XML-datafiler, hvilket -kunne føre til lammelsesangreb (denial of service) eller muligvis udførelse af -vilkårlig kode i den applikation, som anvender biblioteket. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-2416 -

    Et XML-dokument med særligt fremstillede Notation- eller -Enumeration-attributtyper i en DTD-definition, førte til anvendelse af -pointere til hukommelsesarealer, der allerede var frigivet.

    • - -
  • CVE-2009-2414 -

    Manglende kontrol af dybden af ELEMENT DTD-definitioner, ved fortolkning af -child-indhold, kunne føre til omfattende stakvækst på grund af en -funktionsrekursion, hvilket kunne udløses af et fabrikeret XML-dokument.

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.6.27.dfsg-6+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.6.32.dfsg-5+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile (sid) distribution, vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1859.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1860.wml b/danish/security/2009/dsa-1860.wml deleted file mode 100644 index c05acd1c60f..00000000000 --- a/danish/security/2009/dsa-1860.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i Ruby. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-0642 - -

    Returværdien fra funktionen OCSP_basic_verify blev ikke kontrolleret på - korrekt vis, hvilket muliggjorde fortsat anvendelse af et inddraget - certifikat.

    • - -
  • CVE-2009-1904 - -

    Et problem i fortolkningen af BigDecimal-tal kunne medføre en - lammelsesangrebstilstand (denial of service, crash.

    • - -
- -

Følgende matriks identificerer rettede versioner:

- -
- - - - -
  ruby1.8 ruby1.9
oldstable (etch)1.8.5-4etch5 1.9.0+20060609-1etch5
stable (lenny) 1.8.7.72-3lenny11.9.0.2-9lenny1
unstable (sid) 1.8.7.173-1 (soon)
- -

Vi anbefaler at du opgraderer dine Ruby-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1860.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1861.wml b/danish/security/2009/dsa-1861.wml deleted file mode 100644 index df544e2dcd0..00000000000 --- a/danish/security/2009/dsa-1861.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Rauli Kaksonen, Tero Rontti og Jukka Taimisto opdagede flere sårbarheder i -libxml, et bibliotek til fortolkning og håndtering af XML-datafiler, hvilket -kunne føre til lammelsesangreb (denial of service) eller muligvis udførelse af -vilkårlig kode i den applikation, som anvender biblioteket. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-2416 -

    Et XML-dokument med særligt fremstillede Notation- eller -Enumeration-attributtyper i en DTD-definition, førte til anvendelse af -pointere til hukommelsesarealer, der allerede var frigivet.

    • - -
  • CVE-2009-2414 -

    Manglende kontrol af dybden af ELEMENT DTD-definitioner, ved fortolkning af -child-indhold, kunne føre til omfattende stakvækst på grund af en -funktionsrekursion, hvilket kunne udløses af et fabrikeret XML-dokument.

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.8.17-14+etch1.

- -

Den stabile distibution (lenny), distributionen testing (squeeze) og den -ustabile (sid) distribution indeholder ikke længere libxml, men libxml2, til -hvilken DSA-1859-1 er udsendt.

- -

Vi anbefaler at du opgraderer dine libxml-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1861.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1862.wml b/danish/security/2009/dsa-1862.wml deleted file mode 100644 index bc9679eb5af..00000000000 --- a/danish/security/2009/dsa-1862.wml +++ /dev/null @@ -1,36 +0,0 @@ -rettighedsforøgelse - -

En sårbarhed er opdaget i Linux-kernen, hvilket kunne føre til -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problem:

- -
    - -
  • CVE-2009-2692 - -

    Tavis Ormandy og Julien Tinnes opdagede et problem med måden hvorved - sendpage-funktionen initialiseres i proto_ops-strukturen. Lokale brugere - kunne udnytte denne sårbarhed til at opnå forøgede rettigheder.

    • - -
- -

I den gamle stabile distribution (etch), vil dette problem blive rettet med -opdateringer til linux-2.6 og linux-2.6.24.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.6.26-17lenny2.

- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- -

Bemærk: Debian holder omhyggeligt rede på alle kendte sikkerhedsproblemer i -alle linux-kernepakker i alle udgivelser med aktiv sikkerhedsunderstøttelse. -Men med den store mængde sikkerhedsproblemer af lav prioritet, der opdages i -kernen og ressourcekravene til at foretage en opdatering taget i betragtning, -vil opdateringer til problemer af lavere sikkerhedsprioritet typisk ikke blive -udgivet til alle kerner på samme tid. I stedet bliver de opsamlet og udgivet i -større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1862.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1863.wml b/danish/security/2009/dsa-1863.wml deleted file mode 100644 index 81979659efd..00000000000 --- a/danish/security/2009/dsa-1863.wml +++ /dev/null @@ -1,47 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i zope, en funktionsrig -webapplikationsserver skrevet i python, der i værste fald kunne føre til -udførelse af vilkårlig kode. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2009-0668 -

    På grund af en programmeringsfejl, blev en autorisationsmetode i komponenten -StorageServer i ZEO ikke anvendt som en intern metode. Det gjorde det muligt -for en ondsindet klient at omgå autentifikation, når den forbandt sig til en -ZEO-server, ved blot at kalde denne autorisationsmetode.

    • - -
  • CVE-2009-0668 -

    ZEO-serveren begrænsede ikke callables, når den unpicklede data modtaget -fra en ondsindet klient, hvilket kunne anvendes af en angriber til at udføre -vilkårlig python-kode på serveren ved at sende visse exception-pickles. Det -gjorde det også muligt for en angriber at importere ethvert importérbart modul, -da ZEO importerer modulet indeholdende en callable angivet i en pickel til at -teste for visse flag.

    • - -

  • Opdateringen begrænset også antallet af nye objektid'er en klient kan -bede om, til ethundrede, da det ville være muligt at forbruge store mængder -ressourcer ved at bede om et stort bundt nye objektid'er. Der er ikke blevet -tildelt en CVE-id hertil.

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.9.6-4etch2 of zope2.9.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.10.6-1+lenny1 of zope2.10.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.10.9-1 of zope2.10.

- -

Vi anbefaler at du opgraderer dine zope2.10/zope2.9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1863.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1864.wml b/danish/security/2009/dsa-1864.wml deleted file mode 100644 index 4284dd0c2db..00000000000 --- a/danish/security/2009/dsa-1864.wml +++ /dev/null @@ -1,34 +0,0 @@ -rettighedsforøgelse - -

En sårbarhed er opdaget i Linux-kernen, hvilket kunne føre til -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problem:

- -
    - -
  • CVE-2009-2692 - -

    Tavis Ormandy og Julien Tinnes opdagede et problem med måden hvorved - sendpage-funktionen initialiseres i proto_ops-strukturen. Lokale brugere - kunne udnytte denne sårbarhed til at opnå forøgede rettigheder.

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.6.24-6~etchnhalf.8etch3.

- -

Vi anbefaler at du opgraderer dine linux-2.6.24-pakker.

- -

Bemærk: Debian etch indeholder linux-kernepakker baseret på både -Linux-udgivelserne 2.6.18 og 2.6.24. Alle kendte kendte sikkerhedsproblemer -holdes der omhyggeligt rede på i begge pakker, og begge pakker vil modtage -sikkerhedsopdateringer indtil sikkerhedsunderstøttelsen af Debian etch ophører. -Men den store mængde sikkerhedsproblemer af lav prioritet, der opdages i kernen -og ressourcekravene til at foretage en opdatering, taget i betragtning, vil -problemer af lavere sikkerhedsprioritet typisk blive udgivet til 2.6.18 og -2.6.24 udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1864.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1865.wml b/danish/security/2009/dsa-1865.wml deleted file mode 100644 index 53b1db77cdb..00000000000 --- a/danish/security/2009/dsa-1865.wml +++ /dev/null @@ -1,68 +0,0 @@ -lammelsesangreb/rettighedsforøgelse - - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-1385 - -

    Neil Horman opdagede en manglende rettelse fra e1000-netværksdriveren. - En fjernbruger kunne måske forårsage et lammelsesangreb i form af en - kernepanik udløst af særligt fremstillet framestørrelser.

    • - -
  • CVE-2009-1389 - -

    Michael Tokarev opdagede et problem i r8169-netværksdriveren. - Fjernbrugere på det samme LAN kunne måske forårsage et lammelsesangreb - i form af en kernepanik udløst af at modtage en stor - størrelsesframe.

    • - -
  • CVE-2009-1630 - -

    Frank Filz opdagede at lokale brugere måske kunne udføre filer uden - udførelsesrettigheder, når de blev tilgået via en nfs4-mount.

    • - -
  • CVE-2009-1633 - -

    Jeff Layton og Suresh Jayaraman rettede flere bufferoverløb i - CIFS-filsystemet, hvilket havde gjort det muligt for fjernservere at - forårsage hukommelseskorruption.

    • - -
  • CVE-2009-2692 - -

    Tavis Ormandy og Julien Tinnes opdagede et problem med måden hvorved - sendpage-funktionen initialiseres i proto_ops-strukturen. Lokale brugere - kunne udnytte denne sårbarhed til at opnå forøgede rettigheder.

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.6.18.dfsg.1-24etch3.

- -

Følgende matriks opremser yderligere pakker, der blev genopbygget af -hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:

- -
- - - -
  Debian 4.0 (etch)
fai-kernels 1.17+etch.24etch3
user-mode-linux 2.6.18-1um-2etch.24etch3
- -

Vi anbefaler at du opgraderer dine linux-2.6-, fai-kernels- og -user-mode-linux-pakker.

- -

Bemærk: Debian holder omhyggeligt rede på alle kendte sikkerhedsproblemer i -alle linux-kernepakker i alle udgivelser med aktiv sikkerhedsunderstøttelse. -Men med den store mængde sikkerhedsproblemer af lav prioritet, der opdages i -kernen og ressourcekravene til at foretage en opdatering taget i betragtning, -vil opdateringer til problemer af lavere sikkerhedsprioritet typisk ikke blive -udgivet til alle kerner på samme tid. I stedet bliver de opsamlet og udgivet i -større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1865.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1866.wml b/danish/security/2009/dsa-1866.wml deleted file mode 100644 index df144f7624d..00000000000 --- a/danish/security/2009/dsa-1866.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

To sikkerhedsproblemer er opdaget i kdegraphics, grafikprogrammerne i den -officielle udgave af KDE. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-0945 -

    Man opdagede at implementeringen af KSVG-animationselementet var ramt af en -fejl i forbindelse med dereferencering af en null-pointer, hvilket kunne føre -til udførelse af vilkårlig kode.

    • - -
  • CVE-2009-1709 -

    Man opdagede at implementeringen af KSVG-animationselementet var ramt af en -fejl i forbindelse med anvendelse efter frigivelse, hvilket kunne føre til -udførelse af vilkårlig kode.

    • - -
- - -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 4:3.5.5-3etch4.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 4:3.5.9-3+lenny2.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 4:4.0.

- -

Vi anbefaler at du opgraderer dine kdegraphics-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1866.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1867.wml b/danish/security/2009/dsa-1867.wml deleted file mode 100644 index 2d0f6a116d0..00000000000 --- a/danish/security/2009/dsa-1867.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsproblemer er opdaget i kdelibs, kernebibliotekerne i den -officielle KDE-udgave. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-1690 - -

    Man opdagede at der var en fejl i forbindelse med anvendelse efter -frigivelse ved håndtering af visse DOM-eventhandlere. Det kunne føre til -udførelse af vilkårlig kode, når man besøgte et ondsindet websted.

    • - -
  • CVE-2009-1698 - -

    Man opdagede at der kunne være en uinitialiseret pointer, når der blev -håndteret et Cascading Style Sheets-attr-funktionskald. Det kunne føre til -udførelse af vilkårlig kode, når man besøgte et ondsindet websted.

    • - -
  • CVE-2009-1687 - -

    Man opdagede at garbage-collectoren i JavaScript ikke på korrekt vis -håndterede allokeringsfejl, hvilket kunne føre til udførelse af vilkårlig kode, -når man besøgte et ondsindet websted.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 4:3.5.5a.dfsg.1-8etch2.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 4:3.5.10.dfsg.1-0lenny2.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine kdelibs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1867.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1868.wml b/danish/security/2009/dsa-1868.wml deleted file mode 100644 index a55d641df6d..00000000000 --- a/danish/security/2009/dsa-1868.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsproblemer er opdaget i kde4libs, kernebibliotekerne til alle -KDE 4-programmer. Projektet Common Vulnerabilities and Exposures har registeret -følgende problemer:

- -
    - -
  • CVE-2009-1690 - -

    Man opdagede at der var en fejl i forbindelse med anvendelse efter -frigivelse ved håndtering af visse DOM-eventhandlere. Det kunne føre til -udførelse af vilkårlig kode, når man besøgte et ondsindet websted.

    • - -
  • CVE-2009-1698 - -

    Man opdagede at der kunne være en uinitialiseret pointer, når der blev -håndteret et Cascading Style Sheets-attr-funktionskald. Det kunne føre til -udførelse af vilkårlig kode, når man besøgte et ondsindet websted.

    • - -
  • CVE-2009-1687 - -

    Man opdagede at garbage-collectoren i JavaScript ikke på korrekt vis -håndterede allokeringsfejl, hvilket kunne føre til udførelse af vilkårlig kode, -når man besøgte et ondsindet websted.

    • - -
- -

Den gamle stabile distribution (etch) indeholder ikke kde4libs.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 4:4.1.0-3+lenny1.

- -

I distributionen testing (squeeze), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4:4.3.0-1.

- -

Vi anbefaler at du opgraderer dine kde4libs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1868.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1869.wml b/danish/security/2009/dsa-1869.wml deleted file mode 100644 index 8c6df3cb3ce..00000000000 --- a/danish/security/2009/dsa-1869.wml +++ /dev/null @@ -1,24 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Man opdagede at curl, en klient og et bibliotek til at hente filer fra -servere ved hjælp af HTTP, HTTPS eller FTP, var sårbar over for det nyligt -offentliggjorte sårbarhed "Null Prefix Attacks Against SSL/TLS Certificates" -på Blackhat-konferencen. Det gjorde det muligt for en angriber at udføre -uopdagede manden i midten-angreb gennem et fabrikeret ITU-T X.509-certifikat -med en indsprøjtet null-byte i feltet Common Name.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 7.15.5-1etch3.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 7.18.2-8lenny3.

- -

I distributionen testing (squeeze) og i den ustabile (sid) distribution, -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1869.data" -#use wml::debian::translation-check translation="693e4d1146ea6c1afc0d3b05f4f037d8b73e3dcb" mindelta="1" diff --git a/danish/security/2009/dsa-1870.wml b/danish/security/2009/dsa-1870.wml deleted file mode 100644 index 78857b0f14d..00000000000 --- a/danish/security/2009/dsa-1870.wml +++ /dev/null @@ -1,37 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Federico Muttis opdagede at libpurple, der er et delt bibliotek, som leverer -understøttelse af forskellige chatnetværk til chatklienten pidgin, var sårbart -over for et heap-baseret bufferoverløb. Problemet findes, på grund af en -ufuldstændig rettelse af -CVE-2008-2927 og -CVE-2009-1376. -En angriber kunne udnytte dette ved at sende to på hinanden følgende SLP-pakker -til et offer via MSN.

- -

Den første pakke blev anvendt til at oprette et SLP-meddelelsesobjekt med et -offset på nul, og den anden pakke indeholdt et fabrikeret offset, der ramte den -sårbare kode oprindeligt rettet i -CVE-2008-2927 og -CVE-2009-1376, -og gjorde det muligt for en angriber at udføre vilkårlig kode.

- -

Bemærk: Brugere med indstillingen "Allow only the users below" er ikke -sårbare over for angrebet. Hvis du ikke kan installere de nedenfor nævnte -opdateringer, vil det måske være en god idé at foretage denne opsætningsændring -via Tools->Privacy.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.4.3-4lenny3.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.5.9-1.

- -

Vi anbefaler at du opgraderer dine pidgin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1870.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1871.wml b/danish/security/2009/dsa-1871.wml deleted file mode 100644 index a0d8d4ec3fc..00000000000 --- a/danish/security/2009/dsa-1871.wml +++ /dev/null @@ -1,89 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i webloghåndteringssystemet wordpress. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2008-6762 - -

    Man opdagede at wordpress var ramt af en åben viderestillings-sårbarhed, -hvilket gjorde det muligt for fjernangribere at udføre phishing-angreb.

    • - -
  • CVE-2008-6767 - -

    Man opdagede at fjernangribere havde mulighed for at udløse en -applikationsopgradering, hvilket kunne føre til lammelsesangreb (denial of -service).

    • - -
  • CVE-2009-2334 - -

    Man opdagede at wordpress manglende autentifikationskontroller i -plugin-opsætningen, hvilket måske kunne føre til lækage af følsomme -oplysninger.

    • - -
  • CVE-2009-2854 - -

    Man opdagede at wordpress manglende autentifikationskontroller i forskellige -handlinger, hvilket dermed gjorde det muligt for fjernangribere at foretage -uautoriserede redigeringer eller tilføjelser.

    • - -
  • CVE-2009-2851 - -

    Man opdagede at administratorbrugergrænsefladen var sårbar over for et -angreb i forbindelse med udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2009-2853 - -

    Man opdagede at fjernangribere kunne opnå rettigheder gennem visse direkte -forespørgsler.

    • - -
  • CVE-2008-1502 - -

    Man opdagede at funktionen _bad_protocol_once i KSES, som anvendt af -wordpress, gjorde det muligt for fjernangribere at udføre angreb i forbindelse -med udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2008-4106 - -

    Man opdagede at wordpress manglede visse kontroller i forbindelse med -brugeroplysninger, hvilket kunne anvendes af angribere til at ændre en brugers -adgangskode.

    • - -
  • CVE-2008-4769 - -

    Man opdagede at funktionen get_category_template var ramt af en -mappegennemløbssårbarhed, hvilket kunne føre til udførelse af vilkårlig -kode.

    • - -
  • CVE-2008-4796 - -

    Man opdagede at funktionen _httpsrequest i den indlejrede snoopy-version, -var sårbar over for udførelse af vilkårlige kommandoer gennem shell-metategn i -HTTP-URL'er.

    • - -
  • CVE-2008-5113 - -

    Man opdagede at wordpress var afhængig af det superglobale array REQUEST i -visse farlige situationer, hvilket gjorde det lettere at iværksætte angreb -gennem fabrikerede cookie-filer.

    - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 2.0.10-1etch4.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.5.1-11+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 2.8.3-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1871.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1872.wml b/danish/security/2009/dsa-1872.wml deleted file mode 100644 index c62dc809615..00000000000 --- a/danish/security/2009/dsa-1872.wml +++ /dev/null @@ -1,72 +0,0 @@ -lammelsesangreb/rettighedsforøgelse/informationslækage - - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke måske kan føre til -lammelsesangreb (denial of service), rettighedsforøgelse eller lækage af -følsom hukommelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-2698 - -

    Herbert Xu opdagede et problem med måde hvorpå UDP sporer corking-status, - hvilket kunne gøre det muligt for lokale brugere at forårsage - lammelsesangreb (system-crash). Tavis Ormandy og Julien Tinnes opdagede at - dette problem også kunne anvendes af lokale brugere til at opnå forøgede - rettigheder.

    • - -
  • CVE-2009-2846 - -

    Michael Buesch bemærkede et typing-problem i eisa-eeprom-driveren til - hppa-arkitekturen. Lokale brugere kunne udnytte problemet til at få - adgang til hukommelse med begrænset adgang.

    • - -
  • CVE-2009-2847 - -

    Ulrich Drepper bemærkede et problem i rutinen do_sigalstack routine på - 64 bit-systemer. Problemet gjorde det muligt for lokale brugere at få - adgang til potentielt følsom hukommelse på kernestakken.

    • - -
  • CVE-2009-2848 - -

    Eric Dumazet opdagede et problem i execve-stien, hvor variablen - clear_child_tid ikke blev tømt på korrekt vis. Lokale brugere kunne udnytte - problemet til at forårsage lammelsesangreb (hukommelseskorruption).

    • - -
  • CVE-2009-2849 - -

    Neil Brown opdagede et problem i sysfs-grænsefladen til md-enheder. Når - md-arrays ikke var aktive, kunne lokale brugere udnytte sårbarheden til at - forårsage lammelsesangreb (oops).

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.6.18.dfsg.1-24etch4.

- -

Vi anbefaler du at opgraderer dine linux-2.6-, fai-kernels- og -user-mode-linux-pakker.

- -

Bemærk: Debian holder omhyggeligt rede på alle kendte sikkerhedsproblemer i -alle linux-kernepakker i alle udgivelser med aktiv sikkerhedsunderstøttelse. -Men med den store mængde sikkerhedsproblemer af lav prioritet, der opdages i -kernen og ressourcekravene til at foretage en opdatering taget i betragtning, -vil opdateringer til problemer af lavere sikkerhedsprioritet typisk ikke blive -udgivet til alle kerner på samme tid. I stedet bliver de opsamlet og udgivet i -større klumper.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:

- -
- - - -
  Debian 4.0 (etch)
fai-kernels 1.17+etch.24etch4
user-mode-linux 2.6.18-1um-2etch.24etch4
- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1872.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1873.wml b/danish/security/2009/dsa-1873.wml deleted file mode 100644 index 9cfe80edd72..00000000000 --- a/danish/security/2009/dsa-1873.wml +++ /dev/null @@ -1,20 +0,0 @@ -programmeringsfejl - -

Juan Pablo Lopez Yacubian opdagede at ukorrekt håndtering af ugyldige URL'er -kunne anvendes til at forfalske adresselinjen og statussen på en websides -SSL-certifikat.

- -

Xulrunner er ikke længere understøttet i den gamle stabile distribution (etch).

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.9.0.13-0lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.9.0.13-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1873.data" -#use wml::debian::translation-check translation="91b91f573a6f9b0eb1316130f1588b7b69095097" mindelta="1" diff --git a/danish/security/2009/dsa-1874.wml b/danish/security/2009/dsa-1874.wml deleted file mode 100644 index 367c497bc94..00000000000 --- a/danish/security/2009/dsa-1874.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i Network Security Service-bibliotekerne. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-2404 - -

    Moxie Marlinspike opdagede at et bufferoverløb i fortolkeren af - regulære udtryk, kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2009-2408 - -

    Dan Kaminsky opdagede at NULL-tegn i certifikatnavne, kunne føre til - manden i midten-angreb ved at narre brugeren til at acceptere et falsk - certifikat.

    • - -
  • CVE-2009-2409 - -

    Certifikater med MD2-hash-signaturerer accepteres ikke længere, da de - ikke længere betragtes som kryptografisk sikre.

    • - -
- -

Den gamle stabile distribution (etch) indeholder ikke nss.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 3.12.3.1-0lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.12.3.1-1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1874.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1875.wml b/danish/security/2009/dsa-1875.wml deleted file mode 100644 index ee8bc0fdaf0..00000000000 --- a/danish/security/2009/dsa-1875.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende kontrol af inddata - -

Josh Triplett opdagede at sortlistningen af potentielt skadelig TeX-kode i -teximg-modulet i Ikiwiki wiki-kompileren var ufuldstændig, medførende -informationsblotlæggelse.

- -

Den gamle stabile distribution (etch) er ikke påvirket.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.53.4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.1415926.

- -

Vi anbefaler at du opgraderer din ikiwiki-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1875.data" -#use wml::debian::translation-check translation="5c9f6625eceb1ef917778df930e384790cd81922" mindelta="1" diff --git a/danish/security/2009/dsa-1876.wml b/danish/security/2009/dsa-1876.wml deleted file mode 100644 index 2e41383cd33..00000000000 --- a/danish/security/2009/dsa-1876.wml +++ /dev/null @@ -1,33 +0,0 @@ -bufferoverløb - -

Flere fjernudnytbare sårbarheder er opdaget i TFTP-komponenten i dnsmasq. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-2957 -

    Et bufferoverløb i TFTP-behandling, kunne måske gøre det muligt at udføre - vilkårlig kode, for angribere der har tilladelse til at anvende - TFTP-tjenesten.

    • - -
  • CVE-2009-2958 -

    Ondsindede TFTP-klienter kunne få dnsmasq til at gå ned, førende til et - lammelsesangreb (denial of service).

    • - -
- -

Den gamle stabile distribution er ikke påvirket af disse problemer.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.45-1+lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.50-1.

- -

Vi anbefaler at du opgraderer dine dnsmasq-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1876.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1877.wml b/danish/security/2009/dsa-1877.wml deleted file mode 100644 index 66a1f4bdea9..00000000000 --- a/danish/security/2009/dsa-1877.wml +++ /dev/null @@ -1,20 +0,0 @@ -lammelsesangreb/udførelse af vilkårlig kode - -

I MySQL 4.0.0 til 5.0.83 er der flere formatstrengssårbarheder i funktionen -dispatch_command() fra libmysqld/sql_parse.cc i mysqld, der gør det muligt for -autentificerede brugere at forårsage et lammelsesangreb (dæmonnedbrud) og -potentielt udførelse af vilkårlig kode gennem formatstrengsspecifikatorer i et -databasenavn i en COM_CREATE_DB- eller COM_DROP_DB-forespørgsel.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 5.0.51a-24+lenny2.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 5.0.32-7etch11.

- -

Vi anbefaler at du opgraderer dine mysql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1877.data" -#use wml::debian::translation-check translation="360b91beb591734dc32402c7e23c14f66dd1ef82" mindelta="1" diff --git a/danish/security/2009/dsa-1878.wml b/danish/security/2009/dsa-1878.wml deleted file mode 100644 index 50530d9caad..00000000000 --- a/danish/security/2009/dsa-1878.wml +++ /dev/null @@ -1,25 +0,0 @@ -manglende fornuftighedskontrol af inddata - -

Raphael Geissert opdagede at uscan, et program til kontrol af tilgængelighed -af nye kildekodeversioner, som er en del af pakken devscripts, kører Perl-kode -hentet fra kilder som man potentielt ikke kan stole på, for at implementere dens -URL- og versionsforvanskningsfunktionalitet. Denne opdatering løser problemet -ved at reimplementere de relevante Perl-operatorer uden at forlade sig på -Perl-fortolkeren, og mens der samtidig forsøges at bevare bagudkompabilitet så -meget som muligt.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.9.26etch4.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.10.35lenny6.

- -

I den ustabile distribution (sid), vil dette problem blive rettet i -version 2.10.54.

- -

Vi anbefaler at du opgraderer din devscripts-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1878.data" -#use wml::debian::translation-check translation="4fdf543df91843d07bbe8849073af5591408f9ad" mindelta="1" diff --git a/danish/security/2009/dsa-1879.wml b/danish/security/2009/dsa-1879.wml deleted file mode 100644 index 0cdae629955..00000000000 --- a/danish/security/2009/dsa-1879.wml +++ /dev/null @@ -1,52 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget softwaresuiten til SILC-protokollen, en -netværksprotokol designet til at levere ende til ende-sikkerhed til -konferencetjenster. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2008-7159 -

    En ukorrekt formatstreng i sscanf(), anvendt i ASN1-enkoderen til at skanne -en OID-værdi, kunne overskrive en nabovariabel på stakken, da -destinationsdatatypen er mindre end kildetype på 64 bit-arkitekturer. På -64 bit-arkitekturer kunne det medføre uventet applikationsvirkemåde eller -endda udførelse af kode i nogle tilfælde.

    • - -
  • CVE-2009-3051 -

    Forskellige formatstrengssårbarheder når der blev fortolket -SILC-meddelelser, gjorde det muligt for en angriber at udføre vilkårlig kode -med rettighederne hørende til offeret, som kørte SILC-klienten, gennem -fabrikerede kaldenavne eller kanalnavne indeholdende formatstrenge.

    • - -
  • CVE-2008-7160 -

    En ukorrekt formatstreng i et sscanf()-kald anvendt i HTTP-serverkomponenten -i silcd kunne medføre overskrivelse af en nabovariabel på stakken, da -destinationsdatatypen er mindre end kildetype på 64 bit-arkitekturer. En -angriber kunne udnytte det ved at anvende fabrikerede Content-Length-værdier, -medførende uventet applikationsvirkemåde eller endda udførelse af kode i nogle -tilfælde.

    • - -
- -

silc-server behøver ikke en opdatering, da den anvender de delte biblioteker, -der leveres af silc-toolkit. silc-client/silc-toolkit i den gamle stabile -distribution (etch) er ikke påvirket af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.1.7-2+lenny1 af silc-toolkit og i version 1.1.4-1+lenny1 -af silc-client.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.10-1 af silc-toolkit og version 1.1-2 af silc-client -(anvender libsilc fra silc-toolkit siden dette upload).

- -

Vi anbefaler at du opgraderer dine silc-toolkit/silc-client-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1879.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1880.wml b/danish/security/2009/dsa-1880.wml deleted file mode 100644 index 97451bf198a..00000000000 --- a/danish/security/2009/dsa-1880.wml +++ /dev/null @@ -1,57 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i kontorpakken OpenOffice.org. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-0200 - -

    Dyon Balding fra Secunia Research opdagede en sårbarhed, der kunne - udnyttes ved at åbne et særlig fremstillet Microsoft Word-dokument.

    - -

    Ved læsning af et Microsoft Word-dokument, kunne en fejl i fortolkeren af - sprmTDelete-poster medføre et heltalsunderløb, der måske kunne føre til et - heap-baseret bufferoverløb.

    - -

    En succesrig udnyttelse kunne måske gøre det muligt at udføre vilkårlig - kode i OpenOffice.org-processens kontekst.

    • - -
  • CVE-2009-0201 - -

    Dyon Balding fra Secunia Research opdagede en sårbarhed, der kunne - udnyttes ved at åbne et særlig fremstillet Microsoft Word-dokument.

    - -

    Ved læsning af et Microsoft Word-dokument, kunne en fejl i fortolkeren af - sprmTDelete-poster medføre et heap-baseret bufferoverløb.

    - -

    En succesrig udnyttelse kunne måske gøre det muligt at udføre vilkårlig - kode i OpenOffice.org-processens kontekst.

    • - -
  • CVE-2009-2139 - -

    En sårbarhed er opdaget i fortolkeren af EMF-filer i OpenOffice/Go-oo 2.x - og 3.x, der kunne udløses af et særlig fremstillet dokument og føre til - udførelse af vilkårlige kommandoer med rettighederne hørende til brugeren af - OpenOffice.org/Go-oo.

    - -

    Sårbarheden findes ikke i pakkerne til den gamle stabile, testing og den - ustabile distribution.

    • - -
- -

I den gamle stabile distribution (etch) er disse problemer rettet i -version 2.0.4.dfsg.2-7etch7.

- -

I den stabile distribution (lenny) er disse problemer rettet i -version 2.4.1+dfsg-1+lenny3 og højere.

- -

I den ustabile distribution (sid) og i distributionen testing (squeeze) -er disse problemer rettet i version 3.1.1~ooo310m15-1.

- -

Vi anbefaler at du opgraderer din Openoffice.org-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1880.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1881.wml b/danish/security/2009/dsa-1881.wml deleted file mode 100644 index f4172210a1b..00000000000 --- a/danish/security/2009/dsa-1881.wml +++ /dev/null @@ -1,27 +0,0 @@ -bufferoverløb - -

Man opdagede at SIEVE-komponenten i cyrus-imapd, et meget skalérbart -mailsystem til virksomheder, var sårbar over for et bufferoverløb når -SIEVE-skripter blev behandlet. På grund af ukorrekt anvendelse af operatoren -sizeof(), kunne en angriber overføre en negativ længde til snprintf()-kald, -medførende i store positive værdier på grund af heltalskonvertering. Det -forårsagede et bufferoverløb, hvilket kunne anvendes til at forøge -cyrus-systembrugerens rettigheder. En angriber, der kunne installere -SIEVE-skripter, som udføres af serveren, havde derfor mulighed for at læse og -ændre vilkårlige e-mail-meddelelser på systemet.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.2.13-10+etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.2.13-14+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile (sid) distribution, vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine cyrus-imapd-2.2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1881.data" -#use wml::debian::translation-check translation="1b81ff5d2cddea5f841682219e44efc62f21bb1d" mindelta="1" diff --git a/danish/security/2009/dsa-1882.wml b/danish/security/2009/dsa-1882.wml deleted file mode 100644 index e9ecacc7b24..00000000000 --- a/danish/security/2009/dsa-1882.wml +++ /dev/null @@ -1,24 +0,0 @@ -manglende fornuftighedskontrol af inddata - -

Man opdagede at xapian-omega, en CGI-grænseflade til søgning i -xapian-databaser, ikke på korrekt vis indkapslede brugerleverede inddata når -der blev vist exceptions. En angriber kunne anvende dette til at udføre -skripter på tværs af websteder gennem fabrikerede søgeforespørgsler, medførende -en exception, og stjæle potentielt følsomme oplysninger fra webapplikationer, -der kører på det samme domæne eller indlejre søgemaskinen på et websted.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.9.9-1+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.7-3+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile (sid) distribution, -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xapian-omega-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1882.data" -#use wml::debian::translation-check translation="bd210e2f349f93b8afaa888b5f2727cc53b8e682" mindelta="1" diff --git a/danish/security/2009/dsa-1883.wml b/danish/security/2009/dsa-1883.wml deleted file mode 100644 index 661a5d1d0c5..00000000000 --- a/danish/security/2009/dsa-1883.wml +++ /dev/null @@ -1,29 +0,0 @@ -manglende fornuftighedskontrol af inddata - -

Flere sårbarheder er fundet i nagios2, a system til overvågning og håndtering -af værtsmaskiner, tjenester og netværk. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -

Flere problemer med udførelse af skripter på tværs af websteder ved hjælp af -forskellige angrebsvinkler, blev opdaget i CGI-skripterne, hvilket gjorde det -muligt for angribere at indsprøjte vilkårlig HTML-kode. For at holde styr på de -forskellige angrebsvinkler, er problemerne blevet tildelt -CVE-2007-5624, -CVE-2007-5803 og -CVE-2008-1360.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 2.6-2+etch4.

- -

Den stabile distribution (lenny) indeholder ikke nagios2, og nagios3 er ikke -påvirket af disse problemer.

- -

Distributionen testing (squeeze) og den ustabile distribution (sid) -indeholder ikke nagios2, og nagios3 er ikke påvirket af disse problemer.

- -

Vi anbefaler at du opgraderer dine nagios2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1883.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1884.wml b/danish/security/2009/dsa-1884.wml deleted file mode 100644 index 62c721e23e7..00000000000 --- a/danish/security/2009/dsa-1884.wml +++ /dev/null @@ -1,27 +0,0 @@ -bufferunderløb - -

Chris Ries opdagede at nginx, en højtydende HTTP-server, reverse proxy og -IMAP/POP3-proxyserver, var sårbar over for et bufferunderløb ved behandling -af visse HTTP-forespørgsler. En angriber kunne anvende dette til at udføre -vilkårlig kode med rettighederne tilhørende worker-processen (www-data i Debian) -eller muligvis iværksætte lammelsesangreb (denial of service) ved gentagne gange -at få worker-processen til at gå ned gennem særligt fremstillede URL'er i en -HTTP-forespørgsel.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.4.13-2+etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.6.32-3+lenny2.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.7.61-3.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1884.data" -#use wml::debian::translation-check translation="2e708b9e70f0706621cb2f188cbd0dfbb3acf31a" mindelta="1" diff --git a/danish/security/2009/dsa-1885.wml b/danish/security/2009/dsa-1885.wml deleted file mode 100644 index 60262857bdd..00000000000 --- a/danish/security/2009/dsa-1885.wml +++ /dev/null @@ -1,75 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimmiljø til -XUL-applikationer, så som webbrowseren Iceweasel. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-3070 - -

    Jesse Ruderman opdagede nedbrud i layoutmaskinen, hvilket måske kunne - gøre det muligt af udføre vilkårlig kode.

    • - -
  • CVE-2009-3071 - -

    Daniel Holbert, Jesse Ruderman, Olli Pettay og toshi opdagede - nedbrud i layoutmaskinen, hvilket måske kunne gøre det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2009-3072 - -

    Josh Soref, Jesse Ruderman og Martin Wargers opdagede nedbrud i - layoutmaskinen, hvilket måske kunne gøre det muligt at udføre vilkårlig - kode.

    • - -
  • CVE-2009-3074 - -

    Jesse Ruderman opdagede et nedbrud i JavaScript-maskinen, hvilket måske - kunne gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2009-3075 - -

    Carsten Book og Taral opdagede nedbrud i layoutmaskinen, hvilket - måske kunne gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2009-3076 - -

    Jesse Ruderman opdagede at brugergrænsefladen til installering/fjernelse - af PCKS #11-sikkerhedsmoduler ikke var tilstrækkeligt informativ, hvilket - måske kunne muliggøre social engineering-angreb.

    • - -
  • CVE-2009-3077 - -

    Man opdagede at ukorrekt pointerhåndtering i XUL-fortolkeren kunne føre - til udførelse af vilkårlig kode.

    • - -
  • CVE-2009-3078 - -

    Juan Pablo Lopez Yacubian opdagede at ukorrekt rendering af nogle - Unicode-skrifttypetegn kunne føre til forfalskningsangreb i - adresselinjen.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet -i version 1.9.0.14-0lenny1.

- -

Som angivet i udgivelsesbemærkningerne til etch, var det nødvendigt at -lade sikkerhedsunderstøttelsen til Mozilla-produkter ophøre i den gamle -stabile distribution, før ophøret af den generelle sikkerhedsunderstøttelse -i etch. Du opfordres kraftigt til at opgradere til den stabile distribution -eller skifte til en stadig understøttet browser.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.0.14-1.

- -

I den eksperimentelle distribution, er disse problemer rettet i -version 1.9.1.3-1.

- -

Vi anbefaler at du opgraderer din xulrunner-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1885.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1886.wml b/danish/security/2009/dsa-1886.wml deleted file mode 100644 index 4a89dae2f3d..00000000000 --- a/danish/security/2009/dsa-1886.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webbrowseren Iceweasel, en -varemærkfri version af browseren Firefox. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-3079 - -

    moz_bug_r_a4 opdagede at en programmeringsfejl i FeedWriter-modulet - kunne føre til udførelse af JavaScript-kode med forøgede - rettigheder.

    • - -
  • CVE-2009-1310 - -

    Prateek Saxena opdagede en sårbarhed i forbindelse med udførelse af - skripter på tværs af websteder i MozSearch-plugingrænsefladen.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 3.0.6-3.

- -

Som angivet i udgivelsesbemærkningerne til etch, var det nødvendigt at -lade sikkerhedsunderstøttelsen til Mozilla-produkter ophøre i den gamle -stabile distribution, før ophøret af den generelle sikkerhedsunderstøttelse -i etch. Du opfordres kraftigt til at opgradere til den stabile distribution -eller skifte til en stadig understøttet browser.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.0.14-1.

- -

I den eksperimentelle distribution, er disse problemer rettet i -version 3.5.3-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1886.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1887.wml b/danish/security/2009/dsa-1887.wml deleted file mode 100644 index fae129b35b7..00000000000 --- a/danish/security/2009/dsa-1887.wml +++ /dev/null @@ -1,25 +0,0 @@ -manglende fornuftighedskontrol af inddata - - -

Brian Mastenbrook opdagede at rails, det MVC ruby-baserede framework rettet -mod udvikling af webapplikationer, var sårbar over for udførelse af skripter på -tværs af websteder gennem misdannede strenge i form-helper'en.

- -

I den gamle stabile distribution (etch) er sikkerhedsunderstøttelse ophørt. -Der er rapporteret, at rails i den gamle stabile distribution er ubrugelig samt -at forskellig funktionalitet, som er påvirket af sikkerhedsproblemer, ikke -fungerer på grund af programmeringsfejl. Der anbefales kraftigt at opgradere -til versionen i den stabile distribution (lenny).

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.1.0-7.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 2.2.3-1.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1887.data" -#use wml::debian::translation-check translation="de99017f42d2760a08a537823fb8b136f9c04abf" mindelta="1" diff --git a/danish/security/2009/dsa-1888.wml b/danish/security/2009/dsa-1888.wml deleted file mode 100644 index c5202e9151c..00000000000 --- a/danish/security/2009/dsa-1888.wml +++ /dev/null @@ -1,31 +0,0 @@ -kryptografisk svaghed - -

Certifikater med MD2-hash-signaturer accepteres ikke længere af OpenSSL, da -de ikke længere anses for at være kryptografisk sikre.

- -

I den stabile distribution (lenny), er dette problem rettet i version -0.9.8g-15+lenny5.

- -

I den gamle stabile distribution (etch), er dette problem rettet i version -0.9.8c-4etch9 hvad angår openssl og version 0.9.7k-3.1etch5 hvad angår -openssl097. OpenSSL 0.9.8-opdateringen til den gamle stabile distribution -(etch) indeholder også opdateringer af flere lammelsesangrebssårbarheder (denial -of service) i implementeringen af Datagram Transport Layer Security. Disse -rettelser sket i den stabile Debian-distribution (lenny) i forbindelse med en -tidligere punktopdatering. OpenSSL 0.9.7-pakken fra den gamle stabile -distribution (etch) er ikke påvirket. -(CVE-2009-1377, -CVE-2009-1378, -CVE-2009-1379, -CVE-2009-1386 og -CVE-2009-1387.)

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.9.8k-5.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1888.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1889.wml b/danish/security/2009/dsa-1889.wml deleted file mode 100644 index 3d9e1e09e79..00000000000 --- a/danish/security/2009/dsa-1889.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmering error - -

Man opdagede at ICU-unicode-biblioteket behandlede ugyldige -multibyte-sekvenser på ukorrekt vis, hvilket potentielt kunne medføre omgåelse -af sikkerhedsmekanismer.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 3.6-2etch3.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.8.1-3+lenny2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.0.1-1.

- -

Vi anbefaler at du opgraderer dine icu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1889.data" -#use wml::debian::translation-check translation="7ba6d096ca817a638fbc3a3c11cf8cdfcc72ce2d" mindelta="1" diff --git a/danish/security/2009/dsa-1890.wml b/danish/security/2009/dsa-1890.wml deleted file mode 100644 index 4bcd2deb4c1..00000000000 --- a/danish/security/2009/dsa-1890.wml +++ /dev/null @@ -1,27 +0,0 @@ -heltalsoverløb - - -

Tielei Wang opdagede et heltalsoverløb i wxWidgets, wxWidgets -tværplatforms-C++-GUI-toolkit, der tillod udførelse af vilkårlig kode gennem -en fabrikeret JPEG-fil.

- -

I den gamle stabile distribution (etch), er dette problem rettet i version -2.4.5.1.1+etch1 hvad angår wxwindows2.4 og version 2.6.3.2.1.5+etch1 hvad angår -wxwidgets2.6.

- -

I den stabile distribution (lenny), er dette problem rettet i version -2.6.3.2.2-3+lenny1 hvad angår wxwidgets2.6 og version 2.8.7.1-1.1+lenny1 hvad -angår wxwidgets2.8.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.8.7.1-2 hvad angår wxwidgets2.8 og vil snart blive rettet hvad angår -wxwidgets2.6.

- -

Vi anbefaler at du opgraderer dine wxwidgets-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1890.data" -#use wml::debian::translation-check translation="77138909405f2a3cbea2dd7684c0e2647fa39e6d" mindelta="1" diff --git a/danish/security/2009/dsa-1891.wml b/danish/security/2009/dsa-1891.wml deleted file mode 100644 index 04ca30651bb..00000000000 --- a/danish/security/2009/dsa-1891.wml +++ /dev/null @@ -1,25 +0,0 @@ -shell-kommandoudførelse - - -

Marek Grzybowski opdagede at changetrack, et program til overvågning af -ændringer af (opsætnings-)filer, var sårbart over for indspøjtning af -shell-kommandoer gennem metategn i filnavne. Programmets virkemåde er ændret -til at afvise alle filnavne med metategn.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 4.3-3+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 4.3-3+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.5-2.

- -

Vi anbefaler at du opgraderer dine changetrack-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1891.data" -#use wml::debian::translation-check translation="f78f9eb2cbd510e59fc9fc77aa38523626624eed" mindelta="1" diff --git a/danish/security/2009/dsa-1892.wml b/danish/security/2009/dsa-1892.wml deleted file mode 100644 index 00dab9cbf52..00000000000 --- a/danish/security/2009/dsa-1892.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb - -

Man opdagede at SIEVE-komponenten i dovecot, en mailserver der understøtter -mbox- og maildir-mailbokse, var sårbar over for et bufferoverløb når der blev -behandlet SIEVE-skripter. Det kunne anvendes til at forøge rettighederne -hørende til systembrugeren dovecot. En angriber, der har mulighed for at -installere SIEVE-skripter udført på serveren, havde derfor mulighed for at læse -og ændre vilkårlige e-mail-meddelelser på systemet.

- -

I den gamle stabile distribution (etch), er dette problem rettet i version -1.0.rc15-2etch5.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1:1.0.15-2.3+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -dette problem rettet i version 1:1.2.1-1.

- -

Vi anbefaler at du opgraderer dine dovecot-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1892.data" -#use wml::debian::translation-check translation="1ad32fa96f54afbf15d4abdcf0b70a9ebc79aec0" mindelta="1" diff --git a/danish/security/2009/dsa-1893.wml b/danish/security/2009/dsa-1893.wml deleted file mode 100644 index ebc4e0fbd9c..00000000000 --- a/danish/security/2009/dsa-1893.wml +++ /dev/null @@ -1,33 +0,0 @@ -bufferoverløb - - -

Man opdagede at SIEVE-komponenten i cyrus-imapd og kolab-cyrus-imapd, -mailsystemet Cyrus, var sårbar over for et bufferoverløb når der blev -behandlet SIEVE-skripter. Det kunne anvendes til at forøge rettighederne -hørende til systembrugeren cyrus. En angriber, der har mulighed for at -installere SIEVE-skripter udført på serveren, havde derfor mulighed for at læse -og ændre vilkårlige e-mail-meddelelser på systemet. Opdateringen i -DSA 1881-1 var ufuldstændig og -problemet har fået yderligere en CVE-id på grund af dets kompleksitet.

- -

I den gamle stabile distribution (etch), er dette problem rettet i version -2.2.13-10+etch4 hvad angår cyrus-imapd-2.2 og version 2.2.13-2+etch2 hvad angår -kolab-cyrus-imapd.

- -

I den stabile distribution (lenny), er dette problem rettet i version -2.2.13-14+lenny3 hvad angår cyrus-imapd-2.2, version 2.2.13-5+lenny2 hvad angår -kolab-cyrus-imapd.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.2.13-15 hvad angår cyrus-imapd-2.2, og vil snart blive rettet hvad angår -kolab-cyrus-imapd.

- -

Vi anbefaler at du opgraderer dine cyrus-imapd-2.2- og -kolab-cyrus-imapd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1893.data" -#use wml::debian::translation-check translation="1ad32fa96f54afbf15d4abdcf0b70a9ebc79aec0" mindelta="1" diff --git a/danish/security/2009/dsa-1894.wml b/danish/security/2009/dsa-1894.wml deleted file mode 100644 index 02003d46a27..00000000000 --- a/danish/security/2009/dsa-1894.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - - -

Miroslav Lichvar opdagede at newt, et vinduesværktøjssæt, var sårbar over for -et bufferoverløb i indholdsbehandlingskoden, hvilket kunne føre til udførelse af -vilkårlig kode.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.52.2-10+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.52.2-11.3+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine newt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1894.data" -#use wml::debian::translation-check translation="9a220bd5e0a55e0579a14488f5dbc17a950dbf7f" mindelta="1" diff --git a/danish/security/2009/dsa-1895.wml b/danish/security/2009/dsa-1895.wml deleted file mode 100644 index ec6a9f67764..00000000000 --- a/danish/security/2009/dsa-1895.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i pakken xmltooling, der anvendes af -Shibboleth:

- -
    - -

  • Chris Ries opdagede at dekodning af fabrikerede URL'er førte et nedbrud -(og potentielt udførelse af vilkårlig kode).

    • - -

  • Ian Young opdagede at indlejrede NUL-tegn i certifikatnavne ikke blev -håndteret korrekt, hvilket blotlagde opsætninger, der anvender -PKIX-fortrolighedsvalidering, til identitetstyveriangreb.

    • - -

  • Ukorrekt håndtering af SAML-metadata ignorerede vigtige -anvendelsesbegræsninger. Dette mindre problem behøver også en rettelse i -opensaml2-pakker, der vil blive leveret i en kommende stabil punktopdatering -(og, før da, gennem stable-proposed-updates).

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.0-2+lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.2.2-1.

- -

Vi anbefaler at du opgraderer dine xmltooling-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1895.data" -#use wml::debian::translation-check translation="ba4d2f3021be8896c96b311ae1cfcb9a81b4e3eb" mindelta="1" diff --git a/danish/security/2009/dsa-1896.wml b/danish/security/2009/dsa-1896.wml deleted file mode 100644 index a5f5b5187d6..00000000000 --- a/danish/security/2009/dsa-1896.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i pakkerne opensaml og shibboleth-sp, der -anvendes af Shibboleth 1.x:

- -
    - -

  • Chris Ries opdagede at dekodning af fabrikerede URL'er førte et nedbrud -(og potentielt udførelse af vilkårlig kode).

    • - -

  • Ian Young opdagede at indlejrede NUL-tegn i certifikatnavne ikke blev -håndteret korrekt, hvilket blotlagde opsætninger, der anvender -PKIX-fortrolighedsvalidering, til identitetstyveriangreb.

    • - -

  • Ukorrekt håndtering af SAML-metadata ignorerede vigtige -anvendelsesbegræsninger.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 1.3f.dfsg1-2+etch1 af shibboleth-sp-pakkerne, og i version -1.1a-2+etch1 af opensaml-pakkerne.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.3.1.dfsg1-3+lenny1 af shibboleth-sp-pakkerne, og i version -1.1.1-2+lenny1 af opensaml-pakkerne.

- -

Den ustabile distribution (sid) indeholder ikke Shibboleth 1.x-pakker.

- -

Opdateringen kræver genstart af de påvirkede services (især Apache) for at -kunne træde i kraft.

- -

Vi anbefaler at du opgraderer dine Shibboleth 1.x-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1896.data" -#use wml::debian::translation-check translation="7ecc6be4937a3d3e04de81752d4492013a43008a" mindelta="1" diff --git a/danish/security/2009/dsa-1897.wml b/danish/security/2009/dsa-1897.wml deleted file mode 100644 index ffa846132b6..00000000000 --- a/danish/security/2009/dsa-1897.wml +++ /dev/null @@ -1,30 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Stefan Esser opdagede at Horde, et webapplikationsframework, der stiller -klasser til rådighed for håndtering af indstillinger, komprimering, -browsergenkendelse, forbindelsessporing, MIME, med mere, på utilstrækkelig -vis validerede og indkapslede brugerleverede inddata. Form-elementet -Horde_Form_Type_image tillod genbrug af et midlertidigt filnavn ved -genuploads, hvilket gemtes i et skjult HTML-felt og dernæst blev stolet på -uden yderligere validering. En angriber kunne anvende dette til at overskrive -vilkårlige filer på systemet eller uploade PHP-kode, og dermed udføre vilkårlig -kode med webserverens rettigheder.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 3.1.3-4etch6.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.2.2+debian0-2+lenny1.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 3.3.5+debian0-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.3.5+debian0-1.

- -

Vi anbefaler at du opgraderer dine horde3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1897.data" -#use wml::debian::translation-check translation="b124fdf9b975ae9a73d57efce575b4f378d1c241" mindelta="1" diff --git a/danish/security/2009/dsa-1898.wml b/danish/security/2009/dsa-1898.wml deleted file mode 100644 index 30d1ec3a2e5..00000000000 --- a/danish/security/2009/dsa-1898.wml +++ /dev/null @@ -1,20 +0,0 @@ -lammelsesangreb - -

Man opdagede at pluto-dæmonen i openswan, en implementering af IPSEC og IKE, -kunne gå ned når den behandlede et fabrikeret X.509-certifikat.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.4.6+dfsg.2-1.1+etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.4.12+dfsg-1.3+lenny2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.6.22+dfsg-1.

- -

Vi anbefaler at du opgraderer din openswan-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1898.data" -#use wml::debian::translation-check translation="0ec74087adcac0972e7686493c083cf5d4512ba4" mindelta="1" diff --git a/danish/security/2009/dsa-1899.wml b/danish/security/2009/dsa-1899.wml deleted file mode 100644 index 708ff550a91..00000000000 --- a/danish/security/2009/dsa-1899.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i strongswan, en implementering -af IPSEC- og IKE-protokollerne. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2009-1957 -CVE-2009-1958 - -

    Charon-dæmonen kunne gå ned, når den behandlede visse fabrikerede -IKEv2-pakker. (Den gamle stabile distribution (etch) er ikke påvirket af disse -to problemer, da der mangler understøttelse af IKEv2.)

    • - -
  • CVE-2009-2185 -CVE-2009-2661 - -

    Pluto-dæmonen kunne gå ned, når den behandlede et fabrikeret -X.509-certifikat.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 2.8.0+dfsg-1+etch2.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 4.2.4-5+lenny3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.3.2-1.1.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1899.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1900.wml b/danish/security/2009/dsa-1900.wml deleted file mode 100644 index 0c03b90db54..00000000000 --- a/danish/security/2009/dsa-1900.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i PostgreSQL, et SQL-databasesystem. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-3229 - -

    Autentificerede brugere kunne få backend-serveren til at lukke ned, ved at -udføre re-LOAD-ing af biblioteker i $libdir/plugins, hvis der var -biblioteker til stede der. (Den gamle stabile distribution (etch) er ikke -påvirket af dette problem.)

    • - -
  • CVE-2009-3230 - -

    Autentificerede ikke-superbrugere kunne opnå superbrugerrettigheder til -databasen, hvis de kunne oprette funktioner og tabeller, på grund af ukorrekt -udførelse af funktioner i funktionsindekser.

    • - -
  • CVE-2009-3231 - -

    Hvis PostgreSQL var opsat med LDAP-autentifikation, og LDAP-opsætningen -tillod anonyme bindinger, var det muligt for en bruger at autentificere sig -selv med en tom adgangskode. (Den gamle stabile distribution (etch) er ikke -påvirket af dette problem.)

    • - -
- -

Desuden indeholder denne opdatering driftssikkerhedsforbedringer, der ikke -gælder sikkerhedsproblemer.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i version -7.4.26-0etch1 af postgresql-7.4-kildekodepakken, og version 8.1.18-0etch1 af -postgresql-8.1-kildekodepakken.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -8.3.8-0lenny1 af postgresql-8.3-kildekodepakken.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -8.3.8-1 af postgresql-8.3-kildekodepakken, og version 8.4.1-1 af -postgresql-8.4-kildekodepakken.

- -

Vi anbefaler at du opgraderer dine PostgreSQL-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1900.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1901.wml b/danish/security/2009/dsa-1901.wml deleted file mode 100644 index 34f234b505c..00000000000 --- a/danish/security/2009/dsa-1901.wml +++ /dev/null @@ -1,53 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i mediawiki1.7, en webstedsmaskine til -samarbejdsprojekter. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2008-5249 - -

    David Remahl opdagede at mediawiki1.7 var sårbar over for et angreb i -forbindelse med udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2008-5250 - -

    David Remahl opdagede at mediawiki1.7, når Internet Explorer anvendes og -filupload er aktiveret, eller der anvendes en browser som understøtter -SVG-scripting og SVG-upload er aktiveret, tillod at autentificerede brugere -kunne indsprøjte vilkårligt webskript eller HTML ved at redigere en -wikiside.

    • - -
  • CVE-2008-5252 - -

    David Remahl opdagede at mediawiki1.7 var sårbar over for en -forespørgselsforfalskning på tværs af websteder i -Special:Import-funktionen.

    • - -
  • CVE-2009-0737 - -

    Man opdagede at mediawiki1.7 var sårbar over for et skriptudførelsesangreb i -det webbaserede installeringsprogram.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i version -1.7.1-9etch1 af mediawiki1.7, og mediawiki er ikke påvirket (det er en metapakke -for mediawiki1.7).

- -

Den stabile distribution (lenny) indeholder ikke mediawiki1.7, mens disse -problemer er rettet i version 1:1.12.0-2lenny3 af mediawiki, der allerede er -medtaget i udgivelsen af lenny.

- -

Den ustabile distribution (sid) og distributionen testing (squeeze) indeholder -ikke mediawiki1.7, mens disse problemer er rettet i version 1:1.14.0-1 af -mediawiki.

- -

Vi anbefaler at du opgraderer dine mediawiki1.7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1901.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1902.wml b/danish/security/2009/dsa-1902.wml deleted file mode 100644 index fa278cbbe8b..00000000000 --- a/danish/security/2009/dsa-1902.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Jakub Wilk opdagede et forskudt med én-bufferoverløb i charset-håndteringen -i elinks, en funktionsrig tekstbaseret WWW-browser, hvilket måske kunne føre -til udførelse af vilkårlig kode, hvis brugeren blev narret til at åbne en -misdannet HTML-side.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.11.1-1.2etch2.

- -

Den stable distribution (lenny) og den ustabile distribution (sid) -indeholder allerede en rettelse af dette problem.

- -

Vi anbefaler at du opgraderer din elinks-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1902.data" -#use wml::debian::translation-check translation="7230cdff8503cfb19170947730cf91805b4c4555" mindelta="1" diff --git a/danish/security/2009/dsa-1903.wml b/danish/security/2009/dsa-1903.wml deleted file mode 100644 index 5f8d3ed11c4..00000000000 --- a/danish/security/2009/dsa-1903.wml +++ /dev/null @@ -1,114 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i graphicsmagick, en samling af -billedbehandlingsværktøjer, hvilket kunne føre til udførelse af vilkårlig kode, -blotlæggelse af følsomme oplysninger eller forårsage lammelsesangreb (denial of -service). Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2007-1667 - -

    Flere heltalsoverløb i funktionen XInitImage i GraphicsMagicks xwd.c - gjorde det muligt for brugerhjulpne fjernangribere at forårsage et - lammelsesangreb (nedbrud) eller få adgang til følsomme oplysninger gennem - fabrikerede billeder med store eller negative værdier, der udløste et - bufferoverløb. Det påvirker kun den gamle stabile distribution - (etch).

    • - -
  • CVE-2007-1797 - -

    Flere heltalsoverløb gjorde det muligt for fjernangribere at udføre - vilkårlig kode gennem et fabrikeret DCM-billede, eller farve- eller - kommentarfelterne i et fabrikeret XWD-billede. Det påvirker kun den gamle - stabile distribution (etch).

    • - -
  • CVE-2007-4985 - -

    En fabrikeret billedfil kunne udløse en uendelig løkke i funktionerne - ReadDCMImage og ReadXCFImage. Det påvirker kun den gamle stabile distribution - (etch).

    • - -
  • CVE-2007-4986 - -

    Flere heltalsoverløb gjorde det muligt for kontekstafhængige angribere at - udføre vilkårlig kode gennem en fabrikeret .dcm-, .dib-, .xbm-, .xcf- eller - .xwd-billedfil, hvilket udløste et heap-baseret bufferoverløb. Det påvirker - kun den gamle stabile distribution (etch).

    • - -
  • CVE-2007-4988 - -

    En fortegnsudvidelsesfejl gjorde det muligt for kontektafhængige angribere - at udføre vilkårlig kode gennem en fabrikeret width-værdi i en billedfil, - hvilket udløste et heltalsoverløb og et heap-baseret bufferoverløb. Det - påvirker kun den gamle stabile distribution (etch).

    • - -
  • CVE-2008-1096 - -

    Funktionen load_tile XCF-koderen gjorde det muligt for brugerhjulpne - fjernangribere at forårsage et lammelsesangreb eller muligvis udføre vilkårlig - kode gennem en fabrikeret .xcf-fil, der udløste en uden for - grænserne-heapskrivning. Det påvirker kun den gamle stabile - distribution (etch).

    • - -
  • CVE-2008-3134 - -

    Flere sårbarheder i GraphicsMagick før version 1.2.4 gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (nedbrud, uendelig løkke eller - hukommelsesforbrug) gennem angrebsvinkler i AVI-, AVS-, DCM-, EPT-, FITS-, - MTV-, PALM-, RLA- og TGA-dekoderlæsere samt funktionen GetImageCharacteristics - i magick/image.c, der tilgås fra en fabrikeret PNG-, JPEG-, BMP- eller - TIFF-fil.

    • - -
  • CVE-2008-6070 - -

    Flere heap-baserede bufferunderløb i funktionen ReadPALMImage i - coders/palm.c i GraphicsMagick før version 1.2.3, gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (nedbrud) eller muligvis - udførelse af vilkårlig kode gennem et fabrikeret PALM-billede.

    • - -
  • CVE-2008-6071 - -

    Et heap-baseret bufferoverløb i funktionen DecodeImage i coders/pict.c i - GraphicsMagick før version 1.1.14, og 1.2.x før 1.2.3, gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (nedbrud) eller muligvis - udføre vilkårlig kode gennem et fabrikeret PICT-billede.

    • - -
  • CVE-2008-6072 - -

    Flere sårbarheder i GraphicsMagick gjorde det muligt for fjernangribere - at forårsage et lammelsesangreb (nedbrud) gennem angrebsvinkler i XCF- og - CINEON-billeder.

    • - -
  • CVE-2008-6621 - -

    En sårbarhed i GraphicsMagick gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb (nedbrud) gennem angrebsvinkler i - DPX-billeder.

    • - -
  • CVE-2009-1882 - -

    Et heltalsoverløb gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (nedbrud) og muligvis udføre vilkårlig kode gennem en - fabrikeret TIFF-fil, hvilket udløste et bufferoverløb.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 1.1.7-13+etch1.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.1.11-3.2+lenny1.

- -

I den kommende stabile distribution (squeeze) og i den ustabile -distribution (sid), er disse problemer rettet i version -1.3.5-5.1.

- -

Vi anbefaler at du opgraderer dine graphicsmagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1903.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1904.wml b/danish/security/2009/dsa-1904.wml deleted file mode 100644 index 94d29d540b7..00000000000 --- a/danish/security/2009/dsa-1904.wml +++ /dev/null @@ -1,27 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Daniel Stenberg opdagede at wget, et netværksværktøj til hentning af filer -fra web ved hjælp af http(s) og ftp, var sårbart over for Null Prefix Attacks -Against SSL/TLS Certificates, der blev offentliggjort på -Blackhat-konferencen for nogen tid siden. Sårbarheden gjorde det muligt for en -angriber at iværksætte manden i midten-angreb gennem et fabrikeret -ITU-T X.509-certifikat med indspøjtet null-byte i feltet Common Name.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.10.2-2+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.11.4-2+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.12-1.

- -

Vi anbefaler at du opgraderer dine wget-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1904.data" -#use wml::debian::translation-check translation="9fcc9dae29b68fc404a741cc37991e40e6cb1efb" mindelta="1" diff --git a/danish/security/2009/dsa-1905.wml b/danish/security/2009/dsa-1905.wml deleted file mode 100644 index 70a4025f4f6..00000000000 --- a/danish/security/2009/dsa-1905.wml +++ /dev/null @@ -1,26 +0,0 @@ -utilstrækkelig kontrol af inddata - -

Forms-biblioteket i python-django, et Python-webudviklingsframework på højt -niveau, anvendte et dårlig valgt regulært udtryk når e-mail-adresser og URL'er -blev valideret. En angriber kunne anvende dette til at udføre lammelsesangreb -(denial of service med hundrede procents CPU-forbrug) på grund af dårlig -backtracking gennem en særligt fremstillet e-mail-adresse eller URL, der blev -valideret af django forms-biblioteket.

- -

python-django i den gamle stabile distribution (etch), er ikke påvirket af -dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.2-1+lenny2.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.1-1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1905.data" -#use wml::debian::translation-check translation="1f8a4b3311f317330ee3c3ecc83043b2102825d1" mindelta="1" diff --git a/danish/security/2009/dsa-1906.wml b/danish/security/2009/dsa-1906.wml deleted file mode 100644 index 4fb4616922d..00000000000 --- a/danish/security/2009/dsa-1906.wml +++ /dev/null @@ -1,21 +0,0 @@ -Ophørsannoncering af clamav i stable og oldstable - - -

Sikkerhedsunderstøttelse af clamav, et antivirusværktøj til Unix, er ophørt i -den stabile distribution (lenny) og i den gamle stabile distribution (etch). -Opstrømsudviklerne af Clamav understøtter ikke længere udgaverne i etch og lenny. -Desuden er det ikke længere muligt på let vis, at modtage signaturopdateringer -til virusscanneren i vores udgivne versioner.

- -

Vi anbefaler at alle clamav-brugere overvejer at skifte til versionen i -debian-volatile, der jævnligt opdateres og sikkerhedsunderstøttes så godt det er -muligt.

- -

For flere oplysninger om debian-volatile, besøg -https://www.debian.org/volatile/.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1906.data" -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" diff --git a/danish/security/2009/dsa-1907.wml b/danish/security/2009/dsa-1907.wml deleted file mode 100644 index f801ccda15a..00000000000 --- a/danish/security/2009/dsa-1907.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i kvm, et komplet virtualiseringssystem. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2008-5714 - -

    Chris Webb opdagede en forskudt med én-fejl, der begrænsede KVM's -VNC-adgangskoder til syv tegn. Fejlen kunne gøre det lettere for fjernangribere -at gætte VNC-adgangskoden, der var begrænset til syv tegn i stedet for de -tiltænkte otte.

    • - -
  • CVE-2009-3290 - -

    Man opdagede at funktionen kvm_emulate_hypercall i KVM ikke forhindrede -adgang til MMU-hypercalls fra ring 0, hvilket gjorde det muligt for lokale -brugere af gæste-styresystemet at forårsage et lammelsesangreb (denial af -service med nedbrud i gæste-kernen) og læse eller skrive gæste-kernens -hukommelse.

    • - -
- -

Den gamle stabile distribution (etch) indeholder ikke kvm.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -72+dfsg-5~lenny3.

- -

I distributionen testing (squeeze) vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -85+dfsg-4.1

- -

Vi anbefaler at du opgraderer dine kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1907.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1908.wml b/danish/security/2009/dsa-1908.wml deleted file mode 100644 index 2e902e4a9f4..00000000000 --- a/danish/security/2009/dsa-1908.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i samba, en implementering af -SMB-/CIFS-protokollen til Unix-systemer og blandt andet på tværs af platforme -gør det muligt at dele filer og printere med andre styresystemer. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-2948 - -

    Værktøjet mount.cifs mangler korrekte kontroller af filrettigheder, når det -anvendes i tilstanden verbose. Dette gjorde det muligt for lokale brugere, -delvist at afsløre indholdet af vilkårlige filer, ved at angive filen som en -credentials-fil og forsøge at forbinde et samba-share.

    • - -
  • CVE-2009-2906 - -

    Et var på en oplock break-besked, som samba ikke forventer, kunne føre til at -tjenesten kom i en uendelig løkke. En angriber kunne udnytte det til at udføre -lammelsesangreb (denial of service) gennem en særligt fremstillet -SMB-forespørgsel.

    • - -
  • CVE-2009-2813 - -

    Manglende fejlhåndtering i situationer hvor ingen home-mappe var -opsat/angivet for brugeren, kunne føre til filafsløring. I situationer hvor -det automatiske [homes]-share er aktiveret eller en eksplicit share er oprettet -med dette brugernavn, fik samba ikke håndhævet delingsbegrænsninger, hvilket -medførte at en angriber kunne tilgå filsystemet fra root-mappen.

    • - -
- -

I den gamle stabile distribution (etch), vil dette problem snart blive rettet.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2:3.2.5-4lenny7.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:3.4.2-1.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1908.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1909.wml b/danish/security/2009/dsa-1909.wml deleted file mode 100644 index 4ed1041f4fc..00000000000 --- a/danish/security/2009/dsa-1909.wml +++ /dev/null @@ -1,29 +0,0 @@ -manglende escape-funktion - - -

Man opdagede at postgresql-ocaml, OCaml-bindinger til PostgreSQL's -libpq, manglede en funktion til at kalde PQescapeStringConn(). Det er -nødvendigt da PQescapeStringConn() respekterer forbindelsens tegnsæt og -forhindrer utilstrækkelig escaping, når visse multibyte-tegn-indkapslinger -anvendes. Den tilføjede funktion kaldes escape_string_conn() og modtager den -etablerede databaseforbindelse som det første parameter. Den gamle -escape_string() blev bevaret af hensyn til bagudkompatibilitet.

- -

Udviklere, der anvender disse bindinger, opfordres til at ændre deres kode -til at anvende den nye funktion.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.5.4-2+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.7.0-3+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 1.12.1-1.

- -

Vi anbefaler at du opgraderer dine postgresql-ocaml-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1909.data" -#use wml::debian::translation-check translation="9e5a0e697bd0f5533a96534c3e71794b7a3fae5e" mindelta="1" diff --git a/danish/security/2009/dsa-1910.wml b/danish/security/2009/dsa-1910.wml deleted file mode 100644 index 04e4060ef5b..00000000000 --- a/danish/security/2009/dsa-1910.wml +++ /dev/null @@ -1,29 +0,0 @@ -manglende escape-funktion - - -

Man opdagede at mysql-ocaml, OCaml-bindinger til MySql, manglede en funktion -til at kalde mysql_real_escape_string(). Det er nødvendigt da -mysql_real_escape_string() respekterer forbindelsens tegnsæt og forhindrer -utilstrækkelig escaping, når visse multibyte-tegn-indkapslinger anvendes. Den -tilføjede funktion kaldes real_escape() og modtager den etablerede -databaseforbindelse som det første parameter. Den gamle escape_string() blev -bevaret af hensyn til bagudkompatibilitet.

- -

Udviklere, der anvender disse bindinger, opfordres til at ændre deres kode -til at anvende den nye funktion.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.0.4-2+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.4-4+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine mysql-ocaml-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1910.data" -#use wml::debian::translation-check translation="9e5a0e697bd0f5533a96534c3e71794b7a3fae5e" mindelta="1" diff --git a/danish/security/2009/dsa-1911.wml b/danish/security/2009/dsa-1911.wml deleted file mode 100644 index ebafc44f9ce..00000000000 --- a/danish/security/2009/dsa-1911.wml +++ /dev/null @@ -1,29 +0,0 @@ -manglende escape-funktion - - -

Man opdagede at pygresql, et PostgreSQL-modul til Python, manglede en -funktion til at kalde PQescapeStringConn(). Det er nødvendigt da -PQescapeStringConn() respekterer forbindelsens tegnsæt og -forhindrer utilstrækkelig escaping, når visse multibyte-tegn-indkapslinger -anvendes. Den tilføjede funktion kaldes pg_escape_string() og modtager den -etablerede databaseforbindelse som det første parameter. Den gamle -escape_string() blev bevaret af hensyn til bagudkompatibilitet.

- -

Udviklere, der anvender disse bindinger, opfordres til at ændre deres kode -til at anvende den nye funktion.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1:3.8.1-1etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1:3.8.1-3+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 1:4.0-1.

- -

Vi anbefaler at du opgraderer dine pygresql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1911.data" -#use wml::debian::translation-check translation="9e5a0e697bd0f5533a96534c3e71794b7a3fae5e" mindelta="1" diff --git a/danish/security/2009/dsa-1912.wml b/danish/security/2009/dsa-1912.wml deleted file mode 100644 index 0c190009a9a..00000000000 --- a/danish/security/2009/dsa-1912.wml +++ /dev/null @@ -1,25 +0,0 @@ -heltalsoverløb - -

Man opdagede at CamlImages, et open source-billedbehandlingsbibliotek, var -ramt af flere heltalsoverløb, hvilket måske kunne føre til et potentielt -udnytbart heap-overløb og medføre udførelse af vilkårlig kode. Denne bulletin -løser også problemer med at læse TIFF-filer. Desuden udvides en rettelse af -\ -CVE-2009-2660 for at tage højde for et andet potentielt overløb i -behandlingen af JPEG-billeder.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.20-8+etch3.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1:2.2.0-4+lenny3.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din camlimages-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1912.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1913.wml b/danish/security/2009/dsa-1913.wml deleted file mode 100644 index df74c7ab0b0..00000000000 --- a/danish/security/2009/dsa-1913.wml +++ /dev/null @@ -1,21 +0,0 @@ -SQL-indspøjtningssårbarhed - -

Max Kanat-Alexander, Bradley Baetz og Frédéric Buclin opdagede en -SQL-indspøjtningssårbarhed i funktionen Bug.create WebService i Bugzilla, et -webbaseret fejlsporingssystem, hvilket gjorde det muligt for fjernangribere at -udføre vilkårlige SQL-kommandoer.

- -

Den gamle stabile distribution (etch) er ikke påvirket af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i version -3.0.4.1-2+lenny2.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine bugzilla-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1913.data" -#use wml::debian::translation-check translation="908a5e8ecb671929e618239c6fcf8420432a37fe" mindelta="1" diff --git a/danish/security/2009/dsa-1914.wml b/danish/security/2009/dsa-1914.wml deleted file mode 100644 index be79655dd9f..00000000000 --- a/danish/security/2009/dsa-1914.wml +++ /dev/null @@ -1,75 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i mapserver, et CGI-baseret webframework til -offentliggørelse af spatiale data og til interaktive kortapplikationer. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-0843 - -

    Manglende kontrol af inddata på et brugerleveret kort-forespørgselsfilnavn - kunne anvendes af en angriber til at kontrollere for tilstedeværelsen af en - specifik fik, ved at anvende forespørgselsfilens GET-parameter og se efter - forskelle på fejlmeddelelserne.

    • - -
  • CVE-2009-0842 - -

    En manglende kontrol af filtypen ved fortolkning af en kortfil, kunne føre - til delvist afsløring af indhold fra vilkårlige filer, gennem fortolkerens - fejlmeddelelser.

    • - -
  • CVE-2009-0841 - -

    På grund af manglende kontrol af inddata, når kortfiler blev gemt under - visse omstændigheder, var det muligt at udføre mappegennemløbssårbarheder - og oprette vilkårlige filer. - BEMÆRK: Med mindre angriberen har mulighed for at oprette mapper på - billedstien eller der allerede er en læsbar mappe, påvirker dette ikke - installationer på Linux, da fopen()-syscall'et fejler i fald en understi - ikke er læsbar.

    • - -
  • CVE-2009-0839 - -

    Man opdagede at mapserver var sårbar over for et stakbaseret bufferoverløb - når der blev behandlet visse GET-parametre. En angriber kunne anvende dette - til at udføre vilkårlig kode på serveren, gennem fabrikerede - id-parametre.

    • - -
  • CVE-2009-0840 - -

    Et heltalsoverløb førende til et heap-baseret bufferoverløb når - Content-Length-headeren fra en HTTP-forespørgsel blev behandlet, kunne - anvendes af en angriber til at udføre vilkårlig kode gennem fabrikerede - POST-forespørgsler indeholdende negative Content-Length-værdier.

    • - -
  • CVE-2009-2281 - -

    Et heltalsoverløb ved behandling af HTTP-forespørgsler, kunne føre til - et heap-baseret bufferoverløb. En angriber kunne anvende dette til at - udføre vilkårlig kode, enten gennem fabrikerede Content-Length-værdier eller - store HTTP-forespørgsler. Dette skyldes delvist en ufuldstændig rettelse af - CVE-2009-0840.

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 4.10.0-5.1+etch4.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 5.0.3-3+lenny4.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 5.4.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.4.2-1.

- -

Vi anbefaler at du opgraderer dine mapserver-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1914.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1915.wml b/danish/security/2009/dsa-1915.wml deleted file mode 100644 index a6315e9d3e7..00000000000 --- a/danish/security/2009/dsa-1915.wml +++ /dev/null @@ -1,114 +0,0 @@ -rettighedsforøgelse/lammelsesangreb/lækage af følsom hukommelse - - -

Bemærk: Debian 5.0.4, den næste punktopdatering af Debian lenny vil -indeholde en ny standardværdi for mmap_min_addr tunable. Ændringen vil føje en -ekstra sikkerhedsforanstaltning mod en form for sikkerhedssårbarheder kendt som -NULL pointer-dereference-sårbarheder, men den skal overtrumfes når visse -applikationer anvendes. Yderligere oplysninger om denne ændring, herunder -vejledning i at foretage ændringen lokalt forud for 5.0.4 (anbefalet), findes -på: https://wiki.debian.org/mmap_min_addr.

- -

Flere sårbarheder er opdaget i Linux-kernen, hvilket måske kan føre til et -lammelsesangreb (denial of service), lækage af følsom hukommelse eller -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-2695 - -

    Eric Paris stillede flere rettelser til rådighed; de forøger beskyttelsen - som leveres af mmap_min_addr tunable mod NULL - pointer-dereferencesårbarheder.

    • - -
  • CVE-2009-2903 - -

    Mark Smith opdagede en hukommelseslækage i implementeringen af appletalk. - Når appletalk- og ipddp-modulerne er indlæst, men der ikke er fundet nogen - ipddp"N"-enhed, kunne fjernangribere forårsage et lammelsesangreb ved at - forbruge store mængder systemhukommelse.

    • - -
  • CVE-2009-2908 - -

    Loic Minier opdagede et problem i filsystemet eCryptfs. En lokal - bruger kunne forårsage et lammelsesangreb (kerne-oops) ved at få en - dentry-værdi til at blive negativ.

    • - -
  • CVE-2009-2909 - -

    Arjan van de Ven opdagede et problem i implementeringen af - AX.25-protokollen. Et særligt fremstillet kald til setsockopt() kunne - medføre et lammelsesangreb (kerne-oops).

    • - -
  • CVE-2009-2910 - -

    Jan Beulich opdagede eksistensen af en lækage af følsom kernehukommelse. - Systemer, der kører med amd64-kernen, fornuftighedskontrollerer ikke på - korrekt vis registre til 32 bit-processer.

    • - -
  • CVE-2009-3001 - -

    Jiri Slaby rettede et problem med lækage af følsom hukommelse i - implementeringen af ANSI/IEEE 802.2 LLC. Det er ikke udnytbart i Debian - lennys kerne, da root-rettigheder er krævet for at udnytte - problemet.

    • - -
  • CVE-2009-3002 - -

    Eric Dumazet rettede flere problemer med lækage af følsom hukommelse i - implementeringerne af IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN og - Controller Area Network (CAN). Lokale brugere kunne udnytte disse problemer - til at få adgang til kernehukommelse.

    • - -
  • CVE-2009-3286 - -

    Eric Paris opdagede et problem med serverimplementeringen af NFSv4. Når - en O_EXCL-oprettelse mislykkedes, kunne filer blive efterladt med ødelagte - rettigheder, muligvis utilsigtet givende rettigheder til andre lokale - brugere.

    • - -
  • CVE-2009-3290 - -

    Jan Kiszka bemærkede at funktionen kvm_emulate_hypercall i KVM ikke - forhindrede adgang til MMU-hyperkald fra ring 0, hvilket gjorde det muligt - for brugere af lokale gæstestyresystemer at forårsage et lammelsesangreb - (crash af gæstekernen) og læse og skrive kernehukommelse.

    • - -
  • CVE-2009-3613 - -

    Alistair Strachan rapporterede om et problem i r8169-driveren. - Fjernbrugere kunne forårsage et lammelsesangreb (IOMMU-pladsopbrug og - systemcrash) ved at overføre en stor mængde jumbo-frames.

    • - -
- -

I den gamle stabile distribution (etch), vil disse problemer, hvor relevant, -blive rettet i opdateringer til linux-2.6 og linux-2.6.24.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.6.26-19lenny1.

- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- -

Bemærk: Debian holder omhyggeligt rede på alle kendte sikkerhedsproblemer i -alle linux-kernepakker i alle udgivelser med aktiv sikkerhedsunderstøttelse. -Men med den store mængde sikkerhedsproblemer af lav prioritet, der opdages i -kernen og ressourcekravene til at foretage en opdatering taget i betragtning, -vil opdateringer til problemer af lavere sikkerhedsprioritet typisk ikke blive -udgivet til alle kerner på samme tid. I stedet bliver de opsamlet og udgivet i -større klumper.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:

- -
- - -
  Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+19lenny1
- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1915.data" -#use wml::debian::translation-check translation="5011f532637dc7820b79b151eecfda4ab65aa22f" mindelta="1" diff --git a/danish/security/2009/dsa-1916.wml b/danish/security/2009/dsa-1916.wml deleted file mode 100644 index 10549a64c5f..00000000000 --- a/danish/security/2009/dsa-1916.wml +++ /dev/null @@ -1,25 +0,0 @@ -utilstrækkelig kontrol af inddata - -

Dan Kaminsky og Moxie Marlinspike opdagede at kdelibs, kernebibliotekerne fra -den officielle KDE-udgave, ikke på korrekt vis håndterede et \0-tegn i et -domænenavn i feltet Subject Alternative Name i et X.509-certifikat, hvilket -gjorde det muligt for manden i midten-angribere at forfalske vilkårlige -SSL-servere gennem et fabrikeret certifikat udstedt af en legitim -certifikatudstedelsesmyndighed.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 4:3.5.5a.dfsg.1-8etch3.

- -

På grund af en fejl i arkivsystemet, vil rettelsen i den stabile distribution -(lenny), blive udgivet som version 4:3.5.10.dfsg.1-0lenny3, når den er -tilgængelig.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -dette problem rettet i version 4:3.5.10.dfsg.1-2.1.

- -

Vi anbefaler at du opgraderer dine kdelibs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1916.data" -#use wml::debian::translation-check translation="16bb85393c48d20e78fb44c098ff929810d378ce" mindelta="1" diff --git a/danish/security/2009/dsa-1917.wml b/danish/security/2009/dsa-1917.wml deleted file mode 100644 index b80043574f4..00000000000 --- a/danish/security/2009/dsa-1917.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i mimetex, et letvægtsalternativ til MathML. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-1382 - -

    Chris Evans og Damien Miller opdagede flere stakbaserede bufferoverløb. En -angriber kunne udføre vilkårlig kode gennem en TeX-fil med lange picture-, -circle- og input-tags.

    • - -
  • CVE-2009-2459 - -

    Chris Evans opdagede at mimeTeX indeholdt visse direktiver, der kan være -uegnede til håndtering af inddata fra brugere, der ikke er tillid til. En -fjernangriber kunne få adgang til følsomme oplysninger.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 1.50-1+etch1.

- -

På grund af en fejl i arkivsystemet, vil rettelsen i den stabile distribution -(lenny) blive udgivet som version 1.50-1+lenny1, når den er tilgængelig.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -disse problemer rettet i version 1.50-1.1.

- -

Vi anbefaler at du opgraderer dine mimetex-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1917.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1918.wml b/danish/security/2009/dsa-1918.wml deleted file mode 100644 index ad95e80468b..00000000000 --- a/danish/security/2009/dsa-1918.wml +++ /dev/null @@ -1,44 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i phpMyAdmin, et værktøj til -administrering af MySQL via en webbrowser. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-3696 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af websteder - (XSS) gjorde det muligt for fjernangribere at indsprøjte vilkårligt webskript - eller HTML gennem et fabrikeret tabelnavn i MySQL.

    • - -
  • CVE-2009-3697 - -

    En SQL-indsprøjtningssårbarhed i funktionen til genering af PDF-schema'er - gjorde det muligt for fjernangribere at udføre vilkårlige SQL-kommandoer. - Dette problem påvirker ikke versionen i Debian 4.0 etch.

    • - -
- -

Desuden er der tilføjet ekstra beskyttelse i det webbaserede skript -setup.php. Selv om den leverede webserveropsætning burde sikre at skriptet -er beskyttet, har det i praksis vist sig ikke altid at være tilfældet. Filen -config.inc.php er ikke længere skrivbar fra webserverens bruger. Se -README.Debian for detaljerede oplysninger om hvordan man aktiverer skriptet -setup.php, hvis og når der er brug for det.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 2.9.1.1-13.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.11.8.1-5+lenny3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.2.2.1-1.

- -

Vi anbefaler at du opgraderer din phpmyadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1918.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1919.wml b/danish/security/2009/dsa-1919.wml deleted file mode 100644 index 2ac35e49b21..00000000000 --- a/danish/security/2009/dsa-1919.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Smarty, en PHP-skabelonmaskine. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2008-4810 - -

    Funktionen _expand_quoted_text gjorde det muligt at omgå visse - restriktioner i skabeloner, så som funktionskald og PHP-udførelse.

    • - -
  • CVE-2009-1669 - -

    Funktionen smarty_function_math gjorde det muligt for kontektsafhængige - angribere at udføre vilkårlige kommander gennem shell-metategn i - math-funktionens equation-attribut.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 2.6.14-1etch2.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.6.20-1.2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din smarty-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1919.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1920.wml b/danish/security/2009/dsa-1920.wml deleted file mode 100644 index 4431b8f7e0c..00000000000 --- a/danish/security/2009/dsa-1920.wml +++ /dev/null @@ -1,23 +0,0 @@ -lammelsesangreb - -

En lammelsesangrebssårbarhed (denial of service) er fundet i nginx, en lille -og effektiv webserver.

- -

Jasson Bell opdagede at en fjernangriber kunne forårsage et lammelsesangreb -(segmenteringsfejl) ved at sende en fabrikeret forespørgsel.

- -

I den gamle stabile distribution (etch), er dette problem rettet i version -0.4.13-2+etch3.

- -

I den stabile distribution (lenny), er dette problem rettet i version -0.6.32-3+lenny3.

- -

I distributionen testing (squeeze) og i den ustabile (sid) distributions, er -dette problem rettet i version 0.7.62-1.

- -

Vi anbefaler at du opgraderer din nginx-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1920.data" -#use wml::debian::translation-check translation="9f81edbdcc5e66685c84af06d9be292394bdffc0" mindelta="1" diff --git a/danish/security/2009/dsa-1921.wml b/danish/security/2009/dsa-1921.wml deleted file mode 100644 index 05d104936df..00000000000 --- a/danish/security/2009/dsa-1921.wml +++ /dev/null @@ -1,22 +0,0 @@ -lammelsesangreb - - -

Peter Valchev opdagede en fejl i expat, et C-bibliotek til fortolkning af -XML, når der blev fortolket visse UTF-8-sekvenser, hvilket kunne udnyttes til -at få en applikation, der anvender biblioteket, til at gå ned.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.95.8-3.4+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.0.1-4+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine expat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1921.data" -#use wml::debian::translation-check translation="3ae27c94b65fa69581273d1e54f0334c8d6b1864" mindelta="1" diff --git a/danish/security/2009/dsa-1922.wml b/danish/security/2009/dsa-1922.wml deleted file mode 100644 index d1be72ca980..00000000000 --- a/danish/security/2009/dsa-1922.wml +++ /dev/null @@ -1,79 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimmiljø til -XUL-applikationer, så som webbrowseren Iceweasel. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-3380 - -

    Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, - David Keeler og Boris Zbarsky rapporterede om nedbrud i layoutmaskinen, - hvilket måske kunne muliggøre udførelse af vilkårlig kode.

    • - -
  • CVE-2009-3382 - -

    Carsten Book rapporterede om et nedbrud i layoutmaskinen, hvilket måske - kunne muliggøre udførelse af vilkårlig kode.

    • - -
  • CVE-2009-3376 - -

    Jesse Ruderman og Sid Stamm opdagede en forfalskningssårbarhed i dialogen - til download af filer.

    • - -
  • CVE-2009-3375 - -

    Gregory Fleischer en omgåelse af samme ophav-reglen, når funktionen - document.getSelection() anvendtes.

    • - -
  • CVE-2009-3374 - -

    moz_bug_r_a4 opdagede en rettighedsforøgelse til Chrome-status i - XPCOM-værktøjet XPCVariant::VariantDataToJS.

    • - -
  • CVE-2009-3373 - -

    regenrecht opdagede et bufferoverløb i GIF-fortolkeren, hvilket - måske kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2009-3372 - -

    Marco C. opdagede at en programmeringsfejl i proxy-autoopsætningskoden - måske kunne føre til lammelsesangreb (denial of service) eller udførelse af - vilkårlig kode.

    • - -
  • CVE-2009-3274 - -

    Jeremy Brown opdagede at filnavnet på en downloadet fil, der åbnes af - brugeren, var forudsigeligt, hvilket måske kunne føre til at brugeren blev - narret ind i en ondsindet fremstillet fil, hvis angriberen har lokal adgang - til systemet.

    • - -
  • CVE-2009-3370 - -

    Paul Stone opdagede at historikoplysninger fra webformularer kunne - stjæles.

    • - -
- - -

I den stabile distribution (lenny), er disse problemer rettet -i version 1.9.0.15-0lenny1.

- -

Som angivet i udgivelsesbemærkningerne til -etch, -var det nødvendigt at lade sikkerhedsunderstøttelsen til Mozilla-produkter -ophøre i den gamle stabile distribution, før ophøret af den generelle -sikkerhedsunderstøttelse af etch. Du opfordres kraftigt til at opgradere til -den stabile distribution eller skifte til en stadig understøttet browser.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.1.4-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1922.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1923.wml b/danish/security/2009/dsa-1923.wml deleted file mode 100644 index 7021beb5f5a..00000000000 --- a/danish/security/2009/dsa-1923.wml +++ /dev/null @@ -1,26 +0,0 @@ -lammelsesangreb - -

En lammelsesangrebssårbarhed (denial of service) er fundet i -libhtml-parser-perl, en samling moduler til at fortolke HTML i tekstdokumenter, -som anvendes af flere andre projekter så som SpamAssassin.

- -

Mark Martinec opdagede at funktionen decode_entities() kom i en uendelig -løkke, når den fortolkede visse HTML-entiteter med ugyldige UTF-8-tegn. En -angriber kunne anvende dette til at udføre lammelsesangreb, ved at sende -fabrikeret HTML til en applikaiton, som anvender funktionaliteten.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 3.55-1+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.56-1+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile (sid) distribution, vil -problemet snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libhtml-parser-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1923.data" -#use wml::debian::translation-check translation="b295e340d28f3b565124a22d04417585a3788cc7" mindelta="1" diff --git a/danish/security/2009/dsa-1924.wml b/danish/security/2009/dsa-1924.wml deleted file mode 100644 index 05367275912..00000000000 --- a/danish/security/2009/dsa-1924.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

To sårbarheder er opdaget i mahara, et elektronisk portfolio-, weblog- og -CV-program. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2009-3298 - -

    Ruslan Kabalin opdagede et problem med at nulstille adgangskoder, hvilket -kunne føre til rettighedsforøgelse af en institutionel -administratorkonto.

    • - -
  • CVE-2009-3299 - -

    Sven Vetsch opdagede en sårbarhed i forbindelse med udførelse af skripter på -tværs af webstedet gennem CV-felterne.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.0.4-4+lenny4.

- -

Den gamle stabile distribution (etch) indeholder ikke mahara.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine mahara-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1924.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1925.wml b/danish/security/2009/dsa-1925.wml deleted file mode 100644 index f1a97214948..00000000000 --- a/danish/security/2009/dsa-1925.wml +++ /dev/null @@ -1,25 +0,0 @@ -utilstrækkelig kontrol af inddata - -

Man opdagede at proftpd-dfsg, en virtuel hosting-ftp-dæmon, ikke på korrekt -vis håndterede et '\0'-tegn i et domænenavn i feltet Subject Alternative Name i -et X.509-klientcertifikat, når TLS-valgmuligheden dNSNameRequired var -aktiveret.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.3.1-17lenny4.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.3.0-19etch3.

- -

Binære filer til amd64-arkitekturen vil blive udgivet, når de er -tilgængelige.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 1.3.2a-2.

- -

Vi anbefaler at du opgraderer dine proftpd-dfsg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1925.data" -#use wml::debian::translation-check translation="299a73094a8679c55579acac791ee934866a308c" mindelta="1" diff --git a/danish/security/2009/dsa-1926.wml b/danish/security/2009/dsa-1926.wml deleted file mode 100644 index f4c27f398af..00000000000 --- a/danish/security/2009/dsa-1926.wml +++ /dev/null @@ -1,83 +0,0 @@ -flere sårbarheder - - -

Flere fjernudnytbare sårbarheder er opdaget i TYPO3, et framework til -håndtering af webindhold. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-3628 - -

    Backend-subkomponenten gjorde det muligt for fjernautentificerede brugere - at finde en krypteringsnøgle gennem fabrikeret inddata til et - formularfelt.

    • - -
  • CVE-2009-3629 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (XSS) i Backend-subkomponenten gjorde det muligt for - fjernautentificerede brugere at indsprøjte vilkårligt webskript eller - HTML.

    • - -
  • CVE-2009-3630 - -

    Backend-subkomponenten gjorde det muligt for fjernautentificerede - brugere at placere vilkårlige websteder i TYPO3-backendframeset gennem - fabrikerede parametre.

    • - -
  • CVE-2009-3631 - -

    Backend-subkomponenten, når DAM-udvidelsen eller ftp-upload er aktiveret, - gjorde det muligt for fjernautentificerede brugere at udføre vilkårlige - kommandoer gennem shell-metategn i et filnavn.

    • - -
  • CVE-2009-3632 - -

    En SQL-indsprøjtningssårbarhed i den traditionelle - frontendredigeringsfaciltiet i Frontend Editing-subkomponenten gjorde det - muligt for fjernautentificerede brugere at udføre vilkårlige - SQL-kommandoer.

    • - -
  • CVE-2009-3633 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (XSS) gjorde det muligt for fjernangribere at indsprøjte - vilkårligt webskript.

    • - -
  • CVE-2009-3634 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (XSS) i Frontend Login Box-subkomponenten (alias felogin) gjorde - det muligt for fjernangribere at indsprøjte vilkårlig webskript eller - HTML.

    • - -
  • CVE-2009-3635 - -

    Install Tool-subkomponenten gjorde det muligt for fjernangribere at få - adgang ved kun at anvende adgangskodens md5-hash som - loginoplysning.

    • - -
  • CVE-2009-3636 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (XSS) i Install Tool-subkomponenten gjorde det muligt for - fjernangribere at indsprøjte vilkårligt webskript eller HTML.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet -i version 4.0.2+debian-9.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 4.2.5-1+lenny2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.2.10-1.

- -

Vi anbefaler at du opgraderer din typo3-src-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1926.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1927.wml b/danish/security/2009/dsa-1927.wml deleted file mode 100644 index 316175b5a89..00000000000 --- a/danish/security/2009/dsa-1927.wml +++ /dev/null @@ -1,90 +0,0 @@ -rettighedsforøgelse/lammelsesangreb/lækage af følsom hukommelse - - -

Bemærk: Debian 5.0.4, den næste punktopdatering af Debian lenny vil -indeholde en ny standardværdi for mmap_min_addr tunable. Ændringen vil give en -ekstra sikkerhedsforanstaltning mod en form for sikkerhedssårbarheder kendt som -NULL pointer-dereference-sårbarheder, men den skal overtrumfes når visse -applikationer anvendes. Yderligere oplysninger om denne ændring, herunder -vejledning i at foretage ændringen lokalt forud for 5.0.4 (anbefalet), findes -på: https://wiki.debian.org/mmap_min_addr.

- -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til -lammelsesangreb (denial of service), lækage af følsom hukommelse eller -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-3228 - -

    Eric Dumazet rapporterede om en situation med uinitialiseret - kernehukommelse i netværkspakkescheduleren. Lokale brugere kunne måske - udnytte problemet til at læse indholdet af følsom kernehukommelse.

    • - -
  • CVE-2009-3238 - -

    Linus Torvalds leverede en ændring til funktionen get_random_int() for - at forøge dens tilfældighedsgenerering.

    • - -
  • CVE-2009-3547 - -

    Earl Chew opdagede et NULL-pointerdereferenceproblem i funktionen - pipe_rdwr_open, hvilket kunne anvendes af lokale brugere til at opnå - forøgede rettigheder.

    • - -
  • CVE-2009-3612 - -

    Jiri Pirko opdagede en slåfejl i initialiseringen af en struktur i - netlink-undersystemet, hvilket måske kunne gøre det muligt for lokale - brugere at få adgang til følsom kernehukommelse.

    • - -
  • CVE-2009-3620 - -

    Ben Hutchings opdagede et problem i DRM-manageren til ATI Rage - 128-grafikkort. Lokale brugere kunne måske udnytte sårbarheden til at - forårsage et lammelsesangreb (NULL-pointerdereference).

    • - -
  • CVE-2009-3621 - -

    Tomoki Sekiyama opdagede en deadlock-tilstand i implementeringen af - UNIX-domainsocket. Lokale brugere kunne udnytte sårbarheden til at - forårsage et lammelsesangreb (hængende system).

    • - -
  • CVE-2009-3638 - -

    David Wagner rapporterede om et overløb i KVM-undersystemet på - i386-systemer. Problemet var udnytbart af lokale brugere med adgang til - enhedsfilen /dev/kvm.

    • - -
- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.6.26-19lenny2.

- -

I den gamle stabile distribution (etch), vil disse problemer, hvor relevant, -blive rettet i opdateringer til linux-2.6 og linux-2.6.24.

- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- -

Bemærk: Debian holder omhyggeligt rede på alle kendte sikkerhedsproblemer i -alle linux-kernepakker i alle udgivelser med aktiv sikkerhedsunderstøttelse. -Men med den store mængde sikkerhedsproblemer af lav prioritet, der opdages i -kernen og ressourcekravene til at foretage en opdatering taget i betragtning, -vil opdateringer til problemer af lavere sikkerhedsprioritet typisk ikke blive -udgivet til alle kerner på samme tid. I stedet bliver de opsamlet og udgivet i -større klumper.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:

- -
- - -
  Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+19lenny2
- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1927.data" -#use wml::debian::translation-check translation="5011f532637dc7820b79b151eecfda4ab65aa22f" mindelta="1" diff --git a/danish/security/2009/dsa-1928.wml b/danish/security/2009/dsa-1928.wml deleted file mode 100644 index 0dff84cde8a..00000000000 --- a/danish/security/2009/dsa-1928.wml +++ /dev/null @@ -1,141 +0,0 @@ -rettighedsforøgelse/lammelsesangreb/lækage af følsom hukommelse - - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til -lammelsesangreb (denial of service), lækage af følsom hukommelse eller -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-2846 - -

    Michael Buesch bemærkede et typing-problem i eisa-eeprom-driveren til - hppa-arkitekturen. Lokale brugere kunne udnytte problemet til at få - adgang til hukommelse med begrænset adgang.

    • - -
  • CVE-2009-2847 - -

    Ulrich Drepper bemærkede et problem i rutinen do_sigalstack routine på - 64 bit-systemer. Problemet gjorde det muligt for lokale brugere at få - adgang til potentielt følsom hukommelse på kernestakken.

    • - -
  • CVE-2009-2848 - -

    Eric Dumazet opdagede et problem i execve-stien, hvor variablen - clear_child_tid ikke blev tømt på korrekt vis. Lokale brugere kunne udnytte - problemet til at forårsage lammelsesangreb (hukommelseskorruption).

    • - -
  • CVE-2009-2849 - -

    Neil Brown opdagede et problem i sysfs-grænsefladen til md-enheder. Når - md-arrays ikke var aktive, kunne lokale brugere udnytte sårbarheden til at - forårsage lammelsesangreb (oops).

    • - -
  • CVE-2009-2903 - -

    Mark Smith opdagede en hukommelseslækage i implementeringen af appletalk. - Når appletalk- og ipddp-modulerne er indlæst, men der ikke er fundet nogen - ipddp"N"-enhed, kunne fjernangribere forårsage et lammelsesangreb ved at - forbruge store mængder systemhukommelse.

    • - -
  • CVE-2009-2908 - -

    Loic Minier opdagede et problem i filsystemet eCryptfs. En lokal - bruger kunne forårsage et lammelsesangreb (kerne-oops) ved at få en - dentry-værdi til at blive negativ.

    • - -
  • CVE-2009-2909 - -

    Arjan van de Ven opdagede et problem i implementeringen af - AX.25-protokollen. Et særligt fremstillet kald til setsockopt() kunne - medføre et lammelsesangreb (kerne-oops).

    • - -
  • CVE-2009-2910 - -

    Jan Beulich opdagede eksistensen af en lækage af følsom kernehukommelse. - Systemer, der kører med amd64-kernen, fornuftighedskontrollerer ikke på - korrekt vis registre til 32 bit-processer.

    • - -
  • CVE-2009-3001 - -

    Jiri Slaby rettede et problem med lækage af følsom hukommelse i - implementeringen af ANSI/IEEE 802.2 LLC. Det er ikke udnytbart i Debian - lennys kerne, da root-rettigheder er krævet for at udnytte - problemet.

    • - -
  • CVE-2009-3002 - -

    Eric Dumazet rettede flere problemer med lækage af følsom hukommelse i - implementeringerne af IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN og - Controller Area Network (CAN). Lokale brugere kunne udnytte disse problemer - til at få adgang til kernehukommelse.

    • - -
  • CVE-2009-3228 - -

    Eric Dumazet rapporterede om en situation med uinitialiseret - kernehukommelse i netværkspakkescheduleren. Lokale brugere kunne måske - udnytte problemet til at læse indholdet af følsom kernehukommelse.

    • - -
  • CVE-2009-3238 - -

    Linus Torvalds leverede en ændring til funktionen get_random_int() for - at forøge dens tilfældighedsgenerering.

    • - -
  • CVE-2009-3286 - -

    Eric Paris opdagede et problem med serverimplementeringen af NFSv4. Når - en O_EXCL-oprettelse mislykkedes, kunne filer blive efterladt med ødelagte - rettigheder, muligvis utilsigtet givende rettigheder til andre lokale - brugere.

    • - -
  • CVE-2009-3547 - -

    Earl Chew opdagede et NULL-pointerdereferenceproblem i funktionen - pipe_rdwr_open, hvilket kunne anvendes af lokale brugere til at opnå - forøgede rettigheder.

    • - -
  • CVE-2009-3612 - -

    Jiri Pirko opdagede en slåfejl i initialiseringen af en struktur i - netlink-undersystemet, hvilket måske kunne gøre det muligt for lokale - brugere at få adgang til følsom kernehukommelse.

    • - -
  • CVE-2009-3613 - -

    Alistair Strachan rapporterede om et problem i r8169-driveren. - Fjernbrugere kunne forårsage et lammelsesangreb (IOMMU-pladsopbrug og - systemcrash) ved at overføre en stor mængde jumbo-frames.

    • - -
  • CVE-2009-3620 - -

    Ben Hutchings opdagede et problem i DRM-manageren til ATI Rage - 128-grafikkort. Lokale brugere kunne måske udnytte sårbarheden til at - forårsage et lammelsesangreb (NULL-pointerdereference).

    • - -
  • CVE-2009-3621 - -

    Tomoki Sekiyama opdagede en deadlock-tilstand i implementeringen af - UNIX-domainsocket. Lokale brugere kunne udnytte sårbarheden til at - forårsage et lammelsesangreb (hængende system).

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.6.24-6~etchnhalf.9etch1.

- -

Vi anbefaler at du opgraderer dine linux-2.6.24-pakker.

- -

Bemærk: Debian etch indeholder linux-kernepakker baseret på både -Linux-udgivelserne 2.6.18 og 2.6.24. Alle kendte kendte sikkerhedsproblemer -holdes der omhyggeligt rede på i begge pakker, og begge pakker vil modtage -sikkerhedsopdateringer indtil sikkerhedsunderstøttelsen af Debian etch ophører. -Men den store mængde sikkerhedsproblemer af lav prioritet, der opdages i kernen -og ressourcekravene til at foretage en opdatering, taget i betragtning, vil -problemer af lavere sikkerhedsprioritet typisk blive udgivet til 2.6.18 og -2.6.24 udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1928.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1929.wml b/danish/security/2009/dsa-1929.wml deleted file mode 100644 index e3f09940e76..00000000000 --- a/danish/security/2009/dsa-1929.wml +++ /dev/null @@ -1,102 +0,0 @@ -rettighedsforøgelse/lammelsesangreb/lækage af følsom hukommelse - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til -lammelsesangreb (denial of service), lækage af følsom hukommelse eller -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-1883 - -

    Solar Designer discovered a missing capability check in the - z90crypt driver or s390 systems. This vulnerability may allow - a local user to gain elevated privileges.

    • - -
  • CVE-2009-2909 - -

    Arjan van de Ven opdagede et problem i implementeringen af - AX.25-protokollen. Et særligt fremstillet kald til setsockopt() kunne - medføre et lammelsesangreb (kerne-oops).

    • - -
  • CVE-2009-3001 - -

    Jiri Slaby rettede et problem med lækage af følsom hukommelse i - implementeringen af ANSI/IEEE 802.2 LLC. Det er ikke udnytbart i Debian - lennys kerne, da root-rettigheder er krævet for at udnytte - problemet.

    • - -
  • CVE-2009-3002 - -

    Eric Dumazet rettede flere problemer med lækage af følsom hukommelse i - implementeringerne af IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN og - Controller Area Network (CAN). Lokale brugere kunne udnytte disse problemer - til at få adgang til kernehukommelse.

    • - -
  • CVE-2009-3228 - -

    Eric Dumazet rapporterede om en situation med uinitialiseret - kernehukommelse i netværkspakkescheduleren. Lokale brugere kunne måske - udnytte problemet til at læse indholdet af følsom kernehukommelse.

    • - -
  • CVE-2009-3238 - -

    Linus Torvalds leverede en ændring til funktionen get_random_int() for - at forøge dens tilfældighedsgenerering.

    • - -
  • CVE-2009-3286 - -

    Eric Paris opdagede et problem med serverimplementeringen af NFSv4. Når - en O_EXCL-oprettelse mislykkedes, kunne filer blive efterladt med ødelagte - rettigheder, muligvis utilsigtet givende rettigheder til andre lokale - brugere.

    • - -
  • CVE-2009-3547 - -

    Earl Chew opdagede et NULL-pointerdereferenceproblem i funktionen - pipe_rdwr_open, hvilket kunne anvendes af lokale brugere til at opnå - forøgede rettigheder.

    • - -
  • CVE-2009-3612 - -

    Jiri Pirko opdagede en slåfejl i initialiseringen af en struktur i - netlink-undersystemet, hvilket måske kunne gøre det muligt for lokale - brugere at få adgang til følsom kernehukommelse.

    • - -
  • CVE-2009-3621 - -

    Tomoki Sekiyama opdagede en deadlock-tilstand i implementeringen af - UNIX-domainsocket. Lokale brugere kunne udnytte sårbarheden til at - forårsage et lammelsesangreb (hængende system).

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.6.18.dfsg.1-26etch1.

- -

Vi anbefaler at du opgraderer dine linux-2.6-, fai-kernels- og -user-mode-linux-pakker.

- -

Bemærk: Debian etch indeholder linux-kernepakker baseret på både -Linux-udgivelserne 2.6.18 og 2.6.24. Alle kendte kendte sikkerhedsproblemer -holdes der omhyggeligt rede på i begge pakker, og begge pakker vil modtage -sikkerhedsopdateringer indtil sikkerhedsunderstøttelsen af Debian etch ophører. -Men den store mængde sikkerhedsproblemer af lav prioritet, der opdages i kernen -og ressourcekravene til at foretage en opdatering, taget i betragtning, vil -problemer af lavere sikkerhedsprioritet typisk blive udgivet til 2.6.18 og -2.6.24 udgivet i større klumper.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:

- -
- - - -
  Debian 4.0 (etch)
fai-kernels 1.17+etch.26etch1
user-mode-linux 2.6.18-1um-2etch.26etch1
- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1929.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1930.wml b/danish/security/2009/dsa-1930.wml deleted file mode 100644 index 25c44825de2..00000000000 --- a/danish/security/2009/dsa-1930.wml +++ /dev/null @@ -1,48 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i drupal6, et komplet framework til -indholdshåndtering. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-2372 - -

    Gerhard Killesreiter opdagede en fejl i de måde, brugersignaturer blev -håndteret på. Det var muligt for en bruger, at indsprøjte vilkårlig kode gennem -en fabrikeret brugersignatur. (SA-CORE-2009-007)

    • - -
  • CVE-2009-2373 - -

    Mark Piper, Sven Herrmann og Brandon Knight opdagede i forummodulet en -sårbarhed i forbindelse med udførelse af skripter på tværs af websteder, -hvilket kunne udnyttes gennem tid-parameteret. (SA-CORE-2009-007)

    • - -
  • CVE-2009-2374 - -

    Sumit Datta opdagede at visse drupal6-sider lækkede følsomme oplysninger så -som brugeroplysninger. (SA-CORE-2009-007)

    • - -
- -

Flere designfejl i OpenID-modulet er rettet, hvilke kunne have ført til -forespørgselsforfalskninger på tværs af websteder eller rettighedsforøgelse. -Desuden behandlede filoplægningsfunktionen ikke alle udvidelser på korrekt vis, -hvilket muligvis kunne føre til udførelse af vilkårlig kode. -(SA-CORE-2009-008)

- -

Den gamle stabile distribution (etch) indeholder ikke drupal6.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 6.6-3lenny3.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 6.14-1.

- -

Vi anbefaler at du opgraderer dine drupal6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1930.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1931.wml b/danish/security/2009/dsa-1931.wml deleted file mode 100644 index 935c2eee14a..00000000000 --- a/danish/security/2009/dsa-1931.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i NetScape Portable Runtime Library, hvilket -måske kunne føre til udførelse af vilkårlig kode. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-1563 - -

    En programmingsfejl i strenghåndteringskoden kunne måske føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2009-2463 - -

    Et heltalsoverløb i Base64-dekodningsfunktionerne kunne måske føre til - udførelse af vilkårlig kode.

    • - -
- -

Den gamle stabile distribution (etch) indeholder ikke nspr.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 4.7.1-5.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 4.8.2-1.

- -

Vi anbefaler at du opgraderer dine NSPR-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1931.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1932.wml b/danish/security/2009/dsa-1932.wml deleted file mode 100644 index eb76c2245b0..00000000000 --- a/danish/security/2009/dsa-1932.wml +++ /dev/null @@ -1,19 +0,0 @@ -programmeringsfejl - -

Man opdagede at ukorrekt pointerhåndtering i biblioteket purple, som er en -intern komponent i flerprotokolschatklienten Pidgin, kunne føre til -lammelsesangreb (denial of service) eller udførelse af vilkårlig kode gennem -misdannede kontaktforespørgsler.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.4.3-4lenny5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.6.3-1.

- -

Vi anbefaler at du opgraderer din pidgin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1932.data" -#use wml::debian::translation-check translation="f3e2cfe6e8da335570f4902d7152b44f9b052c39" mindelta="1" diff --git a/danish/security/2009/dsa-1933.wml b/danish/security/2009/dsa-1933.wml deleted file mode 100644 index 6017777e3eb..00000000000 --- a/danish/security/2009/dsa-1933.wml +++ /dev/null @@ -1,22 +0,0 @@ -manglende kontrol af inddata - - -

Aaron Siegel opdagede at cups webgrænsefladen, Common UNIX Printing System, -var sårbar over for angreb i forbindelse med udførelse af skripter på tværs af -websteder.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.2.7-4+etch9.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.3.8-1+lenny7.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1933.data" -#use wml::debian::translation-check translation="726071ba5137befff2cad2feb252a3a1374765e3" mindelta="1" diff --git a/danish/security/2009/dsa-1934.wml b/danish/security/2009/dsa-1934.wml deleted file mode 100644 index a2cb201c2da..00000000000 --- a/danish/security/2009/dsa-1934.wml +++ /dev/null @@ -1,71 +0,0 @@ -flere problemer - - -

En designfejl er opdaget i TLS- og SSL-protokollen, hvilket gjorde det -muligt for en angriber at indsprøjte vilkårligt indhold i begyndelsen af en -TLS-/SSL-forbindelse. Angrebet har med den måde, hvorved TLS og SSL håndterer -sessionsgenforhandlinger at gøre. -\ -CVE-2009-3555 er blevet tildelt denne sårbarhed.

- -

Som en delvis sikring mod dette angreb, deaktiverer denne apache2-opdatering -klientaktiverede genforhandlinger. Det burde rette sårbarheden i størstedelen -af de anvendte Apache-opsætninger.

- -

BEMÆRK: Der er ikke tale om en komplet rettelse af problemet. Angrebet er -stadig muligt i opsætninger, hvor serveren aktiverer genforhandlingen. Det er -tilfældet ved følgende opsætninger (oplysningerne i changelog'en hørende til de -opdaterede pakker er en smule ukorrekt)):

- -
    -
  • Direktivet SSLVerifyClient anvendes i en Directory- eller Location-kontekst.
    • -
  • Direktivet SSLCipherSuite anvendes i en Directory- eller Location-kontekst.
    • -
- -

Som en omgåelse af problemet, kan du ændre din opsætning på en sådan måde, at -SSLVerifyClient og SSLCipherSuite kan anvendes på server eller virtual -host-niveau.

- -

En komplet rettelse af problemet vil kræve en protokolændring. Yderligere -oplysninger vil være indeholdt i en separat bulletin om problemet.

- -

Desuden retter denne opdatering følgende problemer i Apaches -mod_proxy_ftp:

- -
    - -
  • CVE-2009-3094 -

    Utilstrækkelig kontrol af inddata i modulet mod_proxy_ftp, gjorde det muligt -for fjerne ftp-servere at forårsage et lammelsesangreb (NULL-pointerdereference og -child-proces-nedbrud) gennem et misdannet svar til en EPSV-kommando.

    • - -
  • CVE-2009-3095 -

    Utilstrækkelig kontrol af inddata i modulet mod_proxy_ftp, gjorde det muligt -for fjerne autentificerede angribere at omgå tilsigtede adgangsbegrænsninger og -sende vilkårlige ftp-kommandoer til en ftp-server.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 2.2.3-4+etch11.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.2.9-10+lenny6. Versionen indeholder også nogle -ikke-sikkerhedsrelaterede fejlrettelser, der var planlagt til at blive medtaget -i den næste stabile punktopdatering (Debian 5.0.4).

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil disse problemer blive rettet i version 2.2.14-2.

- -

Sammen med denne bulletin udsendes også opdaterede apache2-mpm-itk-pakker, -der er blevet genkompileret mod de nye apache2-pakker.

- -

Opdaterede apache2-mpm-itk-pakker til armel-arkitekturen er endnu ikke parate. -De vil blive udgivet så snart de er tilgængelige.

- -

Vi anbefaler at du opgraderer dine apache2- og apache2-mpm-itk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1934.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1935.wml b/danish/security/2009/dsa-1935.wml deleted file mode 100644 index 945e925310e..00000000000 --- a/danish/security/2009/dsa-1935.wml +++ /dev/null @@ -1,31 +0,0 @@ -flere sårbarheder - - -

Dan Kaminsky og Moxie Marlinspike opdagede at gnutls, en implementering af -TLS-/SSL-protokollen, ikke på korrekt vis håndterede \0-tegn i et -domænenavn i emnets Common Name- eller Subject Alternative Name-felt (SAN) i et -X.509-certifikat, hvilket tillod manden i midten-angreb i forbindelse med -forfalskning af vilkårlig SSL-servere gennem et fabrikeret certifikat udstedt af -en legitim Certification Authority. -(CVE-2009-2730)

- -

Desuden accepteres der fra og med denne opdatering ikke certifikater med -MD2 hash-signaturer, da de ikke længere anses for at være kryptografisk sikre. -Det påvirker kun den gamle stabile distribution (etch). -(CVE-2009-2409)

- -

I den gamle stabile distribution (etch), er disse problemer rettet i version -1.4.4-3+etch5 af gnutls13.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -2.4.2-6+lenny2 af gnutls26.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er disse problemer rettet i version 2.8.3-1 af gnutls26.

- -

Vi anbefaler at du opgraderer dine gnutls13/gnutls26-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1935.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1936.wml b/danish/security/2009/dsa-1936.wml deleted file mode 100644 index 1d781834038..00000000000 --- a/danish/security/2009/dsa-1936.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i libgd2, et bibliotek til programmatisk -fremstilling og behandling af grafik. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2007-0455 - -

    Kees Cook opdagede et bufferoverløb i libgd2's skrifttyperenderer. En - angriber kunne forårsage lammelsesangreb (applikationsnedbrud) og muligvis - udføre vilkårlig kode gennem en fabrikeret streng med en JIS-indkapslet - skrifttype. Problemer påvirker kun den gamle stabile distribution - (etch).

    • - -
  • CVE-2009-3546 - -

    Tomas Hoger opdagede en grænsefejl i funktionen _gdGetColors(). En - angriber kunne iværksætte bufferoverløbs- eller bufferoverskrivningsangreb - gennem en fabrikeret GD-fil.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 2.0.33-5.2etch2.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.0.36~rc1~dfsg-3+lenny1.

- -

I den kommende stabile distribution (squeeze) og i den ustabile -distribution (sid), er disse problemer rettet i version -2.0.36~rc1~dfsg-3.1.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1936.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1937.wml b/danish/security/2009/dsa-1937.wml deleted file mode 100644 index 88c90d08f0c..00000000000 --- a/danish/security/2009/dsa-1937.wml +++ /dev/null @@ -1,24 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Man opdagede at gforge, et værktøj til udvikling i fællesskab, var sårbar -over for angreb i forbindelse med udførelse af skripter på tværs af websteder -via helpname-parameteret. Ud over at have rettet dette problem, indeholder -opdateringen yderligere fornuftighedskontrol af inddata, som der dog ikke er -nogen kendte angrebsvinkler for.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 4.5.14-22etch12.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 4.7~rc2-7lenny2.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 4.8.1-3.

- -

Vi anbefaler at du opgraderer dine gforge-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1937.data" -#use wml::debian::translation-check translation="6a3df30d9d68970fc8f1cffd3c3ad8a2b7beb637" mindelta="1" diff --git a/danish/security/2009/dsa-1938.wml b/danish/security/2009/dsa-1938.wml deleted file mode 100644 index 7fdcdaca8bb..00000000000 --- a/danish/security/2009/dsa-1938.wml +++ /dev/null @@ -1,23 +0,0 @@ -programmeringsfejl - -

Man opdagede at php-mail, et PHP PEAR-modul til afsendelse af e-mail, havde -utilstrækkelig fornuftighedskontrol af inddata, hvilket måske kunne bruges til -at få adgang til følsomme oplysninger fra systemet, der anvender php-mail.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.1.6-2+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.1.14-1+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.14-2.

- -

Vi anbefaler at du opgraderer dine php-mail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1938.data" -#use wml::debian::translation-check translation="ab568f1256502deb091c61a4918c00a0d3353e72" mindelta="1" diff --git a/danish/security/2009/dsa-1939.wml b/danish/security/2009/dsa-1939.wml deleted file mode 100644 index 545a6c17a62..00000000000 --- a/danish/security/2009/dsa-1939.wml +++ /dev/null @@ -1,23 +0,0 @@ -flere sårbarheder - -

Lucas Adamski, Matthew Gregan, David Keeler og Dan Kaminsky opdagede at -libvorbis, et bibliotek til Vorbis' kompressions audiocodec til alle formål, -ikke på korrekt vis håndterede visse misdannede ogg-filer. En angriber kunne -forårsage et lammelsesangreb (hukommelseskorruption og applikationsnedbrud) -eller muligvis udføre vilkårlig kode gennem en fabrikeret .ogg-fil.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 1.1.2.dfsg-1.4+etch1.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.2.0.dfsg-3.1+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 1.2.3-1

- -

Vi anbefaler at du opgraderer dine libvorbis-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1939.data" -#use wml::debian::translation-check translation="75ed0a32fb67fa252eb1079f463b5c90d72265f1" mindelta="1" diff --git a/danish/security/2009/dsa-1940.wml b/danish/security/2009/dsa-1940.wml deleted file mode 100644 index f4e2a6f1dc4..00000000000 --- a/danish/security/2009/dsa-1940.wml +++ /dev/null @@ -1,69 +0,0 @@ -flere problemer - -

Flere fjernudnytbare sårbarheder er opdaget i hypertekst-præbehandleren -PHP 5. Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -

Følgende problemer er rettet i både den stabile (lenny) og i den gamle -stabile (etch) distribution: - -

    - -
  • CVE-2009-2687 - CVE-2009-3292 - -

    exif-modulet håndterede ikke på korrekt vis misdannede jpeg-filer, - hvilket gjorde det muligt for en angriber at forårsage en segmenteringsfejl, - medførende et lammelsesangreb (denial of service).

    • - - -
  • CVE-2009-3291 - -

    Funktionen php_openssl_apply_verification_policy() udførte ikke på - korrekt vis certifikatvaldering.

    • - - -
  • Endnu ingen CVE-id. - -

    Bogdan Calin opdagede at en fjernangriber kunne forårsage et - lammelsesangreb ved at oplægge et stort antal filer ved at anvende - multipart/form-data-forespørgsler, hvilket medførte oprettelsen af et stort - antal midlertidige filer.

    - -

    For at løse problemet, er valgmuligheden max_file_uploads, indført - i PHP 5.3.1, blevet tilbageført. Valgmuligheden begrænser det maksimale - antal filer, som kan oplægges pr. forespørgsel. Standardværdien er sat til - 50. Se NEWS.Debian for flere oplysninger.

    • - -
- -

Følgende problem er rettet i den stabile (lenny) distribution:

- -
    -
  • CVE-2009-2626 - -

    En fejl i funktionen ini_restore(), kunne føre til hukommelsesafsløring, - muligvis medførende afsløring af følsommme data.

    • - -
- -

I den gamle stabile (etch) distribution, retter denne opdatering også en -regression, som opstod i forbindelse med rettelsen af -CVE-2008-5658 -i DSA-1789-1 (fejl nummer 527560).

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 5.2.6.dfsg.1-1+lenny4.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 5.2.0+dfsg-8+etch16.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil disse problemer blive rettet i version 5.2.11.dfsg.1-2.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1940.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1941.wml b/danish/security/2009/dsa-1941.wml deleted file mode 100644 index 036d4374c02..00000000000 --- a/danish/security/2009/dsa-1941.wml +++ /dev/null @@ -1,21 +0,0 @@ -flere sårbarheder - -

Flere heltalsoverløb, bufferoverløb og hukommelsesallokeringsfejl er opdaget -i Poppler, et bibliotek til PDF-rendering, hvilket måske kunne føre til -lammelsesangreb (denial of service) eller udførelse af vilkårlig kode, hvis en -bruger blev narret til at åbne et misdannet PDF-dokument.

- -

En opdatering til den gamle stabile distribution (etch), vil snart blive -frigivet som version 0.4.5-5.1etch4.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 0.8.7-3.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine poppler-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1941.data" -#use wml::debian::translation-check translation="f78f9e9fd6728a525fa3a8046597c8a3f20465ed" mindelta="1" diff --git a/danish/security/2009/dsa-1942.wml b/danish/security/2009/dsa-1942.wml deleted file mode 100644 index 0bb638ffb58..00000000000 --- a/danish/security/2009/dsa-1942.wml +++ /dev/null @@ -1,48 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Wireshark, et program til -analysering af netværkstrafik, hvilket måske kunne føre til udførelse af -vilkårlig kode eller lammelsesangreb (denial of service). Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-2560 - -

    En NULL-pointerdereference blev fundet i RADIUS-dissektoren.

    • - -
  • CVE-2009-3550 - -

    En NULL-pointerdereference blev fundet DCERP/NT-dissektoren.

    • - -
  • CVE-2009-3829 - -

    Et heltalsoverløb blev opdageti ERF-fortolkeren.

    • - -
- -

Denne opdatering indeholder også rettelser af tre mindre problemer -(CVE-2008-1829, -CVE-2009-2562, -CVE-2009-3241), -der var planlagt til medtagelse i den næste punktopdatering af den stabile -distribution. Desuden blev -CVE-2009-1268 -rettet i etch. Da denne sikkerhedsopdatering blev frigivet før udgivelsen af -punktopdateringen, blev rettelserne medtaget.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.99.4-5.etch.4.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.2-3+lenny7.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.2.3-1.

- -

Vi anbefaler at du opgraderer dine Wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1942.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1943.wml b/danish/security/2009/dsa-1943.wml deleted file mode 100644 index b6974d7b4fb..00000000000 --- a/danish/security/2009/dsa-1943.wml +++ /dev/null @@ -1,24 +0,0 @@ -utilstrækkelig kontrol af inddata - -

Man opdagede at OpenLDAP, en fri implementering af Lightweight Directory -Access Protocol, når OpenSSL blev anvendt, ikke på korrekt vis håndterede -\0-tegn i et domænenavn i emnets Common Name- eller Subject Alternative -Name-felt (SAN) i et X.509-certifikat, hvilket tillod manden i midten-angreb i -forbindelse med forfalskning af vilkårlig SSL-servere gennem et fabrikeret -certifikat udstedt af en legitim Certification Authority. - -

I den gamle stabile distribution (etch), er dette problem rettet i version -2.3.30-5+etch3 for openldap2.3.

- -

I den stabile distribution (lenny), er dette problem rettet i version -2.4.11-1+lenny1 for openldap.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er dette problem rettet i version 2.4.17-2.1 af openldap.

- -

Vi anbefaler at du opgraderer dine openldap2.3/openldap-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1943.data" -#use wml::debian::translation-check translation="24e7bc23a3179fc4339a544943e6b63081c9a674" mindelta="1" diff --git a/danish/security/2009/dsa-1944.wml b/danish/security/2009/dsa-1944.wml deleted file mode 100644 index 0b91f6cbbd4..00000000000 --- a/danish/security/2009/dsa-1944.wml +++ /dev/null @@ -1,25 +0,0 @@ -sessionskapring - - -

Mikal Gule opdagede at request-tracker, et udvidbart system til sporing af -fejlrapporteringer, var sårbart over for et angreb, hvor en angriber med adgang -til det samme domæne, kunne kapre en brugers RT-session.

- -

I den gamle stabile distribution (etch), er dette problem rettet i version -3.6.1-4+etch1 af request-tracker3.6 og version 3.4.5-2+etch1 af -request-tracker3.4.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.6.7-5+lenny3.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.6.9-2.

- -

Vi anbefaler at du opgraderer dine request-tracker-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1944.data" -#use wml::debian::translation-check translation="34ca17a4ef1d910fb3f3e90d76731b42d14bd2bf" mindelta="1" diff --git a/danish/security/2009/dsa-1945.wml b/danish/security/2009/dsa-1945.wml deleted file mode 100644 index f2d58749561..00000000000 --- a/danish/security/2009/dsa-1945.wml +++ /dev/null @@ -1,23 +0,0 @@ -symbolsk lænke-angreb - -

Sylvain Beucler opdagede at gforge, et værktøj til udviklingssamarbejde, var -sårbart over for et symlinkangreb, hvilket gjorde det muligt for lokale brugere -at udføre et lammelsesangreb ved at overskrive vilkårlige filer.

- -

I den gamle stabile distribution (etch), er dette problem rettet i version -4.5.14-22etch13.

- -

I den stabile distribution (lenny), er dette problem rettet i version -4.7~rc2-7lenny3.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.8.2-1.

- -

Vi anbefaler at du opgraderer dine gforge-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1945.data" -#use wml::debian::translation-check translation="34ca17a4ef1d910fb3f3e90d76731b42d14bd2bf" mindelta="1" diff --git a/danish/security/2009/dsa-1946.wml b/danish/security/2009/dsa-1946.wml deleted file mode 100644 index 3d9f49b36ed..00000000000 --- a/danish/security/2009/dsa-1946.wml +++ /dev/null @@ -1,22 +0,0 @@ -kryptografisk svaghed - -

Man opdagede at belpic, det belgiske eID PKCS11-bibliotek, ikke på korrekt -vis kontrollerede resultatet af en OpenSSL-funktion, for at kontrollere -kryptografiske signaturer, hvilket kunne anvendes til at omgå -certifikatvalideringen.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.5.9-7.etch.1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.6.0-6, som allerede er indeholdt i udgivelsen lenny.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 2.6.0-6.

- -

Vi anbefaler at du opgraderer dine belpic-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1946.data" -#use wml::debian::translation-check translation="f51f6e5dac5c76c2f97745b9ea1c26c54e71fb26" mindelta="1" diff --git a/danish/security/2009/dsa-1947.wml b/danish/security/2009/dsa-1947.wml deleted file mode 100644 index ce59ec24c41..00000000000 --- a/danish/security/2009/dsa-1947.wml +++ /dev/null @@ -1,25 +0,0 @@ -manglende kontrol af inddata - -

Matt Elder opdagede at Shibboleth, et forenet system til single sign-on via -web, var sårbart over for indsprøjtning af skripter gennem -viderestillings-URL'er. Flere oplysninger findes i Shibboleths bulleting på -\ -http://shibboleth.internet2.edu/secadv/secadv_20091104.txt.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.3f.dfsg1-2+etch2 of shibboleth-sp.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.3.1.dfsg1-3+lenny2 af shibboleth-sp, version 2.0.dfsg1-4+lenny2 -af shibboleth-sp2 og version 2.0-2+lenny2 af opensaml2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.3+dfsg-1 af shibboleth-sp2, version 2.3-1 af opensaml2 og -version 1.3.1-1 af xmltooling.

- -

Vi anbefaler at du opgraderer dine Shibboleth-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1947.data" -#use wml::debian::translation-check translation="9f5679e6fe7bad2fdba3e7adbc14303e07a2cadc" mindelta="1" diff --git a/danish/security/2009/dsa-1948.wml b/danish/security/2009/dsa-1948.wml deleted file mode 100644 index 23422d1d305..00000000000 --- a/danish/security/2009/dsa-1948.wml +++ /dev/null @@ -1,28 +0,0 @@ -denial of service - -

Robin Park og Dmitri Vinokurov opdagede at dæmonkomponenten i ntp-pakken, en -referenceimplementering af NTP-protokollen, ikke reagerede korrekt på visse -indgående netværkspakker.

- -

En uventet NTP mode 7-pakke (MODE_PRIVATE) med forfalskede IP-data, kunne -føre til at ntpd gav et mode 7-svar til den forfalskede adresse. Det kunne -medføre at tjenesten legede pakke-bordtennis med andre ntp-servere eller endda -sig selv, hvilket forårsagede CPU-forbrug og overdreven brug af diskplads på -grund af logning. En angriber kunne anvende dette til at udføre lammelsesangreb -(denial of service).

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1:4.2.2.p4+dfsg-2etch4.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1:4.2.4p4+dfsg-8lenny3.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine ntp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1948.data" -#use wml::debian::translation-check translation="ef8ce0142ebe6080f00c7a5d3fcdcb317b30aee0" mindelta="1" diff --git a/danish/security/2009/dsa-1949.wml b/danish/security/2009/dsa-1949.wml deleted file mode 100644 index b02668c212a..00000000000 --- a/danish/security/2009/dsa-1949.wml +++ /dev/null @@ -1,26 +0,0 @@ -programmeringsfejl - -

Man opdagede at php-net-ping, et PHP PEAR-modul til iværksættelse af ping -uafhængigt af styresystemet, udførte utilstrækkelig fornuftighedskontrol af -inddata, hvilket måske kunne anvendes til at indspøjte parametre (endnu intet -CVE) eller udføre vilkårlige kommandoer -(\ -CVE-2009-4024) på et system der anvender php-net-ping.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.4.2-1+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.4.2-1+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.2-1.1.

- -

Vi anbefaler at du opgraderer dine php-net-ping-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1949.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1950.wml b/danish/security/2009/dsa-1950.wml deleted file mode 100644 index b818ece3680..00000000000 --- a/danish/security/2009/dsa-1950.wml +++ /dev/null @@ -1,141 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i WebKit, et webindholdsmaskinebibliotek til -Gtk+. Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-0945 - -

    Arrayindekseringsfejl i metoden insertItemBefore i WebKit, gjorde det muligt -for fjernangribere at udføre vilkårlig kode gennem et dokument med en -SVGPathList-datastruktur indeholdende et negativt indeks i SVGTransformList-, -SVGStringList-, SVGNumberList-, SVGPathSegList-, SVGPointList- eller -SVGLengthList-SVGList-objektet, hvilket udløste hukommelseskorruption.

    • - -
  • CVE-2009-1687 - -

    JavaScript-garbagecollectoren i WebKit håndterede ikke på korrekt vis -allokeringsfejl, hvilket fjernangribere kunne udnytte til at udføre vilkårlig -kode eller forårsage et lammelsesangreb (hukommelseskorruption og -applikationsnedbrud) gennem et fabrikeret HTML-dokument, der medførte -skriveadgang til en NULL-pointers offset.

    • - -
  • CVE-2009-1690 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse i WebKit, gjorde -det muligt for fjernangribere at udøfre vilkårlig kode eller forårsage et -lammelsesangreb (hukommelseskorruption og applikationsnedbrud) ved at opsætte en -uspecificeret egenskab på et HTML-tag, hvilket gjorde at childelementer blev -frigivet og senere tilgået når en HTML-fejl opstod, relateret til rekursivitet i -visse DOM-eventhandlere.

    • - -
  • CVE-2009-1698 - -

    WebKit initialiserede ikke en pointer under håndtering af et -attr-funktionskald i Cascading Style Sheets (CSS) med store numeriske parametre, -hvilket gjorde det muligt for fjernangribere at udføre vilkårlig kode eller -forårsage et lammelsesangreb (hukommelseskorruption og applikationsnedbrud) -gennem et fabrikeret HTML-dokument.

    • - -
  • CVE-2009-1711 - -

    WebKit initialiserede ikke på korrekt vis hukommelse til Atrr-DOM-objekter, -hvilket gjorde det muligt for fjernangribere at udføre vilkårlig kode eller -forårsage et lammelsesangreb (applikationsnedbrud) gennem et fabrikeret -HTML-dokument.

    • - -
  • CVE-2009-1712 - -

    WebKit forhindrede ikke fjernindlæsning af Java-applets, hvilket gjorde det -muligt for fjernangribere at udføre vilkårlig kode, få rettigheder eller tilgå -følsomme oplysninger gennem et APPLET- eller OBJECT-element.

    • - -
  • CVE-2009-1725 - -

    WebKit håndterede ikke på korrekt vis numeriske tegnreferencer, hvilket -gjorde det muligt for fjernangribere at udføre vilkårlig kode eller forårsage et -lammelsesangreb (hukommelseskorruption og applikationsnedbrud) gennem et -fabrikeret HTML-dokument.

    • - -
  • CVE-2009-1714 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af websteder -(XSS) i Web Inspector i WebKit gjorde det muligt for brugerhjulpne -fjernangribere at indsprøjte vilkårligt webskript eller HTML, og læse lokale -filer via angrebsvinkler relateret til ukorrekt indkapsling af -HTML-attributter.

    • - -
  • CVE-2009-1710 - -

    WebKit gjorde det muligt for fjernangribere at forfalske browserens visning -af værtsnavnet, sikkerhedsindikatorer og uspecificerede andre -brugergrænsefladelementer gennem en skræddersyet markør i forbindelse med en -tilpasset CSS3-hotspot-egenskab.

    • - -
  • CVE-2009-1697 - -

    CRLF-indsprøjtningssårbarhed i WebKit gjorde det muligt for fjernangribere at -indsprøjte HTTP-headere og omgå Same Origin Policy gennem et fabrikeret -HTML-dokument, i forbindelse med angreb med udførelse af skripter på tværs af -websteder (XSS), som er afhængige af kommunikation med vilkårlige websteder på -den samme server, gennem anvendelse af XMLHttpRequest uden en -Host-header.

    • - -
  • CVE-2009-1695 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af websteder -(XSS) i WebKit gjorde det muligt for fjernangribere at indsprøjte vilkårligt -webskript eller HTML via angrebsvinkler, der involverede adgang til -frameindhold efter gennemførelse af en sideovergang.

    • - -
  • CVE-2009-1693 - -

    WebKit gjorde det muligt for fjernangribere at læse billeder fra vilkårlige -websteder gennem et CANVAS-element med et SVG-billede, relateret til et problem -med billedfangst på tværs af websteder.

    • - -
  • CVE-2009-1694 - -

    WebKit håndterede ikke på korrekt vis viderestillinger, hvilket gjorde det -muligt for fjernangribere at læse billeder fra vilkårlige websteder via -angrebsvinkler, der involverede et CANVAS-element og viderestilling, relateret -til et problem med billedfangst på tværs af websteder.

    • - -
  • CVE-2009-1681 - -

    WebKit forhindede ikke websteder i at læse tredjepartsindhold ind i en -subframe, hvilket gjorde det muligt for fjernangribere at omgå Same Origin -Policy og iværksætte klikkapringsangreb gennem et fabrikeret -HTML-dokument.

    • - -
  • CVE-2009-1684 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af websteder -(XSS) i WebKit gjorde det muligt for fjernangribere at indsprøjte vilkårlig -webskript eller HTML gennem en eventhandler, der udløste skriptudførelse i -konteksten hørende til det næste indlæste dokument.

    • - -
  • CVE-2009-1692 - -

    WebKit gjorde det muligt for fjernangribere at forårsage et lammelsesangreb -(hukommelseskorruption eller enhedsnulstilling) gennem en webside indeholdende -et HTMLSelectElement-objekt med en står length-attribut, relateret til -længdeegenskaben hørende til et Select-objekt.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.0.1-4+lenny2.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 1.1.16-1.

- -

Vi anbefaler at du opgraderer din webkit-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1950.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1951.wml b/danish/security/2009/dsa-1951.wml deleted file mode 100644 index 5ccda2a5037..00000000000 --- a/danish/security/2009/dsa-1951.wml +++ /dev/null @@ -1,22 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Man opdagede at firefox-sage, en letvægts-RSS- og -Atom-feedlæser til -Firefox, ikke fornuftighedskontrollerer RSS-feedoplysningerne på korrekt vis, -hvilket gør den sårbar over for et angreb i forbindelse med udførelse af -skripter på tværs af domæner.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.3.6-4etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.4.2-0.1+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 1.4.3-3.

- -

Vi anbefaler at du opgraderer dine firefox-sage-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1951.data" -#use wml::debian::translation-check translation="43cf83cb1593f849c83330691ba5603c03cd304e" mindelta="1" diff --git a/danish/security/2009/dsa-1952.wml b/danish/security/2009/dsa-1952.wml deleted file mode 100644 index 7c3cd0f3465..00000000000 --- a/danish/security/2009/dsa-1952.wml +++ /dev/null @@ -1,57 +0,0 @@ -flere sårbarheder, ophør af understøttelse i oldstable - - -

Flere sårbarheder er opdaget i asterisk, en open source-PBX- og -telefoniværktøjssamling. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2009-0041 - -

    Det var muligt at finde gyldige loginnavne ved afprøvning, på grund af -IAX2-svaret fra asterisk (AST-2009-001).

    • - -
  • CVE-2008-3903 - -

    Det var muligt at finde et gyldigt SIP-brugernavn, når Digest-autentificering -og authalwaysreject er aktiveret (AST-2009-003).

    • - -
  • CVE-2009-3727 - -

    Det var muligt at finde et gyldigt SIP-brugernavn gennem flere fabrikerede -REGISTER-beskeder (AST-2009-008).

    • - -
  • CVE-2008-7220 CVE-2007-2383 - -

    Man opdagede, at asterisk indeholder en forældet kopi af Prototype -JavaScript-frameworket, der er sårbart over for flere sikkerhedsproblemer. -Denne kopi anvendes ikke og er nu fjernet fra asterisk (AST-2009-009).

    • - -
  • CVE-2009-4055 - -

    Man opdagede at det var muligt at iværksætte et lammelsesangreb (denial of -service) gennem RTP comfort noise payload, med en lang datalængde -(AST-2009-010).

    • - -
- -

Den aktuelle version i den gamle stabile distribution, er ikke længere -understøttet af opstrømsudviklerne, og den er påvirket af flere -sikkerhedsproblemer. Tilbageførelse af rettelser af disse og alle fremtidige -problemer, kan ikke længere betale sig. Derfor er vi nødt til at lade -sikkerhedsunderstøttelsen af versionen i oldstable ophøre. Vi anbefaler at alle -asterisk-brugere opgraderer til den stabile distribution (lenny).

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1:1.4.21.2~dfsg-3+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -disse problemer rettet i version 1:1.6.2.0~rc7-1.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1952.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1953.wml b/danish/security/2009/dsa-1953.wml deleted file mode 100644 index df8d000b322..00000000000 --- a/danish/security/2009/dsa-1953.wml +++ /dev/null @@ -1,24 +0,0 @@ -lammelsesangreb - -

Jan Lieskovsky opdagede en fejl i expat, et XML-fortolkningsbibliotek i C, -der når visse UTF-8-sekvenser blev fortolket, kunne udnyttes til at få en -applikation, der anvender biblioteket, til at gå ned.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.95.8-3.4+etch2.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.0.1-4+lenny2.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), this problem will be i version 2.0.1-6.

- -

Opbygningerne til mipsel-arkitekturen i den gamle stabile distribution er -ikke klar endnu. De vil blive frigivet så snart de bliver tilgængelige.

- -

Vi anbefaler at du opgraderer dine expat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1953.data" -#use wml::debian::translation-check translation="69a7dfeebc4828498e71edeac5b0b3de2e7492d6" mindelta="1" diff --git a/danish/security/2009/dsa-1954.wml b/danish/security/2009/dsa-1954.wml deleted file mode 100644 index a293038a196..00000000000 --- a/danish/security/2009/dsa-1954.wml +++ /dev/null @@ -1,52 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Flere sårbarheder er opdaget i cacti, en frontend til rrdtool til overvågning -af systemer og services. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2007-3112, CVE-2007-3113 - -

    Man opdagede at cacti var sårbar over for et lammelsesangreb via -parametrene graph_height, graph_width, graph_start og graph_end. Problemet -påvirker kun den gamle stabile distributions (etch) version af cacti.

    • - -
  • CVE-2009-4032 - -

    Man opdagede at cacti var sårbar over for flere angreb i forbindelse med -udførelse af skripter på tværs af websteder gennem forskellige -angrebsvinkler.

    • - -
  • CVE-2009-4112 - -

    Man opdagede at cacti gjorde det muligt for autentificerede -administratorbrugere, at opnå rettigheder på værtssystemet ved at udføre -vilkårlige kommandoer gennem Data Input Method i indstillingen -Linux - Get Memory Usage.

    - -

    På nuværende tidspunkt er der ingen rettelse af dette problem. -Opstrømsudviklerne vil implementere en hvidlistningspolicy, som kun tillader -sikre kommandoer. I øjeblikket anbefaler vi at en sådan adgang kun -gives til brugere, man har tillid til, og at indstillingerne Data Input -og User Administration ellers deaktiveres.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 0.8.6i-3.6.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.8.7b-2.1+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.8.7e-1.1.

- -

Vi anbefaler at du opgraderer dine cacti-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1954.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1955.wml b/danish/security/2009/dsa-1955.wml deleted file mode 100644 index a102c22a1ff..00000000000 --- a/danish/security/2009/dsa-1955.wml +++ /dev/null @@ -1,27 +0,0 @@ -informationsafsløring - -

Man opdagede at network-manager-applet, et networkshåndteringsframework, -manglede nogle dbus-begræsningsregler, hvilket gjorde det muligt for lokale -brugere at få adgang til følsomme oplysninger.

- -

Hvis du har en lokalt tilrettet /etc/dbus-1/system.d/nm-applet.conf-fil, så -sørg for at den indarbejder ændringerne fra denne rettelse, når du bliver bedt -om det under opgraderingen.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.6.4-6+etch1 of network-manager.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.6.6-4+lenny1 of network-manager-applet.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 0.7.0.99-1 af -network-manager-applet.

- -

Vi anbefaler at du opgraderer dine network-manager- hhv. -network-manager-applet-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1955.data" -#use wml::debian::translation-check translation="4f7b6cc535533b7f044059348904071ccedd1c6f" mindelta="1" diff --git a/danish/security/2009/dsa-1956.wml b/danish/security/2009/dsa-1956.wml deleted file mode 100644 index 0effeffb1a6..00000000000 --- a/danish/security/2009/dsa-1956.wml +++ /dev/null @@ -1,53 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø til -XUL-applikationer så som webbrowseren Iceweasel. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-3986: - -

    David James opdagede at egenskaben window.opener muliggjorde - Chrome-rettighedsforøgelse.

    • - -
  • CVE-2009-3985: - -

    Jordi Chanel opdagede at en forfalskningssårbarhed af URL-linjen ved hjælp - af egenskaben document.location.

    • - -
  • CVE-2009-3984: - -

    Jonathan Morgan opdagede at ikonen, der angiver en sikker forbindelse, - kunne forfalskes gennem egenskaben document.location.

    • - -
  • CVE-2009-3983: - -

    Takehiro Takahashi opdagede at NTLM-implementeringen var sårbar over for - reflection-angreb.

    • - -
  • CVE-2009-3981: - -

    Jesse Ruderman opdagede at nedbrud i layoutmaskinen, hvilket måske kunne - gøre det muligt af udføre vilkårlig kode.

    • - -
  • CVE-2009-3979: - -

    Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel og Olli Pettay - opdagede nedbrud i layoutmaskinen, hvilket måske kunne gøre det muligt at - udføre vilkårlig kode.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.9.0.16-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.1.6-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1956.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1957.wml b/danish/security/2009/dsa-1957.wml deleted file mode 100644 index 972e2300fd5..00000000000 --- a/danish/security/2009/dsa-1957.wml +++ /dev/null @@ -1,21 +0,0 @@ -bufferoverløb - -

Man opdagede at aria2, et højhastighedsdownloadværktøj, var sårbart over for -et bufferoverløb i DHT-routingkoden, hvilket måske kunne føre til udførelse af -vilkårlig kode.

- -

Den gamle stabile distribution (etch) er ikke påvirket af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i version -0.14.0-1+lenny1. Binære filer til powerpc, arm, ia64 og hppa følger når de -bliver tilgængelige.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 1.2.0-1.

- -

Vi anbefaler at du opgraderer dine aria2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1957.data" -#use wml::debian::translation-check translation="d0fdcb5cd8c336ee499487ea8578d46b6b597bc8" mindelta="1" diff --git a/danish/security/2009/dsa-1958.wml b/danish/security/2009/dsa-1958.wml deleted file mode 100644 index a7aeab3af80..00000000000 --- a/danish/security/2009/dsa-1958.wml +++ /dev/null @@ -1,22 +0,0 @@ -rettighedsforøgelse - -

Man opdagede at ltdl, en systemuafhængig dlopen-wrapper til GNU libtool, -kunne narres til at indlæse og køre moduler fra en vilkårlig mappe, hvilket -måske kunne anvendes til at udføre vilkårlig kode med rettighederne hørende -til den bruger, der udfører en applikation, der anvender libltdl.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.5.22-4+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.5.26-4+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er dette problem rettet i 2.2.6b-1.

- -

Vi anbefaler at du opgraderer dine libtool-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1958.data" -#use wml::debian::translation-check translation="d0fdcb5cd8c336ee499487ea8578d46b6b597bc8" mindelta="1" diff --git a/danish/security/2009/dsa-1959.wml b/danish/security/2009/dsa-1959.wml deleted file mode 100644 index 70bd2d7d154..00000000000 --- a/danish/security/2009/dsa-1959.wml +++ /dev/null @@ -1,25 +0,0 @@ -manglende fornuftighedskontrol af inddata - -

Man opdagede at ganeti, et program til håndtering af virtuelle klynger, -ikke validerede stien til skripter, der blev overført som parametre til visse -kommandoer, hvilket gjorde det muligt for lokale eller fjerne brugere (gennem -webgrænsefladen i versionerne 2.x) udføre vilkårlige kommandoer på en -værtsmaskine, der fungerer som klyngemaster.

- -

Den gamle stabile distribution (etch) indeholder ikke ganeti.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.2.6-3+lenny2.

- -

I distributionen testing (squeeze), vil dette problem blive rettet -i version 2.0.5-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.5-1.

- -

Vi anbefaler at du opgraderer dine ganeti-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1959.data" -#use wml::debian::translation-check translation="ee32f1043944ef4f97a4b3da98363fcea2dd8df3" mindelta="1" diff --git a/danish/security/2009/dsa-1960.wml b/danish/security/2009/dsa-1960.wml deleted file mode 100644 index 2b21ec7679d..00000000000 --- a/danish/security/2009/dsa-1960.wml +++ /dev/null @@ -1,21 +0,0 @@ -programmeringsfejl - -

Man opdagede at acpid, eventdæmonen til Advanced Configuration and Power -Interface, i den gamle stabile distribution (etch) oprettede sin logfil med -svage rettigheder, hvilket måske kunne blotlægge følsomme oplysninger eller -måske misbruges af en lokal bruger til at opbruge al fri diskplads på den -samme partition som filen.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.0.4-5etch2.

- -

Den stable distribution (lenny), version 1.0.8-1lenny2, og den ustabile -distribution (sid), version 1.0.10-5, er opdateret til at rette de svage -filrettigheder på logfiler oprettet af ældre versioner af programmet.

- -

Vi anbefaler at du opgraderer dine acpid-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1960.data" -#use wml::debian::translation-check translation="d28c5797adf307896a0bd578b4584c566f856475" mindelta="1" diff --git a/danish/security/2009/dsa-1961.wml b/danish/security/2009/dsa-1961.wml deleted file mode 100644 index 7fb8686eba7..00000000000 --- a/danish/security/2009/dsa-1961.wml +++ /dev/null @@ -1,28 +0,0 @@ -forgiftning af DNS-cache - -

Michael Sinatra opdagede at DNS-resolverkomponenten i BIND, ikke på korrekt -vis kontrollede DNS-poster indeholdt i DNS-svarets yderligere sektioner, førende -til en sårbarhed i forbindelse med cacheforgiftning. Sårbarheden findes kun i -resolvere, der er opsat med DNSSEC-trust-anchors, hvilket stadig er sjældent.

- -

Bemærk at denne opdatering indeholder en intern ABI-ændring, hvilket betyder -at alle BIND-relaterede pakker (bind9, dnsutils og bibliotekspakkerne) skal -opdateres på samme tid (brug af apt-get update og apt-get upgrade -er at foretrække). I den usandsynlige situation, hvor du har kompilet dit eget -programmel op mod libdns, skal du også genkompilere disse programmer.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 9.3.4-2etch6.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 9.5.1.dfsg.P3-1+lenny1.

- -

I den ustabile distribution (sid) og i distributionen testing -(squeeze), er dette problem rettet i version 9.6.1.dfsg.P2-1.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1961.data" -#use wml::debian::translation-check translation="e64a37d6ea5d314764c9531724173b302ac8acd1" mindelta="1" diff --git a/danish/security/2009/dsa-1962.wml b/danish/security/2009/dsa-1962.wml deleted file mode 100644 index 2982c41467a..00000000000 --- a/danish/security/2009/dsa-1962.wml +++ /dev/null @@ -1,46 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i kvm, et komplet virtualiseringssystem. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-3638 - -

    Man opdagede et heltalsoverløb i funktionen kvm_dev_ioctl_get_supported_cpuid. -Dette gjorde det muligt for lokale brugere, at have uangivne følger gennem en -KVM_GET_SUPPORTED_CPUID-forespørgsel til funktionen kvm_arch_dev_ioctl.

    • - -
  • CVE-2009-3722 - -

    Man opdagede at funktionen handle_dr KVM-undersystemet ikke på korrekt vis -kontrollerede Current Privilege Level (CPL) før et debugregister blev tilgået, -hvilket gjorde det muligt for brugere af gæstestyresystemet at forårsage et -lammelsesangreb (denial of service-trap) i værtsstyresystemet gennem en -fabrikeret applikation.

    • - -
  • CVE-2009-4031 - -

    Man opdagede at funktionen do_insn_fetch x86-emulatoren i KVM-undersystemet -forsøgte at fortolke instruktioner, der indeholdt for mange bytes, til at kunne -være gyldig, hvilket gjorde det muligt for brugere af gæstestyresystemet at -forårsage et lammelsesangreb (forøget scheduleringslatency) på -værtsstyresystemet gennem uangivne manipuleringer relateret til -SMP-understøttelse.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i version -72+dfsg-5~lenny4.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din kvm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1962.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/dsa-1963.wml b/danish/security/2009/dsa-1963.wml deleted file mode 100644 index e79e05d0b6f..00000000000 --- a/danish/security/2009/dsa-1963.wml +++ /dev/null @@ -1,22 +0,0 @@ -kryptografisk implementeringsfejl - -

Man opdagede at Unbound, en DNS-resolver, ikke på korrekt vis kontrollerde -kryptografiske signaturer i NSEC3-poster. Som en følge heraf, mistede zoner -signeret med NSEC3-varianten af DNSSEC deres kryptografiske beskyttelse. (En -angriber skulle stadig først udføre et almindeligt cacheforgiftningangreb, for -at føje dårlige data til cachen.)

- -

Den gamle stabile distribution (etch) indeholder ikke en unbound-pakke.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.2-1+lenny1.

- -

I den ustabile distribution (sid) og i distributionen testing -(squeeze), er dette problem rettet i version 1.3.4-1.

- -

Vi anbefaler at du opgraderer din unbound-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1963.data" -#use wml::debian::translation-check translation="484a69642a363a8c1aef8f7bd1d312139c855c3b" mindelta="1" diff --git a/danish/security/2009/dsa-1964.wml b/danish/security/2009/dsa-1964.wml deleted file mode 100644 index 2e0a8289f97..00000000000 --- a/danish/security/2009/dsa-1964.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i PostgreSQL, en databaseserver. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -

Man opdagede at PostgreSQL ikke på korrekt vis kontrollerede Common -Name-attributten i X.509-certifikater, hvilket gjorde det muligt for angribere -at omgå TLS-beskyttelsen (valgfri) på klient-server-forbindelser, ved at stole -på et certifikat fra en CA man har tillid til, indeholdende en indlejret -NUL-byte i Common Name -(\ -CVE-2009-4034).

- -

Autentificerede databasebrugere kunne forøge deres rettigheder ved at oprette -særligt fremstillede indeksfunktioner -(\ -CVE-2009-4136).

- -

Følgende matriks viser rettede kildekodepakkeversioner i de respektive -distributioner.

- -
- - - - - -
  oldstable/etch stable/lenny testing/unstable
postgresql-7.4 7.4.27-0etch1    
postgresql-8.1 8.1.19-0etch1    
postgresql-8.3   8.3.9-0lenny1 8.3.9-1
postgresql-8.4     8.4.2-1
- -

Ud over disse sikkerhedsretttelser, indeholder opdateringerne -driftssikkerhedsforbedringer samt retter andre defekter.

- -

Vi anbefaler at du opgraderer dine PostgreSQL-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2009/dsa-1964.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2009/index.wml b/danish/security/2009/index.wml deleted file mode 100644 index 1a2c8ba7f06..00000000000 --- a/danish/security/2009/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2009 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2009', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2010/Makefile b/danish/security/2010/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2010/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2010/dsa-1965.wml b/danish/security/2010/dsa-1965.wml deleted file mode 100644 index 3eb2480d371..00000000000 --- a/danish/security/2010/dsa-1965.wml +++ /dev/null @@ -1,24 +0,0 @@ -manglende kontrol af inddata - - -

Man opdagede at phpLDAPadmin, en webbaseret grænseflade til administrering af -LDAP-servere, ikke fornuftighedskontrollerede en intern variabel, hvilket gjorde -det muligt for fjernangribere at inkludere og udføre vilkårlige lokale -filer.

- -

Den gamle stabile distribution (etch) er ikke påvirket af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.1.0.5-6+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.1.0.7-1.1

- -

Vi anbefaler at du opgraderer din phpldapadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1965.data" -#use wml::debian::translation-check translation="fae50b08b8f5aee98dea9b7cf1dc460f560097c6" mindelta="1" diff --git a/danish/security/2010/dsa-1966.wml b/danish/security/2010/dsa-1966.wml deleted file mode 100644 index 123010f4592..00000000000 --- a/danish/security/2010/dsa-1966.wml +++ /dev/null @@ -1,45 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Flere sårbarheder er opdaget i horde3, webapplikationsframeworket horde. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-3237 - -

    Man opdagede at horde3 er sårbar over for udførelse af skripter på tværs af -websteder gennem fabrikerede talegenskaber eller inline-MIME-tekstdele, når der -blev anvendt text/plain som MIME-type. I lenny er dette problem allerede løst, -men som en ekstra sikkerhedsforanstaltning, er visning af inline-tekst blevet -deaktiveret i opsætningsfilen.

    • - -
  • CVE-2009-3701 - -

    Man opdagede at den administrativegrænseflade i horde3 er sårbar over for -udførelse af skripter på tværs af websteder, på grund af anvendelse af variablen -PHP_SELF. Problemet kan kun udnyttes af autentificerede -administratorer.

    • - -
  • CVE-2009-4363 - -

    Man har opdaget, at horde3 er sårbar over for flere tilfælde af udførelse af -skripter på tværs af websteder gennem fabrikerede data:text/html-værdier i -HTML-meddelelser.

    • -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 3.2.2+debian0-2+lenny2.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 3.1.3-4etch7.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 3.3.6+debian0-1.

- -

Vi anbefaler at du opgraderer dine horde3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1966.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1967.wml b/danish/security/2010/dsa-1967.wml deleted file mode 100644 index a6e66483d85..00000000000 --- a/danish/security/2010/dsa-1967.wml +++ /dev/null @@ -1,20 +0,0 @@ -mappegennemløb - -

Dan Rosenberg opdagede at Transmission, en letvægtsklient til -fildelingsprotokollen Bittorrent, udførte utilstrækkelig fornuftighedskontrol af -filnavne angivet i .torrent-filer. Det kunne føre til overskrivelse af lokale -filer med rettighederne hørende til den bruger, der kørte Transmission, hvis -brugeren blev narret til at åbne en ondsindet fremstillet torrent-fil.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.22-1+lenny2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.77-1.

- -

Vi anbefaler at du opgraderer dine transmission-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1967.data" -#use wml::debian::translation-check translation="248fee27f86f8502d019aae579d225118927c633" mindelta="1" diff --git a/danish/security/2010/dsa-1968.wml b/danish/security/2010/dsa-1968.wml deleted file mode 100644 index dcb731a1693..00000000000 --- a/danish/security/2010/dsa-1968.wml +++ /dev/null @@ -1,32 +0,0 @@ -flere sårbarheder - -

Man opdagede at pdns-recursor, den rekursive navneserver PowerDNS, indeholdt -flere sårbarheder:

- -
    -
  • CVE-2009-4009 - -

    Et bufferoverløb kunne udnyttes til at få dæmonen til at gå ned eller -potentielt udføre vilkårlig kode.

    • - -
  • CVE-2009-4010 - -

    En cacheforgiftningssårbarhed kunne måske gøre det muligt for angribere at -narre serveren til at levere ukorrekte DNS-data.

    • -
- -

Til den gamle stabile distribution (etch), vil rettede pakker snart blive -stillet til rådighed.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 3.1.7-1+lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.1.7.2-1.

- -

Vi anbefaler at du opgraderer din pdns-recursor-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1968.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1969.wml b/danish/security/2010/dsa-1969.wml deleted file mode 100644 index 0eb57b5b891..00000000000 --- a/danish/security/2010/dsa-1969.wml +++ /dev/null @@ -1,25 +0,0 @@ -heltalsunderløb - -

Man opdagede at krb5, et system til autentificering af brugere og services på -et netværk, var ramt af et heltalsunderløb i AES- og -RC4-dekrypteringshandlingerne i crypto-biblioteket. En fjernangriber kunne -forårsage nedbrud, heapkorruption, eller, under ekstraordinært usandsynlige -betingelser, udføre vilkårlig kode.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.4.4-7etch8.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.6.dfsg.4~beta1-5lenny2.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.8+dfsg~alpha1-1.

- -

Vi anbefaler at du opgraderer din krb5-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1969.data" -#use wml::debian::translation-check translation="8925b9dfda2b22e6cf7c3a6a1dc16d9818f5b55f" mindelta="1" diff --git a/danish/security/2010/dsa-1970.wml b/danish/security/2010/dsa-1970.wml deleted file mode 100644 index ac527d78e27..00000000000 --- a/danish/security/2010/dsa-1970.wml +++ /dev/null @@ -1,28 +0,0 @@ -lammelsesangreb - -

Man opdagede at en betydelig hukommelseslækage kunne opstå i OpenSSL, -relateret til geninitialiseringen af zlib. Det kunne medføre en -fjernudnytbar lammelsesangrebssårbarhed, når man anvender Apaches -httpd-server i en opsætning, hvor mod_ssl, mod_php5 og udvidelsen php5-curl er -indlæst.

- -

Den gamle stabile distribution (etch) er ikke påvirket af dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.9.8g-15+lenny6.

- -

Pakkerne til arm-arkitekturen er ikke klar endnu, men vil blive gjort -tilgængelige så snart de er klar..

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), vil -dette problem snart blive rettet. Problemet lader ikke til at være udnytbart -med apache2-pakken, der er i squeeze/sid.

- -

Vi anbefaler at du opgraderer dine openssl-pakker. Du skal også genstarte -din Apache-httpd-server, for at sikre at den anvender de opdaterede -biblioteker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1970.data" -#use wml::debian::translation-check translation="01acd26b61e964880ac4a2935927cf3b5ce281e9" mindelta="1" diff --git a/danish/security/2010/dsa-1971.wml b/danish/security/2010/dsa-1971.wml deleted file mode 100644 index 9d958a80af9..00000000000 --- a/danish/security/2010/dsa-1971.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - - -

Tim Starling opdagede at libthai, en samling af sprogrutiner til -understøttelse af thia, var sårbar over for et heltals-/heapoverløb. -Sårbarheden kunne gøre det muligt for en angriber, at køre vilkårlig kode -ved at sende en meget lang streng.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 0.1.6-1+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.1.9-4+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din libthai-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1971.data" -#use wml::debian::translation-check translation="abc35f36c5d6aab75c17cc7d5e54f8a2dbb89915" mindelta="1" diff --git a/danish/security/2010/dsa-1972.wml b/danish/security/2010/dsa-1972.wml deleted file mode 100644 index b31a4b2feff..00000000000 --- a/danish/security/2010/dsa-1972.wml +++ /dev/null @@ -1,25 +0,0 @@ -bufferoverløb - -

Max Kellermann opdagede et heapbaseret bufferoverløb i håndteringen af -ADPCM WAV-filer i libaudiofile. Fejlen kunne medføre et lammelsesangreb -(applikationsnedbrud) eller muligvis udførelse af vilkårlig kode gennem en -fabrikeret WAV-fil.

- -

I den gamle stabile distribution (etch), vil problemet blive rettet i -version 0.2.6-6+etch1.

- -

Pakkerne i den gamle stabile distribution er ikke frigivet sammen med denne -bulletin. En opdatering vil snart blive frigivet.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.2.6-7+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 0.2.6-7.1.

- -

Vi anbefaler at du opgraderer dine audiofile-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1972.data" -#use wml::debian::translation-check translation="0b6ae19fedbf1f7016840a79ad3c3c92e5c98e5b" mindelta="1" diff --git a/danish/security/2010/dsa-1973.wml b/danish/security/2010/dsa-1973.wml deleted file mode 100644 index a475b77dad7..00000000000 --- a/danish/security/2010/dsa-1973.wml +++ /dev/null @@ -1,23 +0,0 @@ -informationsafsløring - -

Christoph Pleger opdagede at GNU C Library (alias glibc) og dets afledninger, -tilføjede oplysninger fra map'et passwd.adjunct.byname til poster på -passwd-map'et, hvilket gjorde det muligt for lokale brugere at få fat i de -krypterede adgangskoder hørende til NIS-konti, ved at kalde funktionen -getpwnam.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.3.6.ds1-13etch10 af glibc-pakken.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.7-18lenny2 af glibc-pakken.

- -

I den ustabile distribution (sid) er dette problem rettet i -version 2.10.2-4 af eglibc-pakken.

- -

Vi anbefaler at du opgraderer din glibc or eglibc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1973.data" -#use wml::debian::translation-check translation="46c4fb6ee6298311f90ef8213aa33c1384e8fd17" mindelta="1" diff --git a/danish/security/2010/dsa-1974.wml b/danish/security/2010/dsa-1974.wml deleted file mode 100644 index b9aa49430fa..00000000000 --- a/danish/security/2010/dsa-1974.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er fundet i gzip, GNU's komprimeringsværktøjer. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-2624 - -

    Thiemo Nagel opdagede manglende fornuftighedskontrol af inddata i den måde, -gzip anvendte til at dekomprimere datablokke til dynamiske Huffman-koder, -hvilket kunne føre til udførelse af vilkårlig kode, når der blev forsøgt at -dekomprimere et fabrikeret arkiv. Problemet er en genopståelse af -CVE-2006-4334 -og påvirker kun versionen i lenny.

    • - -
  • CVE-2010-0001 - -

    Aki Helin opdagede et heltalsunderløb ved dekomprimering af filer, der er -komprimeret ved hjælp af LZW-algoritmen. Det kunne føre til udførelse af -vilkårlig kode, når der blev forsøgt at dekomprimere et gzip-arkiv komprimeret -med LZW.

    • -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.3.12-6+lenny1.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 1.3.5-15+etch1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine gzip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1974.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1976.wml b/danish/security/2010/dsa-1976.wml deleted file mode 100644 index d1a9ea4873e..00000000000 --- a/danish/security/2010/dsa-1976.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i dokuwiki, en standardkompatibel, letanvendelig -wiki. Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- - -
    - -
  • CVE-2010-0287 - -

    Man opdagede at en intern variabel ikke blev fornuftighedskontrolleret på -korrekt vis, før den blev anvendt til at vise indholdet af mapper. Det kunne -udnyttes til at vise indholdet af vilkårlige mapper.

    • - -
  • CVE-2010-0288 - -

    Man opdagede at plugin'en ACL Manager ikke på korrekt vis kontrollerede -administratorrettighederne. Dermed var det muligt for angribere at indføre -vilkårlige ACL-regler og på den måde få adgang til en lukket wiki.

    • - -
  • CVE-2010-0289 - -

    Man opdagede at plugin'en ACL Manager manglede beskyttelse mod udførelse af -forespørgsler på tværs af websteder (cross-site request forgeries, CSRF). Det -kunne udnyttes til at ændre adgangskontrolreglerne, ved at narre en indlogget -administrator til at besøge et ondsindet websted.

    • - -
- -

Den gamle stabile distribution (etch) er ikke påvirket af disse problemer.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -0.0.20080505-4+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -disse problemer rettet i version 0.0.20090214b-3.1.

- -

Vi anbefaler at du opgraderer din dokuwiki-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1976.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1977.wml b/danish/security/2010/dsa-1977.wml deleted file mode 100644 index 1fcefbd9072..00000000000 --- a/danish/security/2010/dsa-1977.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - - -

Jukka Taimisto, Tero Rontti og Rauli Kaksonen opdagede at den indlejrede -Expat-kopi i fortolkeren af sproget Python, ikke på korrekt vis behandlede -misdannede eller fabrikerede XML-filer. -(CVE-2009-3560 -CVE-2009-3720) -Sårbarheden kunne gøre det muligt for en angriber at forårsage et -lammelsesangreb (denial of service), når der blev fortolket en misdannet -XML-fil.

- -

Desuden retter denne opdatering et heltalsoverlø i modulet hashlib i python2.5. -Sårbarheden kunne gøre det muligt for en angriber, at overtrume cryptographic -digests. -(CVE-2008-2316) -Det påvirker kun den gamle stabile distribution (etch).

- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 2.4.4-3+etch3 af python2.4 and version 2.5-5+etch2 af python2.5.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.4.6-1+lenny1 af python2.4 og version 2.5.2-15+lenny1 af python2.5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.5.4-3.1 af python2.5, og vil om kort tid blive overført til -distributionen testing (squeeze). python2.4 er blevet fjernet fra -distributionen testing (squeeze) og vil snart blive fjernet fra den ustabile -distribution.

- -

Vi anbefaler at du opgraderer dine python-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1977.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1978.wml b/danish/security/2010/dsa-1978.wml deleted file mode 100644 index 9111af656fd..00000000000 --- a/danish/security/2010/dsa-1978.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i phpgroupware, et webbaseret -groupwaresystem skrevet i PHP. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2009-4414 - -

    En SQL-indsprøjtningssårbarhed blev fundet i - authentication-modulet.

    • - -
  • CVE-2009-4415 - -

    Flere sårbarheder i forbindelse med genneløb af mapper, blev fundet i - addressbook-modulet.

    • - -
  • CVE-2009-4416 - -

    Authentication-modulet er påvirket af en sårbarhed i forbindelse med - udførelse af skripter på tværs af websteder.

    • - -
- -

I den stabile distribution (lenny) er disse problemer rettet i -version 0.9.16.012+dfsg-8+lenny1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 0.9.16.012+dfsg-9.

- -

Vi anbefaler at du opgraderer dine phpgroupware-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1978.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1979.wml b/danish/security/2010/dsa-1979.wml deleted file mode 100644 index 575801f7112..00000000000 --- a/danish/security/2010/dsa-1979.wml +++ /dev/null @@ -1,50 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i lintian, et program til at kontrollere -Debian-pakker. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2009-4013: missing control files sanitation - -

    Control-felters navne og værdier blev ikke fornuftighedskontrolleret før - deres anvendelse i visse handlinger, der kunne føre til mappegennemløb.

    - -

    Patch systems control-filer blev ikke fornuftighedskontrolleret før deres - anvendelse i visse handlinger, der kunne føre til mappegennemløb.

    - -

    En angriber kunne udnytte disse sårbarheder til at overskrive vilkårlige - filer eller afsløre systemoplysninger.

    • - -
  • CVE-2009-4014: formatstrengssårbarheder - -

    Flere kontrolskripter og modulet Lintian::Schedule anvendte - brugerleverede inddata som del af en sprintf/printf-formatstreng.

    • - -
  • CVE-2009-4015: arbitrary command execution - -

    Filnavne blev ikke indkapslet på korrekt vis, når de blev overførrt som - parametre til visse komandoer, hvilket muliggjorde udførelse af andre - kommandoer som pipes eller et sæt af shell-kommandoer.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 1.23.28+etch1.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.24.2.1+lenny1.

- -

I distributionen testing (squeeze), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.3.2

- -

Vi anbefaler at du opgraderer dine lintian-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1979.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1980.wml b/danish/security/2010/dsa-1980.wml deleted file mode 100644 index d59cf7c8afd..00000000000 --- a/danish/security/2010/dsa-1980.wml +++ /dev/null @@ -1,31 +0,0 @@ -heltalsunderløb/lammelsesangreb - - -

David Leadbeater opdagede et heltalsunderløb, der kunne udløses gennem -kommandoen LINKS, og kunne føre til et lammelsesangreb (denial of service) -eller udførelse af vilkårlig kode -(\ -CVE-2009-4016). Problemet påvirker både ircd-hybrid og ircd-ratbox.

- -

Man opdagede at IRC-serveren ratbox var sårbar over for et lammelsesangreb -gennem kommandoen HELP. Pakken ircd-hybrid er ikke ramt af dette problem -(\ -CVE-2010-0300).

- -

I den stabile distribution (lenny), er dette problem rettet i version -1:7.2.2.dfsg.2-4+lenny1 af pakken ircd-hybrid og i version 2.2.8.dfsg-2+lenny1 -af ircd-ratbox.

- -

På grund af en fejl i arkiveringsprogrammellet, var det ikke muligt på -samme tid at udgive en rettelse til den gamle stabile distribution (etch). -Pakken vil blive udgivet som version 7.2.2.dfsg.2-3+etch1, når den er klar.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine ircd-hybrid/ircd-ratbox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1980.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1981.wml b/danish/security/2010/dsa-1981.wml deleted file mode 100644 index 109b6222b2c..00000000000 --- a/danish/security/2010/dsa-1981.wml +++ /dev/null @@ -1,22 +0,0 @@ -rettighedsforøgelse - - -

Christoph Anton Mitterer opdagede at maildrop, et mailafleveringsprogram med -filtreringsevne, var sårbar over for et rettighedsforøgelsesproblem, der kunne -give en bruger rootgruppens rettigheder.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.0.2-11+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.0.4-3+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine maildrop-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1981.data" -#use wml::debian::translation-check translation="4dce8324119260b04dc3ef8387fba8023298202e" mindelta="1" diff --git a/danish/security/2010/dsa-1982.wml b/danish/security/2010/dsa-1982.wml deleted file mode 100644 index dc5beb1791e..00000000000 --- a/danish/security/2010/dsa-1982.wml +++ /dev/null @@ -1,25 +0,0 @@ -lammelsesangreb - - -

Julien Cristau opdagede at hybserv, en dæmon der kører IRC-tjenester for -IRCD-Hybrid, var sårbar over for et lammelsesangreb (denial of service) via -commands-valgmuligheden.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.9.2-4+lenny2.

- -

På grund af en fejl i arkiveringsprogrammellet, var det ikke muligt på -samme tid at udgive en rettelse til den gamle stabile distribution (etch). -Pakken vil blive udgivet som version 1.9.2-4+etch1 når den er klar.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.9.2-4.1.

- -

Vi anbefaler at du opgraderer dine hybserv-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1982.data" -#use wml::debian::translation-check translation="2a99a906a5285a0df873cc26912d1a1424879bc7" mindelta="1" diff --git a/danish/security/2010/dsa-1983.wml b/danish/security/2010/dsa-1983.wml deleted file mode 100644 index 8ee9fdfd99b..00000000000 --- a/danish/security/2010/dsa-1983.wml +++ /dev/null @@ -1,31 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Wireshark, et program til -analysering af netværkstrafik, hvilket måske kunne føre til udførelse af -vilkårlig kode eller lammelsesangreb (denial of service). Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-4377 - -

    En NULL-pointerdereference blev fundet i SMB-/SMB2-dissektorerne.

    • - -
  • CVE-2010-0304 - -

    Flere bufferoverløb blev fundet i LWRES-dissektoren.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.0.2-3+lenny8.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.2.6-1.

- -

Vi anbefaler at du opgraderer dine Wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1983.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1984.wml b/danish/security/2010/dsa-1984.wml deleted file mode 100644 index 9a0fd62131f..00000000000 --- a/danish/security/2010/dsa-1984.wml +++ /dev/null @@ -1,24 +0,0 @@ -lammelsesangreb - - -

Man opdagede at libxerces2-java, en validerende XML-fortolker til Java, ikke -på korrekt vis behandlede misdannede XML-filer. Sårbarheden kunne gøre det -muligt for en angriber, at forårsage lammelsesangreb (denial of servie) mens en -misdannet XML-fil blev fortolket.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.8.1-1+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.9.1-2+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.9.1-4.1, og vil om kort tid blive overført til distributionen testing -(squeeze).

- -

Vi anbefaler at du opgraderer din libxerces2-java-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1984.data" -#use wml::debian::translation-check translation="5de43c08220cf2ffc3355228466c0d5c178b8460" mindelta="1" diff --git a/danish/security/2010/dsa-1985.wml b/danish/security/2010/dsa-1985.wml deleted file mode 100644 index 244619037db..00000000000 --- a/danish/security/2010/dsa-1985.wml +++ /dev/null @@ -1,26 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Man opdagede at sendmail, et program til mailtransport, ikke på korrekt vis -håndterede i tegnet '\0' i et Common Name-felt (CN) i et X.509-certifikat.

- -

Det gjorde det muligt for en angriber, at forfalske vilkårlige SSL-baserede -SMTP-servere gennem et fabrikeret servercertifikat udgivet af en legitim -certificeringsmyndighed, og omgå tilsigtede adgangsbegrænsninger gennem et -fabrikeret klientcertifikat udstedt af en legitim certificeringsmyndighed.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 8.13.8-3+etch1

- -

I den stabile distribution (lenny), er dette problem rettet i -version 8.14.3-5+lenny1

- -

I den ustabile distribution (sid), er dette problem rettet i version -8.14.3-9.1, og vil om kort tid blive overført til distributionen testing -(squeeze).

- -

Vi anbefaler at du opgraderer din sendmail-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1985.data" -#use wml::debian::translation-check translation="bd4ea514728490e48a0ccd6967a7c5712c5483d6" mindelta="1" diff --git a/danish/security/2010/dsa-1986.wml b/danish/security/2010/dsa-1986.wml deleted file mode 100644 index b3fe0193ebd..00000000000 --- a/danish/security/2010/dsa-1986.wml +++ /dev/null @@ -1,66 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i Moodle, et system til håndtering af -onlinekursur. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2009-4297 - -

    Flere sårbarheder i forbindelse med forfalskning af forespørgsler på tværs af -websteder (CSRF) er opdaget.

    • - -
  • CVE-2009-4298 - -

    Man opdagede at LAMS-modulet var sårbart over for afsløring af oplysninger om -brugerkonti.

    • - -
  • CVE-2009-4299 - -

    Glossary-modulet havde en utilstrækkelig adgangskontrolmekanisme.

    • - -
  • CVE-2009-4301 - -

    Moodle kontrollerede ikke på korrekt vis rettighederne, når MNET-servicen er -aktiveret, hvilket gjorde det muligt for fjernautentificerede servere, at udføre -vilkårlige MNET-funktioner.

    • - -
  • CVE-2009-4302 - -

    Siden login/index_form.html linker til en HTTP-side i stedet for at anvende -en SSL-sikret forbindelse.

    • - -
  • CVE-2009-4303 - -

    Moodle opbevarer følsomme oplysninger i backupfiler, hvilket måske kunne gøre -det muligt for angribere, at få fat i dem.

    • - -
  • CVE-2009-4305 - -

    Man opdagede at SCORM-modulet var sårbart over for en -SQL-indsprøjtning.

    • - -
- -

Desuden er der rettet en SQL-indsprøjtning i funktionen update_record, et -problem med symbolske links og et verifikationsproblem med Glossary-, database- -og forumbedømmelser.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.8.2.dfsg-3+lenny3.

- -

I den gamle stabile distribution (etch), er der ingen rettede pakker til -rådighed, og det er besværligt at tilbageføre mange af rettelserne. Derfor -anbefaler vi at opgradere til versionen i Lenny.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er disse problemer rettet i version 1.8.2.dfsg-6.

- -

Vi anbefaler at du opgraderer dine moodle-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1986.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1987.wml b/danish/security/2010/dsa-1987.wml deleted file mode 100644 index b1765aea941..00000000000 --- a/danish/security/2010/dsa-1987.wml +++ /dev/null @@ -1,25 +0,0 @@ -lammelsesangreb - -

Li Ming opdagede at lighttpd, en lille og hurtig webserver med minimalt -hukommelsesforbrug, er sårbar over for et lammelsesangreb (denial of service) -på grund af dårlig hukommelseshåndtering. Ved langsomt at sende meget små -dele af forespørgselsdata, får lighttpd til at allokere nye buffere for hver -læsning, i stedet for at udvide de eksisterende. En angriber kunne misbruge -dette til at forårsage en lammelsesangrebstilstand på grund af forbrug af al -hukommelsen.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 1.4.13-4etch12.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.4.19-5+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile (sid) distribution, -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine lighttpd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1987.data" -#use wml::debian::translation-check translation="e62a5d06a262852ed3fc4910eaa9f6ee0977ed21" mindelta="1" diff --git a/danish/security/2010/dsa-1988.wml b/danish/security/2010/dsa-1988.wml deleted file mode 100644 index 578e83f8389..00000000000 --- a/danish/security/2010/dsa-1988.wml +++ /dev/null @@ -1,97 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i qt4-x11, C++-applikationsframework til flere -platforme. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2009-0945 - -

    Arrayindeksfejl i insertItemBefore-metoden i WebKit, som anvendt i qt4-x11, -gjorde det muligt for fjernangribere at udføre vilkårlig kode.

    • - -
  • CVE-2009-1687 - -

    JavaScripts garbagecollector i WebKit, som anvendt i qt4-x11, håndterede ikke -på korrekt vis allokeringsfejl, hvilket gjorde det muligt for fjernangribere at -udføre vilkårlig kode eller forårsage et lammelsesangreb (hukommelsekorruption -og applikationsnedbrud) gennem et fabrikeret HTML-dokument, der udløste -skriveadgang til en NULL-pointers offset.

    • - - -
  • CVE-2009-1690 - -

    En anvendelse efter frigivelse-sårbarhed i WebKit, som anvendt i qt4-x11, -gjorde det muligt for fjernangribere at udføre vilkårlig kode eller forårsage et -lammelsesangreb (hukommelseskorruption og applikationsnedbrud) ved at sætte en -uspecificeret egenskab på et HTML-tag, hvilket medførte af child-elementer blev -frigivet og senere tilgået, når en HTML-fejl opstod.

    • - - -
  • CVE-2009-1698 - -

    WebKit i qt4-x11 initialiserede ikke en pointer under håndtering af et -attr-funktionskald i Cascading Style Sheets (CSS) med et stort numerisk -parameter, hvilket gjorde det muligt for fjernangribere at udføre vilkårlig -kode eller forårsage et lammelsesangreb (hukommelseskorruption og -applikationsnedbrud) gennem et fabrikeret HTML-dokument.

    • - -
  • CVE-2009-1699 - -

    Implementeringen af XSL-stylesheet i WebKit, som anvendt i qt4-x11, -håndterede ikke på korrekt vis eksterne XML-entiteter, hvilket gjorde det muligt -for fjernangribere at læse vilkårlige filer gennem en fabrikeret DTD.

    • - -
  • CVE-2009-1711 - -

    WebKit i qt4-x11 initialiserede ikke på korrekt vis hukommelse til -Attr-DOM-objekter, hvilket gjorde det muligt for fjernangribere at udføre -vilkårlig kode eller forårsage et lammelsesangreb (applikationsnedbrud) gennem -et fabrikeret HTML-dokument.

    • - -
  • CVE-2009-1712 - -

    WebKit i qt4-x11 forhindrede ikke fjernindlæsnnig af lokale Java-applets, -hvilket gjorde det muligt for fjernangribere at udføre vilkårlig kode, opnå -rettigheder eller få adgang til følsomme oplysninger gennem et APPLET- eller -OBJECT-element.

    • - -
  • CVE-2009-1713 - -

    XSLT-funktionaliteten i WebKit, som anvendt i qt4-x11, implementerede ikke -på korrekt vis document-funktionen, hvilket gjordet det muligt for -fjernangribere at læse vilkårlige lokale filer og filer fra forskellige -sikkerhedszoner.

    • - -
  • CVE-2009-1725 - -

    WebKit i qt4-x11 håndterede ikke på korrekt vis numeriske tegnreferencer, -hvilket gjorde det muligt for fjernangribere at udføre vilkårlig kode eller -forårsage et lammelsesangreb (hukommelseskorruption og applikationsnedbrud) -gennem et fabrikeret HTML-dokument.

    • - -
  • CVE-2009-2700 - -

    qt4-x11 håndterede ikke på korrekt vis et '\0'-tegn i et domænenavn i -feltet Subject Alternative Name i et X.509-certifikat, hvilket gjorde det muligt -for manden i midten-angribere, at forfalske vilkårlige SSL-servere gennem et -fabrikeret certifikat udgivet af en legitim certificeringsmyndighed.

    • - -
- -

Den gamle stabile distribution (etch) er ikke påvirket af disse problemer.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -4.4.3-1+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -disse problemer rettet i version 4.5.3-1.

- -

Vi anbefaler at du opgraderer dine qt4-x11-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1988.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1989.wml b/danish/security/2010/dsa-1989.wml deleted file mode 100644 index 9afec70e0a5..00000000000 --- a/danish/security/2010/dsa-1989.wml +++ /dev/null @@ -1,23 +0,0 @@ -lammelsesangreb - -

Dan Rosenberg opdagede en racetilstand i FUSE, Filesystem in USErspace (et -filsystem i brugerrummet). En lokal angriber, med adgang til at anvende FUSE, -kunne unmounte vilkårlige steder, førende til et lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.5.3-4.4+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.7.4-1.1+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.8.1-1.2, og vil om kort tid blive overført til distributionen testing -(squeeze).

- -

Vi anbefaler at du opgraderer dine fuse-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1989.data" -#use wml::debian::translation-check translation="2282c98c54aeb8602caf5ad399dd9eb075c1a260" mindelta="1" diff --git a/danish/security/2010/dsa-1990.wml b/danish/security/2010/dsa-1990.wml deleted file mode 100644 index 545f06eea4f..00000000000 --- a/danish/security/2010/dsa-1990.wml +++ /dev/null @@ -1,21 +0,0 @@ -shell-kommandoindsprøjtning - -

Stefan Goebel opdagede at Debians version af trac-git, Git-udvidelsen til -fejlsporingssystemet Trac, indeholdt en fejl, som gjorde det muligt for -angribere at udføre kode på webserveren, der kører trac-git, ved at sende -fabrikerede HTTP-forespørgsler.

- -

Den gamle stabile distribution (etch) indeholder ikke en trac-git-pakke.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.0.20080710-3+lenny1.

- -

I den ustabile distribution (sid) og i distributionen testing -(squeeze), er dette problem rettet i version 0.0.20090320-1.

- -

Vi anbefaler at du opgraderer din trac-git-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1990.data" -#use wml::debian::translation-check translation="e53e72bce507271c4807138d8179354d959b85dc" mindelta="1" diff --git a/danish/security/2010/dsa-1991.wml b/danish/security/2010/dsa-1991.wml deleted file mode 100644 index 6db39da842a..00000000000 --- a/danish/security/2010/dsa-1991.wml +++ /dev/null @@ -1,37 +0,0 @@ -lammelsesangreb - -

To lammelsesangrebssårbarheder (denial of service) er opdaget i squid og -squid3, en webproxy. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-2855 - -

    Bastian Blank opdagede, at det var muligt at forårsage et lammelsesangreb -gennem en fabrikeret auth-header med visse kommaadskillelser.

    • - -
  • CVE-2010-0308 - -

    Tomas Hoger opdagede, at det var muligt at forårsage et lammelsesangreb -gennem ugyldige DNS-pakker kun indeholdende en header.

    • - -
- - -

I den stabile distribution (lenny), er disse problemer rettet i version -2.7.STABLE3-4.1lenny1 af squid-pakken og i version 3.0.STABLE8-3+lenny3 af -squid3-pakken.

- -

I den gamle stabile distribution (etch), er disse problemer rettet i version -2.6.5-6etch5 af squid-pakken og i version 3.0.PRE5-5+etch2 af squid3-pakken.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), vil -disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine squid/squid3-pakker.

- - -# do not modify the following line -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -#include "$(ENGLISHDIR)/security/2010/dsa-1991.data" diff --git a/danish/security/2010/dsa-1992.wml b/danish/security/2010/dsa-1992.wml deleted file mode 100644 index 4ca09e943cb..00000000000 --- a/danish/security/2010/dsa-1992.wml +++ /dev/null @@ -1,51 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i chrony, et par programmer, der anvendes til at -sikre, at en computers systemur går præcist. Problemerne svarer til -NTP-sikkerhedsfejlen beskrevet i -CVE-2009-3563. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2010-0292 - -

    chronyd besvarer alle cmdmon-pakker med NOHOSTACCESS-meddelelser, selv ved - uautoriserede værtsmaskiner. En angriber kunne misbruge denne virkemåde, til - at tvinge to chronyd'er til at spille pakkebordtennis, ved at sende en sådan - pakke med forfalsket kildeadresse og -port. Det medførte et højt CPU- og - netværksforbrug, og dermed lammelsesangrebstilstande.

    • - -
  • CVE-2010-0293 - -

    Klientlogningsfaciliteten i chronyd begrænser ikke hukommelse, der anvendes - til at gemme klientoplysninger. En angriber kunne få chronyd til at allokere - store mængder hukommelse, ved at sende NTP- eller cmdmon-pakker med - forfalskede kildeadresser, medførende hukommelsesopbrug.

    • - -
  • CVE-2010-0294 - -

    chronyd manglede en hyppighedsbegrænsningskontrol i syslogfaciliteten, når - der blev logget modtagne pakker fra uautoriserede værtsmaskiner. På den måde - var det muligt for en angriber, at forårsage lammelsesangrebstilstande ved at - fylde logfilerne op og dermed diskplads, ved at blive ved med at sende - ugyldige cmdmon-pakker.

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i version -1.21z-5+etch1.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.23-6+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), vil -disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine chrony-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1992.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1993.wml b/danish/security/2010/dsa-1993.wml deleted file mode 100644 index 3ed65f4bc2e..00000000000 --- a/danish/security/2010/dsa-1993.wml +++ /dev/null @@ -1,23 +0,0 @@ -SQL-indsprøjtning - -

Man opdagede at otrs2, Open Ticket Request System, ikke på korrekt vis -fornuftighedskontrollerede inddata, som anvendes i SQL-forespørgsler, hvilket -kunne anvendes til at indsprøjte vilkårligt SQL, der for eksempel kunne -forøge rettighederne på et system, der anvender otrs2.

- -

Den gamle stabile distribution (etch) er ikke påvirket.

- -

I den stabile distribution (lenny), er problemet rettet i version -2.2.7-2lenny3.

- -

I distributionen testing (squeeze), vil problemet snart blive rettet.

- -

I den ustabile distribution (sid), er problemet rettet i version -2.4.7-1.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1993.data" -#use wml::debian::translation-check translation="f59ac23cdc225592c012d06f514f1557f1f80ed1" mindelta="1" diff --git a/danish/security/2010/dsa-1994.wml b/danish/security/2010/dsa-1994.wml deleted file mode 100644 index fa659a6adb0..00000000000 --- a/danish/security/2010/dsa-1994.wml +++ /dev/null @@ -1,22 +0,0 @@ -svage sessions-id'er - -

Man opdagede at Ajaxterm, en webbaseret terminal, genererede svage og -forudsigelse sessions-id'er, hvilket måske kunne anvendes til at kapre en -session eller forårsage lammelsesangreb (denial of service) på et system, der -anvender Ajaxterm.

- -

I den gamle stabile distribution (etch), er problemet rettet i -version 0.9-2+etch1.

- -

I den stabile distribution (lenny), er problemet rettet i -version 0.10-2+lenny1.

- -

I den ustabile distribution (sid), er problemet rettet i -version 0.10-5.

- -

Vi anbefaler at du opgraderer din ajaxterm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1994.data" -#use wml::debian::translation-check translation="f3c726117098cbad981aa37998a20dba2d26b831" mindelta="1" diff --git a/danish/security/2010/dsa-1995.wml b/danish/security/2010/dsa-1995.wml deleted file mode 100644 index dfcfc1e87b7..00000000000 --- a/danish/security/2010/dsa-1995.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i kontorpakken OpenOffice.org. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2010-0136 - -

    Man opdagede at makro-sikkerhedsindstillingerne blev udøvet på - utilstrækkelig vis hvad angår VBA-makroer.

    • - -
  • CVE-2009-0217 - -

    Man opdagede at W3C XML Signature-anbefalingen indeholdt en sårbarhed på - protokolniveau, i forbindelse med trunkering af HMAC-uddata. Det pårvirker - også det integrerede libxmlsec-bibliotek.

    • - -
  • CVE-2009-2949 - -

    Sebastian Apelt opdagede at et heltalsoverløb i XPM-importkoden, kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2009-2950 - -

    Sebastian Apelt og Frank Reissner opdagede at et bufferoverløb i - GIF-importkoden kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2009-3301/CVE-2009-3302 - -

    Nicolas Joly opdagede flere sårbarheder i fortolkeren af Word-dokumenter, - hvilket måske kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 2.0.4.dfsg.2-7etch9.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1:2.4.1+dfsg-1+lenny6.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine openoffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1995.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1996.wml b/danish/security/2010/dsa-1996.wml deleted file mode 100644 index faddea92b38..00000000000 --- a/danish/security/2010/dsa-1996.wml +++ /dev/null @@ -1,116 +0,0 @@ -rettighedsforøgelse/lammelsesangreb/lækage af følsom hukommelse - - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til -lammelsesangreb (denial of service), lækage af følsom hukommelse eller -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-3939 - -

    Joseph Malicki rapporterede at dbg_lvl sysfs-attributterne til - devicedriveren megaraid_sas havde verdensskrivbare rettigheder, hvilket - gjorde det muligt for lokale brugere at ændre - logningsindstillingerne.

    • - -
  • CVE-2009-4027 - -

    Lennert Buytenhek rapporterede om en race-tilstand i undersystemet - mac80211, hvilket kunne gøre det muligt for fjerne brugere, at forårsage et - lammelsesangreb (systemnedbrud) på et system, der er sluttet til det samme - trådløse netværk.

    • - -
  • CVE-2009-4536 og - CVE-2009-4538 - -

    Fabian Yamaguchi rapporterede om problemer i e1000- og e1000e-driverne - til Intels gigabit-netværkskort, hvilket gjorde det muligt for fjerne - brugere at omgå pakkefiltre ved at anvende særligt fremstillede - ethernet-frames.

    • - -
  • CVE-2010-0003 - -

    Andi Kleen rapporterede om en fejl, der gjorde det muligt for lokale - brugere at få læseadgang til hukommelse, der er tilgængelig for kernen, - når valgmuligheden print-fatal-signals var aktiveret. Valgmuligheden er som - standard deaktiveret.

    • - -
  • CVE-2010-0007 - -

    Florian Westphal rapporterede om manglende kapabilitetskontrol i - undersystemet ebtables netfilter. Hvis ebtables-modulet er indlæst, kan - lokale brugere tilføje og ændre ebtables-regler.

    • - -
  • CVE-2010-0291 - -

    Al Viro rapporterede om flere problemer med systemkaldene mmap/mremap, - der gjorde det muligt for lokale brugere, at forårsage et lammelsesangreb - (systempanik) eller få forøgede rettigheder.

    • - -
  • CVE-2010-0298 og - CVE-2010-0306 - -

    Gleb Natapov opdagede problemer i KVM-undersystemet, hvor manglende - rettighedskontroller (CPL/IOPL) gjorde det muligt for en bruger i et - gæstesystem, at lammelsesangribe en gæst (systemnedbrud) eller få - forøgede rettigheder med gæsten.

    • - -
  • CVE-2010-0307 - -

    Mathias Krause rapporterede om et problem med load_elf_binary-koden i - kerner af amd64-varianten, hvilket gjorde det muligt for lokale brugere at - forårsage et lammelsesangreb (systemnedbrud).

    • - -
  • CVE-2010-0309 - -

    Marcelo Tosatti rettede et problem i PIT-emuleringskoden i - KVM-undersystemet, der gjorde det muligt for priviligerede brugere i et - gæstedomæne, at forårsage et lammelsesangreb (nedbrud) på - værtssystemet.

    • - -
  • CVE-2010-0410 - -

    Sebastian Krahmer opdagede et problem i netlink connector-undersystemet, - der tillod at lokale brugere kunne allokere store mængder systemhukommelse, - medførende et lammelsesangreb (ikke mere ledig hukommelse).

    • - -
  • CVE-2010-0415 - -

    Ramon de Carvalho Valle opdagede et problem i sys_move_pages-interfacet, - begrænset til amd64-, ia64- og powerpc64-varianterne i Debian. Lokale - brugere kunne udnytte problemet til at forårsage et lammelsesangreb - (systemnedbrud) eller få adgang til følsom kernehukommelse.

    • - -
- -

I den stabile distribution (lenny), er dette problem rettet i version -2.6.26-21lenny3.

- -

I den gamle stabile distribution (etch), vil disse problemer, hvor relevant, -blive rettet i opdateringer til linux-2.6 og linux-2.6.24.

- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- -

Bemærk: Debian holder omhyggeligt rede på alle kendte sikkerhedsproblemer på -tværs af alle linux-kerne-pakker i alle udgivelser med aktiv -sikkerhedsunderstøttelse. Men den store mængde sikkerhedsproblemer af lav -prioritet, der opdages i kernen og ressourcekravene til at foretage en -opdatering, taget i betragtning, vil problemer af lavere sikkerhedsprioritet -typisk ikke blive udgivet til alle kerner på samme tid. I stedet vil de blive -opsamlet og udgivet i større klumper.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:

- -
- - -
  stable/lenny
user-mode-linux 2.6.26-1um-2+21lenny3
- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1996.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1997.wml b/danish/security/2010/dsa-1997.wml deleted file mode 100644 index 250f10d7b84..00000000000 --- a/danish/security/2010/dsa-1997.wml +++ /dev/null @@ -1,51 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i databaseserveren MySQL. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-4019 - -

    Domas Mituzas opdagede at mysqld ikke på korrekt vis håndterede fejl under -udførelse af visse SELECT-statements med subqueries, og ikke bevarede visse -null_value-flag under udførelse af statements, som anvender funktionen -GeomFromWKB, hvilket gjorde det muligt for fjernautentificerede brugere at -forårsage et lammelsesangreb (dæmonnedbrud) gennem et fabrikeret -statement.

    • - -
  • CVE-2009-4030 - -

    Sergei Golubchik opdagede at MySQL tillod at lokale brugere kunne omgå visse -privilegiekontroller, ved at kalde CREATE TABLE på en MyISAM-tabel med -ændrede DATA DIRECTORY- eller INDEX DIRECTORY-parametre, som oprindelig var -associeret med stinavne uden symlinks, og som kan pege på tabeller oprettet på -et tidspunkt i fremtiden, hvor et stinavn så blev ændret til at indeholde et -symlink til en undermappe i MySQL's datamappe.

    • - -
  • CVE-2009-4484 - -

    Flere stakbaserede bufferoverløb i funktionen CertDecoder::GetName i -src/asn.cpp i TaoCrypt i yaSSL før version 1.9.9, som anvendt i mysqld, gjorde -det muligt for fjernangribere at udføre vilkårlig kode eller forårsage -lammelsesangreb (hukommelseskorruption og dæmonnedbrud) ved at etablere en -SSL-forbindelse og sende et X.509-klientcertifikat med et fabrikeret -name-felt.

    • - -
- -

I den gamle stabile distribution (etch), er disse problemer rettet i -version 5.0.32-7etch12

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 5.0.51a-24+lenny3

- -

Distributionen testing (squeeze) og den ustabile distribution (sid) -indeholder ikke længere mysql-dfsg-5.

- -

Vi anbefaler at du opgraderer dine mysql-dfsg-5.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1997.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-1998.wml b/danish/security/2010/dsa-1998.wml deleted file mode 100644 index 8f083d48a71..00000000000 --- a/danish/security/2010/dsa-1998.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Maksymilian Arciemowicz opdagede et bufferoverløb i de interne strengrutiner -i KDE's kernebiblioteker, hvilket kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 4:3.5.10.dfsg.1-0lenny4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4:3.5.10.dfsg.1-3.

- -

Vi anbefaler at du opgraderer dine kdelibs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1998.data" -#use wml::debian::translation-check translation="9b0b00f0aa2ac3742309e1acb4aa5570a7c131e0" mindelta="1" diff --git a/danish/security/2010/dsa-1999.wml b/danish/security/2010/dsa-1999.wml deleted file mode 100644 index 69510e0e299..00000000000 --- a/danish/security/2010/dsa-1999.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø -til XUL-applikationer så som webbrowseren Iceweasel. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-1571 - -

    Alin Rad Pop opdagede at ukorrekt hukommelseshåndtering i - HTML-fortolkeren kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2009-3988 - -

    Hidetake Jo opdagede at samme ophav-reglen kunne omgås gennem - window.dialogArguments.

    • - -
  • CVE-2010-0159 - -

    Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers - og Paul Nickerson rapporterede om nedbrud i layoutmaskinen, hvilket måske - kunne muliggøre udførelse af vilkårlig kode.

    • - -
  • CVE-2010-0160 - -

    Orlando Barrera II opdagede at ukorrekt hukommelseshåndtering i - implementeringen af webworker-API'et kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2010-0162 - -

    Georgi Guninski opdagede at samme ophav-reglen kunne omgås gennem - særligt fremstillede SVG-dokumenter.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.9.0.18-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.1.8-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-1999.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2000.wml b/danish/security/2010/dsa-2000.wml deleted file mode 100644 index 254fabb76d6..00000000000 --- a/danish/security/2010/dsa-2000.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i ffmpeg, en multimedieafspiller, -server -og -encoder, der også stiller en række multimediebiblioteker til rådighed, -som anvendes i applikationer så som MPlayer:

- -

Forskellige programmeringsfejl i container- og codec-implementeringer, kunne -føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig kode, -hvis brugeren blev narret til at åbne misdannede mediefiler eller -strømme.

- -

Implementeringerne af følgende påvirkede codec- og container-formater er -blevet opdateret:

- -
    -
  • Vorbis-audiocodec
    • -
  • Ogg-containerimplementeringen
    • -
  • FF Video 1-codec
    • -
  • MPEG-audiocodec
    • -
  • H264-videocodec
    • -
  • MOV-containerimplementeringen
    • -
  • Oggedc-containerimplementeringen
    • -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 0.svn20080206-18+lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4:0.5+svn20090706-5.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2000.data" -#use wml::debian::translation-check translation="456cb5634cf7b178c8c210226302e22659ce40a2" mindelta="1" diff --git a/danish/security/2010/dsa-2001.wml b/danish/security/2010/dsa-2001.wml deleted file mode 100644 index 2367ef3bfef..00000000000 --- a/danish/security/2010/dsa-2001.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i PHP 5, en -hypertext-preprocessor. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-4142 - -

    Funktionen htmlspecialchars håndterede ikke på korrekt vis ugyldige - multi-byte-sekvenser.

    • - -
  • CVE-2009-4143 - -

    Hukommelseskorruption gennem sessionsafbrydelse.

    • - -
- -

I den stabile distribution (lenny), indeholder denne opdatering også -fejlrettelser (fejl #529278, #556459, #565387, #523073), som det var planlagt at -medtage i en stabil punktopdatering som version 5.2.6.dfsg.1-1+lenny5.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 5.2.6.dfsg.1-1+lenny6.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er disse problemer rettet i version 5.2.12.dfsg.1-1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2001.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2002.wml b/danish/security/2010/dsa-2002.wml deleted file mode 100644 index 27488974159..00000000000 --- a/danish/security/2010/dsa-2002.wml +++ /dev/null @@ -1,35 +0,0 @@ -lammelsesangreb - -

Flere lammelsesangrebssårbarheder (denial of service) er opdaget i polipo, -en lille, cachende webproxy. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-3305 - -

    En ondsindet fjern server kunne medføre, at polipo gik ned, ved at sende - en ugyldig Cache-Control-header.

    • - -
  • CVE-2009-4143 - -

    En ondsindet klient kunne medføre, at polipo gik ned, ved at sende en - stor Content-Length-værdi.

    • - -
- -

Denne opgradering retter også nogle fejl, der kunne medføre at dæmonen gik -ned eller kom i en uendelig løkke, som måske kunne fjernudløses.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.0.4-1+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er disse problemer rettet i version 1.0.4-3.

- -

Vi anbefaler at du opgraderer dine polipo-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2002.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2003.wml b/danish/security/2010/dsa-2003.wml deleted file mode 100644 index 253e45da830..00000000000 --- a/danish/security/2010/dsa-2003.wml +++ /dev/null @@ -1,106 +0,0 @@ -rettighedsforøgelse/lammelsesangreb - - -

BEMÆRK: Denne opdatering er den sidste planlagte sikkerhedsopdatering til -kerneversion 2.6.18 i Debian-udgivelsen etch. Selv om -sikkerhedsunderstøttelse til etch officielt ophørte den 15. februar -2010, var denne opdatering allerede i forberedelse før den dato. En sidste -opdatering, der indeholder rettelser af disse problemer i kerneversion 2.6.24 -er også under forberedelse og vil blive frigivet om kort tid.

- -

Flere sårbarheder er opdaget i Linux-kernen, hvilket måske kunne føre til -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-3080 - -

    Dave Jones rapporterede om et problem i gdth SCSI-driveren. En manglende - kontrol af negative offset i et ioctl-kald kunne udnyttes af lokale brugere - til at iværksætte et lammelsesangreb eller potentielt opnå forøgede - rettigheder.

    • - -
  • CVE-2009-3726 - -

    Trond Myklebust rapporterede om et problem, hvor en ondsindet NFS-server - kunne forårsage en lammelsesangrebstilstand på sine klienter, ved at - returnere ukorrekte attributter under et åbningskald.

    • - -
  • CVE-2009-4005 - -

    Roel Kluin opdagede et problem i hfc_usb-driveren, en ISDN-driver til - USB-chippen Colognechip HFC-S. Et potentiel læsningsoverløb kunne måske - gøre det muligt for fjernbrugere at forårsage en lammelsesangrebstiland - (oops).

    • - -
  • CVE-2009-4020 - -

    Amerigo Wang opdagede et problem i HFS-filsystemet, hvilket gjorde det - muligt for en lokal bruger, med tilstrækkelige rettigheder til at mounte - et særligt fremstillet filsystem, at udføre et lammelsesangreb.

    • - -
  • CVE-2009-4021 - -

    Anana V. Avati opdagede et problem i undersystemet fuse. Hvis systemet - havde tilstrækkelig lidt hukommelse tilbage, kunne en lokal bruger få - kernen til at dereferere en ugyldig pointer, medførende et lammelsesangreb - (oops) og potentielt en rettighedsforøgelse.

    • - -
  • CVE-2009-4536 - -

    Fabian Yamaguchi rapporterede om problemer i e1000-driveren til Intels - gigabit-netværkskort, hvilket gjorde det muligt for fjerne brugere at omgå - pakkefiltre ved at anvende særligt fremstillede ethernet-frames.

    • - -
  • CVE-2010-0007 - -

    Florian Westphal rapporterede om manglende kapabilitetskontrol i - undersystemet ebtables netfilter. Hvis ebtables-modulet er indlæst, kan - lokale brugere tilføje og ændre ebtables-regler.

    • - -
  • CVE-2010-0410 - -

    Sebastian Krahmer opdagede et problem i netlink connector-undersystemet, - der tillod at lokale brugere kunne allokere store mængder systemhukommelse, - medførende et lammelsesangreb (ikke mere ledig hukommelse).

    • - -
  • CVE-2010-0415 - -

    Ramon de Carvalho Valle opdagede et problem i sys_move_pages-interfacet, - begrænset til amd64-, ia64- og powerpc64-varianterne i Debian. Lokale - brugere kunne udnytte problemet til at forårsage et lammelsesangreb - (systemnedbrud) eller få adgang til følsom kernehukommelse.

    • - -
  • CVE-2010-0622 - -

    Jerome Marchand rapporterede om et problem i futex-undersystemet, som - gjorde det muligt for en lokal bruger, at gennemtvinge en ugyldig - futex-tilstand, hvilket medførte et lammelsesangreb (oops).

    • - -
- -

Denne opdatering retter desuden en regression, der opstod i forbindelse med -den foregående sikkerhedsopdatering, hvilket voldte problemer ved boot på visse -s390-systemer.

- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.6.18.dfsg.1-26etch2.

- -

Vi anbefaler at du opgraderer dine linux-2.6-, fai-kernels- og -user-mode-linux-pakker.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:

- -
- - - -
  Debian 4.0 (etch)
fai-kernels 1.17+etch.26etch2
user-mode-linux 2.6.18-1um-2etch.26etch2
- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2003.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2004.wml b/danish/security/2010/dsa-2004.wml deleted file mode 100644 index 812a111daad..00000000000 --- a/danish/security/2010/dsa-2004.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere sårbarheder - -

To lokale sårbarheder er opdaget i samba, en SMB-/CIFS-fil-, print- og -loginserver til Unix. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-3297 - -

    Ronald Volgers opdagede at en race-tilstand i mount.cifs, gjorde det - muligt for lokale brugere at mounte fjerne filsystemer på vilkårlige - mountpoints.

    • - -
  • CVE-2010-0547 - -

    Jeff Layton opdagede at manglende fornuftighedskontrol af inddata i - mount.cifs, muliggjorde lammelsesangreb (denial of service) ved at - ødelægge /etc/mtab.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2:3.2.5-4lenny9.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2:3.4.5~dfsg-2.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2004.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2005.wml b/danish/security/2010/dsa-2005.wml deleted file mode 100644 index 9d658849055..00000000000 --- a/danish/security/2010/dsa-2005.wml +++ /dev/null @@ -1,136 +0,0 @@ -rettighedsforøgelse/lammelsesangreb/lækage af følsom hukommelse - - -

BEMÆRK: Denne opdatering er den sidste planlagte sikkerhedsopdatering til -kerneversion 2.6.24 i Debian-udgivelsen etch. Selv om -sikkerhedsunderstøttelse til etch officielt ophørte den 15. februar -2010, var denne opdatering allerede i forberedelse før den dato.

- -

Flere sårbarheder er opdaget i Linux-kernen, hvilket måske kunne føre til -lammelsesangreb (denial of service), lækage af følsomme oplysninger eller -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-2691 - -

    Steve Beattie og Kees Cook rapporterede om en informationslækage i maps- - og smaps-filerne, der er tilgængelige under /proc. Lokale brugere kunne - måske læse disse oplysninger vedrørende setuid-processer, mens en binær - ELF-fil blev indlæst.

    • - -
  • CVE-2009-2695 - -

    Eric Paris leverede flere rettelser, for at forøge beskyttelsen i - mmap_min_addr-tunable mod sårbarheder af typen - NULL-pointerdereference.

    • - -
  • CVE-2009-3080 - -

    Dave Jones rapporterede om et problem i gdth SCSI-driveren. En manglende - kontrol af negative offset i et ioctl-kald kunne udnyttes af lokale brugere - til at iværksætte et lammelsesangreb eller potentielt opnå forøgede - rettigheder.

    • - -
  • CVE-2009-3726 - -

    Trond Myklebust rapporterede om et problem, hvor en ondsindet NFS-server - kunne forårsage en lammelsesangrebstilstand på sine klienter, ved at - returnere ukorrekte attributter under et åbningskald.

    • - -
  • CVE-2009-3889 - -

    Joe Malicki opdagede et problem i megaraid_sas-driveren. Utilstrækkelige - rettigheder på sysfs dbg_lvl-interfacet, gjorde det muligt for lokale - brugere af ændre på hvordan debuglogningen fungerede.

    • - -
  • CVE-2009-4005 - -

    Roel Kluin opdagede et problem i hfc_usb-driveren, en ISDN-driver til - USB-chippen Colognechip HFC-S. Et potentiel læsningsoverløb kunne måske - gøre det muligt for fjernbrugere at forårsage en lammelsesangrebstiland - (oops).

    • - -
  • CVE-2009-4020 - -

    Amerigo Wang opdagede et problem i HFS-filsystemet, hvilket gjorde det - muligt for en lokal bruger, med tilstrækkelige rettigheder til at mounte - et særligt fremstillet filsystem, at udføre et lammelsesangreb.

    • - -
  • CVE-2009-4021 - -

    Anana V. Avati opdagede et problem i undersystemet fuse. Hvis systemet - havde tilstrækkelig lidt hukommelse tilbage, kunne en lokal bruger få - kernen til at dereferere en ugyldig pointer, medførende et lammelsesangreb - (oops) og potentielt en rettighedsforøgelse.

    • - -
  • CVE-2009-4138 - -

    Jay Fenlason opdagede et problem i firewire stakken, der gjorde det - muligt for lokale brugere at forårsage et lammelsesangreb (oops eller - nedbrud), ved at fabrikere et særligt ioctl-kald.

    • - -
  • CVE-2009-4308 - -

    Ted Ts'o opdagede et problem i ext4-filsystemet, der gjorde det muligt - for lokale brugere at forårsage et lammelsesangreb - (NULL-pointerdereference). For at være udnytbart, skulle den lokale bruger - have tilstrækkelige rettigheder til at mounte et filsystem.

    • - -
  • CVE-2009-4536 og - CVE-2009-4538 - -

    Fabian Yamaguchi rapporterede om problemer i e1000- og e100e-driverne til - Intels gigabit-netværkskort, hvilket gjorde det muligt for fjerne brugere at - omgå pakkefiltre ved at anvende særligt fremstillede ethernet-frames.

    • - -
  • CVE-2010-0003 - -

    Andi Kleen rapporterede om en fejl, der gjorde det muligt for lokale - brugere at få læseadgang til hukommelse, der er tilgængelig for kernen, - når valgmuligheden print-fatal-signals var aktiveret. Valgmuligheden er som - standard deaktiveret.

    • - -
  • CVE-2010-0007 - -

    Florian Westphal rapporterede om manglende kapabilitetskontrol i - undersystemet ebtables netfilter. Hvis ebtables-modulet er indlæst, kan - lokale brugere tilføje og ændre ebtables-regler.

    • - -
  • CVE-2010-0291 - -

    Al Viro rapporterede om flere problemer med systemkaldene mmap/mremap, - der gjorde det muligt for lokale brugere, at forårsage et lammelsesangreb - (systempanik) eller få forøgede rettigheder.

    • - -
  • CVE-2010-0410 - -

    Sebastian Krahmer opdagede et problem i netlink connector-undersystemet, - der tillod at lokale brugere kunne allokere store mængder systemhukommelse, - medførende et lammelsesangreb (ikke mere ledig hukommelse).

    • - -
  • CVE-2010-0415 - -

    Ramon de Carvalho Valle opdagede et problem i sys_move_pages-interfacet, - begrænset til amd64-, ia64- og powerpc64-varianterne i Debian. Lokale - brugere kunne udnytte problemet til at forårsage et lammelsesangreb - (systemnedbrud) eller få adgang til følsom kernehukommelse.

    • - -
  • CVE-2010-0622 - -

    Jerome Marchand rapporterede om et problem i futex-undersystemet, som - gjorde det muligt for en lokal bruger, at gennemtvinge en ugyldig - futex-tilstand, hvilket medførte et lammelsesangreb (oops).

    • - -
- -

I den gamle stabile distribution (etch), er dette problem rettet i -version 2.6.24-6~etchnhalf.9etch3.

- -

Vi anbefaler at du opgraderer dine linux-2.6.24-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2005.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2006.wml b/danish/security/2010/dsa-2006.wml deleted file mode 100644 index e6519361df2..00000000000 --- a/danish/security/2010/dsa-2006.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i sudo, et program designet med det formål, at -give systemadministratoren mulighed for, at uddele begrænsede root-rettigheder -til brugere. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2010-0426 - -

    Man opdagede, at når en pseudokommando var aktiveret, tillod sudo et match -mellem navnet på pseudokommandoen og navnet på en eksekverbar fil i en vilkårlig -mappe, hvilket gjorde det muligt for lokale brugere at opnå rettigheder via en -fabrikeret eksekverbar fil.

    • - -
  • CVE-2010-0427 - -

    Man opdagede, at når valgmuligheden runas_default anvendes, opsatte sudo ikke -på korrekt vis gruppemedlemskaber, hvilket gjordet det muligt for lokale brugere -at opnå rettigheder via en sudo-kommando.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i version -1.6.9p17-2+lenny1

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.7.2p1-1.2, og vil om kort tid blive overført til distributionen testing -(squeeze).

- -

Vi anbefaler at du opgraderer din sudo-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2006.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2007.wml b/danish/security/2010/dsa-2007.wml deleted file mode 100644 index 5471df11c37..00000000000 --- a/danish/security/2010/dsa-2007.wml +++ /dev/null @@ -1,24 +0,0 @@ -formatstrengssårbarhed - -

Ronald Volgers opdagede at komponenten lppasswd i cups-programsamlingen, -Common UNIX Printing System, var sårbar over for formatstrengangreb på grund af -usikker anvendelse af miljøvariablen LOCALEDIR. En angriber kunne misbruge -denne virkemåde, til at udføre vilkårlig kode gennem fabrikerede -lokaltilpasningsfiler og dermed udløse kald til _cupsLangprintf(). Det virkede -fordi den binære lppasswd-fil tilfældigvis er installeret med setuid -0-rettigheder.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.3.8-1+lenny8.

- -

I distributionen testing (squeeze) vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid) er dette problem rettet i version -1.4.2-9.1.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2007.data" -#use wml::debian::translation-check translation="2a633dd265f39b93db2349ff0e23f0ff72d8e86e" mindelta="1" diff --git a/danish/security/2010/dsa-2008.wml b/danish/security/2010/dsa-2008.wml deleted file mode 100644 index 0009e920d08..00000000000 --- a/danish/security/2010/dsa-2008.wml +++ /dev/null @@ -1,21 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i webindholdhåndteringsframeworket -TYPO3: Sårbarheder i forbindelse med udførelse af skripter på tværs af websteder -blev opdaget i både frontend'en og backend'en. Desuden kunne brugerdata lækkes. -Flere oplysninger findes i -\ -Typo3's sikkerhedsbulletin.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 4.2.5-1+lenny3.

- -

I den kommende stabile distribution (squeeze) og i den ustabile -distribution (sid), er disse problemer rettet i version 4.3.2-1.

- -

Vi anbefaler at du opgraderer din typo3-src-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2008.data" -#use wml::debian::translation-check translation="b7663d5a2635824cc59f49b26807bfaa5fb93706" mindelta="1" diff --git a/danish/security/2010/dsa-2009.wml b/danish/security/2010/dsa-2009.wml deleted file mode 100644 index b9d7d208127..00000000000 --- a/danish/security/2010/dsa-2009.wml +++ /dev/null @@ -1,21 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Man opdagede at tdiary, et kommunikationsvenligt weblogsystem, var sårbart -over for en sårbarhed i forbindelse med udførelse af skripter på tværs af -websteder, på grund af utilstrækkelig fornuftighedskontrol af inddata i -transmission-plugin'en TrackBack.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.2.1-1+lenny1.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.2.1-1.1.

- -

Vi anbefaler at du opgraderer dine tdiary-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2009.data" -#use wml::debian::translation-check translation="9d9d28f817c9730923c52dbf37c3e66c43d06f08" mindelta="1" diff --git a/danish/security/2010/dsa-2010.wml b/danish/security/2010/dsa-2010.wml deleted file mode 100644 index fac204638f8..00000000000 --- a/danish/security/2010/dsa-2010.wml +++ /dev/null @@ -1,44 +0,0 @@ -rettighedsforøgelse/lammelsesangreb - -

Several local vulnerabilities have been discovered in kvm, a full -virtualization system. The Common Vulnerabilities and Exposures project -identifies the following problems:

- -
    - -
  • CVE-2010-0298 og - CVE-2010-0306 - -

    Gleb Natapov opdagede problemer i undersystemet KVM, hvor manglende - rettighedskontroller (CPL/IOPL) gjorde det muligt for en bruger på et - gæstesystem, at lammelsesangribe (denial of service) en gæst (systemnedbrud) - eller opnå forøgede rettigheder med gæsten.

    • - -
  • CVE-2010-0309 - -

    Marcelo Tosatti rettede et problem i PIT-emuleringskoden i - KVM-undersystemet, det gjorde det muligt for priviligerede brugere i et - gæstedomæne, at forårsage et lammelsesangreb (nedbrud) af - værtssystemet.

    • - -
  • CVE-2010-0419 - -

    Paolo Bonzini fandt en fejl i KVM, der kunne anvendes til at omgå den - gængse rettighedskontrol, mens segment-selectors blev indlæst. Dermed var - det potentielt muligt for priviligerede gæstebrugere, at udføre - priviligerede instruktioner på værtssystemet.

    • - -
- -

I den stabile distribution (lenny), er dette problem rettet i -version 72+dfsg-5~lenny5.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -vil disse problemer blive løst i pakken linux-2.6.

- -

Vi anbefaler at du opgraderer din kvm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2010.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2011.wml b/danish/security/2010/dsa-2011.wml deleted file mode 100644 index aca4a219416..00000000000 --- a/danish/security/2010/dsa-2011.wml +++ /dev/null @@ -1,20 +0,0 @@ -stigennemløb - -

William Grant opdagede at dpkg-source-komponenten i dpkg, -lavniveauinfrastrukturen til håndtering af installering og fjernelse af -Debian-softwarepakker, var sårbar over for stigennemløbsangreb. En -særligt fremstillet Debian-kildekodepakke, kunne føre til filændringer uden for -målmappen, når pakkens indhold blev pakket ud.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.14.29.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid) vil -disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine dpkg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2011.data" -#use wml::debian::translation-check translation="ad6f32a8a65d2ea301db7d0fde758c690fac9186" mindelta="1" diff --git a/danish/security/2010/dsa-2012.wml b/danish/security/2010/dsa-2012.wml deleted file mode 100644 index 46091e28f1a..00000000000 --- a/danish/security/2010/dsa-2012.wml +++ /dev/null @@ -1,46 +0,0 @@ -rettighedsforøgelse/lammelsesangreb - -

To sårbarheder blev opdaget i Linux-kernen, hvilke kunne føre til et -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-3725 - -

    Philipp Reisner rapporterede om et problem i connector-undersystemet, - hvilket gjorde det muligt for upriviligerede brugere at sende - netlink-pakker. Dermed kunne lokale brugere manipulere indstillingerne af - uvesafb-enheder, der normalt er begrænset til priviligerede - brugere.

    • - -
  • CVE-2010-0622 - -

    Jerome Marchand rapporterede om et problem i futex-undersystemet, som - gjorde det muligt for en lokal bruger at gennemtvinge en ugyldig - futex-tilstand, hvilket medførte et lammelsesangreb (oops).

    • - -
- -

Opdateringen indeholder også rettelser af regressioner, der opstod i -forbindelse med tidligere opdateringer. Se de refererede Debian-fejlsider for -flere oplysninger.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.6.26-21lenny4.

- -

Vi anbefaler, at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:

- -
- - -
  Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+21lenny4
- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2012.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2013.wml b/danish/security/2010/dsa-2013.wml deleted file mode 100644 index 86dbeac1d99..00000000000 --- a/danish/security/2010/dsa-2013.wml +++ /dev/null @@ -1,20 +0,0 @@ -flere sårbarheder - -

Nahuel Grisolia opdagede to sårbarheder i Egroupware, en webbaseret -groupwaresuite: Manglende fornuftighedskontrol af inddata i -stavekontrolsintegrationen kunne føre til udførelse af vilkårlige kommandoer -samt en sårbarhed i forbindelse med udførelse af skripter på tværs af websteder -blev opdaget på loginsiden.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.4.004-2.dfsg-4.2.

- -

Den kommende stabile distribution (squeeze), indeholder ikke længere -egroupware-pakker.

- -

Vi anbefaler at du opgraderer dine egroupware-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2013.data" -#use wml::debian::translation-check translation="dded74bdb5a7f523a2ca6c87c19922eb9e9a773c" mindelta="1" diff --git a/danish/security/2010/dsa-2014.wml b/danish/security/2010/dsa-2014.wml deleted file mode 100644 index f88ae63d881..00000000000 --- a/danish/security/2010/dsa-2014.wml +++ /dev/null @@ -1,41 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder blev opdaget i moin, en python-klon af WikiWiki. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2010-0668 - -

    Flere sikkerhedsproblemer i MoinMoin i forbindelse med opsætninger, der har -en ikke-tom superuser-liste, aktiveret xmlrpc-action, aktiveret SyncPages-action -eller opsat OpenID.

    • - -
  • CVE-2010-0669 - -

    MoinMoin fornuftighedskontrollerede ikke på korrekt vis - brugerprofiler.

    • - -
  • CVE-2010-0717 - -

    Standardopsætningen af cfg.packagepages_actions_excluded i MoinMoin - forhindrede ikke usikre pakkehandlinger.

    • - -
- -

Desuden retter denne opdatering en fejl under behandlingen af hierarkiske -ACL'er, der kunne udnyttes til at tilgå adgangsbegrænsede undersider.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -1.7.1-3+lenny3.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.9.2-1, og vil om kort tid blive overført til distributionen testing -(squeeze).

- -

Vi anbefaler at du opgraderer din moin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2014.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2015.wml b/danish/security/2010/dsa-2015.wml deleted file mode 100644 index 16a25e6c6e2..00000000000 --- a/danish/security/2010/dsa-2015.wml +++ /dev/null @@ -1,45 +0,0 @@ -rettighedsforøgelse - -

En lokal sårbarhed blev opdaget i drbd8.

- -

Philipp Reisner rettede et problem i drbd-kernemodulet, hvilket gjorde det -muligt for lokale brugere at sende netlink-pakker for at udføre handlinger, der -skulle være begrænsede til brugere med CAP_SYS_ADMIN-rettigheder. Problemet -svarer til dem, der er beskrevet i -\ -CVE-2009-3725.

- -

Opdateringen retter også et ABI-kompabilitetsproblem, som opstod i -forbindelse med linux-2.6 (2.6.26-21lenny3). Den forudopbyggede -drbd-modul-pakke angivet i denne bulletin, kræver en linux-image-pakke med -version 2.6.26-21lenny3 eller højere.

- -

I den stabile distribution (lenny), er dette problem rettet i -drbd8 (2:8.0.14-2+lenny1).

- -

Vi anbefaler at du opgraderer dine drbd8-pakker.

- -

Pakken linux-modules-extra-2.6 er blevet genopbygget mod den opdaterede -drbd8-pakke, for at kunne levere rettede forudopbyggede drbd8-modules-pakker. -Hvis du i stedet for at anvende den forudopbygget drbd8-modules-pakke, har -opbygget og installeret en lokal kopi af drbd-modulet fra drbd8-source-pakken -(fx ved hjælp af module-assistant), skal du følge de samme trin, du oprindelig -anvendte til at genopbygget dit modul, efter opgradering af -drbd8-source-pakken.

- -

Bemærk: Efter opgradering af et kernemodul, skal du genindlæse modulet for -at ændringerne kan træde i kraft:

-
    -
  1. Luk alle tjenester, der anvender drbd-modulet
    2. -
  2. Aflad (unload) det foregående drbd-modul (modprobe -r drbd)
    3. -
  3. Genindlæs det opdaterede drbd-modul (modprobe drbd)
    4. -
  4. Genstart alle tjenester, der anvender drbd-modulet
    5. -
- -

At genstarte systemet vil også medføre, at det opdaterede modul tages i -brug.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2015.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2016.wml b/danish/security/2010/dsa-2016.wml deleted file mode 100644 index 4f3c552f67f..00000000000 --- a/danish/security/2010/dsa-2016.wml +++ /dev/null @@ -1,46 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder (SA-CORE-2010-001) blev opdaget i drupal6, et komplet -indholdhåndteringsframework.

- -

Udførelse af skripter på tværs af websteder under installering

- -

En brugerleveret værdi, der anvendes direkte som uddata under installeringen, -gjorde det muligt for en ondsindet bruger, at fabrikere en URL og udføre et -angreb i forbindelse med udførelse af skripter på tværs af websteder. Fejlen -kunne kun udnyttes på websteder, der endnu ikke var opsat.

- -

Åben viderestilling

- -

API-funktionen drupal_goto() var sårbar over for et phishing-angreb. En -angriber kunne danne en viderestilling på en sådan måde, at Drupal-webstedet -sendte en bruger til en vilkårligt leveret URL. Ingen brugerleverede data blev -sendt til denne URL.

- -

Udførelse af skripter på tværs af websteder i forbindelse med lokale moduler

- -

Lokale moduler og afhængige leverede moduler, fornuftighedskontrollerede -ikke visningen af sprogkoder, samt indfødte og engelske sprognavne på korrekt -vis. Mens disse normalt kommer fra en forudvalgt liste, er vilkårlige inddata -fra administratorerne tilladt. Sårbarheden begrænses af det faktum, at -angriberen skal have en rolle med rettigheden administer languages.

- -

Regenerering af blokeret brugers session

- -

Under visse omstændigheder kunne en bruger med en åben session, som er -blokeret, vedligeholde sin session på Drupal-webstedet, på trods af at være -blokeret.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -6.6-3lenny5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 6.16-1, og vil snart blive overført til distributionen testing -(squeeze).

- -

Vi anbefaler at du opgraderer din drupal6-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2016.data" -#use wml::debian::translation-check translation="acc32211ad0ee4813745fc98bba7daa0befd9e8d" mindelta="1" diff --git a/danish/security/2010/dsa-2017.wml b/danish/security/2010/dsa-2017.wml deleted file mode 100644 index a48e81395c5..00000000000 --- a/danish/security/2010/dsa-2017.wml +++ /dev/null @@ -1,19 +0,0 @@ -usikker midlertidig mappe - -

Dan Rosenberg opdagede at soundserveren PulseAudio oprettede en midlertidig -mappe på et forudsigeligt navn. Dermed var det muligt for en lokal angriber, at -etablere en lammelsesangrebstilstand (denial of service) eller muligvis afsløre -følsomme oplysninger til upriviligerede brugere.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.9.10-3+lenny2.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid) vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din pulseaudio-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2017.data" -#use wml::debian::translation-check translation="f4e83afecd0360a633ee87dafb1926d3e8134d88" mindelta="1" diff --git a/danish/security/2010/dsa-2018.wml b/danish/security/2010/dsa-2018.wml deleted file mode 100644 index f2cfc661cd3..00000000000 --- a/danish/security/2010/dsa-2018.wml +++ /dev/null @@ -1,20 +0,0 @@ -lammelsesangreb (nedbrud) - -

Auke van Slooten opdagede at PHP 5, en hypertext-preprocessor, gik ned -(på grund af en NULL-pointerdereference) når den behandlede ugyldige -XML-RPC-forespørgsler.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 5.2.6.dfsg.1-1+lenny8.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.3.2-1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2018.data" -#use wml::debian::translation-check translation="34515294169f5d714f31da3337f70a718963763c" mindelta="1" diff --git a/danish/security/2010/dsa-2019.wml b/danish/security/2010/dsa-2019.wml deleted file mode 100644 index 2eb950ba8c3..00000000000 --- a/danish/security/2010/dsa-2019.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende fornuftighedskontrol af inddata - - -

Marc Schoenefeld opdagede ukorrekt fornuftighedskontrol i Pango, et bibliotek -til layout og rendering af tekst, førende til en arrayindekseringsfejl. Hvis en -lokal bruger blev narret til at indlæse en særligt fremstillet skrifttypefil i -en applikation, som anvender skrifttyperenderingbiblioteket Pango, kunne det -føre til lammelsesangreb (applikationsnedbrud).

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.20.5-5+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din pango1.0-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2019.data" -#use wml::debian::translation-check translation="9ccbb45c6d435f1720fcafab9ecc0d26bab0ddc1" mindelta="1" diff --git a/danish/security/2010/dsa-2020.wml b/danish/security/2010/dsa-2020.wml deleted file mode 100644 index 5a5f6b7c2ab..00000000000 --- a/danish/security/2010/dsa-2020.wml +++ /dev/null @@ -1,20 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Ivan Shmakov opdagede at htmlscrubber-komponenten i ikiwiki, en wikicompiler, -udførte utilstrækkelig fornuftighedskontrol af inddata på -data:image/svg+xml-URI'er. Da de kan indeholde skriptkode, kunne det anvendes -af en angriber til at udføre skripter på tværs af websteder.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.53.5.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 3.20100312.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.20100312.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2020.data" -#use wml::debian::translation-check translation="ed049e333a5dc6842f1c60b2c2ffa0e0637e8005" mindelta="1" diff --git a/danish/security/2010/dsa-2021.wml b/danish/security/2010/dsa-2021.wml deleted file mode 100644 index 42badce4079..00000000000 --- a/danish/security/2010/dsa-2021.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende fornuftighedskontrol af inddata - -

En manglende fornuftighedskontrol af inddata i spamass-milter, et milter som -anvendes til at filtrere mail gennem spamassassin, blev discovered. Dermed var -det muligt for en fjernangriber at indsprøjte og udføre vilkårlige -shell-kommandoer.

- -

I den stabile distribution (lenny), er dette problem rettet i version -0.3.1-8+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid) er -dette problem rettet i version 0.3.1-9.

- -

Vi anbefaler at du opgraderer din spamass-milter-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2021.data" -#use wml::debian::translation-check translation="c0a07de56626b392093187d5d8ae6ebbbda8e771" mindelta="1" diff --git a/danish/security/2010/dsa-2022.wml b/danish/security/2010/dsa-2022.wml deleted file mode 100644 index 8acd0e3c7a6..00000000000 --- a/danish/security/2010/dsa-2022.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i mediawiki, en webbaseret wikimaskine. -Følgende problemer er registreret:

- -
    - -

  • Utilstrækkelig fornuftighedskontrol af inddata i CSS-valideringskoden -gjorde det muligt for redaktører at vise eksterne billeder på wikisider. Det -kan være et problem i forbindelse med personlige oplysninger på offentligt -tilgængelige wikier, da det dermed var muligt for angribere at indsamle -IP-adresser og andre oplysninger, ved at linke disse billeder til en webserver -under deres kontrol.

    • - -

  • Utilstrækkelig rettighedskontroller blev fundet i thump.php, hvilket -kunne føre til afløring af billedfiler, som er begrænset til visse brugere -(fx med img_auth.php).

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.12.0-2lenny4.

- -

I distributionen distribution (squeeze), er disse problemer rettet i -version 1:1.15.2-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:1.15.2-1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2022.data" -#use wml::debian::translation-check translation="03787d5d13b696c0e8ce4a71d1186925f40ec882" mindelta="1" diff --git a/danish/security/2010/dsa-2023.wml b/danish/security/2010/dsa-2023.wml deleted file mode 100644 index 8eb051b5e0a..00000000000 --- a/danish/security/2010/dsa-2023.wml +++ /dev/null @@ -1,25 +0,0 @@ -bufferoverløb - -

Wesley Miaw opdagede at libcurl, et bibliotek til filoverførsler via flere -protokoller, var ramt af et bufferoverløb via callback-funktionen, når en -applikation forventede at libcurl automatisk udpakkede data. Bemærk at det kun -påvirkede applikationer, der stoler på libcurls maksimumbegrænsning på en -buffer af en uforanderlig størrelse og ikke selv udfører -fornuftighedskontroller.

- -

I den stabile distribution (lenny), er dette problem rettet i version -7.18.2-8lenny4.

- -

På grund af et problem med arkiveringssoftwaren, kan vi ikke udgive til alle -arkitekturer på samme tid. Binære filer til arkitekturerne hppa, ia64, mips, -mipsel og s390 vil blive stillet til rådighed, når de er klar.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -dette problem rettet i version 7.20.0-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2023.data" -#use wml::debian::translation-check translation="bc75bfbd4b7e1bb1d595803cb3bde20d85c7310f" mindelta="1" diff --git a/danish/security/2010/dsa-2024.wml b/danish/security/2010/dsa-2024.wml deleted file mode 100644 index 152e7a4ffc8..00000000000 --- a/danish/security/2010/dsa-2024.wml +++ /dev/null @@ -1,24 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - - -

Jamie Strandboge opdagede at moin, en python-klon af WikiWiki, ikke på -tilstrækkelig vis fornuftighedskontrollerede sidenavnet i -Despam-handling, hvilket gjorde det muligt for fjernangribere at udføre -skriptangreb på tværs af websteder (XSS).

- -

Desuden indeholder denne opdatering af rettelse af et mindre problem i -textcha-beskyttelse, der simpelt kunne omgås ved at tømme -formularfelterne textcha-question og textcha-answer.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.7.1-3+lenny4.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), vil -disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din moin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2024.data" -#use wml::debian::translation-check translation="dae9a927b08465fff065bb1752b1f6a083847132" mindelta="1" diff --git a/danish/security/2010/dsa-2025.wml b/danish/security/2010/dsa-2025.wml deleted file mode 100644 index 159ae957c66..00000000000 --- a/danish/security/2010/dsa-2025.wml +++ /dev/null @@ -1,58 +0,0 @@ -flere sårbarheder - - -

Flere fjernudnytbare sårbarheder blev opdaget i mailklienten Icedove, en -varemærkefri version af mailklienten Thunderbird. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-2408 - -

    Dan Kaminsky og Moxie Marlinspike opdagede at icedove ikke på korrekt vis -håndterer et \0-tegn i et domænenavn i emnets Common Name-felt (CN) i et -X.509-certifikat (MFSA 2009-42).

    • - -
  • CVE-2009-2404 - -

    Moxie Marlinspike rapporterede om en heapoverløbssårbarhed i koden, der -håndterer regulære udtræk i certifikatnavne (MFSA 2009-43).

    • - -
  • CVE-2009-2463 - -

    monarch2020 opdagede et heltalsoverløb i en base64-dekodningsfunktion -(MFSA 2010-07).

    • - -
  • CVE-2009-3072 - -

    Josh Soref opdagede et nedbrud i BinHex-dekoderen (MFSA 2010-07).

    • - -
  • CVE-2009-3075 - -

    Carsten Book rapporterede om et nedbrud i JavaScript-maskinen -(MFSA 2010-07).

    • - -
  • CVE-2010-0163 - -

    Ludovic Hirlimann rapporterede om et nedbrud ved indeksering af visse -meddelelser med vedhæftelser, hvilket kunne føre til udførelse af vilkårlig -kode (MFSA 2010-07).

    - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.0.0.24-0lenny1.

- -

På grund af et problem med arkiveringssystemet, var det ikke muligt at -udgive til alle arkitekturer. Overførsel til de manglende arkitekturer til -arkivet, vil finde sted så snart opdateringerne er tilgængelige.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2025.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2026.wml b/danish/security/2010/dsa-2026.wml deleted file mode 100644 index ee09f2e835c..00000000000 --- a/danish/security/2010/dsa-2026.wml +++ /dev/null @@ -1,27 +0,0 @@ -stakbaseret bufferoverløb - - -

Marc Schoenefeld opdagede et stakbaseret bufferoverløb i implementeringen af -XPM-indlæsningen i netpbm-free, en samling af billedmanipuleringsværktøjer. En -angriber kunne forårsage et lammelsesangreb (applikationsnedbrud) eller muligvis -udføre vilkårlig kode via en XPM-billedfil indeholdende et fabrikeret headerfelt -med en stor farveindeksværdi.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2:10.0-12+lenny1.

- -

I distribution testing (squeeze), er dette problem rettet i -version 2:10.0-12.1+squeeze1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

På grund af et problem med arkiveringssystemet, var det ikke muligt at -udgive til alle arkitekturer. Overførsel til de manglende arkitekturer til -arkivet, vil finde sted så snart opdateringerne er tilgængelige.

- -

Vi anbefaler at du opgraderer din netpbm-free-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2026.data" -#use wml::debian::translation-check translation="f4d5161c79c4f4f94cf6f3ed7de1d3b7880ae47b" mindelta="1" diff --git a/danish/security/2010/dsa-2027.wml b/danish/security/2010/dsa-2027.wml deleted file mode 100644 index 26e7a536832..00000000000 --- a/danish/security/2010/dsa-2027.wml +++ /dev/null @@ -1,51 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder blev opdaget i Xulrunner, et runtilmiljø til -XUL-applikationer, så som webbrowseren Iceweasel. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2010-0174 - -

    Jesse Ruderman og Ehsan Akhgari opdagede nedbrud i layoutmaskinen, - hvilket måske gjorde det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2010-0175 - -

    Man opdagede at ukorrekt hukommelseshåndtering i XUL-eventhandler'en - måske kunne gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2010-0176 - -

    Man opdagede at ukorrekt hukommelseshåndtering i XUL-eventhandler'en - måske kunne gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2010-0177 - -

    Man opdagede at ukorrekt hukommelseshåndtering i plugin-koden måske kunne - gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2010-0178 - -

    Paul Stone opdagede at tvungne træk og slip-begivenheder kunne føre til - Chrome-rettighedsforøgelse.

    • - -
  • CVE-2010-0179 - -

    Man opdagede at en programmeringsfejl i XMLHttpRequestSpy-modulet kunne - føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.9.0.19-1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2027.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2028.wml b/danish/security/2010/dsa-2028.wml deleted file mode 100644 index 4efdf01979d..00000000000 --- a/danish/security/2010/dsa-2028.wml +++ /dev/null @@ -1,57 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i xpdf, en samling af værktøjer til visning og -konvertering af Portable Document Format-filer (PDF).

- -

Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-1188 og - CVE-2009-3603 - -

    Heltalsoverløb i SplashBitmap::SplashBitmap hvilket måske kunne gøre det - muligt for fjernangribere at udføre vilkårlig kode eller et - applikationsnedbrud via et fabrikeret PDF-dokument.

    • - -
  • CVE-2009-3604 - -

    NULL-pointerdereference eller heapbaseret bufferoverløb i - Splash::drawImage hvilket måske kunne gøre det muligt for fjernangribere at - forårsage et lammelsesangreb (applikationsnedbrud) eller muligvis udføre - vilkårlig kode via et fabrikeret PDF-dokument.

    • - -
  • CVE-2009-3606 - -

    Heltalsoverløb i PSOutputDev::doImageL1Sep hvilket måske kunne gøre det - muligt for fjernangribere at udføre vilkårlig kode via et fabrikeret - PDF-dokument.

    • - -
  • CVE-2009-3608 - -

    Heltalsoverløb i ObjectStream::ObjectStream hvilket måske kunne gøre det - muligt for fjernangribere at udføre vilkårlig kode via et fabrikeret - PDF-dokument.

    • - -
  • CVE-2009-3609 - -

    Heltalsoverløb i ImageStream::ImageStream hvilket måske kunne gøre det - muligt for fjernangribere at forårsage et lammelsesangreb (denial of - service) via et fabrikeret PDF-dokument.

    • - -
- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.02-1.4+lenny2.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.02-2.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2028.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2029.wml b/danish/security/2010/dsa-2029.wml deleted file mode 100644 index 3109c565b1d..00000000000 --- a/danish/security/2010/dsa-2029.wml +++ /dev/null @@ -1,22 +0,0 @@ -flere sårbarheder - -

Man opdagede at imlib2, et bibliotek til indlæsning og behandling af flere -billedformater, ikke på korrekt vis behandlede forskellige billedfiltyper.

- -

Flere heap- og stakbaserede bufferoverløb - delvis på grund af heltalsoverløb -- i indlæserne af ARGB, BMP, JPEG, LBM, PNM, TGA og XPM, kunne føre til -udførelse af vilkårlig kode via fabrikerede billedfiler.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.4.0-1.2+lenny1.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 1.4.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.2-1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2029.data" -#use wml::debian::translation-check translation="11419f742bdd6120db2cb0a622cd067a73936870" mindelta="1" diff --git a/danish/security/2010/dsa-2030.wml b/danish/security/2010/dsa-2030.wml deleted file mode 100644 index 7b6ad7b9dad..00000000000 --- a/danish/security/2010/dsa-2030.wml +++ /dev/null @@ -1,22 +0,0 @@ -SQL-indsprøjtning - -

Man opdagede et mahara, en elektronisk portfolio-, weblog- og CV-program, -ikke på korrekt vis indkapslede inddata når et unikt brugernavn blev genereret, -baseret på en fjern brugers navn fra en single sign-on-applikation. Dermed -kunne en angriber kompromittere mahara-databasen via fabrikerede -brugernavne.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.0.4-4+lenny5.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.2.4-1.

- -

Vi anbefaler at du opgraderer dine mahara-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2030.data" -#use wml::debian::translation-check translation="46088a82820d088d7f6fc8c25ccbbeb7ec8f0212" mindelta="1" diff --git a/danish/security/2010/dsa-2031.wml b/danish/security/2010/dsa-2031.wml deleted file mode 100644 index 9350ff76f63..00000000000 --- a/danish/security/2010/dsa-2031.wml +++ /dev/null @@ -1,20 +0,0 @@ -anvendelse efter frigivelse - - -

Sol Jerome opdagede at kadmind-servicen i krb5, et system til autentificering -af brugere og services på et et netværk, gjorde det muligt for autentificerede -brugere at forårsage et lammelsesangreb (dæmonnedbrud) via en forespørgsel fra -en kadmin-klient, der sendte et ugyldigt API-versionsnummer.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.6.dfsg.4~beta1-5lenny3.

- -

Distribution testing (squeeze) og den ustabile distribution (sid) er ikke -pårvirket af dette problemer.

- -

Vi anbefaler at du opgraderer din krb5-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2031.data" -#use wml::debian::translation-check translation="8841553f372d1e9c897a2b6a78ab210cafe34381" mindelta="1" diff --git a/danish/security/2010/dsa-2032.wml b/danish/security/2010/dsa-2032.wml deleted file mode 100644 index 06820e1f749..00000000000 --- a/danish/security/2010/dsa-2032.wml +++ /dev/null @@ -1,38 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i libpng, et bibliotek til læsning og skrivning -af PNG-filer. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2009-2042 - -

    libpng fortolkede ikke på korrekt vis 1-bit interlaced-billeder med -breddeværdier, som ikke kan divideres med otte, hvilket fik libpng til at -medtage uinitialiserede bit i visse rækker i en PNG-fil, og måske gjorde det -muligt for fjernangribere at læse dele af følsom hukommelse via -out-of-bounds pixels i filen.

    • - -
  • CVE-2010-0205 - -

    libpng håndterede ikke på korrekt vis komprimerede ancillary-chunk-data, -der har en uforholdsmæssig stor ukomprimeret repræsentation, hvilket gjorde -det muligt for fjernangribere at forårsage et lammelsesangreb (hukommelses- -og CPU-forbrug samt hængende applikation) via en fabrikeret PNG-fil.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.2.27-2+lenny3.

- -

I distributionen testing (squeeze) og i den ustabile (sid) distribution, er -disse problemer rettet i version 1.2.43-1.

- -

Vi anbefaler at du opgraderer din libpng-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2032.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2033.wml b/danish/security/2010/dsa-2033.wml deleted file mode 100644 index 35ab1bafb92..00000000000 --- a/danish/security/2010/dsa-2033.wml +++ /dev/null @@ -1,23 +0,0 @@ -heapoverløb - -

Man opdagede at der i ejabberd, en distribueret XMPP/Jabber-server skrevet i -Erlang, var et problem i ejabberd_c2s.erl, som gjorde det muligt for -fjernautentificerede brugere at forårsage et lammelsesangreb (denial of service) -ved at sende et stort antal c2s-meddelelser (client2server). Det udløste af -køen løb over, hvilket igen medførte et nedbrud i ejabberd-dæmonen.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.0.1-6+lenny2.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 2.1.2-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1.2-2.

- -

Vi anbefaler at du opgraderer dine ejabberd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2033.data" -#use wml::debian::translation-check translation="661101196997bc74527d1c660849c9e6bb527d61" mindelta="1" diff --git a/danish/security/2010/dsa-2034.wml b/danish/security/2010/dsa-2034.wml deleted file mode 100644 index 50734fb2110..00000000000 --- a/danish/security/2010/dsa-2034.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i phpMyAdmin, et webværktøj til administrering -af MySQL. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2008-7251 - -

    phpMyAdmin oprettede måske en midlertidig mappe med usikre - filsystemsrettigheder, hvis den opsatte mappe endnu ikke fandtes.

    • - -
  • CVE-2008-7252 - -

    phpMyAdmin anvendte forudsigelige filnavne til midlertidige filer, - hvilket måske kunne føre til et lokal lammelsesangreb (denial of service) - eller rettighedsforøgelse.

    • - -
  • CVE-2009-4605 - -

    Skriptet setup.php, som følger med phpMyAdmin, afserialiserede måske - data fra en kilde der ikke stoles på, hvilket gjorde det muligt at - udføre forespørgselsforfalskning på tværs af servere.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i version -phpmyadmin 2.11.8.1-5+lenny4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.2.4-1.

- -

Vi anbefaler at du opgraderer din phpmyadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2034.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2035.wml b/danish/security/2010/dsa-2035.wml deleted file mode 100644 index c5c06bcd497..00000000000 --- a/danish/security/2010/dsa-2035.wml +++ /dev/null @@ -1,40 +0,0 @@ -flere problemer - - -

To problemer er fundet i webserveren Apache HTTPD:

- -
    - -
  • CVE-2010-0408 - -

    mod_proxy_ajp returnerede den forkerte statuskode, hvis der blev stødt på en -fejl, som var årsag til at backendserveren kom i en fejltilstand indtil -retry-timeout'ens udløb. En fjernangriber kunne sende ondsindede forespørgsler -for at udløse problemet, medførende lammelsesangreb (denial of -service).

    • - -
  • CVE-2010-0434 - -

    Der blev fundet en fejl i kerneunderforespørgselskoden, som kunne føre til -et dæmonnedbrud (segfault) eller afsløring af følsomme oplysninger, hvis -headerne fra en underforespørgsel blev ændret af moduler så som -mod_headers.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.2.9-10+lenny7.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 2.2.15-1.

- -

Denne bulletin indeholder også en opdateret apache2-mpm-itk-pakke, som er -genoversat mod de nye apache2-pakker.

- -

Vi anbefaler at du opgraderer dine apache2- og apache2-mpm-itk-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2035.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2036.wml b/danish/security/2010/dsa-2036.wml deleted file mode 100644 index 3bc952cd135..00000000000 --- a/danish/security/2010/dsa-2036.wml +++ /dev/null @@ -1,24 +0,0 @@ -programmeringsfejl - -

Man opdagede at runtimebiblioteket JasPer JPEG-2000 gjorde det muligt for en -angriber at oprette en fabrikeret inddatafil, som kunne føre til lammelsesangreb -(denial of service) og heapkorruption.

- -

Ud over at løse sårbarheden, indeholder opdateringen også rettelse af en -regression, som opstod i forbindelse med sikkerhedsrettelsen til -\ -CVE-2008-3521, som blev taget i brug for frigivelsen af lenny, og som kunne -give fejl ved læsning af nogle JPEG-inddatafiler.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.900.1-5.1+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.900.1-6.

- -

Vi anbefaler at du opgraderer din jasper-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2036.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2037.wml b/danish/security/2010/dsa-2037.wml deleted file mode 100644 index 6450871a863..00000000000 --- a/danish/security/2010/dsa-2037.wml +++ /dev/null @@ -1,17 +0,0 @@ -race-tilstand - -

Sebastian Krahmer opdagede at en race-tilstand i KDE Desktop Environments -KDM display manager, tillod at en lokal bruger kunne forøge rettigheder til -root.

- -

I den stabile distribution (lenny), er dette problem rettet i version -4:3.5.9.dfsg.1-6+lenny1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din kdm-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2037.data" -#use wml::debian::translation-check translation="ac4b2ccfc2acddd329a4f9d2cc3cc0d9dbe26def" mindelta="1" diff --git a/danish/security/2010/dsa-2038.wml b/danish/security/2010/dsa-2038.wml deleted file mode 100644 index 73752e70f1a..00000000000 --- a/danish/security/2010/dsa-2038.wml +++ /dev/null @@ -1,39 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Pidgin, en chatklient som -understøtter flere protokoller. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2010-0420 - -

    Fabrikerede nicknames i XMPP-protokollen kunne medføre et fjernaktiveret - nedbrud af Pidgin.

    • - -
  • CVE-2010-0423 - -

    Fjerne kontakter kunne sende for lange skræddersyede smilies, hvilket - fik Pidgin til at gå ned.

    • - -
- -

For et par måneder siden skiftede Microsofts MSN-servere protokol, hvilket -gjorde Pidgin uanvendelig hvad angår MSN. Det kan ikke betale sig at -tilbageføre disse ændringer til den version af Pidgin, som er i Debian lenny. -Denne opdatering formaliserer situationen ved at deaktivere protokollen i -klienten. Brugere af MSN-protokollen rådes til at anvende versionen af Pidgin -fra arkiverne på www.backports.org.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.4.3-4lenny6.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.6.6-1.

- -

Vi anbefaler at du opgraderer din pidgin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2038.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2039.wml b/danish/security/2010/dsa-2039.wml deleted file mode 100644 index a9382c34f6f..00000000000 --- a/danish/security/2010/dsa-2039.wml +++ /dev/null @@ -1,17 +0,0 @@ -manglende kontrol af inddata - -

Man opdagede at Cacti, en frontend til rrdtool til overvågning af systemer og -services, manglede fornuftighedskontrol af inddata, hvilket muliggjorde et -SQL-indsprøjtningsangreb.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.8.7b-2.1+lenny2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din cacti-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2039.data" -#use wml::debian::translation-check translation="c6b40533d6132feec889f51e5a14660a43a31d17" mindelta="1" diff --git a/danish/security/2010/dsa-2040.wml b/danish/security/2010/dsa-2040.wml deleted file mode 100644 index 00dd3cf8950..00000000000 --- a/danish/security/2010/dsa-2040.wml +++ /dev/null @@ -1,30 +0,0 @@ -bufferoverløb - -

Man opdagede at squidguard, et URL-redirector/filter/ACL-plugin til squid, -havde flere problemer i src/sgLog.c og src/sgDiv.c, som gjorde det muligt for -fjernbrugere at enten:

- -
    - -
  • Forårsage et lammelsesangreb, ved at forespørge på lange URL'er - indeholdende mange skråstreger. Det tvang dæmonen i nødtilstand, hvor den - ikke længere behandler forespørgsler.
    • - -
  • Omgå regler ved at forespørge på URL'er, hvis længde er tæt på den - prædefinerede buffergrænse, som i denne situation er 2048 for squidguard og - 4096 eller 8192 for squid (afhængigt af dens version).
    • - -
- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.2.0-8.4+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2.0-9.

- -

Vi anbefaler at du opgraderer din squidguard-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2040.data" -#use wml::debian::translation-check translation="6f5b96a05bc41719133362231bc5331667d33d99" mindelta="1" diff --git a/danish/security/2010/dsa-2041.wml b/danish/security/2010/dsa-2041.wml deleted file mode 100644 index b0211d54da6..00000000000 --- a/danish/security/2010/dsa-2041.wml +++ /dev/null @@ -1,22 +0,0 @@ -forfalskning af forespørgsel på tværs af websteder - -

Man opdagede at mediawiki, en webstedsmaskine til samarbejdsprojekter, var -sårbar over for et forfalskning af en forespørgsel på tværs af websteder-angreb -i forbindelse med login, som kunne udnyttes til at iværksætte phishing eller -lignende angreb på brugere via påvirkede mediawiki-installationer.

- -

Bemærk at den benyttede rettelse ændrer login-API'et og kan kræve at -klienter, som anvender det, skal opdateres.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1:1.12.0-2lenny5.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er dette problem rettet i version 1:1.15.3-1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2041.data" -#use wml::debian::translation-check translation="b7d0be10193e507bddcd74761abab7509dd98d16" mindelta="1" diff --git a/danish/security/2010/dsa-2042.wml b/danish/security/2010/dsa-2042.wml deleted file mode 100644 index 62aedfb0c88..00000000000 --- a/danish/security/2010/dsa-2042.wml +++ /dev/null @@ -1,21 +0,0 @@ -formatstreng - -

Florent Daigniere opdagede, at flere formatstrengssårbarheder i Linux' -SCSI-target-frameworket (også kendt som iscsitarget i Debian) gjorde det muligt -for fjernangribere at forårsage et lammelsesangreb (denial of service) i -ietd-dæmonen. Fejlen kunne udløses ved at sende en omhyggeligt fremstillet -Internet Storage Name Service-forespørgsel (iSNS).

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.4.16+svn162-3.1+lenny1.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 0.4.17+svn229-1.4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.4.17+svn229-1.4.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2042.data" -#use wml::debian::translation-check translation="a4cd0e485993a5c20e04ac8691f779e9c3320291" mindelta="1" diff --git a/danish/security/2010/dsa-2043.wml b/danish/security/2010/dsa-2043.wml deleted file mode 100644 index 4f2a9fe16eb..00000000000 --- a/danish/security/2010/dsa-2043.wml +++ /dev/null @@ -1,23 +0,0 @@ -heltalsoverløb - -

tixxDZ (DZCORE labs) opdagede en sårbarhed i multimedieafspilleren og --streameren vlc. Manglende validering af data i vlc's implementering af Real -Data Transport (RDT), muliggjorde et heltalsunderløb og som følge deraf, en -handling på en grænseløs bruffer. En ondsindet fremstillet stream kunne dermed -gøre det muligt for en angriber, at udføre vilkårlig kode.

- -

Der er ingen registrering hos projektet Common Vulnerabilities and Exposures -vedrørende dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i version -0.8.6.h-4+lenny2.3.

- -

I distributionen testing (squeeze), er dette problem rettet i version -1.0.1-1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2043.data" -#use wml::debian::translation-check translation="c28cffa826b9f21f287d459a36b3a913f75a258d" mindelta="1" diff --git a/danish/security/2010/dsa-2044.wml b/danish/security/2010/dsa-2044.wml deleted file mode 100644 index ac7aaa7853c..00000000000 --- a/danish/security/2010/dsa-2044.wml +++ /dev/null @@ -1,20 +0,0 @@ -heltalsoverløb - -

tixxDZ (DZCORE labs) opdagede en sårbarhed i multimedieafspilleren og --streameren mplayer. Manglende validering af data i mplayers implementering af -Real Data Transport (RDT), muliggjorde et heltalsunderløb og som følge deraf, en -handling på en grænseløs bruffer. En ondsindet fremstillet stream kunne dermed -gøre det muligt for en angriber, at udføre vilkårlig kode.

- -

Der er ingen registrering hos projektet Common Vulnerabilities and Exposures -vedrørende dette problem.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.0~rc2-17+lenny3.2.

- -

Vi anbefaler at du opgraderer dine mplayer-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2044.data" -#use wml::debian::translation-check translation="c28cffa826b9f21f287d459a36b3a913f75a258d" mindelta="1" diff --git a/danish/security/2010/dsa-2045.wml b/danish/security/2010/dsa-2045.wml deleted file mode 100644 index 215a403119d..00000000000 --- a/danish/security/2010/dsa-2045.wml +++ /dev/null @@ -1,22 +0,0 @@ -heltalsoverløb - -

Bob Clary, Dan Kaminsky og David Keeler opdagede at flere fejl i libtheora, -videobiblioteksdelen af Ogg-projektet, gjorde det muligt for kontekstafhængige -angribere, at forårsage lammelsesangreb (nedbrud af afspilleren, som anvender -dette bibliotek) og muligvis udføre vilkårlig kode, via en stor og særligt.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0~beta3-1+lenny1.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 1.1.0-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.0-1.

- -

Vi anbefaler at du opgraderer dine libtheora-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2045.data" -#use wml::debian::translation-check translation="92e9ed888e99577317aae1e23f3391110151cdb1" mindelta="1" diff --git a/danish/security/2010/dsa-2046.wml b/danish/security/2010/dsa-2046.wml deleted file mode 100644 index f3819abf5d3..00000000000 --- a/danish/security/2010/dsa-2046.wml +++ /dev/null @@ -1,33 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er fundet i phpgroupware, et webbaseret -groupwaresystem skrevet i PHP. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2010-0403 - -

    En lokal filinkluderingssårbarhed gjorde det muligt for fjernangribere at -udføre vilkårlig PHP-kode og inkludere vilkårlige lokale filer.

    • - - -
  • CVE-2010-0404 - -

    Flere SQL-indsprøjtningssårbarheder gjorde det muligt for fjernangribere at -udføre vilkårlige SQL-kommander.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1:0.9.16.012+dfsg-8+lenny2

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer din phpgroupware-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2046.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2047.wml b/danish/security/2010/dsa-2047.wml deleted file mode 100644 index 1e1a3dd9444..00000000000 --- a/danish/security/2010/dsa-2047.wml +++ /dev/null @@ -1,21 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

En sårbarhed blev fundet i aria2, en downloadklient. Attributten name -i elementet file i metalinkfiler, blev ikke på korrekt vis -fornuftighedskontrolleret før det blev anvendt til at downloade filer. Hvis en -bruger blev narret til at downloade fra en særligt fremstillet metalinkfil, kunne -det udnyttes til at downloade filer til mapper uden for den påtænkte -downloadmappe.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.14.0-1+lenny2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.9.3-1.

- -

Vi anbefaler at du opgraderer din aria2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2047.data" -#use wml::debian::translation-check translation="2a14cdd345ddb75774fcaf65003ad2343e62f0c6" mindelta="1" diff --git a/danish/security/2010/dsa-2048.wml b/danish/security/2010/dsa-2048.wml deleted file mode 100644 index 5dd8bceb90b..00000000000 --- a/danish/security/2010/dsa-2048.wml +++ /dev/null @@ -1,22 +0,0 @@ -bufferoverløb - -

Dan Rosenberg opdagede at flere arrayindeksfejl i dvipng, et værktøj som -konverterer DVI-filer til PNG-grafik, gjorde det muligt for kontektafhængige -angribere, via en særligt fremstillet DVI-fil, at forårsage et lammelsesangreb -(applikationsnedbrud) og muligvis udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version dvipng_1.11-1+lenny1.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 1.13-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.13-1.

- -

Vi anbefaler at du opgraderer din dvipng-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2048.data" -#use wml::debian::translation-check translation="f48b75ad34ae102b80841290f25fb1e48d1cce6b" mindelta="1" diff --git a/danish/security/2010/dsa-2049.wml b/danish/security/2010/dsa-2049.wml deleted file mode 100644 index a944e6d20c2..00000000000 --- a/danish/security/2010/dsa-2049.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Man opdagede at barnowl, en curses-baseret tty-klient til Jabber, IRC, AIM -og Zephyr, var sårbar over for et bufferoverløb via dens "CC:"-håndtering, -hvilket kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.1-4+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 1.5.1-1.

- -

Vi anbefaler at du opgraderer dine barnowl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2049.data" -#use wml::debian::translation-check translation="f48b75ad34ae102b80841290f25fb1e48d1cce6b" mindelta="1" diff --git a/danish/security/2010/dsa-2050.wml b/danish/security/2010/dsa-2050.wml deleted file mode 100644 index 9ab1ce9e5c6..00000000000 --- a/danish/security/2010/dsa-2050.wml +++ /dev/null @@ -1,19 +0,0 @@ -flere sårbarheder - -

Flere lokalt udnytbare sårbarheder er opdaget i KPDF, en PDF-fremviser til -KDE, hvilket muliggjorde udførelse af vilkårlig kode eller lammelsesangreb -(denial of service) hvis brugeren blev narret til at åbne et fabrikeret -PDF-dokument.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 4:3.5.9-3+lenny3.

- -

Den ustabile distribution (sid) indeholder ikke længere kpdf. Erstatningen, -Okular, linker mod PDF-biblioteket poppler.

- -

Vi anbefaler at du opgraderer dine kdegraphics-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2050.data" -#use wml::debian::translation-check translation="f48b75ad34ae102b80841290f25fb1e48d1cce6b" mindelta="1" diff --git a/danish/security/2010/dsa-2051.wml b/danish/security/2010/dsa-2051.wml deleted file mode 100644 index 044d3662144..00000000000 --- a/danish/security/2010/dsa-2051.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - -

Flere lokalt udnytbare sårbarheder er opdaget i PostgreSQL, en -objekt-relations-SQL-database. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2010-1169 - -

    Tim Bunce opdagede at implementeringen af at det procedurale sprog - PL/Perl på utilstrækkelig vis begrænset delmængden af tilladt kode, - hvilket gjorde det muligt for autentificerede brugere at udføre vilkårlig - Perl-kode.

    • - -
  • CVE-2010-1170 - -

    Tom Lane opdagede at implementeringen af det procedurale sprog PL/Tcl på - utilstrækkelig vis begrænsede delmængden af tilladt kode, hvilket gjorde det - muligt for autentificerede brugere at udføre vilkårlig Tcl-kode.

    • - -
  • CVE-2010-1975 - -

    Man opdagede at en upriviligeret bruger kunne nulstille - parameterindstillinger beregnet til superbrugere.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i version -8.3.11-0lenny1. Opdateringen indeholder også en rettelse af -\ -CVE-2010-0442, som oprindelig var planlagt til den den næste -punktopdatering af lenny.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 8.4.4-1 of postgresql-8.4.

- -

Vi anbefaler at du opgraderer dine postgresql-8.3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2051.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2052.wml b/danish/security/2010/dsa-2052.wml deleted file mode 100644 index ac5bd33684e..00000000000 --- a/danish/security/2010/dsa-2052.wml +++ /dev/null @@ -1,25 +0,0 @@ -nullpointerdereference - -

Shawn Emery opdagede at der i MIT Kerberos 5 (krb5), et system til -autentificering af brugere og tjenester på et netværk, var en fejl i -forbindelse med en nullpointerdereference i Generic Security Service -Application Program Interface-biblioteket (GSS-API), som kunne gøre det muligt -for en autentificeret fjernangriber at få enhver serverapplikation til at gå -ned ved hjælp af GSS-API-autentificeringsmekanismen, ved at sende et særligt -fremstillet GSS-API-token med et manglende checksumfelt.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.6.dfsg.4~beta1-5lenny4.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 1.8.1+dfsg-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.8.1+dfsg-3.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2052.data" -#use wml::debian::translation-check translation="64c21f3b8e4d36b17acfa4d48f3a913732ef286b" mindelta="1" diff --git a/danish/security/2010/dsa-2053.wml b/danish/security/2010/dsa-2053.wml deleted file mode 100644 index 0fc94172ed7..00000000000 --- a/danish/security/2010/dsa-2053.wml +++ /dev/null @@ -1,113 +0,0 @@ -rettighedsforøgelse/lammelsesangreb/informationslækage - - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-4537 - -

    Fabian Yamaguchi rapporterede om en manglende kontrol af Ethernet-frames - større end MTU'en i r8169-driveren. Det kunne gøre det muligt for brugere - på det lokale netværk, at få et system til at gå ned, medførende et - lammelsesangreb.

    • - -
  • CVE-2010-0727 - -

    Sachin Prabhu rapporterede om et problem i GFS2-filsystemet. Lokale - brugere kunne udløse en BUG() som ændrede rettighederne på en låst fil, - medførende et lammelsesangreb.

    • - -
  • CVE-2010-1083 - -

    Linus Torvalds rapporterede om et problem i USB-undersystemet, der kunne - gøre det muligt for lokale brugere at få fat i dele af følsom - kernehukommelse.

    • - -
  • CVE-2010-1084 - -

    Neil Brown rapporterede om et problem i Bluetooth-undersystemet, der - kunne gøre det muligt for fjernangribere at overskrive hukommelse gennem - oprettelse af store mængder sockets, medførende et lammelsesangreb.

    • - -
  • CVE-2010-1086 - -

    Ang Way Chuang rapporterede om et problem i DVB-undersystemet til - digitale tv-modtagere. Ved at sende en særligt kodet MPEG2-TS-frame, - kunne en fjernangriber få modtageren til at gå i en uendelig løkke, - medførende et lammelsesangreb.

    • - -
  • CVE-2010-1087 - -

    Trond Myklebust rapporterede om et problem i NFS-undersystemet. En lokal - bruger kunne forårsage en oops ved at sende et fatalt signal under en - filtrukneringshandling, medførende et lammelsesangreb.

    • - -
  • CVE-2010-1088 - -

    Al Viro rapporterede om et problem, hvor automount-symlinks måske ikke - blev fulgt, når LOOKUP_FOLLOW ikke var opsat. Dette har en ukendt - sikkerhedspåvirkning.

    • - -
  • CVE-2010-1162 - -

    Catalin Marinas rapporterede om et problem i tty-undersystemet, der - gjorde det muligt for lokale angribere at forårsage en - kernehukommelseslækage, muligvis medførende et lammelsesangreb.

    • - -
  • CVE-2010-1173 - -

    Chris Guo fra Nokia China samt Jukka Taimisto og Olli Jarva fra - Codenomicon Ltd rapporterede om et problem i SCTP-undersystemet, der gjorde - det muligt for en fjernangriber at forårsage et lammelsesangreb ved hjælp af - en misdannet init-pakke.

    • - -
  • CVE-2010-1187 - -

    Neil Hormon rapporterede om et problem i TIPC-undersystemet. Lokale - brugere kunne forårsage et lammelsesangreb ved hjælp af en en - NULL-pointerdereference, ved at sende datagrammer gennem AF_TIPC før der - blev skiftet til netværkstilstand.

    • - -
  • CVE-2010-1437 - -

    Toshiyuki Okajima rapporterede om en racetilstand i - keyring-undersystemet. Lokale brugere kunne forårsage hukommelseskorruption - via keyctl-kommandoer, der tilgår en keyring som er ved at blive slettet, - medførende et lammelsesangreb.

    • - -
  • CVE-2010-1446 - -

    Wufei rapporterede om et problem med kgdb på PowerPC-arkitekturen, - hvilket gjorde det muligt for lokale brugere at skrive til kernehukommelse. - Bemærk: Dette problem påvirker ikke binærekerneversioner leveret af - Debian. Rettelsen leveres af hensyn til brugere, der opbygger deres egne - kerne fra Debians kildekode.

    • - -
  • CVE-2010-1451 - -

    Brad Spengler rapporterede om et problem på SPARC-arkitekturen, der - gjorde det muligt for lokale brugere at udføre ikke-udførbare - sider.

    • - -
- -

Denne opdateringer indeholder også rettelser til en regression, opstået i -forbindelse med en tidligere opdatering. Se den refererede Debian-fejlside -for flere oplysninger.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.6.26-22lenny1.

- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- -

Kildekodepakken til user-mode-linux blev desuden genopbygget af -kompatibilitetshensyn, for at kunne udnytte denne opdatering. Den -opdaterede pakke version af pakken er 2.6.26-1um-2+22lenny1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2053.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2054.wml b/danish/security/2010/dsa-2054.wml deleted file mode 100644 index accc825c07d..00000000000 --- a/danish/security/2010/dsa-2054.wml +++ /dev/null @@ -1,52 +0,0 @@ -DNS-cacheforgiftning - -

Flere cacheforgiftningssårbarheder er opdaget i BIND. Sårbarhederne er kun -til stede hvis DNSSEC-validering er aktiveret og trust anchors er installeret, -hvilket ikke er tilfældet som standard.

- -

Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -

  • CVE-2010-0097 -

    BIND validerede ikke på korrekt vis DNSSEC NSEC-poster, hvilket gjorde det - muligt for fjernangribere at tilføje flaget Authenticated Data (AD) til et - forfalsket NXDOMAIN-svar vedrørende et eksisterende domæne.

    • - -
  • CVE-2010-0290 -

    Når fabrikerede svar indeholdene CNAME- eller DNAME-poster blev behandlet, - var BIND udsat for en DNS-cacheforgiftningssårbarhed, forudsat at - DNSSEC-validering var aktiveret og trust anchors installeret.

    • - -
  • CVE-2010-0382 -

    Når visse svar indeholdende out-of-bailiwick-data blev behandlet, var BIND - udsat for en DNS-cacheforgiftningssårbarhed, forudsat at DNSSEC-validering var - aktiveret og trust anchors installeret.

    • -
- -

Desuden introducerer opdateringen en mere konservativ opslagsvirkemåde ved -gentagne DNSSEC-valideringsfejl, hvilket tager hånd om rul om på ryggen og -dø-fænomenet. Den nye version understøtter også den kryptografiske -algoritme, som anvendes af den kommende signerede ICANN DNS-root RSASHA256 fra -RFC 5702) og NSEC3-sikre denial of existence-algoritme (nægtelse af -eksistens), som anvendes af nogle signerede domæner på øverste niveau.

- -

Opdateringen er baseret på en ny opstrømsversion af BIND 9, 9.6-ESV-R1. -På grund af ændringernes omfang, anbefales det at være ekstra omhyggelig når -opdateringen installeres. På grund af ABI-ændringer, medfølger nye -Debian-pakker, og opdateringen skal installeres med apt-get -dist-upgrade (eller en tilsvarende aptitude-kommando).

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1:9.6.ESV.R1+dfsg-0+lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:9.7.0.dfsg-1.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2054.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2055.wml b/danish/security/2010/dsa-2055.wml deleted file mode 100644 index 30e9a38c881..00000000000 --- a/danish/security/2010/dsa-2055.wml +++ /dev/null @@ -1,22 +0,0 @@ -makroudførelse - -

Man opdagede at OpenOffice.org, en komplet kontorpakke, der næsten uden -videre kan erstatte Microsoft® Office, ikke på korrekt vis håndterede -python-makroer indlejret i et office-dokument. Dermed var det muligt for en -angriber, med en brugers hjælp at udføre vilkårlig kode i visse -brugssituationer med komponenten til visning af python-makroer.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1:2.4.1+dfsg-1+lenny7.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:3.2.1-1.

- -

Vi anbefaler at du opgraderer dine openoffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2055.data" -#use wml::debian::translation-check translation="7bf510075a2785f07b503d643b32c24bf672adcc" mindelta="1" diff --git a/danish/security/2010/dsa-2056.wml b/danish/security/2010/dsa-2056.wml deleted file mode 100644 index 85caf718f01..00000000000 --- a/danish/security/2010/dsa-2056.wml +++ /dev/null @@ -1,22 +0,0 @@ -manglende fornuftighedskontrol af inddata - -

Man opdagede at i ZoneCheck, et værktøj til at kontrollere DNS-opsætninger, -udførte CGI-skriptet ikke tilstrækkelig fornuftighedskontrol af inddata fra -brugere. En angriber kunne udnytte sig af problemet og overføre skriptkode, -med det formål at udføre skripter på tværs af websteder.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.0.4-13lenny1.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 2.1.1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1.1-1.

- -

Vi anbefaler at du opgraderer dine zonecheck-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2056.data" -#use wml::debian::translation-check translation="740e6c76789e8b4b3fb6d0fd10922021ea051bd0" mindelta="1" diff --git a/danish/security/2010/dsa-2057.wml b/danish/security/2010/dsa-2057.wml deleted file mode 100644 index bca465abd6b..00000000000 --- a/danish/security/2010/dsa-2057.wml +++ /dev/null @@ -1,53 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i databaseserveren MySQL. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    -
  • CVE-2010-1626 - -

    MySQL gjorde det muligt for lokale brugere at slette data og indeksfiler -tilhørende en anden brugers MyISAM-tabel gennem et symlinkangreb i forbindelse -med DROP TABLE-kommandoen.

    • - - -
  • CVE-2010-1848 - -

    MySQL kontrollerede ikke tabelnavnparameteret hørende til en -COM_FIELD_LIST-kommandopakke for validitet og overensstemmelse med standarderne -for acceptable tabelnavne. Dermed kunne en autentificeret bruger med -SELECT-rettigheder på en tabel, få adgang til enhver anden tabels -feltdefinitionern i alle andre databaser, og potentielt andre MySQL-instanser, -tilgængelige fra serverens filsystem.

    • - - -
  • CVE-2010-1849 - -

    MySQL kunne narres til at læse pakker i al uendelighed, hvis den modtog en -pakke større end den maksimale størrelse på en pakke. Det medførte højt -CPU-forbrug og dermed lammelsesangrebstilstande.

    • - - -
  • CVE-2010-1850 - -

    MySQL var sårbar over for et bufferoverløbsangreb på grund af der ikke blev -udført grænsekontroller på et tabelnavnparameter hørende til en -COM_FIELD_LIST-kommandopakke. Ved at sende lange data som tabelnavn, -løb en buffer over, hvilket kunne udnyttes af en autentificeret bruger til at -indsprøjte ondsindet kode.

    • - -
- - -

I den stabile distribution (lenny), er disse problemer rettet i -version 5.0.51a-24+lenny4

- -

Distributionen testing (squeeze) og den unstable distribution (sid) -indeholder ikke længere mysql-dfsg-5.0.

- -

Vi anbefaler at du opgraderer din mysql-dfsg-5.0-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2057.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2058.wml b/danish/security/2010/dsa-2058.wml deleted file mode 100644 index a431bb1aa32..00000000000 --- a/danish/security/2010/dsa-2058.wml +++ /dev/null @@ -1,50 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i GNU C Library (alias glibc) og dets -aflæggere. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- - -
    -
  • CVE-2008-1391, CVE-2009-4880, CVE-2009-4881 - -

    Maksymilian Arciemowicz opdagede at GNU C-biblioteket ikke på korrekt vis - håndterede heltalsoverløb i strfmon-funktionsfamilien. Hvis en bruger eller - automatiseret system blev narret til at behandle en særligt fremstillet - formatstring, kunne en fjernangriber få applikationer til at gå ned, - medførende et lammelsesangreb (denial of service).

    • - - -
  • CVE-2010-0296 - -

    Jeff Layton og Dan Rosenberg opdagede at GNU C-biblioteket ikke på - korrekt vis håndterede newlines i mntent-funktionsfamilien. Hvis en lokal - angriber havde mulighed for at sprøjte newlines ind i et mount-entry gennem - andre sårbare mount-hjælpere, kunne vedkommende afbryde systemet eller - muligvis få rootrettigheder.

    • - - -
  • CVE-2010-0830 - -

    Dan Rosenberg opdagede at GNU C-biblioteket ikke på korrekt vis - validerede visse ELF-programheadere. Hvis en bruger eller automatiseret - system blev narret til at verificere et særligt fremstillet ELF-program, - kunne en fjernangriber udføre vilkårlig kode med brugerrettigheder.

    • -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.7-18lenny4 af glibc-pakken.

- -

I distributionen testing (squeeze), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer blevet rettet i -version 2.1.11-1 af eglibc-pakken.

- -

Vi anbefaler at du opgraderer dine glibc or eglibc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2058.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2059.wml b/danish/security/2010/dsa-2059.wml deleted file mode 100644 index 87cc89b37fe..00000000000 --- a/danish/security/2010/dsa-2059.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Man opdagede at PCSCD, en dæmon beregnet til at tilgå smartcards, var sårbar -over for et bufferoverløb, hvilket gjorde det muligt for en lokal angriber at -forøge sine rettigheder til root.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.4.102-1+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.5.4-1.

- -

Vi anbefaler at du opgraderer din pcsc-lite-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2059.data" -#use wml::debian::translation-check translation="339bbf9461dba9ba8fadb49407d3038742c00e47" mindelta="1" diff --git a/danish/security/2010/dsa-2060.wml b/danish/security/2010/dsa-2060.wml deleted file mode 100644 index c6f414d8831..00000000000 --- a/danish/security/2010/dsa-2060.wml +++ /dev/null @@ -1,23 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Stefan Esser opdagede at cacti, en frontend til rrdtool vil overvågning af -systemer og tjenester, ikke på korrekt vis validerede brugerinddata overført til -rra_id-parameteret i skriptet graph.php. På grund af at inddata til $_REQUEST -blev kontroller, man inddata til $_GET blev anvendt, kunne uautentificeret -angriber udføre SQL-indsprøjtninger gennem en fabrikeret rra_id $_GET-værdi -kombineret med en gyldig rra_id $_POST- eller $_COOKIE-værdi.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.8.7b-2.1+lenny3.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.8.7e-4.

- -

Vi anbefaler at du opgraderer dine cacti-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2060.data" -#use wml::debian::translation-check translation="1a89734a6fb00861e807bf1bd11b6e1e30d1e764" mindelta="1" diff --git a/danish/security/2010/dsa-2061.wml b/danish/security/2010/dsa-2061.wml deleted file mode 100644 index fb45359e64f..00000000000 --- a/danish/security/2010/dsa-2061.wml +++ /dev/null @@ -1,22 +0,0 @@ -hukommelseskorruption - -

Jun Mao opdagede at Samba, en implementering af SMB-/CIFS-protokollen til -Unix-systemer, ikke på korrekt vis håndterede visse offset-værdier, når der -blev behandlet chained SMB1-pakker. Dermed var det muligt for en -uautentificeret angriber at skrive til et vilkårligt sted i hukommelsen, -medførende en mulighed for at udføre vilkårlig kode med rootrettigheder eller -udføre et lammelsesangreb (denial of service) ved at få sambadæmonen til at gå -ned.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.2.5-4lenny12.

- -

Problemet påvirker ikke versionerne i distributionen i testing (squeeze) og -den ustabile distribution (sid).

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2061.data" -#use wml::debian::translation-check translation="dda59a527ea70166e95d5d28bf712840d7516732" mindelta="1" diff --git a/danish/security/2010/dsa-2062.wml b/danish/security/2010/dsa-2062.wml deleted file mode 100644 index f7369b6330b..00000000000 --- a/danish/security/2010/dsa-2062.wml +++ /dev/null @@ -1,23 +0,0 @@ -manglende fornuftighedskontrol af inddata - - -

Anders Kaseorg og Evan Broder opdagede en sårbarhed i sudo, et program der -har til formål at lade en systemadministrator give begrænsede rootrettigheder -til brugere, som gjorde det muligt for en bruger med sudorettigheder i visse -programmer, at anvende disse med en ubetroet PATH-værdi. Det kunne muligvis -føre til at visse bevidste begrænsninger blev omgået, så som indstillingen af -secure_path.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.6.9p17-3

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.7.2p7-1, og vil om kort tid blive overført til distributionen testing -(squeeze).

- -

Vi anbefaler at du opgraderer din sudo-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2062.data" -#use wml::debian::translation-check translation="dda59a527ea70166e95d5d28bf712840d7516732" mindelta="1" diff --git a/danish/security/2010/dsa-2063.wml b/danish/security/2010/dsa-2063.wml deleted file mode 100644 index b83b8e2e626..00000000000 --- a/danish/security/2010/dsa-2063.wml +++ /dev/null @@ -1,21 +0,0 @@ -usikker midlertidig fil - - -

Dan Rosenberg opdagede at pmount, en indpakning af standard-mount-programmet -som giver almindelige brugere adgang til at mounte fjernbare enheder uden at de -er anført i /etc/fstab, oprettede filer i /var/lock på usikker vis. En lokal -angriber kunne overskrive vilkårlige filer gennem et symlink-angreb.

- -

I den stabile distribution (lenny), er dette problem rettet i version -0.9.18-2+lenny1

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.9.23-1, og vil om kort tid blive overført til distributionen testing -(squeeze).

- -

Vi anbefaler at du opgraderer din pmount-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2063.data" -#use wml::debian::translation-check translation="dda59a527ea70166e95d5d28bf712840d7516732" mindelta="1" diff --git a/danish/security/2010/dsa-2064.wml b/danish/security/2010/dsa-2064.wml deleted file mode 100644 index 4b64d79f14b..00000000000 --- a/danish/security/2010/dsa-2064.wml +++ /dev/null @@ -1,69 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø til -XUL-applikationer. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2010-0183 - -

    wushi opdagede at ukorrekt pointerhåndtering i koden til - behandling af frames, kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2010-1196 - -

    Nils opdagede at et heltalsoverløb i DOM-node-fortolkning kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2010-1197 - -

    Ilja von Sprundel opdagede at ukorrekt fortolkning af - Content-Disposition-headere kunne føre til udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2010-1198 - -

    Microsoft-ingeniører opdagede at ukorrekt hukommelseshåndtering i - samspillet mellem browserplugins kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2010-1199 - -

    Martin Barbella opdagede at et heltalsoverløb i XSLT-node-fortolkning - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2010-1200 - -

    Olli Pettay, Martijn Wargers, Justin Lebar, Jesse Ruderman, Ben Turner, - Jonathan Kew og David Humphrey opdagede nedbrud i layoutmaskinen, hvilket - måske kunne muliggøre udførelse af vilkårlig kode.

    • - -
  • CVE-2010-1201 - -

    boardraider og stedenon opdagede nedbrud i layoutmaskinen, - hvilket måske kunne gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2010-1202 - -

    Bob Clary, Igor Bukanov, Gary Kwong og Andreas Gal opdagede nedbrud i - JavaScript-maskinen, hvilket måske kunne gøre det muligt at udføre vilkårlig - kode.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.9.0.19-2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.1.10-1

- -

I den eksperimentelle distribution, er disse problemer rettet i -version 1.9.2.4-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2064.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2065.wml b/danish/security/2010/dsa-2065.wml deleted file mode 100644 index 46cf11ee44e..00000000000 --- a/danish/security/2010/dsa-2065.wml +++ /dev/null @@ -1,19 +0,0 @@ -flere sårbarheder - -

To sikkerhedsproblemer er opdaget i koden til understøttelse af -DCC-protokollen i kvirc, en KDE-baseret næste generations-IRC-klient, hvilket -muliggjorde overskrivelse af lokale filer gennem mappegennemløb og udførelse -af vilkårlig kode gennem et formatstrengsangreb.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 3.4.0-5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.0.0~svn4340+rc3-1.

- -

Vi anbefaler at du opgraderer dine kvirc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2065.data" -#use wml::debian::translation-check translation="a8af3983301a8175d884b93d03fdf0ff51c062fa" mindelta="1" diff --git a/danish/security/2010/dsa-2066.wml b/danish/security/2010/dsa-2066.wml deleted file mode 100644 index 20b2296338b..00000000000 --- a/danish/security/2010/dsa-2066.wml +++ /dev/null @@ -1,20 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i -netværkstrafik-analyseringsprogrammet Wireshark. Man opdagede at -null-pointerdereferencer, bufferoverløb og uendelige løkker i dissektorerne til -SMB, SMB PIPE, ASN1.1 og SigComp kunne føre til lammelsesangreb (denial of -service) eller udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -1.0.2-3+lenny9.

- -

I den kommande stabile distribution (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 1.2.9-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2066.data" -#use wml::debian::translation-check translation="89eaf2d81c1d1ade692dd8ff58cade490b81bb68" mindelta="1" diff --git a/danish/security/2010/dsa-2067.wml b/danish/security/2010/dsa-2067.wml deleted file mode 100644 index 4708b087130..00000000000 --- a/danish/security/2010/dsa-2067.wml +++ /dev/null @@ -1,49 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder blev opdaget i mahara, en elektronisk portfolio, weblog -og CV-program. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2010-1667 - -

    Flere sider udførte utilstrækkelig fornuftighedskontrol af data, hvilket - gjorde dem sårbare over for angreb i forbindelse med udførelse af skripter - på tværs af websteder.

    • - -
  • CVE-2010-1668 - -

    Flere formularer manglede beskyttelse med angreb i form af - forespørgselsforfalskning på tværs af websteder, hvilket derfor gjorde dem - sårbare.

    • - -
  • CVE-2010-1670 - -

    Gregor Anzelj opdagede at det var muligt, ved et uheld at opsætte en - installering af mahara, så der var adgang til en anden brugers konto uden en - adgangskode.

    • - -
  • CVE-2010-2479 - -

    Visse Internet Explorer-specifikke sårbarheder i forbindelse med - udførelse af skripter på tværs af websteder, blev opdaget i HTML Purifier, - som mahara-pakken indeholder en kopi af.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet version -1.0.4-4+lenny6.

- -

I distributionen testing (squeeze), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.2.5.

- -

Vi anbefaler at du opgraderer dine mahara-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2067.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2068.wml b/danish/security/2010/dsa-2068.wml deleted file mode 100644 index 49664d728de..00000000000 --- a/danish/security/2010/dsa-2068.wml +++ /dev/null @@ -1,20 +0,0 @@ -bufferoverløb - - -

Matt Giuca opdagede et bufferoverløb i python-cjson, en hurtig -JSON-encoder/-decoder til Python. Bufferoverløbet gjorde det muligt for en -fjernangriber at forårsage et lammelsesangreb (applikationsnedbrud) gennem et -særligt fremstillet Python-skript.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.5-1+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid) er -dette problem rettet i version 1.0.5-3.

- -

Vi anbefaler at du opgraderer din python-cjson-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2068.data" -#use wml::debian::translation-check translation="c97e1f86914227517555bf95c56fcf968ebe704b" mindelta="1" diff --git a/danish/security/2010/dsa-2069.wml b/danish/security/2010/dsa-2069.wml deleted file mode 100644 index a189b75dd9c..00000000000 --- a/danish/security/2010/dsa-2069.wml +++ /dev/null @@ -1,18 +0,0 @@ -lammelsesangreb - -

Man opdagede at ZNC, en IRC-bouncer, var sårbar over for lammelsesangreb -(denial of service) gennem en NULL-pointer-dereference, når der blev bedt om -trafikstatistik, mens der var en uautoriseret forbindelse.

- -

I den stabile distribution (lenny), er problemet rettet i version -0.058-2+lenny4.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -problemet rettet i version 0.090-2.

- -

Vi anbefaler at du opgraderer dine znc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2069.data" -#use wml::debian::translation-check translation="57b5adeb92f5ac87a27700ca2f97b7a7d9c14d51" mindelta="1" diff --git a/danish/security/2010/dsa-2070.wml b/danish/security/2010/dsa-2070.wml deleted file mode 100644 index eb0372f3b2a..00000000000 --- a/danish/security/2010/dsa-2070.wml +++ /dev/null @@ -1,20 +0,0 @@ -flere sårbarheder - -

Robert Swiecki opdagede flere sårbarheder i skrifttypebiblioteket FreeType, -hvilket kunne føre til udførelse af vilkårlig kode, hvis en misdannet -skrifttypefil blev behandlet.

- -

Der blev også fundet flere bufferoverløb i de medfølgende demoprogrammer.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.3.7-2+lenny2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.4.0-1.

- -

Vi anbefaler at du opgraderer dine freetype-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2070.data" -#use wml::debian::translation-check translation="be6f9fc87f76a961142ecf88f4c4ec31adad17c6" mindelta="1" diff --git a/danish/security/2010/dsa-2071.wml b/danish/security/2010/dsa-2071.wml deleted file mode 100644 index e446e77b908..00000000000 --- a/danish/security/2010/dsa-2071.wml +++ /dev/null @@ -1,18 +0,0 @@ -bufferoverløb - -

Dyon Balding opdagede bufferoverløb i lydbiblioteket MikMod, hvilket kunne -føre til udførelse af vilkårlig kode, hvis en bruger blev narret til at åbne -misdannede Impulse Tracker- eller Ultratracker-lydfiler.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 3.1.11-6+lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.1.11-6.2.

- -

Vi anbefaler at du opgraderer dine libmikmod-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2071.data" -#use wml::debian::translation-check translation="be6f9fc87f76a961142ecf88f4c4ec31adad17c6" mindelta="1" diff --git a/danish/security/2010/dsa-2072.wml b/danish/security/2010/dsa-2072.wml deleted file mode 100644 index 2d2da6e85bb..00000000000 --- a/danish/security/2010/dsa-2072.wml +++ /dev/null @@ -1,35 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i libpng, et bibliotek til læsning og skrivning -af PNG-filer. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2010-1205 - -

    Der blev opdaget et bufferoverløb i libpng, som gjorde det muligt for - fjernangribere at udføre vilkårlig kode gennem et PNG-billede, der udløste - yderligere en datarække.

    • - -
  • CVE-2010-2249 - -

    Man opdagede en hukommelseslækage i libpng, som gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (hukommelsesforbrug og - applikationsnedbrud) gennem et PNG-billede indeholdende misdannede - Physical Scale-chunks (også kendt som sCAL).

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.2.27-2+lenny4.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid) er -disse problemer rettet i version 1.2.44-1.

- -

Vi anbefaler at du opgraderer din libpng-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2072.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2073.wml b/danish/security/2010/dsa-2073.wml deleted file mode 100644 index d43d0255333..00000000000 --- a/danish/security/2010/dsa-2073.wml +++ /dev/null @@ -1,21 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Florian Streibelt rapporterede om en mappegennemløbssårbarhed i den måde, -postlisteprogrammet Mailing List Managing Made Joyful håndterer behandlede -brugeres forespørgsler med ophav fra den administrative webgrænseflade, uden -tilstrækkelig fornuftighedskontrol af inddata. En fjern, autentificeret -bruger, kunne anvende disse fejl til at skrive og/eller slette vilkårlige -filer.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.2.15-1.1+lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.2.17-1.1.

- -

Vi anbefaler at du opgraderer din mlmmj-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2073.data" -#use wml::debian::translation-check translation="ee8209b492f342cd3670caabb26cca4142198f25" mindelta="1" diff --git a/danish/security/2010/dsa-2074.wml b/danish/security/2010/dsa-2074.wml deleted file mode 100644 index 5d6af83d85e..00000000000 --- a/danish/security/2010/dsa-2074.wml +++ /dev/null @@ -1,19 +0,0 @@ -heltalsunderløb - -

Aki Helin opdagede et heltalsunderløb i ncompress, de oprindelige -Lempel-Ziv-compress/uncompress-programmer. Det kunne føre til udførelse af -vilkårlig kode, når man prøvede at dekomprimere et LZW-komprimeret -gzip-arkiv.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 4.2.4.2-1+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er dette problem rettet i version 4.2.4.3-1.

- -

Vi anbefaler at du opgraderer din ncompress-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2074.data" -#use wml::debian::translation-check translation="4309da261bdb35bfd245919c1763bd4caaf710de" mindelta="1" diff --git a/danish/security/2010/dsa-2075.wml b/danish/security/2010/dsa-2075.wml deleted file mode 100644 index 2e859c9816d..00000000000 --- a/danish/security/2010/dsa-2075.wml +++ /dev/null @@ -1,71 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø til -XUL-applikationer. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2010-0182 - -

    Wladimir Palant opdagede at sikkerhedskontroller i XML-behandling ikke - blev håndhævet på tilstrækkelig vis.

    • - -
  • CVE-2010-0654 - -

    Chris Evans opdagede at usikker CSS-håndtering kunne føre til læsning af - data på tværs af domænegrænser.

    • - -
  • CVE-2010-1205 - -

    Aki Helin opdagede et bufferoverløb i den interne kopi af libpng, hvilket - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2010-1208 - -

    regenrecht opdagede at ukorrekt hukommelseshåndtering i - DOM-fortolkningen kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2010-1211 - -

    Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, - Tobias Markus og Daniel Holbert opdagede nedbrud i layoutmaskinen, hvilket - måske kunne gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2010-1214 - -

    JS3 opdagede et heltalsoverløb i plugin-koden, hvilket kunne føre - til udførelse af vilkårlig kode.

    • - -
  • CVE-2010-2751 - -

    Jordi Chancel opdagede at location kunne forfalskes til at ligne en - sikker side.

    • - -
  • CVE-2010-2753 - -

    regenrecht opdagede at ukorrekt hukommelseshåndtering i - XUL-fortolkning kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2010-2754 - -

    Soroush Dalili opdagede en informationslækage i - skriptbehandlingen.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.9.0.19-3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.1.11-1.

- -

I den eksperimentelle distribution, er disse problemer rettet i -version 1.9.2.7-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2075.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2076.wml b/danish/security/2010/dsa-2076.wml deleted file mode 100644 index 7e943aab681..00000000000 --- a/danish/security/2010/dsa-2076.wml +++ /dev/null @@ -1,20 +0,0 @@ -anvendelse efter frigivelse - -

Man opdagede at GnuPG 2 anvendte en frigivet pointer, når en signatur blev -verificeret eller der blev importeret et certifikat med mange Subject Alternate -Names, hvilket potentielt kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.0.9-3.1+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.14-2.

- -

GnuPG 1 (i gnupg-pakken) er ikke påvirket af dette problem.

- -

Vi anbefaler at du opgraderer dine gnupg2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2076.data" -#use wml::debian::translation-check translation="644d2f4409dc45ac0d2f82fd04bd81c67d177045" mindelta="1" diff --git a/danish/security/2010/dsa-2077.wml b/danish/security/2010/dsa-2077.wml deleted file mode 100644 index c51a14bb164..00000000000 --- a/danish/security/2010/dsa-2077.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

To fjernudnytbare sårbarheder er opdaget i OpenLDAP. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2010-0211 - -

    Funktionen slap_modrdn2mods i modrdn.c i OpenLDAP 2.4.22 kontrollerer - ikke returværdien fra et kald til funktionen smr_normalize, hvilket gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb - (segmenteringsfejl) og muligvis udføre vilkårlig kode gennem et modrdn-kald, - med en RDN-streng indeholdende ugyldige UTF-8-sekvenser.

    • - -
  • CVE-2010-0212 - -

    OpenLDAP 2.4.22 gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (nedbrud) gennem et modrdn-kald med en - RDN-destinationsstreng på nul tegn.

    • - -
- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.4.11-1+lenny2. (Den manglende opdatering til mips-arkitekturen vil -snart blive gjort tilgængelig.)

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.23-1.

- -

Vi anbefaler at du opgraderer dine openldap-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2077.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2078.wml b/danish/security/2010/dsa-2078.wml deleted file mode 100644 index 0f1100b92ae..00000000000 --- a/danish/security/2010/dsa-2078.wml +++ /dev/null @@ -1,18 +0,0 @@ -programmeringsfejl - -

Man opdagede at ukorrekt fortolkning af CTCP-kommandoer i kvirc, en -KDE-baseret IRC-klient, kunne føre til udførelse af vilkårlige IRC-kommandoer -mod andre brugere.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2:3.4.0-6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4:4.0.0-3.

- -

Vi anbefaler at du opgraderer din kvirc-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2078.data" -#use wml::debian::translation-check translation="370ca2b19e73d12a44cffd73b3c1e84982ae71ae" mindelta="1" diff --git a/danish/security/2010/dsa-2079.wml b/danish/security/2010/dsa-2079.wml deleted file mode 100644 index 8c253b03d60..00000000000 --- a/danish/security/2010/dsa-2079.wml +++ /dev/null @@ -1,37 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i mapserver, et CGI-baseret webframework til -offentliggørelse af spatiale data og interaktive kortapplikationer. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2010-2539 - -

    Et stakbaseret bufferoverløb i funktionen msTmpFile, kunne føre til - udførelse af vilkårlig kode under visse omstændigheder.

    • - -
  • CVE-2010-2540 - -

    Man opdagede at CGI-debug-kommandolinjeparametrene, der som standard er - aktiveret, er usikre og kunne gøre det muligt for en fjernangriber at - udføre vilkårlig kode. De er derfor blevet blevet deaktiveret som - standard.

    • - -
- -

I den stabile distribution (lenny), er dette problem rettet i -version 5.0.3-3+lenny5.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 5.6.4-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.6.4-1.

- -

Vi anbefaler at du opgraderer dine mapserver-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2079.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2080.wml b/danish/security/2010/dsa-2080.wml deleted file mode 100644 index ec6d41e3a0a..00000000000 --- a/danish/security/2010/dsa-2080.wml +++ /dev/null @@ -1,19 +0,0 @@ -flere sårbarheder - -

Flere sikkerhedsproblemer er opdaget i Ghostscript, en -PostScript-/PDF-fortolker under GPL, der måske kunne føre til udførelse af -vilkårlig kode, hvis en bruger behandlede en misdannet PDF-fil eller -PostScript-fil.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 8.62.dfsg.1-3.2lenny4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 8.71~dfsg-4.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2080.data" -#use wml::debian::translation-check translation="370ca2b19e73d12a44cffd73b3c1e84982ae71ae" mindelta="1" diff --git a/danish/security/2010/dsa-2081.wml b/danish/security/2010/dsa-2081.wml deleted file mode 100644 index c63ba11a79f..00000000000 --- a/danish/security/2010/dsa-2081.wml +++ /dev/null @@ -1,19 +0,0 @@ -bufferoverløb - -

Tomas Hoger opdagede at opstrøms rettelse af -\ -CVE-2009-3995 var utilstrækkelig. Med opdatering leveres den korrigerede -pakke.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.1.11-6.0.1+lenny1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.1.11-6.3.

- -

Vi anbefaler at du opgraderer dine libmikmod-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2081.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2082.wml b/danish/security/2010/dsa-2082.wml deleted file mode 100644 index e98ae506adb..00000000000 --- a/danish/security/2010/dsa-2082.wml +++ /dev/null @@ -1,17 +0,0 @@ -bufferoverløb - -

Man opdagede at et bufferoverløb i MIME-biblioteket GMime, kunne føre til -udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.2.22-2+lenny2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.2.25-1.1.

- -

Vi anbefaler at du opgraderer dine gmime2.2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2082.data" -#use wml::debian::translation-check translation="370ca2b19e73d12a44cffd73b3c1e84982ae71ae" mindelta="1" diff --git a/danish/security/2010/dsa-2083.wml b/danish/security/2010/dsa-2083.wml deleted file mode 100644 index 97da5d88874..00000000000 --- a/danish/security/2010/dsa-2083.wml +++ /dev/null @@ -1,19 +0,0 @@ -manglende fornuftighedskontrol af inddata - -

Man opdagede at moin, en python-klon af WikiWiki, ikke på tilstrækkelig vis -fornuftighedskontrollerer parametre, når de overføres til funktionen add_msg. -Dermed var det muligt for en fjernangriber at udføre på tværs af websteder -(XSS), for eksempel gennem skabelonparameteret.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.7.1-3+lenny5.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.9.3-1.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2083.data" -#use wml::debian::translation-check translation="ff0f64b4bd2b829177c77628b94979dbfa9b452e" mindelta="1" diff --git a/danish/security/2010/dsa-2084.wml b/danish/security/2010/dsa-2084.wml deleted file mode 100644 index 7d4dcbca516..00000000000 --- a/danish/security/2010/dsa-2084.wml +++ /dev/null @@ -1,17 +0,0 @@ -heltalsoverløbs - -

Kevin Finisterre opdagede at flere heltalsoverløb i TIFF-biblioteket kunne -føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.8.2-11.3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.9.4-1.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2084.data" -#use wml::debian::translation-check translation="ff0f64b4bd2b829177c77628b94979dbfa9b452e" mindelta="1" diff --git a/danish/security/2010/dsa-2085.wml b/danish/security/2010/dsa-2085.wml deleted file mode 100644 index e8d7252c3b2..00000000000 --- a/danish/security/2010/dsa-2085.wml +++ /dev/null @@ -1,24 +0,0 @@ -manglende fornuftighedskontrol af inddata - -

Man opdagede at der i lftp, en HTTP/FTP-klient til kommandolinjen, ikke var -korrekt validering af det filnavn, som blev leveret af serveren gennem headeren -Content-Disposition; angribere kunne udnytte denne fejl, ved at foreslå et -filnavn, de ønskede overskrivet på klientmaskinen, og dermed muligvis udføre -vilkårlig kode (for eksempel hvis angriberen valgte at skrive en dot-fil i en -home-mappe).

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.7.3-1+lenny1.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 4.0.6-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.0.6-1.

- -

Vi anbefaler at du opgraderer dine lftp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2085.data" -#use wml::debian::translation-check translation="840761c21841679f2d7c2932990bc8565e91fbb9" mindelta="1" diff --git a/danish/security/2010/dsa-2086.wml b/danish/security/2010/dsa-2086.wml deleted file mode 100644 index f926439177f..00000000000 --- a/danish/security/2010/dsa-2086.wml +++ /dev/null @@ -1,31 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget Avahi mDNS/DNS-SD-dæmonen. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-0758 - -

    Rob Leslie opdagede en lammelsesangrebssårbarhed (denial of service) i - koden, der anvendes til at reflektere unicast mDNS-trafik.

    • - -
  • CVE-2010-2244 - -

    Ludwig Nussel opdagede en lammelsesangrebssårbarhed i behandlingen af - misdannede DNS-pakker.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 0.6.23-3lenny2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.6.26-1.

- -

Vi anbefaler at du opgraderer dine Avahi-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2086.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2087.wml b/danish/security/2010/dsa-2087.wml deleted file mode 100644 index 1c738b9235a..00000000000 --- a/danish/security/2010/dsa-2087.wml +++ /dev/null @@ -1,17 +0,0 @@ -programmeringsfejl - -

Man opdagede at en programmeringsfejl i arkivtesttilstanden i cabextract, et -program til udpakning af Microsoft Cabinet-filer, kunne føre til udførelse af -vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.2-3+lenny1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din cabextract-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2087.data" -#use wml::debian::translation-check translation="840761c21841679f2d7c2932990bc8565e91fbb9" mindelta="1" diff --git a/danish/security/2010/dsa-2088.wml b/danish/security/2010/dsa-2088.wml deleted file mode 100644 index 090bf1fbe0f..00000000000 --- a/danish/security/2010/dsa-2088.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende fornuftighedskontrol af inddata - -

Man opdagede at wget, et kommandolinjeværktøj til hentning af filer fra WWW, -anvendte serverleverede filnavne, når der blev oprettet lokale filer. Det kunne -føre til udførelse af kode i visse situationer.

- -

Efter denne opdatering vil wget ignorere serverleverede filnavne. Du kan gå -tilbage til den gamle virkemåde i tilfælde, hvor det ikke er ønskeligt, ved at -starte wget med det nye parameter --use-server-file-name.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.11.4-2+lenny2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer din wget-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2088.data" -#use wml::debian::translation-check translation="5e9f4dcc8d5965c3e99ab295b94399a4d56d4bea" mindelta="1" diff --git a/danish/security/2010/dsa-2089.wml b/danish/security/2010/dsa-2089.wml deleted file mode 100644 index e730f4b3c78..00000000000 --- a/danish/security/2010/dsa-2089.wml +++ /dev/null @@ -1,50 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare er opdaget i PHP 5, en hypertext præprocesser. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2010-1917 - -

    Funktionen fnmatch kunne misbruges til at udføre lammelsesangreb (ved at - få fortolkeren til at gå ned) ved hjælp af et stakoverløb.

    • - -
  • CVE-2010-2225 - -

    Unserialiser'en SplObjectStorage gjorde det muligt for angribere at - udføre vilkårlig kode gennem serialiserede data, ved hjælp af en - sårbarhed i forbindelse med anvendelse efter frigivelse.

    • - -
  • CVE-2010-3065 - -

    Standardseraliseren til sessioner håndterede ikke på korrekt vis en - særlig markør, hvilket gjorde det muligt for en angriber at indsprøjte - vilkårlige variable ind i en session og muligvis udnytte sårbarheder i - unserialiser'en.

    • - -
  • CVE-2010-1128 - -

    Hvad angår denne sårbarhed (forudsigelse entropi i Linear Congruential - Generator, som anvendes til at generere sessionsid'er) anser vi ikke - opstrøms løsning for at være tilstrækkelig. Det anbefales at udkommentere - indstillingerne session.entropy_file og session.entropy_length - i php.ini-filerne. Yderligere forberedringer kan opnå ved at sætte - session.hash_function til 1 (en) og forøge værdien i - session.entropy_length.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i version -5.2.6.dfsg.1-1+lenny9.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2089.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2090.wml b/danish/security/2010/dsa-2090.wml deleted file mode 100644 index 0f379873899..00000000000 --- a/danish/security/2010/dsa-2090.wml +++ /dev/null @@ -1,24 +0,0 @@ -ukorrekt fornuftighedskontrol af brugerinddata - -

En stakoverløbssårbarhed blev fundet i socat, der gør det muligt for en -angriber at udføre vilkårlig kode med rettighederne hørende til processen -socat.

- -

Denne sårbarhed kunne kun udnyttes, når en angriber havde mulighed for at -indsprøjte mere end 512 bytes data i socats parameter.

- -

En sårbar situation kunne være et CGI-skript, der læser data fra klienter -og anvender (dele af) disse data som parameter til socat-kald.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.6.0.1-1+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.7.1.3-1.

- -

Vi anbefaler at du opgraderer din socat-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2090.data" -#use wml::debian::translation-check translation="a09d201150ef5c15f02495e245a513c74cac8539" mindelta="1" diff --git a/danish/security/2010/dsa-2091.wml b/danish/security/2010/dsa-2091.wml deleted file mode 100644 index 138c792e94c..00000000000 --- a/danish/security/2010/dsa-2091.wml +++ /dev/null @@ -1,27 +0,0 @@ -intet brugerspecifikt token implementeret - -

SquirrelMail, en webmailapplikation, ikke anvender et brugerspecifikt token -i webformularer. Dermed kunne en fjernangriber udføre et -forespørgselsforfalskningsangreb (CSRF). Angriberen kunne måske, blandt andet -kapre autentificeringen af ikke-angivne ofre og sende meddelelser eller ændre -brugeropsætningen, ved at narre offeret til at følge et link kontrolleret af -gerningsmanden.

- -

Desuden er et lammelsesangreb (denial of service) blevet rettet, hvilket -kunne udløses når en adgangskode indeholdende 8-bit-tegn, blev anvendt til at -logge på -(\ -CVE-2010-2813).

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.4.15-4+lenny3.1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er disse problemer rettet i version 1.4.21-1.

- -

Vi anbefaler at du opgraderer dine squirrelmail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2091.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2092.wml b/danish/security/2010/dsa-2092.wml deleted file mode 100644 index 80d6b562ac7..00000000000 --- a/danish/security/2010/dsa-2092.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende fornuftighedskontrol af inddata - -

Dan Rosenberg opdagede at der i lxr-cvs, et kodeindekseringsværktøj med en -webgrænseflade, ikke blev udført tilstrækkelg fornuftighedskontrol af inddata -fra brugeren; en angriber kunne drage nytte af dette ved at overføre skriptkode -for at iværksætte angreb i forbindelse med udførelse af kode på tværs af -websteder.

- - -

I den stabile distribution (lenny), er dette problem rettet i version -0.9.5+cvs20071020-1+lenny1.

- -

I distributionen testing (sid), er dette problem rettet i version -0.9.5+cvs20071020-1.1.

- -

Vi anbefaler at du opgraderer dine lxr-cvs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2092.data" -#use wml::debian::translation-check translation="399355d7485b8de93c65786c3024c892a6896285" mindelta="1" diff --git a/danish/security/2010/dsa-2093.wml b/danish/security/2010/dsa-2093.wml deleted file mode 100644 index 25d3691b89a..00000000000 --- a/danish/security/2010/dsa-2093.wml +++ /dev/null @@ -1,36 +0,0 @@ -flere sårbarheder - -

To sikkerhedsproblemer er opdaget i Ghostscript, GPL-fortolkeren af -PostScript/PDF. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- - -
    -
  • CVE-2009-4897 - -

    Et bufferoverløb blev opdaget, som gjorde det muligt for fjernangribere at - udføre vilkårlig kode eller forårsage lammelsesangreb (denial of service) - gennem et fabrikeret PDF-dokument indeholdende et langt navn.

    • - -
  • CVE-2010-1628 - -

    Dan Rosenberg opdagede at ghostscript på ukorrekt vis håndterede visse - rekursive PostScript-filer. En angriber kunne udføre vilkårlig kode gennem en - PostScript-fil indeholdende ubegrænsede rekursive procedurekald, hvilket - udløste hukommelseskorruption i fortolkerens stak.

    • - -
- - -

I den stabile distribution (lenny), er disse problemer rettet i version -8.62.dfsg.1-3.2lenny5

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er disse problemer rettet i version 8.71~dfsg2-4

- -

Vi anbefaler at du opgraderer din ghostscript-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2093.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2094.wml b/danish/security/2010/dsa-2094.wml deleted file mode 100644 index e2f709a5d58..00000000000 --- a/danish/security/2010/dsa-2094.wml +++ /dev/null @@ -1,93 +0,0 @@ -rettighedsforøgelse/lammelsesangreb/informationslækage - -

Flere sårbarheder er opdaget i Linux-kernen, som kan føre til lammelsesangreb -(denial of service) eller rettighedsforøgelse. Projektet Common Vulnerabilities -and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-4895 - -

    Kyle Bader rapporterede om et problem i tty-undersystemet, der gjorde det - muligt for lokale brugere at iværksætte et lammelsesangreb - (NULL-pointer-dereference).

    • - -
  • CVE-2010-2226 - -

    Dan Rosenberg rapporterede om et problem i xfs-filsystemet, der gjorde det - muligt for lokale brugere at kopiere og læse en fil ejet af en anden bruger, - som de kun havde skriveadgang til, på grund af manglende rettighedskontrol i - ioctl'en XFS_SWAPEXT.

    • - -
  • CVE-2010-2240 - -

    Rafal Wojtczuk rapporterede om et problem, der gjorde det muligt for - brugere at opnå forøgede rettigheder. Brugerne skulle allerede have - tilstrækkelige rettigheder til at udføre eller forbinde klienter til en - Xorg-server.

    • - -
  • CVE-2010-2248 - -

    Suresh Jayaraman opdagede et problem i CIFS-filsystemet. En ondsindet - filserver kunne opsætte en ukorekt CountHigh-værdi, medførende et - lammelsesangreb (BUG_ON()-assertion).

    • - -
  • CVE-2010-2521 - -

    Neil Brown rapporterede om et problem i NFSv4-serverkoden. En ondsindet - klient kunne udløse et lammelsesangreb (oops) på en server, på grund af en - fejl i rutinen read_buf().

    • - -
  • CVE-2010-2798 - -

    Bob Peterson rapporterede om et problem i GFS2-filsystemet. En - filsystembruger kunne forårsage et lammelsesangreb (oops) gennem visse - omdøbningshandlinger.

    • - -
  • CVE-2010-2803 - -

    Kees Cook rapporterede om et problem i DRM-undersystemet (Direct - Rendering Manager). Lokale brugere med tilstrækkelige rettigheder (lokale - X-brugere eller medlemmer af gruppen video i en standard - Debian-installering) kunne få adgang til følsom kernehukommelse.

    • - -
  • CVE-2010-2959 - -

    Ben Hawkes opdagede et problem i AF_CAN-socket-familen. En - heltalsoverløbstilstand kunne gøre det muligt for lokale brugere at opnå - forøgede rettigheder.

    • - -
  • CVE-2010-3015 - -

    Toshiyuki Okajima rapporterede om et problem i ext4-filsystemet. Lokale - brugere kunne udløse et lammelsesangreb (BUG-assertion) ved at generere et - specifikt sæt filsystemhandlinger.

    • -
- -

Denne opdatering indeholder også rettelser af en regression, som opstod i den -foregående opdatering. Se den Debian-fejlside, der henvises til, for flere -oplysninger.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.6.26-24lenny1.

- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- -

The following matrix lists additional source packages that were -rebuilt for compatibility with or to take advantage of this update:

- -
- - - -
  Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+24lenny1
-
- -

Opdateringer til arm og mips vil blive udgivet, efterhånden som de bliver -tilgængelige.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2094.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2095.wml b/danish/security/2010/dsa-2095.wml deleted file mode 100644 index 3d3093758a9..00000000000 --- a/danish/security/2010/dsa-2095.wml +++ /dev/null @@ -1,20 +0,0 @@ -usikker kommunikationsprotokol - - -

Alasdair Kergon opdagede at cluster logical volume manager-dæmonen (clvmd) i -LVM2, Linux Logical Volume Manager, ikke kontrollerede klientens akkreditiver -ved en socket-forbindelse, hvilket gjorde det muligt for lokale brugere at -forårsage et lammelsesangreb (denial of service).

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.02.39-8.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er dette problem rettet i version 2.02.66-3.

- -

Vi anbefaler at du opgraderer din lvm2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2095.data" -#use wml::debian::translation-check translation="fe29fd30060dae958b2cb5e2c2a8b5871a244103" mindelta="1" diff --git a/danish/security/2010/dsa-2096.wml b/danish/security/2010/dsa-2096.wml deleted file mode 100644 index b5dac4405c5..00000000000 --- a/danish/security/2010/dsa-2096.wml +++ /dev/null @@ -1,21 +0,0 @@ -manglende kontrol af inddata - -

Jeremy James opdagede at autentificeringskoden i LDAPUserFolder, en -Zope-udvidelse som anvendes til autentificering op mod en LDAP-server, ikke -kontrollerede adgangskoden der blev leveret til brugeren beregnet til -nødsituationer. Ondsindede brugere, som det lykkedes at få fingre i brugeren -til nødsituationer, kunne anvende fejlen til at få administrativ adgang til -Zope-instansen ved at angive en vilkårlig adgangskode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.9-1+lenny1.

- -

Pakken findes ikke længere i den kommende stabile distribution (squeeze) -eller i den ustabile distribution.

- -

Vi anbefaler at du opgraderer din zope-ldapuserfolder-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2096.data" -#use wml::debian::translation-check translation="828d4b6fa67ce2c15be91b96fcc1509732dc5ed3" mindelta="1" diff --git a/danish/security/2010/dsa-2097.wml b/danish/security/2010/dsa-2097.wml deleted file mode 100644 index 6e591769590..00000000000 --- a/danish/security/2010/dsa-2097.wml +++ /dev/null @@ -1,36 +0,0 @@ -utilstrækkelig fornuftighedskontrol af inddata - -

Flere fjernudnytbare sårbarheder er opdaget i phpMyAdmin, et værktøj til -administrering af MySQL over WWW. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2010-3055 - -

    Opsætningsskriptet fornuftighedskontrollerede ikke på korrekt vis sin - uddatafil, hvilket gjorde det muligt for fjernangribere at udføre vilkårlig - PHP-kode via en fabrikeret POST-forespørgsel. I Debian er opsætningsværktøjet - som standard beskyttet ved hjælp af Apaches basale - HTTP-autentifikation.

    • - -
  • CVE-2010-3056 - -

    Der er opdaget forskellige problemer i forbindelse med udførelse af - skripter på tværs af servere; de gjorde det muligt for en fjernangriber at - indsprøjte vilkårligt webskript eller HTML.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.11.8.1-5+lenny5.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -disse problemer rettet i version 3.3.5.1-1.

- -

Vi anbefaler at du opgraderer din phpmyadmin-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2097.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2098.wml b/danish/security/2010/dsa-2098.wml deleted file mode 100644 index 43faee66382..00000000000 --- a/danish/security/2010/dsa-2098.wml +++ /dev/null @@ -1,24 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i TYPO3, frameworket til -håndtering af webindhold: udførelse af skripter på tværs af websteder, åben -omdirigering, SQL-indsprøjtning, ikke-fungerende autentifikation og -sessionshåndtering, usikker tilfældighed, informationsafsløring og udførelse -af vilkårlig kode. Flere oplysninger findes i -\ -TYPO3's sikkerhedsbulletin.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 4.2.5-1+lenny4.

- -

Distribution testing (squeeze) vil snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.3.5-1.

- -

Vi anbefaler at du opgraderer din typo3-src-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2098.data" -#use wml::debian::translation-check translation="e6f1c8c97fb2749159fd68e3b35411645541e394" mindelta="1" diff --git a/danish/security/2010/dsa-2099.wml b/danish/security/2010/dsa-2099.wml deleted file mode 100644 index 75406487ff0..00000000000 --- a/danish/security/2010/dsa-2099.wml +++ /dev/null @@ -1,30 +0,0 @@ -bufferoverløb - -

Charlie Miller har opdaget to sårbarheder i OpenOffice.org Impress, hvilke -kunne udnyttes af ondsindede personer til at kompromittere en brugers system og -udføre vilkårlig kode.

- -
    - -

  • En heltalstrunkeringsfejl når visse former for indhold blev behandlet, - kunne udnyttes til at forårsage et heapbaseret bufferoverløb gennem en - særligt fremstillet fil.

    • - -

  • En kort heltalsoverløbsfejl når visse former for indhold blev - behandlet, kunne udnyttes til at forårsage et heapbaseret bufferoverløb - gennem en særligt fremstillet fil.

    • - -
- -

I den stabile distribution (lenny) er disse problemer rettet i version -2.4.1+dfsg-1+lenny8.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid) er -disse problemer rettet i version 3.2.1-6.

- -

Vi anbefaler at du opgraderer dine openoffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2099.data" -#use wml::debian::translation-check translation="79411989c554a5430fb52cf6df464675097abf5c" mindelta="1" diff --git a/danish/security/2010/dsa-2100.wml b/danish/security/2010/dsa-2100.wml deleted file mode 100644 index c31e7c03227..00000000000 --- a/danish/security/2010/dsa-2100.wml +++ /dev/null @@ -1,18 +0,0 @@ -dobbelt frigivelse - -

George Guninski opdagede en dobbelt frigivelse i ECDH-koden i OpenSSL's -cryptobibliotek, hvilket måske kunne føre til lammelsesangreb (denial of -service) og potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.9.8g-15+lenny8.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.9.8o-2.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2100.data" -#use wml::debian::translation-check translation="b3e5911074dcfdf607f971b90f268a21aa04758d" mindelta="1" diff --git a/danish/security/2010/dsa-2101.wml b/danish/security/2010/dsa-2101.wml deleted file mode 100644 index a9bececfd86..00000000000 --- a/danish/security/2010/dsa-2101.wml +++ /dev/null @@ -1,19 +0,0 @@ -flere sårbarheder - -

Flere implementeringsfejl er opdaget i netværkstrafikanalyseringsprogrammet -Wiresharks dissektor af ASN.1 BER-protokollen samt i SigComp Universal -Decompressor Virtual Machine, hvilke måske kunne føre til udførelse af vilkårlig -kode.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.0.2-3+lenny10.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.2.10-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2101.data" -#use wml::debian::translation-check translation="e8bb5cba307ee9eaeacff8eb2404aab188a87e06" mindelta="1" diff --git a/danish/security/2010/dsa-2102.wml b/danish/security/2010/dsa-2102.wml deleted file mode 100644 index 95d08576e3e..00000000000 --- a/danish/security/2010/dsa-2102.wml +++ /dev/null @@ -1,23 +0,0 @@ -ukontrolleret returværdi - -

Man opdagede at i barnowl, en curses-baseret chatklient, blev returkoderne -fra alle kald til funktionerne ZPending and ZReceiveNotice i libzephyr ikke -kontrolleret, hvilket gjorde det muligt for angribere at forårsage et -lammelsesangreb (applikationsnedbrud) og muligvis udførelse af vilkårlig -kode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.1-4+lenny2.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 1.6.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.2-1.

- -

Vi anbefaler at du opgraderer dine barnowl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2102.data" -#use wml::debian::translation-check translation="3bf650cccdb6e93c48a7577aa0c20bc4de250655" mindelta="1" diff --git a/danish/security/2010/dsa-2103.wml b/danish/security/2010/dsa-2103.wml deleted file mode 100644 index 6cede075f9c..00000000000 --- a/danish/security/2010/dsa-2103.wml +++ /dev/null @@ -1,18 +0,0 @@ -SQL-indsprøjtning - -

Man opdagede at smbind, et PHP-baseret værktøj til håndtering af DNS-zoner i -BIND, ikke på korrektvis validerede inddata. En uautoriseret fjernbruger kunne -udføre vilkårlige SQL-kommandoer eller få adgang til admin-kontoen.

- -

I den stabile distribution (lenny), er dette problem rettet i version -0.4.7-3+lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i version 0.4.7-5, -og vil blive overført til distributionen testing (squeeze) om kort tid.

- -

Vi anbefaler at du opgraderer din smbind (0.4.7-3+lenny1)-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2103.data" -#use wml::debian::translation-check translation="bfd0e3e7d0a8a46331a0740ef9138bb41ee2c2d0" mindelta="1" diff --git a/danish/security/2010/dsa-2104.wml b/danish/security/2010/dsa-2104.wml deleted file mode 100644 index a7578f5875e..00000000000 --- a/danish/security/2010/dsa-2104.wml +++ /dev/null @@ -1,42 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i BGP-implementeringen i Quagga, -en routingdæmon.

- -

Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2010-2948 -

    Ved behandling af en fabrikeret Route Refresh-meddelelse modtaget fra en - opsat, autentificeret BGP-nabo, gik Quagga måske ned, medførende et - lammelsesangreb (denial of service).

    • - -
  • CVE-2010-2949 -

    Ved behandling af visse fabrikerede AS-stier, gik Quagga ned med en - NULL-pointerdereference, medførende et lammelsesangreb. I nogle - opsætninger kunne sådanne fabrikerede AS-stier blive videresendt af - mellemliggende BGP-routere.

    • - -
- -

Desuden indeholder denne opdatering en driftssikkerhedsrettelse: Quagga -offentliggør ikke længere confederation-relaterede AS-stier til -ikke-confederation-peers, og afviser uventede confederation-relaterede -AS-stier ved at nulstille sessionen med BGP-peer'en der offentliggør dem. -(Tidligere udløste sådanne AS-stier nulstillinger af ikke-relaterede -BGP-sessioner.)

- -

I den stabile distribution (lenny), er disse problemer rettet i version -0.99.10-1lenny3.

- -

I den ustabile distribution (sid) og i distributionen testing (squeeze), -er disse problemer rettet i version 0.99.17-1.

- -

Vi anbefaler at du opgraderer din quagga-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2104.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2105.wml b/danish/security/2010/dsa-2105.wml deleted file mode 100644 index 575945c1fd7..00000000000 --- a/danish/security/2010/dsa-2105.wml +++ /dev/null @@ -1,73 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i skrifttypebiblioteket FreeType. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2010-1797 - -

    Flere stakbaserede bufferoverløb i funktionen cff_decoder_parse_charstrings - i CFF Type2 CharStrings-fortolkeren i cff/cffgload.c i FreeType gjorde det - muligt for fjernangribere at udføre vilkårlig kode eller forårsage et - lammelsesangreb (hukommelseskorruption) via fabrikerede CFF-opkoder i - indlejrede skrifttyper i et PDF-dokument, som demonsteret af - JailbreakMe.

    • - -
  • CVE-2010-2541 - -

    Et bufferoverløb i ftmulti.c i demoprogrammet ftmulti i FreeType gjorde det - muligt for fjernangribere at forårsage et lammelsesangreb (applikationsnedbrud) - eller muligvis udføre vilkårlig kode via en fabrikeret skrifttypefil.

    • - -
  • CVE-2010-2805 - -

    Funktionen FT_Stream_EnterFrame i base/ftstream.c i FreeType validerede - ikke på korrekt vis visse positionsværdier, hvilket gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (applikationsnedbrud) eller - muligvis udførelse af vilkårlig kode via en fabrikeret skrifttypefil.

    • - -
  • CVE-2010-2806 - -

    En arrayindekseringsfejl i funktionen t42_parse_sfnts i type42/t42parse.c i - FreeType gjorde et muligt for fjernangribere at forårsage et lammelsesangreb - (applikationsnedbrud) eller muligvis udførelse af vilkårlig kode via - negative størrelsesværdier for visse strenge i FontType42-skrifttypefiler, - medførende et heapbaseret bufferoverløb.

    • - -
  • CVE-2010-2807 - -

    FreeType anvender ukorrekte heltalsdatatyper under grænsekontroller, - hvilket gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - (applikationsnedbred) eller muligvis udførelse af vilkårlig kode via en - fabrikeret skrifttypefil.

    • - -
  • CVE-2010-2808 - -

    Et bufferoverløb i funktionen Mac_Read_POST_Resource i base/ftobjs.c i - FreeType gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - (hukommelseskorruption og applikationsnedbrud) eller muligvis udførelse af - vilkårlig kode via en fabrikeret Adobe Type 1 Mac Font-fil - (alias LWFN).

    • - -
  • CVE-2010-3053 - -

    bdf/bdflib.c i FreeType gjorde det muligt for fjernangribere at forårsage - et lammelsesangreb (applikationsnedbrud) via en fabrikeret BDF-skrifttypefil, - relateret til et forsøg på at ændre en værdi i en statisk streng.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i version -2.3.7-2+lenny3

- -

I den ustabile distribution (sid) og i distributionen testing (squeeze), er -disse problemer rettet i version 2.4.2-1

- -

Vi anbefaler at du opgraderer din freetype-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2105.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2106.wml b/danish/security/2010/dsa-2106.wml deleted file mode 100644 index fe2e2b854f6..00000000000 --- a/danish/security/2010/dsa-2106.wml +++ /dev/null @@ -1,70 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø til -XUL-applikationer. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2010-2760, - CVE-2010-3167, - CVE-2010-3168 - -

    Implementeringsfejl i XUL-behandling gjorde det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2010-2763 - -

    En implementeringsfejl i wrapper'en XPCSafeJSObjectWrapper gjorde det - muligt at omgå samme ophav-reglen.

    • - -
  • CVE-2010-2765 - -

    Et heltalsoverløb i framehåndteringen gjorde det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2010-2766 - -

    En implementeringsfejl i DOM-håndteringen gjorde det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2010-2767 - -

    Ukorrekt pointerhåndtering i pluginkoden gjorde det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2010-2768 - -

    Ukorrekt håndtering af et objekttag kunne måske føre til omgåelse af - filter til forhindring af udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2010-2769 - -

    Ukorrekt håndtering af kopiering og klistring kunne føre til udførelse af - skripter på tværs af websteder.

    • - -
  • CVE-2010-3169 - -

    Nedbrud i layoutmaskinen kunne måske føre til udførelse af vilkårlig - kode.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i version -1.9.0.19-4.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -3.5.12-1 af iceweasels kildekodepakke (der nu opbygger xulrunner-bibliotekets -binære pakker).

- -

I den eksperimentelle distribution, er disse problemer rettet i version -3.6.9-1 af iceweasels kildekodepakke (der nu opbygger xulrunner-bibliotekets -binære pakker).

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2106.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2107.wml b/danish/security/2010/dsa-2107.wml deleted file mode 100644 index 8cc542ba503..00000000000 --- a/danish/security/2010/dsa-2107.wml +++ /dev/null @@ -1,17 +0,0 @@ -usikker søgesti - -

Dan Rosenberg opdagede at der i couchdb, en distributeret fejltolerant og -schemafri dokumentorienteret database, blev anvendt en usikker -bibliotekssøgesti. En lokal angriber kunne udføre vilkårlig kode ved først at -smide et delt bibliotek fremstillet med ondsindede hensigter i en mappe og -dernæst få en administrator til at køre couchdb fra den samme mappe.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 0.8.0-2+lenny1.

- -

Vi anbefaler at du opgraderer din couchdb-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2107.data" -#use wml::debian::translation-check translation="d84dd6bea3df767c2c386152cf59a452911b05b0" mindelta="1" diff --git a/danish/security/2010/dsa-2108.wml b/danish/security/2010/dsa-2108.wml deleted file mode 100644 index 0caeebc0924..00000000000 --- a/danish/security/2010/dsa-2108.wml +++ /dev/null @@ -1,18 +0,0 @@ -programmeringsfejl - -

Man opdagede at der var en fejl i autentificeringskoden i cvsnt, en -flerplatformsudgave af det oprindelige kildekodeversioneringssystem CVS, hvilket -gjorde det muligt for en ondsindet upriviligeret bruger, ved anvendelse af et -særligt fremstillet forgreningsnavn, at opnå skriverettigheder til ethvert modul -eller mappe, herunder CVSROOT selv. Angriberen kunne dernæst udføre vilkårlig -kode som root, ved at ændre eller tilføje administrative skripter i mappen.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.5.03.2382-3.3+lenny1.

- -

Vi anbefaler at du opgraderer din cvsnt-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2108.data" -#use wml::debian::translation-check translation="b5f4d743484d0eeb7f3e13e9a477947d7823ea66" mindelta="1" diff --git a/danish/security/2010/dsa-2109.wml b/danish/security/2010/dsa-2109.wml deleted file mode 100644 index e60600f2bf5..00000000000 --- a/danish/security/2010/dsa-2109.wml +++ /dev/null @@ -1,27 +0,0 @@ -bufferoverløb - - -

En sårbarheder er opdaget i samba, en SMB/CIFS-fil-, print- og loginserver -til Unix.

- -

Funktionen sid_parse() kontrollerede ikke på korrekt vis længden på sine -inddata, når der blev læst en binær repræsentation af Windows SID (Security ID). -Dermed var det muligt for en ondsindet klient at sende en SID, der kunne få -stakvariablen, som anvendes til at opbevare SID'en i Samba smbd-server, til at -at løbe over. -(CVE-2010-3069)

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.2.5-4lenny13.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -vil dette problem blive rettet i version 3.5.5~dfsg-1.

- -

Vi anbefaler at du opgraderer dine samba packages. Pakkerne til arkitekturen -mips er ikke indeholdt i denne opdatering. De vil blive frigivet så snart de er -tilgængelige.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2109.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2110.wml b/danish/security/2010/dsa-2110.wml deleted file mode 100644 index fb8837ad160..00000000000 --- a/danish/security/2010/dsa-2110.wml +++ /dev/null @@ -1,58 +0,0 @@ -rettighedsforøgelse/lammelsesangreb/informationslækage - -

Flere sårbarheder er opdaget i Linux-kerne, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service) eller -informationslækage. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2010-2492 - -

    Andre Osterhues rapporterede om et problem i eCryptfs-undersystemet. En - bufferoverløbstilstand kunne gøre det muligt for lokale brugere at forårsage - et lammelsesangreb eller opnå fornøgede rettigheder.

    • - -
  • CVE-2010-2954 - -

    Tavis Ormandy rapporterede om et problem i irda-undersystemet, hvilket - måske kunne gøre det muligt for lokale brugere at forårsage et - lammelsesangreb via en NULL-pointer-dereference.

    • - -
  • CVE-2010-3078 - -

    Dan Rosenberg opdagede et problem i XFS-filsystemet, der gjorde det - muligt for lokale brugere at læse potentiel følsom kernehukommelse.

    • - -
  • CVE-2010-3080 - -

    Tavis Ormandy rapporterede om et problem i ALSA-sequencer'ens - OSS-emuleringslag. Lokale brugere med tilstrækkelige rettigheder til at åbne - /dev/sequencer (som standard i Debian er det medlemmer af gruppen 'audio'), - kunne forårsage et lammelsesangreb via en NULL-pointer-dereference.

    • - -
  • CVE-2010-3081 - -

    Ben Hawkes opdagede et problem i 32 bit-kompatibilitetskoden på 64 - bit-systemer. Lokale brugere kunne opnå forøgede rettigheder på grund af - utilstrækkelige kontroller i compat_alloc_user_space-allokeringer.

    • - -
- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.6.26-25lenny1.

- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:

- -
- - -
  Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+25lenny1
- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2110.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2111.wml b/danish/security/2010/dsa-2111.wml deleted file mode 100644 index 5b68fc38a51..00000000000 --- a/danish/security/2010/dsa-2111.wml +++ /dev/null @@ -1,20 +0,0 @@ -lammelsesangreb - -

Phil Oester opdagede at Squid-3, en komplet webproxycache, var sårbar over for -et lammelsesangreb (denial of service) via en særligt fremstillet forespørgsel, -der indeholdt tomme strenge.

- -

I den stabile distribution (lenny), er dette problem rettet i version -3.0.STABLE8-3+lenny4.

- -

I distributionen testing (squeeze), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.1.6-1.1.

- -

Vi anbefaler at du opgraderer dine squid3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2111.data" -#use wml::debian::translation-check translation="73500fe7e3b6df058c6e8ec2a2e31f913a07e4a4" mindelta="1" diff --git a/danish/security/2010/dsa-2112.wml b/danish/security/2010/dsa-2112.wml deleted file mode 100644 index ee68ef34d9b..00000000000 --- a/danish/security/2010/dsa-2112.wml +++ /dev/null @@ -1,28 +0,0 @@ -heltalsoverløb - -

Mikolaj Izdebski opdagede en heltalsoverløbsfejl i funktionen BZ2_decompress -i bzip2/libbz2. En angriber kunne anvende en fabrikeret bz2-fil til at -forårsage et lammelsesangreb (applikationsnedbrud) eller potentielt udføre -vilkårlig kode. -(CVE-2010-0405)

- -

Efter en opgradering, skal alle services, som anvender libbz2, genstartes.

- -

Denne opdatering indeholder også genopbyggede dpkg-pakker, som er statisk -linkede til den rettede udgave af libbz2. Opdaterede pakker til clamav, som -også er påvirket af problemet, vil blive stillet til rådighed via -debian-volatile.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.0.5-1+lenny1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), vil -dette problem i bzip2 snart blive rettet. Opdaterede dpkg-pakker er ikke -nødvendige i testing/unstable.

- -

Vi anbefaler at du opgraderer dine bzip2- / dpkg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2112.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2113.wml b/danish/security/2010/dsa-2113.wml deleted file mode 100644 index 272ad94df0c..00000000000 --- a/danish/security/2010/dsa-2113.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - - -

Flere sårbarheder er opdaget i Drupal 6, et komplet -indholdhåndteringsframework. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- - -
    -
  • CVE-2010-3091 - -

    Flere problemer er opdaget i OpenID-modulet, hvorved ondsindet adgang til -brugerkonti var mulig.

    • - -
  • CVE-2010-3092 - -

    Upload-modulet indeholdt en potentiel omgående af adgangsbegræsninger på -grund af manglende kontrol på store hhv. små bogstaver.

    • - -
  • CVE-2010-3093 - -

    Comment-modulet havde et rettighedsforøgelsesproblem, som gjorde det muligt -for visse brugere at omgå begrænsninger.

    • - -
  • CVE-2010-3094 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af -websteder (XSS), blev opdaget i Action-funktionaliteten.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 6.6-3lenny6.

- -

I distributionen testing (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 6.18-1.

- -

Vi anbefaler at du opgraderer dine drupal6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2113.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2114.wml b/danish/security/2010/dsa-2114.wml deleted file mode 100644 index ce3b29dca55..00000000000 --- a/danish/security/2010/dsa-2114.wml +++ /dev/null @@ -1,30 +0,0 @@ -bufferoverløb - -

Debians stabile punktopdatering, 5.0.6, indeholdt opdaterede pakker med -versionsstyringssystemet Git, for at rette et sikkerhedsproblem. Desværre -medførte opdateringen en regression, som kunne gøre det umuligt at klone eller -oprette Git-arkiver. Denne opdatering retter regressionen, der er registreret -som Debian-fejl nummer 595728.

- -

Det oprindelige sikkerhedsproblem gjorde det muligt for en angriber, at -udføre vilkårlig kode, hvis vedkommende kunne narre en lokal bruger til at -udføre en git-kommando i en fabrikeret arbejdsmappe -(\ -CVE-2010-2542).

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.5.6.5-3+lenny3.2.

- -

Pakkerne til hppa-arkitekturen er ikke indeholdt i denne bulletin. Men -hppa-arkitekturen er ikke kendt som værende påvirket af regressionen.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er sikkerhedsproblemet rettet i version 1.7.1-1.1. Disse distributioner -var ikke påvirket af regressionen.

- -

Vi anbefaler at du opgraderer dine git-core-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2114.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2115.wml b/danish/security/2010/dsa-2115.wml deleted file mode 100644 index 6ca7712c56c..00000000000 --- a/danish/security/2010/dsa-2115.wml +++ /dev/null @@ -1,107 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Moodle, et -kursusadministreringssystem. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2010-1613 - -

    Moodle har ikke som standard aktiveret indstillingen Regenerate - session id during login, hvilket gør det lettere for fjernangribere at - udføre session fixation-angreb.

    • - -
  • CVE-2010-1614 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (XSS) gjorde det muligt for fjernangribere at indsprøjte - vilkårligt webskript eller HTML via angrebsvinkler relateret til (1) - Login-As-funktionaliteten, eller (2), når den globale søgefunktion var - aktiveret, uspecificerede globale søgeformularer i Global Search - Engine.

    • - -
  • CVE-2010-1615 - -

    Flere sårbarheder i forbindelse med indsprøjtning af SQL, gjorde det - muligt for fjernangribere at udføre vilkårlig SQL-kommandoer via - angrebsvinkler relateret til (1) funktionen add_to_log i - mod/wiki/view.php i wiki-modulet, or (2) datavalidering i nogle - formularelementer relateret til lib/form/selectgroups.php.

    • - -
  • CVE-2010-1616 - -

    Moodle kunne oprette nye roller når et kursus blev gendannet, hvilket - gjorde det muligt for undervisere at oprette nye konti, selv hvis de - ikke havde rettigheden moodle/user:create.

    • - -
  • CVE-2010-1617 - -

    user/view.php kontrollerer ikke på korrekt vis en rolle, hvilket - gjorde det muligt for fjernautentificerede brugere at få adgang til de - fulde navne på andre brugere via kursusprofilsiden.

    • - -
  • CVE-2010-1618 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (XSS) i phpCAS-klientbiblioteket, gjorde det muligt for - fjernangribere at indsprøjte vilkårligt webskript eller HTML via en - fabrikeret URL, hvilket ikke på korrekt vis blev håndteret i en - fejlmeddelelse.

    • - -
  • CVE-2010-1619 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (XSS) i funktionen fix_non_standard_entities i KSES, et - bibliotek til HTML-tekst-oprydning (weblib.php), gjorde det muligt for - fjernangribere at indsprøjte vilkårligt webskript eller HTML via - fabrikerede HTML-entiteter.

    • - -
  • CVE-2010-2228 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (XSS) i MNET, adgangskontrolinterfacet, gjorde det muligt - for fjernangribere at indsprøjte vilkårligt webskript eller HTML via - angrebsvinkler, som omfatter udvidede tegn i brugernavne.

    • - -
  • CVE-2010-2229 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (XSS) i blog/index.php, gjorde det muligt for fjernangribere - at indsprøjte vilkårligt webskript eller HTML via uspecificerede - parametre.

    • - -
  • CVE-2010-2230 - -

    KSES, tekstoprydningsfilteret i lib/weblib.php, håndterede ikke på - korrekt vis vbscript-URI'er, hvilket gjorde det muligt for - fjernautentificerede brugere at udføre skripter på tværs af websteder - (XSS) via HTML-inddata.

    • - -
  • CVE-2010-2231 - -

    En sårbarhed i forbindelse med forfalskning af forespørgsler på - tværs af websteder (CSRF) i report/overview/report.php i quiz-modulet, - gjorde det muligt for fjernangribere at kapre autentificeringen af - vilkårlige brugere, til forespørgsler som sletter quiz-forsøg via - parameteret attemptid.

    • - -
- -

Denne sikkerhedsopdatering skifter til en ny opstrømsversion og kræver -databaseopdateringer. Efter installering af den rettede pakke, skal du besøge -siden <http://localhost/moodle/admin/> og følge -opdateringsvejledningen.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.8.13-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.9.dfsg2-1.

- -

Vi anbefaler at du opgraderer din moodle-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2115.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2116.wml b/danish/security/2010/dsa-2116.wml deleted file mode 100644 index ed8d0b310ad..00000000000 --- a/danish/security/2010/dsa-2116.wml +++ /dev/null @@ -1,27 +0,0 @@ -heltalsoverløb - -

Marc Schoenefeld fandt en positioneringsfejl i en inddatastream, i den måde -skrifttyperenderingmaskinen FreeType behandlede inddatafilstreams. Hvis en -bruger indlæste en særligt fremstillet skrifttypefil med en applikation linket -mod FreeType, og relevante skripttypeglyffer efterfølgende blev renderet med -X's FreeType-bibliotek (libXft), kunne det forårsage at applikationen gik ned -eller muligvis udførelse af vilkårlig kode.

- -

Efter opgraderingen, bør man genstarte alle kørende programmer og tjenester, -som anvender libfreetype6. I de fleste tilfælde er det tilstrækkeligt at logge -ud og ind igen. Skriptet checkrestart fra pakken debian-goodies eller lsof kan -hjælpe med at finde ud af hvilke processer, der stadig anvender den gamle -version af libfreetype6.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -2.3.7-2+lenny4.

- -

Distributionen testing (squeeze) og den ustabile distribution (sid) er ikke -påvirket af dette problem.

- -

Vi anbefaler at du opgraderer dine freetype-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2116.data" -#use wml::debian::translation-check translation="f95bd8a6ae75810f1aded5af2f901b23da44a84f" mindelta="1" diff --git a/danish/security/2010/dsa-2117.wml b/danish/security/2010/dsa-2117.wml deleted file mode 100644 index 729a22d92eb..00000000000 --- a/danish/security/2010/dsa-2117.wml +++ /dev/null @@ -1,25 +0,0 @@ -lammelsesangreb - -

APR-util er en del af biblioteket Apache Portable Runtime, som anvendes af -projekter så som Apache httpd og Subversion.

- -

Jeff Trawick opdagede en fejl i funktionen apr_brigade_split_line() i -apr-util. En fjernangriber kunne sende fabrikerede http-forespørgsler, der -forårsagede et kraftigt forøget hukommelsesforbrug i Apache httpd, hvilket -medførte et lammelsesangreb (denial of service).

- -

Denne opgradering retter problemet. Efter opgraderingen skal kørende -apache2-processer genstartes.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.2.12+dfsg-8+lenny5.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er dette problem rettet i version 1.3.9+dfsg-4.

- -

Vi anbefaler at du opgraderer dine apr-util-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2117.data" -#use wml::debian::translation-check translation="f95bd8a6ae75810f1aded5af2f901b23da44a84f" mindelta="1" diff --git a/danish/security/2010/dsa-2118.wml b/danish/security/2010/dsa-2118.wml deleted file mode 100644 index 7927e810883..00000000000 --- a/danish/security/2010/dsa-2118.wml +++ /dev/null @@ -1,28 +0,0 @@ -logisk fejl - -

Kamesh Jayachandran og C. Michael Pilat opdagede at modulet mod_dav_svn i -Subversion, et versionsstyringssystem, ikke på korrekt vis håndhævede -adgangsregler som er scope-begrænsede til navngivne repositories. Hvis -valgmuligheden SVNPathAuthz var opsat til short_circuit, kunne det være -muligt for en upriviligeret angriber at omgå tilsigtede adgangsbegrænsninger og -afsløre eller ændre repository-indhold.

- -

Som en omgåelse af problemet, er det også muligt sætte SVNPathAuthz til -on, men vær opmærksom på, at det ved store repositories kan medføre et -fald i ydeevnen.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 1.5.1dfsg1-5.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 1.6.12dfsg-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.12dfsg-2.

- -

Vi anbefaler at du opgraderer dine subversion-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2118.data" -#use wml::debian::translation-check translation="986f69a1321a8d4c6c51eaa2ef672c6b080c2f85" mindelta="1" diff --git a/danish/security/2010/dsa-2119.wml b/danish/security/2010/dsa-2119.wml deleted file mode 100644 index 321a430c153..00000000000 --- a/danish/security/2010/dsa-2119.wml +++ /dev/null @@ -1,17 +0,0 @@ -flere sårbarheder - -

Joel Voss fra Leviathan Security Group opdagede to sårbarheder i -PDF-renderingbiblioteket Poppler, hvilket måske kunne medføre udførelse af -vilkårlig kode, hvis en misdannet PDF-fil blev åbnet.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 0.8.7-4.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine poppler-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2119.data" -#use wml::debian::translation-check translation="9073541de5b0717572f33496837a4a341df2d4db" mindelta="1" diff --git a/danish/security/2010/dsa-2120.wml b/danish/security/2010/dsa-2120.wml deleted file mode 100644 index 6e9fac65e57..00000000000 --- a/danish/security/2010/dsa-2120.wml +++ /dev/null @@ -1,27 +0,0 @@ -rettighedsforøgelse - -

Tim Bunce opdagede at PostgreSQL, et databaseserverprogram, ikke på korrekt -vis adskilte fortolkerne af server-side stored procedures, der kører i -forskellige sikkerhedskontekster. Som følge deraf, kunne ikke-priviligerede -autoriserede databasebrugere måske opnå yderligere rettigheder.

- -

Bemærk at denne sikkerhedsopdatering måske kan påvirke tilsigtet -kommunikation via globable variable mellem stored procedures. Det kan være -nødvendigt at konvertere disse funktioner til at køre under sprogene plperlu -eller pltclu, med database-superuser-rettigheder.

- -

Denne sikkerhedsopdatering indeholder også ikke-relaterede fejlrettelser fra -PostgreSQL 8.3.12.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 8.3_8.3.12-0lenny1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 8.4.5-1 af pakken postgresql-8.4.

- -

Vi anbefaler at du opgraderer dine PostgreSQL-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2120.data" -#use wml::debian::translation-check translation="c076192f5f9febe095017f651d8d546bf1a65c0d" mindelta="1" diff --git a/danish/security/2010/dsa-2121.wml b/danish/security/2010/dsa-2121.wml deleted file mode 100644 index 4a67467a2d3..00000000000 --- a/danish/security/2010/dsa-2121.wml +++ /dev/null @@ -1,43 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i TYPO3. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2010-3714 -

    Flere sårbarheder i forbindelse med fjernblotlæggelse af filer i - jumpUrl-mekanismen og Extension Manager gjorde det muligt for angribere - at læse filer med rettighederne hørende til den konto, som webserveren - kører under.

    • - -
  • CVE-2010-3715 -

    TYPO3-backend'en indeholdt flere sårbarheder i forbindelse med - udførelse af skripter på tværs af websteder, og funktionen RemoveXSS - filtrerede ikke al JavaScript-kode.

    • - -
  • CVE-2010-3716 -

    Ondsindede redaktører med rettighed til at oprette brugere, kunne - forøge deres rettigheder ved at oprette nye brugere i vilkårlige - grupper, på grund af manglende validering af inddata i - taskcenter.

    • - -
  • CVE-2010-3717 -

    TYPO3 blotlagde en nedbrudsfejl i PHP-funktionen filter_var, som gjorde - det muligt for angribere at få webserveren til at behandle nedbruddet og - dermed forbruge yderligere systemressourcer.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i version -4.2.5-1+lenny6.

- -

I den ustabile distribution (sid) og i den kommende stabile distribution -(squeeze), er disse problemer rettet i version 4.3.7-1.

- -

Vi anbefaler at du opgraderer dine TYPO3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2121.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2122.wml b/danish/security/2010/dsa-2122.wml deleted file mode 100644 index 7b2de328fa3..00000000000 --- a/danish/security/2010/dsa-2122.wml +++ /dev/null @@ -1,20 +0,0 @@ -manglende fornuftighedskontrol af inddata - -

Ben Hawkes og Tavis Ormandy opdagede at den dynamiske loader i GNU libc -gjorde det muligt for lokale brugere at opnå root-rettigheder ved hjælp af en -særligt fremstillet LD_AUDIT-miljøvariabel.

- -

I den stabile distribution (lenny), er dette problem rettet i version -2.7-18lenny6.

- -

I den kommende stabile distribution (squeeze), er dette problem rettet i -version 2.11.2-6+squeeze1 af pakken eglibc.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine glibc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2122.data" -#use wml::debian::translation-check translation="0ca32cbc634f4571c710322526ea5aa3e6bc9c51" mindelta="1" diff --git a/danish/security/2010/dsa-2123.wml b/danish/security/2010/dsa-2123.wml deleted file mode 100644 index 7ee78984027..00000000000 --- a/danish/security/2010/dsa-2123.wml +++ /dev/null @@ -1,34 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i Mozillas Network Security Services-bibliotek -(NSS). Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2010-3170 -

    NSS genkender en wildcard-IP-adresse i subjektets Common Name-felt i - et X.509-certifikat, hvilket måske muliggjorde manden i midten-angreb - til forfalskning af vilkårlige SSL-servere via et fabrikeret certifikat - udstedt af en legitim certificeringsmyndighed.

    • - -
  • CVE-2010-3173 -

    NSS opsatte ikke på korrekt vis den minimale nøglelængde i - Diffie-Hellman Ephemeral-tilstand (DHE), hvilket gjorde det muligt for - fjernangribere at omgå kryptografiske beskyttelsesmekanismer via et - rå kraft-angreb.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i version -3.12.3.1-0lenny2.

- -

I den ustabile distribution (sid) og i den kommende stabile distribution -(squeeze), er disse problemer rettet i version 3.12.8-1.

- -

Vi anbefaler at du opgraderer dine NSS-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2123.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2124.wml b/danish/security/2010/dsa-2124.wml deleted file mode 100644 index b00e588f311..00000000000 --- a/danish/security/2010/dsa-2124.wml +++ /dev/null @@ -1,79 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i Xulrunner, kompontenten der leverer den -grundlæggende funktionalitet i Iceweasel, Debians variant af Mozillas -browserteknologi.

- -

Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2010-3765 -

    Xulrunner gjorde det muligt for fjernangribere at udføre vilkårlig - kode via angrebsvinkler i forbindelse med - nsCSSFrameConstructor::ContentAppended, metoden appendChild, ukorrekt - sporing af indeks samt oprettelse af flere frame, hvilket udførte - hukommelseskorruption.

    • - -
  • CVE-2010-3174 - CVE-2010-3176 -

    Flere ikke-angivne sårbarheder i browsermaskinen i Xulrunner gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb - (hukommelseskorruption og applikationsnedbrud) eller muligvis udføre - vilkårlig kode via ukendte angrebsvinkler.

    • - -
  • CVE-2010-3177 -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (XSS) i Gopher-fortolkeren i Xulrunner, gjorde det muligt for - fjernangribere at indsprøjte vilkårligt webskript eller HTML via et - fabrikeret navn på (1) en fil eller (2) en mappe på en - Gopher-server.

    • - -
  • CVE-2010-3178 -

    Xulrunner håndterede ikke på korrekt via visse modale kald foretaget - af javascript:-URL'er under omstændigheder i forbindelse med åbning af - et nyt vindue og udførelse af navigering på tværs af domæner, hvilket - gjorde det muligt for fjernangribere at omgå Same Origin Policy ved - hjælp af et fabrikeret HTML-dokument.

    • - -
  • CVE-2010-3179 -

    Et stakbaseret bufferoverløb i tekstrederingfunktionaliteten i - Xulrunner, gjorde det muligt for fjernangribere at udføre vilkårlig kode - eller forårsage et lammelsesangreb (hukommelseskorruption og - applikationsnedbrud) via et langt parameter til metoden - document.write.

    • - -
  • CVE-2010-3180 -

    En anvende efter frigivelse-sårbarhed i funktionen nsBarProp i - Xulrunner, gjorde det muligt for fjernangribere at udføre vilkårlig kode - ved at tilgå et lukket vindues locationbar-egenskab.

    • - -
  • CVE-2010-3183 -

    Funktionen LookupGetterOrSetter i Xulrunner understøttede ikke på - korrekt vis funktionskald af typen window.__lookupGetter__ som - mangler parametre, hvilket gjorde det muligt for fjernangribere at - udføre vilkårlig kode eller forårsage et lammelsesangreb (ukorrekt - pointer-dereference og applikationsnedbrud) via et fabrikeret - HTML-dokument.

    • - -
- -

Desuden indeholder denne sikkerhedsopdatering rettelser af regressioner -forårsaget af rettelserne vedrørende -CVE-2010-0654 -og CVE-2010-2769 -i DSA-2075-1 og DSA-2106-1.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -1.9.0.19-6.

- -

I den ustabile distribution (sid) og i den kommende stabile distribution -(squeeze), er disse problemer rettet i version 3.5.15-1 af pakken iceweasel.

- -

Vi anbefaler at du opgraderer dine Xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2124.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2125.wml b/danish/security/2010/dsa-2125.wml deleted file mode 100644 index 9ee6157c6bd..00000000000 --- a/danish/security/2010/dsa-2125.wml +++ /dev/null @@ -1,36 +0,0 @@ -bufferoverløb - -

En fejl er fundet i fortolkningen af OpenSSL TLS' server-extension-kode, -hvilket kunne udnyttes i et bufferoverløbsangreb på ramte servere. Dermed var -det muligt for en angriber at forårsage et applikationsnedbrud eller potentielt -udføre vilkårlig kode.

- -

Det er dog ikke alle OpenSSL-baserede SSL/TLS-servere, som er sårbare: -En server er sårbar, hvis den er multi-threaded og anvender OpenSSL's interne -cachingmekanisme. Særligt Apache HTTP-serveren (der aldrig anvender OpenSSL's -interne caching) og Stunnel (der indeholder sin egen omgåelse af problemet) er -IKKE påvirkede.

- -

Denne opgradering retter problemet. Efter opgraderingen skal alle tjenester, -som anvender openssl-biblioteker, genstartes. Skriptet checkrestart fra pakken -debian-goodies eller lsof kan hjælpe med at finde ud af, hvilket tjenenster der -skal genstartes.

- -

Bemærkning til brugere af tor-pakkerne fra Debian backports eller Debian -volatile: Denne openssl-opdatering giver problemer med nogle versioner af tor. -Du skal opgradere til tor 0.2.1.26-4~bpo50+1 hhv. 0.2.1.26-1~lennyvolatile2. -tor version 0.2.0.35-1~lenny2 fra Debian stable er ikke påvirket af disse -problemer.

- -

I den stabile distribution (lenny), er problemet rettet i openssl version -0.9.8g-15+lenny9.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -dette problem rettet i version 0.9.8o-3.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2125.data" -#use wml::debian::translation-check translation="4dce6841f6a180d0ed873e6baa69e83f1c54fefe" mindelta="1" diff --git a/danish/security/2010/dsa-2126.wml b/danish/security/2010/dsa-2126.wml deleted file mode 100644 index dd9d983212c..00000000000 --- a/danish/security/2010/dsa-2126.wml +++ /dev/null @@ -1,222 +0,0 @@ -rettighedsforøgelse/denial of service/information leak - -

Flere sårbarheder er opdaget i Linux-kernen, som kunne føre til -rettighedsforøgelse, lammelsesangreb (denial of service) eller -informationslækage. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2010-2963 - -

    Kees Cook opdagede et problem i v4l's 32 bit-kompatibilitetslag til 64 - bit-systemer, hvilket gjorde det muligt for lokale brugere med skriveadgang - til /dev/video at overskrive vilkårlig kernehukommelse, potentielt førende - til en rettighedsforøgelse. På Debian-systemer er adgang til /dev/video - som standard begrænset til medlemmer af gruppen 'video'.

    • - -
  • CVE-2010-3067 - -

    Tavis Ormandy opdagede et problem i systemkaldet io_submit system call. - Lokale brugere kunne forårsage et heltalsoverløb førende til et - lammelsesangreb.

    • - -
  • CVE-2010-3296 - -

    Dan Rosenberg opdagede et problem i cxgb-netværksdriveren, der gjorde det - muligt for upriviligerede brugere at få adgang til indholdet af følsom - kernehukommelse.

    • - -
  • CVE-2010-3297 - -

    Dan Rosenberg opdagede et problem i eql-netværksdriveren, der gjorde det - muligt for lokale brugere at få adgang til indholdet af følsom - kernehukommelse.

    • - -
  • CVE-2010-3310 - -

    Dan Rosenberg opdagede et problem i implementeringen af ROSE-socket. På - systemer med en rose-enhed kunne lokale brugere forårsage et lammelsesangreb - (korruption af kernehukommelsen).

    • - -
  • CVE-2010-3432 - -

    Thomas Dreibholz opdagede et problem SCTP-protokollen, som gjorde det - muligt for en fjernbruger at forårsage et lammelsesangreb - (kernepanik).

    • - -
  • CVE-2010-3437 - -

    Dan Rosenberg opdagede et problem i pktcdvd-driveren. Lokale brugere med - rettigheder til at åbne /dev/pktcdvd/control kunne få adgang til indholdet - af følsom kernehukommelse eller forårsage et lammelsesangreb. Som standard - på Debian-systemer er denne adgang begrænset til medlemmer af gruppen - 'cdrom'.

    • - -
  • CVE-2010-3442 - -

    Dan Rosenberg opdagede et problem i lydsystemet ALSA. Lokale brugere med - rettigheder til at åbne /dev/snd/controlC0 kunne iværksætte en - heltalsoverløbstilstand, der forårsagede et lammelsesangreb. Som standard - på Debian-systemer er denne adgang begrænset til medlemmer af gruppen - 'audio'.

    • - -
  • CVE-2010-3448 - -

    Dan Jacobson rapporerede om et problem i thinkpad-acpi-driveren. På - visse Thinkpad-systemer kunne lokale brugere forårsage et lammelsesangreb - (X.org-nedbrud) ved at læse /proc/acpi/ibm/video.

    • - -
  • CVE-2010-3477 - -

    Jeff Mahoney opdagede et problem i modulet Traffic Policing (act_police), - som gjorde det muligt for lokale brugere at få adgang til indhold i følsom - kernehukommelse.

    • - -
  • CVE-2010-3705 - -

    Dan Rosenberg rapporterede om et problem i HMAC-behandlingskoden i - SCTP-protokollen, som gjorde det muligt for fjernbrugere at iværksætte et - lammelsesangreb (hukommelseskorruption).

    • - -
  • CVE-2010-3848 - -

    Nelson Elhage opdagede et problem Econet-protokollen. Lokale brugere - kunne forårsage en stakoverløbstilstand med store msg->msgiovlen-værdier, - som kunne medføre et lammelsesangreb eller rettighedsforøgelse.

    • - -
  • CVE-2010-3849 - -

    Nelson Elhage opdagede et problem i Econet-protokollen. Lokale brugere - kunne forårsage et lammelsesangreb (oops), hvis en fjern addr-værdi - indeholdt NULL og blev overført som et parameter til sendmsg().

    • - -
  • CVE-2010-3850 - -

    Nelson Elhage opdagede et problem i Econet-protokollen. Lokale brugere - kunne tildele econet-adresser til vilkårlige interfaces på grund af en - manglende kapabilitetskontrol.

    • - -
  • CVE-2010-3858 - -

    Brad Spengler rapporterede om et problem i funktionen setup_arg_pages(). - På grund af en fejl i grænsekontrollen, kunne lokale brugere iværksætte et - lammelsesangreb (kerne-oops).

    • - -
  • CVE-2010-3859 - -

    Dan Rosenberg rapporterede om et problem i TIPC-protokollen. Når - tipc-modulet er indlæst, kunne lokale brugere opnå forøgede rettigheder via - systemkaldet sendmsg().

    • - -
  • CVE-2010-3873 - -

    Dan Rosenberg rapporterede om et problem i X.25-netværksprotokollen. - Lokale brugere kunne forårsage korruption af heap, medførende et - lammelsesangreb (kernepanik).

    • - -
  • CVE-2010-3874 - -

    Dan Rosenberg opdagede et problem undersystemet Control Area Network - (CAN) på 64 bit-systemer. Lokale brugere kunne måske forårage et - lammelsesangreb (korruption af heap).

    • - -
  • CVE-2010-3875 - -

    Vasiliy Kulikov opdagede et problem i AX.25-protokollen. Lokale brugere - kunne få adgang til indholdet af følsom kernehukommelse.

    • - -
  • CVE-2010-3876 - -

    Vasiliy Kulikov opdagede et problem i Packet-protokollen. Lokale brugere - kunne få adgang til indholdet af følsom kernehukommelse.

    • - -
  • CVE-2010-3877 - -

    Vasiliy Kulikov opdagede et problem i TIPC-protokollen. Lokale brugere - kunne få adgang til indholdet af følsom kernehukommelse.

    • - -
  • CVE-2010-3880 - -

    Nelson Elhage opdagede et problem i undersystemet INET_DIAG. Lokale - brugere kunne få kerne til at køre ikke-auditeret INET_DIAG-bytecode, - medførende et lammelsesangreb.

    • - -
  • CVE-2010-4072 - -

    Kees Cook opdagede et problem i delt hukommelse-undersystemet System V. - Lokale brugere kan få adgang til indholdet følsom kernehukommelse.

    • - -
  • CVE-2010-4073 - -

    Dan Rosenberg opdagede et problem i delt hukommelse-undersystemet System - V. Lokale brugere på 64 bit-systemer kunne få adgang til indholdet af - følsom kernehukommelse via det 32 bit-kompatible systemkald - semctl().

    • - -
  • CVE-2010-4074 - -

    Dan Rosenberg rapporterede om problemer i mos7720- og mos7840-driverne - til USB-serial converter-enheder. Lokale brugere med adgang til disse - enheder kunne få adgang til indholdet af følsom kernehukommelse.

    • - -
  • CVE-2010-4078 - -

    Dan Rosenberg rapporterede om et problem i framebuffer-driveren til - grafikchipsæt fra SiS (sisfb). Lokale brugere med adgang til - framebufferenheden kunne få adgang til indholdet af følsom kernehukommelse - via ioctl'en FBIOGET_VBLANK.

    • - -
  • CVE-2010-4079 - -

    Dan Rosenberg rapporterede om et problem i ivtvfb-driveren som anvendes - til Hauppauges PVR-350-kort. Lokale brugere med adgang til - framebufferenheden kunne få adgang til indholdet af følsom kernehukommelse - via ioctl'en FBIOGET_VBLANK.

    • - -
  • CVE-2010-4080 - -

    Dan Rosenberg opdagede et problem i ALSA-driveren til RME Hammerfall - DSP-lydenheder. Lokale brugere med adgang til lydenheden kunne opnå adgang - til indholdet af følsom kernehukommelse via ioctl'en - SNDRV_HDSP_IOCTL_GET_CONFIG_INFO.

    • - -
  • CVE-2010-4081 - -

    Dan Rosenberg opdagede et problem i ALSA-driveren til RME Hammerfall - DSP-lydenheder. Lokale brugere med adgang til lydenheder kunne opnå adgang - til indholdet af følsom kernehukommelse via ioctl'en - SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl.

    • - -
  • CVE-2010-4083 - -

    Dan Rosenberg opdagede et problem i systemkaldet semctl. Lokale brugere - kunne opnå adgang til indholdet af følsom kernehukommelse ved at anvende - semid_ds-strukturen.

    • - -
  • CVE-2010-4164 - -

    Dan Rosenberg opdagede et problem i X.25-netværksprotokollen. - Fjernbrugere kunne iværksætte et lammelsesangreb (uendelig løkke) ved at - udnytte et heltalsoverløb i facility-fortolkningskoden.

    • - -
- -

I den stabile distribution (lenny), er dette problem rettet i version -2.6.26-26lenny1.

- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:

- -
- - -
  Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+26lenny1
- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2126.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2127.wml b/danish/security/2010/dsa-2127.wml deleted file mode 100644 index 804fa39edec..00000000000 --- a/danish/security/2010/dsa-2127.wml +++ /dev/null @@ -1,20 +0,0 @@ -lammelsesangreb - -

En er fundet i wireshark, et program til analysering af -netværksprotokoller.

- -

Man opdagede at ASN.1 BER-dissektoren var sårbar over for et stakoverløb, -hvilket fik applikationen til at gå ned.

- -

I den stabile distribution (lenny), er problemet rettet i version -1.0.2-3+lenny11.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -dette problem rettet i version 1.2.11-3.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2127.data" -#use wml::debian::translation-check translation="cf325132059eb44a9487d039767eaadac9d41e5f" mindelta="1" diff --git a/danish/security/2010/dsa-2128.wml b/danish/security/2010/dsa-2128.wml deleted file mode 100644 index d354ade299b..00000000000 --- a/danish/security/2010/dsa-2128.wml +++ /dev/null @@ -1,18 +0,0 @@ -ugyldig hukommelsestilgang - -

Bui Quang Minh opdagede at libxml2, et bibliotek til fortolkning og -håndtering af XML-datafiler, ikke behandlede en misdannet XPATH særlig godt, -dette forårsagede et nedbrud og muliggjorde udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.6.32.dfsg-5+lenny2.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -dette problem rettet i version 2.7.8.dfsg-1.

- -

Vi anbefaler at du opgraderer din libxml2-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2128.data" -#use wml::debian::translation-check translation="7acec469bb05eecc13fc65f91bde2ac9cdaa2db1" mindelta="1" diff --git a/danish/security/2010/dsa-2129.wml b/danish/security/2010/dsa-2129.wml deleted file mode 100644 index 98ef5627b62..00000000000 --- a/danish/security/2010/dsa-2129.wml +++ /dev/null @@ -1,37 +0,0 @@ -verifikationssvaghed i forbindelse med checksum - -

En sårbarhed er fundet i krb5, MIT's implementering af Kerberos.

- -

MIT krb5-klienter accepterede på ukorrekt vis en checksum uden nøgle i -SAM-2-preauthentication-challenge: En ikke-autentificeret fjernbruger kunne -ændre et SAM-2-challenge, som påvirkede promptteksten som ses af brugeren eller -formen for svar sendt til KDC'en. Under nogle omstændigheder kunne det negere -den forøgede sikkerhedsfordel ved at anvende engangstokens i -autentifikationsmekanismen.

- -

MIT krb5 accepterede på ukorrekt vis RFC 3961-nøgleafledte-checksummer ved -anvendelse af RC4-nøgler når KRB-SAFE-meddelelser blev verificeret: En -ikke-autentificeret fjernangriber havde en 1/256 chance for at forfalske -KRB-SAFE-meddelelser i en applikationsprotokol, hvis angrebne -allerede-eksisterende session anvender en RC4-sessionsnøgle. Få -applikationsprotokoller anvender KRB-SAFE-meddelelser.

- -

Projektet Common Vulnerabilities and Exposures project har tildelt -\ -CVE-2010-1323 til disse problemer.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.6.dfsg.4~beta1-5lenny6.

- -

Opbygningerne til mips-arkitekturen følger ikke med denne bulletin. De vil -blive udgivet så snart de er tilgængelige.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -disse problemer i version 1.8.3+dfsg-3.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2129.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2130.wml b/danish/security/2010/dsa-2130.wml deleted file mode 100644 index 92d6e1ce542..00000000000 --- a/danish/security/2010/dsa-2130.wml +++ /dev/null @@ -1,45 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i BIND, en implementering af -DNS-protokolsuiten. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2010-3762 -

    Når DNSSEC-validering var aktiveret, håndterede BIND ikke på korrekt - vis visse dårlige signaturer if multiple trust anchors fandtes - til en enkelt zone, hvilket gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb (servernedbrud) via en - DNS-forespørgsel.

    • - -
  • CVE-2010-3614 -

    BIND afgjorde ikke på korrekt vis sikkerhedsstatussen på en - NS RRset under en DNSKEY-algoritmerollover, hvilket måske kunne føre til - en zoneutilgængelighed under rollovers.

    • - -
  • CVE-2010-3613 -

    BIND håndterede ikke på korrektvis kombinationen af signerede - negative svar og tilhørende RRSIG-poster i cachen, hvilket gjorde det - muligt for fjernangribere at forårsage et lammelsesangreb - (servernedbrud) via en forespørgsel efter cachede data.

    • - -
- -

Desuden forbedrer denne sikkerhedsopdatering kompatibiliteten med tidligere -installerede versioner af bind9-pakken. Som en følge deraf, er det nødvendigt -at iværksætte opdateringen med apt-get dist-upgrade i stedet for -apt-get update.

- -

I den stabile distribution (lenny), er disse problemer rettet i version -1:9.6.ESV.R3+dfsg-0+lenny1.

- -

I den kommende stabile distribution (squeeze) og i den ustable distribution -(sid), er disse problemer rettet i version 1:9.7.2.dfsg.P3-1.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2130.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2131.wml b/danish/security/2010/dsa-2131.wml deleted file mode 100644 index af8c2c26bf6..00000000000 --- a/danish/security/2010/dsa-2131.wml +++ /dev/null @@ -1,34 +0,0 @@ -udførelse af vilkårlig kode - -

Flere sårbarheder er fundet i exim4, som gjorde det muligt for en -fjernangriber at udføre vilkårlig kode som root-brugeren. Udnyttelser af disse -problemer har været set i det fri.

- -

Denne opdatering retter et hukommelseskorruptionsproblem, der gjorde det -muligt for fjernangribere at udføre vilkårlig kode som Debian-exim-brugeren -(\ -CVE-2010-4344).

- -

En rettelse til et yderligere problem, der gjorde det muligt for -Debian-exim-brugeren at opnå root-rettigheder -(\ -CVE-2010-4345) er i øjeblikket ved at blive kontrolleret for -kompatibilitetsproblemer. Den er endnu ikke med i denne opdatering, men vil -snart blive frigivet i forbindelse med en opdatering af denne bulletin.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 4.69-9+lenny1.

- -

Denne bulletin indeholder kun pakker til arkitekturerne alpha, amd64, hppa, -i386, ia64, powerpc og s390. Pakker til arkitekturerne arm, armel, mips, mipsel -og sparc vil blive frigivet så snart de er blevet opbygget.

- -

I distribution testing (squeeze) og i den ustabile distribution (sid), er -dette problem rettet i version 4.70-1.

- -

Vi anbefaler kraftigt at du opgraderer dine exim4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2131.data" -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" diff --git a/danish/security/2010/dsa-2132.wml b/danish/security/2010/dsa-2132.wml deleted file mode 100644 index f6b0e5b7d57..00000000000 --- a/danish/security/2010/dsa-2132.wml +++ /dev/null @@ -1,21 +0,0 @@ -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i Xulrunner, et runtimemiljø til -XUL-applikationer. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.9.0.19-7.

- -

I den kommende stabile version (squeeze) og i den ustabile distribution -(sid), er disse problemer rettet i version 3.5.15-1.

- -

I den eksperimentelle distribution, er disse problemer rettet i version -3.6.13-1.

- -

Vi anbefaler at du opgraderer dine xulrunner-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2132.data" -#use wml::debian::translation-check translation="148a51fa4673ab7c9c0cff2bef1784751a3568bc" mindelta="1" diff --git a/danish/security/2010/dsa-2133.wml b/danish/security/2010/dsa-2133.wml deleted file mode 100644 index f15ad1aca38..00000000000 --- a/danish/security/2010/dsa-2133.wml +++ /dev/null @@ -1,26 +0,0 @@ -lammelsesangreb - - -

Man opdagede at collectd, en statistikopsamlings- og overvågningsdæmon, var -sårbar over for et lammelsesangreb (denial of service) via en fabrikeret -netværkspakke.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 4.4.2-3+lenny1.

- -

I distributionen testing (squeeze), er dette problem rettet i -version 4.10.1-1+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.10.1-2.1.

- -

Denne bulletin indeholder kun pakker til arkitekturerne alpha, amd64, arm, -armel, hppa, i386, ia64, mips, powerpc, s390 og sparc. Pakker til arkitekturen -mipsel vil snart blive frigivet.

- -

Vi anbefaler at du opgraderer dine collectd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2133.data" -#use wml::debian::translation-check translation="c7855e6c9e501f45cf17148e30bf911f7696a37f" mindelta="1" diff --git a/danish/security/2010/dsa-2134.wml b/danish/security/2010/dsa-2134.wml deleted file mode 100644 index 9dfa5359ec9..00000000000 --- a/danish/security/2010/dsa-2134.wml +++ /dev/null @@ -1,16 +0,0 @@ -kommende ændringer i bulletinformatet - -

Traditionelt har Debian Security Advisories indeholdt MD5-checksummer hørende -til de opdaterede pakker. Det blev indført på et tidspunkt, hvor apt endnu ikke -fandtes og BIND's versionsnummer var 4.

- -

Da apt nu i nogen tid, kryptografisk har håndhævet arkivets integritet, har -vi besluttet endelig at fjerne hashværdierne fra vores bulletinmails.

- -

Vi vil også ændre nogle detaljer ved bulletinformatet i de kommende -måneder.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2134.data" -#use wml::debian::translation-check translation="3126379c188d1c17fb83967a5f21ea18ea669e2a" mindelta="1" diff --git a/danish/security/2010/dsa-2135.wml b/danish/security/2010/dsa-2135.wml deleted file mode 100644 index c7f23348c42..00000000000 --- a/danish/security/2010/dsa-2135.wml +++ /dev/null @@ -1,19 +0,0 @@ -flere sårbarheder - -

Joel Voss fra Leviathan Security Group opdagede to sårbarheder i xpdf's -rederingmaskine, hvilket måske kunne føre til udførelse af vilkårlig kode, hvis -en misdannet PDF-fil blev åbnet.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 3.02-1.4+lenny3.

- -

I den kommende stabile distribution (squeeze) og i den ustabile distribution -(sid), findes disse problemer ikke, da xpdf er blevet patch'et til at anvende -Poppler PDF-biblioteket.

- -

Vi anbefaler at du opgraderer dine poppler-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2135.data" -#use wml::debian::translation-check translation="63daeb1bdff913577dcab306ffb90d6e51b917b5" mindelta="1" diff --git a/danish/security/2010/dsa-2136.wml b/danish/security/2010/dsa-2136.wml deleted file mode 100644 index b591be44ef6..00000000000 --- a/danish/security/2010/dsa-2136.wml +++ /dev/null @@ -1,24 +0,0 @@ -bufferoverløb - -

Willem Pinckaers opdagede at Tor, et værktøj som muliggør onlineanonymitet, -ikke på korrekt vis håndterede alle data læst fra netværket. Ved at levere -særligt fremstillede pakker kunne en fjernangriber få Tors heap til at løbe -over, hvilket fik processen til at gå ned. Udførelse af vilkårlig kode er ikke -blevet bekræftet, men der er en potentiel risiko.

- -

I den stabile distribution (lenny), indeholder denne opdatering også en -opdatering af IP-adressen til Tors directory authority gabelmoo og håndterer en -svaghed i pakkens postinst-vedligeholderskript.

- -

I den stabile distribution (lenny) er dette problem rettet i -version 0.2.1.26-1~lenny+4.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er dette problem rettet i version 0.2.1.26-6.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2136.data" -#use wml::debian::translation-check translation="86774a4f23d7e2f850bceee369111c19464f1bef" mindelta="1" diff --git a/danish/security/2010/dsa-2137.wml b/danish/security/2010/dsa-2137.wml deleted file mode 100644 index b3ca2b930a9..00000000000 --- a/danish/security/2010/dsa-2137.wml +++ /dev/null @@ -1,21 +0,0 @@ -flere sårbarheder - -

Yang Dingning opdagede en dobbelt frigivelse i libxml's Xpath-behandling, -hvilket måske kunne muliggøre udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet -i version 2.6.32.dfsg-5+lenny3.

- -

I den kommende stabile distribution (squeeze) og i den ustabile distribution -(sid), er dette problem rettet i version 2.7.8.dfsg-2.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- -

Flere oplysninger om Debian Security Advisories, hvordan man installerer -disse opdatering på sit system samt ofte stillede spørgsmål findes på: -https://www.debian.org/security/

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2137.data" -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" diff --git a/danish/security/2010/dsa-2138.wml b/danish/security/2010/dsa-2138.wml deleted file mode 100644 index 2e310794c79..00000000000 --- a/danish/security/2010/dsa-2138.wml +++ /dev/null @@ -1,22 +0,0 @@ -SQL-indsprøjtning - -

Vladimir Kolesnikov opdagede en SQL-indsprøjtningssårbarhed i WordPress, et -webloghåndteringsprogram. En autoriseret bruger kunne udføre vilkårlige -SQL-kommandoer via feltet Send Trackbacks.

- -

I den stabile distribution (lenny), er dette problem rettet -i version 2.5.1-11+lenny4.

- -

I den ustabile distribution (sid) og i distributionen testing (squeeze), -er dette problem rettet i version 3.0.2-1.

- -

Vi anbefaler at du opgraderer din wordpress-pakke.

- -

Flere oplysninger om Debian Security Advisories, hvordan man installerer -disse opdatering på sit system samt ofte stillede spørgsmål findes på: -https://www.debian.org/security/

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2138.data" -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" diff --git a/danish/security/2010/dsa-2139.wml b/danish/security/2010/dsa-2139.wml deleted file mode 100644 index f2c43dd1097..00000000000 --- a/danish/security/2010/dsa-2139.wml +++ /dev/null @@ -1,44 +0,0 @@ -flere sårbarheder - -

Flere sårbarheder er opdaget i phpMyAdmin, et værktøj til at administrere -MySQL via web. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2010-4329 - -

    Udførelse af skripter på tværs af websteder var muligt i search, der - gjorde det muligt for en fjernangriber at indsprøjte vilkårligt webskript - eller HTML.

    • - -
  • CVE-2010-4480 - -

    Udførelse af skripter på tværs af websteder var muligt i errors, der - gjorde det muligt for en fjernangriber at indsprøjte vilkårligt webskript - eller HTML.

    • - -
  • CVE-2010-4481 - -

    Visning af PHP's phpinfo()-funktion var tilgængelig for alle, men kun hvis - funktionaliteten var blevet aktiveret (standard er deaktiveret). Derved kunne - der måske lækkes nogle oplysninger om værtssystemet.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i -version 2.11.8.1-5+lenny7.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -disse problemer rettet i version 3.3.7-3.

- -

Vi anbefaler at du opgraderer din phpmyadmin-pakke.

- -

Flere oplysninger om Debian Security Advisories, hvordan man installerer -disse opdatering på sit system samt ofte stillede spørgsmål findes på: -https://www.debian.org/security/

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2010/dsa-2139.data" -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" diff --git a/danish/security/2010/index.wml b/danish/security/2010/index.wml deleted file mode 100644 index 4506bb6f4ab..00000000000 --- a/danish/security/2010/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2010 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2010', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2011/Makefile b/danish/security/2011/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2011/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2011/dsa-2140.wml b/danish/security/2011/dsa-2140.wml deleted file mode 100644 index 1504ec731d0..00000000000 --- a/danish/security/2011/dsa-2140.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" -stakoverløb - -

En sårbarhed er fundet i Apache mod_fcgid. Projektet Common Vulnerabilities -and Exposures har registeret følgende problem:

- -
    - -
  • CVE-2010-3872 - -

    Et stakoverløb kunne gøre det muligt for en usikker FCGI-applikation at - forårsage et servernedbrud eller muligvis udføre vilkårlig kode som brugeren, - der kører webserveren.

    • - -
- -

I den stabile distribution (lenny), er dette problem rettet i version -2.2-1+lenny1.

- -

I den ustabile distribution (sid) og i distributionen testing (squeeze), er -dette problem rettet i version 2.3.6-1.

- -

Vi anbefaler at du opgraderer dine libapache2-mod-fcgid-pakker.

- -

Flere oplysninger om Debian Security Advisories, hvordan man installerer -disse opdateringer på sit system samt ofte stillede spørgsmål findes på: -https://www.debian.org/security/

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2140.data" diff --git a/danish/security/2011/dsa-2141.wml b/danish/security/2011/dsa-2141.wml deleted file mode 100644 index 2f1c2a9fd93..00000000000 --- a/danish/security/2011/dsa-2141.wml +++ /dev/null @@ -1,59 +0,0 @@ -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" -SSL/TLS-designfejl i forbindelse med usikker genforhandlingsprotokol - - -

DSA-2141 består af tre individuelle dele, som kan ses i postlistearkivet: -DSA 2141-1 (openssl), -DSA 2141-2 (nss), -DSA 2141-3 (apache2) og -DSA 2141-4 (lighttpd). -Denne side dækker kun den første del, openssl.

- -
    - -
  • CVE-2009-3555 - -

    Marsh Ray, Steve Dispensa og Martin Rex opdagede en fejl i TLS- og -SSLv3-protokollerne. Hvis en angriber kunne udføre et manden i midten-angreb -ved starten af en TLS-forbindelse, kunne angriberen indsprøjte vilkårligt -indhold i starten af brugerens session. Denne opdatering tilføjer tilbageført -understøttelse af den nye RFC5746-genforhandlingsudvidelse, som løser -problemet.

    - -

    Hvis openssl anvendes i en serverapplikation, vil den som standard ikke -længere acceptere genforhandling fra klienter, som ikke understøtter den sikre -RFC5746-genforhandlingsudvidelse. En separat bulletin vil tilføje -RFC5746-understøttelse til nss, sikkerhedsbiblioktet som anvendes af -webbrowseren iceweasel. Der følger en opdatering til apache2, som gør det -muligt at genaktivere usikker genforhandling.

    - -

    Denne version af openssl er ikke kompatibel med ældre versioner af tor. -Man skal som minimum anvende tor version 0.2.1.26-1~lenny+1, der er medtaget i -punktopdatering 5.0.7 af Debians stabile udgave.

    - -

    I øjeblikket har vi ikke kendskab til anden software med lignende -kompatibilitetsproblemer.

    • - -
  • CVE-2010-4180 - -

    Denne opdatering retter desuden en fejl, der gjorde det muligt for en klient -at omgå begrænsninger opsat på serveren vedrørende den anvendte -cipher-suite.

    • - -
- -

I den stabile distribution (lenny), er dette problem rettet i version -0.9.8g-15+lenny11.

- -

I den ustabile distribution (sid) og i distributionen testing (squeeze), er -dette problem rettet i version 0.9.8o-4.

- -

Vi anbefaler at du opgraderer din openssl-pakke.

- -

Flere oplysninger om Debian Security Advisories, hvordan man installerer -disse opdateringer på sit system samt ofte stillede spørgsmål findes på: -https://www.debian.org/security/

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2141.data" diff --git a/danish/security/2011/dsa-2142.wml b/danish/security/2011/dsa-2142.wml deleted file mode 100644 index 8595b72b5a9..00000000000 --- a/danish/security/2011/dsa-2142.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" -mappegennemløb - -

Jakub Wilk opdagede at komponenten dpkg-source i dpkg, Debians -pakkehåndteringssystem, ikke på korrekt vis håndterede stier i patches hørende -til kildekodepakker, hvilket kunne gøre det muligt at gennemløbe mapper. -Raphaël Hertzog opdagede yderligere, at symbolske links i mappen .pc følges, -hvilket også kunne muliggøre mappegennemløb.

- -

Begge problemer påvirker kun kildekodepakker som anvender -3.0 quilt-formatet på udpakningstidspunktet.

- -

I den stabile distribution (lenny), er disse problemer rettet i -version 1.14.31.

- -

I distributionen testing (squeeze) og i den ustabile distributions (sid), -vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine dpkg-pakker.

- -

Flere oplysninger om Debian Security Advisories, hvordan man installerer -disse opdateringer på sit system samt ofte stillede spørgsmål findes på: -https://www.debian.org/security/

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2142.data" diff --git a/danish/security/2011/dsa-2143.wml b/danish/security/2011/dsa-2143.wml deleted file mode 100644 index c9b4c903c59..00000000000 --- a/danish/security/2011/dsa-2143.wml +++ /dev/null @@ -1,95 +0,0 @@ -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i databaseserveren MySQL. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2010-3677 - -

    Man opdagede at MySQL gjorde det muligt for autentificerede fjernbrugere - at forårsage et lammelsesangreb (nedbrud af mysqld-dæmonen) via et join-query, - der anvender en tabel med en unik SET-kolonne.

    • - -
  • CVE-2010-3680 - -

    Man opdagede at MySQL gjorde det muligt for autentificerede fjernbrugere - at forårsage et lammelsesangreb (nedbrud af mysqld-dæmonen) ved at oprette - midlertidige tabeller mens InnoDB anvendes, hvilket udløste en - assertion-fejl.

    • - -
  • CVE-2010-3681 - -

    Man opdagede at MySQL gjorde det muligt for autentificerede fjernbrugere - at forårsage et lammelsesangreb (nedbrud af mysqld-dæmonen) ved at anvende - HANDLER-grænsefladen og udføre alternative læsninger fra to indeks i en - tabel, hvilket udløste en assertion-fejl.

    • - -
  • CVE-2010-3682 - -

    Man opdagede at MySQL på ukorrekt vis håndterende anvendelsen af EXPLAIN - ved visse forespørgsler. - En autentificeret bruger kunne få serveren til at gå ned.

    • - -
  • CVE-2010-3833 - -

    Man opdagede at MySQL på ukorrekt vis håndterede propagation under - evaluering af parametre til ekstreme værdie-funktioner. - En autentificeret bruger kunne få serveren til at gå ned.

    • - -
  • CVE-2010-3834 - -

    Man opdagede at MySQL på ukorrekt vis håndterede materialisering af afledte - tabeller, som krævede en midlertidig tabel til gruppering. - En autentificeret bruger kunne få serveren til at gå ned.

    • - -
  • CVE-2010-3835 - -

    Man opdagede at MySQL på ukorrekt vis håndterede visse variable - brugertildelte udtryk, der evalueres i konteksten af et logisk udtryk. - En autentificeret bruger kunne få serveren til at gå ned.

    • - -
  • CVE-2010-3836 - -

    Man opdagede at MySQL på ukorrekt vis håndterede præ-evaluering af - LIKE-prædikater under view-forberedelse. - En autentificeret bruger kunne få serveren til at gå ned.

    • - -
  • CVE-2010-3837 - -

    Man opdagede at MySQL på ukorrekt vis håndterede samtidig anvendelse af - GROUP_CONCAT() og WITH ROLLUP. - En autentificeret bruger kunne få serveren til at gå ned.

    • - -
  • CVE-2010-3838 - -

    Man opdagede at MySQL på ukorrekt vis håndterede visse forespørgsler med - anvendelse af en blandet liste af numeriske og LONGBLOB-parametre til - funktionerne GREATEST() og LEAST(). - En autentificeret bruger kunne få serveren til at gå ned.

    • - -
  • CVE-2010-3840 - -

    Man opdagede at MySQL på ukorrekt vis håndterede upassende WKB-data - overført til funktionen PolyFromWKB(). - En autentificeret bruger kunne få serveren til at gå ned.

    • - -
- -

I den stabile distribution (lenny), er disse problemer rettet i version -5.0.51a-24+lenny5.

- -

Distributionen testing (squeeze) og den ustabile distribution (sid) -indeholder ikke længere mysql-dfsg-5.0.

- -

Vi anbefaler at du opgraderer dine mysql-dfsg-5.0-pakker.

- -

Flere oplysninger om Debian Security Advisories, hvordan man installerer -disse opdateringer på sit system samt ofte stillede spørgsmål findes på: -https://www.debian.org/security/

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2143.data" diff --git a/danish/security/2011/dsa-2144.wml b/danish/security/2011/dsa-2144.wml deleted file mode 100644 index 901e8bee569..00000000000 --- a/danish/security/2011/dsa-2144.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" -bufferoverløb - -

Man opdagede at et bufferoverløb i ENTTEC-dissektoren måske kunne føre til -udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.0.2-3+lenny12.

- -

For the testing distribution (squeeze), er dette problem rettet i version -1.2.11-6.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.2.11-6.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- -

Flere oplysninger om Debian Security Advisories, hvordan man installerer -disse opdateringer på sit system samt ofte stillede spørgsmål findes på: -https://www.debian.org/security/

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2144.data" diff --git a/danish/security/2011/dsa-2145.wml b/danish/security/2011/dsa-2145.wml deleted file mode 100644 index 692b52f21fd..00000000000 --- a/danish/security/2011/dsa-2145.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" -bufferoverløb - -

Andres Lopez Luksenberg opdagede et bufferoverløb i OID-fortolkeren i libsmi, -et bibliotek til at tilgå SMI MIB-data.

- -

I den stabile distribution (lenny), er dette problem rettet i version -0.4.7+dfsg-0.2.

- -

I distributionen testing (squeeze), er dette problem rettet i version -0.4.8+dfsg2-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.4.8+dfsg2-3.

- -

Vi anbefaler at du opgraderer dine libsmi-pakker.

- -

Flere oplysninger om Debian Security Advisories, hvordan man installerer -disse opdateringer på sit system samt ofte stillede spørgsmål findes på: -https://www.debian.org/security/

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2145.data" diff --git a/danish/security/2011/dsa-2146.wml b/danish/security/2011/dsa-2146.wml deleted file mode 100644 index 7fd5c6df446..00000000000 --- a/danish/security/2011/dsa-2146.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" -mappegennemløb - -

D. Fabian og L. Weichselbaum opdagede en mappegennemløbssårbarhed i MyDMS, -et open source-dokumenthåndteringssystem baseret på PHP og MySQL.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.7.0-1+lenny1.

- -

Distributionen testing (squeeze) og den ustabile distribution (sid) -indeholder ikke længere mydms-pakker.

- -

Vi anbefaler at du opgraderer dine mydms-pakker.

- -

Flere oplysninger om Debian Security Advisories, hvordan man installerer -disse opdateringer på sit system samt ofte stillede spørgsmål findes på: -https://www.debian.org/security/

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2146.data" diff --git a/danish/security/2011/dsa-2147.wml b/danish/security/2011/dsa-2147.wml deleted file mode 100644 index a38f7bf3c62..00000000000 --- a/danish/security/2011/dsa-2147.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" -usikre midlertidige filer - -

Vincent Bernat opdagede at pimd, en multicast-routing-dæmon, oprettede filer -med forudsigelse navne ved modtagelse af bestemte signaler.

- -

I den stabile distribution (lenny), er dette problem rettet i version -2.1.0-alpha29.17-8.1lenny1.

- -

Distributionen testing (squeeze) og den ustabile distribution (sid) vil om -kort tid blive opdateret.

- -

Vi anbefaler at du opgraderer dine pimd-pakker.

- -

Flere oplysninger om Debian Security Advisories, hvordan man installerer -disse opdateringer på sit system samt ofte stillede spørgsmål findes på: -https://www.debian.org/security/

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2147.data" diff --git a/danish/security/2011/dsa-2148.wml b/danish/security/2011/dsa-2148.wml deleted file mode 100644 index c3e277191fa..00000000000 --- a/danish/security/2011/dsa-2148.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" mindelta="1" -flere sårbarheder - -

Udviklerne af Tor, et anonymerseringsoverlægningsnetværk til TCP, fandt tre -sikkerhedsproblemer under en sikkerhedsaudit. Et heapoverflow gjorde det muligt -at udføre vilkårlig kode -(CVE-2011-0427), -en lammelsesangrebssårbarhed blev fundet i zlib-komprimeringshåndteringen og -noget nøglehukommelse blev ukorrekt nulstillet før frigivelse. De sidstnævnte -to problemer har endnu ikke fået tildelt CVE-identifikationer. Debian Security -Tracker vil blive opdateret når de er tilgængelige: -\ -https://security-tracker.debian.org/tracker/source-package/tor

- -

I den stabile distribution (lenny), er dette problem rettet i version -0.2.1.29-1~lenny+1.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), er -dette problem rettet i version 0.2.1.29-1.

- -

I den eksperimentelle distribution, er dette problem rettet i version -0.2.2.21-alpha-1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- -

Flere oplysninger om Debian Security Advisories, hvordan man installerer -disse opdateringer på sit system samt ofte stillede spørgsmål findes på: -https://www.debian.org/security/

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2148.data" diff --git a/danish/security/2011/dsa-2149.wml b/danish/security/2011/dsa-2149.wml deleted file mode 100644 index 11c1f042fa0..00000000000 --- a/danish/security/2011/dsa-2149.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="a678f6ce7a4237d7391bcc68f402cce9f38f3373" mindelta="1" -lammelsesangreb - -

Rémi Denis-Courmont opdagede at dbus, en meddeleses-bus-applikation, ikke på -korrekt vis begrænsede nesting-niveauet når meddeleleser med omfattende nestede -varianter. Dermed var det muligt for en angriber at få dbus-systemdæmonen til -at gå ned på grund af et call-stak-overløb via fabrikerede meddelelser..

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.2.1-5+lenny2.

- -

I distributionen testing (squeeze), er dette problem rettet i version -1.2.24-4.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.2.24-4.

- -

Vi anbefaler at du opgraderer dine dbus-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2149.data" diff --git a/danish/security/2011/dsa-2150.wml b/danish/security/2011/dsa-2150.wml deleted file mode 100644 index 0feb0a2370c..00000000000 --- a/danish/security/2011/dsa-2150.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="7dde7bbb865c6da3112d79fb7280410292cd64bf" mindelta="1" -unsalted adgangskodehashing - -

Man opdagede at Request Tracker, et sagssporingssystem, gemte adgangskoder i -sin database med brug af en utilstrækkelig stærkt hashingmetode. Hvis en -angriber havde adgang til adgangskodedatabasen, kunne vedkommende dekode -adgangskoderne opbevaret i den.

- -

I den stabile distribution (lenny), er dette problem rettet i -version 3.6.7-5+lenny5.

- -

Distribution testing (squeeze) vil snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.8.8-7 of the request-tracker3.8 package.

- -

Vi anbefaler at du opgraderer dine Request Tracker-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2150.data" diff --git a/danish/security/2011/dsa-2151.wml b/danish/security/2011/dsa-2151.wml deleted file mode 100644 index c25f2e60794..00000000000 --- a/danish/security/2011/dsa-2151.wml +++ /dev/null @@ -1,88 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sikkerhedsrelaterede problemer er opdaget i OpenOffice.org-pakken, -hvilket gjorde det muligt ved hjælp af misdannede dokumenter, at narre systemet -til nedbrud eller endda udføre vilkårlig kode.

- -
    - -
  • CVE-2010-3450 - -

    Under en internt sikkerhedsaudit i Red Hat, blev der fundet en - mappegennemløbssårbarhed i den måde hvorpå OpenOffice.org 3.1.1 til 3.2.1 - behandler XML-filterfiler. Hvis en lokal bruger narres til at åbne en - særlig fremstillet OOo-XML-filterpakke, kunne problemet gøre det muligt for - fjernangribere at oprette eller overskrive vilkårlige filer tilhørende en - lokal bruger eller, potentielt, udføre vilkårlig kode.

    • - -
  • CVE-2010-3451 - -

    Under sit arbejde som konsulent hos Virtual Security Research(VSR), - opdagede Dan Rosenberg en sårbarhed i OpenOffice.orgs funktionalitet til - RTF-fortolkning. Åbning af et ondsindet fremstillet RTF-dokument kunne - medføre en hukommelseslæsning uden for grænserne i tidligere allokeret - heaphukommelse, hvilket måske kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2010-3452 - -

    Dan Rosenberg opdagede en sårbarhed i fortolkeren af RTF-filer, hvilket - kunne anvendes som en løftestage af angribere til at få mulighed for at - udføre vilkårlig kode, ved at overbevise et offer om at åbne en ondsindet - fabrikeret RTF-fil.

    • - -
  • CVE-2010-3453 - -

    Som en del af sit arbejde hos Virtual Security Research, opdagede Dan - Rosenberg en sårbarhed i funktionen WW8ListManager::WW8ListManager() i - OpenOffice.org, som gjorde det muligt at forårsage udførelse af vilkårlig - kode ved hjælp af en ondsindet fabrikeret fil.

    • - -
  • CVE-2010-3454 - -

    Som en del af sit arbejde hos Virtual Security Research, opdagede Dan - Rosenberg en sårbarhed i funktionen WW8DopTypography::ReadFromMem() i - OpenOffice.org, som måske kunne udnyttes af en angriber, til ved hjælp af - en ondsindet fabrikeret fil at styre programflowet og potentielt udføre - vilkårlig kode.

    • - -
  • CVE-2010-3689 - -

    Dmitri Gribenko opdagede at skriptet soffice ikke håndterede en tom - LD_LIBRARY_PATH-variabel på samme måde som en tom, hvilket måske kunne føre - til udførelse af vilkårlig kode.

    • - -
  • CVE-2010-4253 - -

    Et heapbaseret bufferoverløb blev opdaget; følgevirkningerne er - ukendte.

    • - -
  • CVE-2010-4643 - -

    En sårbarhed blev opdaget i den måde hvorpå OpenOffice.org håndterer - TGA-grafik, hvilket kan fremprovokeres af en særligt fremstillet TGA-fil, - som kunne medføre at programmet gik ned på grund af et heapbaseret - bufferoverløb med ukendte følgevirkninger.

    • - -
- -

I den stabile distribution (lenny) er disse problemer rettet i version -2.4.1+dfsg-1+lenny11.

- -

I den kommende stabile distribution (squeeze) er disse problemer rettet i -version 3.2.1-11+squeeze1.

- -

I den ustabile distribution (sid) er disse problemer rettet i version -3.2.1-11+squeeze1.

- -

I den eksperimentelle distribution er disse problemer rettet i version -3.3.0~rc3-1.

- -

Vi anbefaler at du opgraderer dine OpenOffice.org-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2151.data" diff --git a/danish/security/2011/dsa-2152.wml b/danish/security/2011/dsa-2152.wml deleted file mode 100644 index 15285e7fe32..00000000000 --- a/danish/security/2011/dsa-2152.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="be58805614a1d678f470b52513cf38cd5c87671a" mindelta="1" -bufferoverløb - -

Sebastian Krahmer opdagede et bufferoverløb i SNMP-discovery-koden i HP Linux -Printing and Imaging System, hvilket kunne medføre udførelse af vilkårlig -kode.

- -

I den stabile distribution (lenny), er dette problem rettet i version -2.8.6.b-4+lenny1.

- -

I distributionen testing (squeeze), er dette problem rettet i version -3.10.6-2.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.10.6-2.

- -

I den eksperimentelle distribution, er dette problem rettet i version -3.11.1-1.

- -

Vi anbefaler at du opgraderer dine hplip-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2152.data" diff --git a/danish/security/2011/dsa-2153.wml b/danish/security/2011/dsa-2153.wml deleted file mode 100644 index a067fc31239..00000000000 --- a/danish/security/2011/dsa-2153.wml +++ /dev/null @@ -1,166 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/lammelsesangreb/informationslækage - - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service) eller -informationslækage. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2010-0435 - -

    Gleb Napatov rapporterede om et problem i KVM-undersystemet, som gjorde - det muligt for virtuelle maskiner at forårsage et lammelsesangreb på - værtsmaskinen ved at udføre mov to/from DR-instruktioner.

    • - -
  • CVE-2010-3699 - -

    Keir Fraser leverede en rettelse af et problem i Xen-undersystemet. En - gæst kunne forårsage et lammelsesangreb på værtsmaskinen ved at beholde en - lækket reference til en enhed. Det kunne medføre et zombiedomæne, hængende - xenwatch-proces og xm-kommandofejl.

    • - -
  • CVE-2010-4158 - -

    Dan Rosenberg opdagede et problem i socket filters-undersystemet, som - gjorde det muligt for lokale upriviligerede brugere at få adgang til - indholdet af følsom kernehukommelse.

    • - -
  • CVE-2010-4162 - -

    Dan Rosenberg opdagede et overløbsproblem i blok-I/O-undersystemet, som - gorde det muligt for lokale brugere at kortlægge et stort antal sider, - medførende et lammelsesangreb på grund af kald af out of - memory-dræberen.

    • - -
  • CVE-2010-4163 - -

    Dan Rosenberg opdagede et problem i blok-I/O-undersystemet. På grund af - ukorrekt validering af iov-segmenter, kunne lokale brugere udløse kernepanik - medførende et lammelsesangreb.

    • - -
  • CVE-2010-4242 - -

    Alan Cox rapporterede om et problem i Bluetooth-undersystemet. Lokale - brugere med tilstrækkelige rettigheder til at tilgå HCI UART-enheder, kunne - forårsage et lammelsesangreb (NULL-pointerdereference) på grund af en - manglende kontrol af en eksisterende tty-skrivningshandling.

    • - -
  • CVE-2010-4243 - -

    Brad Spengler rapporterede om et lammelsesangreb i systemet der holder - styr på kernehukommelsen. Ved at overføre store argv-/envp-værdier til exec, - kunne lokale brugere få out of memory-dræberen til at dræbe processer - ejet af andre brugere.

    • - -
  • CVE-2010-4248 - -

    Oleg Nesterov rapporterede om et problem i POSIX CPU-timers-undersystemet. - Lokale brugere kunne forårsage et lammelsesangreb (oops) på grund af - utilstrækkelige formodninger om thread group leader-opførsel.

    • - -
  • CVE-2010-4249 - -

    Vegard Nossum rapportede om et problem med UNIX socket-garbagecollectoren. - Lokale brugere kunne forbrug al LOWMEM og nedsætte systemets ydeevne ved at - overbelaste det med inflight-sockets.

    • - -
  • CVE-2010-4258 - -

    Nelson Elhage rapporterede om et problem i Linux' oops-håndtering. - Lokale brugere kunne måske få forøgede rettigheder, hvis de havde mulighed - for at udløse en oops med en proces' fs sat til KERNEL_DS.

    • - -
  • CVE-2010-4342 - -

    Nelson Elhage rapporterede om et problem Econet-protokollen. - Fjernangribere kunne forårsage et lammelsesangreb ved at sende en Acorn - Universal Networking-pakke over UDP.

    • - -
  • CVE-2010-4346 - -

    Tavis Ormandy opdagede et problem i rutinen install_special_mapping, - hvilket gjorde det muligt for lokale brugere at omgå - mmap_min_addr-sikkerhedsbegrænsningen. Kombineret med en ellers ikke - særlig alvorlig lammelsesangrebssårbarhed (NULL-pointerdereference), kunne - en lokal bruger få forøgede rettigheder.

    • - -
  • CVE-2010-4526 - -

    Eugene Teo rapporterede om en kapløbstilstand i Linux' - SCTP-implementering. Fjernbrugere kunne forårsage et lammelsesangreb - (kernehukommelseskorruption) ved at overføre en ICMP-unreachable-meddelelse - til en låst socket.

    • - -
  • CVE-2010-4527 - -

    Dan Rosenberg rapporterede om to problemer i OSS-lydkortsdriveren. - Lokale brugere med adgang til enheden (som standard medlemmer af gruppen - audio på Debian-installationer) kunne tilgå følsom kernehukommelse - eller forårsage et bufferoverløb, potentielt medførende en - rettighedsforøgelse.

    • - -
  • CVE-2010-4529 - -

    Dan Rosenberg rapporterede om et problem i Linux-kernens implementering - af IrDA-socket på ikke-x86-arkitekturer. Lokale brugere kunne måske få - adgang til følsom kernehukommelse via et særlig fremstillet - IRLMP_ENUMDEVICES-getsockopt-kald.

    • - -
  • CVE-2010-4565 - -

    Dan Rosenberg rapporterede om et problem i Linux' implementering af - CAN-protokollen. Lokale brugere kunne få fat i adressen til et - kerneheapobjekt, hvilket måske kunne være en hjælp i forbindelse med en - systemudnyttelse.

    • - -
  • CVE-2010-4649 - -

    Dan Carpenter rapporterede om et problem i uverb-håndteringen i - InfiniBand-undersystemet. Et potentielt bufferoverløb kunne måske gøre det - muligt for lokale brugere at forårsage et lammelsesangreb - (hukommelseskorruption) ved at overføre en stor cmd.ne-værdi.

    • - -
  • CVE-2010-4656 - -

    Kees Cook rapporterede om et problem i driveren til I/O-Warrior - USB-enheder. Lokale brugere med adgang til disse enheder kunne måske få - kernebuffere til at løbe over, medførende et lammelsesangreb eller - rettighedsforøgelse.

    • - -
  • CVE-2010-4668 - -

    Dan Rosenberg rapporterede om et problem i block-undersystemet. En lokal - bruger kunne forårsage et lammelsesangreb (kernepanik) ved at sende visse - 0-længde I/O-forespørgsler.

    • - -
  • CVE-2011-0521 - -

    Dan Carpenter rapporterede om et problem i DVB-driveren til AV7110-kort. - Lokale brugere kunne overføre en negativ info->num-værdi, medførende - korruption af kernehukommelse og et lammelsesangreb.

    • - -
- -

I den stabile distribution (lenny), er dette problem rettet i -version 2.6.26-26lenny2.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:

- -
- - -
  Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+26lenny2
- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- -

Bemærk at disse opdateringer ikke vil træde i kraft før du har genstartet dit -system.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2153.data" diff --git a/danish/security/2011/dsa-2154.wml b/danish/security/2011/dsa-2154.wml deleted file mode 100644 index dd39769eb5b..00000000000 --- a/danish/security/2011/dsa-2154.wml +++ /dev/null @@ -1,72 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse - - -

En designfejl -(CVE-2010-4345) -i exim4 gjorde det muligt for den lokale Debian-exim-bruger at få rootrettigheder -ved at angive en alternativ opsætningsfil ved anvendelse af parameteret -C eller -ved hjælp af muligheden for at overtrume makroer (parameteret -D). Desværre er -det ikke muligt at retter sårbarheden unden at foretage ændringer i hvordan -exim4 opfører sig. Hvis du anvender parametrene -C eller -D eller mulighed for -at lave systemfiltre, bør du nøje gennemse ændringerne og tilpasse din opsætning -tilsvarende. Debians standardopsætning er ikke påvirket af ændringerne.

- -

Den detaljerede liste over ændringer er beskrevet i filen NEWS.Debian i -pakkerne. De relevante afsnit er også gengivet herunder.

- -

Desuden medførte manglende fejlhåndtering af systemkaldene setuid/setgid det -muligt for Debian-exim-brugeren at få root til at tilføje logdata til vilkårlige -filer -(CVE-2011-0017).

- -

I den stabile distribution (lenny), er disse problemer rettet i version -4.69-9+lenny3.

- -

I distributionen testing (squeeze) og i den ustabile distribution (sid), -er disse problemer rettet i version 4.72-4.

- -

Ikke-oversat uddrag fra filen NEWS.Debian, fra pakkerne exim4-daemon-light -og exim4-daemon-heavy:

- -
-Exim versions up to and including 4.72 are vulnerable to
-CVE-2010-4345. This is a rettighedsforøgelse issue that allows the
-exim user to gain root privileges by specifying an alternate
-configuration file using the -C option. The macro override facility
-(-D) might also be misused for this purpose.
-
-In reaction to this security vulnerability upstream has made a number
-of user visible changes. This package includes these changes.
-
-If exim is invoked with the -C or -D option the daemon will not regain
-root privileges though re-execution. This is usually necessary for
-local delivery, though. Therefore it is generally not possible anymore
-to run an exim daemon with -D or -C options.
-
-However this version of exim has been built with
-TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST
-defines a list of configuration files which are trusted; if a config
-file is owned by root and matches a pathname in the list, then it may
-be invoked by the Exim build-time user without Exim relinquishing root
-privileges.
-
-As a hotfix to not break existing installations of mailscanner we have
-also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to
-start exim with -DOUTGOING while being able to do local deliveries.
-
-If you previously were using -D switches you will need to change your
-setup to use a separate configuration file. The ".include" mechanism
-makes this easy.
-
-The system filter is run as exim_user instead of root by default.  If
-your setup requies root privileges when running the system filter you
-will need to set the system_filter_user exim main configuration
-option.
-
-
- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2154.data" diff --git a/danish/security/2011/dsa-2155.wml b/danish/security/2011/dsa-2155.wml deleted file mode 100644 index cc04d209734..00000000000 --- a/danish/security/2011/dsa-2155.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="d31344ed360890bbf7abddb17cf3afb2422e185c" mindelta="1" -flere sårbarheder - -

To bufferoverløb blev opdaget i skrifttypebiblioteket Freetype, hvilket kunne -føre til føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i version -2.3.7-2+lenny5.

- -

I distributionen testing (squeeze), er dette problem rettet i version -2.4.2-2.1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.4.2-2.1.

- -

Vi anbefaler at du opgraderer dine freetype-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2155.data" diff --git a/danish/security/2011/dsa-2156.wml b/danish/security/2011/dsa-2156.wml deleted file mode 100644 index 6be17491129..00000000000 --- a/danish/security/2011/dsa-2156.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="d4dc224f456377792840747f6f306cabd1caf264" mindelta="1" -bufferoverløb - -

MWR InfoSecurity fandt et bufferoverløb i pcscd, middleware beregnet til at -tilgå et smartcard via PC/SC, hvilket kunne føre til udførelse af vilkårlig -kode.

- -

I den stabile distribution (lenny), er dette problem rettet i version -1.4.102-1+lenny4.

- -

I distributionen testing (squeeze), er dette problem rettet i version -1.5.5-4.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.5.5-4.

- -

Vi anbefaler at du opgraderer dine pcscd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2156.data" diff --git a/danish/security/2011/dsa-2157.wml b/danish/security/2011/dsa-2157.wml deleted file mode 100644 index 10db59d0225..00000000000 --- a/danish/security/2011/dsa-2157.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="efe2a380651d51ff9da2564cfbc4359842f9b975" mindelta="1" -bufferoverløb - -

Man opdagede at PostgreSQL's intarray-contrib-modul ikke på korrekt vis -håndterede heltal med et stort antal cifre, hvilket førte til et servernedbrud -og potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (lenny), er dette problem rettet i version -8.3.14-0lenny1 af pakken postgresql-8.3.

- -

I distributionen testing (squeeze), er dette problem rettet i version -8.4.7-0squeeze1 af pakken postgresql-8.4.

- -

I den ustabile distribution (sid), er dette problem rettet i version -8.4.7-1 af pakken postgresql-8.4 og i version 9.0.3-1 af pakken -postgresql-9.0.

- -

Opdateringen indeholder også pålidelighedsforbedringer; for flere oplysninger -henvises til de respektive changelog-filer.

- -

Vi anbefaler at du opgraderer dine PostgreSQL-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2157.data" diff --git a/danish/security/2011/dsa-2158.wml b/danish/security/2011/dsa-2158.wml deleted file mode 100644 index ee23b525ad7..00000000000 --- a/danish/security/2011/dsa-2158.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="75615727e92424580b37e90165424650cbafd7c0" mindelta="1" -udførelse af skripter på tværs af websteder - -

Michael Brooks (Sitewatch) opdagede en reflektiv XSS-fejl i CGI:IRC, en -webbaseret IRC-klient, hvilket kunne føre til udførelse af vilkårligt -JavaScript.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -0.5.9-3lenny1.

- -

I den stabile distribution (squeeze) og i den ustabile distribution (sid), -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine cgiirc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2158.data" diff --git a/danish/security/2011/dsa-2159.wml b/danish/security/2011/dsa-2159.wml deleted file mode 100644 index cccbc822ae8..00000000000 --- a/danish/security/2011/dsa-2159.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c0dae2f7ed3fcb0438ece986b7058d99bf787d1d" mindelta="1" -manglende kontrol af inddata - -

Dan Rosenberg opdagede at utilstrækkelig kontrol af inddata i VLC's -behandling af Matroska/WebM-containere kunne føre til udførelse af vilkårlig -kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.1.3-1squeeze3.

- -

Versionen af vlc i den gamle stabile distribution (lenny) er påvirket af -yderligere problemer, som vil blive løst i en opfølgende bulletin.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.1.7-1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2159.data" diff --git a/danish/security/2011/dsa-2160.wml b/danish/security/2011/dsa-2160.wml deleted file mode 100644 index 17edbac8108..00000000000 --- a/danish/security/2011/dsa-2160.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Tomcat Servlet- og JSP-maskinen:

-
    -
  • CVE-2010-3718 -

    - Man opdagede at SecurityManager på utilstrækkelig vis begrænsede - arbejdsmappen. -

    • - - -
  • CVE-2011-0013 -

    - Man opdagede at HTML-managerinterfacet var på virket af en sårbarhed i - forbindelse med udførelse af skripter på tværs af websteder. -

    • - - -
  • CVE-2011-0534 -

    - Man opdagede at NIO-connectoren udførte utilstrækkelig validering af - HTTP-headerne, hvilket kunne føre til lammelsesangreb (denial of service). -

    • -
- -

-Den gamle stabile distribution (lenny) er ikke påvirket af disse problemer. -

- -

-I den stabile distribution (squeeze), er dette problem rettet i version -6.0.28-9+squeeze1. -

- -

-I den ustabile distribution (sid), er dette problem rettet i version 6.0.28-10. -

- -

-Vi anbefaler at du opgraderer dine tomcat6-pakker. -

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2160.data" diff --git a/danish/security/2011/dsa-2161.wml b/danish/security/2011/dsa-2161.wml deleted file mode 100644 index 23a28898982..00000000000 --- a/danish/security/2011/dsa-2161.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="dc13901bc43feb7732e32993c830e23873f09356" mindelta="1" -lammelsesangreb - -

Man opdagede at flydende komma-fortolkeren i OpenJDK, en implementering af -Java-platformen, kunne komme i en uendelig løkke når visse inddatastrenge blev -behandlet. Sådanne inddatastrenge repræsenterede gyldige tal og kunne være -indeholdt i data leveret af en angriber via netværket, medførende et -lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (lenny), vil dette problem blive rettet i -version 6b18-1.8.3-2~lenny1. Af tekniske årsager vil opdateringen blive frigivet -separat.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -6b18-1.8.3-2+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2161.data" diff --git a/danish/security/2011/dsa-2162.wml b/danish/security/2011/dsa-2162.wml deleted file mode 100644 index 3167aca7621..00000000000 --- a/danish/security/2011/dsa-2162.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="4be44f26018a49be9aea388c2801744893a70fe3" mindelta="1" -ugyldig hukommelsestilgang - -

Neel Mehta opdagede at en ukorrekt formateret ClientHello-handshakemeddelelse -kunne få OpenSSL til at fortolke forbi slutningen af meddelelsen. Dermed var det -muligt for en angriber at få en applikation, som anvender OpenSSL, til at gå ned -ved at udløse tilgang til ugyldig hukommelse. Desuden kunne nogle applikationer -være sårbare over for blotlæggelse af indholdet af en fortolket -OCSP-nonce-extension.

- -

Pakkerne i den gamle stabile distribution (lenny) er ikke påvirket af dette -problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.9.8o-4squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -0.9.8o-5.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.9.8o-5.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2162.data" diff --git a/danish/security/2011/dsa-2163.wml b/danish/security/2011/dsa-2163.wml deleted file mode 100644 index ec39b274894..00000000000 --- a/danish/security/2011/dsa-2163.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i webudviklingsframeworket Django:

- -
    - -
  • CVE-2011-0696 - -

    Af flere årsager blev den interne CSRF-beskyttelse tidligere ikke anvendt - til at validere AJAX-forespørgsler. Men man opdagede at denne undtagelse - kunne udnyttes med en kombination af browserplugins og omdirigeringer, og - dermed ikke var tilstrækkelig.

    • - -
  • CVE-2011-0697 - -

    Man opdagede at filuploadformularen var sårbar over for angreb i - forbindelse med udførelse af skripter på tværs af websteder via - filnavnet.

    • - -
- -

Det er vigtigt at bemærke, at denne opdatering medfører bagudinkompabilitet i -mindre grad, på grund af rettelserne af ovennævnte problemer. For årsagerne -her til, se: og i -særdeleshed afsnittet Backwards incompatible changes.

- -

Pakkerne i den gamle stabile distribution (lenny) er ikke påvirket af disse -problemer.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.2.3-3+squeeze1.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.2.5-1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2163.data" diff --git a/danish/security/2011/dsa-2164.wml b/danish/security/2011/dsa-2164.wml deleted file mode 100644 index a29a5ecd5ac..00000000000 --- a/danish/security/2011/dsa-2164.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="d1da82b68b76ac0257283104f9f5c8ed48568c17" mindelta="1" -utilstrækkelig fornuftighedskontrol af inddata - - -

Kees Cook opdagede at værktøjerne chfn og chsh ikke på korrekt vis -fornuftighedskontrollerede inddata fra brugeren som indeholdt linjeskift. En -angriber kunne herved ødelægge forekomster i passwd samt måske oprette brugere -eller grupper i NIS-miljøer.

- -

Pakkerne i den gamle stabile distribution (lenny) er ikke påvirkede af dette -problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:4.1.4.2+svn3283-2+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distributions (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine shadow-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2164.data" diff --git a/danish/security/2011/dsa-2165.wml b/danish/security/2011/dsa-2165.wml deleted file mode 100644 index b91e2d33aa4..00000000000 --- a/danish/security/2011/dsa-2165.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -bufferoverløb - -

Flere sårbarheder er opdaget i FFmpeg-coders, der anvendes af MPlayer og -andre applikationer.

- -
    - -
  • CVE-2010-3429 - -

    Cesar Bernardini og Felipe Andres Manzano rapporterede om en sårbarhed i - forbindelse med vilkårligt offset-dereference i libavcodec, i særdeleshed i - fortolkeren af filformatet FLIC. En specifik FLIC-fil kunne udnytte - sårbarheden til at udføre vilkårlig kode. MPlayer var også påvirket af - problemet, foruden anden software, som anvender biblioteket.

    • - -
  • CVE-2010-4704 - -

    Greg Maxwell opdagede et heltalsoverløb i Vorbis-dekoderen i FFmpeg. En - specifik Ogg-fil kunne udnytte sårbarheder til at udføre vilkårlig - kode.

    • - -
  • CVE-2010-4705 - -

    Et potentielt heltalsoverløb blev opdaget i Vorbis-dekoderen i - FFmpeg.

    • - -
- -

Opdateringen retter også en ukomplet patch fra DSA-2000-1. Michael Gilbert -bemærkede at der være tilbageværende sårbarheder, der måske kunne forårsage et -lammelsesangreb (denial of service) og potentielt udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.svn20080206-18+lenny3.

- -

Vi anbefaler at du opgraderer dine ffmpeg-debian-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2165.data" diff --git a/danish/security/2011/dsa-2166.wml b/danish/security/2011/dsa-2166.wml deleted file mode 100644 index b6dfb6e16ae..00000000000 --- a/danish/security/2011/dsa-2166.wml +++ /dev/null @@ -1,72 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i browseren Chromium. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2011-0777 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse i Google Chrome - før 9.0.597.84, gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (denial of service) eller muligvis anden ikke-uddybet - konsekvens via angrebsvinkler i forbindelse med indlæsning af - billeder.

    • - -
  • CVE-2011-0778 - -

    Google Chrome før 9.0.597.84 begrænsede ikke på korrekt vis træk og - slip-handlinger, hvilket måske kunne gøre det muligt for fjernangribere at - omgå Same Origin Policy via ikke-uddybede angrebsvinkler.

    • - -
  • CVE-2011-0783 - -

    En ikke-uddybet sårbarhed i Google Chrome før 9.0.597.84 gjorde det muligt - for brugerhjulpe fjernangribere at forårsage et lammelsesangreb - (applikationsnedbrud) via angrebsinvinkler som involverede en - dårlig lydstyrkeindstilling (bad volume setting.

    • - -
  • CVE-2011-0983 - -

    Google Chrome før 9.0.597.94 håndterede ikke på korrekt vis anonyme blokke, - hvilket gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - eller muligvis anden ikke-angivet konsekvens via ukendte angrebsvinkler, der - førte til en stale pointer.

    • - -
  • CVE-2011-0981 - -

    Google Chrome før 9.0.597.94 udførte ikke på korrekt vis eventhåndtering af - animationer, hvilket gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb eller muligvis andre ikke-angivne konsekvenser via ukendte - angrebsvinkler, der førte til en stale pointer.

    • - -
  • CVE-2011-0984 - -

    Google Chrome før 9.0.597.94 håndterede ikke på korrekt vis plugins, - hvilket gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - (læsning uden for grænserne) via ikke-uddybede angrebsvinkler.

    • - -
  • CVE-2011-0985 - -

    Google Chrome før 9.0.597.94 udførte ikke på korrekt vis procesterminering - ved opbrugt hukommelse, hvilket havde ikke-angivet konsekvens og - angrebsvinkler for fjernangribere.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -6.0.472.63~r59945-5+squeeze2.

- -

I distributionen testing (wheezy), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -9.0.597.98~r74359-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2166.data" diff --git a/danish/security/2011/dsa-2167.wml b/danish/security/2011/dsa-2167.wml deleted file mode 100644 index 335d1eb3a3f..00000000000 --- a/danish/security/2011/dsa-2167.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="d1da82b68b76ac0257283104f9f5c8ed48568c17" mindelta="1" -SQL-indsprøjtning - - -

Man opdagede at phpMyAdmin, et værktøj til administrering af MySQL via web, -når bogmærkefunktionen er aktiveret, gjorde det muligt at oprette en bogmærket -forespørgsel, der kunne udføres utilsigtet af andre brugere.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -4:2.11.8.1-5+lenny8.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -4:3.3.7-5.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 4:3.3.9.2-1.

- -

Vi anbefaler at du opgraderer dine phpmyadmin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2167.data" diff --git a/danish/security/2011/dsa-2168.wml b/danish/security/2011/dsa-2168.wml deleted file mode 100644 index c84b5aa66ee..00000000000 --- a/danish/security/2011/dsa-2168.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

To sårbarheder blev opdaget i det distribuerede filsystem AFS:

- -
    - -
  • CVE-2011-0430 - -

    Andrew Deason opdagede at en dobbelt frigivelse i Rx-serverprocessen kunne - føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-0431 - -

    Man opdagede at utilstrækkelig fejlhåndtering i kernemodulet kunne føre - til lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -1.4.7.dfsg1-6+lenny4. På grund af tekniske problemer med builld-infrastrukturen -er opdateringen endnu ikke tilgængelig, men snart blive overført til arkivet.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.4.12.1+dfsg-4.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.4.14+dfsg-1.

- -

Vi anbefaler at du opgraderer dine openafs-pakker. Bemærk, for at -sikkerhedsopdateringen kan træde i kraft skal du genopbygge kernemodulet -OpenAFS.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2168.data" diff --git a/danish/security/2011/dsa-2169.wml b/danish/security/2011/dsa-2169.wml deleted file mode 100644 index cdec1fe3d37..00000000000 --- a/danish/security/2011/dsa-2169.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="ea02abf8ec1a5cbab00927a447de5e1e0d516ab7" mindelta="1" -utilstrækkelig validering af inddata - - -

Man opdagede at telepathy-gabble, connectionmanageren i Jabber/XMPP til -Telepathy-frameworket, behandlede google:jingleinfo-opdateringer uden at -validere deres ophav. Det kunne måske gøre det muligt for an angriber, at -narre telepathy-gabble til at videregive streamed media-data gennem en -server af dennes valg, og dermed opfange audio- og videoopkald.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -0.7.6-1+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.9.15-1+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distributions (sid), vil -problemet snart blive rettet.

- -

Vi anbefaler at du opgraderer dine telepathy-gabble-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2169.data" diff --git a/danish/security/2011/dsa-2170.wml b/danish/security/2011/dsa-2170.wml deleted file mode 100644 index 4051b9c1dc1..00000000000 --- a/danish/security/2011/dsa-2170.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

To sårbarheder i forbindelse med udførelse af skripter på tværs af servere, -blev opdaget i Mailman, et webbaseret program til håndtering af postlister. -Sårbarhederne gjorde det muligt for en angriber, at få fat i sessionscookies ved -at indsætte fabrikeret JavaScript i bekræftelsesmeddelelser -(CVE-2011-0707) -og i listeadministeringsinterfacet -(CVE-2010-3089; -kun den gamle stabile distribution).

- -

I den gamle stabile distribution (lenny), er disse problemer rettet i version -1:2.1.11-11+lenny2.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:2.1.13-5.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er dette -problem rettet i version 1:2.1.14-1.

- -

Vi anbefaler at du opgraderer dine mailman-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2170.data" diff --git a/danish/security/2011/dsa-2171.wml b/danish/security/2011/dsa-2171.wml deleted file mode 100644 index 54992a0e55d..00000000000 --- a/danish/security/2011/dsa-2171.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="0673d80442ee1e01852c577932547e94bf19b67e" mindelta="1" -bufferoverløb - -

Matthew Nicholson opdagede et bufferoverløb i SIP-kanaldriveren i Asterisk, -en open source-PBX- og telefonitoolkit, hvilket kunne føre til udførelse af -vilkårlig kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -1.4.21.2~dfsg-3+lenny2.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.6.2.9-2+squeeze1.

- -

Den ustabile distribution (sid) vil snart blive rettet.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2171.data" diff --git a/danish/security/2011/dsa-2172.wml b/danish/security/2011/dsa-2172.wml deleted file mode 100644 index 96080f16a82..00000000000 --- a/danish/security/2011/dsa-2172.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="96668fd38a95565165e52179da6b5cb359d99fc5" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i phpCAS, et CAS-klientbibliotek til PHP. -Kursusadministrationssystemet Moodle indeholder en kopi af phpCAS.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -1.8.13-3.

- -

Den stabile distribution (squeeze) indeholder allerede en rettet version af -phpCAS.

- -

Den ustabile distribution (sid) indeholder allerede en rettet version af -phpCAS.

- -

Vi anbefaler at du opgraderer dine moodle-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2172.data" diff --git a/danish/security/2011/dsa-2173.wml b/danish/security/2011/dsa-2173.wml deleted file mode 100644 index 75e8804f457..00000000000 --- a/danish/security/2011/dsa-2173.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="6dd960c78b0f21ccf4a87ffb5a8a40b2e6713b7f" mindelta="1" -bufferoverløb - -

Man opdagede at pam-pgsql, et PAM-modul til autentificering ved hjælp af en -PostgreSQL-database, var sårbar over for et bufferoverløb i leverede -IP-adresser.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.6.3-2+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.7.1-4+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile (sid) distributions, er -dette problem rettet i version 0.7.1-5.

- -

Vi anbefaler at du opgraderer dine pam-pgsql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2173.data" diff --git a/danish/security/2011/dsa-2174.wml b/danish/security/2011/dsa-2174.wml deleted file mode 100644 index 3eead801649..00000000000 --- a/danish/security/2011/dsa-2174.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="439f9da0d41a07aeffcec6ff26cec721845a12de" mindelta="1" -lammelsesangreb - -

Man opdagede at Avahi, en implementering af zeroconf-protokollen, på afstand -kunne bringes til at gå ned ved hjælp af en enkelt UDP-pakke, hvilket måske -kunne medføre et lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.6.23-3lenny3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.6.27-2+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 0.6.28-4.

- -

Vi anbefaler at du opgraderer dine avahi-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2174.data" diff --git a/danish/security/2011/dsa-2175.wml b/danish/security/2011/dsa-2175.wml deleted file mode 100644 index 7392f77b96f..00000000000 --- a/danish/security/2011/dsa-2175.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="474d590d371fc24d4435a23aceb300bb0006d5bd" mindelta="1" -manglende kontrol af inddata - -

Volker Lendecke opdagede at manglende intervalkontroller i Sambas -fildescriptorhåndtering kunne føre til hukommelseskorruption, medførende -lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 3.2.5-4lenny14.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.5.6~dfsg-3squeeze2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2175.data" diff --git a/danish/security/2011/dsa-2176.wml b/danish/security/2011/dsa-2176.wml deleted file mode 100644 index c517fee5d08..00000000000 --- a/danish/security/2011/dsa-2176.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Common UNIX Printing System:

- -
    - -
  • CVE-2008-5183 - -

    En nullpointerdereference i notificering via RSS om jobfuldførelse kunne - føre til lammelsesangreb (denial of service).

    • - -
  • CVE-2009-3553 - -

    Man opdagede at ukorrekt fildescriptorhåndtering kunne føre til - lammelsesangreb.

    • - -
  • CVE-2010-0540 - -

    En sårbarhed i forbindelse med forespørgselsforfalskninger på tværs af - websteder blev opdaget i webgrænsefladen.

    • - -
  • CVE-2010-0542 - -

    Ukorrekt hukommelseshåndtering i filter-undersystemet kunne føre til - lammelsesangreb.

    • - -
  • CVE-2010-1748 - -

    Informationsafsløring i webgrænsefladen.

    • - -
  • CVE-2010-2431 - -

    Emmanuel Bouillon opdagede en symlink-sårbarhed i håndteringen af - cachefiler.

    • - -
  • CVE-2010-2432 - -

    Lammelsesangreb i autentificeringskoden.

    • - -
  • CVE-2010-2941 - -

    Ukorrekt hukommelseshåndtering i IPP-koden kunne føre til lammelsesangreb - eller udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.3.8-1+lenny9.

- -

I den stabile distribution (squeeze) og i den ustabile distribution (sid) -blev problemet rettet allerede før den første udgave af Squeeze.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2176.data" diff --git a/danish/security/2011/dsa-2177.wml b/danish/security/2011/dsa-2177.wml deleted file mode 100644 index c639d1366a0..00000000000 --- a/danish/security/2011/dsa-2177.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="add513c0d614ebf2beb7d42714296a3e66db73a3" mindelta="1" -SQL-indsprøjtning - -

Man opdagede at PyWebDAV, en WebDAV-serverimplementering, indeholdt -flere SQL-indsprøjtningssårbarheder i forbindelse med behandlingen af -brugerrettigeheder.

- -

Den gamle stabile distribution (lenny) indeholder ikke en -python-webdav-pakke.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.9.4-1+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er dette problem rettet i version 0.9.4-3.

- -

Vi anbefaler at du opgraderer dine python-webdav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2177.data" diff --git a/danish/security/2011/dsa-2178.wml b/danish/security/2011/dsa-2178.wml deleted file mode 100644 index 436dd138948..00000000000 --- a/danish/security/2011/dsa-2178.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="add513c0d614ebf2beb7d42714296a3e66db73a3" mindelta="1" -NULL-pointerdereference - -

Man opdagede at Pango ikke kontrollerede kiggede efter -hukommelsesallokeringsfejl, hvilket forårsagede en NULL-pointerdereference med -et justerbart offset. Det kunne føre til applikationsnedbrud og potentielt -udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (lenny) er ikke påvirket af dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.28.3-1+squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine pango1.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2178.data" diff --git a/danish/security/2011/dsa-2179.wml b/danish/security/2011/dsa-2179.wml deleted file mode 100644 index e9535e08c2d..00000000000 --- a/danish/security/2011/dsa-2179.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -SQL-indsprøjtning - -

Ansgar Burchardt opdagede flere sårbarheder i DTC, et webkontrolpanel til -administrative og regnskabsmæssige hostingservices.

- -
    - -
  • CVE-2011-0434 -

    Grafen bw_per_moth.php indeholdt en SQL-indsprøjtningssårbarhed.

    • - -
  • CVE-2011-0435 -

    Utilstrækkelige kontroller i bw_per_month.php kunne føre til - informationsafsløring af båndbreddeforbrug..

    • - -
  • CVE-2011-0436 -

    Efter en registrering blev adgangskoder sendt i klar tekst via - e-mail.

    • - -
  • CVE-2011-0437 -

    Autentificerede brugere kunne slette konti ved at anvende en forældet - grænseflade, der fejlagtigt var medtaget i pakken.

    • - -
- -

Denne opdatering introducerer en ny opsætningsmulighed, som kontrollerer -tilstedeværelsen af adgangskoder i klar tekst i e-mail. Som standard anvendes -ikke adgangskoder i klar tekst.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.29.17-1+lenny1.

- -

Den stabile distribution (squeeze) og distributionen testing (wheezy) -indeholder ikke dtc-pakker.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.32.10-1.

- -

Vi anbefaler at du opgraderer dine dtc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2179.data" diff --git a/danish/security/2011/dsa-2180.wml b/danish/security/2011/dsa-2180.wml deleted file mode 100644 index 76f4b14ea84..00000000000 --- a/danish/security/2011/dsa-2180.wml +++ /dev/null @@ -1,67 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er fundet i internetsuiten Iceape, en mærkevarefri version -af Seamonkey:

- -
    - -
  • CVE-2010-1585 - -

    Roberto Suggi Liverani opdagede at fornuftighedskontrollen udført af - ParanoidFragmentSink ikke var komplet.

    • - -
  • CVE-2011-0051 - -

    Zach Hoffmann opdagede at ukorrekt fortolkning af rekursive eval()-kald - kunne medføre at angribere kunne gennemtvinge accept af en - bekræftelsesdialog.

    • - -
  • CVE-2011-0053 - -

    Nedbrud i layoutmaskinen kunne måske føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-0054 - -

    Christian Holler opdagede bufferoverløb i JavaScript-maskinen, hvilke kunne - gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2011-0055 - -

    regenrecht og Igor Bukanov opdagede anvendelse efter frigivelse-fejl - i JSON-Implementation, som kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-0056 - -

    Christian Holler opdagede bufferoverløb i JavaScript-maskinen, hvilke kunne - gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2011-0057 - -

    Daniel Kozlowski opdagede at ukorrekt hukommelseshåndtering i - implementeringen af webworkers kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-0059 - -

    Peleus Uhley opdagede en risiko for forespørgelsesforfalskning på tværs af - websteder i pluginkoden.

    • - -
- -

Den gamle stabile distribution (lenny) er ikke påvirket. Pakken iceape -leverer kun XPCOM-koden.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.0.11-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.0.12-1.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2180.data" diff --git a/danish/security/2011/dsa-2181.wml b/danish/security/2011/dsa-2181.wml deleted file mode 100644 index 0b8156118f4..00000000000 --- a/danish/security/2011/dsa-2181.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="613ec724ca1f1de2004a425984783cf3c47f4fa0" mindelta="1" -lammelsesangreb - -

Philip Martin opdagede at HTTP-baserede Subversion-servere går ned, når de -behandler lock-forespørgsler i arkiver, som understøtter ikke-autentificeret -læseadgang.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -1.5.1dfsg1-6.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.6.12dfsg-5.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -dette problem blive rettet i version 1.6.16dfsg-1.

- -

Vi anbefaler at du opgraderer dine subversion-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2181.data" diff --git a/danish/security/2011/dsa-2182.wml b/danish/security/2011/dsa-2182.wml deleted file mode 100644 index 11d9c62d97d..00000000000 --- a/danish/security/2011/dsa-2182.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="bc6568022184c7fb8f9de68d9143fa26498adba2" mindelta="1" -shell-kommando-indsprøjtning - -

Dominik George opdagede at Logwatch ikke sikrede mod shell-metategn i -fabrikerede logfilnavne (så som dem, der laves af Samba). Som en følge heraf -kunne en angriber måske udføre shell-kommandoer på systemet, som kører -Logwatch.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 7.3.6.cvs20080702-2lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 7.3.6.cvs20090906-1squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er dette problem rettet i version 7.3.6.cvs20090906-2.

- -

Vi anbefaler at du opgraderer dine logwatch-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2182.data" diff --git a/danish/security/2011/dsa-2183.wml b/danish/security/2011/dsa-2183.wml deleted file mode 100644 index 2fc7a9ad623..00000000000 --- a/danish/security/2011/dsa-2183.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -bufferoverløb - -

Man opdagede at en regression i forbindelse med et bufferoverløb -(CVE-2005-3534) -i NBD, Network Block Device-serveren, kunne gøre det muligt at udføre vilkårlig -kode på NBD-serveren via en stor forespørgsel.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1:2.9.11-3lenny1.

- -

Den stabile distribution (squeeze), distributionen testing (wheezy) og den -ustabile distribution (sid) er ikke påvirkede. Problemet blev rettet før -udgivelsen af squeeze, i version 1:2.9.16-8.

- -

Vi anbefaler at du opgraderer dine nbd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2183.data" diff --git a/danish/security/2011/dsa-2184.wml b/danish/security/2011/dsa-2184.wml deleted file mode 100644 index 035cc249bf4..00000000000 --- a/danish/security/2011/dsa-2184.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="47b2e577646de6856145f97901f2b7b629c34752" mindelta="1" -lammelsesangreb - -

Man opdagede at ISC DHCPv6-serveren ikke på korrekt vis behandlede -forespørgsler kommende fra uventede kildeadresser, førende til en assertionfejl -og et dæmonnedbrud.

- -

Den gamle stabile distribution (lenny) er ikke påvirket af dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.1.1-P1-15+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 4.1.1-P1-16.

- -

Vi anbefaler at du opgraderer dine isc-dhcp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2184.data" diff --git a/danish/security/2011/dsa-2185.wml b/danish/security/2011/dsa-2185.wml deleted file mode 100644 index 846a783495e..00000000000 --- a/danish/security/2011/dsa-2185.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="8d271b7e050fcfefee7fadec5d2e0a7276ead14c" mindelta="1" -heltalsoverløb - -

Man opdagede at et heltalsoverløb i SFTP-filoverførselsmodulet i -ProFTPD-dæmonen kunne føre til lammelsesangreb (denial of service).

- -

Den gamle stabile distribution (lenny) er ikke påvirket.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.3.3a-6squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.3.3d-4.

- -

Vi anbefaler at du opgraderer dine proftpd-dfsg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2185.data" diff --git a/danish/security/2011/dsa-2186.wml b/danish/security/2011/dsa-2186.wml deleted file mode 100644 index f5ea0076321..00000000000 --- a/danish/security/2011/dsa-2186.wml +++ /dev/null @@ -1,64 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget Iceweasel, en webbrowser baseret på Firefox. -Det medfølgende bibliotek XULRunner leverer renderingfunktioner til flere andre -applikationer, som er indeholdt i Debian.

- -
    - -
  • CVE-2010-1585 - -

    Roberto Suggi Liverani opdagede at fornuftighedskontrollen som udføres af - ParanoidFragmentSink var ufuldstændig.

    • - -
  • CVE-2011-0051 - -

    Zach Hoffmann opdagede at ukorrekt fortolkning af rekursive eval()-kald - kunne medføre at angribere kunne gennemtvinge accept af en - bekræftelsesdialog.

    • - -
  • CVE-2011-0053 - -

    Nedbrud i layoutmaskinen kunne måske føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-0054, - CVE-2010-0056 - -

    Christian Holler opdagede bufferoverløb i JavaScript-maskinen, hvilke kunne - gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2011-0055 - -

    regenrecht og Igor Bukanov opdagede anvendelse efter frigivelse-fejl - i JSON-Implementation, som kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-0057 - -

    Daniel Kozlowski opdagede at ukorrekt hukommelseshåndtering i - implementeringen af webworkers kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-0059 - -

    Peleus Uhley opdagede en risiko for forespørgelsesforfalskning på tværs af - websteder i pluginkoden.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -1.9.0.19-8 of the xulrunner source package.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.5.16-5.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.5.17-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2186.data" diff --git a/danish/security/2011/dsa-2187.wml b/danish/security/2011/dsa-2187.wml deleted file mode 100644 index 8620e937dc2..00000000000 --- a/danish/security/2011/dsa-2187.wml +++ /dev/null @@ -1,66 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Icedove, en mærkevarefri udgave af -mail-/news-klienten Thunderbird.

- -
    - -
  • CVE-2010-1585 - -

    Roberto Suggi Liverani opdagede at fornuftighedskontrollen udført af - ParanoidFragmentSink ikke var komplet.

    • - -
  • CVE-2011-0051 - -

    Zach Hoffmann opdagede at ukorrekt fortolkning af rekursive eval()-kald - kunne medføre at angribere kunne gennemtvinge accept af en - bekræftelsesdialog.

    • - -
  • CVE-2011-0053 - -

    Nedbrud i layoutmaskinen kunne måske føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-0054, - CVE-2010-0056 - -

    Christian Holler opdagede bufferoverløb i JavaScript-maskinen, hvilke kunne - gøre det muligt at udføre vilkårlig kode.

    • - -
  • CVE-2011-0055 - -

    regenrecht og Igor Bukanov opdagede anvendelse efter frigivelse-fejl - i JSON-Implementation, som kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-0057 - -

    Daniel Kozlowski opdagede at ukorrekt hukommelseshåndtering i - implementeringen af webworkers kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-0059 - -

    Peleus Uhley opdagede en risiko for forespørgelsesforfalskning på tværs af - websteder i pluginkoden.

    • - -
- -

Som angivet i udgivelsesbemærkningerne til Lenny (oldstable), var det -nødvendigt at lade sikkerhedsunderstøttelsen af Icedove-pakkerne i den gamle -stabile distribution stoppe før ophøret af Lennys regulære livscyklus med -sikkerhedsopdateringer. Du opfordres kraftigt til at opgradere til den -stabile distribution eller skifte til en anden mailklient.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.0.11-1+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.0.11-2.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2187.data" diff --git a/danish/security/2011/dsa-2188.wml b/danish/security/2011/dsa-2188.wml deleted file mode 100644 index 983644a740d..00000000000 --- a/danish/security/2011/dsa-2188.wml +++ /dev/null @@ -1,98 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i WebKit, et webindholdsmaskinebibliotek til -GTK+. Projektet Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2010-1783 - -

    WebKit håndterede ikke på korrekt vis dynamiske ændringer af en tekstnode, - hvilket gjorde det muligt for fjernangribere at udføre vilkårlig kode eller - forårsage et lammelsesangreb (hukommelseskorruption og applikationsnedbrud) - via et fabrikeret HTML-dokument.

    • - -
  • CVE-2010-2901 - -

    Renderingimplementeringen i WebKit gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb (hukommelseskorruption) eller muligvis anden - uspecificeret virkning via ukendte angrebsvinkler.

    • - -
  • CVE-2010-4199 - -

    WebKit udførte ikke på korrekt vis en cast af en uspecificeret variabel - under behandling af et SVG-<use>-element, hvilket gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (denial of service) eller - muligvis uspecificeret anden virkning via et fabrikeret SVG-dokument.

    • - -
  • CVE-2010-4040 - -

    WebKit håndterede ikke på korrekt vis animerede GIF-filer, hvilket gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb - (hukommelseskorruption) eller muligvis have anden uspecificeret virkning via - et fabrikeret billede.

    • - -
  • CVE-2010-4492 - -

    En sårbarhed i WebKit i forbindelse med anvendelse efter frigivelse, gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb eller muligvis - anden uspecificeret virkning via angrebsvinkler som involverer - SVG-animationer.

    • - -
  • CVE-2010-4493 - -

    En sårbarhed i WebKit i forbindelse med anvendelse efter frigivelse, gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb via - angrebsvikler i forbindelse med håndteringen events i forbindelse med træk - ved hjælp af musen.

    • - -
  • CVE-2010-4577 - -

    Funktionen CSSParser::parseFontFaceSrc i WebCore/css/CSSParser.cpp i WebKit - fortolkede ikke på korrekt vis Cascading Style Sheets-toksensekvenser (CSS), - hvilket gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - (læsning uden for grænserne) via en fabrikeret lokal skrifttype, relateret - til Type Confusion.

    • - -
  • CVE-2010-4578 - -

    WebKit udførte ikke korrekt markørhåndtering, hvilket gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb eller muligvis andre - uspecificerede virkninger via ukendte angrebsvinkler, førende til stale - pointers.

    • - -
  • CVE-2011-0482 - -

    WebKit udførte ikke på korrekt vis en cast af en uspecificeret variabel - under håndtering af anchors, hvilket gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb eller muligvis andre uspecificerede virkninger - via et fabrikeret HTML-dokument.

    • - -
  • CVE-2011-0778 - -

    WebKit begrænsede ikke på korrekt vis træk og slip-handlinger, hvilket - måske gjorde det muligt for fjernangribere at omgå Same Origin Policy via - uspecificerede angrebsvinkler.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -1.2.7-0+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 1.2.7-1.

- -

Sikkerhedsunderstøttelse af WebKit er ophørt i den gamle stabile distribution -(lenny). Den aktuelle version i oldstable er ikke længere understøttet af -opstrømsudviklerne og er sårbar over for flere sikkerhedsproblemer. -Tilbageførelse af rettelser til disse og fremtidige problemer, er ikke længere -umagen værd og derfor har vi været nødt til at stoppe sikkerhedsunderstøttelsen -af versionen i oldstable.

- -

Vi anbefaler at du opgraderer dine webkit-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2188.data" diff --git a/danish/security/2011/dsa-2189.wml b/danish/security/2011/dsa-2189.wml deleted file mode 100644 index fa15aa481bf..00000000000 --- a/danish/security/2011/dsa-2189.wml +++ /dev/null @@ -1,90 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i browseren Chromium. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2011-1108 - -

    Google Chrome før 9.0.597.107 implementerede ikke på korrekt vis - JavaScript-dialoger, hvilket gjorde det muligt for fjernangribere at forårsage - et lammelsesangreb (applikationsnedbrud) eller muligvis have anden - uspecificeret virkning via et fabrikeret HTML-dokument.

    • - -
  • CVE-2011-1109 - -

    Google Chrome før 9.0.597.107 fortolkede ikke på korrekt vis noder i - Cascading Style Sheets (CSS), hvilket gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb (denial of service) eller muligvis anden - uspecificeret virkning via ukendte angrebsvinkler førende til en stale - pointer.

    • - -
  • CVE-2011-1113 - -

    Google Chrome før 9.0.597.107 på 64-bits Linux-platforme håndterede ikke på - korrekt vis pickle deserialization, hvilket gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (læsning uden for grænserne) - via uspecificerede angrebsvinkler.

    • - -
  • CVE-2011-1114 - -

    Google Chrome før 9.0.597.107 håndterede ikke på korrekt vis tabeller, - hvilket gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - eller muligvis anden uspecificeret virkning via ukendte angrebsvinkler - førende til en stale node.

    • - -
  • CVE-2011-1115 - -

    Google Chrome før 9.0.597.107 havde ikke korrekt rendering af tabeller, - hvilket gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - eller muligvis anden uspecificeret virkning via ukendte vektorer førende til - en stale pointer.

    • - -
  • CVE-2011-1121 - -

    Et heltalsoverløb i Google Chrome før 9.0.597.107 gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb eller muligvis anden - uspecificeret virkning via angrebsvinkler i forbindelse med et - TEXTAREA-element.

    • - -
  • CVE-2011-1122 - -

    WebGL-implementeringen i Google Chrome før 9.0.597.107 gjorde det muligt - for fjernangribere at forårsage et lammelsesangreb (læsning uden for - grænserne) via uspecificerede angrebsvinkler, også kendt som Issue - 71960.

    • - -
  • -

    Desuden retter denne opdatering følgende problemer (som endnu ikke har en - CVE-identifikation):

    - -
      -
    • Læsning uden for grænserne ved tekstsøgning. [69640]
      • -
    • Hukommelseskorruption i SVG-skrifttyper. [72134]
      • -
    • Hukommelseskorruption med tællernoder. [69628]
      • -
    • Stale node i bokslayout. [70027]
      • -
    • Lækage i workers i forbindelse tværophavs-fejlmeddelelser. [70336]
      • -
    • Stale pointer i tabelopmaling. [72028]
      • -
    • Stale pointer med SVG-markører. [73746]
      • -
    -
    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -6.0.472.63~r59945-5+squeeze3.

- -

I distributionen testing (wheezy), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet version -10.0.648.127~r76697-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2189.data" diff --git a/danish/security/2011/dsa-2190.wml b/danish/security/2011/dsa-2190.wml deleted file mode 100644 index 7a9d652fb98..00000000000 --- a/danish/security/2011/dsa-2190.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

To XSS-fejl og et potentielt informationsafsløringsproblem blev opdaget i -WordPress, en weblogmanager. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2011-0700 - -

    Inddata overført via indlægstitlen ved en Quick Edit- eller Bulk - Edit-handling og via parametrene post_status, comment_status, - og ping_status blev ikke på korrekt vis fornuftighedskontrolleret før - deres anvendelse. Visse former for inddata overført via tags-meta-box blev - ikke på korrekt vis fornuftighedskontrolleret før de blev sendt tilbage til - brugeren.

    • - -
  • CVE-2011-0701 - -

    WordPress håndhævede på ukorrekt vis brugeradgangsbegrænsninger, når - indlæg blev tilgået via medieuploaderen og kunne udnyttes til at afsløre - indeholdet af eksempelvis private eller kladdeindlæg.

    • - -
- -

Den gamle stabile distribution (lenny) er ikke påvirket af disse -problemer.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.0.5+dfsg-0+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 3.0.5+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2190.data" diff --git a/danish/security/2011/dsa-2191.wml b/danish/security/2011/dsa-2191.wml deleted file mode 100644 index 4a3fbef4f4e..00000000000 --- a/danish/security/2011/dsa-2191.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i ProFTPD, en alsiding ftp-dæmon til virtuel -hosting:

- -
    - -
  • CVE-2008-7265 - -

    Ukorrekt håndtering af ABOR-kommandoen kunne føre til lammelsesangreb - (denial of service) via forøget CPU-forbrug.

    • - -
  • CVE-2010-3867 - -

    Flere sårbarheder i forbindelse med mappegennemløb blev opdaget i modulet - mod_site_misc.

    • - -
  • CVE-2010-4562 - -

    En SQL-indsprøjtningssårbarhed blev opdaget i modulet mod_sql.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -1.3.1-17lenny6.

- -

Den stable distribution (squeeze) og den ustabile distribution (sid) er ikke -påvirkede, da sårbarhederne blev rettet før udgivelsen af Debian 6.0 -(squeeze).

- -

Vi anbefaler at du opgraderer dine proftpd-dfsg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2191.data" diff --git a/danish/security/2011/dsa-2192.wml b/danish/security/2011/dsa-2192.wml deleted file mode 100644 index b3e7797333c..00000000000 --- a/danish/security/2011/dsa-2192.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i browseren Chromium. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2011-0779 - -

    Google Chrome før 9.0.597.84 håndterede ikke på korrekt vis en manglende - nøgle i en udvidelse, hvilket gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb (applikationsnedbrud) via en fabrikeret - udvidelse.

    • - -
  • CVE-2011-1290 - -

    Heltalsoverløb i WebKit gjorde det muligt for fjernangribere at udføre - vilkårlig kode via ukendte angrebsvinkler, som demonstreret af Vincenzo Iozzo, - Willem Pinckaers og Ralf-Philipp Weinmann under en Pwn2Own-konkurrence ved - CanSecWest 2011.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -6.0.472.63~r59945-5+squeeze4.

- -

I distributionen testing (wheezy), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -10.0.648.133~r77742-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2192.data" diff --git a/danish/security/2011/dsa-2193.wml b/danish/security/2011/dsa-2193.wml deleted file mode 100644 index 51639388451..00000000000 --- a/danish/security/2011/dsa-2193.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere problemer er opdaget i libcgroup, et bibliotek til kontrollering og -overvågning af kontrolgrupper:

- -
    - -
  • CVE-2011-1006 - -

    Et heap-baseret bufferoverløb ved konvertering af en kontrolliste til en - given opgave, til et strengarray, kunne en lokal angriber benytte til - rettighedsforøgelse.

    • - -
  • CVE-2011-1022 - -

    libcgroup kontrollerede ikke på korrekt vis Netlink-meddelelesers ophav, - hvilket gjorde det muligt for en lokal angriber at sende fabrikerede - Netlink-meddelelser, der kunne føre til rettighedsforøgelse.

    • - -
- -

Den gamle stabile distribution (lenny) indeholder ikke libcgroup-pakker.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.36.2-3+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libcgroup-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2193.data" diff --git a/danish/security/2011/dsa-2194.wml b/danish/security/2011/dsa-2194.wml deleted file mode 100644 index bd4af2f17ce..00000000000 --- a/danish/security/2011/dsa-2194.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="35bf1caae4ad38a4bf3740ba2bd334240881bd3e" mindelta="1" -utilstrækkelige kontroller - -

Man opdagede at libvirt, et bibliotek til interfacing med forskellige -virtualiseringssystemet, ikke på korrekt vis kontrollerede -read only-forbindelser. Dermed var det muligt for en lokal angriber at udføre -et lammelsesangreb (nedbrud) eller muligvis forøge rettigheder.

- -

Den gamle stabile distribution (lenny) er ikke påvirket af dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.8.3-5+squeeze1.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.8.8-3.

- -

Vi anbefaler at du opgraderer dine libvirt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2194.data" diff --git a/danish/security/2011/dsa-2195.wml b/danish/security/2011/dsa-2195.wml deleted file mode 100644 index e6fe543a640..00000000000 --- a/danish/security/2011/dsa-2195.wml +++ /dev/null @@ -1,60 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Stephane Chazelas opdagede at cronjobbet hørende til PHP 5-pakken i Debian -var ramt af en kapløbstilstand, hvilket måske kunne anvendes til at fjerne -vilkårlige filer fra systemet (CVE-2011-0441).

- -

Ved opgradering af din php5-common-pakke, så vær især omhyggelig med at -acceptere ændringerne til filen /etc/cron.d/php5. At ignorere -dem, vil efterlade systemet sårbart.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 5.2.6.dfsg.1-1+lenny10.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 5.3.3-7+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.3.6-1.

- -

Desuden er følgende sårbarheder rettet i den gamle stabile distribution -(lenny):

- -
    - -
  • CVE-2010-3709 - -

    Maksymilian Arciemowicz opdagede at klassen ZipArchive måske - dereferencerede en NULL-pointer ved udpakning af kommentarer fra en ZIP-film - førende til applikationsnedbrud og muligvis lammelsesangreb (denial of - service).

    • - -
  • CVE-2010-3710 - -

    Stefan Neufeind opdagede at filteret FILTER_VALIDATE_EMAIL ikke på - korrekt vis håndterede lange strenge, som skulle valideres. Sådanne - fabrikerede strenge kunne føre til lammelsesangreb, på grund af højt - hukommelsesforbrug og applikationsnedbrud.

    • - -
  • CVE-2010-3870 - -

    Man opdagede at PHP ikke på korrekt vis håndterede visse - UTF-8-sekvenser som måske kunne anvendes til at omgå - XSS-beskyttelser.

    • - -
  • CVE-2010-4150 - -

    Mateusz Kocielski opdagede at IMAP-udvidelsen måske kunne forsøge at - frigive allerede frigivet hukommelse, ved behandling af brugercredentials, - førende til applikationsnedbrud og muligvis udførelse af vilkårlig - kode.

    • - -
- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2195.data" diff --git a/danish/security/2011/dsa-2196.wml b/danish/security/2011/dsa-2196.wml deleted file mode 100644 index eb1197ffe21..00000000000 --- a/danish/security/2011/dsa-2196.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="5198ca18878fd7be0a0c96aeb74914e084800864" mindelta="1" -bufferoverløb - -

Witold Baryluk opdagede at MaraDNS, en simpelt sikkerhedsfokuseret Domain -Name System-server, havde en intern buffer som måske kunne løbe over, når der -blev behandlet forespørgsler med et stort antal etiketter, forårsagende et -servernedbrud og efterfølgende lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -1.3.07.09-2.1.

- -

I den stabile distribution (squeeze) og større er problemet allerede rettet i -version 1.4.03-1.1.

- -

Vi anbefaler at du opgraderer dine maradns-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2196.data" diff --git a/danish/security/2011/dsa-2197.wml b/danish/security/2011/dsa-2197.wml deleted file mode 100644 index a3ec29800f1..00000000000 --- a/danish/security/2011/dsa-2197.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb - -

Man opdagede at routingdæmonen Quagga indeholdt to -lammelsesangrebssårbarheder (denial of service) i sin BGP-implementering:

- -
    - -
  • CVE-2010-1674 - -

    En fabrikeret Extended Communities-attribut udløste en - NULL-pointerdereference, hvilket medførte at BGP-dæmonen gik ned. De - fabrikerede attributter føres ikke videre af internetkernen, så kun - eksplicit opsatte direkte peers kan udnytte sårbarheden i typiske - opsætninger.

    • - -
  • CVE-2010-1675 - -

    BGP-dæmonen nulstillede BGP-sessioner, når den mødte misdannede - AS_PATHLIMIT-attributter, hvilket introducerede en distribueret - BGP-sessionsnulstillingssårbarhed, der afbrød videresendelse af pakker. - Sådanne misdannede attributter blev ført videre af internetkernen, og - udnyttelse af sårbarheden er ikke begrænset til direkte opsatte - BGP-peers.

    • - -
- -

Denne sikkerhedsopdatering fjerner behandling af AS_PATHLIMIT fra -BGP-implementeringen, og bevarer opsætningskommandoerne af hensyn til -bagudkompabilitet. (Standardisering af denne BGP-udvidelse blev for -længe siden droppet.)

- -

I den gamle stabile distribution (lenny), er disse problemer rettet -i version 0.99.10-1lenny5.

- -

I den stabile distribution (squeeze), er disse problemer rettet -i version 0.99.17-2+squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine quagga-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2197.data" diff --git a/danish/security/2011/dsa-2198.wml b/danish/security/2011/dsa-2198.wml deleted file mode 100644 index a17100335c2..00000000000 --- a/danish/security/2011/dsa-2198.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="b1f5ad375059df39dcddbd9099d367b488a696c2" mindelta="1" -utilstrækkelig fornuftighedskontrol af inddata - -

Mathias Svensson opdagede at tex-common, en pakke indeholdende en række -skripter og opsætningsfiler som TeX har brug for, indeholdt usiker indstillinger -for direktivet shell_escape_commands. Afhængigt af situationen, kunne -det medføre udførelse af vilkårlig kode, når et offer blev narret til at -behandle en ondsindet tex-fil eller hvis det blev gjort på en automatiseret -måde.

- -

Den gamle stabile distribution (lenny) er ikke påvirket af dette problem, da -shell_escape er deaktiveret.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.08.1.

- -

I distributionen testing (wheezy) og i den ustabile (sid) distributions, vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine tex-common-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2198.data" diff --git a/danish/security/2011/dsa-2199.wml b/danish/security/2011/dsa-2199.wml deleted file mode 100644 index cf385ae2856..00000000000 --- a/danish/security/2011/dsa-2199.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="4f883662977e90bb87a83f7be7af5d9eab460dc3" mindelta="1" -opdatering af ssl-certifikatsortliste - -

Denne opdatering af internetsuiden Iceape, en varemærkefri version af -Seamonkey, opdaterer certifikatsortlisten vedrørende flere falske -HTTPS-certifikater.

- -

Flere oplysninger findes i et -\ -blogindlæg af Jacob Appelbaum fra Tor-projektet.

- -

Den gamle stabile distribution (lenny) er ikke påvirket. Pakken iceape -stiller kun XPCOM-kode til rådighed.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.0.11-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.13-1.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2199.data" diff --git a/danish/security/2011/dsa-2200.wml b/danish/security/2011/dsa-2200.wml deleted file mode 100644 index 3c9fe7d5927..00000000000 --- a/danish/security/2011/dsa-2200.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="5c81e95dba170f5205153b01ef6df5d45247268d" mindelta="1" -opdatering af ssl-certifikatsortliste - -

Denne opdatering af Iceweasel, en webbrowser baseret på Firefox, opdaterer -certifikatsortlisten vedrørende flere falske HTTPS-certifikater.

- -

Flere oplysninger findes i et -\ -blogindlæg af Jacob Appelbaum fra Tor-projektet.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.9.0.19-9 af xulrunners kildekodepakke.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.5.16-6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.5.18-1.

- -

I den eksperimentelle distribution, er dette problem rettet i -version 4.0~rc2-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2200.data" diff --git a/danish/security/2011/dsa-2201.wml b/danish/security/2011/dsa-2201.wml deleted file mode 100644 index c33ba12bc22..00000000000 --- a/danish/security/2011/dsa-2201.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="7bc7f66c33ef324ca38543094ce95e99e17e704e" mindelta="1" -flere sårbarheder - -

Huzaifa Sidhpurwala, Joernchen og Xiaopeng Zhang opdagede flere sårbarheder i -Wireshark, at program til analysering af netværkstrafik. Sårbarheder i -dissektorerne til DCT3, LDAP og SMB samt i koden til fortolkning af -pcag-ng-filer kunne føre til lammelsesangreb (denial of service) eller udførelse -af vilkårlig kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.0.2-3+lenny13.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.2.11-6+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.4-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2201.data" diff --git a/danish/security/2011/dsa-2202.wml b/danish/security/2011/dsa-2202.wml deleted file mode 100644 index ca69c346f0b..00000000000 --- a/danish/security/2011/dsa-2202.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="f282ff3a428a76b63648c6136bac62b57921cd57" mindelta="1" -mislykket bortkastelse af rootrettigheder - -

MPM_ITK er et alternativt Multi-Processing Module til Apache HTTPD, som er -indeholdt i Debians apache2-pakke.

- -

En konfigurationsfortolkningsfejl er fundet i MPM_ITK. Hvis -konfigurationsdirektivet NiceValue var opsat, men intet AssignUserID-direktiv -var angivet, ville forespørgsler blive behandlet som brugeren og gruppen root -i stedet for Apaches standardbruger og -gruppe.

- -

Problemet påvirker ikke standard-Apache HTTPD MPM's prefork, worker og -event.

- -

Den gamle stabile distribution (lenny) er ikke påvirket af dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.2.16-6+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 2.2.17-2.

- -

Hvis du bruger apache2-mpm-itk, anbefaler vi at du opgraderer dine -apache2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2202.data" diff --git a/danish/security/2011/dsa-2203.wml b/danish/security/2011/dsa-2203.wml deleted file mode 100644 index 6c87060eb19..00000000000 --- a/danish/security/2011/dsa-2203.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="91cc87cd2ab1d8f51ad044ea6f2e4a914db52491" mindelta="1" -opdatering af ssl-certifikat-sortliste - -

Denne opdatering af Network Security Service-bibliotekerne markerer flere -forfalskede HTTPS-certifikater som unstrusted.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 3.12.3.1-0lenny4.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.12.8-1+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.12.9.with.ckbi.1.82-1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2203.data" diff --git a/danish/security/2011/dsa-2204.wml b/danish/security/2011/dsa-2204.wml deleted file mode 100644 index 740d8667608..00000000000 --- a/danish/security/2011/dsa-2204.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="070da9c1c9d820b6095c68e6afd362e581eea2be" mindelta="1" -utilstrækkelig fornuftighedskontrol af inddata - - -

Moritz Naumann opdagede at IMP 4, en webmailkomponent til Horde-frameworket, -var sårbar over for angreb i forbindelse med udførelse af skripter på tværs af -websteder, på grund af manglende fornuftighedskontrol af visse oplysninger fra -Fetchmail.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -4.2-4lenny3.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.3.7+debian0-2.1, som allerede er indeholdt i squeeze-udgaven.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 4.3.7+debian0-2.1.

- -

Vi anbefaler at du opgraderer dine imp4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2204.data" diff --git a/danish/security/2011/dsa-2205.wml b/danish/security/2011/dsa-2205.wml deleted file mode 100644 index 6cea54fda70..00000000000 --- a/danish/security/2011/dsa-2205.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="4b9dcc5472640036007acad478a4c7e5588dcbac" mindelta="1" -rettighedsforøgelse - -

Sebastian Krahmer opdagede at GDM 3, GNOME Display Manager, ikke på korrekt -vis smed rettigheder væk, når der blev behandlet filer med relation til den -indloggede bruger. Som en følge deraf, kunne lokale brugere opnå -root-rettigheder.

- -

Den gamle distribution (lenny) indeholder ikke pakken gdm3. Pakken gdm er -ikke påvirket af dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.30.5-6squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine gdm3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2205.data" diff --git a/danish/security/2011/dsa-2206.wml b/danish/security/2011/dsa-2206.wml deleted file mode 100644 index e4c3a7b370d..00000000000 --- a/danish/security/2011/dsa-2206.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="793ef2aaf7ac1e7953d45aed262afca75ae7986e" mindelta="1" -flere sårbarheder - -

To sikkerhedssårbarheder blev opdaget i Mahara, en elektronisk portfolio, -weblog, CV-program og socialt netværk-system:

- -
    - -
  • CVE-2011-0439 - -

    Ved en sikkerhedsgennemgang iværksat af en Mahara-bruger, opdagede man at - Mahara behandler inddata uden at de fornuftighedskontrollerede, hvilket - kunne føre til udførelse af skripter på tværs af websteder (XSS).

    • - -
  • CVE-2011-0440 - -

    Mahara Developers opdagede at Mahara ikke kontrollerer sessionsnøglen - under visse omstændigheder, hvilket kunne udnyttes i forbindelse med - udførelse af forespørgsler på tværs af websteder (CRSF) og kunne føre til - sletning af blogge.

    • - -
- -

I den gamle stabile distribution (lenny) er disse problemer rettet i -version 1.0.4-4+lenny8.

- -

I den stabile distribution (squeeze) er disse problemer rettet i -version 1.2.6-2+squeeze1.

- -

I den ustabile distribution (sid) er disse problemer rettet i -version 1.2.7.

- -

Vi anbefaler at du opgraderer din mahara-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2206.data" diff --git a/danish/security/2011/dsa-2207.wml b/danish/security/2011/dsa-2207.wml deleted file mode 100644 index e942a1fb1b9..00000000000 --- a/danish/security/2011/dsa-2207.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="2c05e306e7242e685decb2bb0d6fffcc3ab99786" mindelta="1" -flere sårbarheder - -

Forskellige sårbarheder blev opdaget i Tomcat Servlet- og JSP-maskinen, -medførelse lammelsesangreb (denial of service), udførelse af skripter på tværs -af websteder, informationsafsløring og WAR-filgennemløb. Yderligere oplysninger -om de individuelle sikkerhedsproblemer findes på -sårbarhedssiden om Apache -Tomcat 5.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 5.5.26-5lenny2.

- -

Den stabile distribution (squeeze) indeholder ikke længere tomcat5.5. tomcat6 -er allerede rettet.

- -

Den ustabile distribution (sid) indeholder ikke længere tomcat5.5. tomcat6 -er allerede rettet.

- -

Vi anbefaler at du opgraderer dine tomcat5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2207.data" diff --git a/danish/security/2011/dsa-2208.wml b/danish/security/2011/dsa-2208.wml deleted file mode 100644 index ffdb4ac8afc..00000000000 --- a/danish/security/2011/dsa-2208.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb - -

Man opdagede at BIND, en DNS-server, indeholdt en kapløbstilstand, når den -behandlede zoneupdateringer på en autoritativ server, enten gennem dynamiske -DNS-opdateringer eller inkrementiel zoneoverførsel (IXFR). Sådan en opdatering, -mens en forespørgsel blev behandlet, kunne medføre deadlock og lammelsesangreb. -(\ -CVE-2011-0414)

- -

Desuden løser denne opdatering en fejl i forbindelse med behandling af nye -DNSSEC DS-poster via en caching resolver, hvilket måske kunne føre til -navneopløsningsfejl i den delegerede zone. Hvis DNSSEC-validering var -aktiveret, kunne problemet medføre at domæner som slutter på .COM ville blive -utilgængelige, når en DS-post hørende til .COM blev føjet til DNS-rodzonen -den 31. marts 2011. En server hvor fejlen ikke er rettet, som er påvirket af -dette problem, kan genstartes, hvorved navneopløsningen af .COM-domæner -genaktiveres. Omgåelsen af problemet gælder også versionen i den gamle stabile -distribution.

- -

Opsætninger, som ikke anvender DNSSEC-valideringer, er ikke påvirkede af -problem nummer to.

- -

I den gamle stabile distribution (lenny), er problemet i forbindelse med -DS-poster rettet i version 1:9.6.ESV.R4+dfsg-0+lenny1. -(\ -CVE-2011-0414 påvirker ikke versionen i lenny.)

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:9.7.3.dfsg-1~squeeze1.

- -

I distribution testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 1:9.7.3.dfsg-1.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2208.data" diff --git a/danish/security/2011/dsa-2209.wml b/danish/security/2011/dsa-2209.wml deleted file mode 100644 index e2ff3147155..00000000000 --- a/danish/security/2011/dsa-2209.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="188f76f9de48e44614b8a9e55834dc0b499daf7d" mindelta="1" -dobbelt frigivelse - -

Emmanuel Bouillon opdagede en dobbelt frigivelse i tgt, Linux' -brugerrumsværktøjer til SCSI-targets, hvilket kunne føre til lammelsesangreb -(denial of service).

- -

Den gamle stabile distribution (lenny) indeholder ikke tgt.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:1.0.4-2squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:1.0.4-3.

- -

Vi anbefaler at du opgraderer dine tgt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2209.data" diff --git a/danish/security/2011/dsa-2210.wml b/danish/security/2011/dsa-2210.wml deleted file mode 100644 index 9a4a4c322fe..00000000000 --- a/danish/security/2011/dsa-2210.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i biblioteket til bearbejdning og konvertering -af TIFF-filer:

- -
    - -
  • CVE-2011-0191 - -

    Et bufferoverløb gjorde det muligt at udføre vilkårlig kode eller forårsage - et lammelsesangreb (denial of service) via et fabrikeret TIFF-billede med - JPEG-encoding. Problemet påvirker kun pakken i Debian 5.0 Lenny.

    • - -
  • CVE-2011-0192 - -

    Et bufferoverløb gjorde det muligt at udføre vilkårlig kode eller forårsage - et lammelsesangreb via en fabrikeret TIFF Internet Fax-billedfil, - komprimeret med CCITT Group 4-encoding.

    • - -
  • CVE-2011-1167 - -

    Et heapbaseret bufferoverløb i Thuder-dekoderne (alias ThunderScan) gjorde - det muligt at udføre vilkårlig kode via en TIFF-fil, som havde en uventet - BitsPerSample-værdi.

    • - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet i version -3.8.2-11.4.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.9.4-5+squeeze1.

- -

I distributionen testing er de første to problemer rettet i version 3.9.4-8, -mens det sidste problem snart vil blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -3.9.4-9.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2210.data" diff --git a/danish/security/2011/dsa-2211.wml b/danish/security/2011/dsa-2211.wml deleted file mode 100644 index ad055a0ef85..00000000000 --- a/danish/security/2011/dsa-2211.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -manglende kontrol af inddata - -

Ricardo Narvaja opdagede at manglende fornuftighedskontrol af inddata i VLC, -en multimedieafspiller og -streamer, kunne føre til udførelse af vilkårlig -kode, hvis en bruger blev narret til at åbne en misdannet fil.

- -

Med denne opdatering følger der også opdaterede pakker til den gamle stabile -distribution (lenny) vedrørende sårbarheder, som allerede er løst i Debians -stabile distribution (squeeze), enten under frysningen eller i -DSA-2159 -(CVE-2010-0522, -CVE-2010-1441, -CVE-2010-1442 og -CVE-2011-0531).

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.8.6.h-4+lenny3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.1.3-1squeeze4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.8-1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2211.data" diff --git a/danish/security/2011/dsa-2212.wml b/danish/security/2011/dsa-2212.wml deleted file mode 100644 index 5655f158330..00000000000 --- a/danish/security/2011/dsa-2212.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="19cc2f98dfc16f29bd8333210c1b02d57cd2ddc4" mindelta="1" -rettighedsforøgelse - -

Daniel Danner opdagede at tmux, en terminal-multiplexer, ikke på korrekt vis -smed grupperettigheder væk. På grund af en rettelse introduceret af Debian, når -programmet kaldes med kommandolinjeparameteret -S, smed tmux ikke -rettigheder væk, som det havde fået gennem sin setgid-installation.

- -

Den gamle stabile distribution (lenny) er ikke påvirket af dette problem, da -den ikke indeholder tmux.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.3-2+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 1.4-6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4-6.

- -

Vi anbefaler at du opgraderer dine tmux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2212.data" diff --git a/danish/security/2011/dsa-2213.wml b/danish/security/2011/dsa-2213.wml deleted file mode 100644 index 88dc547c746..00000000000 --- a/danish/security/2011/dsa-2213.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="f896a59af56ce99b3f3f1dd6cc6339d7d029f7aa" mindelta="1" -manglende fornuftighedskontrol af inddata - -

Sebastian Krahmer opdagede at værktøjet xrdb fra x11-xserver-utils, et -ressourcedatabaseværktøj til X-serveren, ikke på korrekt vis filtrerede -fabrikerede værtsnavne. Dermed var det muligt for en fjernangriber at udføre -vilkårlig kode med root-rettigheder, forudsat at enten eller fjernlogin via -xdmcp var tilladt eller angriberen kunne indsætte en fjentligsindet DHCP-server -i offerets netværk.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 7.3+6.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 7.5+3.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.6+2.

- -

Vi anbefaler at du opgraderer dine x11-xserver-utils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2213.data" diff --git a/danish/security/2011/dsa-2214.wml b/danish/security/2011/dsa-2214.wml deleted file mode 100644 index 73f70bc18b2..00000000000 --- a/danish/security/2011/dsa-2214.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="21c9196050eda35a4b2d5501e5e58c929e86d15f" mindelta="1" -manglende fornuftighedskontrol af inddata - -

Tango opdagede at ikiwiki, en wikicompiler, ikke validerede hvis -htmlscrubber-plugin'en var aktiveret eller ikke på en side, når der var tilføjet -et alternativt stylesheet til sider. Dermed var det muligt for en angriber, som -havde mulighed for at oplægge skræddersyede stylesheets, at tilføje ondsindede -stylesheets som alternativer eller udskifte standardstylesheetet, og dermed -iværksætte et angreb i forbindelse med udførelse af skripter på tværs af -websteder.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.53.6.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.20100815.7.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 3.20110328.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.20110328.

- -

Vi anbefaler at du opgraderer dine ikiwiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2214.data" diff --git a/danish/security/2011/dsa-2215.wml b/danish/security/2011/dsa-2215.wml deleted file mode 100644 index cd8ca9ee84d..00000000000 --- a/danish/security/2011/dsa-2215.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="704b8150262a23951b9c37b6e71f3ad0e7fb24bc" mindelta="1" -mappegennemløb - -

Dylan Simon opdagede at gitolite, en SSH-baseret dørvogter til Git-arkiver, -var sårbar over for mappegennemløbsangreb ved begrænsning af -administratordefinerede kommandoer (admin defined commands, ADC). Dermed -var det muligt for en angriber at udføre vilkårlige kommandoer med rettighederne -hørende til gitolite-serveren via fabrikerede kommandonavne.

- -

Bemærk at dette kun påvirker installationer, hvor ADC er aktiveret (det er -ikke standard i Debian).

- -

Den gamle stabile distribution (lenny) er ikke påvirket af dette problem, da -den ikke indeholder gitolite.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.5.4-2+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 1.5.7-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.5.7-2.

- -

Vi anbefaler at du opgraderer dine gitolite-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2215.data" diff --git a/danish/security/2011/dsa-2216.wml b/danish/security/2011/dsa-2216.wml deleted file mode 100644 index 4d867de700a..00000000000 --- a/danish/security/2011/dsa-2216.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="5d7a08151ba51e6c90358cbc63725edd7e88366b" mindelta="1" -manglende fornuftighedskontrol af inddata - -

Sebastian Krahmer og Marius Tomaschewski opdagede at dhclient fra isc-dhcp, -en DHCP-klient, ikke på korrekt vis filtrerede shell-metategn ved visse -valgmuligheder i DHCP-serversvar. Disse valgmuligheder blev genbrugt på en -usikker måde af dhclient-scripts. Dermed var det muligt for en angriber at -udføre vilkårlige kommandoer med rettighederne hørende til en sådan proces, ved -at sende DHCP-valgmuligheder til en klient ved hjælp af en ondsindet server.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i en -yderligere opdatering af dhcp3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 4.1.1-P1-15+squeeze2.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.1.1-P1-16.1.

- -

Vi anbefaler at du opgraderer dine isc-dhcp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2216.data" diff --git a/danish/security/2011/dsa-2217.wml b/danish/security/2011/dsa-2217.wml deleted file mode 100644 index a45774950a1..00000000000 --- a/danish/security/2011/dsa-2217.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="5d7a08151ba51e6c90358cbc63725edd7e88366b" mindelta="1" -manglende fornuftighedskontrol af inddata - -

Sebastian Krahmer og Marius Tomaschewski opdagede at dhclient fra dhcp3, -en DHCP-klient, ikke på korrekt vis filtrerede shell-metategn ved visse -valgmuligheder i DHCP-serversvar. Disse valgmuligheder blev genbrugt på en -usikker måde af dhclient-scripts. Dermed var det muligt for en angriber at -udføre vilkårlige kommandoer med rettighederne hørende til en sådan proces, ved -at sende DHCP-valgmuligheder til en klient ved hjælp af en ondsindet server.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 3.1.1-6+lenny5.

- -

I den stabile (squeeze), testing (wheezy) og i den ustabile (sid) -distribution, er dette problem rettet i en yderligere opdatering af isc-dhcp.

- -

Vi anbefaler at du opgraderer dine dhcp3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2217.data" diff --git a/danish/security/2011/dsa-2218.wml b/danish/security/2011/dsa-2218.wml deleted file mode 100644 index 87f987232f4..00000000000 --- a/danish/security/2011/dsa-2218.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="75c2c1868b4ab29d7d4a1c2abd6c35a09bff93d0" mindelta="1" -heap-baseret bufferoverløb - -

Aliz Hammond opdagede at MP4-dekoderpluginen i VLC, en multimedieafspiller og --streamer, var sårbar over for et heap-baseret bufferoverløb. Det skyldes at en -forkert datatype blev anvendt i en størrelsesberegning. En angriber kunne -anvende fejlen til at narre et offer til at åbne en særligt fremstillet MP4-fil -og muligvis udføre vilkårlig kode eller få medieafspilleren til at gå ned.

- -

Den gamle stabile distribution (lenny) er ikke påvirket af dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.1.3-1squeeze5.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.8-3.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2218.data" diff --git a/danish/security/2011/dsa-2219.wml b/danish/security/2011/dsa-2219.wml deleted file mode 100644 index 394bfca6ded..00000000000 --- a/danish/security/2011/dsa-2219.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e3ceefb2f51c3488c3d64cd90ed8ccd84e62551b" mindelta="1" -overskrivelse af vilkårlig fil - -

Nicolas Gregoire opdagede at XML Security Library xmlsec gjorde det muligt -for fjernangribere at oprette eller overskrive vilkårlig filer gennem særligt -fremstillede XML-filer, ved anvendelse af uddataudvidelsen libxslt og et -ds:Transform-element under signaturverifikation.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.2.9-5+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.2.14-1+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), -er dette problem rettet i version 1.2.14-1.1.

- -

Vi anbefaler at du opgraderer dine xmlsec1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2219.data" diff --git a/danish/security/2011/dsa-2220.wml b/danish/security/2011/dsa-2220.wml deleted file mode 100644 index 11fdc29554a..00000000000 --- a/danish/security/2011/dsa-2220.wml +++ /dev/null @@ -1,56 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i Request Tracker, et fejlsporingssystem.

- -
    - -
  • CVE-2011-1685 -

    Hvis funktionaliteten til eksterne skræddersyede felter var aktiveret, - gjorde Request Tracker det muligt for autentificerede brugere at udføre - vilkårlig kode med rettighederne hørende til webserveren, hvilket muligvis - kunne udløse et forespørgselsforfalskningsangreb på tværs af servere. - (Eksterne skræddersyede felter er som standard slået fra.)

    - -
  • CVE-2011-1686 -

    Flere SQL-indsprøjtningsangreb gjorde det muligt for autentificerede - brugere at få adgang til dta fra databasen på en uautoriseret måde.

    - -
  • CVE-2011-1687 -

    En informationslækage gjorde det muligt for en autentificeret - priviligeret brugere at få adgang til følsomme oplysninger, så som - krypterede adgangskoder, via søgegrænsefladen.

    - -
  • CVE-2011-1688 -

    Ved afvikling under visse webservere (så som Lighttpd), var Request - Tracker sårbar over for et mappegennemløbsangreb, hvilket gjorde det muligt - for angribere at læse enhver tilgængelig fil på webserver. Instanser af - Request Tracker kørende under Apache eller Nginx er ikke påvirkede.

    - -
  • CVE-2011-1689 -

    Request Tracker indeholdt flere sårbarheder i forbindelse med udførelse - af skripter på tværs af websteder.

    - -
  • CVE-2011-1690 -

    Request Tracker gjorde det muligt for angribere at omdirigere - autentifikationsoplysninger leveret af legitime brugere til - tredjepartsservere.

    - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet -i version 3.6.7-5+lenny6 af pakken request-tracker3.6.

- -

I den stabile distribution (squeeze), er disse problemer rettet -i version 3.8.8-7+squeeze1 af pakken request-tracker3.8.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er disse problemer rettet i version 3.8.10-1 af pakken -request-tracker3.8.

- -

Vi anbefaler at du opgraderer dine Request Tracker-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2220.data" diff --git a/danish/security/2011/dsa-2221.wml b/danish/security/2011/dsa-2221.wml deleted file mode 100644 index f38e5fe47ca..00000000000 --- a/danish/security/2011/dsa-2221.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b21103f97626cf29b2e4b3cd500c7f27e3339243" mindelta="1" -mappegennemløb - -

Viacheslav Tykhanovskyi opdagede en mappegennemløbssårbarhed i Mojolicious, -et Perl Web Application Framework.

- -

Den gamle stabile distribution (lenny) indeholder ikke -libmojolicious-perl.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.999926-1+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.16-1.

- -

Vi anbefaler at du opgraderer dine libmojolicious-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2221.data" diff --git a/danish/security/2011/dsa-2222.wml b/danish/security/2011/dsa-2222.wml deleted file mode 100644 index 1703e3cf8b7..00000000000 --- a/danish/security/2011/dsa-2222.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="042f97780cc0f01130485577c4a6f3d3cd97545e" mindelta="1" -ukorrekt ACL-behandling - -

Christoph Martin opdagede at ukorrekt ACL-behandling i TinyProxy, en -letvægts, ikke-cachende, valgtfrit anonymiserende HTTP-proxy, kunne føre til -utilsigtede netværksadgangsrettigheder.

- -

Den gamle stabile distribution (lenny) er ikke påvirket.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.8.2-1squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.8.2-2.

- -

Vi anbefaler at du opgraderer dine tinyproxy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2222.data" diff --git a/danish/security/2011/dsa-2223.wml b/danish/security/2011/dsa-2223.wml deleted file mode 100644 index 0b14079f521..00000000000 --- a/danish/security/2011/dsa-2223.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="4d3d94ad37b0110bfff15dd15fb66627ecba53cc" mindelta="1" -SQL-indsprøjtning - -

Man opdagede at Doctrine, et PHP-bibliotek til implementering af -objektpersistence, indeholdt SQL-indsprøjtningssårbarheder. Det præcise -virkning er afhængig af applikationen, som anvender Doctrine-biblioteket.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.2.2-2+squeeze1.

- -

Vi anbefaler at du opgraderer dine doctrine-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2223.data" diff --git a/danish/security/2011/dsa-2224.wml b/danish/security/2011/dsa-2224.wml deleted file mode 100644 index 854ef0a3f85..00000000000 --- a/danish/security/2011/dsa-2224.wml +++ /dev/null @@ -1,73 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sikkerhedssårbarheder blev opdaget i OpenJDK, en implementering af -Java-platformen.

- -
    - -
  • CVE-2010-4351 -

    JNLP SecurityManager vender tilbage fra checkPermission-metoden i stedet - for at kaste en exception under visse omstændigheder, hvilket måske gjorde - det muligt for kontekstafhængige angribere at omgå den tilsigtede - sikkerhedspolicy ved at oprette instanser ClassLoader.

    • - -
  • CVE-2010-4448 -

    Ondsindede applets kunne udføre DNS-cacheforgiftning.

    • - -
  • CVE-2010-4450 -

    En tom (men opsat) LD_LIBRARY_PATH-miljøvariabel medførte en - fejlagtigt konstrueret bibliotekssøgesti, hvilket medførte udførelse af kode - fra kilder som der måske ikke er tillid til.

    • - -
  • CVE-2010-4465 -

    Ondsindede applets kunne udvide deres rettigheder ved at misbruge - Swing-timere.

    • - -
  • CVE-2010-4469 -

    Hotspot just-in-time-kompileren fejlkompilerede fabrikerede - bytesekvenser, førende til heap-korruption.

    • - -
  • CVE-2010-4470 -

    JAXP kunne udnyttes af kode man ikke har tillid til, til at forøge - rettigheder.

    • - -
  • CVE-2010-4471 -

    Java2D kunne udnyttes af kode man ikke har tillid til, til at forøge - rettigheder.

    • - -
  • CVE-2010-4472 -

    Kode man ikke har tillid til kunne erstatte implementeringen af XML - DSIG.

    • - -
  • CVE-2011-0025 -

    Signaturer på JAR-filer blev ikke verificeret på korrekt vis, hvilket - gjorde det muligt for fjernangribere at narre brugere til at udføre kode, - som lod til at komme fra en kilde, man har tillid til.

    • - -
  • CVE-2011-0706 -

    Klassen JNLPClassLoader gjorde det muligt for fjernangribere at opnå - rettigheder via ukendte angrebsvinkler i relation til flere signere og - tildelingen af en upassende sikkerhedsdescriptor.

    • - -
- -

Desuden indeholder denne sikkerhedsopdatering stablitetsrettelser, så som -skift til den anbefalede Hotspot-version (hs14) i denne specifikke version af -OpenJDK.

- -

I den gamle stabile distribution (lenny), er disse problemer rettet i -version 6b18-1.8.7-2~lenny1.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 6b18-1.8.7-2~squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er disse problemer rettet i version 1.8.7-1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2224.data" diff --git a/danish/security/2011/dsa-2225.wml b/danish/security/2011/dsa-2225.wml deleted file mode 100644 index af9926bc0db..00000000000 --- a/danish/security/2011/dsa-2225.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i Asterisk, et open source-PBX- og -telefonitoolkit.

- -
    - -
  • CVE-2011-1147 - -

    Matthew Nicholson opdagede at ukorrekt håndtering af UDPTL-pakker måske - kunne føre til lammelsesangreb (denial of service) eller udførelse af - vilkårlig kode.

    • - -
  • CVE-2011-1174 - -

    Blake Cornell opdagede at ukorrekt connectionhåndtering i - managergrænsefladen måske kunne føre til lammelsesangreb.

    • - -
  • CVE-2011-1175 - -

    Blake Cornell og Chris May opdagede at ukorrekt TCP-connectionhåndtering - måske kunne føre til lammelsesangreb.

    • - -
  • CVE-2011-1507 - -

    Tzafrir Cohen opdagede at utilstrækkelig begræsning af - connectionforespørgsler i flere TCP-baserede tjenester, måske kunne føre til - lammelsesangreb. Se \ - AST-2011-005 for flere oplysninger.

    • - -
  • CVE-2011-1599 - -

    Matthew Nicholson opdagede en rettighedsforøgelsessårbarhed i - managergrænsefladen.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1:1.4.21.2~dfsg-3+lenny2.1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:1.6.2.9-2+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.8.3.3-1.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2225.data" diff --git a/danish/security/2011/dsa-2226.wml b/danish/security/2011/dsa-2226.wml deleted file mode 100644 index 813dc0f348b..00000000000 --- a/danish/security/2011/dsa-2226.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="2faba9e3b78e11b21b01c22b5375ed5c131214f6" mindelta="1" -bufferoverløb - -

M. Lucinskij og P. Tumenas opdagde et bufferoverløb i koden til behandling af -S3M-trackerfiler i Modplug-tracker-musikbiblioteket, hvilket måske kunne medføre -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.8.4-1+lenny2.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:0.8.8.1-1+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:0.8.8.2-1.

- -

Vi anbefaler at du opgraderer dine libmodplug-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2226.data" diff --git a/danish/security/2011/dsa-2227.wml b/danish/security/2011/dsa-2227.wml deleted file mode 100644 index 6fefdd53a14..00000000000 --- a/danish/security/2011/dsa-2227.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev fundet i internetsuiten Iceape, en varemærkefri -version af Seamonkey:

- - - -

Den gamle stabile distribution (lenny) er ikke påvirket. Pakken iceape -stiller kun XPCOM-koden til rådighed.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.0.11-5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.14-1.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2227.data" diff --git a/danish/security/2011/dsa-2228.wml b/danish/security/2011/dsa-2228.wml deleted file mode 100644 index 19a70f4ca0a..00000000000 --- a/danish/security/2011/dsa-2228.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er fundet i Iceweasel, en webbrowser baseret på -Firefox:

- - - -

I den gamle stabile distribution (lenny), vil dette problem snart blive rettet -with updated packages of the xulrunner source package.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.5.16-7.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.5.19-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2228.data" diff --git a/danish/security/2011/dsa-2229.wml b/danish/security/2011/dsa-2229.wml deleted file mode 100644 index dc613085869..00000000000 --- a/danish/security/2011/dsa-2229.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="9da88ae81c5a6aeabc3336a60e0cda240a7a8611" mindelta="1" -programmeringsfejl - -

En sårbarhed blev fundet i SPIP, en webstedsmaskine til udgivelse, hvilket -gjorde det muligt for en ondsindet, registreret forfatter, at deaktivere -forbindelsen mellem webstedet og dets database, medførende lammelsesangreb -(denial of service).

- -

Den gamle stabile distribution (lenny) indeholder ikke spip.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.1.1-3squeeze1.

- -

Den ustabile distribution (sid) vil snart blive rettet.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2229.data" diff --git a/danish/security/2011/dsa-2230.wml b/danish/security/2011/dsa-2230.wml deleted file mode 100644 index a491dfdb994..00000000000 --- a/danish/security/2011/dsa-2230.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sårbarheder blev fundet i KVM, en løsning til fuld virtualisering på -x86-hardware:

- -
    - -
  • CVE-2011-0011 - -

    Opsætning af VNC-adgangskoden til en tom string, slog i stilhed al - autentifikation fra.

    • - -
  • CVE-2011-1750 - -

    Driveren virtio-blk udførte utilstrækkelig validering af - læsnings-/skrivnings-I/O fra gæsteinstansen, hvilket kunne føre til - lammelsesangreb eller rettighedsforøgelse.

    • - -
- -

Den gamle stabile distribution (lenny) er ikke påvirket at dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.12.5+dfsg-5+squeeze1.

- -

Den ustabile distribution (sid) vil snart blive rettet.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2230.data" diff --git a/danish/security/2011/dsa-2231.wml b/danish/security/2011/dsa-2231.wml deleted file mode 100644 index 3d79dfa7039..00000000000 --- a/danish/security/2011/dsa-2231.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -udførelse af skripter på tværs af websteder - -

Flere sårbarheder i forbindelse med udførelse af skripter på tværs af -websteder blev fundet i Open Ticket Request System (OTRS), et -problemsporingssystem. -(CVE-2011-1518)

- -

Desuden indeholder denne opdatering en rettelse af en fejl ved opgradering af -pakken fra lenny til squeeze.

- -

Den gamle stabile distribution (lenny) er ikke påvirket at dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.4.9+dfsg1-3+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.10+dfsg1-1.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2231.data" diff --git a/danish/security/2011/dsa-2232.wml b/danish/security/2011/dsa-2232.wml deleted file mode 100644 index ffda8cbacd0..00000000000 --- a/danish/security/2011/dsa-2232.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -formatstrengssårbarhed - -

Man opdagede at Exim, standardmailtransportagenten i Debian, anvendte -DKIM-data hentet fra DNS, direkte i en formatstreng, potentielt gørende det -muligt for ondsindede afsender af mail, at udføre vilkårlig kode. -(CVE-2011-1764)

- -

Den gamle stabile distribution (lenny) er ikke påvirket at dette problem, da -den ikke indeholder DKIM-understøttelse.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 4.72-6+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.75-3.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2232.data" diff --git a/danish/security/2011/dsa-2233.wml b/danish/security/2011/dsa-2233.wml deleted file mode 100644 index b3f1bf7cd12..00000000000 --- a/danish/security/2011/dsa-2233.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Postfix, en mailoverførselsagent. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-2939 -

    postinst-skriptet gav postfix-brugeren skriveadgang til - /var/spool/postfix/pid, hvilket måske kunne gøre det muligt for lokale - brugere at iværksætte symlinkangreb, som overskriver vilkårlige - filer.

    • - -
  • CVE-2011-0411 -

    Implementeringen af STARTTLS begrænsede ikke på korrekt vis - I/O-buffering, hvilket muliggjorde manden i midten-angreb i forbindelse - med indsættelse af kommandoer i krypterede SMTP-sessioner, ved at sende - en kommando i klartekst, som blev behandlet efter TLS var på - plads.

    • - -
  • CVE-2011-1720 -

    Et heap-baseret read-only-bufferoverløb gjorde det muligt for - ondsindede klienter at få smtpd-serverprocessen til at gå ned, ved - hjælp af en fabrikeret SASL-autentifikationsforespørgsel.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.5.5-1.1+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.7.1-1+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.8.0-1.

- -

Vi anbefaler at du opgraderer dine postfix-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2233.data" diff --git a/danish/security/2011/dsa-2234.wml b/danish/security/2011/dsa-2234.wml deleted file mode 100644 index d3f5a761b9a..00000000000 --- a/danish/security/2011/dsa-2234.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i python-zodb, et sæt værktøjer -til anvendelse af ZODB, som i værste fald kunne føre til udførelse af vilkårlig -kode. Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-0668 - -

    ZEO-serveren begrænsede ikke callables ved unpickling af - data modtaget fra en ondsindet klient, hvilket kunne anvendes af en angriber - til at udføre vilkårlig Python-kode på serveren ved at sende visse - exception pickles. Dermed var det også muligt for an angriber, at - importere ethvert importerbart modul, da ZEO importerede modulet indeholdende - en callable specificeret i en pickle for at teste for - forekomsten af et bestemt flag.

    • - -
  • CVE-2009-0669 - -

    På grund af en programmeringsfejl blev eni autorisationsmetode i - StorageServer-komponenten i ZEO ikke anvendt som en intern metode. Dermed - var det muligt for en ondsindet klient at omgå autentifikation, når den - forbandt sig til en ZEO-server, ved blot at kalde - autorisationsmetoden.

    • - -
- -

Opdateringen begrænser også antallet af nye objektid'er en klient bede om, -til 100, da det ellers ville være muligt at forbruge en enorm mængde ressourcer -ved at bede om en stor mængde nye objektid'er. Der er endnu ikke tildelt en -CVE-id hertil.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -1:3.6.0-2+lenny3.

- -

Den stabile distribution (squeeze) er ikke påvirket, da den blev rettet før -den oprindelige udgivelse.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:3.8.2-1.

- -

Vi anbefaler at du opgraderer dine zodb-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2234.data" diff --git a/danish/security/2011/dsa-2235.wml b/danish/security/2011/dsa-2235.wml deleted file mode 100644 index 73f4913a575..00000000000 --- a/danish/security/2011/dsa-2235.wml +++ /dev/null @@ -1,60 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i Icedove, en mærkevarefri udgave af -mail-/news-klienten Thunderbird.

- - - -

Som angivet i udgivelsesbemærkningerne til Lenny (oldstable), var det -nødvendigt at lade sikkerhedsunderstøttelsen af Icedove-pakkerne i den gamle -stabile distribution stoppe før ophøret af Lennys regulære livscyklus med -sikkerhedsopdateringer. Du opfordres kraftigt til at opgradere til den -stabile distribution eller skifte til en anden mailklient.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.0.11-1+squeeze2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2235.data" diff --git a/danish/security/2011/dsa-2236.wml b/danish/security/2011/dsa-2236.wml deleted file mode 100644 index 6412c69b16f..00000000000 --- a/danish/security/2011/dsa-2236.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -command injection - -

Man opdagede at Exim, Debians standardprogram til mailoverførsel, var sårbar -over for angreb i forbindelse med indsprøjtning af kommandoer i dets -DKIM-behandlingskode, førende til udførelse af vilkårlig kode. -(CVE-2011-1407)

- -

Debians standardopsætning udstiller ikke denne sårbarhed.

- -

Den gamle stabile distribution (lenny) er ikke påvirket at dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.72-6+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i version -4.76-1.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2236.data" diff --git a/danish/security/2011/dsa-2237.wml b/danish/security/2011/dsa-2237.wml deleted file mode 100644 index 42a60a6cec5..00000000000 --- a/danish/security/2011/dsa-2237.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="a14aa406890cbf89757fb9ac4e66972d535527b4" mindelta="1" -lammelsesangreb - - -

En fejl blev fundet i APR-biblioteket, som kunne udnyttes gennem Apache -HTTPD's mod_autoindex. Hvis en mappe indekseret af mod_autoindex indeholdt -filer med tilstrækkeligt lange navne, kunne en fjernangriber sende en -omhyggeligt fabrikeret forespørgsel, der medførte overdrevet CPU-forbrug. Det -kunne anvendes i et lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.2.12-5+lenny3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.4.2-6+squeeze1.

- -

I distributionen testing (wheezy), vil problemet blive rettet i -version 1.4.4-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.4-1.

- -

Vi anbefaler at du opgraderer dine apr-pakker og genstarter -apache2-serveren.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2237.data" diff --git a/danish/security/2011/dsa-2238.wml b/danish/security/2011/dsa-2238.wml deleted file mode 100644 index 6678b0bf3d4..00000000000 --- a/danish/security/2011/dsa-2238.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="9fa09fd2a7faa0c3fd57b25f706730dbd9ddc03c" mindelta="1" -flere sårbarheder - -

Kevin Chen opdagede at ukorrekt behandling af framebuffer-forespørgsler i -VNC-serveren Vino, kunne føre til lammelsesangreb (denial of service).

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.28.2-2+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.28.2-3.

- -

Vi anbefaler at du opgraderer dine vino-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2238.data" diff --git a/danish/security/2011/dsa-2239.wml b/danish/security/2011/dsa-2239.wml deleted file mode 100644 index 0903f5363d2..00000000000 --- a/danish/security/2011/dsa-2239.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="58da8a44b5513985c2c6f73c994d18480340333f" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Mojolicious, et Perl Web Application -Framework. Hjælperen link_to blev påvirket udførelse af skripter på tværs af -websteder og implementeringsfejl i MD5 HMAC og CGI-miljøhåndteringen er blevet -rettet.

- -

Den gamle stabile distribution (lenny) indeholder ikke -libmojolicious-perl.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.999926-1+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.12-1.

- -

Vi anbefaler at du opgraderer dine libmojolicious-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2239.data" diff --git a/danish/security/2011/dsa-2240.wml b/danish/security/2011/dsa-2240.wml deleted file mode 100644 index 04d5452a86c..00000000000 --- a/danish/security/2011/dsa-2240.wml +++ /dev/null @@ -1,267 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/lammelsesangreb/informationslækage - - -

Flere sårbarheder er opdaget i Linux-kernen, som måske kunne føre til -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2010-3875 - -

    Vasiliy Kulikov opdagede et problem i Linux-implementeringen af - protokollen Amateur Radio AX.25 Level 2. Lokale brugere kunne måske få - adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-0695 - -

    Jens Kuehnel rapporterede om et problem i InfiniBand-stakken. - Fjernangribere kunne udnytte en racetilstand til at forårsage et - lammelsesangreb (kernepanik).

    • - -
  • CVE-2011-0711 - -

    Dan Rosenberg rapporterede om et problem i XFS-filsystemet. Lokale - brugere kunne måske få adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-0726 - -

    Kees Cook rapporterede om et problem i implementeringen af - /proc/pid/stat. Lokale brugere kunne finde ud af en proces' - tekstplacering, hvorved beskyttelse leveret af Address Space Layout - Randomization (ASLR) blev omgået.

    • - -
  • CVE-2011-1016 - -

    Marek Olšák opdagede et problem i driveren til ATI/AMD - Radeon-videochips. Lokale brugere kunne overføre vilkårlige værdier til - videohukommelse og grafikoversættelsestabellen, medførende lammelsesangreb - eller rettighedsforøgelse. Som standard i Debian-installeringer kan dette - kun udnyttes af medlemmer af gruppen video.

    • - -
  • CVE-2011-1078 - -

    Vasiliy Kulikov opdagede et problem i Bluetooth-undersystemet. Lokale - brugere kunne opnå adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-1079 - -

    Vasiliy Kulikov opdagede et problem i Bluetooth-undersystemet. Lokale - brugere med CAP_NET_ADMIN-muligheden kunne forårsage et lammelsesangreb - (kerne-oops).

    • - -
  • CVE-2011-1080 - -

    Vasiliy Kulikov opdagede et problem i Netfilter-undersystemet. Lokale - brugere kunne opnå adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-1090 - -

    Neil Horman opdagede en hukommelseslækage i setacl()-kaldet på - NFSv4-filsystemer. Lokale brugere kunne udnytte dette til at forårsage et - lammelsesangreb (oops).

    • - -
  • CVE-2011-1160 - -

    Peter Huewe rapporterede om et problem i Linux-kernens understøttelse af - TPM-sikkerhedschips. Lokale brugere med rettigheder til at åbne enheden, - kunne opnå adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-1163 - -

    Timo Warns rapporterede om et problem i kerneunderstøttelsen af - diskpartitioner i Alpha OSF-formatet. Brugere med fysisk adgang kunne opnå - adgang til følsom kernehukommelse ved at tilføje en opbevaringsenhed med en - særligt fremstillet OSF-partition.

    • - -
  • CVE-2011-1170 - -

    Vasiliy Kulikov rapporterde om et problem i implementeringen af - Netfilter ARP-tabellen. Lokale brugere med CAP_NET_ADMIN-muligheden kunne - opnå adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-1171 - -

    Vasiliy Kulikov rapporterede om et problem i implementeirngen af - Netfilter IP-tabellen. Lokale brugere med CAP_NET_ADMIN-muligheden kunne - opnå adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-1172 - -

    Vasiliy Kulikov rapporterede om et problem i implememteringen af - Netfilter IPv6-tabellen. Lokale brugere med CAP_NET_ADMIN-muligheden kunne - opnå adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-1173 - -

    Vasiliy Kulikov rapporterede om et problem i implementeringen af Acorn - Econet-protokollen. Lokale brugere kunne opnå adgang til følsom - kernehukommelse på systemer, som anvender denne sjældne hardware.

    • - -
  • CVE-2011-1180 - -

    Dan Rosenberg rapporterede om et bufferoverløb i Information Access - Service i IrDA-protokollen, som anvendes af infrarød-enheder. - Fjernangribere inden for rækkevidde af den infrarøde enhed kunne forårsage - et lammelsesangreb eller muligvis opnå rettighedsforøgelse.

    • - -
  • CVE-2011-1182 - -

    Julien Tinnes rapporterede om et problem i rt_sigqueueinfo-grænsefladen. - Lokale brugere kunne generere signaler med forfalsket kilde-pid- og - uid-oplysninger.

    • - -
  • CVE-2011-1476 - -

    Dan Rosenberg rapporterede om problemer i Open Sound System - MIDI-grænsefladen, som gjorde det muligt for lokale brugere at forårsage et - lammelsesangreb. Problemet påvirker ikke officielle Debian - Linux-imagepakker, da de ikke længere leverer understøttelse af OSS. - Men i skræddersyede kerner opbygget fra Debians linux-source-2.6.32 kan - denne konfiguration været aktiveret og vil derfor være sårbar.

    • - -
  • CVE-2011-1477 - -

    Dan Rosenberg rapporterede om problemer i Open Sound System-driveren - til kort, der indeholder en Yamaha FM-synthesizerchip. Lokale brugere kunne - forårsage hukommelseskorruption, medførende et lammelsesangreb. Problemet - påvirker ikke officielle Debian Linux-imagepakker, da de ikke længere leverer - understøttelse af OSS. Men i skræddersyede kerner opbygget fra Debians - linux-source-2.6.32 kan denne konfiguration været aktiveret og vil derfor - være sårbar.

    • - -
  • CVE-2011-1478 - -

    Ryan Sweat rapporterede om et problem i understøttelse af Generic Receive - Offload (GRO) i Linux' netværksundersystem. Hvis GRO er aktiveret i en - grænseflade og kører i promiscuous tilstand, kunne fjerne brugere forårsage - et lammelsesangreb (NULL-pointerdereference) ved at sende pakker på et - ukendt VLAN.

    • - -
  • CVE-2011-1493 - -

    Dan Rosenburg rapporterede to problemer i Linux-implementeringen af - protokollen Amateur Radio X.25 PLP (Rose). En fjernbruger kunne forårsage - et lammelsesangreb ved at levere særligt fremstillede - facilities-felter.

    • - -
  • CVE-2011-1494 - -

    Dan Rosenberg rapporterede om et problem i grænsefladen /dev/mpt2ctl som - leveres af driveren til LSI MPT Fusion SAS 2.0-controllere. Lokale brugere - kunne opnå rettighedsforøgelse ved hjælp af særligt fremstillede ioctl-kald. - Som standard i Debian-installeringer er dette ikke udnytbart, da - grænsefladen kun er tilgængelig for root.

    • - -
  • CVE-2011-1495 - -

    Dan Rosenberg rapporterede om yderligere to problemer i grænsenfladen - /dev/mpt2ctl som leveres af driveren til LSI MPT Fusion SAS 2.0-controllere. - Lokale brugere kunne opnå rettighedsforøgelse og læse vilkårlig - kernehukommelse ved at anvende særligt fremstillede ioctl-kald. Som - standard i Debian-installeringer er dette ikke udnytbart, da grænsefladen - kun er tilgængelig for root.

    • - -
  • CVE-2011-1585 - -

    Jeff Layton rapporterede om et problem i Common Internet File System (CIFS). - Lokale brugere kunne omgå autentificeringskrav til shares, som allerede er - mountet af en anden bruger.

    • - -
  • CVE-2011-1593 - -

    Robert Swiecki rapporterede om et fortegnsproblem i funktionen - next_pidmap(), der kunne udnyttes af lokale brugere til at forårage et - lammelsesangreb.

    • - -
  • CVE-2011-1598 - -

    Dave Jones rapporterede om et problem i protokollen Broadcast Manager - Controller Area Network (CAN/BCM), der måske kunne gøre det muligt for - lokale brugere at forårsage en NULL-pointerdereference, medførende et - lammelsesangreb.

    • - -
  • CVE-2011-1745 - -

    Vasiliy Kulikov rapporterede om et problem i Linux' understøttelse af - AGP-enheder. Lokale brugere kunne opnå rettighedsforøgelse eller forårsage - lammelsesangreb på grund af manglende grænsekontrol i ioctl'en - AGPIOC_BIND. Som standard i Debian-installeringer er det kun udnytbart af - brugere i gruppen video.

    • - -
  • CVE-2011-1746 - -

    Vasiliy Kulikov rapporterede om et problem i Linux' understøttelse af - AGP-enheder. Lokale brugere kunne opnå rettighedsforøgelse eller forårsage - lammelsesangreb på grund af manglende grænsekontrol i rutinerne - agp_allocate_memory og agp_create_user_memory. Som standard i - Debian-installeringer er det kun udnytbart af brugere i gruppen - video.

    • - -
  • CVE-2011-1748 - -

    Oliver Kartkopp rapporterede om et problem i raw socket-implementeringen - af Controller Area Network (CAN), hvilket gjorde det muligt for lokale - brugere at forårsage en NULL-pointerdereference, medførende et - lammelsesangreb.

    • - -
  • CVE-2011-1759 - -

    Dan Rosenberg rapporterede om et problem i understøttelsen af udførelse - af old ABI-binære filer på ARM-processorer. Lokale brugere kunne - opnå forøgede rettigheder på grund af utilstrækkelig grænsekontrol i - systemkaldet semtimedop.

    • - -
  • CVE-2011-1767 - -

    Alexecy Dobriyan rapporterede om et problem i implementeringen af GRE - over IP. Fjerne brugere kunne forårsage et lammelsesangreb ved at sende - pakker under modulinitialisering.

    • - -
  • CVE-2011-1770 - -

    Dan Rosenberg rapporterede om et problem i Datagram Congestion Control - Protocol (DCCP). Fjerne brugere kunne forårsage et lammelsesangreb eller - potentielt opnå adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-1776 - -

    Timo Warns rapporterede om et problem i Linux' implementering af - GUID-partitioner. Brugere med fysisk adgang kunne opnå adgang til følsom - kernehukommelse ved at tilføje en opbevaringshed med en særligt fremstillet - ødelagt, ugyldig partitionstabel.

    • - -
  • CVE-2011-2022 - -

    Vasiliy Kulikov rapporterede om et problem i Linux' understøttelse af - AGP-enheder. Lokale brugere kunne opnå rettighedsforøgelse eller forårsage - lammelsesangreb på grund af manglende grænsekontrol i ioctl'en - AGPIOC_UNBIND. Som standard i Debian-installeringer er det kun udnytbart af - brugere i gruppen video.

    • - -
- -

Denne opdatering indeholder også ændringer, som afventede den næste -punktopdatering af Debian 6.0, som retter forskellige problemer ikke relateret -til sikkerhed. Disse yderligere ændringer er beskrevet i -\ -pakkens changelog.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -2.6.32-34squeeze1. Opdateringer til problemer som rammer den gamle stabile -distribution (lenny) vil snart blive gjort tilgængelige.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:

- -
- - -
  Debian 6.0 (squeeze)
user-mode-linux 2.6.32-1um-4+34squeeze1
- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2240.data" diff --git a/danish/security/2011/dsa-2241.wml b/danish/security/2011/dsa-2241.wml deleted file mode 100644 index 78e9f14b2cc..00000000000 --- a/danish/security/2011/dsa-2241.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="002fc86db471bd9a7b618b25545192e64526665f" mindelta="1" -implementeringsfejl - -

Nelson Elhage opdagede at ukorrekt hukommelseshåndtering under fjernelse af -ISA-enheder i KVM, en løsning til fuld virtualisering på x86-hardware, kunne -føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.12.5+dfsg-5+squeeze2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2241.data" diff --git a/danish/security/2011/dsa-2242.wml b/danish/security/2011/dsa-2242.wml deleted file mode 100644 index e832d862d3f..00000000000 --- a/danish/security/2011/dsa-2242.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="c21a34e51b1524ff606f75ca1414edc0ec756a75" mindelta="1" -implementeringsfejl - -

Man opdagede at implementeringen i STARTTLS i Cyrus IMAP-server ikke på -korrekt vis begrænsee I/O-buffering, hvilket gjorde det muligt for manden i -midten-angribere at indsætte kommandoer i krypterede IMAP-, LMTP-, NNTP- og -POP3-sessioner, ved at sende kommandoer i klartekst, som blev behandlet efter -TLS var etableret.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -2.2.13-14+lenny4.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.2.13-19+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.2.13p1-11 i cyrus-imapd-2.2 og i version 2.4.7-1 i cyrus-imapd-2.4.

- -

Vi anbefaler at du opgraderer dine cyrus-imapd-2.2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2242.data" diff --git a/danish/security/2011/dsa-2243.wml b/danish/security/2011/dsa-2243.wml deleted file mode 100644 index 68068a30f83..00000000000 --- a/danish/security/2011/dsa-2243.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -designfejl - -

Man opdagede at Unbound, en cachende DNS-opløser, holder op med at give svar -vedrørende zoner, som er signeret med brug af DNSSEC, efter at have behandlet en -fabrikeret forespørgsel. -(CVE-2009-4008)

- -

Desuden forbedrer denne opdatering niveauet af DNSSEC-understøttelse i -Lenny-versionen af Unbound, så det er muligt for systemadministratorer at -opsætte trust-anchor'et for rodzonen.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.4.6-1~lenny1.

- -

I de andre distributioner (squeeze, wheezy, sid), er dette problem -rettet i version 1.4.4-1.

- -

Vi anbefaler at du opgraderer dine unbound-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2243.data" diff --git a/danish/security/2011/dsa-2244.wml b/danish/security/2011/dsa-2244.wml deleted file mode 100644 index 28192b96118..00000000000 --- a/danish/security/2011/dsa-2244.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -ukorrekte grænsebetingelser - -

Man opdagede at BIND, en implementering af DNS-protokollen, ikke på korrekt -vis behandlede visse store RRSIG-registreringssæt i DNSSEC-svar. Som følge -heraf opsted en assertion failure, som fik navneserverprocessen til at gå ned, -og dermed gjorde navneopløsningen utilgængelig. -(CVE-2011-1910)

- -

Desuden retter denne opdatering håndtering af visse kombinationer af -signerede/usignerede zoner, når en DLV-tjenste anvendes. Tidligere kunne data -fra visse påvirkede zoner blive utilgængelige fra opløseren.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1:9.6.ESV.R4+dfsg-0+lenny2.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:9.7.3.dfsg-1~squeeze2.

- -

Distributionen testing (wheezy) og den ustabile distribution (sid) vil -snart blive rettet.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2244.data" diff --git a/danish/security/2011/dsa-2245.wml b/danish/security/2011/dsa-2245.wml deleted file mode 100644 index 2316c0c6842..00000000000 --- a/danish/security/2011/dsa-2245.wml +++ /dev/null @@ -1,69 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i browseren Chromium. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    -
  • CVE-2011-1292 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse i - implementeringen af frame-loader i Google Chrome gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (denial of service) eller - muligvis ikke-angivet anden indvirkning via ukendte angrebsvinkler.

    • - - -
  • CVE-2011-1293 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse i - implementeringen af HTMLCollection i Google Chrome gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb eller muligvis ikke-angivet - anden indvirkning via ukendte angrebsvinkler.

    • - - -
  • CVE-2011-1440 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse i Google Chrome - gjorde det muligt for fjernangribere at forårsage et lammelsesangreb eller - muligvis have anden ikke-angivet indvirkning via ukendte angrebsvinkler i - relation til Ruby-elementet og Cascading Style Sheets-tokensekvenser - (CSS).

    • - - -
  • CVE-2011-1444 - -

    En race-tilstand i implementeringen af sandbox-launcher i Google Chrome - under Linux gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb eller muligvis have anden ikke-angivet indvirkning via - ukendte angrebsvinkler.

    • - - -
  • CVE-2011-1797 - -

    Google Chrome lavede ikke korrekt rendering af tabeller, hvilket gjorde det - muligt for fjernangribere at forårsage lammelsesangreb eller have anden - ikke-angivet indvirkning via ukendte angrebsvinkler, der førte til en - stale pointer.

    • - - -
  • CVE-2011-1799 - -

    Google Chrome udførte ikke på korrekt vis casts af variable under - interaktion med WebKit-maskinen, hvilket gjorde det muligt for fjernangribere - at forårsage et lammelsesangreb eller muligvis havde anden ikke-angivet - indvirkning via ukendte angrebsvinkler.

    • -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 6.0.472.63~r59945-5+squeeze5.

- -

I distributionen testing (wheezy), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 11.0.696.68~r84545-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2245.data" diff --git a/danish/security/2011/dsa-2246.wml b/danish/security/2011/dsa-2246.wml deleted file mode 100644 index dc83fdb545f..00000000000 --- a/danish/security/2011/dsa-2246.wml +++ /dev/null @@ -1,75 +0,0 @@ -#use wml::debian::translation-check translation="0566d9016413a572d83570c0605ce60d3cc9215d" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i Mahara, en elektronisk portfolio, -weblog, CV-program og socialt netværk-system. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2011-1402 - -

    Man opdagede at tidligere versioner af Mahara ikke kontrollerede - brugeroplysninger før tilføjelse af en hemmelig URL til visning eller - suspendering af en bruger.

    • - -
  • CVE-2011-1403 - -

    På grund af en fejlkonfigurering af pakken Pieform i Mahara, var mekanismen - til beskyttelse mod udførelse af forfalskede forespørgsler på tværs af - websteder, som Mahara er afhængig af for at styrke sin formular, - ikke-fungerende og i praksis slået fra. Det er en kritisk sårbarhed, som kan - gøre det muligt for angribere at narre andre brugere (eksempelvis - administratorer) til at udføre ondsindede handlinger på vegne af angriberen. - De fleste Mahara-formularer er sårbare.

    • - -
  • CVE-2011-1404 - -

    Mange af JSON-strukturerne, der returneres af Mahara i dets - AJAX-interaktioner, indeholdt flere oplysninger end der burde afsløres til - den indloggede bruger. Nye versioner af Mahara begrænser disse oplysninger - til hvad der er nødvendigt, for hver enkelt side.

    • - -
  • CVE-2011-1405 - -

    Tidligere versioner Mahara escapede ikke indholdet af HTML-e-mail sendt til - brugere. Afhængigt af de filtre, som er aktiveret i ens mailprogram, kunne - det føre til angreb i forbindelse med udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2011-1406 - -

    Vi er blevet gjort opmærksomme på, at hvis Mahara er opsat (gennem sin - wwwroot-variabel) til at anvende HTTPS, vil programmet gladeligt lade brugerne - logge på via HTTP-versionen af websteder, hvis webserveren er opsat til at - levere indhold over begge protokoller. Den nye version af Mahara vil, når - wwwroot peger på en HTTPS-URL, automatisk omdirigere til HTTPS, hvis den - opdager at den kører over HTTP.

    - -

    Vi anbefaler, at websteder der ønsker at køre Mahara over HTTPS, sikrer sig - at deres webserveropsætning ikke tillader levering af indhold over HTTP og - blot omdirigerer til den sikre udgave. Vi foreslår også, at - webstedsadministratorer overvejer at føje - \ - HSTS-headere til deres webserveropsætning.

    • - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet i -version 1.0.4-4+lenny10.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 1.2.6-2+squeeze2.

- -

I distributionen testing (wheezy), er disse problemer rettet i -version 1.3.6-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.3.6-1.

- -

Vi anbefaler at du opgraderer dine mahara-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2246.data" diff --git a/danish/security/2011/dsa-2247.wml b/danish/security/2011/dsa-2247.wml deleted file mode 100644 index 845177f2ba9..00000000000 --- a/danish/security/2011/dsa-2247.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Rails, Rubys webapplikationsframework. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2011-0446 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (XSS), når JavaScript-encoding blev anvendt, gjorde det muligt - for fjernarngribere at indsprøjte vilkårligt webskript eller HTML.

    • - -
  • CVE-2011-0447 - -

    Rails validerede ikke på korrekt vis HTTP-forespørgsler, som indeholder - en X-Requested-With-header, hvilket gjorde det lettere for fjernangribere - at iværksætte angreb i forbindelse med forfalskning af forespørgsler på - tværs af websteder (CSRF).

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.1.0-7+lenny0.1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.3.5-1.2+squeeze0.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.3.11-0.1.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2247.data" diff --git a/danish/security/2011/dsa-2248.wml b/danish/security/2011/dsa-2248.wml deleted file mode 100644 index 7079af7b355..00000000000 --- a/danish/security/2011/dsa-2248.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="ece58331a685fe51c613c16e2be85abfb4e0d5d9" mindelta="1" -lammelsesangreb - -

Wouter Coekaerts opdagede at ejabberd, en distributeret XMPP/Jabber-server -skrevet i Erlang, var sårbar over for det såkaldte billion laughs-angreb, -fordi den ikke forhindrede entitetsudvidelse på modtagne data. Dermed kunne en -angriber udføre et lammelsesangreb (denial of service) mod tjenesten, ved at -sende særligt fremstillede XML-data til den.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.0.1-6+lenny3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.1.5-3+squeeze1.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1.6-2.1.

- -

Vi anbefaler at du opgraderer dine ejabberd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2248.data" diff --git a/danish/security/2011/dsa-2249.wml b/danish/security/2011/dsa-2249.wml deleted file mode 100644 index 4efbdc1de28..00000000000 --- a/danish/security/2011/dsa-2249.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="ece58331a685fe51c613c16e2be85abfb4e0d5d9" mindelta="1" -lammelsesangreb - -

Wouter Coekaerts opdagede at jabberd14, en chatprogramsserver som anvender -XMPP/Jabber-server, var sårbar over for det såkaldte billion -laughs-angreb, fordi den ikke forhindrede entitetsudvidelse på modtagne -data. Dermed kunne en angriber udføre et lammelsesangreb (denial of service) -mod tjenesten, ved at sende særligt fremstillede XML-data til den.

- -

Den gamle stabile distribution (lenny), indeholder ikke jabberd14.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.6.1.1-5+squeeze1.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.1.1-5.1

- -

Vi anbefaler at du opgraderer dine jabberd14-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2249.data" diff --git a/danish/security/2011/dsa-2250.wml b/danish/security/2011/dsa-2250.wml deleted file mode 100644 index 2f59b3c1c5a..00000000000 --- a/danish/security/2011/dsa-2250.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="ece58331a685fe51c613c16e2be85abfb4e0d5d9" mindelta="1" -lammelsesangreb - -

Wouter Coekaerts opdagede at Jabber-serverkomponenten i Citadel, en komplet -og funktionsomfattende groupwareserver, var sårbar over for det såkaldte -billion laughs-angreb, fordi den ikke forhindrede entitetsudvidelse på -modtagne data. Dermed kunne en angriber udføre et lammelsesangreb (denial of -service) mod tjenesten, ved at sende særligt fremstillede XML-data til den.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 7.37-8+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 7.83-2squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distributions (sid), -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine citadel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2250.data" diff --git a/danish/security/2011/dsa-2251.wml b/danish/security/2011/dsa-2251.wml deleted file mode 100644 index 79dd9dd495e..00000000000 --- a/danish/security/2011/dsa-2251.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i versionsstyringssystemet Subversion. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2011-1752 - -

    Apache HTTPD-servermodulet mod_dav_svn kunne bringes til at gå ned, når - det blev bedt om at levere baselinede WebDAV-ressourcer.

    • - -
  • CVE-2011-1783 - -

    Apache HTTPD-servermodulet mod_dav_svn kunne udløse en løkke, som - forbrugte al tilgængelig hukommelse på systemet.

    • - -
  • CVE-2011-1921 - -

    Apache HTTPD-servermodulet mod_dav_svn kunne måske til fjernbrugere lække - indholdet af filer, opsat til at være utilgængelige for disse - brugere.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.5.1dfsg1-7.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.6.12dfsg-6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.17dfsg-1.

- -

Vi anbefaler at du opgraderer dine subversion-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2251.data" diff --git a/danish/security/2011/dsa-2252.wml b/danish/security/2011/dsa-2252.wml deleted file mode 100644 index d16ffa7328d..00000000000 --- a/danish/security/2011/dsa-2252.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1720d71ce2193ab86b0f8da6fc61eeacf87193d7" mindelta="1" -programmeringsfejl - -

Man opdagede at meddelelsesheaderfortolkeren i mailserveren Dovecot -fortolkede NUL-tegn på forkert vis, hvilket kunne føre til lammelsesangreb -(denial of service) gennem misdannede mailheadere.

- -

Den gamle stabile distribution (lenny) er ikke påvirket.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.2.15-7.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.13-1.

- -

Vi anbefaler at du opgraderer dine dovecot-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2252.data" diff --git a/danish/security/2011/dsa-2253.wml b/danish/security/2011/dsa-2253.wml deleted file mode 100644 index fe955097d7d..00000000000 --- a/danish/security/2011/dsa-2253.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="604d182ac5ead388dc1b59576e781fbc5b572086" mindelta="1" -bufferoverløb - -

Ulrik Persson rapporterede om en stakbaseret bufferoverløbsfejl i FontForge, -et fontredigeringsprogram. Ved behandling af en fabrikeret fil i formatet -Bitmap Distribution Format (BDF), kunne FontForge gå ned eller udføre vilkårlig -kode med rettighederne hørende til brugeren, der kører FontForge.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.0.20080429-1+lenny2.

- -

Den stabile distribution (squeeze), distributionen testing (wheezy) og den -ustabile distribution (sid) er ikke påvirkede af dette problem.

- -

Vi anbefaler at du opgraderer dine fontforge-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2253.data" diff --git a/danish/security/2011/dsa-2254.wml b/danish/security/2011/dsa-2254.wml deleted file mode 100644 index 508e8040df1..00000000000 --- a/danish/security/2011/dsa-2254.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="0f53e73b9843931d27836cc2f40474024a199c7a" mindelta="1" -kommandoindsprøjtning - -

OProfile er et værktøj til performance profiling, som er konfigurerbart via -opcontrol, dets kontrolværktøj. Stephane Chauveau rapporterede om flere måder, -at indsprøjte vilkårlige kommandoer via parametrene til værktøjet. Hvis en lokal -bruger uden særlige rettigheder er autoriseret via sudoers-filen til at køre -opcontrol som root, kunne denne bruger anvende fejlen til at forøge sine -rettigheder.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.9.3-2+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.9.6-1.1+squeeze1.

- -

For the distributionen testing (wheezy), er dette problem rettet i -version 0.9.6-1.2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.9.6-1.2.

- -

Vi anbefaler at du opgraderer dine oprofile-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2254.data" diff --git a/danish/security/2011/dsa-2255.wml b/danish/security/2011/dsa-2255.wml deleted file mode 100644 index 9558cfc785e..00000000000 --- a/danish/security/2011/dsa-2255.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="7102bc332ff45a2c9d78b3a687d1294dea59d04f" mindelta="1" -bufferoverløb - -

Chris Evans opdagede at libxml var sårbar over for bufferoverløb, hvilket -gjorde det muligt, ved hjælp af en fabrikeret XML-inddatafil, potentielt at -udføre vilkårlig kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.6.32.dfsg-5+lenny4.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.7.8.dfsg-2+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.7.8.dfsg-3.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2255.data" diff --git a/danish/security/2011/dsa-2256.wml b/danish/security/2011/dsa-2256.wml deleted file mode 100644 index 21c7d1dd657..00000000000 --- a/danish/security/2011/dsa-2256.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f44c81e3a72f62f2d236756f2bbbaef37732c135" mindelta="1" -bufferoverløb - -

Tavis Ormandy opdagede at Tag Image File Format-biblioket (TIFF) var sårbart -over for et bufferoverløb udløst af en fabrikeret OJPEG-fil, hvilket muliggjorde -et nedbrud (crash) og potentielt udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (lenny) er ikke påvirket at dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.9.4-5+squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 3.9.5-1.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2256.data" diff --git a/danish/security/2011/dsa-2257.wml b/danish/security/2011/dsa-2257.wml deleted file mode 100644 index 88c0f512c9e..00000000000 --- a/danish/security/2011/dsa-2257.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="3f5c388a28fa3b6a070c624659eba25f7dbfaf35" mindelta="1" -heap-baseret bufferoverløb - -

Rocco Calvi opdagede at XSPF-spilleliste-fortolkeren i VLC, en -multimedieafspiller og -streamer, var ramt af et heltalsoverløb, medførende et -heap-baseret bufferoverløb. Dermed kunne det være muligt for en angriber, at -udføre vilkårlig kode, ved at narre et offer til at åbne en særligt fabrikeret -fil.

- -

Den gamle stabile distribution (lenny) er ikke påvirket at dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.1.3-1squeeze6.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -problemet snart blive rettet.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2257.data" diff --git a/danish/security/2011/dsa-2258.wml b/danish/security/2011/dsa-2258.wml deleted file mode 100644 index ec71da63201..00000000000 --- a/danish/security/2011/dsa-2258.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="d5922890989213eb97c82e10261f7ea94b0108e7" mindelta="1" -implementeringsfejl - -

Man opdagede at implementeringen af STARTTLS i Kolab Cyrus IMAP-serveren ikke -på korrekt vis begrænsede I/O-buffering, hvilket gjorde det muligt for manden i -midten-angribere at indsætte kommandoer i krypterede IMAP-, LMTP-, NNTP- og -POP3-sessioner, ved at sende en klartekstkommando, som blev behandlet efter TLS -var på plads.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.2.13-5+lenny3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.2.13-9.1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 2.2.13p1-0.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.2.13p1-0.1.

- -

Vi anbefaler at du opgraderer dine kolab-cyrus-imapd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2258.data" diff --git a/danish/security/2011/dsa-2259.wml b/danish/security/2011/dsa-2259.wml deleted file mode 100644 index 0038c9289c7..00000000000 --- a/danish/security/2011/dsa-2259.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="c65b3c8952f571b2ba20f4718f8b13070d6f90cc" mindelta="1" -autentificeringsomgåelse - -

Man opdagede at F*EX, en webservice til overførsel meget store filer, ikke -validererede autentificerings-id'er tilstrækkeligt. Mens servien på korrekt vis -validerede eksisterende autentificerings-id'er, kunne en angirber, der ikke -angav en specifik autenficierings-id overhovedet, omgå -autentificeringsproceduren.

- -

Den gamle stabile distribution (lenny) indeholder ikke fex.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 20100208+debian1-1+squeeze1.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 20110610-1.

- -

Vi anbefaler at du opgraderer dine fex-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2259.data" diff --git a/danish/security/2011/dsa-2260.wml b/danish/security/2011/dsa-2260.wml deleted file mode 100644 index 4be5c1b6834..00000000000 --- a/danish/security/2011/dsa-2260.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sårbarheder blev opdaget i Ruby on Rails, et webapplikationsframework. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-3086 - -

    Cookie-opbevaringe var sårbar over for et timingsangreb, potentielt - gørende det muligt for fjernangribere at forfalske - meddelelsesdigests.

    • - -
  • CVE-2009-4214 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder i funktionen strip_tags, gjorde det muligt for brugerhjulpne - fjernangribere at indsprøjte vilkårligt webskript.

    • - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet -i version 2.1.0-7+lenny0.2.

- -

I de andre distributioner er disse problemer rettet i version -2.2.3-2.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2260.data" diff --git a/danish/security/2011/dsa-2261.wml b/danish/security/2011/dsa-2261.wml deleted file mode 100644 index 7208b9e0f38..00000000000 --- a/danish/security/2011/dsa-2261.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="957ba648525828b505241cd8cfc54f64eca0c91c" mindelta="1" -flere sårbarheder - -

Joernchen fra Phenoelit opdagede flere sårbarheder i Redmine, en -webprojekthåndteringsapplikation:

- -
    - -
  • Indloggede brugere kunne måske have mulighed for at tilgå private - data.
    • - -
  • Textile-formateringen gjorde det muligt at udføre skripter på tværs af - servere, hvorved følsomme data blev blotlagt for en angriber.
    • - -
  • Bazaar-arkivadapteren kunne anvendes fra en fjern maskine til at udføre - kommandoer på værtsmaskinen, der kører Redmine.
    • - -
- -

Den gamle stabile distribution (lenny) indeholder ikke redmine-pakker.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.0.1-2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), -er dette problem rettet i version 1.0.5-1.

- -

Vi anbefaler at du opgraderer dine redmine-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2261.data" diff --git a/danish/security/2011/dsa-2262.wml b/danish/security/2011/dsa-2262.wml deleted file mode 100644 index 2ba9bf89915..00000000000 --- a/danish/security/2011/dsa-2262.wml +++ /dev/null @@ -1,51 +0,0 @@ -#use wml::debian::translation-check translation="d2534d5d83ffe7699be50017983ce193940dc7c9" mindelta="1" -flere sårbarheder - -

Flere problemer i forbindelse med udførelse af skripter på tværs af websteder -og informationsblotlæggelse, er rettet i Moodle, et kursushåndteringssystem til -onlineundervisning:

- -
    - -
  • MSA-11-0002 - -

    Forespørgselsforfalskningssårbarhed på tværs af websteder i - RSS-block.

    • - -
  • MSA-11-0003 - -

    Sårbarhed i forbindelse med udførelse af skripter på tværs af websteder i - tag-autocomplete.

    • - -
  • MSA-11-0008 - -

    IMS-enterprise-enrolment-fil kunne blotlægge følsomme - oplysninger.

    • - -
  • MSA-11-0011 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder i media media-filter.

    • - -
  • MSA-11-0015 - -

    Sårbarhed i forbindelse med udførelse af skripter på tværs af websteder - gennem URL-encoding.

    • - -
  • MSA-11-0013 - -

    Gruppe/quiz-rettighedsproblem.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.9.9.dfsg2-2.1+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.9.9.dfsg2-3.

- -

Vi anbefaler at du opgraderer dine moodle-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2262.data" diff --git a/danish/security/2011/dsa-2263.wml b/danish/security/2011/dsa-2263.wml deleted file mode 100644 index f248b38ba19..00000000000 --- a/danish/security/2011/dsa-2263.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="24c84538bf5e1d6fc6a3fd47db2e3625901c7d2d" mindelta="1" -flere sårbarheder - -

Man opdagede at Movable Type, et weblogudgivelsessystem, indeholdt flere -sikkerhedssårbarheder:

- -

En fjernangriber kunne udføre vilkårlig kode i en indlogget brugers -webbrowser.

- -

En fjernangriber kunne læse eller ændre indholdet på systemet under visse -omstændigheder.

- -

I den gamle stabile distribution (lenny), er disse problemer rettet i -version 4.2.3-1+lenny3.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 4.3.5+dfsg-2+squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 4.3.6.1+dfsg-1.

- -

Vi anbefaler at du opgraderer dine movabletype-opensource-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2263.data" diff --git a/danish/security/2011/dsa-2264.wml b/danish/security/2011/dsa-2264.wml deleted file mode 100644 index 1cbc3b61698..00000000000 --- a/danish/security/2011/dsa-2264.wml +++ /dev/null @@ -1,287 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/lammelsesangreb/informationslækage - -

Flere sårbarheder er opdaget i Linux-kernen, som kan føre til en -rettighedsforøgelse, lammelsesangreb (denial of service) eller -informationslækage. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2010-2524 - -

    David Howells rapporterede om et problem i Common Internet File System - (CIFS). Lokale brugere kunne forårsage, at vilkårlige CIFS-shares kunne - mountes ved at indføre ondsindede viderestillinger.

    • - -
  • CVE-2010-3875 - -

    Vasiliy Kulikov opdagede et problem i Linux-implementeringen af - protokollen Amateur Radio AX.25 Level 2. Lokale brugere kunne måske få - adgang til følsom kernehukommelse.

    • - -
  • CVE-2010-4075 - -

    Dan Rosenberg rapporterede om et problem i tty-laget, der måske kunne - gøre det muligt for lokale brugere at få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2010-4655 - -

    Kees Cook opdagede flere problemer i ethtool-grænsefladen, hvilket måske - kunne gøre det muligt for lokale brugere, med rettigheden CAP_NET_ADMIN, at - få adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-0695 - -

    Jens Kuehnel rapporterede om et problem i InfiniBand-stakken. - Fjernangribere kunne udnytte en racetilstand til at forårsage et - lammelsesangreb (kernepanik).

    • - -
  • CVE-2011-0710 - -

    Al Viro rapporterede om et problem i grænsefladen /proc/<pid>/status - på s390-arkitekturen. Lokale brugere kunne få adgang til følsom - kernehukommelse i processer, som de ikke ejer, via task_show_regs.

    • - -
  • CVE-2011-0711 - -

    Dan Rosenberg rapporterede om et problem i XFS-filsystemet. Lokale - brugere kunne måske få adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-0726 - -

    Kees Cook rapporterede om et problem i implementeringen af - /proc/<pid>/stat. Lokale brugere kunne finde ud af en proces' - tekstplacering, hvorved beskyttelse leveret af Address Space Layout - Randomization (ASLR) blev omgået.

    • - -
  • CVE-2011-1010 - -

    Timo Warns rapporterede om et problem i Linux-understøttelsen af - Mac-partitionstabeller. Lokale brugere med fysisk adgang kunne forårsage et - lammelsesangreb (panik) ved at tilføje en storageenhed med en ondsindet - map_count-værdi.

    • - -
  • CVE-2011-1012 - -

    Timo Warns rapporterede om et problem i Linux-understøttelsen af - LDM-partitionstabeller. Lokale brugere med fysisk adgang kunne forårsage et - lammelsesangreb (oops) ved at tilføje en storageenhed med en ugyldig - VBLK-værdi i VMDB-strukturen.

    • - -
  • CVE-2011-1017 - -

    Timo Warns rapporterede om et problem i Linux-understøttelsen af - LDM-partitionstabeller. Brugere med fysisk adgang kunne få adgang til - følsom kernehukommelse eller opfå forøgede rettigheder ved at tilføje en - storageenhed med en særligt fabrikeret LDM-partition.

    • - -
  • CVE-2011-1078 - -

    Vasiliy Kulikov opdagede et problem i Bluetooth-undersystemet. Lokale - brugere kunne opnå adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-1079 - -

    Vasiliy Kulikov opdagede et problem i Bluetooth-undersystemet. Lokale - brugere med CAP_NET_ADMIN-muligheden kunne forårsage et lammelsesangreb - (kerne-oops).

    • - -
  • CVE-2011-1080 - -

    Vasiliy Kulikov opdagede et problem i Netfilter-undersystemet. Lokale - brugere kunne opnå adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-1090 - -

    Neil Horman opdagede en hukommelseslækage i setacl()-kaldet på - NFSv4-filsystemer. Lokale brugere kunne udnytte dette til at forårsage et - lammelsesangreb (oops).

    • - -
  • CVE-2011-1093 - -

    Johan Hovold rapporterede om et problem i implementeringen af Datagram - Congestion Control Protocol (DCCP). Fjerne brugere kunne forårsage et - lammelsesangreb ved at sende data efter lukning af en socket.

    • - -
  • CVE-2011-1160 - -

    Peter Huewe rapporterede om et problem i Linux-kernens understøttelse af - TPM-sikkerhedschips. Lokale brugere med rettigheder til at åbne enheden, - kunne opnå adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-1163 - -

    Timo Warns rapporterede om et problem i kerneunderstøttelsen af - diskpartitioner i Alpha OSF-formatet. Brugere med fysisk adgang kunne opnå - adgang til følsom kernehukommelse ved at tilføje en opbevaringsenhed med en - særligt fremstillet OSF-partition.

    • - -
  • CVE-2011-1170 - -

    Vasiliy Kulikov rapporterde om et problem i implementeringen af - Netfilter ARP-tabellen. Lokale brugere med CAP_NET_ADMIN-muligheden kunne - opnå adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-1171 - -

    Vasiliy Kulikov rapporterede om et problem i implementeirngen af - Netfilter IP-tabellen. Lokale brugere med CAP_NET_ADMIN-muligheden kunne - opnå adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-1172 - -

    Vasiliy Kulikov rapporterede om et problem i implememteringen af - Netfilter IPv6-tabellen. Lokale brugere med CAP_NET_ADMIN-muligheden kunne - opnå adgang til følsom kernehukommelse.

    • - -
  • CVE-2011-1173 - -

    Vasiliy Kulikov rapporterede om et problem i implementeringen af Acorn - Econet-protokollen. Lokale brugere kunne opnå adgang til følsom - kernehukommelse på systemer, som anvender denne sjældne hardware.

    • - -
  • CVE-2011-1180 - -

    Dan Rosenberg rapporterede om et bufferoverløb i Information Access - Service i IrDA-protokollen, som anvendes af infrarød-enheder. - Fjernangribere inden for rækkevidde af den infrarøde enhed kunne forårsage - et lammelsesangreb eller muligvis opnå rettighedsforøgelse.

    • - -
  • CVE-2011-1182 - -

    Julien Tinnes rapporterede om et problem i rt_sigqueueinfo-grænsefladen. - Lokale brugere kunne generere signaler med forfalsket kilde-pid- og - uid-oplysninger.

    • - -
  • CVE-2011-1477 - -

    Dan Rosenberg rapporterede om problemer i Open Sound System-driveren - til kort, der indeholder en Yamaha FM-synthesizerchip. Lokale brugere kunne - forårsage hukommelseskorruption, medførende et lammelsesangreb. Problemet - påvirker ikke officielle Debian Linux-imagepakker, da de ikke længere leverer - understøttelse af OSS. Men i skræddersyede kerner opbygget fra Debians - linux-source-2.6.32 kan denne konfiguration været aktiveret og vil derfor - være sårbar.

    • - -
  • CVE-2011-1493 - -

    Dan Rosenburg rapporterede to problemer i Linux-implementeringen af - protokollen Amateur Radio X.25 PLP (Rose). En fjernbruger kunne forårsage - et lammelsesangreb ved at levere særligt fremstillede - facilities-felter.

    • - -
  • CVE-2011-1577 - -

    Timo Warns rapporterede om et problem i Linux-understøttelsen af - GPT-partitionstabeller. Lokale brugere med fysisk adgang kunne forårsage - et lammelsesangreb (oops) ved at tilføje en storageenhed med en ondsindet - partitionstabelheader.

    • - -
  • CVE-2011-1593 - -

    Robert Swiecki rapporterede om et fortegnsproblem i funktionen - next_pidmap(), der kunne udnyttes af lokale brugere til at forårage et - lammelsesangreb.

    • - -
  • CVE-2011-1598 - -

    Dave Jones rapporterede om et problem i protokollen Broadcast Manager - Controller Area Network (CAN/BCM), der måske kunne gøre det muligt for - lokale brugere at forårsage en NULL-pointerdereference, medførende et - lammelsesangreb.

    • - -
  • CVE-2011-1745 - -

    Vasiliy Kulikov rapporterede om et problem i Linux-understøttelsen af - AGP-enheder. Lokale brugere kunne opnå rettighedsforøgelse eller forårsage - lammelsesangreb på grund af manglende grænsekontrol i ioctl'en - AGPIOC_BIND. Som standard i Debian-installeringer er det kun udnytbart af - brugere i gruppen video.

    • - -
  • CVE-2011-1746 - -

    Vasiliy Kulikov rapporterede om et problem i Linux-understøttelsen af - AGP-enheder. Lokale brugere kunne opnå rettighedsforøgelse eller forårsage - lammelsesangreb på grund af manglende grænsekontrol i rutinerne - agp_allocate_memory og agp_create_user_memory. Som standard i - Debian-installeringer er det kun udnytbart af brugere i gruppen - video.

    • - -
  • CVE-2011-1748 - -

    Oliver Kartkopp rapporterede om et problem i raw socket-implementeringen - af Controller Area Network (CAN), hvilket gjorde det muligt for lokale - brugere at forårsage en NULL-pointerdereference, medførende et - lammelsesangreb.

    • - -
  • CVE-2011-1759 - -

    Dan Rosenberg rapporterede om et problem i understøttelsen af udførelse - af old ABI-binære filer på ARM-processorer. Lokale brugere kunne - opnå forøgede rettigheder på grund af utilstrækkelig grænsekontrol i - systemkaldet semtimedop.

    • - -
  • CVE-2011-1767 - -

    Alexecy Dobriyan rapporterede om et problem i implementeringen af GRE - over IP. Fjerne brugere kunne forårsage et lammelsesangreb ved at sende - pakker under modulinitialisering.

    • - -
  • CVE-2011-1768 - -

    Alexecy Dobriyan rapporterede om et problem i implementeringen af - IP-tunneler. Fjerne brugere kunne forårsage et lammelsesangreb ved at sende - en pakke under modulinitialiseringen.

    • - -
  • CVE-2011-1776 - -

    Timo Warns rapporterede om et problem i Linux-implementeringen af - GUID-partitioner. Brugere med fysisk adgang kunne opnå adgang til følsom - kernehukommelse ved at tilføje en opbevaringshed med en særligt fremstillet - ødelagt, ugyldig partitionstabel.

    • - -
  • CVE-2011-2022 - -

    Vasiliy Kulikov rapporterede om et problem i Linux-understøttelsen af - AGP-enheder. Lokale brugere kunne opnå rettighedsforøgelse eller forårsage - lammelsesangreb på grund af manglende grænsekontrol i ioctl'en - AGPIOC_UNBIND. Som standard i Debian-installeringer er det kun udnytbart af - brugere i gruppen video.

    • - -
  • CVE-2011-2182 - -

    Ben Hutchings rapporterede om et problem med rettelsen af - CVE-2011-1017 - (se oven for), som ikke var tilstrækkelig for at løse problemet.

    • - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet i version -2.6.26-26lenny3. Opdateringer til arm og hppa er endnu ikke tilgængelige, men -vil blive udgivet så snart som muligt.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage fordel af opdateringen:

- -
- - -
  Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+26lenny3
- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker. -Disse opdateringer vil ikke træde i kraft før dit system er blevet -genstartet.

- -

Bemærk: Debian holder omhyggeligt rede på alle kendte sikkerhedsproblemer på -tværs af alle linux-kerne-pakker i alle udgivelser med aktiv -sikkerhedsunderstøttelse. Men den store mængde sikkerhedsproblemer af lav -prioritet, der opdages i kernen og ressourcekravene til at foretage en -opdatering, taget i betragtning, vil problemer af lavere sikkerhedsprioritet -typisk ikke blive udgivet til alle kerner på samme tid. I stedet vil de blive -opsamlet og udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2264.data" diff --git a/danish/security/2011/dsa-2265.wml b/danish/security/2011/dsa-2265.wml deleted file mode 100644 index e22a02a6dba..00000000000 --- a/danish/security/2011/dsa-2265.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="36019994be1329108c31718380dc3d62bc84fa98" mindelta="1" -manglende spredning af tainted-flag - -

Mark Martinec opdagede at Perl på ukorrekt vis tømmet tainted-flaget ved -værdier returneret fra case-konverteringsfunktioner så som lc. Hermed -blev der måske blotlagt allerede eksisterende sårbarheder i applikationer, som -anvender disse funktioner ved behandling af inddata, der ikke er tillid til. -På nuværende tidspunkt er der ikke kendskab til sådanne applikationer. Sådanne -applikationer vil holde op med at fungere, når sikkerhedsopdateringen -installeres, da taint-kontroller er designet til at forhindre sådan usikker -anvendelse af data, der ikke er tillid til.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -5.10.0-19lenny4.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -5.10.1-17squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 5.10.1-20.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2265.data" diff --git a/danish/security/2011/dsa-2266.wml b/danish/security/2011/dsa-2266.wml deleted file mode 100644 index c79e5f07608..00000000000 --- a/danish/security/2011/dsa-2266.wml +++ /dev/null @@ -1,57 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i PHP, hvilke kunne føre til lammelsesangreb -(denial of service) eller potentielt udførelse af vilkårlig kode.

- -
    - -
  • CVE-2010-2531 - -

    En informationslækage blev fundet i funktionen var_export().

    • - -
  • CVE-2011-0421 - -

    Zip-modulet kunne gå ned.

    • - -
  • CVE-2011-0708 - -

    Et heltalsoverløb blev fundet i Exif-modulet.

    • - -
  • CVE-2011-1466 - -

    Et heltalsoverløb blev fundet i Calendar-modulet.

    • - -
  • CVE-2011-1471 - -

    Zip-modulet var sårbart over for et lammelsesangreb via misdannede - arkiver.

    • - -
  • CVE-2011-2202 - -

    Stinavne i formularbaseret filupload (RFC 1867) blev valideret på ukorrekt - vis.

    • - -
- -

Denne opdatering retter også to fejl, der ikke behandles som -sikkerhedsproblemer, men ikke desto mindre er rettet, se README.Debian.security -for oplysninger om omfanget af sikkerhedsunderstøttelse i PHP -(CVE-2011-0420, -CVE-2011-1153).

- -

I den gamle stabile distribution (lenny), er disse problemer rettet i -version 5.2.6.dfsg.1-1+lenny12.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 5.3.3-7+squeeze3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.3.6-12.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2266.data" diff --git a/danish/security/2011/dsa-2267.wml b/danish/security/2011/dsa-2267.wml deleted file mode 100644 index 970c25f5596..00000000000 --- a/danish/security/2011/dsa-2267.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="0c51b8ff34c17868bd2f86ac91fef7abc581e1e9" mindelta="1" -omgåelse af begrænsning - -

Man opdagede at Perls Safe-modul - et modul til kompilering og udførelse af -kode i begrænsede compartments - kunne omgås.

- -

Bemærk at denne opdatering betyder, at Petal, en XML-baseret skabelonmaskine -(som leveres med Debian 6.0/Squeeze i pakken libpetal-perl, se -fejl nummer -582805 for flere oplysninger), ikke længere virker. En rettelse er endnu -ikke tilgængelig. Hvis du bruger Petal, så overvej at sætte den foregående -Perl-pakke på hold.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 5.10.0-19lenny5.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 5.10.1-17squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.12.3-1.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2267.data" diff --git a/danish/security/2011/dsa-2268.wml b/danish/security/2011/dsa-2268.wml deleted file mode 100644 index f98185ccfd2..00000000000 --- a/danish/security/2011/dsa-2268.wml +++ /dev/null @@ -1,69 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev fundet i Iceweasel, en webbrowser baseret på -Firefox:

- -
    - -
  • CVE-2011-0083 / -CVE-2011-2363 - -

    regenrecht opdagede to tilfælde af anvendelse efter frigivelse i - SVG-behandlingen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-0085 - -

    regenrecht opdagede et tilfælde af anvendelse efter frigivelse i - XUL-behandlingen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2362 - -

    David Chan opdagede at cookie ikke var isoleret på tilstrækkelig - vis.

    • - -
  • CVE-2011-2371 - -

    Chris Rohlf og Yan Ivnitskiy opdagede et heltalsoverløb i - JavaScript-maskinen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2373 - -

    Martin Barbella opdagede et tilfælde af anvendelse efter frigivelse i - XUL-behandlingen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2374 - -

    Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman og Christian - Biesinger opdagede hukommelseskorruptionsfejl, som måske kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2011-2376 - -

    Luke Wagner og Gary Kwong opdagede hukommelseskorruptionsfejl, som måske - kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.9.0.19-12 af xulrunners kildekodepakke.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.5.16-8.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.5.19-3.

- -

I den eksperimentelle distribution, er dette problem rettet i -version 5.0-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2268.data" diff --git a/danish/security/2011/dsa-2269.wml b/danish/security/2011/dsa-2269.wml deleted file mode 100644 index c6d1b77f732..00000000000 --- a/danish/security/2011/dsa-2269.wml +++ /dev/null @@ -1,66 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev fundet i internetsuiten Iceape, en mærkevarefri udgave -af Seamonkey:

- -
    - -
  • CVE-2011-0083 / -CVE-2011-2363 - -

    regenrecht opdagede to tilfælde af anvendelse efter frigivelse i - SVG-behandlingen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-0085 - -

    regenrecht opdagede et tilfælde af anvendelse efter frigivelse i - XUL-behandlingen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2362 - -

    David Chan opdagede at cookie ikke var isoleret på tilstrækkelig - vis.

    • - -
  • CVE-2011-2371 - -

    Chris Rohlf og Yan Ivnitskiy opdagede et heltalsoverløb i - JavaScript-maskinen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2373 - -

    Martin Barbella opdagede et tilfælde af anvendelse efter frigivelse i - XUL-behandlingen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2374 - -

    Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman og Christian - Biesinger opdagede hukommelseskorruptionsfejl, som måske kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2011-2376 - -

    Luke Wagner og Gary Kwong opdagede hukommelseskorruptionsfejl, som måske - kunne føre til udførelse af vilkårlig kode.

    • - -
- -

Den gamle stabile distribution (lenny) er ikke påvirket. Pakken iceape -leverer kun XPCOM-koden.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.0.11-6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.14-3.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2269.data" diff --git a/danish/security/2011/dsa-2270.wml b/danish/security/2011/dsa-2270.wml deleted file mode 100644 index d58a89dfa37..00000000000 --- a/danish/security/2011/dsa-2270.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="0e685b8a5e12559ae92cf4c9efeccde79f713eef" mindelta="1" -programmeringsfejl - - -

Man opdagede at ukorrekt fornuftighedskontrol af virtio-køkommandoer i KVM, -en løsning til fuldstændig virtualisering på x86-hardware, kunne føre til -lammelsesangreb (denial of service) eller udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (lenny) er ikke påvirket at dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.12.5+dfsg-5+squeeze4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.14.1+dfsg-2.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2270.data" diff --git a/danish/security/2011/dsa-2271.wml b/danish/security/2011/dsa-2271.wml deleted file mode 100644 index ead95d182eb..00000000000 --- a/danish/security/2011/dsa-2271.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="b74c9322e47cd1fbfb667e68d0f96547618d659d" mindelta="1" -ukorrekt delegering af klient-brugeroplysninger - -

Richard Silverman opdagede, at når der blev foretaget GSSAPI-autentifikation, -så udførte libcurl en ubetinget delegering af brugeroplysninger. Dermed fik -serveren en kopi af klientens sikkerhedsbrugeroplysninger, hvilket gjorde det -muligt for serveren at udgive sig for at være klienten over for alt andet, som -anvender den samme GSSAPI-mekanisme. Det er naturligvis en meget følsom -handling, som kan må udføres, når brugeren eksplicitet beder om det.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 7.18.2-8lenny5.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 7.21.0-2.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 7.21.6-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.21.6-2.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2271.data" diff --git a/danish/security/2011/dsa-2272.wml b/danish/security/2011/dsa-2272.wml deleted file mode 100644 index e564e756ded..00000000000 --- a/danish/security/2011/dsa-2272.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c31b56385660b4e84baa093b68c9ff0c34615520" mindelta="1" -lammelsesangreb - -

Man opdagede at BIND, en DNS-server, ikke på korrekt vis behandlede visse -UPDATE-forespørgsler, medførende et servernedbrud og et lammelsesangreb (denial -of service). Sårbarheden påvirker BIND-installationer, selv hvis de faktisk -ikke anvender dynamiske DNS-opdateringer.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1:9.6.ESV.R4+dfsg-0+lenny3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:9.7.3.dfsg-1~squeeze3.

- -

Distributionen testing (wheezy) og den ustabile distribution (sid) vil blive -rettet senere.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2272.data" diff --git a/danish/security/2011/dsa-2273.wml b/danish/security/2011/dsa-2273.wml deleted file mode 100644 index 4e22ea87bc7..00000000000 --- a/danish/security/2011/dsa-2273.wml +++ /dev/null @@ -1,69 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i Icedove, en varemærkefri udgave af -mail-/newsklienten Thunderbird..

- -
    - -
  • CVE-2011-0083 / -CVE-2011-2363 - -

    regenrecht opdagede to tilfælde af anvendelse efter frigivelse i - SVG-behandlingen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-0085 - -

    regenrecht opdagede et tilfælde af anvendelse efter frigivelse i - XUL-behandlingen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2362 - -

    David Chan opdagede at cookie ikke var isoleret på tilstrækkelig - vis.

    • - -
  • CVE-2011-2371 - -

    Chris Rohlf og Yan Ivnitskiy opdagede et heltalsoverløb i - JavaScript-maskinen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2373 - -

    Martin Barbella opdagede et tilfælde af anvendelse efter frigivelse i - XUL-behandlingen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2374 - -

    Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman og Christian - Biesinger opdagede hukommelseskorruptionsfejl, som måske kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2011-2376 - -

    Luke Wagner og Gary Kwong opdagede hukommelseskorruptionsfejl, som måske - kunne føre til udførelse af vilkårlig kode.

    • - -
- -

Som angivet i udgivelsesbemærkningerne til Lenny (oldstable), var det -nødvendigt at lade sikkerhedsunderstøttelsen af Icedove-pakkerne i den gamle -stabile distribution stoppe før ophøret af Lennys regulære livscyklus med -sikkerhedsopdateringer. Du opfordres kraftigt til at opgradere til den -stabile distribution eller skifte til en anden mailklient.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.0.11-1+squeeze3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.1.11-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2273.data" diff --git a/danish/security/2011/dsa-2274.wml b/danish/security/2011/dsa-2274.wml deleted file mode 100644 index bf90fbf7056..00000000000 --- a/danish/security/2011/dsa-2274.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="f4fa346590b50ebf5f54d152430cb9c0bc0d3ccd" mindelta="1" -flere sårbarheder - -

Huzaifa Sidhpurwala, David Maciejak og andre opdagede flere sårbarheder i -X.509if- og DICOM-dissektorerne samt i kode til behandling af capture- og -dictionary-filer, hvilket kunne føre til lammelsesangreb (denial of service) -eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.0.2-3+lenny14.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.2.11-6+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2.17-1

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2274.data" diff --git a/danish/security/2011/dsa-2275.wml b/danish/security/2011/dsa-2275.wml deleted file mode 100644 index f7bb2d115db..00000000000 --- a/danish/security/2011/dsa-2275.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="69878d7ddaa663d85fe89121ea5162b86e8da149" mindelta="1" -stakbaseret bufferoverløb - -

Will Dormann og Jared Allar opdagede at importfilteret til Lotus Word -Pro-filer i OpenOffice.org, en komplet kontorpakke som næsten fuldstændig kan -erstatte Microsoft Office, ikke på korrekt vis håndterede objekt-id'er i -.lwp-filformatet. En angriber kunne udnytte det med en særligt -fremstillet fil og udføre vilkårlig kode med rettighederne hørende til -offeret, som importerer filen.

- -

Den gamle stabile distribution (lenny) er ikke påvirket at dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:3.2.1-11+squeeze3.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -libreoffice version 1:3.3.3-1.

- -

Vi anbefaler at du opgraderer dine openoffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2275.data" diff --git a/danish/security/2011/dsa-2276.wml b/danish/security/2011/dsa-2276.wml deleted file mode 100644 index ec5040efce0..00000000000 --- a/danish/security/2011/dsa-2276.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere lammelsesangreb - -

Paul Belanger rapporterede om en sårbarhed i Asterisk, registreret som -AST-2011-008 -(CVE-2011-2529), -gennem hvilken en uautentificeret fjernangriber kunne få en Asterisk-server til -at gå ned. En pakke indeholdende et NULL-tegn, fik SIP-headerfortolkeren til at -ændre urelaterede hukommelsesstrukturer.

- -

Jared Mauch rapporterede om en sårbarhed i Asterisk, registreret som -AST-2011-009, -gennem hvilken en uautetificeret fjernangriber kunne få en Asterisk-server til -at gå ned. Hvis en bruger sendte en pakke, med en Contact-header med et manglende -mindre end-tegn (<), gik serveren ned. En potentiel omgåelse af problemet, -er at deaktiere chan_sip.

- -

Sårbarheden registeret som -AST-2011-010 -(CVE-2011-2535), -rapporteret om en inddatavalideringsfejl i IAX2-kanaldriver: En uautentifcieret -fjernangriber kunne få Asterisk-serveren til at gå ned, ved at sende en -fabrikeret option control frame.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.4.21.2~dfsg-3+lenny5.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.6.2.9-2+squeeze3.

- -

For the distributionen testing (wheezy), er dette problem rettet i -version 1:1.8.4.3-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.8.4.3-1.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2276.data" diff --git a/danish/security/2011/dsa-2277.wml b/danish/security/2011/dsa-2277.wml deleted file mode 100644 index afbf222bb63..00000000000 --- a/danish/security/2011/dsa-2277.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="46bf6720092b83042138166918649fa269497bc5" mindelta="1" -stakbaseret bufferoverløb - -

Man opdagede at xml-security-c, en implementering af XML Digital Signature -and Encryption-specifikationerne, ikke på korrekt vis håndterede RSA-nøgler med -størrelser på 8192 eller flere bit. Dermed var det muligt for en angriber, at -få applikationer, som anvender denne funktionalitet, til at gå ned eller -potentielt udføre vilkårlig kode, ved at narre en applikation til at verfificere -en signatur oprettet med en tilstrækkelig lang RSA-nøgle.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.4.0-3+lenny3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.5.1-3+squeeze1.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.1-1.

- -

Vi anbefaler at du opgraderer dine xml-security-c-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2277.data" diff --git a/danish/security/2011/dsa-2278.wml b/danish/security/2011/dsa-2278.wml deleted file mode 100644 index 3d8e7bb1e55..00000000000 --- a/danish/security/2011/dsa-2278.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="dd3b19ed687da81a4ce531ab4b56e0ddc0b91a8c" mindelta="1" -flere sårbarheder - -

Man opdagede, at horde3, webapplikationsframeworket horde, var sårbart over -for et angreb i forbindelse med udførelse af skripter på tværs af websteder samt -forespørgselsforfalskning på tværs af websteder.

- -

I den gamle stabile distribution (lenny), er disse problemer rettet i version -3.2.2+debian0-2+lenny3.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.3.8+debian0-2, som allerede blev medtaget i squeeze-udgaven.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 3.3.8+debian0-2.

- -

Vi anbefaler at du opgraderer dine horde3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2278.data" diff --git a/danish/security/2011/dsa-2279.wml b/danish/security/2011/dsa-2279.wml deleted file mode 100644 index 7341c2890f1..00000000000 --- a/danish/security/2011/dsa-2279.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="78bc2a565e951ed011658368c40487ad890c1a73" mindelta="1" -SQL-indsprøjtning - -

Man opdagede, at libapache2-mod-authnz-external, et autentifikationsmodul til -apache, var sårbart over for en SQL-indspøjtning via $user-parameteret.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.2.4-2+squeeze1.

- -

Den gamle stabile distribution (lenny) indeholder ikke -libapache2-mod-authnz-external.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.2.4-2.1.

- -

Vi anbefaler at du opgraderer dine libapache2-mod-authnz-external-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2279.data" diff --git a/danish/security/2011/dsa-2280.wml b/danish/security/2011/dsa-2280.wml deleted file mode 100644 index 8511fa2da10..00000000000 --- a/danish/security/2011/dsa-2280.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Man opdagede at libvirt, et bibliotek beregnet til at interface med -forskellige virtualiseringssystem, var sårbart over for et heltalsoverløb -(\ -CVE-2011-2511). Desuden var den stabile udgave sårbar over for et -lammelsesangreb (denial of service), da dens fejlrapportering ikke var -thread-safe (\ -CVE-2011-1486).

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 0.8.3-5+squeeze2.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.4.6-10+lenny2.

- -

I distributionen testing (wheezy), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.9.2-7).

- -

Vi anbefaler at du opgraderer dine libvirt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2280.data" diff --git a/danish/security/2011/dsa-2281.wml b/danish/security/2011/dsa-2281.wml deleted file mode 100644 index 0b1f0310edf..00000000000 --- a/danish/security/2011/dsa-2281.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Sebastian Krahmer opdagede at opie, et system som gør det let at anvende -engangsadgangskoder i applikationer, var sårbar over for en rettighedsforøgelse -(CVE-2011-2490) -og en forskudt med en-fejl, hvilke kunne føre til udførelse af vilkårlig kode -(CVE-2011-2489). -Adam Zabrocki og Maksymilian Arciemowicz opdagede også en anden forskudt med -en-fejl -(CVE-2010-1938), -der kun påvirker versionen i lenny, da rettelsen allerede er indeholdt i -squeeze.

- -

I den gamle stabile distribution (lenny), er disse problemer rettet i version -2.32-10.2+lenny2.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -2.32.dfsg.1-0.2+squeeze1

- -

Distributionen testing (wheezy) og den ustabile distribution (sid) indeholder -ikke opie.

- -

Vi anbefaler at du opgraderer dine opie-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2281.data" diff --git a/danish/security/2011/dsa-2282.wml b/danish/security/2011/dsa-2282.wml deleted file mode 100644 index 2405e9faa31..00000000000 --- a/danish/security/2011/dsa-2282.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sårbarheder blev fundet i KVM, en løsning til fuldstænding virtualisering -på x86-hardware:

- -
    - -
  • CVE-2011-2212 - -

    Nelson Elhage opdagede et bufferoverløb virtio-undersystemet, hvilket - kunne føre til lammelsesangreb (denial of service) eller - rettighedsforøgelse.

    • - -
  • CVE-2011-2527 - -

    Andrew Griffiths opdagede at grupperettigheder ikke blev smidt væk på - tilstrækkelig vis, når programmet blev startet med valgmuligheden -runas, - medførende en rettighedsforøgelse.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.12.5+dfsg-5+squeeze6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.14.1+dfsg-3.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2282.data" diff --git a/danish/security/2011/dsa-2283.wml b/danish/security/2011/dsa-2283.wml deleted file mode 100644 index 4f1503e9087..00000000000 --- a/danish/security/2011/dsa-2283.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="5f3b498511139678e4933c68b3dd0b1e4b0d1df4" mindelta="1" -programmeringsfejl - -

Tim Zingelmann opdagede, at på grund af et ukorrekt opsætningsskript, -lykkedes det ikke den kerboriserede ftp-server at opsætte den effektive GID på -korrekt vis, hvilket medførte rettighedsforøgelse.

- -

Den gamle stabile distribution (lenny) er ikke påvirket.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.0.1-1.1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine krb5-appl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2283.data" diff --git a/danish/security/2011/dsa-2284.wml b/danish/security/2011/dsa-2284.wml deleted file mode 100644 index c188b779529..00000000000 --- a/danish/security/2011/dsa-2284.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="d537d10d79893435e716586f7d28ca12605e0551" mindelta="1" -implementeringsfejl - -

Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco Kampmann -og Joerg Schwenk opdagede at Shibboleth, et federated single -sign-on-system til web, var sårbar over for XML-signaturwrappingangreb. -Flere oplysninger findes i -Shibboleths -bulletin.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.0-2+lenny3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.3-2+squeeze1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2284.data" diff --git a/danish/security/2011/dsa-2285.wml b/danish/security/2011/dsa-2285.wml deleted file mode 100644 index 93895e9f952..00000000000 --- a/danish/security/2011/dsa-2285.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i mapserver, et CGI-baseret webframework til -udgivelse af spatiale data og interaktive kortapplikationer. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2011-2703 - -

    Flere tilfælde af utilstrækkelig indkapsling af brugerinddata kunne føre - til SQL-indsprøjtningsangreb via OGC-filterencoding (i filtrene WMS, WFS og - SOS).

    • - -
  • CVE-2011-2704 - -

    Manglende længdekontroller i behandling af OGC-filterencoding, der kunne - føre til stakbaseret bufferoverløb og udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet i -version 5.0.3-3+lenny7.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 5.6.5-2+squeeze2.

- -

I distributionen testing (squeeze) og i den ustabile distributions (sid), vil -disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine mapserver-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2285.data" diff --git a/danish/security/2011/dsa-2286.wml b/danish/security/2011/dsa-2286.wml deleted file mode 100644 index b911f2a7091..00000000000 --- a/danish/security/2011/dsa-2286.wml +++ /dev/null @@ -1,54 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i phpMyAdmin, et værktøj til administration af -MySQL via web. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2011-2505 - -

    Mulig sessionsmanipulation i Swekey-autentificering.

    • - -
  • CVE-2011-2506 - -

    Mulig kodeindsprøjtning i setupskript, i fald sessionsvariable er - kompromitterede.

    • - -
  • CVE-2011-2507 - -

    Problem med citering af regulære udtryk i Synchronize-kode.

    • - -
  • CVE-2011-2508 - -

    Muligt mappegennemløb i MIME-typetransformation.

    • - -
  • CVE-2011-2642 - -

    Udførelse af skripter på tværs af websteder i tabel-Print-visning, når en - angriber kan oprette fabrikerede tabelnavne.

    • - -
  • Endnu intet CVE-navn - -

    Mulig manipulation med superglobale og lokale variable i - Swekey-autentificering. (PMASA-2011-12)

    • - -
- -

Den gamle stabile distribution (lenny) er kun påvirket af -\ -CVE-2011-2642, som er rettet i version 2.11.8.1-5+lenny9.

- -

I den stabile distribution (squeeze), er disse problemer rettet -i version 3.3.7-6.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), -er disse problemer rettet i version 3.4.3.2-1.

- -

Vi anbefaler at du opgraderer dine phpmyadmin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2286.data" diff --git a/danish/security/2011/dsa-2287.wml b/danish/security/2011/dsa-2287.wml deleted file mode 100644 index 102b396cbde..00000000000 --- a/danish/security/2011/dsa-2287.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

PNG-biblioteket libpng er påvirket af flere sårbarheder. Den mest kritiske -er registreret som -\ -CVE-2011-2690. Med anvendelse af denne sårbarhed, kunne en angriber -overskrive hukommelse med en vilkårlig mængde data kontrolleret af vedkommende -ved hjælp af et fabrikeret PNG-billede.

- -

De øvrige sårbarheder er mindre kritiske og gav en angriber mulighed for at -forårsage et nedbrud i programmet (lammelsesangreb / denial of service) via et -fabrikeret PNG-billede.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.2.27-2+lenny5. På grund af en teknisk begrænsning i Debians -skripter til arkivhåndtering, kan opdaterede pakker ikke udgives parallelt med -pakker til squezze. De vil snarest blive tilgængelige.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.2.44-1+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2.46-1.

- -

Vi anbefaler at du opgraderer dine libpng-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2287.data" diff --git a/danish/security/2011/dsa-2288.wml b/danish/security/2011/dsa-2288.wml deleted file mode 100644 index 2171e4145d9..00000000000 --- a/danish/security/2011/dsa-2288.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="80638ac331e841121cd880783db8d4a712b7fe1f" mindelta="1" -heltalsoverløb - -

Hossein Lotfi opdagede et heltalsoverløb i libsndfiles kode til fortolkning -af Paris Audio-filer, hvilket potentielt kunne føre til udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.0.17-4+lenny3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.0.21-3+squeeze1

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.0.25-1.

- -

Vi anbefaler at du opgraderer dine libsndfile-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2288.data" diff --git a/danish/security/2011/dsa-2289.wml b/danish/security/2011/dsa-2289.wml deleted file mode 100644 index 36bf2bec5e2..00000000000 --- a/danish/security/2011/dsa-2289.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="908fe187e1f1bf2f1632bf37e1e2db89be1ff1d0" mindelta="1" -flere sårbarheder - -

Flere fjernudnytbare sårbarheder blev opdaget i TYPO3, et framework til -håndtering af webindhold: udførelse af skripter på tværs af websteder, -informationsafsløring, omgåelse af autentificeringsforsinkelse og sletning af -vilkårlige filer. Flere oplysninger findes i TYPO3's sikkerhedsbulletin: -\ -TYPO3-CORE-SA-2011-001.

- -

I den gamle stabile distribution (lenny), er disse problemer rettet i -version 4.2.5-1+lenny8.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 4.3.9+dfsg1-1+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), -er disse problemer rettet i version 4.5.4+dfsg1-1.

- -

Vi anbefaler at du opgraderer dine typo3-src-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2289.data" diff --git a/danish/security/2011/dsa-2290.wml b/danish/security/2011/dsa-2290.wml deleted file mode 100644 index 0a9cea20689..00000000000 --- a/danish/security/2011/dsa-2290.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -udførelse af skripter på tværs af websteder - -

Samba Web Administration Tool (SWAT) indeholdt flere sårbarheder i -forbindelse med forfalskede forespørgsler på tværs af websteder (CRSF) -(\ -CVE-2011-2522) og en sårbarhed i forbindelse med udførelse af skripter på -tværs af websteder -(\ -CVE-2011-2694).

- -

I den gamle stabile distribution (lenny), er disse problemer rettet i -version 2:3.2.5-4lenny15.

- -

I den stabile distribution (squeeze), er disse problemer rettet -i version 2:3.5.6~dfsg-3squeeze5.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), -er disse problemer rettet i version 2:3.5.10~dfsg-1.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2290.data" diff --git a/danish/security/2011/dsa-2291.wml b/danish/security/2011/dsa-2291.wml deleted file mode 100644 index 8d2d6d3e200..00000000000 --- a/danish/security/2011/dsa-2291.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -forskellige sårbarheder - -

Forskellige sårbarheder blev fundet i SquirrelMail, en webmailapplikation. -Projektet Common Vulnerabilities and Exposures har registreret følgende -sårbarheder:

- -
    - -
  • CVE-2010-4554 - -

    SquirrelMail forhindrede ikke siderendering inde i en - tredjeparts-HTML-frame, hvilket gjorde det lettere for fjernangribere at - udføre clickjacking-angreb via et fabrikeret websted.

    • - -
  • CVE-2010-4555, - CVE-2011-2752, - CVE-2011-2753 - -

    Flere små fejl i SquirrelMail gjorde det muligt for en angriber at - indsprøjte ondsindet skript i forskellige sider eller ændre indholdet af - brugerindstillinger.

    • - -
  • CVE-2011-2023 - -

    Det var muligt at indsprøjte vilkårligt webskript eller HTML via et - fabrikeret STYLE-element i en HTML-del af en e-mail.

    • - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet i -version 1.4.15-4+lenny5.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 1.4.21-2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), -er disse problemer rettet i version 1.4.22-1.

- -

Vi anbefaler at du opgraderer dine squirrelmail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2291.data" diff --git a/danish/security/2011/dsa-2292.wml b/danish/security/2011/dsa-2292.wml deleted file mode 100644 index 8d5aa2cded5..00000000000 --- a/danish/security/2011/dsa-2292.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ac94fa8eb3f65938712e862c7c89531b7e209cd6" mindelta="1" -lammelsesangreb - -

David Zych opdagede at ISC DHCP gik ned ved behandling af visse pakker, -hvilket førte til et lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 3.1.1-6+lenny6 a pakken dhcp3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 4.1.1-P1-15+squeeze3 af pakkenisc-dhcp.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine ISC DHCP-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2292.data" diff --git a/danish/security/2011/dsa-2293.wml b/danish/security/2011/dsa-2293.wml deleted file mode 100644 index eee17c00caa..00000000000 --- a/danish/security/2011/dsa-2293.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="3bb439c4f6a860594c7035012487f873f57be5a0" mindelta="1" -bufferoverløb - -

Tomas Hoger fandt et bufferoverløb i X.Org-biblioteket libXfont, hvilket -måske kunne muliggøre en lokal rettighedsforøgelse gennem fabrikerede -skrifttypefiler.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.3.3-2.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.4.1-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.4-1.

- -

Vi anbefaler at du opgraderer dine libxfont-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2293.data" diff --git a/danish/security/2011/dsa-2294.wml b/danish/security/2011/dsa-2294.wml deleted file mode 100644 index 9d05c93f279..00000000000 --- a/danish/security/2011/dsa-2294.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="32f7124997f67f8878eb6bb760879e16a79edefe" mindelta="1" -manglende fornuftighedskontrol af inddata - -

Man opdagede, at manglende fornuftighedskontrol af inddata i Freetypes kode -til at fortolke Type1 kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.3.7-2+lenny6.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.4.2-2.1+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.6-1.

- -

Vi anbefaler at du opgraderer dine freetype-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2294.data" diff --git a/danish/security/2011/dsa-2295.wml b/danish/security/2011/dsa-2295.wml deleted file mode 100644 index bbeac1c48cc..00000000000 --- a/danish/security/2011/dsa-2295.wml +++ /dev/null @@ -1,57 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er fundet i internetsuiten Iceape, en mærkevarefri udgave -af Seamonkey:

- -
    - -
  • CVE-2011-0084 - -

    regenrecht opdagede at ukorrekt pointerhåndtering i - SVG-behandlingskoden kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2378 - -

    regenrecht opdagede at ukorrekt hukommelseshåndtering i - DCM-behandling kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2011-2981 - -

    moz_bug_r_a_4 opdagede en Chrome-rettighedsforøgelsessårbarhed i - eventhåndteringskoden.

    • - -
  • CVE-2011-2982 - -

    Gary Kwong, Igor Bukanov, Nils og Bob Clary opdagede - hukommelseskorruptionsfejl, som måske kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2983 - -

    shutdown opdagede en informationslækage i håndteringen af - RegExp.input.

    • - -
  • CVE-2011-2984 - -

    moz_bug_r_a4 opdagede en - Chrome-rettighedsforøgelsessårbarhed.

    • - -
- -

Den gamle stabile distribution (lenny) er ikke påvirket. Pakken iceape -stiller kun XPCOM-kode til rådighed.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.0.11-7.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.14-5.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2295.data" diff --git a/danish/security/2011/dsa-2296.wml b/danish/security/2011/dsa-2296.wml deleted file mode 100644 index 94e0f92d6ff..00000000000 --- a/danish/security/2011/dsa-2296.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i Iceweasel, en webbrowser baseret på Firefox. -Det medfølgende XULRunner-bibliotek stiller renderingservices til rådighed for -flere andre applikationer indeholdt i Debians distribution.

- -
    - -
  • CVE-2011-0084 - -

    regenrecht opdagede at ukorrekt pointerhåndtering i - SVG-behandlingskoden kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2378 - -

    regenrecht opdagede at ukorrekt hukommelseshåndtering i - DCM-behandling kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2011-2981 - -

    moz_bug_r_a_4 opdagede en Chrome-rettighedsforøgelsessårbarhed i - eventhåndteringskoden.

    • - -
  • CVE-2011-2982 - -

    Gary Kwong, Igor Bukanov, Nils og Bob Clary opdagede - hukommelseskorruptionsfejl, som måske kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2983 - -

    shutdown opdagede en informationslækage i håndteringen af - RegExp.input.

    • - -
  • CVE-2011-2984 - -

    moz_bug_r_a4 opdagede en - Chrome-rettighedsforøgelsessårbarhed.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.9.0.19-13 af xulrunners kildekodepakke.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.5.16-9.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 6.0-1

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2296.data" diff --git a/danish/security/2011/dsa-2297.wml b/danish/security/2011/dsa-2297.wml deleted file mode 100644 index 178361b609f..00000000000 --- a/danish/security/2011/dsa-2297.wml +++ /dev/null @@ -1,60 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i Icedove, en mærkevarefri udgave af -mail-/newsklienten Thunderbird.

- -
    - -
  • CVE-2011-0084 - -

    regenrecht opdagede at ukorrekt pointerhåndtering i - SVG-behandlingskoden kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2378 - -

    regenrecht opdagede at ukorrekt hukommelseshåndtering i - DCM-behandling kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2011-2981 - -

    moz_bug_r_a_4 opdagede en Chrome-rettighedsforøgelsessårbarhed i - eventhåndteringskoden.

    • - -
  • CVE-2011-2982 - -

    Gary Kwong, Igor Bukanov, Nils og Bob Clary opdagede - hukommelseskorruptionsfejl, som måske kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2983 - -

    shutdown opdagede en informationslækage i håndteringen af - RegExp.input.

    • - -
  • CVE-2011-2984 - -

    moz_bug_r_a4 opdagede en - Chrome-rettighedsforøgelsessårbarhed.

    • - -
- -

Som angivet i udgivelsesbemærkningerne til Lenny (oldstable), var det -nødvendigt at lade sikkerhedsunderstøttelsen af Icedove-pakkerne i den gamle -stabile distribution stoppe før ophøret af Lennys regulære livscyklus med -sikkerhedsopdateringer. Du opfordres kraftigt til at opgradere til den -stabile distribution eller skifte til en anden mailklient.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.0.11-1+squeeze4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.1.12-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2297.data" diff --git a/danish/security/2011/dsa-2298.wml b/danish/security/2011/dsa-2298.wml deleted file mode 100644 index fc0c1677888..00000000000 --- a/danish/security/2011/dsa-2298.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb - -

To problemer blev fundet i Apache HTTPD-webserveren:

- -
    - -
  • CVE-2011-3192 - -

    En sårbarhed blev fundet i den måde, som flere overlappende ranges blev -håndteret af Apache HTTPD-serveren. Sårbarheden gjorde det muligt for en -angriber at få Apache HTTPD til at bruge store mængder hukommelse, hvilket -medførte et lammelsesangreb (denial of service).

    • - -
  • CVE-2010-1452 - -

    En sårbarhed blev fundet i mod_dav, som gjorde det muligt for en angriber at -få dæmonen til at gå ned, hvilket forårsagede et lammelsesangreb. Problemet -påvirker kun distributionen Debian 5.0 oldstable/lenny.

    • - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet -i version 2.2.9-10+lenny11.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.2.16-6+squeeze3.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 2.2.19-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.2.19-3.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- -

Opdateringen indeholder også opdaterede apache2-mpm-itk-pakker, som er blevet -genkompileret mod de opdaterede apache2-pakker. Det nye versionsnummer i den -gamle stabile distribution er 2.2.6-02-1+lenny6. I den stabile distribution, -har apache2-mpm-itk det samme versionsnummer som apache2.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2298.data" diff --git a/danish/security/2011/dsa-2299.wml b/danish/security/2011/dsa-2299.wml deleted file mode 100644 index 279b16c4f06..00000000000 --- a/danish/security/2011/dsa-2299.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="9ce7c534d4a34537a2180a032d7d20f820ecdb92" mindelta="1" -kompromitteret certifikatmyndighed - -

Et uautoriseret SSL-certifikat er opdaget som værende i brug, udgivet af -DigiNotar Certificate Authority, og skaffet via et sikkerhedsindbrud i den -pågældende virksomhed. Debian har, i lighed med andre softwaredistibutører, -som en sikkerhedsforanstaltning besluttet som standard at deaktivere DigiNotar -Root CA i sin ca-certificates-samling.

- -

Til anden software i Debian, der leverer en CA-samling, så som -Mozilla-suiten, er der opdateringer på vej.

- -

I den gamle stabile distribution (lenny), indeholder pakken ca-certificates -ikke denne root-CA.

- -

I den stabile distribution (squeeze), er root-CA'en blevet deaktiveret fra -ca-certificates' version 20090814+nmu3.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -root-CA'en blevet deaktiveret fra ca-certificates' version 20110502+nmu1.

- -

Vi anbefaler at du opgraderer dine ca-certificates-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2299.data" diff --git a/danish/security/2011/dsa-2300.wml b/danish/security/2011/dsa-2300.wml deleted file mode 100644 index 18a4bcec2dc..00000000000 --- a/danish/security/2011/dsa-2300.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="4deee97a3fb1766eeeba3bf14e3787bd6cc8dc27" mindelta="1" -kompromitteret certifikatmyndighed - -

Et uautoriseret SSL-certifikat er opdaget som værende i brug, udgivet af -DigiNotar Certificate Authority, og skaffet via et sikkerhedsindbrud i den -pågældende virksomhed. Debian har, i lighed med andre softwaredistibutører, -som en sikkerhedsforanstaltning besluttet som standard at deaktivere DigiNotar -Root CA i NSS-crypto-bibliotekerne.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 3.12.3.1-0lenny6.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.12.8-1+squeeze3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.12.11-2.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2300.data" diff --git a/danish/security/2011/dsa-2301.wml b/danish/security/2011/dsa-2301.wml deleted file mode 100644 index 2d3bf0d7d6f..00000000000 --- a/danish/security/2011/dsa-2301.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Rails, Rubys webapplicationframework. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2009-4214 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (XSS) blev fundet i funktionen strip_tags function. En - angriber kunne måske indsprøjte ikke-skrivbare tegn, som visse browsere - dernæst behandler. Sårbarheden påvirker kun den gamle stabile stabile - distribution (lenny).

    • - -
  • CVE-2011-2930 - -

    En SQL-indsprøjtningssårbarhed blev fundet i metoden quote_table_name, - der kunne gøre det muligt for ondsindede brugere at sprøjte vilkårligt SQL - ind i en forespørgsel.

    • - -
  • CVE-2011-2931 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (XSS) blev fundet i hjælperen strip_tags. En fortolkningsfejl - kunne udnyttes af en angriber, der kan forvirre fortolkeren, og kunne - måske indsprøjte HTML-tags i uddatadokumentet.

    • - -
  • CVE-2011-3186 - -

    En nylinje-indsprøjtningssårbarhed (CRLF) blev fundet i response.rb. - Sårbarhed gjorde det muligt for en angriber at indsprøjte vilkårlige - HTTP-headere og udføre HTTP-svaropsplitningsangreb via - Content-Type-headeren.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.1.0-7+lenny2.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.3.5-1.2+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.3.14.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2301.data" diff --git a/danish/security/2011/dsa-2302.wml b/danish/security/2011/dsa-2302.wml deleted file mode 100644 index 33e9277ac2b..00000000000 --- a/danish/security/2011/dsa-2302.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="fc4cdaea140923e2e7edb6a37345b47df4edf090" mindelta="1" -manglende fornuftighedskontrol af inddata - -

Man opdagede at Bcfg2-server, en server til håndtering af opsætning af -Bcfg2-klienter, ikke på korrekt vis fornuftighedskontrollerede inddata fra -Bcfg2-klienter før de blev leveret til forskellige shellkommandoer. Dermed var -det muligt for en angriber, med kontrol over en Bcfg2-klient, at udføre -vilkårlige kommandoer på serveren med root-rettigheder.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.9.5.7-1.1+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.0.1-3+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 1.1.2-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.2-2.

- -

Vi anbefaler at du opgraderer dine bcfg2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2302.data" diff --git a/danish/security/2011/dsa-2303.wml b/danish/security/2011/dsa-2303.wml deleted file mode 100644 index 45ec147eef5..00000000000 --- a/danish/security/2011/dsa-2303.wml +++ /dev/null @@ -1,145 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/lammelsesangreb/informationslækage - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kan føre til et -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2011-1020 - -

    Kees Cook opdagede et problem i /proc-filsystemet, der gjorde det muligt - for lokale brugere at få adgang til følsomme procesoplysninger efter - udførelse af en setuid-binær fil.

    • - -
  • CVE-2011-1576 - -

    Ryan Sweat opdagede et problem i VLAN-implementeringen. Lokale brugere - kunne måske forårsage en kernehukommelseslækage, medførende et - lammelsesangreb.

    • - -
  • CVE-2011-2484 - -

    Vasiliy Kulikov fra Openwall opdagede at antallet af exit-handlere, som - en proces kan registrere ikke er begrænset, medførende et lokalt - lammelsesangreb via ressourceudmattelse (CPU-tid og hukommelse).

    • - -
  • CVE-2011-2491 - -

    Vasily Averin opdagede et problem med implementeringen af NFS-låsning. - En ondsindet NFS-server kunne få en klient til at hænge i uendelig tid i - et oplåsningskald.

    • - -
  • CVE-2011-2492 - -

    Marek Kroemeke og Filip Palian opdagede at uinitialiserede - struct-elementer i Bluetooth-undersystemet kunne føre til en lækage af - følsom kernehukommelse gennem lækket stakhukommelse.

    • - -
  • CVE-2011-2495 - -

    Vasiliy Kulikov fra Openwall opdagede io-filen hørende til en proces' - proc-mappe var skrivbar for alle, medførende lokal informationsafsløring - af oplysninger så som længder på adgangskoder.

    • - -
  • CVE-2011-2496 - -

    Robert Swiecki opdagede at mremap() kunne misbruges til et lokalt - lammelsesangreb ved at udløse en BUG_ON-assert.

    • - -
  • CVE-2011-2497 - -

    Dan Rosenberg opdagede at heltalsunderløb i Bluetooth-undersystemet, - hvilket kunne føre til lammelsesangreb eller rettighedsforøgelse.

    • - -
  • CVE-2011-2517 - -

    Man opdagede at den netlink-baserede trådløse opsætningsgrænseflade ikke - udførte tilstrækkelig længdevalidering, når SSID'er blev fortolket, - medførende et bufferoverløb. Lokale brugere med CAP_NET_ADMIN-muligheden - kunne forårsage et lammelsesangreb.

    • - -
  • CVE-2011-2525 - -

    Ben Pfaff rapporterede om et problem i netværksschedulingkoden. En lokal - brugere kunne forårsage et lammelsesangreb (NULL-pointerdereference) ved at - sende en særligt fremstillet netlink-meddelelse.

    • - -
  • CVE-2011-2700 - -

    Mauro Carvalho Chehab fra Red Hat rapporteree om et bufferoverløbsproblem - i driveren til Si4713 FM Radio Transmitter, som anvendes af N900-enheder. - Lokale brugere kunne udnytte problemet til at forårsage et lammelsesangreb - eller potentielt få forøgede rettigheder.

    • - -
  • CVE-2011-2723 - -

    Brent Meshier rapporterede om et problem i implementeringen af GRO (generic - receive offload). Det kunne udnyttes af fjernbrugere til at udføre et - lammelsesangreb (systemnedbrud) i visse netværksenhedsopsætninger.

    • - -
  • CVE-2011-2905 - -

    Christian Ohm opdagede at analyseværktøjet perf søger efter sine - opsætningsfiler i den aktuelle arbejdsmappe. Det kunne føre til - lammelsesangreb eller potentielt rettighedsforøgelse, hvis en bruger med - forøgede rettigheder blev narret til at køre perf i en mappe under - angriberens kontrol.

    • - -
  • CVE-2011-2909 - -

    Vasiliy Kulikov fra Openwall opdagede at en programmeringsfejl i - Comedi-driveren kunne føre til informationsafsløring gennem lækket - stakhukommelse.

    • - -
  • CVE-2011-2918 - -

    Vince Weaver opdagede at ukorrekt håndtering af softwareeventoverløb i - analyseværktøjet perf kunne føre til et lokalt - lammelsesangreb.

    • - -
  • CVE-2011-2928 - -

    Timo Warns opdagede at utilstrækkelig validering af Be-filsystemsaftryk - kunne føre til lammelsesangreb, hvis et misdannet filsystemsaftrak blev - mountet.

    • - -
  • CVE-2011-3188 - -

    Dan Kaminsky rapporterede om en svaghed i genereringen af sekvensnumre i - implementeringen af TCP-protokollen. Det kunne anvendes af fjernangribere - til at sprøjte pakker ind i en aktiv session.

    • - -
  • CVE-2011-3191 - -

    Darren Lavender rapporterede om et problem i Common Internet File System - (CIFS). En ondsindet filserver kunne forårsage hukommelseskorruption, - førende til et lammelsesangreb.

    • - -
- -

Denne opdatering indeholder også en rettelse af en regression, som opstod i -forbindelse med den foregående sikkerhedsrettelse af -CVE-2011-1768 -(\ -Debian-fejl nummer 633738). -

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.6.32-35squeeze2. Opdateringer til problemer, der optræder i den gamle -stabile distribution (lenny) vil snart blive gjort tilgængelige.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage nytte af opdateringen:

- -
- - -
  Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+35squeeze2
- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2303.data" diff --git a/danish/security/2011/dsa-2304.wml b/danish/security/2011/dsa-2304.wml deleted file mode 100644 index ab331b7d02a..00000000000 --- a/danish/security/2011/dsa-2304.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="b9eda9f5b50fcd504a4d7e278466cdec38393e10" mindelta="1" -bufferoverløb - -

Ben Hawkes opdagede at Squid 3, en komplet webproxycache (HTTP-proxy), var -sårbar over for et bufferoverløb når der blev behandlet svar fra Gopher-servere. -En angriber kunne udnytte fejlen ved at forbinde sig til en Gopher-server, som -returnerer linjer længere end 4096 bytes. Det kunne medføre -lammelsesangrebstilstande (dæmonnedbrud) eller muligvis udførelse af vilkårlig -kode med rettighederne hørende til squid-dæmonen.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 3.0.STABLE8-3+lenny5.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.1.6-1.2+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 3.1.15-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.1.15-1.

- -

Vi anbefaler at du opgraderer dine squid3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2304.data" diff --git a/danish/security/2011/dsa-2305.wml b/danish/security/2011/dsa-2305.wml deleted file mode 100644 index 949deb15595..00000000000 --- a/danish/security/2011/dsa-2305.wml +++ /dev/null @@ -1,51 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb - -

Der blev opdaget to sikkerhedsproblemer som påvirker vsftpd, en letvægts- -og effektiv ftp-server udviklet med henblik på sikkerhed.

- -
    - -
  • CVE-2011-2189 - -

    Man opdagede at Linux-kerne mindre end 2.6.35 er betragteligt langsommere - til at frigive end at oprette netværksnamespaces. Som en følge heraf, og - fordi vsftpd anvender denne funktionalitet som en sikkerhedsforbedring, for - at netværksisolere forbindelser, var det muligt at forårsage en - lammelsesangrebstilstand (denial of service) som følge af kernens overdrevne - allokering af hukommelse. Rent teknisk er der ikke tale om en fejl i vsftpd, - men om en fejl i kernen. Dog er funktionaliteten anvendelig, men - tilbageførsel af den specifikke kernepatch vil være for indgribende. - Desuden kræver det at en lokal angriber har CAP_SYS_ADMIN-muligheden, for at - funktionaliteten kan misbruges. Derfor, som en rettelse, er der tilføjet et - kerneversionstjek i vsftpd, for at deaktivere funktionaliteten når kernen er - mindre end 2.6.35.

    • - -
  • CVE-2011-0762 - -

    Maksymilian Arciemowicz opdagede at vsftpd håndterede visse glob-udtryk i - STAT-kommandoer på ukorrekt vis. Dermed var det muligt for en - fjernautentificeret angriber at iværksætte lammelsesangreb (overdrevet - CPU-forbrug og processlotudmattelse) via fabrikerede - STAT-kommandoer.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.0.7-1+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.3.2-3+squeeze2. Bemærk at -\ -CVE-2011-2189 ikke påvirker versionen i lenny.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.3.4-1.

- -

Vi anbefaler at du opgraderer dine vsftpd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2305.data" diff --git a/danish/security/2011/dsa-2306.wml b/danish/security/2011/dsa-2306.wml deleted file mode 100644 index e7a497fb7db..00000000000 --- a/danish/security/2011/dsa-2306.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i FFmpeg, en multimedieafspiller, -server og --encoder. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2010-3908 - -

    FFmpeg før 0.5.4 gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (denial of service: hukommelseskorruption og - applikationsnedbrud) eller muligvis udførelse af vilkårlig kode via en - misdannet WMV-fil.

    • - -
  • CVE-2010-4704 - -

    libavcodec/vorbis_dec.c i Vorbis-dekoderen i FFmpeg gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (applikationsnedbrud) via en - fabrikeret Ogg-fil, relateret til funktionen vorbis_floor0_decode.

    • - -
  • CVE-2011-0480 - -

    Flere bufferoverløb i vorbis_dec.c i Vorbis-dekoderen i FFmpeg gjorde det - muligt for fjernangribere at forårsage et lammelsesangreb - (hukommeleseskorruption og applikationsnedbrud) eller muligvis anden - ikke-angivet indvirkning via en fabrikeret WebM-fil, relateret til buffere - til channel floor og channel residue.

    • - -
  • CVE-2011-0722 - -

    FFmpeg gjorde det muligt for fjernangribere at foråsage et lammelsesangreb - (heaphukommelseskorruption og applikationsnedbrud) eller muligvis udførelse - af vilkårlig kode via en misdannet RealMedia-fil.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i -version 4:0.5.4-1.

- -

Sikkerhedsunderstøttelse af ffmpeg er ophørt i den gamle stabile distribution -(lenny). Den aktuelle version i den gamle stabile distribution er ikke længere -understøttet af opstrømsudviklerne, og den er påvirket af flere -sikkerhedsproblemer. Tilbageførelse af rettelserne af disse og eventuelt -fremtidige problemer kan ikke længere betale sig, hvorfor vi er nødt til at -droppe sikkerhedsunderstøttelsen af versionen i den gamle stabile -distribution.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2306.data" diff --git a/danish/security/2011/dsa-2307.wml b/danish/security/2011/dsa-2307.wml deleted file mode 100644 index f5ae7c5cb1c..00000000000 --- a/danish/security/2011/dsa-2307.wml +++ /dev/null @@ -1,51 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i Chromium-browseren. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2011-2818 - -

    Sårbarhed i forbindelse med anvendelse efter frigivelse i Google Chrome - gjorde det muligt for fjernangribere at forårsage et lammelsesangreb (denial - of service) eller muligvis anden ikke-angivet indvirkning via angrebsvinkler - relateret til display box-rendering.

    - -
  • CVE-2011-2800 - -

    Google Chrome gjorde det muligt for fjernangribere at få adgang til - potentielt følsomme oplysninger om klientside-viderestillingsmål via et - fabrikeret websted.

    • - -
  • CVE-2011-2359 - -

    Google Chrome holdt ikke på korrekt vis styr på line boxes under - rendering, hvilket gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb eller muligvis have anden ikke-angivet indvirkning via - ukendte angrebsvinkler, som førte til en stale pointer.

    • - -
- -

Flere uautoriserede SSL-certifikater er opdaget som værende i brug, udgivet -på vegne af DigiNotar Certificate Authority, og opnået gennem et brud på -sikkerheden i den pågældende virksomhed. Denne opdatering sortlister -SSL-certifikater udgivet af DigiNotar-kontrollerede mellemliggende CA'er som -anvendes af det hollandske PKIoverheid-program.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 6.0.472.63~r59945-5+squeeze6.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 13.0.782.220~r99552-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 13.0.782.220~r99552-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2307.data" diff --git a/danish/security/2011/dsa-2308.wml b/danish/security/2011/dsa-2308.wml deleted file mode 100644 index 5d8fc746d30..00000000000 --- a/danish/security/2011/dsa-2308.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="1a5ee68db0219339be082187962d2dce2563d16c" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev fundet i Mantis, et webbaseret fejlsporingssystem: -Utilstrækkelig kontrol af inddata kunne medføre lokal filinkludering og -udførelse af skripter på tværs af websteder.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.1.6+dfsg-2lenny6.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.1.8+dfsg-10squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2.7-1.

- -

Vi anbefaler at du opgraderer dine mantis-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2308.data" diff --git a/danish/security/2011/dsa-2309.wml b/danish/security/2011/dsa-2309.wml deleted file mode 100644 index 65bdae0b4ac..00000000000 --- a/danish/security/2011/dsa-2309.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -kompromitteret certifikatmyndighed - - -

Flere forfalskede SSL-certifikater er opdaget som værende i brug, udgivet af -DigiNotar Certificate Authority, og skaffet via et sikkerhedsindbrud i den -pågældende virksomhed. Efter flere uddybende beskrivelser af hændelsen, er man -kommet frem til at der ikke længere kan stoles på nogen af DigiNotars -signeringscertifikater. Debian har, i lighed med andre softwaredistibutører, -som en sikkerhedsforanstaltning besluttet ikke at stole på nogen af DigiNotars -CA'er. I denne opdatering er det sket i cryptbiblioteket (en komponent i -OpenSSL-toolkittet) ved at markere sådanne certifikater som tilbagetrukne. -Alle applikationer, som anvender den pågældende komponent, skulle nu afvise -certifikater signeret af DigiNotar. Individuelle appliaktioner kan gøre det -muligt for brugerne, at ignorere valideringsfejlen. Det frarådes dog kraftigt -at gøre undtagelser, som i givet fald skal undersøges nøje.

- -

Desuden er der fundet en sårbarhed i ECDHE_ECDS-cipher'en, hvor timede angreb -gjorde det lettere at finde frem til private nøgler. Projektet Common -Vulnerabilities and Exposures har registreret det som -\ -CVE-2011-1945.

- -

I den gamle stabile distribution (lenny), er disse problemer rettet i -version 0.9.8g-15+lenny12.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 0.9.8o-4squeeze2.

- -

I distributionen testing (wheezy), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.0e-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2309.data" diff --git a/danish/security/2011/dsa-2310.wml b/danish/security/2011/dsa-2310.wml deleted file mode 100644 index 26181ddecc7..00000000000 --- a/danish/security/2011/dsa-2310.wml +++ /dev/null @@ -1,143 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/denial of service/information leak - - -

Flere sårbarheder er opdaget i Linux-kernen, som kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service) eller -informationslækage. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2009-4067 - -

    Rafael Dominguez Vega fra MWR InfoSecurity rapporterede om et problem i - auerswald-modulet, en driver til Auerswald PBX/System Telephone USB-enheder. - Angribere med fysisk adgang til et systems USB-porte, kunne opnå forøgede - rettigheder ved hjælp af en til formålet fremstillet USB-enhed.

    • - -
  • CVE-2011-0712 - -

    Rafael Dominguez Vega fra MWR InfoSecurity rapporterede om et problem i - caiaq-modulet, en USB-driver til Native Instruments USB-lydenheder. - Angribere med fysisk adgang til et systems USB-porte, kunne opnå forøgede - rettigheder ved hjælp af en til formålet fremstillet USB-enhed.

    • - -
  • CVE-2011-1020 - -

    Kees Cook opdagede et problem i /proc-filsystemet, der gjorde det muligt - for lokale brugere at få adgang til følsomme procesoplysninger efter - udførelse af en setuid-binær fil.

    • - -
  • CVE-2011-2209 - -

    Dan Rosenberg opdagede et problem i systemkaldet osf_sysinfo() på - alpha-arkitekturen. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2011-2211 - -

    Dan Rosenberg opdagede et problem i systemkaldet osf_wait4() på - alpha-arkitekturen, som gjorde det muligt for lokale brugere at opnå - forøgede rettigheder.

    • - -
  • CVE-2011-2213 - -

    Dan Rosenberg opdagede et problem i INET-socket-overvågningsgrænsefladen. - Lokale brugere kunne forårsage et lammelsesangreb ved at indsprøjte kode, - som fik kernen til at gå i en uendelig løkke.

    • - -
  • CVE-2011-2484 - -

    Vasiliy Kulikov fra Openwall opdagede at antallet af exit-handlere, som - en proces kan registrere ikke er begrænset, medførende et lokalt - lammelsesangreb via ressourceudmattelse (CPU-tid og hukommelse).

    • - -
  • CVE-2011-2491 - -

    Vasily Averin opdagede et problem med implementeringen af NFS-låsning. - En ondsindet NFS-server kunne få en klient til at hænge i uendelig tid i - et oplåsningskald.

    • - -
  • CVE-2011-2492 - -

    Marek Kroemeke og Filip Palian opdagede at uinitialiserede - struct-elementer i Bluetooth-undersystemet kunne føre til en lækage af - følsom kernehukommelse gennem lækket stakhukommelse.

    • - -
  • CVE-2011-2495 - -

    Vasiliy Kulikov fra Openwall opdagede io-filen hørende til en proces' - proc-mappe var skrivbar for alle, medførende lokal informationsafsløring - af oplysninger så som længder på adgangskoder.

    • - -
  • CVE-2011-2496 - -

    Robert Swiecki opdagede at mremap() kunne misbruges til et lokalt - lammelsesangreb ved at udløse en BUG_ON-assert.

    • - -
  • CVE-2011-2497 - -

    Dan Rosenberg opdagede at heltalsunderløb i Bluetooth-undersystemet, - hvilket kunne føre til lammelsesangreb eller rettighedsforøgelse.

    • - -
  • CVE-2011-2525 - -

    Ben Pfaff rapporterede om et problem i netværksschedulingkoden. En lokal - brugere kunne forårsage et lammelsesangreb (NULL-pointerdereference) ved at - sende en særligt fremstillet netlink-meddelelse.

    • - -
  • CVE-2011-2928 - -

    Timo Warns opdagede at utilstrækkelig validering af Be-filsystemsaftryk - kunne føre til lammelsesangreb, hvis et misdannet filsystemsaftrak blev - mountet.

    • - -
  • CVE-2011-3188 - -

    Dan Kaminsky rapporterede om en svaghed i genereringen af sekvensnumre i - implementeringen af TCP-protokollen. Det kunne anvendes af fjernangribere - til at sprøjte pakker ind i en aktiv session.

    • - -
  • CVE-2011-3191 - -

    Darren Lavender rapporterede om et problem i Common Internet File System - (CIFS). En ondsindet filserver kunne forårsage hukommelseskorruption, - førende til et lammelsesangreb.

    • - -
- -

Denne opdatering indeholder også en rettelse af en regression, som opstod i -forbindelse med den foregående sikkerhedsrettelse af -\ -CVE-2011-1768 -(\ -Debian-fejl #633738).

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -2.6.26-26lenny4. Opdateringer til arm og alpha er endnu ikke tilgængelige, men -vil blive frigivet så snart som muligt. Opdateringer itl arkitekturene hppa og -ia64 vil være indeholdt i den kommende 5.0.9-punktopdatering.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage nytte af opdateringen:

- -
- - -
  Debian 5.0 (lenny)
user-mode-linux2.6.26-1um-2+26lenny4
- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker. -Opdateringerne træder først i kraft, når du har genstartet dit system.

- -

Bemærk: Debian holder omhyggeligt rede på alle kendte sikkerhedsproblemer på -tværs af alle linux-kerne-pakker i alle udgivelser med aktiv -sikkerhedsunderstøttelse. Men den store mængde sikkerhedsproblemer af lav -prioritet, der opdages i kernen og ressourcekravene til at foretage en -opdatering, taget i betragtning, vil problemer af lavere sikkerhedsprioritet -typisk ikke blive udgivet til alle kerner på samme tid. I stedet vil de blive -opsamlet og udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2310.data" diff --git a/danish/security/2011/dsa-2311.wml b/danish/security/2011/dsa-2311.wml deleted file mode 100644 index cfa0e827a36..00000000000 --- a/danish/security/2011/dsa-2311.wml +++ /dev/null @@ -1,63 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Java -SE-platformen. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    -
  • CVE-2011-0862 -

    Heltalsoverløbsfejl i JPEG- og skrifttypefolkeren gjorde det muligt for - kode (herunder applets), der ikke er tillid til at forøge sine - rettigheder.

    • - -
  • CVE-2011-0864 -

    Hotspot, just-in-time-kompileren i OpenJDK, fejlhåndterede visse byte - code-instruktioner, hvilket gjorde det muligt for kode (herunder applets), - der ikke er tillid til, at få den virtuelle maskine til at gå ned.

    • - -
  • CVE-2011-0865 -

    En kapløbstilstand i signeret objektdeserialisation kunne gøre det muligt - for kode, der ikke er tillid til, til at ændre signeret indhold, - tilsyneladende med en intakt signatur.

    • - -
  • CVE-2011-0867 -

    Kode (herunder applets), der ikke er tillid til, kunne tilgå oplysninger - om netværksinterfaces, hvilke ikke er meningen skal være offentligt - tilgængelige. (Bemærk at interface-MAC-adressen stadig er tilgængelig for - kode, der ikke er tillid til.)

    • - -
  • CVE-2011-0868 -

    En float til long-konvertering kunne løbe over, medførende at kode - (herunder applets), der ikke er tillid til, kunne få den virtuelle maskine - til at gå ned.

    • - -
  • CVE-2011-0869 -

    Kode (herunder applets), der ikke er tillid til, kunne opsnappe - HTTP-forespørgsler ved at omkonfigurere proxyindstillinger gennem en - SOAP-forbindelse.

    • - -
  • CVE-2011-0871 -

    Kode (herunder applets), der ikke er tillid til, kunne forøge sine - rettigheder gennem Swing MediaTracker-koden.

    • -
- -

Desuden fjerner denne opdatering understøttelse af Zero/Shark- og Cacao -Hotspot-varianterne fra i386 og amd64 på grund af stabilitetsproblemer. Disse -Hotspot-varianter er indeholdt i pakkerne openjdk-6-jre-zero og -icedtea-6-jre-cacao, og skal fjernes i forbindelse med denne opdatering.

- -

I den gamle stabile distribution (lenny), vil disse problemer af tekniske -årsage blive rettet i forbindelse med en særskilt DSA.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -6b18-1.8.9-0.1~squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 6b18-1.8.9-0.1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2311.data" diff --git a/danish/security/2011/dsa-2312.wml b/danish/security/2011/dsa-2312.wml deleted file mode 100644 index 50529db87c5..00000000000 --- a/danish/security/2011/dsa-2312.wml +++ /dev/null @@ -1,54 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er fundet i internetsuiten Iceape, en varemærkefri udgave -af Seamonkey:

- -
    - -
  • CVE-2011-2372 - -

    Mariusz Mlynski opdagede at websteder kunne åbne en downloaddialog, der - har open som sin standardhandling, men en bruger trykkede på - enter-tasten.

    • - -
  • CVE-2011-2995 - -

    Benjamin Smedberg, Bob Clary og Jesse Ruderman opdagede nedbrud i - renderingmaskinen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2998 - -

    Mark Kaplan opdagede et heltalsunderløb i JavaScript-maskinen, hvilket - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2011-2999 - -

    Boris Zbarsky opdagede ukorrekt håndtering af objektet window.location - kunne føre til omgåelse af samme ophav-reglen.

    • - -
  • CVE-2011-3000 - -

    Ian Graham opdagede at flere Location-headere måske kunne føre til en - CRLF-indsprøjtning.

    • - -
- -

Den gamle stabile distribution (lenny) er ikke påvirket. iceape-pakken -indeholder kun XPCOM-koden.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.0.11-8. Opdateringen markerer også de kompromitterede -DigiNotar-rodcertifikater som tilbagetrukne frem for at der ikke er tillid til -dem.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.0.14-8.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2312.data" diff --git a/danish/security/2011/dsa-2313.wml b/danish/security/2011/dsa-2313.wml deleted file mode 100644 index 890ed4a1670..00000000000 --- a/danish/security/2011/dsa-2313.wml +++ /dev/null @@ -1,56 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er fundet i Iceweasel, en webbrowser baseret på -Firefox:

- -
    - -
  • CVE-2011-2372 - -

    Mariusz Mlynski opdagede at websteder kunne åbne en downloaddialog, der - har open som sin standardhandling, men en bruger trykkede på - enter-tasten.

    • - -
  • CVE-2011-2995 - -

    Benjamin Smedberg, Bob Clary og Jesse Ruderman opdagede nedbrud i - renderingmaskinen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2998 - -

    Mark Kaplan opdagede et heltalsunderløb i JavaScript-maskinen, hvilket - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2011-2999 - -

    Boris Zbarsky opdagede ukorrekt håndtering af objektet window.location - kunne føre til omgåelse af samme ophav-reglen.

    • - -
  • CVE-2011-3000 - -

    Ian Graham opdagede at flere Location-headere måske kunne føre til en - CRLF-indsprøjtning.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -1.9.0.19-14 af kildekodepakken xulrunner. Opdateringen markerer også de -kompromitterede DigiNotar-rodcertifikater som tilbagetrukne frem for at der ikke -er tillid til dem.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.5.16-10. Opdateringen markerer også de kompromitterede -DigiNotar-rodcertifikater som tilbagetrukne frem for at der ikke er tillid til -dem.

- -

I den ustabile distribution (sid), er dette problem rettet i version -7.0-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2313.data" diff --git a/danish/security/2011/dsa-2314.wml b/danish/security/2011/dsa-2314.wml deleted file mode 100644 index 9e729f20156..00000000000 --- a/danish/security/2011/dsa-2314.wml +++ /dev/null @@ -1,64 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer er opdaget i puppet, et centraliseret system til -håndtering af opsætninger. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2011-3848 - -

    Kristian Erik Hermansen rapporterede at et uautentificeret mappegenneløb - kunne smide en vilkårlig, gyldig X.509 Certificate Signing Request par et - vilkårlig sted på disken, med rettighederne hørend til applikationen Puppet - Master.

    • - -
  • CVE-2011-3870 - -

    Ricky Zhou opdagede en potentiel lokal rettighedsforøgelse i ressourcen - ssh_authorized_keys og teoretisk i Solaris- og AIX-providere, hvor - filejerskab blev givet væk før den var skrevet, førende til en mulighed for - en bruger, til at overskrive vilkårlige filer som root, hvis dennes - authorized_keys-fil blev håndteret af programmet.

    • - -
  • CVE-2011-3869 - -

    Et forudsigeligt filnavn i k5login-type førte til muligheden for - symlinkangreb, hvilke kunne gøre det muligt for ejeren af home-mappen, at - symlinke til noget vilkårligt på systemet, og erstatte det med filens - korrekte indhold, som kunne føre til en rettighedsforøgelse når - puppet kørte.

    • - -
  • CVE-2011-3871 - -

    En potentiel lokal rettighedsforøgelse blev fundet i puppet - resources --edit-tilstand, på grund af et persistent, forudsigeligt - filnavn, hvilket kunne medføre redigering af en vilkårlig målfil, og dermed - blive narret til at køre denne vilkårlig fil, som den kaldende bruger. - Kommandoen anvendes især som root, dermed førende til en potentiel - rettighedsforøgelse.

    • - -
- -

Desuden stærker denne opdatering indirector file backed terminus -base-klassen mod indsprøjtnignsangreb baseret på stinavne, der er tillid -til.

- -

I den gamle stabile distribution (lenny), vil dette problem snart blive -rettet.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.6.2-5+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -2.7.3-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.7.3-3.

- -

Vi anbefaler at du opgraderer dine puppet-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2314.data" diff --git a/danish/security/2011/dsa-2315.wml b/danish/security/2011/dsa-2315.wml deleted file mode 100644 index 34fd609005f..00000000000 --- a/danish/security/2011/dsa-2315.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="958a1429d12115673c9cd514273d33b6995e4983" mindelta="1" -flere sårbarheder - -

Sikkerhedsefterforsker ved Red Hat, Inc., Huzaifa Sidhpurwala, rapporterede -om flere sårbarheder i funktionen til import af filer i Microsoft Words binære -filer (doc) i OpenOffice.orgs, en komplet kontorpakke, der næsten kan erstatte -Microsoft Office program for program.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1:2.4.1+dfsg-1+lenny12.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:3.2.1-11+squeeze4.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine openoffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2315.data" diff --git a/danish/security/2011/dsa-2316.wml b/danish/security/2011/dsa-2316.wml deleted file mode 100644 index dedfda2e74e..00000000000 --- a/danish/security/2011/dsa-2316.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Riku Hietamaki, Tuomo Untinen og Jukka Taimisto opdagede flere sårbarheder i -Quagga, en dæmon til internetroutning:

- -
    - -
  • CVE-2011-3323 - -

    Et stakbaseret bufferoverløb under dekodning af Link State Update-pakker - med en misdannet Inter Area Prefix-LSA, kunne medføre at ospf6d-processen - gik ned eller (potentielt) udførte vilkårlig kode.

    • - -
  • CVE-2011-3324 - -

    ospf6d-processen kunne gå ned mens en Database Description-pakke med en - fabrikeret Link-State-Advertisement blev behandlet.

    • - -
  • CVE-2011-3325 - -

    ospfd-processen kunne gå ned mens en fabrikeret Hello-pakke blev - behandlet.

    • - -
  • CVE-2011-3326 - -

    ospfd-processen gik ned mens der blev behandlet en - Link-State-Advertisement-pakke af en type, som Quagga ikke kender.

    • - -
  • CVE-2011-3327 - -

    Et heapbaseret bufferoverløb under behandling af BGP UPDATE-meddelelser - indeholdende Extended Communities-stiattribut, kunne medføre at - bgpd-processen gik ned eller (potentielt) udførte vilkårlig kode.

    • - -
- -

De OSPF-relaterede sårbarheder kræver, at potentielle angribere sender pakker -til en sårbar Quagga-router; pakkerne distribueres ikke over OSPF. Derimod kan -BGP UPDATE-meddelelserne videreføres af nogle routers.

- -

I den gamle stabile distribution (lenny), er disse problemer rettet -i version 0.99.10-1lenny6.

- -

I den stabile distribution (squeeze), er disse problemer rettet -i version 0.99.17-2+squeeze3.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er disse problemer rettet i version 0.99.19-1.

- -

Vi anbefaler at du opgraderer dine quagga-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2316.data" diff --git a/danish/security/2011/dsa-2317.wml b/danish/security/2011/dsa-2317.wml deleted file mode 100644 index b93190999c0..00000000000 --- a/danish/security/2011/dsa-2317.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -
    - -
  • CVE-2011-2372 - -

    Mariusz Mlynski opdagede at websteder kunne åbne en downloaddialog, der - har open som sin standardhandling, men en bruger trykkede på - enter-tasten.

    • - -
  • CVE-2011-2995 - -

    Benjamin Smedberg, Bob Clary og Jesse Ruderman opdagede nedbrud i - renderingmaskinen, hvilket kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2011-2998 - -

    Mark Kaplan opdagede et heltalsunderløb i JavaScript-maskinen, hvilket - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2011-2999 - -

    Boris Zbarsky opdagede ukorrekt håndtering af objektet window.location - kunne føre til omgåelse af samme ophav-reglen.

    • - -
  • CVE-2011-3000 - -

    Ian Graham opdagede at flere Location-headere måske kunne føre til en - CRLF-indsprøjtning.

    • - -
- -

Som angivet i udgivelsesbemærkningerne til Lenny (oldstable), var det -nødvendigt at lade sikkerhedsunderstøttelsen af Icedove-pakkerne i den gamle -stabile distribution stoppe før ophøret af Lennys regulære livscyklus med -sikkerhedsopdateringer. Du opfordres kraftigt til at opgradere til den -stabile distribution eller skifte til en anden mailklient.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.0.11-1+squeeze5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.1.15-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2317.data" diff --git a/danish/security/2011/dsa-2318.wml b/danish/security/2011/dsa-2318.wml deleted file mode 100644 index 4eb149a6163..00000000000 --- a/danish/security/2011/dsa-2318.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsrelaterede problemer blev opdaget i cyrus-imapd, et meget -skalerbart mailsystem, designet til brug i større virksomheder. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2011-3208 - -

    Coverity opdagede et stakbaseret bufferoverløb i - NNTP-serverimplementeringen (nttpd) i cyrus-imapd. En angriber kunne - udnytte fejlen via flere fabrikerede NNTP-kommandoer, til at udføre - vilkårlig kode.

    • - -
  • CVE-2011-3372 - -

    Stefan Cornelius fra Secunia Research opdagede at kommandobehandlingen i - NNTP-serverimplementeringen (nttpd) i cyrus-imapd ikke på korrekt vis - implementerede adgangsbegrænsninger til visse komandoer og ikke undersøgte - om der var en komplet, succesrig autentifikaiton. En angriber kunne - benytte fejlen til at omgå visse kommandoers adgangsbegrænsninger og - eksempelvis udnytte - CVE-2011-3208 - uden korrekt autentifikation.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -2.2_2.2.13-14+lenny5.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.2_2.2.13-19+squeeze2.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -cyrus-imapd-2.4 version 2.4.12-1.

- -

Vi anbefaler at du opgraderer dine cyrus-imapd-2.2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2318.data" diff --git a/danish/security/2011/dsa-2319.wml b/danish/security/2011/dsa-2319.wml deleted file mode 100644 index 995e2ed6f0e..00000000000 --- a/danish/security/2011/dsa-2319.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1387312f67ee8c570374bf47fc41a693c881cfda" mindelta="1" -race-tilstand - -

Neel Mehta opdagede en race-tilstand i Policykit, et framework til håndtering -af administrative policies og rettigheder, gjorde det muligt for lokale brugere -at forøge rettigheder ved at udføre et setuid-program fra pkexec.

- -

Den gamle stabile distribution (lenny) indeholder ikke pakken policykit-1.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.96-4+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 0.101-4.

- -

Vi anbefaler at du opgraderer dine policykit-1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2319.data" diff --git a/danish/security/2011/dsa-2320.wml b/danish/security/2011/dsa-2320.wml deleted file mode 100644 index d6cda569a73..00000000000 --- a/danish/security/2011/dsa-2320.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -regressionsrettelse - -

DokuWiki-opdateringen indeholdt i Debian Lenny 5.0.9, med det formål at løse -en sårbarhed i forbindelse med udførelse af skripter på tværs af websteder -(\ -CVE-2011-2510) havde en regression, der gjorde at links til eksterne -websteder ikke virkede. Denne opdatering fjerner regressionen.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -0.0.20080505-4+lenny4.

- -

Vi anbefaler at du opgraderer dine dokuwiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2320.data" diff --git a/danish/security/2011/dsa-2321.wml b/danish/security/2011/dsa-2321.wml deleted file mode 100644 index 5ecf7af760e..00000000000 --- a/danish/security/2011/dsa-2321.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="9e127478c2cfcc2540d1b09eb1262d086be31eee" mindelta="1" -udførelse af skripter på tværs af websteder - -

En sårbarhed i forbindelse med udførelse af skripter på tværs af websteder i -reStructuredText-fortolkeren i Moin, en Python-klon af WikiWiki.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -1.7.1-3+lenny6.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.9.3-1+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.9.3-3.

- -

Vi anbefaler at du opgraderer dine moin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2321.data" diff --git a/danish/security/2011/dsa-2322.wml b/danish/security/2011/dsa-2322.wml deleted file mode 100644 index 496a1beff93..00000000000 --- a/danish/security/2011/dsa-2322.wml +++ /dev/null @@ -1,88 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget Bugzilla, et webbaseret -fejlsporingssystem.

- -
    - -
  • CVE-2010-4572 - -

    Ved at indsætte specifikke strenge i visse URL'er, var det muligt at - indsprøjte både headere og indhold i enhver browser.

    • - -
  • CVE-2010-4567, CVE-2011-0048 - -

    Bugzilla har et URL-felt, der kan indeholde flere former for - URL'er, herunder javascript:- og data:-URL'er. Men - javascript:- og data:-URL'er gøres ikke til klikbare links, for - at beskytte imod angreb i forbindelse med udførelse af skripter på tværs af - websteder og andre angreb. Det var muligt at omgå beskyttelsen ved at tilføje - mellemrum i URL, på steder hvor Bugzilla ikke forventede dem. Desuden blev - javascript:- og data:-links altid vist som - klikbare for brugere, der var logget af.

    • - -
  • CVE-2010-4568 - -

    Det var muligt for en brugere at få uautoriseret adgang til enhver - Bugzilla-konto i løbet af meget kort tid (kort nok til at angrebet var meget - effektivt).

    • - -
  • CVE-2011-0046 - -

    Forskellige sider var sårbar over for Cross-Site Request Forgery-angreb - (forespørgselsforfalskninger på tværs af websteder). De fleste af disse - problemer er ikke så alvorlige som tidligere CSRF-sårbarheder.

    • - -
  • CVE-2011-2978 - -

    Når en bruger ændrer sin e-mail-adresse, stolede Bugzilla på et - brugerredigerbart felt, til at få fat i den aktuelle e-mail-adresse, til at - sende en bekræftelsesmail til. Hvis en angriber havde adgang til en anden - brugers session (eksempelvis hvis den pågældende bruger efterlod sit - browservindue åbent på et offentligt sted), kunne angriberen ændre dette - felt til at få sendt e-mail-ændringsbeskeden sendt til sin egen adresse. - Derved ville brugeren ikke få besked om, at vedkommendes e-mail-adresse - var blevet ændret af angriberen.

    • - -
  • CVE-2011-2381 - -

    Kun vedrørende flagmails kunne vedhæftelsesbeskrivelser indeholdende et - linjeskift føre til indsprøjtning af fabrikerede headere i e-mail-beskeder, - når vedhæftelsesflaget blev redigeret.

    • - -
  • CVE-2011-2379 - -

    Bugzilla anvender en alternativ vært til vedhæftelser, når de vises i - råt format, for at forhindre angreb i forbindelse med udførelse af skripter - på tværs af websteder. Den alternative vært anvendes nu også når man viser - patches i Raw Unified-tilstand, fordi Internet Explorer 8 og ældre, - samt Safari før 5.0.6, foretager indholdssnusning, hvilket kunne føre til - udførelse af ondsindet kode.

    • - -
  • CVE-2011-2380, - CVE-2011-2979 - -

    Normalt er et gruppenavn fortroligt og kun synligt for medlemmer af - gruppen, og for ikke-medlemmer hvis gruppen anvendes i fejl. Ved at - fabrikere en URL, når der oprettelse eller redigeres en fejl, var det muligt - at gætte hvorvidt en gruppe fandtes eller ej, selv ved grupper der ikke blev - anvendt i fejl og således fortsat skulle have været fortrolige.

    • - -
- -

I den gamle stabile distribution (lenny) var det upraktisk at tilbageføre -patches for at rette disse fejl. Brugere af bugzilla på lenny opfordres -kraftigt til at opgradere til versionen distributionen squeeze.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 3.6.2.0-4.4.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), -er bugzilla-pakkerne blevet fjernet.

- -

Vi anbefaler at du opgraderer dine bugzilla-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2322.data" diff --git a/danish/security/2011/dsa-2323.wml b/danish/security/2011/dsa-2323.wml deleted file mode 100644 index 6c7185e5024..00000000000 --- a/danish/security/2011/dsa-2323.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer blev opdaget af Vasiliy Kulikov i radvd, en IPv6 -Router Advertisement-dæmon:

- -
    - -
  • CVE-2011-3602 - -

    Funktionen set_interface_var() kontrollerede ikke interfaccenavnet, som - vælges af en upriviligeret bruger. Det kunne være til overskrivelse af en - vilkårlig fil, hvis angriberen har adgang lokalt, og ellers specifikke - overskrivelser af filer.

    • - -
  • CVE-2011-3604 - -

    Funktionen process_ra() manglede flere kontroller på bufferlængder, - hvilket kunne føre til læsningen af hukommelse uden for stakken, - forårsagende et crash af dæmonen.

    • - -
  • CVE-2011-3605 - -

    Funktionen process_rs() kalder mdelay() (en funktion, der venter i et - specifikt tidsrum) betingelsesløst, når den kører i kun-unicast-tilstand. - Da kaldet opsættes i hovedtråden, betyder det at al forespørgselsbehandling - forsinkes (i tidsrum op til MAX_RA_DELAY_TIME, 500 ms som standard). En - angriber kunne overstrømme dæmonen med router-forespørgsler, med det formål - at fylde inddatakøen op, forårsagende et midlertidigt lammelsesangreb - (behandlingen stoppede under alle mdelay()-kaldene). -
    - Bemærk: Opstrøm og Debian har anycast-tilstand aktiveret som - standard.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -1:1.1-3.1.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:1.6-1.1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -1:1.8-1.2.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:1.8-1.2.

- -

Vi anbefaler at du opgraderer dine radvd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2323.data" diff --git a/danish/security/2011/dsa-2324.wml b/danish/security/2011/dsa-2324.wml deleted file mode 100644 index c7993b0b98b..00000000000 --- a/danish/security/2011/dsa-2324.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="8850254dff0cc45e21ff8723ca81aece5b266ea7" mindelta="1" -programmeringsfejl - -

Microsoft Vulnerability Research Group opdagede at usikker håndtering af -loadstier kunne føre til udførelse af vilkårlig Lua-skriptkode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.0.2-3+lenny15. Denne opbygning vil blive frigivet om kort tid.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.2.11-6+squeeze4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.2-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2324.data" diff --git a/danish/security/2011/dsa-2325.wml b/danish/security/2011/dsa-2325.wml deleted file mode 100644 index cdd73585475..00000000000 --- a/danish/security/2011/dsa-2325.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="42c121cc7f8d2c3b8f5d97a1a50ebe084e8ca2a3" mindelta="1" -rettighedsforøgelse/lammelsesangreb - -

Et bufferoverløb i Linux-emulations-understøttelsen FreeBSD-kernen -gjorde det muligt for lokale brugere at forårsage et lammelsesangreb (panik) og -muligvis udføre vilkårlig kode ved at kalde bind-systemkaldet med en lang sti til -en UNIX-domainsocket, hvilket ikke blev håndteret korrekt, når adressen blev -anvendt af andre uspecificerede systemkald.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 8.1+dfsg-8+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 8.2-9.

- -

Vi anbefaler at du opgraderer dine kfreebsd-8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2325.data" diff --git a/danish/security/2011/dsa-2326.wml b/danish/security/2011/dsa-2326.wml deleted file mode 100644 index 8e9c65bc15b..00000000000 --- a/danish/security/2011/dsa-2326.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="1897b2010fd6a1fac88ee765794ed90da4c2ec76" mindelta="1" -flere sårbarheder - -

Kees Cook fra ChromeOS Security Team opdagede et bufferoverløb i pam_env, et -PAM-modul til opsætning af miljøvariable gennem PAM-stakken, hvilket gjorde det -muligt at udføre vilkårlig kode. Et yderligere problem, i fortolkningen af -parametre, muliggjorde lammelsesangreb (denial of service).

- -

Den gamle stabile distribution (lenny) er ikke påvirket.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.1.1-6.1+squeeze1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet -(påvirkningen i sid er begrænset til lammelsesangreb hvad angår begge -problemer).

- -

Vi anbefaler at du opgraderer dine pam-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2326.data" diff --git a/danish/security/2011/dsa-2327.wml b/danish/security/2011/dsa-2327.wml deleted file mode 100644 index 628d9b36559..00000000000 --- a/danish/security/2011/dsa-2327.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="76531f398a65aad45d7a702276fae753287eccc5" mindelta="1" -autentifikationsomgåelse - -

Ferdinand Smit opdagede at FCGI, et Perl-modul til udvikling af -FastCGI-applikationer, på ukorrektvis genetablerede miljøvariable hørende til -en tidligere forespørgsel (request), i efterfølgende forespørgsler. I nogle -tilfælde kunne det føre til omgåelse af autentifikation eller det der er -værre.

- -

Den gamle stabile distribution (lenny) er ikke påvirket at dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.71-1+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 0.73-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.73-2.

- -

Vi anbefaler at du opgraderer dine libfcgi-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2327.data" diff --git a/danish/security/2011/dsa-2328.wml b/danish/security/2011/dsa-2328.wml deleted file mode 100644 index babc549c3b2..00000000000 --- a/danish/security/2011/dsa-2328.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e8ee60a6a816b3ff95dcf8208650a737c84f5054" mindelta="1" -manglende kontrol af inddata - -

Man opdagede at manglende fornuftighedskontrol af inddata i Freetypes -glyph-håndtering, kunne føre til hukommelseskorruption, medførende et -lammelsesangreb (denial of service) eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.3.7-2+lenny7.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.4.2-2.1+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.7-1.

- -

Vi anbefaler at du opgraderer dine freetype-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2328.data" diff --git a/danish/security/2011/dsa-2329.wml b/danish/security/2011/dsa-2329.wml deleted file mode 100644 index 7f90715e3bf..00000000000 --- a/danish/security/2011/dsa-2329.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="ccbf7bef1262abf56fe7e6b4258129fe0b7065f3" mindelta="1" -bufferoverløb - -

Bartlomiej Balcerek opdagede flere bufferoverløb i TORQUE-server, en -PBS-afledt server til batchbehandling. Dermed var det muligt for en angriber at -få tjenesten til at gå ned eller udføre vilkårlig kode med serverens -rettigheder, via fabrikerede job- eller værtsnavne.

- -

Den gamle stabile distribution (lenny) indeholder ikke torque.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.4.8+dfsg-9squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 2.4.15+dfsg-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.15+dfsg-1.

- -

Vi anbefaler at du opgraderer dine torque-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2329.data" diff --git a/danish/security/2011/dsa-2330.wml b/danish/security/2011/dsa-2330.wml deleted file mode 100644 index 1e66231e36e..00000000000 --- a/danish/security/2011/dsa-2330.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="0874b1325074e4570354db2babfe10e95e6f6e21" mindelta="1" -XML-krypteringssvaghed - -

Der blev fundet problemer i håndteringen af XML-krypteringen i simpleSAMLphp, -en applikation til forenet autentifikation. Følgende to problemer er blevet -løst:

- -

Det var måske muligt, at anvende en SP som et orakel til dekryptering af -krypterede meddelelser sendt til denne SP.

- -

Det var måske muligt, at anvende SP'en som et nøgleorkal, hvilket kunne -anvendes til at forfalske meddeleelser fra denne SP, ved at sende 300000-2000000 -forespørgsler til SP'en.

- -

Den gamle stabile distribution (lenny) indeholder ikke simplesamlphp.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.6.3-2.

- -

Distributionen testing (wheezy) vil snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.8.2-1.

- -

Vi anbefaler at du opgraderer dine simplesamlphp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2330.data" diff --git a/danish/security/2011/dsa-2331.wml b/danish/security/2011/dsa-2331.wml deleted file mode 100644 index 643622b22f0..00000000000 --- a/danish/security/2011/dsa-2331.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

frosty_un opdagede at en designfejl i Tor, et onlineprivatlivsværktøj, -gjorde det muligt for ondsindede relayservere at lære visse oplysninger, som de -ikke skulle være i stand til at lære. Helt specifikt kunne et relay, som en -bruger forbinder sig til direkte, lære hvilke andre relay brugere forbinder sig -til direkte. Kombineret med andre angreb kunne problemet føre til -deanonymisering af brugeren. Projektet Common Vulnerabilities and Exposures har -tildelt \ -CVE-2011-2768 til problemet.

- -

Ud over at rette ovennævnte problemer, retter opdateringerne til den gamle -stabile og stabile distribution en række mindre kritiske problemer -(\ -CVE-2011-2769). Se -\ -indlæg i Tors blog for flere oplysninger.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -0.2.1.31-1~lenny+1. På grund af tekniske begræsninger Debians -arkiveringscripts, kan opdateringen ikke udgives synkront med pakkerne til den -stabile distribution. Den vil blive udgivet om kort tid.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.2.1.31-1.

- -

I den ustabile distribution (sid) og i distributionen testing (wheezy), er -dette problem rettet i version 0.2.2.34-1.

- -

I den eksperimentelle distribution, er problemet rettet i version -0.2.3.6-alpha-1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2331.data" diff --git a/danish/security/2011/dsa-2332.wml b/danish/security/2011/dsa-2332.wml deleted file mode 100644 index 0e28fc3c021..00000000000 --- a/danish/security/2011/dsa-2332.wml +++ /dev/null @@ -1,51 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere problemer - -

Paul McMillan, Mozilla- og Django-coreholdene opdagede flere sårbarheder i -Django, et Python-webframework:

- -
    - -
  • CVE-2011-4136 - -

    Når der anvendes hukommelsesbaserede sessioner og caching, opbevares - Django-sessioner direkte i cachens rootnavnerum. Når brugerdata opbevares i - den samme cache, kunne en fjern bruger måske overtage sessionen.

    • - -
  • CVE-2011-4137, - CVE-2011-4138 - -

    Djangos felttype URLfield kontrollerer som standard leverede URL'er ved at - sende en forespørgsel til dem, som ikke udløber. Et lammelsesangreb (denial - of service) var muligt ved at levere særligt forberedte URL'er, som holder - forbindelsen åben permanent eller opfylder Djangos serverhukommelse.

    • - -
  • CVE-2011-4139 - -

    Django anvendte X-Forwarded-Host-headere til at kontruere komplette URL'er. - Headerne må ikke indeholde inddata, som der er tillid til, og kunne anvendes - til at forgifte cachen.

    • - -
  • CVE-2011-4140 - -

    CSRF-beskyttelsesmekanismen i Django håndterede ikke på korrekt vis - webserveropsætninger, som understøtter vilkårlige HTTP Host-headere, hvilket - gjorde det muligt for fjernangribere at udløse uautoriserede forfalskede - forespørgsler.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -1.0.2-1+lenny3.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.2.3-3+squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 1.3.1-1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2332.data" diff --git a/danish/security/2011/dsa-2333.wml b/danish/security/2011/dsa-2333.wml deleted file mode 100644 index 16c83375730..00000000000 --- a/danish/security/2011/dsa-2333.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sårbarheder er opdaget i phpLDAPadmin, en webbaseret grænseflade til -administration af LDAP-servere. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2011-4074 - -

    Inddata føjet til URL'en i cmd.php (når cmd er opsat til - _debug) blev ikke fornuftighedskontrolleret på korrekt vis før det - blev sendt tilbage til brugeren. Det kunne udnyttes til at udføre - vilkårligt HTML og scriptkode i brugerens browsersession i et påvirket - websteds kontekst.

    • - -
  • CVE-2011-4075 - -

    Inddata overført til orderby-parameteret i cmd.php (når cmd - er sat til query_engine, query er sat til none og - search er sat til fx 1) blev ikke fornuftighedskontrolleret på - korrekt vis i lib/functions.php før den anvendes i et - create_function()-funktionskald. Det kunne udnyttes til at - indsprøjte og udføre vilkårlig PHP-kode.

    • - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet i version -1.1.0.5-6+lenny2.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -1.2.0.5-2+squeeze1.

- -

I distributionen testing (wheezy), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.2.0.5-2.1.

- -

Vi anbefaler at du opgraderer dine phpldapadmin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2333.data" diff --git a/danish/security/2011/dsa-2334.wml b/danish/security/2011/dsa-2334.wml deleted file mode 100644 index 306fe6c7c33..00000000000 --- a/danish/security/2011/dsa-2334.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Mahara, en elektronisk portfolio, -weblog, CV-program:

- -
    - -
  • CVE-2011-2771 - -

    Teemu Vesala opdagede, at manglende fornuftighedskontrol af RSS-feeds - kunne føre til udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2011-2772 - -

    Richard Mansfield opdagede, at utilstrækkelige uploadbegrænsninger - muliggjorde lammelsesangreb (denial of service).

    • - -
  • CVE-2011-2773 - -

    Richard Mansfield opdagede, håndteringen af institutioner var sårbar over - for forespørgselsforfalskninger på tværs af websteder.

    • - -
  • (CVE-ID endnu ikke tilgængelig) - -

    Andrew Nichols opdagede en rettighedsforøgelsessårbarhed i - MNet-håndteringen.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.0.4-4+lenny11.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.2.6-2+squeeze3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.1-1.

- -

Vi anbefaler at du opgraderer dine mahara-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2334.data" diff --git a/danish/security/2011/dsa-2335.wml b/danish/security/2011/dsa-2335.wml deleted file mode 100644 index adb981d19df..00000000000 --- a/danish/security/2011/dsa-2335.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="67e3c544e1bb84dde21f4fe2da0c2c6cdedfa255" mindelta="1" -manglende fornuftighedskontrol af inddata - -

Tim Starling opdagede at den Debian-native CGI-wrapper til man2html, et -program til at konvertere UNIX-mansider til HTML, ikke på korrekt vis escapede -brugerleverede inddata, når der blev vist forskellige fejlmeddelelser. En -fjernangriber kunne udnytte fejlen til at udføre skripter på tværs af websteder -(XSS).

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.6f-3+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.6f+repack-1+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 1.6g-6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6g-6.

- -

Vi anbefaler at du opgraderer dine man2html-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2335.data" diff --git a/danish/security/2011/dsa-2336.wml b/danish/security/2011/dsa-2336.wml deleted file mode 100644 index ffab9100f4f..00000000000 --- a/danish/security/2011/dsa-2336.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev fundet i FFmpeg, en multimedieafspiller, -server og -encoder:

- -
    - -
  • CVE-2011-3362 - -

    En heltalsfortegnfejl i funktionen decode_residual_block i Chinese - AVS-videodekoderen (CAVS) i libavcodec kunne føre til lammelsesangreb - (hukommelseskorruption og applikationsnedbrud) eller muligvis udførelse af - kode via en fabrikeret CAVS-fil.

    • - -
  • CVE-2011-3973/CVE-2011-3974 - -

    Flere fejl i Chinese AVS-videodekoderen (CAVS) kunne føre til - lammelsesangreb (hukommelseskorruption og applikationsnedbrud) via en - ugyldig bitstream.

    • - -
  • CVE-2011-3504 - -

    Et hukommelsesallokeringsproblem i dekoderen til Matroska-formatet kunne - føre til udførelse af kode via en fabrikeret fil.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i -version 4:0.5.5-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4:0.7.2-1 af libav-kildekodepakken.

- -

Sikkerhedsunderstøttelse af ffmpeg er ophørt i den gamle stabile distribution -(lenny) fra DSA 2306. Den aktuelle version i den gamle -stabile distribution er ikke længere understøttet af opstrømsudviklerne, og den -er påvirket af flere sikkerhedsproblemer. Tilbageførelse af rettelserne af -disse og eventuelt fremtidige problemer kan ikke længere betale sig, hvorfor vi -er nødt til at droppe sikkerhedsunderstøttelsen af versionen i den gamle stabile -distribution.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2336.data" diff --git a/danish/security/2011/dsa-2337.wml b/danish/security/2011/dsa-2337.wml deleted file mode 100644 index a9d032357e2..00000000000 --- a/danish/security/2011/dsa-2337.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i den virtuelle maskine-hypervisor Xen.

- -
    - -
  • CVE-2011-1166 - -

    En 64 bit-gæst kunne få en af sine vCPU'er ind i ikke-kerne-tilstand, uden - først at levere en gyldig ikke-kerne-pagetable, hvorved værtssystemet - låste.

    • - -
  • CVE-2011-1583, - CVE-2011-3262 - -

    Lokale brugere kunne forårsage et lammelsesangreb og muligvis udføre - vilkårlig kode via et fabrikeret paravirtualised-gæstekerneimage.

    • - -
  • CVE-2011-1898 - -

    Når PCI-gennemstilling blev anvendt på Intel VT-d-chipset, som ikke har - interruptremapping, kunne brugere af gæstestyresystemet opnå rettigheder på - værtsstyresystemet, ved at skrive til interruptinjectionregistrene.

    • - -
- -

Den gamle stabile distribution (lenny) indeholder en anden version af Xen, -som ikke er påvirket af disse problemer.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 4.0.1-4.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 4.1.1-1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2337.data" diff --git a/danish/security/2011/dsa-2338.wml b/danish/security/2011/dsa-2338.wml deleted file mode 100644 index af20ed7681d..00000000000 --- a/danish/security/2011/dsa-2338.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="490e337717aeeaf1e65c16bf65ff40c2c1e57d0d" mindelta="1" -flere sårbarheder - -

Flere sårbarheder i forbindelse med udførelse af skripter på tværs af -websteder samt informationsafsløringsproblemer er rettet i Moodle, et -kursushåndteringssystem til onlinelæring:

- -
    - -
  • MSA-11-0020 - -

    Fortsætlinks i fejlmeddeleleser kunne føre væk fra webstedet.

    • - -
  • MSA-11-0024 - -

    reCAPTCHA-billeder blev autentificeret fra en ældre server.

    • - -
  • MSA-11-0025 - -

    Gruppenavne i brugeruploadet CSV blev ikke escapet.

    • - -
  • MSA-11-0026 - -

    Felter i en brugeruploadet CSV var ikke escapet.

    • - -
  • MSA-11-0031 - -

    Forms API havde kontastproblemer.

    • - -
  • MSA-11-0032 - -

    MNET SSL-valideringsproblem.

    • - -
  • MSA-11-0036 - -

    Meddelelsesopfriskningssårbarhed.

    • - -
  • MSA-11-0037 - -

    Indsprøjtningssårbarhed i redigering af kursussektion.

    • - -
  • MSA-11-0038 - -

    Styrkelse af beskyttelse med indsprøjtning i database.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.9.9.dfsg2-2.1+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.9.9.dfsg2-4.

- -

Vi anbefaler at du opgraderer dine moodle-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2338.data" diff --git a/danish/security/2011/dsa-2339.wml b/danish/security/2011/dsa-2339.wml deleted file mode 100644 index 3bce62bd349..00000000000 --- a/danish/security/2011/dsa-2339.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Denne opdatering af de kryptografiske NSS-biblioteker tilbagekalder tilliden -til certifikatmyndigheden DigiCert Sdn. Bhd. Flere oplysninger er -tilgængelige i -\ -Mozilla Security Blog.

- -

Opdateringen retter også en usikker loadsti for pkcs11.txt-opsætningsfilen -(\ -CVE-2011-3640).

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 3.12.3.1-0lenny7.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.12.8-1+squeeze4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.13.1.with.ckbi.1.88-1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2339.data" diff --git a/danish/security/2011/dsa-2340.wml b/danish/security/2011/dsa-2340.wml deleted file mode 100644 index 6933f98e0dd..00000000000 --- a/danish/security/2011/dsa-2340.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="9975e97b4d31e86bcc394220db727b8834737dfa" mindelta="1" -svag adgangskodehashing - -

magnum opdagede at blowfish-adgangskodehashingen, som blandt andre anvendes i -PostgreSQL, indeholdt en svaghed, der kunne give adgangskoder med 8-bit-tegn den -samme hash, som svagere tilsvarende koder.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -postgresql-8.3 version 8.3.16-0lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -postgresql-8.4 version 8.4.9-0squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), -er dette problem rettet i postgresql-8.4 version 8.4.9-1, -postgresql-9.0 9.0.5-1 og postgresql-9.1 9.1~rc1-1.

- -

Opdateringerne indeholder også pålidelighedsforbedringer, oprindelig -planlagt til at blive medtaget i den næste punktopdatering; for detaljerede -oplysninger se de respektive changelogs.

- -

Vi anbefaler at du opgraderer dine postgresql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2340.data" diff --git a/danish/security/2011/dsa-2341.wml b/danish/security/2011/dsa-2341.wml deleted file mode 100644 index 05e482a03ac..00000000000 --- a/danish/security/2011/dsa-2341.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Iceweasel, en webbrowser baseret på Firefox. -Det medfølgende XULRunner-bibliotek leverer renderingservices til flere andre -applikationer indeholdt i Debian.

- -
    - -
  • CVE-2011-3647 - -

    moz_bug_r_a4 opdagede en rettighedsforøgelsessårbarhed i - addon-håndteringen.

    • - -
  • CVE-2011-3648 - -

    Yosuke Hasegawa opdagede, at ukorrekt håndtering af Shift-JIS-encoding'er - kunne føre til udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2011-3650 - -

    Marc Schoenefeld opdagede, at profiling af JavaScript-koden kunne føre til - hukommelseskorruption.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.9.0.19-15 af xulrunner-kildekodepakken.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.5.16-11.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 8.0-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2341.data" diff --git a/danish/security/2011/dsa-2342.wml b/danish/security/2011/dsa-2342.wml deleted file mode 100644 index 24fbc45adbe..00000000000 --- a/danish/security/2011/dsa-2342.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er fundet i internetsuiten Iceape, en mærkevarefri udgave -af Seamonkey:

- -
    - -
  • CVE-2011-3647 - -

    moz_bug_r_a4 opdagede en rettighedsforøgelsessårbarhed i - addon-håndteringen.

    • - -
  • CVE-2011-3648 - -

    Yosuke Hasegawa opdagede, at ukorrekt håndtering af Shift-JIS-encoding'er - kunne føre til udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2011-3650 - -

    Marc Schoenefeld opdagede, at profiling af JavaScript-koden kunne føre til - hukommelseskorruption.

    • - -
- -

Den gamle stabile distribution (lenny) er ikke påvirket. iceape-pakken -leverer kun XPCOM-koden.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.0.11-9.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.14-9.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2342.data" diff --git a/danish/security/2011/dsa-2343.wml b/danish/security/2011/dsa-2343.wml deleted file mode 100644 index 039559eb766..00000000000 --- a/danish/security/2011/dsa-2343.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="0da5d1f8eb5ae91d9a97bed2b48399c302ea4d51" mindelta="1" -CA-trust-tilbagekaldelse - -

Flere svage certifikater blev udgivet af den malaysiske CA-formidler -Digicert Sdn. Bhd. Denne begivenhed, sammen med andre problemer, har -ført til at Entrust Inc. og Verizon Cybertrust har tilbagekaldt CA'ens -krydssignerede certifikater.

- -

Denne opdatering til OpenSSL, et Secure Sockets Layer-toolkit, afspejler -beslutningen, ved at markere Digicert Sdn. Bhd.'s certifikater som -tilbagetrukne.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.9.8g-15+lenny14.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.9.8o-4squeeze4.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.0.0e-2.1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2343.data" diff --git a/danish/security/2011/dsa-2344.wml b/danish/security/2011/dsa-2344.wml deleted file mode 100644 index 0cc61e2efc5..00000000000 --- a/danish/security/2011/dsa-2344.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -deserialiseringssårbarhed - -

Man opdagede at Piston-frameworket kunne deserialisere YAML- og Pickle-data, -som der ikke er tillid til, førende til fjernudførelse af kode -(\ -CVE-2011-4103).

- -

Den gamle stabile distribution (lenny) indeholder ikke en -python-django-piston-pakke.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.2.2-1+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er dette problem rettet i version 0.2.2-2.

- -

Vi anbefaler at du opgraderer dine python-django-piston-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2344.data" diff --git a/danish/security/2011/dsa-2345.wml b/danish/security/2011/dsa-2345.wml deleted file mode 100644 index f3ba34f10e5..00000000000 --- a/danish/security/2011/dsa-2345.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Icedove, en mailklient baseret på -Thunderbird.

- -
    - -
  • CVE-2011-3647 -

    JSSubScriptLoader håndterede ikke på korrekt vis XPCNativeWrappers - under kald til loadSubScript-metoden i en add-on, hvilket gjorde det - lettere for fjernangribere at opnå rettigheder via et fabrikeret - websted, der udnytter en bestemt unwrapping-virkemåde.

    • - -
  • CVE-2011-3648 -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (XSS), gjorde det muligt for fjernangribere at indsprøjte - vilkårligt webskript eller HTML via fabrikeret tekst med Shift - JIS-encoding.

    • - -
  • CVE-2011-3650 -

    Iceweasel håndterede ikke på korrekt vis JavaScript-filer, som - indeholder mange funktioner, hvilket gjorde det muligt for - brugerhjulpne fjernangribere at forårsage et lammelsesangreb - (hukommelseskorruption og applikationsnedbrud) eller muligvis have en - ikke-angivet anden virkning via en fabrikeret fil, der tilgås af - debugging-API'erne, som demonstreret af Firebug.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet -i version 3.0.11-1+squeeze6.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er disse problemer rettet i version 3.1.15-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2345.data" diff --git a/danish/security/2011/dsa-2346.wml b/danish/security/2011/dsa-2346.wml deleted file mode 100644 index 7e764f35f29..00000000000 --- a/danish/security/2011/dsa-2346.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i ProFTPD, en ftp-server:

- -
    - -
  • (Ingen CVE-id) - -

    ProFTPD anvendte på ukorrekt vis data fra en ukrypteret inddatabuffer, - efter kryptering var aktiveret med STARTTLS, et problem svarende til - \ - CVE-2011-0411.

    • - -
  • CVE-2011-4130 -

    ProFTPD anvendte en svarpool efter at have frigivet den under særlige - omstændigheder, muligvis førende til fjernudførelse af kode. (Versionen i - lenny er ikke påvirket af dette problem.)

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.3.1-17lenny9.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.3.3a-6squeeze4.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er dette problem rettet i version 1.3.4~rc3-2.

- -

Vi anbefaler at du opgraderer dine proftpd-dfsg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2346.data" diff --git a/danish/security/2011/dsa-2347.wml b/danish/security/2011/dsa-2347.wml deleted file mode 100644 index ffba513c5ed..00000000000 --- a/danish/security/2011/dsa-2347.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="e70852539c5e80b10bd7327d3c5d146358ba0840" mindelta="1" -ukorrekt assert - -

Man opdagede at BIND, en DNS-server, gik ned når den behandlede visse -sekvenser af rekursive DNS-forespørgsler, førende til et lammelsesangreb (denial -of service). Serveropsætninger som kun er autoritative, er ikke påvirket af -det problem.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1:9.6.ESV.R4+dfsg-0+lenny4.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:9.7.3.dfsg-1~squeeze4.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2347.data" diff --git a/danish/security/2011/dsa-2348.wml b/danish/security/2011/dsa-2348.wml deleted file mode 100644 index ad2bf3e0357..00000000000 --- a/danish/security/2011/dsa-2348.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdatet i SystemTap, et instrumenteringssystem til -Linux:

- -
    - -
  • CVE-2011-2503 - -

    Man opdagede, at en kapløbstilstand i staprun kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2010-4170 - -

    Man opdagede, at utilstrækkelig validering af miljøvariable i staprun - kunne føre til rettighedsforøgelse.

    • - -
  • CVE-2010-4171 - -

    Man opdagede, at utilstrækkelig validering af modul-unloading kunne føre - til lammelsesangreb (denial of service).

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.2-5+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6-1.

- -

Vi anbefaler at du opgraderer dine systemtap-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2348.data" diff --git a/danish/security/2011/dsa-2349.wml b/danish/security/2011/dsa-2349.wml deleted file mode 100644 index d4cd4330493..00000000000 --- a/danish/security/2011/dsa-2349.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ada666e573e70128521f4d5ebee7fc7fb932137a" mindelta="1" -flere sårbarheder - -

To sårbarheder er fundet i SPIP, en webstedsmaskine til publicering, hvilket -gjorde det muligt at forøge sine rettigheder til webstedsadministrator samt -udførelse af skripter på tværs af websteder.

- -

Den gamle stabile distribution (lenny) indeholder ikke spip.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.1.1-3squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1.12-1.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2349.data" diff --git a/danish/security/2011/dsa-2350.wml b/danish/security/2011/dsa-2350.wml deleted file mode 100644 index 7adf7c169ba..00000000000 --- a/danish/security/2011/dsa-2350.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="3f468c7cc56d43c1ce1e1f5c7e7e28f953c873f6" mindelta="1" -manglende kontrol af inddata - -

Man opdagede, at manglende fornuftighedskontrol af inddata i Freetypes -håndtering af CID-keyed-skrifttyper kunne føre til udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.3.7-2+lenny8.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.4.2-2.1+squeeze3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.8-1.

- -

Vi anbefaler at du opgraderer dine freetype-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2350.data" diff --git a/danish/security/2011/dsa-2351.wml b/danish/security/2011/dsa-2351.wml deleted file mode 100644 index 56742b02da3..00000000000 --- a/danish/security/2011/dsa-2351.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="37da912a786b4e4000ea9216fd2dbfcc45349e7a" mindelta="1" -bufferoverløb - -

Huzaifa Sidhpurwala opdagede et bufferoverløb i Wiresharks ERF-dissector, -hvilket kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.0.2-3+lenny16.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.2.11-6+squeeze5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.3-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2351.data" diff --git a/danish/security/2011/dsa-2352.wml b/danish/security/2011/dsa-2352.wml deleted file mode 100644 index c9924a9bb6b..00000000000 --- a/danish/security/2011/dsa-2352.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="6dc900c2fd08396ea6039f791035a628e7553114" mindelta="1" -programmeringsfejl - -

Man opdagede at Puppet, en centraliseret løsning til håndtering af -konfigurationer, fejlgenererede certifikater hvis valgmuligheden -certdnsnames blev anvendt. Det kunne føre til manden i midten-angreb. -Flere oplysninger er tilgængelige -Puppets -websted.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.24.5-3+lenny2.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.6.2-5+squeeze3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.7.6-1.

- -

Vi anbefaler at du opgraderer dine puppet-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2352.data" diff --git a/danish/security/2011/dsa-2353.wml b/danish/security/2011/dsa-2353.wml deleted file mode 100644 index 95a58d2d358..00000000000 --- a/danish/security/2011/dsa-2353.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="70a8df5913f6d997968a82242e290084cb1ec85e" mindelta="1" -bufferoverløb - -

David Wheeler opdagede et bufferoverløb i ldns's kode til fortolkning af -RR-poster, hvilket kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.4.0-1+lenny2.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.6.6-2+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.11-1.

- -

Vi anbefaler at du opgraderer dine ldns-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2353.data" diff --git a/danish/security/2011/dsa-2354.wml b/danish/security/2011/dsa-2354.wml deleted file mode 100644 index 7d86dbb2a10..00000000000 --- a/danish/security/2011/dsa-2354.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="ce34faa219b58d22674325aeacf83721d1cc4e9e" mindelta="1" -flere sårbarheder - -

Petr Sklenar og Tomas Hoger opdagede, at manglende fornuftighedskontrol af -inddata i GIF-dekoderen i printsystemet CUPS kunne føre til lammelsesangreb -(denial of service) eller potentielt udførelse af vilkårlig kode gennem -fabrikerede GIF-filer.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.3.8-1+lenny10.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.4.4-7+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distributions (sid), er dette -problem rettet i version 1.5.0-8.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2354.data" diff --git a/danish/security/2011/dsa-2355.wml b/danish/security/2011/dsa-2355.wml deleted file mode 100644 index 154d8584cbd..00000000000 --- a/danish/security/2011/dsa-2355.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f7afc3d24603d216e3b2d4a17d34c0340bdbfaea" mindelta="1" -formatstrengssårbarhed - -

Leo Iannacone og Colin Watson opdagede en formatstrengssårbarhed i Pythons -bindinger til Clearsilver HTML-skabelonsystemet, hvilket måske kunne føre til -lammelsesangreb (denial of service) eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.10.4-1.3+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.10.5-1+squeeze1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine clearsilver-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2355.data" diff --git a/danish/security/2011/dsa-2356.wml b/danish/security/2011/dsa-2356.wml deleted file mode 100644 index ec62bd22e4d..00000000000 --- a/danish/security/2011/dsa-2356.wml +++ /dev/null @@ -1,92 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af -Java-platformen:

- -
    - -
  • CVE-2011-3389 - -

    TLS-implementeringen beskytter ikke korrekt mod visse - chosen-plaintext-angreb, når blokkoder anvendes i - CBC-tilstand.

    • - -
  • CVE-2011-3521 - -

    CORBA-implementeringen indeholdt en deserialisationssårbarhed i - IIOP-implementeringen, hvilket muliggjorde at Java-kode, som der ikke er - tillid til (så som applets) kunne forøge sine rettigheder.

    • - -
  • CVE-2011-3544 - -

    Java-sciptmaskinen manglede de nødvendige sikkerhedsmanagerkontroller, - hvilket gjorde det muligt for Java-kode, der ikke er tillid til (så som - applets) at forøge sine rettigheder.

    • - -
  • CVE-2011-3547 - -

    Metoden skip() i java.io.InputStream anvendte en delt buffer, hvilket - gjorde det muligt for Java-kode, der ikke er tillid til (så som applets), - at tilgå data som springes over af anden kode.

    • - -
  • CVE-2011-3548 - -

    Klassen java.awt.AWTKeyStroke indeholdt en fejl, der gjorde det muligt - for Java-kode, der ikke er tillid til (så som applets), at forøge sine - rettigheder.

    • - -
  • CVE-2011-3551 - -

    Java2D C-koden indeholdt et heltalsoverløb, der medførte et heapbaseret - bufferoverløb, potentielt gørende det muligt for Java-kode, der ikke er - tillid til (så som applets), at forøge sine rettigheder.

    • - -
  • CVE-2011-3552 - -

    Ondsindet Java-kode kunne forbruge en alt for stor mængde UDP-porte, - førende til et lammelsesangreb (denial of service).

    • - -
  • CVE-2011-3553 - -

    JAX-WS muliggjorde som stadard staktraces for visse serversvar, hvorved - der potentielt kunne lækkes følsomme oplysninger.

    • - -
  • CVE-2011-3554 - -

    JAR-filer i pack200-format blev ikke på korrekt vis kontrolleret for - fejl, hvilket potentielt kunne føre til udførelse af vilkårlig kode når - fabrikerede pack200-filer blev udpakket.

    • - -
  • CVE-2011-3556 - -

    RMI Registry-serveren manglede adgangsbegrænsninger i visse metoder, - hvilket gjorde det muligt for en fjern klient at udføre vilkårlig - kode.

    • - -
  • CVE-2011-3557 - -

    RMI Registry-serveren fik ikke begrænset rettighederne på Java-kode, som - der ikke er tillid til, hvilket gjorde det muligt for RMI-klienter at forøge - deres rettigheder på RMI Registry-serveren.

    • - -
  • CVE-2011-3560 - -

    Klassen com.sun.net.ssl.HttpsURLConnection udførte ikke korrekte - sikkerhedsmanagerkontroller i metoden setSSLSocketFactory(), hvilket gjorde - det muligt for Java-kode, der ikke er tillid til, at omgå - sikkerhedspolicyens begrænsninger.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i -version 6b18-1.8.10-0+squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er dette problem rettet i version 6b23~pre11-1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2356.data" diff --git a/danish/security/2011/dsa-2357.wml b/danish/security/2011/dsa-2357.wml deleted file mode 100644 index 5a344a75195..00000000000 --- a/danish/security/2011/dsa-2357.wml +++ /dev/null @@ -1,57 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Jon Larimer fra IBM X-Force Advanced Research opdagede flere sårbarheder i -DVI-backend'en hørende til dokumentfremviseren Evince:

- -
    - -
  • CVE-2010-2640 - -

    Utilstrækkelige array-grænsekontroller i PK-skrifttypefortolkeren kunne - føre til overskrivelse af en funktionspointer, medførende udførelse af - vilkårlig kode.

    • - -
  • CVE-2010-2641 - -

    Utilstrækkelige array-grænsekontroller i VF-skrifttypefortolkeren kunne - føre til overskrivelse af en funktionspointer, medførende udførelse af - vilkårlig kode.

    • - -
  • CVE-2010-2642 - -

    Utilstrækkelige grænsekontroller i AFM-skrifttypefortolkeren, når der - skrives data til en hukommelsesbuffer allokeret på heap'en, kunne føre til - overskrivelse af vilkårlig hukommelse og udførelse af vilkårlig - kode.

    • - -
  • CVE-2010-2643 - -

    Utilstrækkelig kontrol af en integer, anvendt til størrelsen på en - hukommelsesallokering, kunne føre til vilkårlig skrivning uden for den - allokerede range samt forårsage udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.22.2-4~lenny2.

- -

I den stabile distribution (squeeze) er -CVE-2010-2640, -CVE-2010-2641 og -CVE-2010-2643 -rettet i version 2.30.3-2, mens rettelsen af -CVE-2010-2642 -ikke var komplet. Den endelige rettelse findes i version 2.30.3-2+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 3.0.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.0.2-1.

- -

Vi anbefaler at du opgraderer dine evince-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2357.data" diff --git a/danish/security/2011/dsa-2358.wml b/danish/security/2011/dsa-2358.wml deleted file mode 100644 index 33f9f4b3967..00000000000 --- a/danish/security/2011/dsa-2358.wml +++ /dev/null @@ -1,133 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i OpenJDK, en implementering af -Java-platformen. Her kombineres de to foregående bulletiner vedrørende -openjdk-6, DSA-2311-1 og -DSA-2356-1.

- -
    - -
  • CVE-2011-0862 - -

    Heltalsoverløbsfejl i JPEG- og skrifttypefolkeren gjorde det muligt for - kode (herunder applets), der ikke er tillid til at forøge sine - rettigheder.

    • - -
  • CVE-2011-0864 - -

    Hotspot, just-in-time-kompileren i OpenJDK, fejlhåndterede visse byte - code-instruktioner, hvilket gjorde det muligt for kode (herunder applets), - der ikke er tillid til, at få den virtuelle maskine til at gå ned.

    • - -
  • CVE-2011-0865 - -

    En kapløbstilstand i signeret objektdeserialisation kunne gøre det muligt - for kode, der ikke er tillid til, til at ændre signeret indhold, - tilsyneladende med en intakt signatur.

    • - -
  • CVE-2011-0867 - -

    Kode (herunder applets), der ikke er tillid til, kunne tilgå oplysninger - om netværksinterfaces, hvilke ikke er meningen skal være offentligt - tilgængelige. (Bemærk at interface-MAC-adressen stadig er tilgængelig for - kode, der ikke er tillid til.)

    • - -
  • CVE-2011-0868 - -

    En float til long-konvertering kunne løbe over, medførende at kode - (herunder applets), der ikke er tillid til, kunne få den virtuelle maskine - til at gå ned.

    • - -
  • CVE-2011-0869 - -

    Kode (herunder applets), der ikke er tillid til, kunne opsnappe - HTTP-forespørgsler ved at omkonfigurere proxyindstillinger gennem en - SOAP-forbindelse.

    • - -
  • CVE-2011-0871 - -

    Kode (herunder applets), der ikke er tillid til, kunne forøge sine - rettigheder gennem Swing MediaTracker-koden.

    • - -
  • CVE-2011-3389 - -

    TLS-implementeringen beskytter ikke korrekt mod visse - chosen-plaintext-angreb, når blokkoder anvendes i - CBC-tilstand.

    • - -
  • CVE-2011-3521 - -

    CORBA-implementeringen indeholdt en deserialisationssårbarhed i - IIOP-implementeringen, hvilket muliggjorde at Java-kode, som der ikke er - tillid til (så som applets) kunne forøge sine rettigheder.

    • - -
  • CVE-2011-3544 - -

    Java-sciptmaskinen manglede de nødvendige sikkerhedsmanagerkontroller, - hvilket gjorde det muligt for Java-kode, der ikke er tillid til (så som - applets) at forøge sine rettigheder.

    • - -
  • CVE-2011-3547 - -

    Metoden skip() i java.io.InputStream anvendte en delt buffer, hvilket - gjorde det muligt for Java-kode, der ikke er tillid til (så som applets), - at tilgå data som springes over af anden kode.

    • - -
  • CVE-2011-3548 - -

    Klassen java.awt.AWTKeyStroke indeholdt en fejl, der gjorde det muligt - for Java-kode, der ikke er tillid til (så som applets), at forøge sine - rettigheder.

    • - -
  • CVE-2011-3551 - -

    Java2D C-koden indeholdt et heltalsoverløb, der medførte et heapbaseret - bufferoverløb, potentielt gørende det muligt for Java-kode, der ikke er - tillid til (så som applets), at forøge sine rettigheder.

    • - -
  • CVE-2011-3552 - -

    Ondsindet Java-kode kunne forbruge en alt for stor mængde UDP-porte, - førende til et lammelsesangreb (denial of service).

    • - -
  • CVE-2011-3553 - -

    JAX-WS muliggjorde som stadard staktraces for visse serversvar, hvorved - der potentielt kunne lækkes følsomme oplysninger.

    • - -
  • CVE-2011-3554 - -

    JAR-filer i pack200-format blev ikke på korrekt vis kontrolleret for - fejl, hvilket potentielt kunne føre til udførelse af vilkårlig kode når - fabrikerede pack200-filer blev udpakket.

    • - -
  • CVE-2011-3556 - -

    RMI Registry-serveren manglede adgangsbegrænsninger i visse metoder, - hvilket gjorde det muligt for en fjern klient at udføre vilkårlig - kode.

    • - -
  • CVE-2011-3557 - -

    RMI Registry-serveren fik ikke begrænset rettighederne på Java-kode, som - der ikke er tillid til, hvilket gjorde det muligt for RMI-klienter at forøge - deres rettigheder på RMI Registry-serveren.

    • - -
  • CVE-2011-3560 - -

    Klassen com.sun.net.ssl.HttpsURLConnection udførte ikke korrekte - sikkerhedsmanagerkontroller i metoden setSSLSocketFactory(), hvilket gjorde - det muligt for Java-kode, der ikke er tillid til, at omgå - sikkerhedspolicyens begrænsninger.

    • - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet -i version 6b18-1.8.10-0~lenny2.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2358.data" diff --git a/danish/security/2011/dsa-2359.wml b/danish/security/2011/dsa-2359.wml deleted file mode 100644 index e5475626a7f..00000000000 --- a/danish/security/2011/dsa-2359.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="7e7511c8bfc6245c58db2a37ea225d7e857592de" mindelta="1" -EL-indsprøjtning - -

Man opdagede at Mojarra, en implementering af JavaServer Faces, evaluerede -værdier, der ikke er tillid til, som EL-udtryk hvis includeViewParameters var -sat til true.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.0.3-1+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er dette problem rettet i version 2.0.3-2.

- -

Vi anbefaler at du opgraderer dine mojarra-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2359.data" diff --git a/danish/security/2011/dsa-2361.wml b/danish/security/2011/dsa-2361.wml deleted file mode 100644 index d13c5ef050b..00000000000 --- a/danish/security/2011/dsa-2361.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="d132336cbd413ca3976432863ab1c307efa470f4" mindelta="1" -bufferoverløb - -

Man opdagede at ChaSen, et japansk morfologisk analysesystem, indeholdt et -bufferoverløb, potentielt førende til udførelse af vilkårlig kode i programmer, -der anvender biblioteket.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.4.4-2+lenny2.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.4.4-11+squeeze2.

- -

Vi anbefaler at du opgraderer dine chasen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2361.data" diff --git a/danish/security/2011/dsa-2362.wml b/danish/security/2011/dsa-2362.wml deleted file mode 100644 index f055c72ad43..00000000000 --- a/danish/security/2011/dsa-2362.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev fundet i ACPI Daemon, Advanced Configuration and Power -Interface-begivenhedsdæmonen:

- -
    - -
  • CVE-2011-1159 - -

    Vasiliy Kulikov fra OpenWall opdagede, at sockethåndteringen var sårbar - over for lammelsesangreb (denial of service).

    • - -
  • CVE-2011-2777 - -

    Oliver-Tobias Ripka opdagede at ukorrekt proceshåndtering i det - Debian-specifikke skript powerbtn.sh kunne føre til lokal - rettighedsforøgelse. Problemer påvirker ikke den gamle stabile - distribution. Skriptet leveres kun som et eksmpel i - /usr/share/doc/acpid/examples. Se /usr/share/doc/acpid/README.Debian for - flere oplysninger.

    • - -
  • CVE-2011-4578 - -

    Helmut Grohne og Michael Biebl opdagede, at acpid opsatte en umask til 0, - når der udføres skripter, hvilket kunne medføre lokal - rettighedsforøgelse.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.0.8-1lenny4.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:2.0.7-1squeeze3.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine acpid-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2362.data" diff --git a/danish/security/2011/dsa-2363.wml b/danish/security/2011/dsa-2363.wml deleted file mode 100644 index 4803e7b5c21..00000000000 --- a/danish/security/2011/dsa-2363.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="fda7e863a36296ece1a75d0bcc7559db9a6f54a9" mindelta="1" -bufferoverløb - -

Man opdagede at Tor, et online-privatlivsværktøj, på ukorrekt vis beregnede -bufferstørrelser under visse omstændigheder, som involverede SOCKS-forbindelser. -Ondsindede personer kunne anvende det til at forårsage et heapbaseret -bufferoverløb, potentielt muliggørende udførelse af vilkårlig kode.

- -

I Tors standardopsætning kan problemet kun udløses af klienter, som kan -forbinde sig til Tors SOCKS-port, der som standard kun lytter på localhost.

- -

I ikke-standard-opsætninger, hvor Tors SocksPort lytter ikke blot på -localhost eller hvor Tor er opsat til at anvende en anden SOCKS-server til alle -dens udgående forbindelser, var Tor sårbar over for et større antal ondsindede -personer.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -0.2.1.32-1.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.2.2.35-1~squeeze+1.

- -

I den ustabile distribution (sid) og i distributionen testing (wheezy), er -dette problem rettet i version 0.2.2.35-1.

- -

I den eksperimentelle distribution, er dette problem rettet i version -0.2.3.10-alpha-1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- -

Bemærk, at opdateringen til den stabile distribution (squeeze) opdaterer -pakken fra 0.2.1.31 til 0.2.2.35, en ny større udgave af Tor, da opstrøm har -annonceret at 0.2.1.x-træet i den nærmeste fremtid ikke længere vil være -understøttet. Kontroller hvorvidt din Tor kører som forventet efter -opgraderingen.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2363.data" diff --git a/danish/security/2011/dsa-2364.wml b/danish/security/2011/dsa-2364.wml deleted file mode 100644 index cd06d841b56..00000000000 --- a/danish/security/2011/dsa-2364.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="ecd395a52739373b3f6a84eaa225fb2b786da18d" mindelta="1" -ukorrekt rettighedskontrol - -

Debians X-wrapper håndhæver, at X-serveren kun kan startes fra en konsol. -vladz opdagede, at wrapperen kunne omgås.

- -

Den gamle stabile distribution (lenny) er ikke påvirket.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 7.5+8+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:7.6+10.

- -

Vi anbefaler at du opgraderer dine xorg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2364.data" diff --git a/danish/security/2011/dsa-2365.wml b/danish/security/2011/dsa-2365.wml deleted file mode 100644 index c5e3fb664d6..00000000000 --- a/danish/security/2011/dsa-2365.wml +++ /dev/null @@ -1,64 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Ansgar Burchardt, Mike O'Connor og Philipp Kern opdagede flere sårbarheder i -DTC, et webkontrolpanel til administrations- og regnskabshostingservices:

- -
    - -
  • CVE-2011-3195 - -

    En mulig shell-indsættelse er opdaget i håndteringen af - postlister.

    • - -
  • CVE-2011-3196 - -

    Unix-rettighederne for apache2.conf var opsat forkert (læsbar for - alle).

    • - -
  • CVE-2011-3197 - -

    Ukorrekt fornuftighedskontrol af inddata af parameteret - $_SERVER["addrlink"], kunne føre til SQL-indsprøjtning.

    • - -
  • CVE-2011-3198 - -

    DTC anvendte htpasswd's parameter -b, og dermed blev adgangskoden - muligvis blotlagt i klar tekst ved anvendelse af ps eller læsning af - /proc.

    • - -
  • CVE-2011-3199 - -

    En mulig HTML-/JavaScript-indsprøjtningssårbarhed blev fundet i DNS & - MX-afsnittet i brugerpanelet.

    • - -
- -

Opdateringen retter også flere sårbarheder, som ikke er tildelt en CVE-id.:

- -

Man opdagede, at DTC udførte utilstrækkelig fornuftighedskontrol af inddata -i pakkeinstalleringsprogrammet, muligvis førende til en ønsket målmappe til -installerede pakker, hvis nogle DTC-applikationspakker installeres (bemærk at -de ikke er tilgængelige i Debian main).

- -

DTC opsatte /etc/sudoers med lempfældige sudo-rettigheder til chrootuid.

- -

Ukorrekt fornuftighedskontrol af inddata i pakkeinstalleringen kunne føre til -SQL-indsprøjtning.

- -

En ondsindet bruger kunne indtaste et særligt fremstillet supportemne, -førende til en SQL-indsprøjtning i draw_user_admin.php.

- -

I den gamle stabile distribution (lenny), er disse problemer rettet i version -0.29.18-1+lenny2.

- -

Den stabile distribution (squeeze) indeholder ikke.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -0.34.1-1.

- -

Vi anbefaler at du opgraderer dine dtc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2365.data" diff --git a/danish/security/2011/dsa-2366.wml b/danish/security/2011/dsa-2366.wml deleted file mode 100644 index d7510d9268e..00000000000 --- a/danish/security/2011/dsa-2366.wml +++ /dev/null @@ -1,70 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere problemer er opdaget i MediaWiki, en webstedsmaskine til -samarbejdsprojekter.

- -
    - -
  • CVE-2011-1578 - CVE-2011-1587 - -

    Masato Kinugawa opdagede en sårbarhed i forbindelse med udførelse af - skripter på tværs af websteder (XSS), som kun påvirker brugere af Internet - Explorer version 6 og tidligere. Opsætningsændringer af webserveren er - nødvendige, for at løse problemet. Opgradering af MediaWiki er - tilstrækkeligt for personer, der anvender Apache hvor AllowOverride er - aktiveret.

    - -

    For flere oplysninger om de nødvendige opsætningsændringer, se - \ - opstrøms - \ - annonceringer.

    • - -
  • CVE-2011-1579 - -

    Wikipedia-brugeren Suffusion of Yellow opdagede en CSS-valideringsfejl i - wikitext-fortolkeren. Det er et XSS-problem som påvirker brugere af - Internet Explorer, og et problem med mistede private oplysninger i andre - browsere, da det var muligt at indlejre vilkårlige eksterne - billeder.

    • - -
  • CVE-2011-1580 - -

    MediaWiki-udvikler Happy-Melon opdagede at transwiki-importfunktionen - ikke udførte adgangskontroller ved formlarindsendelse. - Transwiki-importfunktionen er som standard deaktiveret. Hvis den er blevet - aktiveret, er det muligt at kopiere wikisider fra en anden wiki, anført i - $wgImportSources. Problemet betyder, at enhver bruger kunne iværksætte en - sådan import.

    • - -
  • CVE-2011-4360 - -

    Alexandre Emsenhuber opdagede et problem, hvor sider titler på private - wikier kunne blotlægges, ved at angive en anden sides id til index.php. Hvis - en bruger ikke har de nødvendige rettigheder, viderestilles vedkommende nu - til Special:BadTitle.

    • - -
  • CVE-2011-4361 - -

    Tim Starling opdagede at action=ajax-forespørgsler blev leveret til den - relevante funktion, uden kontrol af læseadgang blev udført. Det kunne have - ført til datalækager på private wikier.

    • - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet i -version 1:1.12.0-2lenny9.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 1:1.15.5-2squeeze2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:1.15.5-5.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2366.data" diff --git a/danish/security/2011/dsa-2367.wml b/danish/security/2011/dsa-2367.wml deleted file mode 100644 index 1908c6e99e4..00000000000 --- a/danish/security/2011/dsa-2367.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Asterisk, et open source-PBX og -telefonitoolkit:

- -
    - -
  • CVE-2011-4597 - -

    Ben Williams opdagede, at det var muligt at opremse SIP-brugernavne i - nogle opsætninger. Se - \ - opstrøms bulletin for flere oplysninger.

    - -

    Opdateringen ændring kun på opsætningsfilen sample sip.conf. Se - README.Debian for flere oplysninger om at opdatere din installation.

    • - -
  • CVE-2011-4598 - -

    Kristijan Vrban opdagede, at Asterisk kunne bringes til at gå ned pga. - misdannede SIP-pakket, hvis funktionen automon var aktiveret.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1:1.4.21.2~dfsg-3+lenny6.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:1.6.2.9-2+squeeze4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.8.8.0~dfsg-1.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2367.data" diff --git a/danish/security/2011/dsa-2368.wml b/danish/security/2011/dsa-2368.wml deleted file mode 100644 index 5fbf0713766..00000000000 --- a/danish/security/2011/dsa-2368.wml +++ /dev/null @@ -1,48 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i lighttpd, en lille og hurtig webserver med -minimalt hukommelsesforbrug.

- -
    - -
  • CVE-2011-4362 - -

    Xi Wang opdagede, at base64-dekodningsrutinen, der anvendes til at dekode - brugerinddata under en HTTP-autentificering, var ramt af et fortegnsproblem - når brugerinddata blev behandlet. Som følge heraf var det muligt at tvinge - lighttpd til at læse uden for grænserne, medførende - lammelsesangrebstilstande (denial of service).

    • - -
  • CVE-2011-3389 - -

    Når der på en virtuel host med aktiveret SSL, blev anvendt CBC-koder til - at kommunikere med visse klienter, gjorde et såkaldt BEAST-angreb det - muligt for manden i midten-angribere at få adgang til HTTP-trafik i ren - tekst via et blokvist chosen-boundary-angreb (BCBA) på en HTTPS-session. - Teknisk er det ikke en lighttpd-sårbarhed, men lighttpd tilbyder en omgåelse - for at mindske omfanget af problemet, ved at gøre det muligt at dektivere - CBC-koder.

    - -

    Opdateringen indeholder som standard denne indstilling. Det anbefales - Systemadministratorer at læse NEWS-filen hørende til denne opdatering (det - ældre klienter kan holde op med at virke).

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.4.19-5+lenny3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.4.28-2+squeeze1.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.30-1.

- -

Vi anbefaler at du opgraderer dine lighttpd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2368.data" diff --git a/danish/security/2011/dsa-2369.wml b/danish/security/2011/dsa-2369.wml deleted file mode 100644 index 93c582c07e0..00000000000 --- a/danish/security/2011/dsa-2369.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="638f772e4005b633863222746372aa69406c9d4e" mindelta="1" -utilstrækkelig fornuftighedskontrol af inddata - -

Man opdagede, at libsoup, et HTTP-bibliotek implementeret i C, ikke på -korrekt vis udførte fornuftighedskontrol af inddata, når der blev behandlet -forespørgsler til SoupServer. En fjernangriber kunne udnytte fejlen til at -tilgå systemfiler via et mappegennemløbsangreb.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.4.1-2+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.30.2-1+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 2.34.3-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.34.3-1.

- -

Vi anbefaler at du opgraderer dine libsoup2.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2369.data" diff --git a/danish/security/2011/dsa-2370.wml b/danish/security/2011/dsa-2370.wml deleted file mode 100644 index 199820cc0e1..00000000000 --- a/danish/security/2011/dsa-2370.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Man opdagede, at Unbound, en rekursiv DNS-opløser, gik ned ved behandling af -visse misdannede DNS-svar fra autoritative DNS-servere, førende til -lammelsesangreb (denial of service).

- -
    - -
  • CVE-2011-4528 - -

    Unbound forsøgte at frigive ikke-allokeret hukommelse under behandling af - duplikerede CNAME-poster i en signed zone.

    • - -
  • CVE-2011-4869 - -

    Unbound behandlede ikke på korrekt vis misdannede svar, som mangler de - forventede NSEC3-poster.

    • - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet i -version 1.4.6-1~lenny2.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 1.4.6-1+squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er disse problemer rettet i version 1.4.14-1.

- -

Vi anbefaler at du opgraderer dine unbound-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2370.data" diff --git a/danish/security/2011/dsa-2371.wml b/danish/security/2011/dsa-2371.wml deleted file mode 100644 index 7d169c7c770..00000000000 --- a/danish/security/2011/dsa-2371.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b4aa0e989d7f7dbf75904dd5f49d11873ad01ef5" mindelta="1" -bufferoverløb - -

To bufferoverløb blev opdaget i JasPer, et bibliotek til håndtering af -JPEG-2000-billeder, hvilket kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (lenny), vil problemet blive rettet i -version 1.900.1-5.1+lenny2. På grund af tekniske begrænsninger i Debians -arkivprogrammel, kan den opdateringen af den gamle stabile version ikke udgives -synkront med den stabile opdatering.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.900.1-7+squeeze1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine jasper-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2371.data" diff --git a/danish/security/2011/dsa-2372.wml b/danish/security/2011/dsa-2372.wml deleted file mode 100644 index 9d55a592c42..00000000000 --- a/danish/security/2011/dsa-2372.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b08cb6e1a9570984946e750f624add35987922c1" mindelta="1" -bufferoverløb - -

Man opdagede, at Kerberos-understøttelsen i telnetd indeholdt et -præautentifikationsbufferoverløb, hvilket måske kunne gøre det muligt for -fjernangribere, der kan forbinde sig til TELNET, at udføre vilkårlig kode -med root-rettigheder.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.2.dfsg.1-2.1+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.4.0~git20100726.dfsg.1-2+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine heimdal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2372.data" diff --git a/danish/security/2011/dsa-2373.wml b/danish/security/2011/dsa-2373.wml deleted file mode 100644 index 6518f2923bf..00000000000 --- a/danish/security/2011/dsa-2373.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b08cb6e1a9570984946e750f624add35987922c1" mindelta="1" -bufferoverløb - -

Man opdagede, at Kerberos-understøttelsen i telnetd indeholdt et -præautentifikationsbufferoverløb, hvilket måske kunne gøre det muligt for -fjernangribere, der kan forbinde sig til TELNET, at udføre vilkårlig kode med -root-rettigheder.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2:1.5.dfsg.1-9+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2:1.6-3.1+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine inetutils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2373.data" diff --git a/danish/security/2011/dsa-2374.wml b/danish/security/2011/dsa-2374.wml deleted file mode 100644 index 32f919e829d..00000000000 --- a/danish/security/2011/dsa-2374.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="5a5bfd66af5af5d266719f9db1a0f3ab7485da15" mindelta="1" -implementeringsfejl - -

Informationssikkerhedsgruppen ved ETH Zürich opdagede en -lammelsesangrebssårbarhed (denial of service) i crypto-helper-handleren i -IKE daemon pluto. Flere oplysninger findes i -\ -opstrøms bulletin.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1:2.4.12+dfsg-1.3+lenny4.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:2.6.28+dfsg-5+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:2.6.37-1.

- -

Vi anbefaler at du opgraderer dine openswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2374.data" diff --git a/danish/security/2011/dsa-2375.wml b/danish/security/2011/dsa-2375.wml deleted file mode 100644 index 715773a4818..00000000000 --- a/danish/security/2011/dsa-2375.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c22815846fe17ffc835124ceed29f9af6b38acc6" mindelta="1" -bufferoverløb - -

Man opdagede, at krypteringsunderstøttelsen i BSD telnetd indeholdt et -præautentifikationsbufferoverløb, hvilket måske kunne gøre det muligt for -fjernangribere, der kan finderbinde sig til Telnet-porten, at udføre vilkårlig -kode med root-rettigheder.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.6.dfsg.4~beta1-5lenny7 af pakken krb5.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:1.0.1-1.2 af pakken krb5-appl.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine krb5- og krb5-appl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2375.data" diff --git a/danish/security/2011/dsa-2376.wml b/danish/security/2011/dsa-2376.wml deleted file mode 100644 index b6ab77e0885..00000000000 --- a/danish/security/2011/dsa-2376.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="1d55958b60d7cd05467c146ddfd7ff466991945d" mindelta="1" -usikker PID-fil - -

Man opdagede, at OpenIPMI, Intelligent Platform Management Interface-bibliotek -og -værktøjer, anvendte en for åbne rettigheder til sin PID-fil, hvilket gjorde -det muligt for lokale brugere, at slå vilkårlige processer ihjel ved at skrive til -denne fil.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -1.8.9-2+squeeze1. (Selv om versionsnummeret indeholder teksten squeeze, er -det faktisk en opdatering af lenny.)

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.8.11-2+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.8.11-5.

- -

Vi anbefaler at du opgraderer dine ipmitool-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2011/dsa-2376.data" diff --git a/danish/security/2011/index.wml b/danish/security/2011/index.wml deleted file mode 100644 index d710b6d4849..00000000000 --- a/danish/security/2011/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2011 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2011', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2012/Makefile b/danish/security/2012/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2012/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2012/dsa-2377.wml b/danish/security/2012/dsa-2377.wml deleted file mode 100644 index 7ed73c2f200..00000000000 --- a/danish/security/2012/dsa-2377.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="95ab1fc0ecde0f3b07977de9d2fb7e2e1cfb2c36" mindelta="1" -NULL-pointerdereference - -

Man opdagede at cyrus-imapd, et meget skarlerbart mailsystem beregnet til -brug i store virksomheder, ikke på korrekt vis fortolkede mailheadere når en -klient anvendte IMAP-threading-funktionaliteten. Som følge heraf blev en -NULL-pointer derefereret, hvilket fik dæmonen til at gå ned. En angriber kunne -udløse det ved at sende en mail indeholdende fabrikerede referenceheadere og -tilgå mailen med en klient, som anvender IMAP's -serverthreadingfunktionalitet.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.2.13-14+lenny6.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.2.13-19+squeeze3.

- -

I distributionerne testing (wheezy) og unstable (sid), er dette problem -rettet i cyrus-imapd-2.4 version 2.4.11-1.

- -

Vi anbefaler at du opgraderer dine cyrus-imapd-2.2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2377.data" diff --git a/danish/security/2012/dsa-2378.wml b/danish/security/2012/dsa-2378.wml deleted file mode 100644 index a9077ce9fdb..00000000000 --- a/danish/security/2012/dsa-2378.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="9b8c8f993b58bdf4eedd4ec665e96f0308174d4f" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i FFmpeg, en multimedieafspiller, -server og --encoder. Flere inddatavalideringer i decoderne til QDM2-, VP5-, VP6-, VMD- og -SVQ1-filer kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 4:0.5.6-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4:0.7.3-1 af kildekodepakken libav.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2378.data" diff --git a/danish/security/2012/dsa-2379.wml b/danish/security/2012/dsa-2379.wml deleted file mode 100644 index 81d918aaddb..00000000000 --- a/danish/security/2012/dsa-2379.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Man opdagede, at Key Distribution Center (KDC) i Kerberos 5 gik ned når der -blev behandlet visse fabrikerede forespørgsler:

- -
    - -
  • CVE-2011-1528 - -

    Når LDAP-backend'en blev anvendt, kunne fjernbrugere forårsage at - KDC-dæmonen gik ned og et lammelsesangreb (denial of servie).

    • - -
  • CVE-2011-1529 - -

    Når LDAP- eller Berkeley DB-backend'en blev anvendt, kunne fjernbrugere - forårsage en NULL-pointerdereference i KDC-dæmonen og et - lammelsesangreb.

    • - -
- -

Den gamle stabile distribution (lenny) er ikke påvirket af disse -problems.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -1.8.3+dfsg-4squeeze5.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 1.10+dfsg~alpha1-1.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2379.data" diff --git a/danish/security/2012/dsa-2380.wml b/danish/security/2012/dsa-2380.wml deleted file mode 100644 index fa7c95a31c0..00000000000 --- a/danish/security/2012/dsa-2380.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -shell-kommando-indsprøjtning - -

Man opdagede, at foomatic-filters, en supportpakke til opsætning af printere, -gjorde det muligt for autentificerede brugere, at sende fabrikerede -printopgaver, som kunne føre til udførelse af shell-kommandoer på -printserverne.

- -

\ -CVE-2011-2697 blev tildelt denne sårbarhed i Perl-implementeringen -indeholdt i Lenny, og -\ -CVE-2011-2964 til sårbarheden, som påvirker C-genimplementeringsdelen i -Squeeze.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -3.0.2-20080211-3.2+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.0.5-6+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 4.0.9-1.

- -

Vi anbefaler at du opgraderer dine foomatic-filters-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2380.data" diff --git a/danish/security/2012/dsa-2381.wml b/danish/security/2012/dsa-2381.wml deleted file mode 100644 index 779cdb15d58..00000000000 --- a/danish/security/2012/dsa-2381.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="ec72f516f6ad02aff580586c4d983705cda7a13a" mindelta="1" -ugyldig hukommelsesdeallokering - -

Man opdagede, at koden til IPv6-understøttelse i Squid, ikke på korrekt vis -håndterede visse DNS-svar, medførende deallokering af en ugyldig pointer og et -dæmonnedbrud.

- -

Pakken squid og den udgave af Squid 3, der leveres med lenny, mangler -understøttelse af IPv6 og er ikke påvirkede af dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.1.6-1.2+squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), -er dette problem rettet i version 3.1.18-1.

- -

Vi anbefaler at du opgraderer dine squid3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2381.data" diff --git a/danish/security/2012/dsa-2382.wml b/danish/security/2012/dsa-2382.wml deleted file mode 100644 index 5d4e9992e51..00000000000 --- a/danish/security/2012/dsa-2382.wml +++ /dev/null @@ -1,62 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere problemer er opdaget i eCryptfs, et kryptografisk filsystem til -Linux.

- -
    - -
  • CVE-2011-1831 - -

    Vasiliy Kulikov fra Openwall og Dan Rosenberg opdagede, at eCryptfs på - ukorrekt vis validerede rettigheder hørende til det ønskede mountpoint. En - lokal angriber kunne udnytte fejlen til at mounte på vilkårlige steder, - førende til rettighedsforøgelse.

    • - -
  • CVE-2011-1832 - -

    Vasiliy Kulikov fra Openwall og Dan Rosenberg opdagede, at eCryptfs på - ukorrekt vis validerede rettigheder hørende til det ønskede mountpoint. En - lokal angriber kunne udnytte fejlen til at unmounte på vilkårlige steder, - førende til et lammelsesangreb (denial of service).

    • - -
  • CVE-2011-1834 - -

    Dan Rosenberg og Marc Deslauriers opdagede, at eCryptfs på ukorrekt vis - håndterede ændringer til mtab-filen, når der opstod en fejl. En lokal - angriber kunne udnytte fejlen til at ødelægge mtab-filen, samt muligvis - unmounte på vilkårlige steder, førende til et lammelsesangreb.

    • - -
  • CVE-2011-1835 - -

    Marc Deslauriers opdagede, at eCryptfs på ukorrekt vis håndterede nøgler, - når der blev opsat en krypteret, privat mappe. En lokal angriber kunne - udnytte fejlen til at manipulere nøgler under oprettelsen af en ny - bruger.

    • - -
  • CVE-2011-1837 - -

    Vasiliy Kulikov fra Openwall opdagede, at eCryptfs på ukorrekt vis - håndterede lock-tællere. En lokal angriber kunne udnytte fejlen til - muligvis at overskrive vilkårlige filer.

    • - -
- -

Vi takker Ubuntu-distributionen for deres arbejde med at klargøre rettelser, -som næsten uden videre kunne anvendes i Debian-pakken.

- -

I den gamle stabile distribution (lenny), er disse problemer rettet i version -68-1+lenny1.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -83-4+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 95-1.

- -

Vi anbefaler at du opgraderer dine ecryptfs-utils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2382.data" diff --git a/danish/security/2012/dsa-2383.wml b/danish/security/2012/dsa-2383.wml deleted file mode 100644 index 3426b4f147d..00000000000 --- a/danish/security/2012/dsa-2383.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="1ab2a585e21cfb0098413342f2f8db3bc189d3ca" mindelta="1" -bufferoverløb - -

Robert Luberda opdagede et bufferoverløb i syslog-logningskoden i Super, et -værktøj til udførelse af skripter (eller andre kommandoer), som om de er root. -Debians standardopsætning er ikke påvirket.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -3.30.0-2+lenny1. På grund af en teknisk begrænsning i Debians -arkiveringskripter, kan opdateringen ikke udgives synkront med opdateringen til -den stabile distribution. Den vil blive gjort tilgængelig om kort tid.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.30.0-3+squeeze1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine super-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2383.data" diff --git a/danish/security/2012/dsa-2384.wml b/danish/security/2012/dsa-2384.wml deleted file mode 100644 index a142234b6cc..00000000000 --- a/danish/security/2012/dsa-2384.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="dc5eeb4bc8eb23f4ffac5d087c05a51b841a6506" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i Cacti, et grafværktøj til dataovervågning. -Flere sårbarheder i forbindelse med udførelse af skripter på tværs af websteder, -gjorde det muligt for fjernangribere, at indsprøjte vilkårligt webskript eller -HTML. En SQL-indsprøjtningssårbarhed gjorde det muligt for fjernangribere at -udføre vilkårlige SQL-kommandoer.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.8.7b-2.1+lenny5.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.8.7g-1+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.8.7i-2.

- -

Vi anbefaler at du opgraderer dine cacti-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2384.data" diff --git a/danish/security/2012/dsa-2385.wml b/danish/security/2012/dsa-2385.wml deleted file mode 100644 index 5d4fc608b67..00000000000 --- a/danish/security/2012/dsa-2385.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="9cadcdddbb1f85fa8695017f11f2673fe934f9b2" mindelta="1" -pakkeløkke - -

Ray Morris opdagede, at den autoritative PowerDNS-server svarer på -svarpakker. En angriber, der kan forfalske IP-pakkers kildeadresse, kunne -forårsage en uendelig pakkeløkke mellem en autoritativ PowerDNS-server og en -anden DNS-server, førende til et lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (lenny), er dette problem rettet i version -2.9.21.2-1+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.9.22-8+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine pdns-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2385.data" diff --git a/danish/security/2012/dsa-2386.wml b/danish/security/2012/dsa-2386.wml deleted file mode 100644 index 6d739114ddc..00000000000 --- a/danish/security/2012/dsa-2386.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="dbb767831c2f6d2d80c56580bcafdcd9fcfb1fde" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i OpenTTD, et spil der simulerer en -transportvirksomhed. Flere bufferoverløb og forskudt med en-fejl gjorde det -mulig for fjernangribere at forårsage lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.6.2-1+lenny4.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.0.4-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.4-1.

- -

Vi anbefaler at du opgraderer dine openttd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2386.data" diff --git a/danish/security/2012/dsa-2387.wml b/danish/security/2012/dsa-2387.wml deleted file mode 100644 index 4e883d9e3ae..00000000000 --- a/danish/security/2012/dsa-2387.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="71d5af9b1cd6fd105ad56ceb3b77fdb4b202bf64" mindelta="1" -utilstrækkelig fornuftighedskontrol af inddata - -

timtai1 opdagede, at simpleSAMLphp, en autentifikations- og -federationplatform, var sårbar over for et angreb i forbindelse med udførelse af -skripter på tværs af servere, hvilket gjorde det muligt for en fjernangriber, at -tilgå følsomme klientdata.

- -

Den gamle stabile distribution (lenny) indeholder ikke en -simplesamlphp-pakke.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.6.3-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.8.2-1.

- -

Vi anbefaler at du opgraderer dine simplesamlphp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2387.data" diff --git a/danish/security/2012/dsa-2388.wml b/danish/security/2012/dsa-2388.wml deleted file mode 100644 index 01f84085b3f..00000000000 --- a/danish/security/2012/dsa-2388.wml +++ /dev/null @@ -1,59 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i t1lib, et skrifttyperasteriseringsbibliotek -til Postscript Type 1, hvoraf nogle kunne føre til udførelse af kode gennem -åbning af filer med indlejrede dårlige skrifttyper.

- -
    - -
  • CVE-2010-2642 - -

    Et heap-baseret bufferoverløb i fortolkeren af AFM-skrifttypemetrik, - kunne potenielt føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2011-0433 - -

    Et andet heap-baseret bufferoverløb i fortolkeren af AFM-skrifttypemetrik, - kunne potentielt føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2011-0764 - -

    En ugyldig pointerdereference gjorde det muligt, at udføre vilkårlig - kode ved hjælp af Type 1-skrifttyper.

    • - -
  • CVE-2011-1552 - -

    En anden ugyldig pointerdereference medførte applikationsnedbrud, udløst - af fabrikerede Type 1-skrifttyper.

    • - -
  • CVE-2011-1553 - -

    En sårbarhed i forbindelse med frigivelse efter anvendelse, medførte - applikationsnedbrud, udløst af fabrikerede Type 1-skrifttyper.

    • - -
  • CVE-2011-1554 - -

    En forskudt med én-fejl medførte ugyldig læsning af hukommelse og - applikationsnedbrud, udløst af fabrikerede Type 1-skrifttyper.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 5.1.2-3+lenny1.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 5.1.2-3+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 5.1.2-3.4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.1.2-3.4.

- -

Vi anbefaler at du opgraderer dine t1lib-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2388.data" diff --git a/danish/security/2012/dsa-2389.wml b/danish/security/2012/dsa-2389.wml deleted file mode 100644 index 738299e45ce..00000000000 --- a/danish/security/2012/dsa-2389.wml +++ /dev/null @@ -1,103 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/lammelsesangreb/informationslækage - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følende problemer:

- -
    - -
  • CVE-2011-2183 - -

    Andrea Righi rapporterede om et problem i KSM, en hukommelsesbesparende - afduplikeringsfunktionalitet. Ved at udnytte en kapløbstilstand med - eksisterende tasks, kunne lokale brugere forårsage en kerne-ups, medførende - et lammelsesangreb.

    • - -
  • CVE-2011-2213 - -

    Dan Rosenberg opdagede et problem i grænsefladen til - INET-socketovervågning. Lokale brugere kunne forårsage et lammelsesangreb - ved at indsprøjte kode og få kerne til at gå i en uendelig løkke.

    • - -
  • CVE-2011-2898 - -

    Eric Dumazet rapporterede om en informationslækage i implementeringen af - raw packet-socket.

    • - -
  • CVE-2011-3353 - -

    Han-Wen Nienhuys rapporterede om et lokalt lammelsesangrebsproblem i - FUSE-understøttelsen (Filesystem in Userspace) Linux-kernen. Lokale brugere - kunne forårsage et bufferoverløb, førende til en kerne-ups og et - lammelsesangreb.

    • - -
  • CVE-2011-4077 - -

    Carlos Maiolino rapporterede om et problem i XFS-filsystemet. En lokal - bruger med mulighed for at mounte et filsystem, kunne gøre hukommelse - korrupt, medførende et lammelsesangreb eller muligvis få forøgede - rettigheder.

    • - -
  • CVE-2011-4110 - -

    David Howells rapporterede om et problem kernenens access key - retention-system, hvilket gjorde det muligt for lokale brugere, at - forårsage en kerne-ups og et lammelsesangreb.

    • - -
  • CVE-2011-4127 - -

    Paolo Bonzini fra Red Hat rapporterede om et problem i ioctl - passthrough-understøttelsen for SCSI-enheder. Brugere med rettigheder til - at tilgå adgangsbegrænsede dele af en enhed (fx en partition eller - logical volume) kunne få adgang til hele enheden ved hjælp af - SG_IO-ioctl'en. Det kunne udnyttes af en lokal bruger eller priviligeret - VM-gæst til at få forøgede rettigheder.

    • - -
  • CVE-2011-4611 - -

    Maynard Johnson rapporterede om et problem med perf-understøttelsen på - POWER7-systemer, hvilket gjorde det muligt for lokale brugere at forårsage - et lammelsesangreb.

    • - -
  • CVE-2011-4622 - -

    Jan Kiszka rapporterede et problem i KVM PIT-timer-understøttelsen. - Lokale brugere med rettigheder til at anvende KVM, kunne forårsage et - lammelsesangreb ved at starte en PIT-timer uden først at opsætte - irqchip'en.

    • - -
  • CVE-2011-4914 - -

    Ben Hutchings rapporterede om forskellige problemer i forbindelse med - kontrol af grænser i ROSE-protokolunderstøttelsen i kernen. Fjernbrugere - kunne måske anvende dette til at få adgang til følsom hukommelse eller - forårsage et lammelsesangreb.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.6.32-39squeeze1. Opdateringer af problemer, som påvirker den gamle stabile -distribution (lenny), vil snart blive gjort tilgængelige.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage nytte af opdateringen:

- -
- - - - - - - - - -
 Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+39squeeze1
-
- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2389.data" diff --git a/danish/security/2012/dsa-2390.wml b/danish/security/2012/dsa-2390.wml deleted file mode 100644 index 3746d11aad7..00000000000 --- a/danish/security/2012/dsa-2390.wml +++ /dev/null @@ -1,60 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i OpenSSL, en implementering af TLS og -relaterede protokoller. Projektet Common Vulnerabilities and Exposures har -registreret følgende sårbarheder:

- -
    - -
  • CVE-2011-4108 - -

    DTLS-implementeringen udførte kun en MAC-kontrol hvis en bestemt - padding var gyldig, hvilket gjorde det lettere for fjernangribere at få - fat i ren tekst via et padding oracle-angreb.

    • - -
  • CVE-2011-4109 - -

    En sårbarhed i forbindelse med dobbelt frigivelse når - X509_V_FLAG_POLICY_CHECK er slået til, gjorde det muligt for - fjernangribere at få applikationer til at gå ned og potentielt - tillade udførelse af vilkårlig kode ved at udløse en fejl ved - policykontrol.

    • - -
  • CVE-2011-4354 - -

    På 32 bit-systemer var handlinger på de NIST-elliptiske funktioner - P-256- og P-384 ikke implementeret korrekt, potentielt førende til - lækage af den private ECC-nøgle på en TLS-server. (Regulære RSA-baserede - nøgler er ikke påvirket af denne sårbarhed.)

    • - -
  • CVE-2011-4576 - -

    SSL 3.0-implementeringen initialiserer ikke på korrekt vis datastrukturer - til block cipher padding, hvilket måske kunne gøre det muligt for - fjernangribere at få adgang til følsomme oplysninger, ved at dekryptere - paddingdata sendt af en SSL-peer.

    • - -
  • CVE-2011-4619 - -

    Implementeringen af Server Gated Cryptography (SGC) i OpenSSL, håndterede - ikke handshake-genstarter, hvilket på unødvendig vis simplificerede - CPU-udmattelsesangreb.

    • - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet i version -0.9.8g-15+lenny15.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -0.9.8o-4squeeze5.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 1.0.0f-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2390.data" diff --git a/danish/security/2012/dsa-2391.wml b/danish/security/2012/dsa-2391.wml deleted file mode 100644 index 784184d1964..00000000000 --- a/danish/security/2012/dsa-2391.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i phpMyAdmin, et værktøj til administration af -MySQL via web. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2011-4107 - -

    XML-importpluginen gjorde det muligt for en fjernangriber, at læse - vilkårlige filer via XML-data indeholdende eksterne - entitetsreferencer.

    • - -
  • CVE-2011-1940, - CVE-2011-3181 - -

    Udførelse af skripter tværs af websteder var muligt i - tabelsporingsfunktionen, hvilket gjorde det muligt for en fjernangriber, at - indsprøjte vilkårligt webskript eller HTML.

    • - -
- -

Den gamle stabile distribution (lenny) er ikke påvirket af disse -problemer.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -4:3.3.7-7.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 4:3.4.7.1-1.

- -

Vi anbefaler at du opgraderer dine phpmyadmin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2391.data" diff --git a/danish/security/2012/dsa-2392.wml b/danish/security/2012/dsa-2392.wml deleted file mode 100644 index 68cbd11772e..00000000000 --- a/danish/security/2012/dsa-2392.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="6b8a803853a4c314e038009319b6c4d9419efede" mindelta="1" -læsning uden for grænserne - -

Antonio Martin opdagede en lammelsesangrebssårbarhed (denial of service) i -OpenSSL, en implementering af TLS og relaterede protokoller. En ondsindet -klient kunne få DTLS-serverimplementeringen til at gå ned. Regulær, -TCP-baseret TLS er ikke påvirket af dette problem.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 0.9.8g-15+lenny16.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.9.8o-4squeeze7.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er dette problem rettet i version 1.0.0g-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2392.data" diff --git a/danish/security/2012/dsa-2393.wml b/danish/security/2012/dsa-2393.wml deleted file mode 100644 index 673cef11bc8..00000000000 --- a/danish/security/2012/dsa-2393.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b0c65dd1948fc47c38b2003ec55cd693b4ed38c8" mindelta="1" -bufferoverløb - -

Julien Tinnes rapporterede om et bufferoverløb i flerbruger-IRC-proxy'en Bip, -hvilket måske kunne gøre det muligt for fjernbrugere at udføre vilkårlig -kode.

- -

Den gamle stabile distribution (lenny) er ikke påvirket at dette problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.8.2-1squeeze4.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine bip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2393.data" diff --git a/danish/security/2012/dsa-2394.wml b/danish/security/2012/dsa-2394.wml deleted file mode 100644 index c6bc6fc4a2d..00000000000 --- a/danish/security/2012/dsa-2394.wml +++ /dev/null @@ -1,56 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Mange sikkerhedsproblemer er rettet i libxml2, et populært bibliotek til -håndtering af XML-datafiler.

- -
    - -
  • CVE-2011-3919: - -

    Jüri Aedla opdagede et heap-baseret bufferoverløb, der gjorde det muligt for -fjernangribere at forårsage et lammelsesangreb (denial of service) eller -muligvis have anden ikke-angivet indvirkning via ukendte angrebsvinkler.

    • - -
  • CVE-2011-0216: - -

    Der blev opdaget en forskudt med en-fejl, som gjorde det muligt for -fjernangribere at udføre vilkårlig kode eller forårsage et -lammelsesangreb.

    • - -
  • CVE-2011-2821: - -

    En hukommelseskorruptionsfejl (dobbelt frigivelse) blev opdaget i libxml2's -XPath-maskine. Ved hjælp af fejlen var det muligt for en angriber, at forårsage -et lammelsesangreb eller muligvis have anden ikke-angivet indvirkning. -Sårbarheden påvirker ikke den gamle stabile distribution (lenny).

    • - -
  • CVE-2011-2834: - -

    Yang Dingning en dobbelt frigivelse-sårbarhed relateret til -XPath-håndtering.

    • - -
  • CVE-2011-3905: - -

    En sårbarhed i forbindelse med læsning uden for grænserne, gjorde det muligt -for fjernangribere at forårsage et lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 2.6.32.dfsg-5+lenny5.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.7.8.dfsg-2+squeeze2.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 2.7.8.dfsg-7.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.7.8.dfsg-7.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2394.data" diff --git a/danish/security/2012/dsa-2395.wml b/danish/security/2012/dsa-2395.wml deleted file mode 100644 index a384e96d332..00000000000 --- a/danish/security/2012/dsa-2395.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -bufferunderløb - - -

Laurent Butti opdagede et bufferunderløb i LANalyzer-dissektoren i -netværkstrafikanalyseringsprogrammet Wireshark, hvilket kunne føre til udførelse -af vilkårlig kode -(CVE-2012-0068).

- -

Denne opdatering løser også flere fejl, der kunne føre til at Wireshark gik -ned. De behandles ikke som sikkerhedsproblemer, men rettes ikke desto mindre -når der er planlagt sikkerhedsopdateringer: -CVE-2011-3483, -CVE-2012-0041, -CVE-2012-0042, -CVE-2012-0066 og -CVE-2012-0067.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.2.11-6+squeeze6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.5-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2395.data" diff --git a/danish/security/2012/dsa-2396.wml b/danish/security/2012/dsa-2396.wml deleted file mode 100644 index 42f8660396c..00000000000 --- a/danish/security/2012/dsa-2396.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="66990fedaf7bba1a99811f6972c399513ef20090" mindelta="1" -bufferunderløb - -

Nicolae Mogoreanu opdagede et heap-overløb i det emulerede -e1000e-netværkskort i KVM, en løsning til komplet virtualisering på -x86-hardware, hvilket kunne medføre lammelsesangreb (denial of service) eller -rettighedsforøgelse.

- -

Denne opdatering retter også hukommelseskorruption i VNC-håndteringen, som -kunne udløses af en gæst.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.12.5+dfsg-5+squeeze8.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.0+dfsg-5.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2396.data" diff --git a/danish/security/2012/dsa-2397.wml b/danish/security/2012/dsa-2397.wml deleted file mode 100644 index 1bd961004cb..00000000000 --- a/danish/security/2012/dsa-2397.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="46cd57e0ab7971279f6bb9bb74ef6bfd008645e6" mindelta="1" -bufferunderløb - -

Man opdagede at et bufferoverløb i Unicode-biblioteket ICU, kunne føre til -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 3.8.1-3+lenny3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 4.4.1-8.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.8.1.1-3.

- -

Vi anbefaler at du opgraderer dine icu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2397.data" diff --git a/danish/security/2012/dsa-2398.wml b/danish/security/2012/dsa-2398.wml deleted file mode 100644 index a59312fcad1..00000000000 --- a/danish/security/2012/dsa-2398.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er blevet opdaget i cURL, et URL-overførselsbibliotek. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2011-3389 - -

    Opdateringen aktiverer OpenSSL-workarounds mod BEAST-angrebet. - Yderligere oplysninger findes i - cURL's - bulletin.

    • - -
  • CVE-2012-0036 - -

    Dan Fandrich opdagede, at cURL udførte utilstrækkelig - fornuftighedskontrol, når filstiens del af en URL blev fundet frem.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 7.18.2-8lenny6.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 7.21.0-2.1+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.24.0-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2398.data" diff --git a/danish/security/2012/dsa-2399.wml b/danish/security/2012/dsa-2399.wml deleted file mode 100644 index 301879a646c..00000000000 --- a/danish/security/2012/dsa-2399.wml +++ /dev/null @@ -1,61 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i PHP, et webscriptingsprog. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2011-1938 - -

    Håndteringen af UNIX-socket gjorde det muligt for angribere, at udløse et - bufferoverløb via et langt stinavn.

    • - -
  • CVE-2011-2483 - -

    Funktionen crypt_blowfish håndterede ikke på korrekt vis 8 bit-tegn, - hvilket gjorde det lettere for angribere, at finde frem til adgangskoder i - klar tekst ved at anvende viden om en adgangskodehash.

    • - -
  • CVE-2011-4566 - -

    Når exif-udvidelsen blev anvendt på 32 bit-platforme, kunne den anvendes - til at udløse et heltalsoverløb i funktionen exif_process_IFD_TAG, når en - JPEG-fil blev behandlet.

    • - -
  • CVE-2011-4885 - -

    Det var muligt at udløse hashkollisioner på forudsigelig vis, ved - fortolkning af formparametre, hvilket gjorde det muligt for fjernangribere - at forårsage et lammelsesangreb (denial of service) ved at sende mange - fabrikerede parametre.

    • - -
  • CVE-2012-0057 - -

    Når en fabrikeret XSLT-transform blev taget i anvendelse, kunne en - angriber skrive filer til vilkårlige placeringer i filsystemet.

    • - -
- -

Bemærk: Rettelsen af -CVE-2011-2483 -krævede ændring af hvordan denne funktion opfører sig. Den er ikke længere -kompatibel med nogle ældre (ukorrekt) genererede hashværdier for adgangskoder -indeholdende 8 bit-tegn. Se pakkens NEWS-fil for flere oplysninger. Ændringen -er ikke foretaget i Lennys version af PHP.

- -

I den gamle stabile distribution (lenny), er disse problemer rettet i version -5.2.6.dfsg.1-1+lenny15.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -5.3.3-7+squeeze6.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 5.3.9-1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2399.data" diff --git a/danish/security/2012/dsa-2400.wml b/danish/security/2012/dsa-2400.wml deleted file mode 100644 index 5768f6c723c..00000000000 --- a/danish/security/2012/dsa-2400.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Iceweasel, en webbrowser baseret på Firefox. -Det medfølgende XULRunner-bibliotek leverer renderingtjenster til flere andre -applikationer, som Debian distribuerer.

- -
    - -
  • CVE-2011-3670 - -

    Gregory Fleischer opdagede at IPv6-URL'er blev fortolket på forkert vis, - potentielt medførende informationsafsløring.

    • - -
  • CVE-2012-0442 - -

    Jesse Ruderman og Bob Clary opdagede hukommelseskorrupotionsfejl, der - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2012-0444 - -

    regenrecht opdagede, at manglende fornuftighedskontrol af inddata i - Ogg Vorbis-fortolkeren, kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2012-0449 - -

    Nicolas Gregoire og Aki Helin opdagede, at manglende fornuftighedskontrol - af inddata i XSLT-behandling, kunne føre til udførelse af vilkårlig - kode.

    • - -
- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 1.9.0.19-13 af kildekodepakken xulrunner.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.5.16-12.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 10.0-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2400.data" diff --git a/danish/security/2012/dsa-2401.wml b/danish/security/2012/dsa-2401.wml deleted file mode 100644 index 18e095ac4a8..00000000000 --- a/danish/security/2012/dsa-2401.wml +++ /dev/null @@ -1,54 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Tomcat, en servlet- og JSP-maskine:

- -
    - -
  • CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 - -

    Implementeringen af HTTP Digest Access Authentication udførte - utilstrækkelige foranstaltninger mod replay-angreb.

    • - -
  • CVE-2011-2204 - -

    I sjældne opsætninger blev adgangskoder skrevet til en logfil.

    • - -
  • CVE-2011-2526 - -

    Manglende fornuftighedskontrol af inddata i HTTP APR- og HTTP - NIO-connectors, kunne føre til lammelsesangreb (denial of - service).

    • - -
  • CVE-2011-3190 - -

    AJP-forespørgsler kunne forfalskes i nogle opsætninger.

    • - -
  • CVE-2011-3375 - -

    Ukorrekt caching af forespørgsler kunne føre til - informationsafsløring.

    • - -
  • CVE-2011-4858 CVE-2012-0022 - -

    Denne opdatering tilføjer foranstaltninger mod en - kollisionslammelsesangrebssårbarhed i implementeringen af Java-hashtable og - løser lammelsesangrebspotentialer ved behandling af store mængder - forespørgsler.

    • - -
- -

Flere oplysninger findes på -

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 6.0.35-1+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 6.0.35-1.

- -

Vi anbefaler at du opgraderer dine tomcat6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2401.data" diff --git a/danish/security/2012/dsa-2402.wml b/danish/security/2012/dsa-2402.wml deleted file mode 100644 index 8ffc9877338..00000000000 --- a/danish/security/2012/dsa-2402.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er fundet i internetsuiten Iceape, en varemærkefri udgave -af Seamonkey:

- -
    - -
  • CVE-2011-3670 - -

    Gregory Fleischer opdagede at IPv6-URL'er blev fortolket på forkert vis, - potentielt medførende informationsafsløring.

    • - -
  • CVE-2012-0442 - -

    Jesse Ruderman og Bob Clary opdagede hukommelseskorrupotionsfejl, der - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2012-0444 - -

    regenrecht opdagede, at manglende fornuftighedskontrol af inddata i - Ogg Vorbis-fortolkeren, kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2012-0449 - -

    Nicolas Gregoire og Aki Helin opdagede, at manglende fornuftighedskontrol - af inddata i XSLT-behandling, kunne føre til udførelse af vilkårlig - kode.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.0.11-10.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.14-10.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2402.data" diff --git a/danish/security/2012/dsa-2403.wml b/danish/security/2012/dsa-2403.wml deleted file mode 100644 index bbc79c06619..00000000000 --- a/danish/security/2012/dsa-2403.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="476a7c958d957cde14dc91319c55a4653268ed09" mindelta="1" -kodeindsprøjtning - -

Stefan Esser opdagede, at implementeringen af opsætningsvariablen -max_input_vars i en nylig sikkerhedsopdatering af PHP var fejlbehæftet på en -måde, der gjorde det muligt for fjernangribere at få PHP til at gå ned eller -potentielt udføre kode.

- -

I den gamle stabile distribution (lenny), er dette problem rettet i -version 5.2.6.dfsg.1-1+lenny16.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 5.3.3-7+squeeze7.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.3.10-1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2403.data" diff --git a/danish/security/2012/dsa-2404.wml b/danish/security/2012/dsa-2404.wml deleted file mode 100644 index 441ce6b7c6d..00000000000 --- a/danish/security/2012/dsa-2404.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="66990fedaf7bba1a99811f6972c399513ef20090" mindelta="1" -bufferoverløb - -

Nicolae Mogoreanu opdagede et heapoverløb i det emulaterede -e1000e-netværkskort i QEMU, som anvendes i xen-qemu-dm-4.0-pakkerne. -Sårbarheden kan måske gøre det muligt for ondsindede gæstesystem, at få -værtssystemet til at gå ned eller forøge deres rettigheder.

- -

Den gamle stabile distribution (lenny) indeholder ikke pakken -xen-qemu-dm-4.0.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.0.1-2+squeeze1.

- -

Distributionen testing (wheezy) og den ustabile distribution (sid) vil snart -blive rettet.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2404.data" diff --git a/danish/security/2012/dsa-2405.wml b/danish/security/2012/dsa-2405.wml deleted file mode 100644 index 39264bea174..00000000000 --- a/danish/security/2012/dsa-2405.wml +++ /dev/null @@ -1,84 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere problemer - - -

Flere sårbarheder er opdaget i Apache HTTPD Server:

- -
    - -
  • CVE-2011-3607: - -

    Et heltalsoverløb i ap_pregsub() kunne gøre det muligt for lokale - angribere, at udføre vilkårlig kode med forøgede rettigheder via fabrikerede - .htaccess-filer.

    • - -
  • CVE-2011-3368 - CVE-2011-3639 - CVE-2011-4317: - -

    Apache HTTP Server validerede ikke på korrekt vis forespørgsels-URI'en - ved proxy'ede forespørgsler. I visse reverse proxy-opsætninger med - anvendelse af direktivet ProxyPassMatch eller anvendelse af direktivet - RewriteRule med [P]-flaget, kunne en fjernangriber få proxy'en til at - forbinde sig med vilkårlig server. Dermed kunne det blive muligt for - angriberen, at tilgå interne servere, som ellers ikke er tilgængelige - ude fra.

    - -

    De tre CVE-id'er vedrører en smule forskellige varianter af det samme - problem.

    - -

    Bemærk: Selv om problemet er rettet, er det administratorens ansvar at - sikre sig, at det regulære udtræks erstatningsmønster for mål-URI'en ikke - tillader, at en klient kan tilføje vilkårlige strenge til værts- eller - portdelene af mål-URI'en. Eksempelvis er følgende opsætning stadig sårbar

    - -
    -    ProxyPassMatch ^/mail(.*)  http://internal-host$1
-
    - -

    og bør skal erstattes af en af følgende opsætninger:

    - -
    -    ProxyPassMatch ^/mail(/.*)  http://internal-host$1
-    ProxyPassMatch ^/mail/(.*)  http://internal-host/$1
-
    -
    • - -
  • CVE-2012-0031: - -

    En apache2-childproces kunne bevirke, at parentprocessen gik ned under en - nedlukning. Det er en overtrædelse af rettighedsadskillelsen mellem - apache2-processerne, og kunne potentielt anvendes til at forværre andre - sårbarheders konsekvenser.

    • - -
  • CVE-2012-0053: - -

    Svarmeddelelsen til fejlkode 400 (bad request) kunne anvendes til at - blotlægge httpOnly-cookies. Dermed kunne det være muligt for en - fjernangriber, at udføre skripter på tværs af servere, for at sjæle - sessionscookies.

    • - -
- -

I den gamle stabile distribution (lenny), er disse problemer rettet i version -2.2.9-10+lenny12 af apache2.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -2.2.16-6+squeeze6 af apache2.

- -

I distributionen testing (wheezy), vil disse problemer blive rettet i version -2.2.22-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2.2.22-1.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- -

Opdateringen indeholder også opdaterede apache2-mpm-itk-pakker, som er blevet -genoversat mod de opdaterede apache2-pakker. Det nye versionsnummer i den gamle -stabile distribution er 2.2.6-02-1+lenny7. I den stabile distribution, har -apache2-mpm-itk det samme versionsnummer som apache2.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2405.data" diff --git a/danish/security/2012/dsa-2406.wml b/danish/security/2012/dsa-2406.wml deleted file mode 100644 index 3e3b88784c7..00000000000 --- a/danish/security/2012/dsa-2406.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Icedove, Debians variant af Mozilla -Thunderbird-kodebasen.

- -
    - -
  • CVE-2011-3670 - -

    Icedove håndhævede ikke på korrekt vis IPv6's literal adresse-syntaks, - hvilket gjorde det muligt for fjernangribere, at få fat i følsomme - oplysninger, ved at foretage XMLHttpRequest-kald gennem en proxy efterfulgt - af læsning af fejlmeddelelserne.

    • - -
  • CVE-2012-0442 - -

    Hukommelseskorruptionsfejl kunne få Icedove til at gå ned eller muligvis - udføre vilkårlig kode.

    • - -
  • CVE-2012-0444 - -

    Icedove initialiserede ikke på korrekt vis nsChildView-datastrukturer, - hvilket gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - (hukommelseskorruption og applikationsnedbrud) eller muligvis udføre - vilkårlig kode via en fabrikeret Ogg Vorbis-fil.

    • - -
  • CVE-2012-0449 - -

    Icedove gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (hukommelseskorruption og applikationsnedbrud) eller - muligvis udføre vilkårlig kode via et misdannet XSLT-stylesheet, der er - indlejret i et dokument.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.0.11-1+squeeze7.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2406.data" diff --git a/danish/security/2012/dsa-2407.wml b/danish/security/2012/dsa-2407.wml deleted file mode 100644 index 86ed134c68c..00000000000 --- a/danish/security/2012/dsa-2407.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="36f6973bc94ec2c71affe56e5fd3faac4a6d5ba2" mindelta="1" -heapoverløb - -

Man opdagede, at en ondsindet CVS-server kunne forårsage et heapoverløb i -CVS-klienten, potentielt gørede det muligt for serveren at udføre vilkårlig kode -på klienten.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:1.12.13-12+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:1.12.13+real-7.

- -

Vi anbefaler at du opgraderer dine cvs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2407.data" diff --git a/danish/security/2012/dsa-2408.wml b/danish/security/2012/dsa-2408.wml deleted file mode 100644 index de4aa084d5a..00000000000 --- a/danish/security/2012/dsa-2408.wml +++ /dev/null @@ -1,63 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i webskriptsproget PHP. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2011-1072 - -

    Man opdagede, at usikker håndtering af midlertidige filer i - PEAR-installer'en kunne føre til lammelsesangreb (denial of - service).

    • - -
  • CVE-2011-4153 - -

    Maksymilian Arciemowicz opdagede, at en NULL-pointerdereference i - funktionen zend_strndup() kunne føre til lammelsesangreb.

    • - -
  • CVE-2012-0781 - -

    Maksymilian Arciemowicz opdagede, at en NULL-pointerdereference i - funktionen tidy_diagnose() kunne føre til lammelsesangreb.

    • - -
  • CVE-2012-0788 - -

    Man opdagede, at manglende kontroller i håndteringen af PDORow-objekter - kunne føre til lammelsesangreb.

    • - -
  • CVE-2012-0831 - -

    Man opdagede, at indstillingen magic_quotes_gpc kunne - fjern-deaktiveres.

    • - -
- -

Denne opdatering løser også PHP-fejl, der ikke behandles som -sikkerhedsproblemer i Debian (se README.Debian.security), men som ikke desto -mindre blev løst: -CVE-2010-4697, -CVE-2011-1092, -CVE-2011-1148, -CVE-2011-1464, -CVE-2011-1467, -CVE-2011-1468, -CVE-2011-1469, -CVE-2011-1470, -CVE-2011-1657, -CVE-2011-3182, -CVE-2011-3267

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 5.3.3-7+squeeze8.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.3.10-1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2408.data" diff --git a/danish/security/2012/dsa-2409.wml b/danish/security/2012/dsa-2409.wml deleted file mode 100644 index 1250b0d732d..00000000000 --- a/danish/security/2012/dsa-2409.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i debdiff, et scrikt, der anvendes til at -sammenligne to Debian-pakker, som indgår i pakken devscripts. Projektet Common -Vulnerabilities and Exposures har tildelt følgende id'er til sårbarhederne:

- -
    - -
  • CVE-2012-0210: - -

    Paul Wise opdagede, at på grund af utilstrækkelig fornuftighedskontrol af - inddata, når der blev behandlet .dsc- og .changes-filer, var det muligt at - udføre vilkårlig kode og blotlægge systemoplysninger.

    • - -
  • CVE-2012-0211: - -

    Raphael Geissert opdagede, at det var muligt at indsprøjte eller ændre - eksterne kommandoers parametre, når der blev behandlet kildekodepakker med - særligt navngivne tarballs i mappen på øverste niveau i .orig-tarball'en, - hvilket muliggjorde vilkårlig udførelse af kode.

    • - -
  • CVE-2012-0212: - -

    Raphael Geissert opdagede, at det var muligt at indsprøjte eller ændre - eksterne kommandoers parametre, når en særligt navngivet fil blev overført - som parameter til debdiff, hvilket muliggjorde vilkårlig udførelse af - kode.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -2.10.69+squeeze2.

- -

I distributionen testing (wheezy), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), vil disse problemer blive rettet i version -2.11.4.

- -

Vi anbefaler at du opgraderer dine devscripts-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2409.data" diff --git a/danish/security/2012/dsa-2410.wml b/danish/security/2012/dsa-2410.wml deleted file mode 100644 index 89a74056fc9..00000000000 --- a/danish/security/2012/dsa-2410.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="4a1d7e82ab2ed6af0ea4557495da70f4621ba0e9" mindelta="1" -heltalsoverløb - -

Jueri Aedla opdagede et heltalsoverløb i PNG-biblioteket libpng, hvilket -kunne føre til udførelse af vilkårlig kode, hvis et misdannet billede blev -behandlet.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.2.44-1+squeeze2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libpng-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2410.data" diff --git a/danish/security/2012/dsa-2411.wml b/danish/security/2012/dsa-2411.wml deleted file mode 100644 index d586e60760a..00000000000 --- a/danish/security/2012/dsa-2411.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="b1a02d4070512bf6ebaffbd34711533b2c74bc76" mindelta="1" -informationsafsløring - -

Man opdagede, at Mumble, en VoIP-klient, ikke håndterede sine -brugerspecifikke opsætningsfilers rettigheder korrekt, hvilket gjorde det muligt -for andre lokale brugere på systemet, at tilgå dem.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.2.2-6+squeeze1.

- -

I distributionen testing (wheezy) and the ustabile distribution (sid), er -dette problem rettet i version 1.2.3-3.

- -

Vi anbefaler at du opgraderer dine mumble-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2411.data" diff --git a/danish/security/2012/dsa-2412.wml b/danish/security/2012/dsa-2412.wml deleted file mode 100644 index 683e3402f16..00000000000 --- a/danish/security/2012/dsa-2412.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="9d0f3ef3a7f90c983e77829065b525f860f6fabf" mindelta="1" -bufferoverløb - -

Man opdagede, at et heapoverløb i lydkomprimeringsbiblioteket Vorbis, kunne -føre til udførelse af vilkårlig kode, hvis en misdannet Ogg Vorbis-fil blev -behandlet.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.3.1-1+squeeze1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libvorbis-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2412.data" diff --git a/danish/security/2012/dsa-2413.wml b/danish/security/2012/dsa-2413.wml deleted file mode 100644 index 6f779e868ab..00000000000 --- a/danish/security/2012/dsa-2413.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e7baccb7b0026bc025ce5c4c1bef6dc74619ca03" mindelta="1" -bufferoverløb - -

To bufferoverløb er opdaget i libarchive, et bibliotek som stiller en -fleksibel grænseflade til læsning og skrivning af arkiver i forskellige formater -til rådighed. Det mulige bufferoverløb ved læsning af ISO 9660- eller -tar-streams, gjorde det muligt for fjernangribere at udføre vilkårlig kode, -afhængig af applikationen, der anvender funktionaliteten.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.8.4-1+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 2.8.5-5.

- -

Vi anbefaler at du opgraderer dine libarchive-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2413.data" diff --git a/danish/security/2012/dsa-2414.wml b/danish/security/2012/dsa-2414.wml deleted file mode 100644 index 6d0db034e31..00000000000 --- a/danish/security/2012/dsa-2414.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="6add43f21b16d584a1be74e3bfe55aa242cdd028" mindelta="1" -utilstrækkelig fornuftighedskontrol af inddata - -

Nicola Fioravanti opdagede, at F*X, en webservice til overførsel af meget -store filer, ikke på korrekt vis fornuftighedskontrollede inddataparametrene til -skriptet fup. En angriber kunne anvende fejlen til at udføre -reflekterede angreb i forbindelse med udførelse af skripter på tværs af -websteder via forskellige skriptparametre.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -20100208+debian1-1+squeeze3.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -20120215-1.

- -

Vi anbefaler at du opgraderer dine fex-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2414.data" diff --git a/danish/security/2012/dsa-2415.wml b/danish/security/2012/dsa-2415.wml deleted file mode 100644 index 23517ab1714..00000000000 --- a/danish/security/2012/dsa-2415.wml +++ /dev/null @@ -1,65 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder, der kunne føre til udførelse af vilkårlig kode, er -opdaget i libmodplug, et bibliotek til MOD-music, baseret på ModPlug. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2011-1761 - -

    epiphant opdagede, at abc-filfortolkeren var sårbar over for flere - stakbaserede bufferoverløb, som potentielt kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2011-2911 - -

    Hossein Lotfi fra Secunia opdagede, at funktionen CSoundFile::ReadWav var - sårbar over for et heltalsoverløb, hvilket førte til et heapbaseret - bufferoverløb. En angriber kunne udnytte fejlen til potentielt at udføre - vilkårlig kode ved at narre offeret til at åbne fabrikerede - WAV-filer.

    • - -
  • CVE-2011-2912 - -

    Hossein Lotfi fra Secunia opdagede, at funktionen CSoundFile::ReadS3M var - sårbar over for et stakbaseret bufferoverløb. En angriber kunne udnytte - fejlen til potentielt at udføre vilkårlig kode ved at narre offeret til at - åbne fabrikerede S3M-filer.

    • - -
  • CVE-2011-2913 - -

    Hossein Lotfi fra Secunia opdagede, at funktionen CSoundFile::ReadAMS var - ramt af en forskudt med én-sårbarhed, der førte til hukommelseskorruptiom. - En angriber kunne udnytte fejlen til potentielt at udføre vilkårlig kode, - ved at narre offeret til at åbne fabrikerede AMS-filer.

    • - -
  • CVE-2011-2914 - -

    Man opdagede, at funktionen CSoundFile::ReadDSM var ramt af en forskudt - med én-sårbarhed, der førte til hukommelseskorruption. En angriber kunne - udnytte fejlen til potentielt at udføre vilkårlig kode, ved at narre offeret - til at åbne fabrikerede DSM-filer.

    • - -
  • CVE-2011-2915 - -

    Man opdagede, at funktionen CSoundFile::ReadAMS2 var ramt af en forskudt - med én-sårbarhed, der førte til hukommelseskorruption. En angriber kunne - udnytte fejlen til potentielt at udføre vilkårlig kode, ved at narre offeret - til at åbne fabrikerede AMS-filer.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:0.8.8.1-1+squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid) er -dette problem rettet i version 1:0.8.8.4-1.

- -

Vi anbefaler at du opgraderer dine libmodplug-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2415.data" diff --git a/danish/security/2012/dsa-2416.wml b/danish/security/2012/dsa-2416.wml deleted file mode 100644 index 69b3a4e74a5..00000000000 --- a/danish/security/2012/dsa-2416.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="fd509e268b296a2c959202f50765407ab65a66d6" mindelta="1" -informationsafsløring - -

Man opdagede, at Notmuch, et program til indeksering af mail, ikke på -tilstrækkelig vis indkapslede Emacs' MML-tags. Når man anvender -Emacs-grænsefladen, kunne en bruger narres til at besvare en ondsindet, -formateret meddelelese, hvilket kunne føre til, at filer på den lokale maskine -blev hæftet på en udgående meddelelse.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.3.1+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 0.11.1-1.

- -

Vi anbefaler at du opgraderer dine notmuch-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2416.data" diff --git a/danish/security/2012/dsa-2417.wml b/danish/security/2012/dsa-2417.wml deleted file mode 100644 index 1fbbf015981..00000000000 --- a/danish/security/2012/dsa-2417.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b9100c0cf0f50fdbcd068b3eb08e888b42d6f4c9" mindelta="1" -beregningsmæssigt lammelsesangreb - -

Man opdagede, at den interne hashing-rutine i libxml2, et bibliotek -indeholdende et omfattende API til håndtering af XML-data, var sårbart over for -forudsigelige hash-kollisioner. Forudsat at en angriber med viden om -hashing-algoritmen, var det muligt at fabrikere inddata, som oprettede en stor -mængde kollisioner. Som følge heraf, var det muligt at gennemføre -lammelsesangreb (denial of service) mod applikationer, som anvender -libxml2-funktionalitet, på grund af det beregningsmæssige overhead.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.7.8.dfsg-2+squeeze3.

- -

I distributionen testing (wheezy) og i den ustabile distributions (sid), vil -dette problem snart blive løst.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2417.data" diff --git a/danish/security/2012/dsa-2418.wml b/danish/security/2012/dsa-2418.wml deleted file mode 100644 index d9c8da75e25..00000000000 --- a/danish/security/2012/dsa-2418.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere lokale sårbarheder er opdaget i PostgreSQL, en -objekt-relations-SQL-database. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2012-0866 - -

    Man opdagede, at rettighederne hørende til en funktion, der kaldes af en - trigger, ikke kontrolleres. Det kunne medføre rettighedsforøgelse.

    • - -
  • CVE-2012-0867 - -

    Man opdagede, at kun de første 32 tegn i et hostnavn blev kontrolleret, - når man validerede hostnavne gennem SSL-certifikater. Det kunne medføre - spooing af forbindelsen i nogle begrænsede situationer.

    • - -
  • CVE-2012-0868 - -

    Man opdagede, at pg_dump ikke fornuftighedskontrollerede objektnavne. - Det kunne medføre, at vilkårlige SQL-kommandoer blev udført, hvis en - misdannet dumpfil blev åbnet.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -8.4.11-0squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -8.4.11-1.

- -

Vi anbefaler at du opgraderer dine postgresql-8.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2418.data" diff --git a/danish/security/2012/dsa-2419.wml b/danish/security/2012/dsa-2419.wml deleted file mode 100644 index 6838e1696b2..00000000000 --- a/danish/security/2012/dsa-2419.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sårbarheder blev opdaget i Puppet, et centraliseret værktøj til håndtering -af opsætninger.

- -
    - -
  • CVE-2012-1053 - -

    Puppet kørte exec-filer med utilsigtigede grupperettigheder, hvilket - potentielt kunne føre til rettighedsforøgelse.

    • - -
  • CVE-2012-1054 - -

    k5login-type skriv til steder, der ikke er tillid til, hvilket gjorde det - muligt for lokale brugere, at forøge deres rettigheder, hvis k5login-type - anvendtes.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -2.6.2-5+squeeze4.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 2.7.11-1.

- -

Vi anbefaler at du opgraderer dine puppet-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2419.data" diff --git a/danish/security/2012/dsa-2420.wml b/danish/security/2012/dsa-2420.wml deleted file mode 100644 index f1a2444f4c8..00000000000 --- a/danish/security/2012/dsa-2420.wml +++ /dev/null @@ -1,88 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform.

- -
    - -
  • CVE-2011-3377 - -

    Browserplugin'en IcedTea, som medfølger i openjdk-6-pakken, håndhæver - ikke på korrekt vis Same Origin Policy hvad angår webindhold, som serveres - fra et domænenavn, der har samme suffiks som det krævede - domænenavn.

    • - -
  • CVE-2011-3563 - -

    Java Sound-komponenten kontrollerede ikke på korrekt vis arraygrænser. - Ondsindet inddata eller en Java-applikation eller -applet, der ikke er - tillid til, kunne udnytte fejlen til at få Java Virtual Machine til at gå - ned eller blotlægge dele af sin hukommelse.

    • - -
  • CVE-2011-5035 - -

    OpenJDK's indlejrede webserver sikrede ikke mod et overdrevet antal - forespørgselsparametre, hvilket førte til en lammelsesangrebssårbarhed - (denial of service), som involverede hash-kollisioner.

    • - -
  • CVE-2012-0497 - -

    Man opdagede, at Java2D ikke på korrekt vis kontrollerede - grafikrenderingobjekter, før de blev overført til den indbyggede - renderer. Det kunne føre til JVM-nedbrud eller omgåelse af - Java-sandkassen.

    • - -
  • CVE-2012-0501 - -

    Den centrale ZIP-mappefortolker, som anvendes af java.util.zip.ZipFile - gik i en uendelig løkke i native kode, når der blev behandlet en fabrikeret - ZIP-fil, førende til et lammelsesangreb.

    • - -
  • CVE-2012-0502 - -

    En fejl blev fundet i klassen AWT KeyboardFocusManager, som kunne gøre - det muligt for Java-applets, der ikke er tillid til, at få tastaturfokus og - muligvis stjæle følsomme oplysninger.

    • - -
  • CVE-2012-0503 - -

    Metoden java.util.TimeZone.setDefault() manglede et kald af - sikkerhedsmanageren, hvilket gjorde det muligt for en Java-applikation eller - -applet, som der ikke er tillid til, at opsætte en ny - standardtidszone.

    • - -
  • CVE-2012-0505 - -

    Java-serialiseringskoden lækkede referencer til serialiseringsexceptions, - muligvis førende til lækage af kritiske objekter til kode i Java-applets og - -applikationer, som der ikke er tillid til.

    • - -
  • CVE-2012-0506 - -

    Man opdagede, at CORBA-implementeringen i Java ikke på korrekt vis - beskyttede repositoryidentifikatorer (som kan skaffes via metoden - using _ids()) på visse Corba-objekter. Det kunne have været udnyttet til at - foretage ændringer af data, der skulle have været uforanderlige.

    • - -
  • CVE-2012-0507 - -

    Klasseimplementeringen af AtomicReferenceArray kontrollerede ikke på - korrekt vis, om et array havde den forventede Object[]-type. En ondsindet - Java-applikation eller -applet kunne anvende fejlen til at få Java Virtual - Machine til at gå ned eller til at omgå restriktioner på - Java-sandkassen.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -6b18-1.8.13-0+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 6b24-1.11.1-1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2420.data" diff --git a/danish/security/2012/dsa-2421.wml b/danish/security/2012/dsa-2421.wml deleted file mode 100644 index a65b0d214ee..00000000000 --- a/danish/security/2012/dsa-2421.wml +++ /dev/null @@ -1,74 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer er opdaget i Moodle, et kursushåndteringsystem til -onlineundervisning:

- -
    - -
  • CVE-2011-4308 / CVE-2012-0792 - -

    Rossiani Wijaya opdagede en informationslækage i - mod/forum/user.php.

    • - -
  • CVE-2011-4584 - -

    MNet-autentifikationen forhindrede ikke en bruger, der bruger - Login as i at springe til en fjernet MNet SSO.

    • - -
  • CVE-2011-4585 - -

    Darragh Enright opdagede, at formularen til ændring af adgangskoder blev - sendt i klar tekst over almindelig HTTP, selv hvis httpslogin var sat til - true.

    • - -
  • CVE-2011-4586 - -

    David Michael Evans og German Sanchez Gances opdagede sårbarheder i - forbindelse med CRLF-indsprøjtning/HTTP-svaropsplitning i - Calendar-modulet.

    • - -
  • CVE-2011-4587 - -

    Stephen Mc Guiness opdagede, at tomme adgangskoder kunne angives under - visse omstændigheder.

    • - -
  • CVE-2011-4588 - -

    Patrick McNeill opdagede, at IP-adresse-begrænsinger kunne omgås i - MNet.

    • - -
  • CVE-2012-0796 - -

    Simon Coggins opdagede, at yderligere oplysninger kunne indsprøjtes i - mailheadere.

    • - -
  • CVE-2012-0795 - -

    John Ehringer opdagede, at e-mail-adresser blev valideret på - utilstrækkelig vis.

    • - -
  • CVE-2012-0794 - -

    Rajesh Taneja opdagede, at cookie-krypteringen anvendte en fast - nøgle.

    • - -
  • CVE-2012-0793 - -

    Eloy Lafuente opdagede, at profilbilleder var utilstrækkeligt beskyttet. - En ny opsætningsindstilling, forceloginforprofileimages, er blevet - introduceret til det formål.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.9.9.dfsg2-2.1+squeeze3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.9.9.dfsg2-5.

- -

Vi anbefaler at du opgraderer dine moodle-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2421.data" diff --git a/danish/security/2012/dsa-2422.wml b/danish/security/2012/dsa-2422.wml deleted file mode 100644 index c2d7c35ec34..00000000000 --- a/danish/security/2012/dsa-2422.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="d61623bcab3e21765058a1d4dd1ccefc152632c2" mindelta="1" -manglende grænsekontroller - -

Værktøjet til at genkende filtyper, file, og dets tilhørende bibliotek, -libmagic, behandlede ikke på korrekt vis misdannede filer i formatet -Composite Document File (CDF), hvilket førte til nedbrud.

- -

Bemærk, at efter denne opdatering, kan file måske levere andre -genkendelsesresultater for CDF-filer (uanset om de er velskabte eller ej). -De nye genkendelser anses for at være mere nøjagtige.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -5.04-5+squeeze2.

- -

Vi anbefaler at du opgraderer dine file-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2422.data" diff --git a/danish/security/2012/dsa-2423.wml b/danish/security/2012/dsa-2423.wml deleted file mode 100644 index 9ae3a25bc8b..00000000000 --- a/danish/security/2012/dsa-2423.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="d5c02dfb967483449a87a45b43d9526560c87813" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Movable Type, et bloggingsystem:

- -

Under visse omstændigheder kunne en bruger, der har rettighederne Create -Entries eller Manage Blog, måske læse kendte filer på det lokale -filsystem.

- -

Filhåndteringssystemet indeholdt sårbarheder i forbindelse med -shellkommandoindsprøjtning, hvor den mest alvorlige måske kunne føre til -udførelse af vilkårlige styresystemskommandoer af en bruger, der har rettigheder -til at logge sig på administrationsskriptet og også har rettigheder til at -oplægge filer.

- -

Sårbarheder i forbindelse med sessionskapring og forfalskning af -forespørgsler på tværs af websteder fandtes i commenting- og -community-skripterne. En fjernbruger kunne kapre brugersessionen eller kunne -udføre vilkårlig skriptkode i offerets browser, under visse omstændigheder.

- -

Skabeloner, der ikke indkapsler variabler korrekt og mt-wizard.cgi indeholdt -sårbarheder i forbindelse med udførelse af skripter på tværs af websteder.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -4.3.8+dfsg-0+squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 5.1.3+dfsg-1.

- -

Vi anbefaler at du opgraderer dine movabletype-opensource-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2423.data" diff --git a/danish/security/2012/dsa-2424.wml b/danish/security/2012/dsa-2424.wml deleted file mode 100644 index c3330a3efcb..00000000000 --- a/danish/security/2012/dsa-2424.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="bd00b3c138abe83311330fdd18668d56da35e187" mindelta="1" -udvidelse af eksterne XML-entiteter - -

Man opdagede, at Perl-modulet XML::Atom ikke deaktiverede eksterne entiteter, -når det fortolkede XML fra kilder, som der potentielt ikke er tillid til. -Dermed var der måske mulighed for, at angribere kunne få læseadgang til ellers -beskyttede ressourcer, afhængigt af hvordan biblioteket blev benyttet.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.37-1+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 0.39-1.

- -

Vi anbefaler at du opgraderer dine libxml-atom-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2424.data" diff --git a/danish/security/2012/dsa-2425.wml b/danish/security/2012/dsa-2425.wml deleted file mode 100644 index 101363cfc3d..00000000000 --- a/danish/security/2012/dsa-2425.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="9c5168e7c9aef4fa927f482b2b3bc3a9ea73fd53" mindelta="1" -bufferoverløb - -

Man opdagede, at PLIB, et bibliotek som anvendes af TORCS, indeholdt et -bufferoverløb i behandlingen af fejlmeddelelser, hvilket kunne gøre det muligt -for fjernangribere at udføre vilkårlig kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.8.5-5+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 1.8.5-5.1.

- -

Vi anbefaler at du opgraderer dine plib-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2425.data" diff --git a/danish/security/2012/dsa-2426.wml b/danish/security/2012/dsa-2426.wml deleted file mode 100644 index 015831694f3..00000000000 --- a/danish/security/2012/dsa-2426.wml +++ /dev/null @@ -1,68 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i GIMP, GNU Image Manipulation Program.

- -
    - -
  • CVE-2010-4540 - -

    Et stakbaseret bufferoverløb i funktionen load_preset_response i - plug-ins/lighting/lighting-ui.c i plugin'en LIGHTING EFFECTS & LIGHT, - gjorde det muligt for brugerhjulpne fjernangribere at forårsage et - lammelsesangreb (denial of service, applikationsnedbrud) eller muligvis - udføre vilkårlig kode via et langt Position-felt i en - pluginopsætningsfil.

    • - -
  • CVE-2010-4541 - -

    Et stakbaseret bufferoverløb i loadit-funktionen i - plug-ins/common/sphere-designer.c i plugin'en SPHERE DESIGNER, gjorde det - muligt for brugerhjulpne fjernangribere at forårsage et lammelsesangreb - (applikationsnedbrud) eller muligvis udføre vilkårlig kode via et langt - "Number of lights"felt i in pluginopsætningsfil.

    • - -
  • CVE-2010-4542 - -

    Et stakbaseret bufferoverløb i funktionen gfig_read_parameter_gimp_rgb - i plugin'en GFIG, gjorde det muligt for brugerhjulpne fjernangribere at - forårsage et lammelsesangreb (applikationsnedbrud) eller muligvis udførelse - af vilkårlig kode via et langt Foreground-felt i en - pluginopsætningsfil.

    • - -
  • CVE-2010-4543 - -

    Et heapbaseret bufferoverløb i funktionen read_channel_data i file-psp.c - i Paint Shop Pro-plugin'en (PSP), gjorde det muligt for fjernangribere, at - forårsage et lammelsesangreb (applikationsnedbrud) eller muligvis udføre - vilkårlig kode via en PSP_COMP_RLE-billedfil (alias RLE-kompression), der - begynder med en lang run count i slutningen af billedet.

    • - -
  • CVE-2011-1782 - -

    Rettelsen af \ - CVE-2010-4543 var ikke komplet.

    • - -
  • CVE-2011-2896 - -

    LZW-udpakkeren i funktionen LZWReadByte i plug-ins/common/file-gif-load.c, - håndterede ikke på korrekt vis kodeord, som ikke er til stede i - dekomprimeringstabellen, når der stødes på dem, hvilket gjorde det muligt - for fjernangribere at udløse en uendelig løkke eller et heapbaseret - bufferoverløb, samt muligvis udføre vilkårlig kode via en fabrikeret - komprimeringsstream.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -2.6.10-1+squeeze3.

- -

I distributionen testing (wheezy) and the ustabile distribution (sid), er -disse problemer rettet i version 2.6.11-5.

- -

Vi anbefaler at du opgraderer dine gimp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2426.data" diff --git a/danish/security/2012/dsa-2427.wml b/danish/security/2012/dsa-2427.wml deleted file mode 100644 index f985fb9bb41..00000000000 --- a/danish/security/2012/dsa-2427.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

To sikkerhedssårbarheder i forbindelse med EXIF-behandling, blev opdaget i -ImageMagick, en suite af programmer til billedbehandling.

- -
    - -
  • CVE-2012-0247 - -

    Ved fortolkning af et ondsindet fremstillet billede med ukorrekt offset - og optælling i ResolutionUnit-tag'et i EXIF IFD0, skrev ImageMagick to bytes - til en ugyldig adresse.

    • - -
  • CVE-2012-0248 - -

    Ved fortolkning af et ondsindet fremstillet billede med en IFD, hvor - samtlige IOP-tagværdioffset peger på begyndelsen af IFD'en selv, medførte det - en uendelig løkke og et lammelsesangreb (denial of service).

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -8:6.6.0.4-3+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 8:6.6.9.7-6.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2427.data" diff --git a/danish/security/2012/dsa-2428.wml b/danish/security/2012/dsa-2428.wml deleted file mode 100644 index 229733e917f..00000000000 --- a/danish/security/2012/dsa-2428.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="d84be02b1535aa5342f6b12d9fc8dd214ddd101a" mindelta="1" -flere sårbarheder - - -

Mateusz Jurczyk fra Google Security Team opdagede flere sårbarheder i -Freetypes fortolkning af BDF-, Type1- og TrueType-skrifttyper, hvilket kunne -medføre udførelse af vilkårlig kode, hvis en misdannet skrifttypefil blev -behandlet.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.4.2-2.1+squeeze4. De opdaterede pakker har været tilgængelige siden i går, -men bulletinens tekst kunne ikke sendes tidligere.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine freetype-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2428.data" diff --git a/danish/security/2012/dsa-2429.wml b/danish/security/2012/dsa-2429.wml deleted file mode 100644 index d08ba1fc41f..00000000000 --- a/danish/security/2012/dsa-2429.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="4f062843e055a3603917447ca7637749b2f4ace2" mindelta="1" -flere sårbarheder - - -

Da Oracle ikke afslører oplysninger om sikkerhedsrettelser, er vi nødt til -at udsende en opstrømsversion af MySQL 5.1. Der er flere ændringer, der -medfører inkompabilitet, og som er anført i -/usr/share/doc/mysql-server/NEWS.Debian.gz.

- -

Flere sikkerhedssårbarheder blev opdaget i MySQL, et -databasehåndteringssystem. Sårbarhederne løses ved at opgradere til en nye -opstrømsversion, 5.1.61, der indeholder yderligere ændringer, så som forbedret -ydeevne og rettelse af fejl, der gav datatab. Ændringerne er beskrevet i -MySQL's udgivelsesbemærkninger på: -.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -5.1.61-0+squeeze1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -5.1.61-2.

- -

Vi anbefaler at du opgraderer dine mysql-5.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2429.data" diff --git a/danish/security/2012/dsa-2430.wml b/danish/security/2012/dsa-2430.wml deleted file mode 100644 index b3e3e3555ad..00000000000 --- a/danish/security/2012/dsa-2430.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="f1551c44d5630ff3cfa645fc21e2dc8c3c64d04d" mindelta="1" -dobbelt frigivelse - -

Markus Vervier opdagede en dobbelt frigivelse i Python-grænsefladen til -PAM-biblioteket, hvilket kunne føre til lammelsesangreb (denial of service).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.4.2-12.2+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.4.2-13.

- -

Vi anbefaler at du opgraderer dine python-pam-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2430.data" diff --git a/danish/security/2012/dsa-2431.wml b/danish/security/2012/dsa-2431.wml deleted file mode 100644 index ba81bbebd49..00000000000 --- a/danish/security/2012/dsa-2431.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="32e1e7b9240cab7f8f294e2c4369bd91749f9091" mindelta="1" -formatstrengssårbarheder - -

Niko Tyni opdagede to formatstrengssårbarheder i DBD::Pg, en Perl DBI-driver -til databaseserveren PostgreSQL, der kunne udnyttes af en skrupelløs -databaseserver.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.17.1-2+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.19.0-1.

- -

Vi anbefaler at du opgraderer dine libdbd-pg-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2431.data" diff --git a/danish/security/2012/dsa-2432.wml b/danish/security/2012/dsa-2432.wml deleted file mode 100644 index f764f66c60c..00000000000 --- a/danish/security/2012/dsa-2432.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="56783fd0bd5612c11198af49c76722934066db78" mindelta="1" -formatstrengssårbarheder - -

Dominic Hargreaves og Niko Tyni opdagede to formatstrengssårbarheder i -YAML::LibYAML, en Perl-grænseflade til libyaml-biblioteket.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.33-1+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.38-2.

- -

Vi anbefaler at du opgraderer dine libyaml-libyaml-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2432.data" diff --git a/danish/security/2012/dsa-2433.wml b/danish/security/2012/dsa-2433.wml deleted file mode 100644 index c17f84dab3a..00000000000 --- a/danish/security/2012/dsa-2433.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Iceweasel, en webbrowser baseret på Firefox. -Det medfølgende XULRunner-bibliotek indeholder renderingservices til flere andre -applikationer, som Debian distribuerer.

- -
    - -
  • CVE-2012-0455 - -

    Soroush Dalili opdagede, at en modforanstaltning til udførelse af - skripter på tværs af websteder, relateret til JavaScript-URL'er, kunne - omgås.

    • - -
  • CVE-2012-0456 - -

    Atte Kettunen opdagede, at en læsning uden for grænserne i SVG - Filters, medførte hukommelsesblotlægning.

    • - -
  • CVE-2012-0458 - -

    Mariusz Mlynski opdagede, at rettighederne kunne forøges gennem en - JavaScript-URL som hjemmeside.

    • - -
  • CVE-2012-0461 - -

    Bob Clary opdagede hukommelseskorruptionsfejl, der kunne føre til - udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.5.16-13.

- -

I den ustabile distribution (sid), er dette problem rettet i version -10.0.3esr-1.

- -

For the experimental distribution, er dette problem rettet i version -11.0-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2433.data" diff --git a/danish/security/2012/dsa-2434.wml b/danish/security/2012/dsa-2434.wml deleted file mode 100644 index 58de0ccace9..00000000000 --- a/danish/security/2012/dsa-2434.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="4f00af446769c7ac488a3221255daa5ef0475f51" mindelta="1" -lækage af følsomme oplysninger - -

Matthew Daley opdagede en hukommelsesblotlæggelsesårbarhed i nginx. I -tidligere version af denne webserver, kunne en angriber modtage indholdet af -tidligere frigivet hukommelse, hvis en opstrømsserver returnerede et særligt -fremstillet HTTP-svar, hvilket potentielt blotlagde følskomme oplysninger.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.7.67-3+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.1.17-1.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2434.data" diff --git a/danish/security/2012/dsa-2435.wml b/danish/security/2012/dsa-2435.wml deleted file mode 100644 index aec0f566b3d..00000000000 --- a/danish/security/2012/dsa-2435.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Gnash, GNU Flash-afspilleren.

- -
    - -
  • CVE-2012-1175 - -

    Tielei Wang fra Georgia Tech Information Security Center opdagede en - sårbarhed i GNU Gnash, der skyldtes en heltalsoverløbsfejl og kunne udnyttes - til at forårsage et heap-baseret bufferoverløb ved at narre en bruger til at - åbne en særligt fremstillet SWF-fil.

    • - -
  • CVE-2011-4328 - -

    Alexander Kurtz opdagede et tilfælde af usikker håndtering af - HTTP-cookies. Cookiefiler gemmes under /tmp og har forudsigelige navne, og - sårbarheden gjorde det muligt for en lokal angriber, at overskrive - vilkårlige filer, som brugerne har skriverettigheder til og som også er - skrivbare for alle, hvilket kunne forårsage en informationslækage.

    • - -
  • CVE-2010-4337 - -

    Jakub Wilk et tilfælde af usikker håndtering af midlertidige filer under - buildprocessen. Filer gemmes under /tmp og har forudsigelige navne, og - sårbarheden gjorde det muligt for en lokal angriber, at overskrive - vilkårlige filer, som brugerne har skriverettigheder til.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.8.8-5+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.8.10-5.

- -

Vi anbefaler at du opgraderer dine gnash-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2435.data" diff --git a/danish/security/2012/dsa-2436.wml b/danish/security/2012/dsa-2436.wml deleted file mode 100644 index b2a26b3cbc7..00000000000 --- a/danish/security/2012/dsa-2436.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="358925a61810f905a1cd2f138148de315485ea31" mindelta="1" -inaktive ressourcebegrænsinger - -

Man opdagede, at Apaches FCGID-modul, en FastCGI-implementering, ikke på -korrekt vis håndhævede ressourcebegrænsningen FcgidMaxProcessesPerClass, hvilket -gjorde kontrollen ineffektiv og desuden potenielt gjorde det muligt for en -virtuel vært at have et kæmpestort ressourceforbrug.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:2.3.6-1+squeeze1.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:2.3.6-1.1.

- -

Vi anbefaler at du opgraderer dine libapache2-mod-fcgid-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2436.data" diff --git a/danish/security/2012/dsa-2437.wml b/danish/security/2012/dsa-2437.wml deleted file mode 100644 index 900842be30b..00000000000 --- a/danish/security/2012/dsa-2437.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Icedove, en varemærkefri udgave af -mail-/newsklienten Thunderbird.

- -
    - -
  • CVE-2012-0455 - -

    Soroush Dalili opdagede, at en modforanstaltning til udførelse af - skripter på tværs af websteder, relateret til JavaScript-URL'er, kunne - omgås.

    • - -
  • CVE-2012-0456 - -

    Atte Kettunen opdagede, at en læsning uden for grænserne i SVG - Filters, medførte hukommelsesblotlægning.

    • - -
  • CVE-2012-0458 - -

    Mariusz Mlynski opdagede, at rettighederne kunne forøges gennem en - JavaScript-URL som hjemmeside.

    • - -
  • CVE-2012-0461 - -

    Bob Clary opdagede hukommelseskorruptionsfejl, der kunne føre til - udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.0.11-1+squeeze8.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2437.data" diff --git a/danish/security/2012/dsa-2438.wml b/danish/security/2012/dsa-2438.wml deleted file mode 100644 index f00dfa7316b..00000000000 --- a/danish/security/2012/dsa-2438.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="afcf88224800ae982dce112c4ea1348a349fec4a" mindelta="1" -programmeringsfejl - -

Man opdagede, at Raptor, et bibliotek til fortolkning og serialisering af -RDF, tillod filinkludering gennem XML-entiteter, medførende -informationsafsløring.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.4.21-2+squeeze1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine raptor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2438.data" diff --git a/danish/security/2012/dsa-2439.wml b/danish/security/2012/dsa-2439.wml deleted file mode 100644 index 3f1e32abe94..00000000000 --- a/danish/security/2012/dsa-2439.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="2360ed6556e1fb180630dd5a2465af76ebded03e" mindelta="1" -bufferoverløb - -

Glenn-Randers Pehrson opdagede et bufferoverløb i PNG-biblioteket libpng, som -kunne føre til udførelse af vilkårlig kode, hvis et misdannet billede blev -behandlet.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.2.44-1+squeeze3. Pakkerne til i386 er endnu ikke tilgængelige, men vil være -klar om kort tid.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libpng-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2439.data" diff --git a/danish/security/2012/dsa-2440.wml b/danish/security/2012/dsa-2440.wml deleted file mode 100644 index 454340e001c..00000000000 --- a/danish/security/2012/dsa-2440.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="6d32495d1ea3eeace4c0f4c6bbc7fc70d11a7ea7" mindelta="1" -manglende grænsekontrol - -

Matthew Hall opdagede, at mange kald af funktionen asn1_get_length_der ikke -kontrollerede resultatet mod den overordnede bufferlængde, før det blev -yderligere behandlet. Det kunne medføre hukommelsestilgang uden for grænserne -og applikationsnedbrud. Applikationer, der anvender GNUTLS er ramte af dette -problem.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.7-1+squeeze+1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.12-1.

- -

Vi anbefaler at du opgraderer dine libtasn1-3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2440.data" diff --git a/danish/security/2012/dsa-2441.wml b/danish/security/2012/dsa-2441.wml deleted file mode 100644 index 5d0f74dacc6..00000000000 --- a/danish/security/2012/dsa-2441.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="508bd4f99e87fa86aaef61d1f7cd284a2517a796" mindelta="1" -manglende grænsekontrol - -

Matthew Hall opdagede, at GNUTLS ikke på korrekt vis håndterede trunkerede -GenericBlockCipher-strukturer gentaget i TLS-poster, hvilket førte til nedbrud i -applikationer, der anvender GNUTLS-biblioteket.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.8.6-1+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.12.18-1 af pakken gnutls26 og i version 3.0.17-2 af pakken gnutls28.

- -

Vi anbefaler at du opgraderer dine gnutls26-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2441.data" diff --git a/danish/security/2012/dsa-2442.wml b/danish/security/2012/dsa-2442.wml deleted file mode 100644 index c16739d66c9..00000000000 --- a/danish/security/2012/dsa-2442.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="9ac43a4f96c424f8e609f457e540df67c60ccec9" mindelta="1" -UDP-trafikforstærkelse - -

Man opdagede, at forfalskede getstatus-UDP-forespørgsler blev sendt -af angribere til servere, til brug med spil baseret på Quake 3-maskinen (så som -openarena). Serverer svarerer med en flod af pakker til offeret, hvis -IP-adresse blev forfalsket af angriberne, forårsagende et lammelsesangreb -(denial of service).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.8.5-5+squeeze3.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 0.8.5-6.

- -

Vi anbefaler at du opgraderer dine openarena-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2442.data" diff --git a/danish/security/2012/dsa-2443.wml b/danish/security/2012/dsa-2443.wml deleted file mode 100644 index 7769095591c..00000000000 --- a/danish/security/2012/dsa-2443.wml +++ /dev/null @@ -1,76 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/lammelsesangreb - - -

Flere sårbarheder er opdaget i Linux-kernen, som kunne føre til et -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2009-4307 - -

    Nageswara R Sastry rapporterede om et problem i ext4-filsystemet. Lokale - brugere med rettigheder til at mounte et filsystem, kunne forårsage et - lammelsesangreb (BUG) ved at levere en s_log_groups_per_flex-værdi større - end 31.

    • - -
  • CVE-2011-1833 - -

    Vasiliy Kulikov fra Openwall og Dan Rosenberg opdagede en - informationslækage i eCryptfs-filsystemet. Lokale brugere kunne mounte - vilkårlige mapper.

    • - -
  • CVE-2011-4347 - -

    Sasha Levin rapporterede om et problem i funktionaliteten til tildeling - af enheder i KVM. Lokale brugere med rettigheder til at tilgå /dev/kvm, - kunne tildele ubenyttede pci-enheder til en gæst og forårsage et - lammelsesangreb (nedbrud).

    • - -
  • CVE-2012-0045 - -

    Stephan Barwolf rapporterede om et problem i KVM. Lokale brugere af en - 32 bitgæst, som kører på et 64 bit-system, kunne få gæsten til at gå ned med - en syscall-instruktion.

    • - -
  • CVE-2012-1090 - -

    CAI Qian rapporterede om et problem i CIFS-filsystemet. En lækage af en - referencetæller kunne opstå under opslag af særlige filer, medførende et - lammelsesangreb (oops) ved umount.

    • - -
  • CVE-2012-1097 - -

    H. Peter Anvin rapporterede om et problem i regset-infrastrukturen. - Lokale brugere kunne forårsage et lammelsesangreb (NULL-pointerdereference) - ved at udløse readonly-regsets skrivemetoder.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.6.32-41squeeze2.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage nytte af opdateringen:

- -
- - - - - - - - - -
 Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+41squeeze2
-
- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- -

Tak til Micah Anderson for korrekturlæsning af denne teksts engelske udgave.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2443.data" diff --git a/danish/security/2012/dsa-2444.wml b/danish/security/2012/dsa-2444.wml deleted file mode 100644 index 4dcdc84d604..00000000000 --- a/danish/security/2012/dsa-2444.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="bf96033a90eb1c777fb6c0e3582d03a76333941b" mindelta="1" -rettighedsforøgelse - -

Man opdagede, at applikationsframeworket Tryton til Python, gjorde det muligt -for autentificerede brugere, at forøge deres rettigheder, ved at redigere feltet -Many2Many.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.6.1-2+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.2.2-1.

- -

Vi anbefaler at du opgraderer dine tryton-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2444.data" diff --git a/danish/security/2012/dsa-2445.wml b/danish/security/2012/dsa-2445.wml deleted file mode 100644 index 61ad7aece8e..00000000000 --- a/danish/security/2012/dsa-2445.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere fjernudnytbare sårbarheder er opdaget i TYPO3, et framework til -håndtering af webindhold:

- -
    - -
  • CVE-2012-1606 - -

    Manglende korrekt HTML-indkapsling af brugerleverede data flere steder, - gjorde TYPO3-backend'en sårbar over for udførelse af skripter på tværs af - websteder. En gyldig backendbruger er krævet for at udnytte disse - sårbarheder.

    • - -
  • CVE-2012-1607 - -

    Tilgang til et CLI-skript direkte fra browseren, kunne måske blotlægge - det databasenavn, som TYPO3-installationen anvender.

    • - -
  • CVE-2012-1608 - -

    Ved ikke at fjerne ikke-skrivbare tegn, lykkedes det ikke for API-metoden - t3lib_div::RemoveXSS() at bortfiltrere særligt fremstillede - HTML-indsprøjtninger, og dermed var den sårbar over for udførelse af - skripter på tværs af websteder.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -4.3.9+dfsg1-1+squeeze3.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 4.5.14+dfsg1-1.

- -

Vi anbefaler at du opgraderer dine typo3-src-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2445.data" diff --git a/danish/security/2012/dsa-2446.wml b/danish/security/2012/dsa-2446.wml deleted file mode 100644 index f4585293c33..00000000000 --- a/danish/security/2012/dsa-2446.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="b291f295ba1a1eed66c52b99f674230386c6ed82" mindelta="1" -ukorrekt hukommelseshåndtering - -

Man opdagede, at ukorrekt hukommelseshåndtering i funktionen png_set_text2() -i PNG-biblioteket, kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -libpng_1.2.44-1+squeeze4.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libpng-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2446.data" diff --git a/danish/security/2012/dsa-2447.wml b/danish/security/2012/dsa-2447.wml deleted file mode 100644 index fa04ae09c62..00000000000 --- a/danish/security/2012/dsa-2447.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="a9e432a75260c43416433130428b031d1f3bcba6" mindelta="1" -heltalsoverløb - -

Alexander Gavrun opdagede et heltalsoverløb i TIFF-biblioteket i -fortolkningen af TileSize-post, hvilket kunne medføre udførelse af vilkårlig -kode hvis et misdannet billede blev åbnet.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.9.4-5+squeeze4.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2447.data" diff --git a/danish/security/2012/dsa-2448.wml b/danish/security/2012/dsa-2448.wml deleted file mode 100644 index 7965e4aa557..00000000000 --- a/danish/security/2012/dsa-2448.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="c10c3bc990afcfde152dbf3d37411f5a0eb19295" mindelta="1" -bufferoverløb - -

Man opdagede, at et heap-baseret bufferoverløb i InspIRCd kunne gøre det -muligt for fjernangribere, at udføre vilkårlig kode via et fabrikeret -DNS-opslag.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.1.22+dfsg-4+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -1.1.22+dfsg-4+wheezy1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.0.5-0.1.

- -

Vi anbefaler at du opgraderer dine inspircd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2448.data" diff --git a/danish/security/2012/dsa-2449.wml b/danish/security/2012/dsa-2449.wml deleted file mode 100644 index ceb758bf361..00000000000 --- a/danish/security/2012/dsa-2449.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="34aee0588c61711eda04726e70e7e3aaf3670e8c" mindelta="1" -manglende fornuftighedskontrol af inddata - -

Man opdagede, at SQLAlchemy, et SQL-værktøjssæt og -objekt-relationsmapper -til Python, ikke fornuftighedskontrollerede inddata overført til keyword'ene -limit/offset til select() så vel som værdien overført til -select.limit()/offset(). Dermed var det muligt for en angriber at udføre -SQL-indsprøjtningsangreb mod applikationer, som anvender SQLAlchemy og som ikke -har implementeret deres egen filtrering.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.6.3-3+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -0.6.7-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.6.7-1.

- -

Vi anbefaler at du opgraderer dine sqlalchemy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2449.data" diff --git a/danish/security/2012/dsa-2450.wml b/danish/security/2012/dsa-2450.wml deleted file mode 100644 index 0b536d0b1c3..00000000000 --- a/danish/security/2012/dsa-2450.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="2be00dcc53671e22a0d070fccf666d068982cbf1" mindelta="1" -rettighedsforøgelse - -

Man opdagede, at Samba, SMB/CIFS-fil-, print-, og loginserveren, indeholdt en -fejl i remote procedure call-koden (RPC), der gjorde det muligt af fjernudføre -kode som en superbruger fra en uautentificeret forbindelse.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2:3.5.6~dfsg-3squeeze7.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2:3.6.4-1.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2450.data" diff --git a/danish/security/2012/dsa-2451.wml b/danish/security/2012/dsa-2451.wml deleted file mode 100644 index c29f6352dc1..00000000000 --- a/danish/security/2012/dsa-2451.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Puppet, et centraliceret system til -håndtering af konfigurationer. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2012-1906 - -

    Puppet anvender forudsigelige filnavne, der der downloades Mac OS - X-pakkefiler. Dermed var det muligt for en lokal angriber, enten at - overskrive vilkårlige filer på systemet eller at installere en vilkårlig - pakker.

    • - -
  • CVE-2012-1986 - -

    Ved håndtering af forespørgsler af filer fra en fjern filebucket, kunne - Puppet blive narret til at overskrive dets definerede placering af - filebucket-storage. Dermed var det muligt for en autoriseret angriber med - adgang til Puppet-masteren at læse vilkårlige filer.

    • - -
  • CVE-2012-1987 - -

    Puppet håndterede filebucket store-forespørgsler på ukorrekt vis. Dermed - var det muligt for en angriber at udvære lammelsesangreb (denial of service) - mod Puppet ved at opbruge ressourcer.

    • - -
  • CVE-2012-1988 - -

    Puppet håndterede filebucket-forespørgsler forkert. Dermed var det - muligt for en angriber med adgang til et certifikat på agenten og en - upriviligerede konto på Puppet-masteren, at udføre vilkårlig kode via - fabrikerede filstinavne og foretage en filebucket-forespørgsel.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.6.2-5+squeeze5.

- -

I distributionen testing (wheezy), er dette problem rettet i version -2.7.13-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.7.13-1.

- -

Vi anbefaler at du opgraderer dine puppet-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2451.data" diff --git a/danish/security/2012/dsa-2452.wml b/danish/security/2012/dsa-2452.wml deleted file mode 100644 index cfd4d95f9ae..00000000000 --- a/danish/security/2012/dsa-2452.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="7afafa2d17073754ef6731f3f0f580e520dc0d56" mindelta="1" -usikker standardopsætning - -

Niels Heinen bemærkede, et sikkerhedsproblem i Apaches standardopsætning på -Debian, hvis visse scripting-moduler, så som mod_php eller mod_rivet er -installeret. Problemer viser sig, fordi mappen /usr/share/doc, som er mappet -til URL'en /doc, kan indeholder skripteksempler, der kan udføres når denne URL -besøges. Selv om adgang til URL'en /doc er begrænset til forbindelser fra -localhost, opstår der stadig sikkerhedsproblemer i forbindelse med to specifikke -opsætninger:

- -
    -
  • -hvis en frontendserver på den samme host forward'er forbindelser til en -apache2-backendserver på localhostaddressen, eller -
    • -
  • -hvis maskinen, der kører apache2, også anvendes til webbrowsing. -
    • -
- -

Systemer, der ikke opfylder en af disse to betingelser, er så vidt vides ikke -sårbare. Den faktiske sikkerhedspåvirkning er afhængig af, hvilke pakker (og -dermed hvilke eksempelskripter) er installeret på systemet. Mulige problemer er -blandt andre udførelser af skripter tværs af servere, udførelse af kode eller -lækage af følsomme oplysninger.

- -

Opdateringen fjerner de problematiske opsætningsafsnit fra filerne -/etc/apache2/sites-available/default og .../default-ssl. Når man opgraderer, -bør man ikke blindt indføre ændringerne, dvs. fjernelsen af lijen Alias /doc -"/usr/share/doc" og den relaterede blok -<Directory "/usr/share/doc/">, i ens version af disse -opsætningsfiler. Man bør også kontrollere, hvis man har kopieret disse afsnit -til yderligere en virtuel hosts opsætning.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.2.16-6+squeeze7.

- -

I distributionen testing (wheezy), vil dette problem blive rettet i version -2.2.22-4.

- -

I den ustabile distribution (sid), vil dette problem blive rettet i version -2.2.22-4.

- -

I den eksperimentelle distribution, er dette problem rettet i version -2.4.1-3.

- -

Vi anbefaler at du opgraderer dine apache2-pakker samt tilpasse din -opsætning.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2452.data" diff --git a/danish/security/2012/dsa-2453.wml b/danish/security/2012/dsa-2453.wml deleted file mode 100644 index 6213fe76d27..00000000000 --- a/danish/security/2012/dsa-2453.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Gajim, en funktionsrig Jabber-klient. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2012-1987 - -

    Gajim fornuftighedskontrollerede ikke på korrekt vis inddata, før de blev - overført til shell-kommandoer. En angriber kunne udnytte fejlen til at - udføre vilkårlig kode på vegne af offeret, hvis brugeren fx klikkede på en - særligt fremstillet URL i en chatbesked.

    • - -
  • CVE-2012-2093 - -

    Gajim anvendte forudsigelige midlertidige filer på en usikker måde, når - chatbeskeder indeholdende LaTeX blev konverteret til billeder. En lokal - angriber kunne udnytte fejlen til at udføre symlink-angrib samt overskrive - filer, som offeret har skriveadgang til.

    • - -
  • CVE-2012-2086 - -

    Gajim fornuftighedskontrollerede ikke på korrekt vis inddata, når der - blev logget samtaler, hvilket medførte, at der var mulighed for at udføre - angreb i forbindelse med indsprøjtning af SQL.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.13.4-3+squeeze3.

- -

I distributionen testing (wheezy), er dette problem rettet i version -0.15-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.15-1.

- -

Vi anbefaler at du opgraderer dine gajim-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2453.data" diff --git a/danish/security/2012/dsa-2454.wml b/danish/security/2012/dsa-2454.wml deleted file mode 100644 index 0948a1d30c4..00000000000 --- a/danish/security/2012/dsa-2454.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i OpenSSL. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2012-0884 - -

    Ivan Nestlerode opdagede en svaghed i implementeringerne af CMS og PKCS - #7, som kunne gøre det muligt for en angriber, at dekryptere data via et - Million Message Attack (MMA).

    • - -
  • CVE-2012-1165 - -

    Man opdagede, at en NULL-pointer kunne blive derefereret når der blev - fortolket visse S/MIME-meddelelser, førende til lammelsesangreb (denial of - service).

    • - -
  • CVE-2012-2110 - -

    Tavis Ormandy, Google Security Team, opdagede en sårbarhed i den måde, - DER-enkodede ASN.1-data blev fortolket, hvilket kunne medføre et - heapoverløb.

    • - -
- -

Desuden er rettelsen af -\ -CVE-2011-4619 blevet opdateret, for at løse et problem med -SGC-handshakes.

- -

Tomas Hoger, Red Hat, opdagede at rettelsen af -CVE-2012-2110 -til 0.9.8-rækken af OpenSSL ikke var komplet. Det er blevet registreret som -CVE-2012-2131.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -0.9.8o-4squeeze12.

- -

I distributionen testing (wheezy), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.0.1a-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2454.data" diff --git a/danish/security/2012/dsa-2455.wml b/danish/security/2012/dsa-2455.wml deleted file mode 100644 index 0861b4855e0..00000000000 --- a/danish/security/2012/dsa-2455.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="ac15e795f18dac3f2107abb00781c568df915f7f" mindelta="1" -manglende fornuftighedskontrol af inddata - -

Helmut Hummel fra TYPO3's sikkerhedsteam, opdagede at TYPO3, et system til -håndtering af webinhold, ikke på korrekt vis fornuftighedskontrollerede uddata -fra exceptionhandleren. Dermed var det muligt for en angriber, at iværksætte -angreb i forbindelse med udførelse af skripter på tværs af websteder, hvis enten -en trejdepartsudvidelse var installeret, som ikke foretog fornuftighedskontrol -af disse uddata på egen hånd eller hvis der var udvidelser, som anvender -extbase MVC-frameworket, som accepterer objects to controller-handlinger.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.3.9+dfsg1-1+squeeze4.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine typo3-src-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2455.data" diff --git a/danish/security/2012/dsa-2456.wml b/danish/security/2012/dsa-2456.wml deleted file mode 100644 index 8a22130b53d..00000000000 --- a/danish/security/2012/dsa-2456.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="54823ab4765714082914e01b7ef696de7c540d23" mindelta="1" -anvendelse efter frigivelse - -

Danny Fullerton opdagede et tilfælde af anvendelse efter frigivelse i -SSH-dæmonen Dropbear SSH, hvilket potentielt kunne medføre udførelse af -vilkårlig kode. Udnyttelsen er begrænset til brugere, der er autentificeret -ved hjælp af en offentlig nøgle og for hvem der er gælder -kommandobegrænsninger.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.52-5+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -2012.55-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2012.55-1.

- -

Vi anbefaler at du opgraderer dine dropbear-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2456.data" diff --git a/danish/security/2012/dsa-2457.wml b/danish/security/2012/dsa-2457.wml deleted file mode 100644 index 3a3d58735a2..00000000000 --- a/danish/security/2012/dsa-2457.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i Iceweasel, en webbrowser baseret på Firefox. -Det medfølgende XULRunner-bibliotek leverer renderingservies til flere andre -applikationer, som er tilgængelige i Debian.

- -
    - -
  • CVE-2012-0467 - -

    Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, - Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward og Olli Pettay - opdagede hukommelseskorruptionsfejl, som kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2012-0470 - -

    Atte Kettunen opdagede, at en hukommelseskorruptionsfejl i - gfxImageSurface måske kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2012-0471 - -

    Anne van Kesteren opdagede, at ukorrekt multibyte-tegn-encoding måske - kunne føre til udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2012-0477 - -

    Masato Kinugawa opdagede, at ukorrekt encoding af koreanske og kinesiske - tegnsæt måske kunne føre til udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2012-0479 - -

    Jeroen van der Gun opdagede en forfalskningssårbarhed i præsentationen af - Atom- og RSS-feeds over HTTPS.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.5.16-15.

- -

I den ustabile distribution (sid), er dette problem rettet i version -10.0.4esr-1.

- -

I den eksperimentelle distribution, vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2457.data" diff --git a/danish/security/2012/dsa-2458.wml b/danish/security/2012/dsa-2458.wml deleted file mode 100644 index 5994452b42d..00000000000 --- a/danish/security/2012/dsa-2458.wml +++ /dev/null @@ -1,69 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i internetsuiten Iceape, en mærkevarefri udgave -af Seamonkey:

- -
    - -
  • CVE-2012-0455 - -

    Soroush Dalili opdagede, at modforansaltninger mod udførelse af skripter - op tværs af websteder i forbindelse med JavaScript-URL'er kunne - omgås.

    • - -
  • CVE-2012-0456 - -

    Atte Kettunen opdagede, at en læsning uden for grænserne i SVG Filters - medførte hukommelsesblotlæggelse.

    • - -
  • CVE-2012-0458 - -

    Mariusz Mlynski opdagede, at rettigheder kunne forøges ved hjælp af en - JavaScript-URL som hjemmeside.

    • - -
  • CVE-2012-0461 - -

    Bob Clary opdagede hukommelseskorruptionsfejl, som måske kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2012-0467 - -

    Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, - Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward og Olli Pettay - opdagede hukommelseskorruptionsfejl, som kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2012-0470 - -

    Atte Kettunen opdagede, at en hukommelseskorruptionsfejl i - gfxImageSurface måske kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2012-0471 - -

    Anne van Kesteren opdagede, at ukorrekt multibyte-tegn-encoding måske - kunne føre til udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2012-0477 - -

    Masato Kinugawa opdagede, at ukorrekt encoding af koreanske og kinesiske - tegnsæt måske kunne føre til udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2012-0479 - -

    Jeroen van der Gun opdagede en forfalskningssårbarhed i præsentationen af - Atom- og RSS-feeds over HTTPS.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.0.11-12

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2458.data" diff --git a/danish/security/2012/dsa-2459.wml b/danish/security/2012/dsa-2459.wml deleted file mode 100644 index 2ce03da5421..00000000000 --- a/danish/security/2012/dsa-2459.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Quagga, en routing-dæmon.

- -
    - -
  • CVE-2012-0249 - -

    Et bufferoverløb i funktionen ospf_ls_upd_list_lsa i implementeringen af - OSPFv2, gjorde det muligt for fjernangribere at forårsage et lammelssangreb - (assertion-fejl og dæmonexit) via en Link State Update-pakke (alias LS - Update), som er mindre end længden angivet i dens header.

    • - -
  • CVE-2012-0250 - -

    Et bufferoverløb i implementeringen af OSPFv2, gjordet muligt for - fjernangribere at forårsage et lammelsesangreb (dæmonnedbrud) via en Link - State Update-pakke (alias LS Update) indeholdende et network-LSA - link-state-advertisement, hvis datastrukturenlængde er mindre end værdien i - headerfeltet Length.

    • - -
  • CVE-2012-0255 - -

    Implementeringen af BGP anvendte ikke på korrekt vis meddelelsesbuffere - til OPEN-meddelelser, hvilket gjorde det muligt for fjernangribere, der - udgiver sig for at være en opsat BGP-peer, at forårsage et lammelsesangreb - (assertionfejl og dæmonexit) via en meddelelse forbundet med en misdannet - AS4-kapabilitet.

    • - -
- -

Sikkerhedsopdateringen opgraderer quagga-pakken til den nyeste -opstrømsversion. Den indeholder andre rettelser, så som hærdelse mod ukendte -BGP-pathattributter.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -0.99.20.1-0+squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 0.99.20.1-1.

- -

Vi anbefaler at du opgraderer dine quagga-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2459.data" diff --git a/danish/security/2012/dsa-2460.wml b/danish/security/2012/dsa-2460.wml deleted file mode 100644 index b07ce0285bd..00000000000 --- a/danish/security/2012/dsa-2460.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i PBX- og telefoniværktøjssættet Asterisk:

- -
    - -
  • CVE-2012-1183 - -

    Russell Bryant opdagede et bufferoverløb i - Milliwatt-applikationen.

    • - -
  • CVE-2012-2414 - -

    David Woolley opdagede en rettighedsforøgelse i Asterisks - managergrænseflade.

    • - -
  • CVE-2012-2415 - -

    Russell Bryant opdagede et bufferoverløb i Skinny-driveren.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:1.6.2.9-2+squeeze5.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2460.data" diff --git a/danish/security/2012/dsa-2461.wml b/danish/security/2012/dsa-2461.wml deleted file mode 100644 index fe51f4dc79b..00000000000 --- a/danish/security/2012/dsa-2461.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="3dfc99cf54e66e2418bd61a10caf54bbb77c3e12" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i SPIP, en maskine til offentliggørelse på -websteder, som medførte udførelse af skripter på tværs af websteder, -indsprøjtning af skriptkode samt omgåelse af restriktioner.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.1.1-3squeeze3.

- -

I distributionen testing (wheezy), er dette problem rettet i version -2.1.13-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.1.13-1.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2461.data" diff --git a/danish/security/2012/dsa-2462.wml b/danish/security/2012/dsa-2462.wml deleted file mode 100644 index c15252cdc0c..00000000000 --- a/danish/security/2012/dsa-2462.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="739b3908b281304349557cee38d56884e6f6713f" mindelta="1" -flere sårbarheder - - -

Flere heltalsoverløb og manglende fornuftighedskontrol af inddatas blev -opdaget i billedmanipuleringsprogrampakken ImageMagick, hvilket medførte -udførelse af vilkårlig kode eller lammelsesangreb (denial of service).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -6.6.0.4-3+squeeze3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -8:6.7.4.0-5.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2462.data" diff --git a/danish/security/2012/dsa-2463.wml b/danish/security/2012/dsa-2463.wml deleted file mode 100644 index 28ef1c803d1..00000000000 --- a/danish/security/2012/dsa-2463.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="145f56274a5fe6ae5d376a49a478bbc997cdd509" mindelta="1" -manglende rettighedskontroller - -

Ivano Cristofolini opdagede, at utilstrækkelige sikkerhedskontroller i Sambas -håndtering af LSA RPC-kald kunne føre til rettighedsforøgelse, ved at få -rettigheden take ownership.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.5.6~dfsg-3squeeze8.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.6.5-1.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2463.data" diff --git a/danish/security/2012/dsa-2464.wml b/danish/security/2012/dsa-2464.wml deleted file mode 100644 index 43204cf24c7..00000000000 --- a/danish/security/2012/dsa-2464.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i Icedove, en varemærkefri udgave af -mail- og newsklienten Thunderbird.

- -
    - -
  • CVE-2012-0467 - -

    Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, - Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward og Olli Pettay - opdagede hukommelseskorruptionsfejl, som kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2012-0470 - -

    Atte Kettunen opdagede, at en hukommelseskorruptionsfejl i - gfxImageSurface måske kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2012-0471 - -

    Anne van Kesteren opdagede, at ukorrekt multibyte-tegn-encoding måske - kunne føre til udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2012-0477 - -

    Masato Kinugawa opdagede, at ukorrekt encoding af koreanske og kinesiske - tegnsæt måske kunne føre til udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2012-0479 - -

    Jeroen van der Gun opdagede en forfalskningssårbarhed i præsentationen af - Atom- og RSS-feeds over HTTPS.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.0.11-1+squeeze10.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2464.data" diff --git a/danish/security/2012/dsa-2465.wml b/danish/security/2012/dsa-2465.wml deleted file mode 100644 index 03768693168..00000000000 --- a/danish/security/2012/dsa-2465.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="c2ae614252bb232d31ff61a14387471186e51ed2" mindelta="1" -flere sårbarheder - -

De Eindbazen opdagede, at PHP, når der køres med mod_cgi-tilstand, fortolkede -en query-streng som kommandolinjeparametre, hvilket gjorde det muligt at udføre -vilkårlig kode.

- -

Desuden rette denne opdatering utilstrækkelig validering af uploadnavne, som -førte til ødelagte $_FILES-indeks.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -5.3.3-7+squeeze9.

- -

Distributionen testing (wheezy) vil snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -5.4.3-1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2465.data" diff --git a/danish/security/2012/dsa-2466.wml b/danish/security/2012/dsa-2466.wml deleted file mode 100644 index 0d035766fe8..00000000000 --- a/danish/security/2012/dsa-2466.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="9ea958f8dfb0f3acd892045bc9e0e7e48aa71504" mindelta="1" -udførelse af skripter på tværs af servere - -

Sergey Nartimov opdagede, at Rails, et Ruby-baseret framework til -webudvikling, når udviklere genererer HTML-optiontags manuelt, blev data fra -brugeren hægtet sammen med manuelt opbyggede tags, som måske ikke var -indkapslet, hvilket kunne udnyttes af en angriber til at indsprøjte vilkårlig -HTML-kode i dokumentet.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.3.5-1.2+squeeze3.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 2.3.14.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2466.data" diff --git a/danish/security/2012/dsa-2467.wml b/danish/security/2012/dsa-2467.wml deleted file mode 100644 index 199671217f1..00000000000 --- a/danish/security/2012/dsa-2467.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="e1fc533b03ccabee179b8d680c4d995e55f7c34a" mindelta="1" -usikre standardindstillinger - -

Man opdagede, at Mahara, et portfolio-, weblog- og CV-program, havde usikre -standardindstillinger med hensyn til SAML-baseret autentificering benyttet med -mere end en SAML-identitetsleverandør. Nogen med kontrol over en IdP, kunne -give sig ud for brugere fra andre IdP'er.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.2.6-2+squeeze4.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 1.4.2-1.

- -

Vi anbefaler at du opgraderer dine mahara-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2467.data" diff --git a/danish/security/2012/dsa-2468.wml b/danish/security/2012/dsa-2468.wml deleted file mode 100644 index 2afb6fe0779..00000000000 --- a/danish/security/2012/dsa-2468.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="03879326e6e316b4e9ddb2bccb17979a6701f811" mindelta="1" -grænseløs hukommelsesallokering - -

Man opdagede, at Apache POI, en Java-implementering af Microsoft -Office-filformaterne, allokerede vilkårlige mængder hukommelse, når der blev -behandlet fabrikerede dokumenter. Det kunne påvirke stabiliteten af Javas -virtuelle maskine.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.6+dfsg-1+squeeze1.

- -

Vi anbefaler at du opgraderer dine libjakarta-poi-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2468.data" diff --git a/danish/security/2012/dsa-2469.wml b/danish/security/2012/dsa-2469.wml deleted file mode 100644 index a2f954a4276..00000000000 --- a/danish/security/2012/dsa-2469.wml +++ /dev/null @@ -1,79 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/lammelsesangreb - - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til et -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2011-4086 - -

    Eric Sandeen rapporterede om et problem i journaliseringslaget i - ext4-filsystemer (jbd2). Lokale brugere kunne forårsage, at buffere blev - tilgået efter de var blevet nedlagt, medførende et lammelsesangreb (DoS) på - grund af et systemnedbrud.

    • - -
  • CVE-2012-0879 - -

    Louis Rilling rapporterede om to problemer i forbindelse med - referenceoptælling i CLONE_IO-funktionaliteten i kernen. Lokale brugere - kunne forhindre io-kontekststrukturer i at blive frigivet, medførende et - lammelsesangreb.

    • - -
  • CVE-2012-1601 - -

    Michael Ellerman rapporterede om et problem i KVM-undersystemet. Lokale - brugere kunne forårsage et lammelsesangreb (NULL-pointerdereference) ved - oprettelse af VCPU'er før et kald til KVM_CREATE_IRQCHIP.

    • - -
  • CVE-2012-2123 - -

    Steve Grubb rapporterede om et problem i fcaps, et filsystem-baseret - kapabilitetssystem. Personalitetsflag opsat ved hjælp af denne mekanisme, - så som deaktivering af adresserumsrandomisering kunne måske være bevaret på - tværs af suid-kald.

    • - -
  • CVE-2012-2133 - -

    Shachar Raindel opdagede en fejl i forbindelse med anvendelse efter - frigivelse i implementeringen af hugepages-kvoter. Lokale brugere med - rettigheder til at anvende hugepages via implementeringen af hugetlbfs kunne - måske forårsage et lammelsesangreb (systemnedbrud).

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.6.32-44. Pt. er kun opdateringr til amd64, i386 og sparc tilgængelige.

- -

Bemærk: Opdaterede linux-2.6-pakker vil også blive gjort -tilgængelige i udgivelsen af Debian 6.0.5, planlagt til at finde sted i -weekenden som begynder med 12. maj 2012. Denne kommende opdatering bliver -version 2.6.32-45, og indeholder en yderligere rettelse af build-fejl på nogle -arkitekturer. Brugere, som det ikke er kritisk for at installere opdateringen, -og somm måske ønsker at undgå flere genstarter, bør overveje at vente på -udgivelsen af 6.0.5 før de opdaterer, eller installere 2.6.32-45-versionen på -forhånd fra proposed-updates.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage nytte af opdateringen:

- -
- - - - - - - - - -
 Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+44
-
- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2469.data" diff --git a/danish/security/2012/dsa-2470.wml b/danish/security/2012/dsa-2470.wml deleted file mode 100644 index ab43e1dd2ac..00000000000 --- a/danish/security/2012/dsa-2470.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="36df2169af43923b30bc83362498d362314b7b97" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er fundet i WordPress, et webblogværktøj. De CVE'erne blev -allokeret ud fra udgivelsesannonceringer og specifikke rettelser normalt ikke -beskrives, har vi besluttet at opgradere wordpress-pakken til den seneste -opstrømsversion i stedet for at tilbageføre rettelserne.

- -

Det betyder, at man skal være særlig omhyggelig i forbindelse med -opgraderingen, især hvis man anvender tredjepartsplugins eller temaer, da -kompabiliteten kan være blevet påvirket. Vi anbefaler man kontrollerer sin -installation før opgraderingen gennemføres.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.3.2+dfsg-1~squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 3.3.2+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2470.data" diff --git a/danish/security/2012/dsa-2471.wml b/danish/security/2012/dsa-2471.wml deleted file mode 100644 index f9044d45009..00000000000 --- a/danish/security/2012/dsa-2471.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="0f2cce57ddeaf1efbfc62184e12191a1d130496c" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i FFmpeg, en multimedieafspiller, -server og --enkoder. Flere inddatavalideringer i dekoderne/demuxerne til filformaterne -Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV -og NSV kunne føre til udførelse af vilkårlig kode.

- -

Problemerne blev opdaget af Aki Helin, Mateusz Jurczyk, Gynvael Coldwind og -Michael Niedermayer.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -4:0.5.8-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -6:0.8.2-1 af libav.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2471.data" diff --git a/danish/security/2012/dsa-2472.wml b/danish/security/2012/dsa-2472.wml deleted file mode 100644 index 4c9ecb138c7..00000000000 --- a/danish/security/2012/dsa-2472.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="5686d663fa02c80d74b5364e641c926c9b9be279" mindelta="1" -rettighedsforøgelse - -

Dave Love opdagede, at brugere som har tilladelse til at submit'e jobs til en -Grid Engine-installation, kunne forøge deres rettigheder til root, fordi miljøet -ikke på korrekt vis var fornuftighedskontrolleret før processer blev -oprettet.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -6.2u5-1squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -6.2u5-6.

- -

Vi anbefaler at du opgraderer dine gridengine-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2472.data" diff --git a/danish/security/2012/dsa-2473.wml b/danish/security/2012/dsa-2473.wml deleted file mode 100644 index add89c8e131..00000000000 --- a/danish/security/2012/dsa-2473.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="3849aa2a6cd04d5ac3de874f85ad2ee6975b22c3" mindelta="1" -bufferoverløb - -

Tielei Wang opdagede, at OpenOffice.org ikke allokerer et hukommelsesområde, -som er stort nok, når der behandles særligt fremstillede JPEG-objekter, førende -til et heap-baseret bufferoverløb og potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:3.2.1-11+squeeze5.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 1:3.4.5-1 af pakken libreoffice.

- -

Vi anbefaler at du opgraderer dine openoffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2473.data" diff --git a/danish/security/2012/dsa-2474.wml b/danish/security/2012/dsa-2474.wml deleted file mode 100644 index c54854ecead..00000000000 --- a/danish/security/2012/dsa-2474.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="ac666b8a6a31b562498718c4dbe3cdef19367d4a" mindelta="1" -udførelse af skripter på tværs af websteder - -

Raúl Benencia opdagede, at ikiwiki, en wikicompiler, ikke på korrekt vis -escapede forfatteren (og dennes URL) ved visse metadata, så som kommentarer. -Det kunne måske udnyttes i forbindelse med angreb vedrørende udførelse af -skripter på tværs af websteder.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.20100815.9.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.20120516.

- -

Vi anbefaler at du opgraderer dine ikiwiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2474.data" diff --git a/danish/security/2012/dsa-2475.wml b/danish/security/2012/dsa-2475.wml deleted file mode 100644 index 71d006b5a11..00000000000 --- a/danish/security/2012/dsa-2475.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b915a9f101c9a3f442e7316c2c57703c326a9294" mindelta="1" -heltalsunderløb - -

Man opdagede, at openssl ikke på korrekt vis håndterede eksplicitte -Initialization Vectors til CBC-krypteringstilstande, som anvendes i TLS 1.1, -1.2 og DTLS. En ukorrekt beregning ville føre til en heltalsunderløb og -ukorrekt hukommelsestilgang, forårsagende et lammelsesangreb -(applikationsnedbrud).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.9.8o-4squeeze13.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 1.0.1c-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2475.data" diff --git a/danish/security/2012/dsa-2476.wml b/danish/security/2012/dsa-2476.wml deleted file mode 100644 index 2832dd2f3e5..00000000000 --- a/danish/security/2012/dsa-2476.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="f24ae0ddbbde88ea314a7741f2bd85228c35d7fc" mindelta="1" -formatstrengssårbarhed - -

intrigeri opdagede en formatstrengsfejl i pidgin-otr, en -Off-the-Record-plugin til Pidgin.

- -

Det kunne udnyttes af en fjernangriber til at få kørt vilkårlig kode på -brugerens maskine.

- -

Problemet findes kun i pidgin-otr. Andre applikationer, som anvender libotr -er ikke påvirkede.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.2.0-5+squeeze1.

- -

For the distributionen testing (wheezy), er dette problem rettet i -version 3.2.1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.2.1-1.

- -

Vi anbefaler at du opgraderer dine pidgin-otr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2476.data" diff --git a/danish/security/2012/dsa-2477.wml b/danish/security/2012/dsa-2477.wml deleted file mode 100644 index 7facdab9e4b..00000000000 --- a/danish/security/2012/dsa-2477.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="dabbf14404741bdbfd7978d25dcbb32eb565c9d4" mindelta="1" -autorisationsomgåelse - -

Flere sårbarheder er opdaget Sympa, et program til håndtering af -postlister, hvilket gjorde det muligt at springe over scenariebaserede -auteorisationsmekanismer. Sårbarheden gjorde det muligt for uautoriserede -brugere at at vise siden til håndtering af arkiver, samt downloade og slette -listearkiver.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -6.0.1+dfsg-4+squeeze1.

- -

I distributionen testing (wheezy) vil problemet snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -6.1.11~dfsg-2.

- -

Vi anbefaler at du opgraderer dine sympa-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2477.data" diff --git a/danish/security/2012/dsa-2478.wml b/danish/security/2012/dsa-2478.wml deleted file mode 100644 index 0df16dbc070..00000000000 --- a/danish/security/2012/dsa-2478.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="7031272a53b7f06c943363bbbf9d3a9be8775524" mindelta="1" -fortolkningsfejl - -

Man opdagede, at sudo fejlfortolkede netværksmasker anvendt i Host og -Host_List. Dermed var det muligt at udføre kommandoer på værter, hvor brugeren -ellers ikke ville have lov til at køre den angivne kommando.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.7.4p4-2.squeeze.3.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine sudo-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2478.data" diff --git a/danish/security/2012/dsa-2479.wml b/danish/security/2012/dsa-2479.wml deleted file mode 100644 index de15e851714..00000000000 --- a/danish/security/2012/dsa-2479.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="c40d6bb1794605d91a9e3560c308158776a396a3" mindelta="1" -forskudt med en - -

Jueri Aedla opdagede en forskudt med en-fejl i libxml2, hvilket kunne medføre -udførelse af vilkårlig kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.7.8.dfsg-2+squeeze4.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.7.8.dfsg-9.1.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2479.data" diff --git a/danish/security/2012/dsa-2480.wml b/danish/security/2012/dsa-2480.wml deleted file mode 100644 index 5dcd75ee743..00000000000 --- a/danish/security/2012/dsa-2480.wml +++ /dev/null @@ -1,63 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i Request Tracker, et fejlsporingssystem:

- -
    - -
  • CVE-2011-2082 - -

    vulnerable-passwords-skripterne der blev indført på grund af - CVE-2011-0009 - kunne ikke korrigere adgangskodehashes hørende til deaktiverede - brugere.

    • - -
  • CVE-2011-2083 - -

    Flere problemer i forbindelse med udførelse af skripter på tværs af - websteder er blevet opdaget.

    • - -
  • CVE-2011-2084 - -

    Adgangskodehashes kunne blotlægges af priviligerede brugere.

    • - -
  • CVE-2011-2085 - -

    Flere problemer i forbindelse med forfalskning af forespørgsler på tværs - af websteder er blevet opdaget. Hvis denne opdatering får din opsætning til - at holde op med at virke, kan du gå tilbage til den gamle virkemåde ved at - sætte $RestrictReferrer til 0.

    • - -
  • CVE-2011-4458 - -

    Koden til understøttelse af variable envelope-returstier muliggjorde - udførelse af vilkårlig kode.

    • - -
  • CVE-2011-4459 - -

    Deaktiverede grupper blev ikke helt registreret som - deaktiverede.

    • - -
  • CVE-2011-4460 - -

    SQL-indsprøjtningssårbarhed, som kun kan udnyttes af priviligerede - brugere.

    • - -
- -

Bemærk, hvis du kører request-tracker3.8 under webserveren Apache, skal du -stoppe og starte Apache manuelt. restart-mekanismen anbefales ikke, -særlig ikke hvis man anvender mod_perl.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.8.8-7+squeeze5.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -4.0.5-3.

- -

Vi anbefaler at du opgraderer dine request-tracker3.8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2480.data" diff --git a/danish/security/2012/dsa-2481.wml b/danish/security/2012/dsa-2481.wml deleted file mode 100644 index 46bf7f6b24d..00000000000 --- a/danish/security/2012/dsa-2481.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="bc964e4b68d9131f1bba543f8988d86821ca8879" mindelta="1" -supplerende grupper droppes ikke - -

Steve Grubb fra Red Hat opdagede, at en patch til arpwatch (som i hvert fald -distribueres i Red Hats og Debians distributioner), med henblik på at smide -root-rettigheder væk, mislykkedes og i stedet tilføjedes root-gruppen til listen, -som dæmonen anvender.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.1a15-1.1+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -2.1a15-1.2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1a15-1.2.

- -

Vi anbefaler at du opgraderer dine arpwatch-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2481.data" diff --git a/danish/security/2012/dsa-2482.wml b/danish/security/2012/dsa-2482.wml deleted file mode 100644 index b5307fd7885..00000000000 --- a/danish/security/2012/dsa-2482.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="d0a6e9a5584d388a82a110dffca28ce81cce9185" mindelta="1" -utilstrækkelig validering af certifikat - -

Vreixo Formoso opdagede, at libgdata, en bibliotek som anvendes til at tilgå -forskellige Google-tjenester, ikke validerede certifikater mod -system-root-CA'er, som der er tillid til, når der blev anvendt en -HTTPS-forbindelse.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.6.4-2+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -0.10.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.10.2-1.

- -

Vi anbefaler at du opgraderer dine libgdata-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2482.data" diff --git a/danish/security/2012/dsa-2483.wml b/danish/security/2012/dsa-2483.wml deleted file mode 100644 index aed2e6a26e8..00000000000 --- a/danish/security/2012/dsa-2483.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="f176771d8dde81e94da7842cfcbb46d24a71f722" mindelta="1" -omgåelse af autentificering - -

Et problem i forbindelse med omgåelse af autentificering blev opdaget af -Codenomicon CROSS-projektet i strongSwan, en IPsec-baseret VPN-løsning. Når -man anvender RSA-baserede opsætninger, kunne en manglende kontrol i -gmp-plugin'en gøre det muligt for en angriber at præsentere en forfalsket -signatur, og dermed med succes autentificere mod en strongSwan-responder.

- -

Standardopsætningen i Debian anvender ikke gmp-plugin'en til RSA-handlinger, -men derimod OpenSSL-plugin'en, hvorfor pakkerne, som de leveres fra Debian, ikke -er sårbare.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 4.4.1-5.2.

- -

For the distributionen testing (wheezy), er dette problem rettet i -version 4.5.2-1.4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.5.2-1.4.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2483.data" diff --git a/danish/security/2012/dsa-2484.wml b/danish/security/2012/dsa-2484.wml deleted file mode 100644 index fe7f5eb4290..00000000000 --- a/danish/security/2012/dsa-2484.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="e2033be555a62f4ec87cc22de602ea6a12234776" mindelta="1" -lammelsesangreb - -

Sebastian Pohle opdagede, at UPSD, Network UPS Tools' server (NUT) var sårbar -over for et fjernudført lammelsesangreb (denial of service).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.4.3-1.1squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine nut-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2484.data" diff --git a/danish/security/2012/dsa-2485.wml b/danish/security/2012/dsa-2485.wml deleted file mode 100644 index 99dbac63c56..00000000000 --- a/danish/security/2012/dsa-2485.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c06754a24305d76e75b165e807d2bc9377d2ce56" mindelta="1" -udførelse af skripter på tværs af servere - -

Flere tilfælde af sårbarheder i forbindelse med udførelse af skripter på -tværs af servere (XSS) blev opdaget i IMP, webmailkomponenten i -Horde-frameworket. Sårbarhederne gjorde det muligt for fjernangribere at -indsprøjte vilkårligt webskript eller HTML via forskellige fabrikerede -parametre.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.3.7+debian0-2.2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine imp4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2485.data" diff --git a/danish/security/2012/dsa-2486.wml b/danish/security/2012/dsa-2486.wml deleted file mode 100644 index 5c0c692272f..00000000000 --- a/danish/security/2012/dsa-2486.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="5a3032db4708076fecc41a2253620f7765bc6c58" mindelta="1" -lammelsesangreb - -

Man opdagede, at BIND, en DNS-server, kunne gå ned mens der blev behandlet -ressourceposte uden databytes. Både autoritative servere og resolvere er -påvirkede.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:9.7.3.dfsg-1~squeeze5.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2486.data" diff --git a/danish/security/2012/dsa-2487.wml b/danish/security/2012/dsa-2487.wml deleted file mode 100644 index f32ff58d258..00000000000 --- a/danish/security/2012/dsa-2487.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -bufferoverløb - -

Man opdagede, at OpenOffice.org ikke på korrekt vis behandlede fabrikerede -dokumentfiler, hvilket måske kunne føre til udførelse af vilkårlig kode.

- -
    - -
  • CVE-2012-1149 - -

    Heltalsoverløb i PNG-billedhåndtering.

    • - -
  • CVE-2012-2334 - -

    Heltalsoverløb i operator new[]-kald og heap-baseret bufferoverløb inde - i MS-ODRAW-fortolkeren.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:3.2.1-11+squeeze6.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1:3.5.2~rc2-1 af libreoffice-pakken.

- -

Vi anbefaler at du opgraderer dine openoffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2487.data" diff --git a/danish/security/2012/dsa-2488.wml b/danish/security/2012/dsa-2488.wml deleted file mode 100644 index 573b32ae64f..00000000000 --- a/danish/security/2012/dsa-2488.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Iceweasel, en webbrowser baseret på Firefox. -Det medfølgende XULRunner-bibliotek leverer renderingtjenester til flere andre -applikationer i Debian.

- -
    - -
  • CVE-2012-1937 - -

    Mozilla-udviklere opdagede flere hukommelseskorruptionsfejl, hvilke kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2012-1940 - -

    Abhishek Arya opdagede et problem i forbindele med anvendelse efter - frigivelse, når der blev arbejdet med kolonnelayout med absolut placering i - en container, som ændrer størrelse, hvilket måske kunne føre til udførelse - af vilkårlig kode.

    • - -
  • CVE-2012-1947 - -

    Abhishek Arya opdagede et heap-bufferoverløb i tegnsætskonvertering fra - utf16 til latin1, hvilket gjorde det muligt at udføre vilkårlig - kode.

    • - -
- -

Bemærk: Vi anbefaler brugerne af Iceweasels 3.5-gren i Debian stable, at -overveje at opgradere til Iceweasel 10.0 ESR (Extended Support Release), som nu -er tilgængelig i Debian Backports. Selv om Debian fortsat vil understøtte -Iceweasel 3.5 i stable med sikkerhedsopdateringer, kan det kun gøres efter -bedste evne, da opstrøm ikke længere understøtter versionen. Desuden tilføjer -10.0-grenen proaktiv sikkerhedsfunktionalitet til browseren.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.5.16-16.

- -

I den ustabile distribution (sid), er dette problem rettet i version -10.0.5esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2488.data" diff --git a/danish/security/2012/dsa-2489.wml b/danish/security/2012/dsa-2489.wml deleted file mode 100644 index a007f346c72..00000000000 --- a/danish/security/2012/dsa-2489.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er fundet i internetsuiten Iceape, en varemærkefri udgave -af Seamonkey.

- -
    - -
  • CVE-2012-1937 - -

    Mozilla-udviklere opdagede flere hukommelseskorruptionsfejl, hvilke kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2012-1940 - -

    Abhishek Arya opdagede et problem i forbindele med anvendelse efter - frigivelse, når der blev arbejdet med kolonnelayout med absolut placering i - en container, som ændrer størrelse, hvilket måske kunne føre til udførelse - af vilkårlig kode.

    • - -
  • CVE-2012-1947 - -

    Abhishek Arya opdagede et heap-bufferoverløb i tegnsætskonvertering fra - utf16 til latin1, hvilket gjorde det muligt at udføre vilkårlig - kode.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.0.11-13.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2489.data" diff --git a/danish/security/2012/dsa-2490.wml b/danish/security/2012/dsa-2490.wml deleted file mode 100644 index 82d092631e9..00000000000 --- a/danish/security/2012/dsa-2490.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="59ad478560f2ab5bafa51e3856c78ffb18e7a957" mindelta="1" -lammelsesangreb - -

Kaspar Brand opdagede, at Mozillas Network Security Services-biblioteker -(NSS) ikke på tilstrækkelig vis kontrollerede længder i QuickDER-dekoderen, -hvilket gjorde det muligt at få programmet til at gå ned ved at anvende -bibliotekerne.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.12.8-1+squeeze5.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 2:3.13.4-3.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2490.data" diff --git a/danish/security/2012/dsa-2491.wml b/danish/security/2012/dsa-2491.wml deleted file mode 100644 index 93cd68fdae3..00000000000 --- a/danish/security/2012/dsa-2491.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sårbarheder blev opdaget i PostgreSQL, en SQL-databaseserver:

- -
    - -
  • CVE-2012-2143 - -

    Funktionen crypt(text, text) i contrib-modulet pgcrypto, håndterede ikke - visse adgangskoder på korrekt vis, når der blev fremstillet traditionelle - DES-baserede hashes. Tegn efter den første 0x80-byte blev ignoreret.

    • - -
  • CVE-2012-2655 - -

    Attributterne SECURITY DEFINER og SET til en call-handler í et proceduralt - sprog kunne få databaseserveren til at gå ned.

    • - -
- -

Desuden indeholder denne opdatering rettelser i forbindelse med -driftssikkerhed og stabilitet fra opstrøms 8.4.12-udgave.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -8.4.12-0squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -8.4.12-1.

- -

Vi anbefaler at du opgraderer dine postgresql-8.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2491.data" diff --git a/danish/security/2012/dsa-2492.wml b/danish/security/2012/dsa-2492.wml deleted file mode 100644 index 04acc4e4fad..00000000000 --- a/danish/security/2012/dsa-2492.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="372f1e841c44799b38f8f7bf7f6b901076e5dd94" mindelta="1" -bufferoverløb - -

Phar-udvidelsen til PHP håndterede ikke tar-filer på korrekt vis, hvilket -førte til et heap-baseret bufferoverløb. PHP-applikationer, som behandler -tar-filer, kunne gå ned eller potentielt udføre vilkårlig kode.

- -

Desuden fjerner denne opdatering en regression, som medførte et nedbrud ved -tilgang til objekter, som returneres som $this from __get.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -5.3.3-7+squeeze13.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 5.4.4~rc1-1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2492.data" diff --git a/danish/security/2012/dsa-2493.wml b/danish/security/2012/dsa-2493.wml deleted file mode 100644 index 09242a0e238..00000000000 --- a/danish/security/2012/dsa-2493.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb - -

Flere sårbarheder blev opdaget i Asterisk, et værktøjssæt til PBX og -telefoni.

- -
    - -
  • CVE-2012-2947 - -

    IAX2-kanaldriveren gjorde det muligt for fjernangribere, at forårsage et - lammelsesangreb (dæmonnedbrud), ved sætte et opkald på hold (når en bestemt - mohinterpret-indstilling var aktiveret).

    • - -
  • CVE-2012-2948 - -

    Skinny-kanaldriveren gjorde det muligt for fjernautentificerede brugere - at forårsage et lammelsesangreb (NULL-pointerdereference og dæmonnedbrud) - ved at lukke en forbindelse i off-hook-tilstand.

    • - -
- -

Desuden opdagede man, at Asterisk ikke opsatte indstillingen -alwaysauthreject som standard i SIP-kanaldriveren. Dermed var det muligt for -fjernangribere, at se forskellen på hvordan svar blev behandlet og undersøge -tilstedeværelsen af kontonavne. -(\ -CVE-2011-2666) Systemadministrator, der bekymrer sig for -brugeroptællingssårbarheden, bør aktivere indstillingen alwaysauthreject i -deres opsætning. Vi planlægger ikke at ændre standardindstillingen i den -stabile version (Asterisk 1.6) af hensyn til bagudkompabilitet.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:1.6.2.9-2+squeeze6.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 1:1.8.13.0~dfsg-1.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2493.data" diff --git a/danish/security/2012/dsa-2494.wml b/danish/security/2012/dsa-2494.wml deleted file mode 100644 index 98935c99f5b..00000000000 --- a/danish/security/2012/dsa-2494.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Man opdagede, at FFmpeg, Debians version mediecodecsuiten Libav, indeholdt -sårbarheder i DPCM-codecs -(\ -CVE-2011-3951), H.264 -(\ -CVE-2012-0851), ADPCM -(\ -CVE-2012-0852) og KMVC-decoderen -(\ -CVE-2011-3952).

- -

Desuden indeholder denne opdatering fejlrettelser fra opstrømsversionen Libav -0.5.9.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -4:0.5.9-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -6:0.8.3-1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2494.data" diff --git a/danish/security/2012/dsa-2495.wml b/danish/security/2012/dsa-2495.wml deleted file mode 100644 index 2a1a5bdae06..00000000000 --- a/danish/security/2012/dsa-2495.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="9df870b76770a435990fad0e199d04e5785a9b1c" mindelta="1" -bufferoverløb - -

Et bufferoverløb blev opdaget i OpenConnect, en klient til Cisco AnyConnect -VPN, hvilket kunne medføre lammelsesangreb (denial of service).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.25-0.1+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.18-1.

- -

Vi anbefaler at du opgraderer dine openconnect-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2495.data" diff --git a/danish/security/2012/dsa-2496.wml b/danish/security/2012/dsa-2496.wml deleted file mode 100644 index 2638f15658c..00000000000 --- a/danish/security/2012/dsa-2496.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

På grund af at Oracle ikke oplyser om sikkerhedspatches, er vi nødt til at -levere en opstrømsversionsopdatering af MySQL 5.1. Der er flere kendte -inkompatible ændringer, som er opremset i -/usr/share/doc/mysql-server/NEWS.Debian.gz.

- -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne løses ved -at opgradere MySQL til en ny opstrømsversion, 5.1.63, som indeholder yderligere -ændringer, så som forbedringer i forbindelse med ydedygtigheden og rettelser af -fejl i forbindelse med datatab. Disse ændringer er beskrevet i -MySQL's -udgivelsesbemærkninger.

- -

\ -CVE-2012-2122, en sårbarhed i forbindelse med omgåelse af autentifikation -opstår kun når MySQL er blevet opbygget samtidig med at visse optimeringer er -aktiveret. Pakkerne i Debian stable (squeeze) vides ikke at være påvirket af -denne sårbarhed. Dog løses problemet ikke desto mindre med denne opdatering, så -fremtidige genopbygninger ikke bliver sårbare over for problemet.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -5.1.63-0+squeeze1.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -5.1.62-1 af pakken mysql-5.1 og i version 5.5.24+dfsg-1 af pakken mysql-5.5.

- -

Vi anbefaler at du opgraderer dine MySQL-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2496.data" diff --git a/danish/security/2012/dsa-2497.wml b/danish/security/2012/dsa-2497.wml deleted file mode 100644 index f2f98e3d3cd..00000000000 --- a/danish/security/2012/dsa-2497.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="4c3bb703c20a3a0d09fe3a87c1378e057156093e" mindelta="1" -lammelsesangreb - -

Man opdagede, at Quagga, en routing-dæmon, indeholdt en sårbarhed i -forbindelse med behandling af ORF-kapabilitet i BGP OPEN-meddelelser. En -misdannet OPEN-meddelelse fra en tidligere opsat BGP-peer, kunne få bgpd til at -gå ned, forårsagende et lammelsesangreb (denial of service).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.99.20.1-0+squeeze3.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 0.99.21-3.

- -

Vi anbefaler at du opgraderer dine quagga-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2497.data" diff --git a/danish/security/2012/dsa-2498.wml b/danish/security/2012/dsa-2498.wml deleted file mode 100644 index 1bfff7cc6fe..00000000000 --- a/danish/security/2012/dsa-2498.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="9da3ce153e5dc908ac9755cf1af8214ab27ea071" mindelta="1" -fjernaktiveret stakoverløb - -

Man opdagede, at dhcpcd, en DHCP-klient, var sårbar over for et stakoverløb. -En ondsindet DHCP-meddelelse kunne få klienten til at gå ned, forårsagende et -lammelsesangreb (denial of service) og potentielt fjernudførelse af kode gennem -ondsindede DHCP-pakker designet på den rette måde.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:3.2.3-5+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -1:3.2.3-11.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:3.2.3-11.

- -

Vi anbefaler at du opgraderer din dhcpcd-pakke.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2498.data" diff --git a/danish/security/2012/dsa-2499.wml b/danish/security/2012/dsa-2499.wml deleted file mode 100644 index c73d51658ca..00000000000 --- a/danish/security/2012/dsa-2499.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Icedove, Debians udgave af mail-/newsklienten -Mozilla Thunderbird. Der var forskellige sikkerhedsproblemer relateret til -hukommelsen -(\ -CVE-2012-1937, -\ -CVE-2012-1939) og et anvendelse efter frigivelse-problem -(\ -CVE-2012-1940).

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.0.11-1+squeeze11.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2499.data" diff --git a/danish/security/2012/dsa-2500.wml b/danish/security/2012/dsa-2500.wml deleted file mode 100644 index 7775f89bff3..00000000000 --- a/danish/security/2012/dsa-2500.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i Mantis, et fejlsporingssystem.

- -
    - -
  • CVE-2012-1118 - -

    I Mantis-installationer, hvor indstillingen private_bug_view_threshold er - sat til en array-værdi, håndhævede ikke på korrekt vis - fejlvisningsbegrænsninger.

    • - -
  • CVE-2012-1119 - -

    Handlingerne som kopierer/kloner en fejlrapport, efterlod ikke spor til en - senere audit.

    • - -
  • CVE-2012-1120 - -

    Adgangkontrollen delete_bug_threshold/bugnote_allow_user_edit_delete - kunne omgås af brugere, der har skriveadgang til SOAP-API'et.

    • - -
  • CVE-2012-1122 - -

    Mantis udførte adgangskontroller på ukorrekt vis, når der blev flyttet - fejl mellem projekter.

    • - -
  • CVE-2012-1123 - -

    En SOAP-klient, som sender en null-adgangskodefelt, kunne autentificeres - som Mantis-administrator.

    • - -
  • CVE-2012-2692 - -

    Mantis kontrollerer ikke rettigheden delete_attachments_threshold, når en - bruger forsøger at slette en vedhæftelse fra en fejlrapport.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -1.1.8+dfsg-10squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er disse -problemer rettet i version 1.2.11-1.

- -

Vi anbefaler at du opgraderer dine mantis-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2500.data" diff --git a/danish/security/2012/dsa-2501.wml b/danish/security/2012/dsa-2501.wml deleted file mode 100644 index 5e7f0bfd944..00000000000 --- a/danish/security/2012/dsa-2501.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Xen, en hypervisor.

- -
    - -
  • CVE-2012-0217 - -

    Xen håndterer ikke på korrekt ukanoniske returadresser på Intel amd64 - CPU'er, tillod at amd64 PV-gæster kunne forøges til hypervisor-rettigheder. - AMD-processorer, HVM- og i386-gæster er ikke påvirkede.

    • - -
  • CVE-2012-0218 - -

    Xen håndterede ikke på korrekt vis SYSCALL- og SYSENTER-instruktioner i - PV-gæster, hvilket tillod at upriviligerede brugere i et gæstesystem kunne - få gæstesystemet til at gå ned.

    • - -
  • CVE-2012-2934 - -

    Xen detekterede ikke gamle AMD-CPU'er påvirket af AMD Erratum - #121.

    • - -
- -

Hvad angår \ -CVE-2012-2934, nægter Xen at starte domU'er på påvirkede systemer, med -mindre allow_unsafe-muligheden er opsat.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -4.0.1-5.2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2501.data" diff --git a/danish/security/2012/dsa-2502.wml b/danish/security/2012/dsa-2502.wml deleted file mode 100644 index 25f213651bb..00000000000 --- a/danish/security/2012/dsa-2502.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="8083673a3416a74ca09ad0ad0549decb0e127d40" mindelta="1" -programmeringsfejl - -

Man opdagede, at ElGamal-koden i PythonCrypto, en samling af kryptografiske -algoritmer og protokoller til Python, anvendte usikre, utilstrækkelige primtal i -nøglegenerering, hvilket førte til en svækket signatur eller offentlig nøgle, -som gjorde det lettere at udføre råstyrke-angreb mod sådanne nøgler.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.1.0-2+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.6-1.

- -

Vi anbefaler at du opgraderer dine python-crypto-pakker. Efter installering -af denne opdatering, skal tidligere genererede nøgle gen-genereres.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2502.data" diff --git a/danish/security/2012/dsa-2503.wml b/danish/security/2012/dsa-2503.wml deleted file mode 100644 index e141890dffb..00000000000 --- a/danish/security/2012/dsa-2503.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="87890416002f53aeb29f33d2e28b4ed689baa723" mindelta="1" -shell-kommandoindsprøjtning - -

Man opdagede, at ondsindede klienter kunne narre serverkomponenten i -opsætningshåndteringssystem Bcfg2 til at udføre kommandoer med -root-rettigheder.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.0.1-3+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2.2-2.

- -

Vi anbefaler at du opgraderer dine bcfg2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2503.data" diff --git a/danish/security/2012/dsa-2504.wml b/danish/security/2012/dsa-2504.wml deleted file mode 100644 index 93db5faedb0..00000000000 --- a/danish/security/2012/dsa-2504.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="83923a54aeb3fbeae6a35a03afb80eee74a4abb2" mindelta="1" -informationsafsløring - -

Man opdagede, at Spring Framework indeholdt en -informationsafsløringssårbarhed i behandlingen af visse Expression -Language-mønstre (EL), hvilket gjorde det muligt for angribere, at tilgå -følsomme oplysninger ved hjælp af HTTP-forespørgsler.

- -

BEMÆRK: Opdateringen tilføjer et context-parameter -springJspExpressionSupport, der manult skal sættes til false når Spring -Framework kører under en container, som selv leverer EL-understøttelse.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.5.6.SEC02-2+squeeze1.

- -

Vi anbefaler at du opgraderer dine libspring-2.5-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2504.data" diff --git a/danish/security/2012/dsa-2505.wml b/danish/security/2012/dsa-2505.wml deleted file mode 100644 index 30cc908d180..00000000000 --- a/danish/security/2012/dsa-2505.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="0470c6ff2375bb0325b1adc2e045da5b69eaa2d0" mindelta="1" -informationsafsløring - -

En sårbarhed i forbindelse med medtagelse af XML External Entities, blev -opdaget i Zend Framework, et PHP-bibliotek. Sårbarheden gjorde det måske -muligt for angribere at tilgå lokale filer, afhængigt af hvordan frameworket -benyttes.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.10.6-1squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.11.12-1.

- -

Vi anbefaler at du opgraderer dine zendframework-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2505.data" diff --git a/danish/security/2012/dsa-2506.wml b/danish/security/2012/dsa-2506.wml deleted file mode 100644 index ed373edea4b..00000000000 --- a/danish/security/2012/dsa-2506.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="2c8f74c9407f1671f829c137b426bf96618ecc21" mindelta="1" -ModSecurity-omgåelse - -

Qualys Vulnerability & Malware Research Labs opdagede en sårbarhed i -ModSecurity, et sikkerhedsmodul til Apache-webserveren. I situationer, hvor -både Content:Disposition: attachment og Content-Type: multipart -var til stede i HTTP-headerne, kunne sårbarheden gøre det muligt for en angriber -at omgå policy og gennemføre angreb i forbindelse med udførelse af skripter på -tværs af websteder (XSS) gennem HTML-dokumenter udformet på den rette måde.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.5.12-1+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -2.6.6-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.6.6-1.

- -

I distributionerne testing og unstable distribution er kildekodepakken blevet -omdøbt til modsecurity-apache.

- -

Vi anbefaler at du opgraderer dine libapache-mod-security-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2506.data" diff --git a/danish/security/2012/dsa-2507.wml b/danish/security/2012/dsa-2507.wml deleted file mode 100644 index 64d5652e90a..00000000000 --- a/danish/security/2012/dsa-2507.wml +++ /dev/null @@ -1,59 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracle -Java-platformen.

- -
    - -
  • CVE-2012-1711 - CVE-2012-1719 - -

    Flere fejl i implementeringen af CORBA kunne føre til udbrud fra - Java-sandkassen.

    • - -
  • CVE-2012-1713 - -

    Manglende fornuftighedskontrol af inddata i fontmanageren kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2012-1716 - -

    SynthLookAndFeel Swing-klassen kunne misbruges til at bryde ud af - Java-sandkassen.

    • - -
  • CVE-2012-1717 - -

    Flere midlertidige filer blev oprettet på usikker vis, medførende - afsløring af lokale oplysninger.

    • - -
  • CVE-2012-1718 - -

    Certifikattilbagekaldelseslister var implementeret på ukorrekt - vis.

    • - -
  • CVE-2012-1723 - CVE-2012-1725 - -

    Valideringsfejl i bytecode-verifieren hørende til Hotspot VM kunne føre - til udbrud fra Java-sandkassen.

    • - -
  • CVE-2012-1724 - -

    Manglende fornuftighedskontrol af inddata i XML-fortolkeren kunne føre - til lammelsesangreb (denial of service) via en uendelig løkke.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -6b18-1.8.13-0+squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i version -6b24-1.11.3-1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2507.data" diff --git a/danish/security/2012/dsa-2508.wml b/danish/security/2012/dsa-2508.wml deleted file mode 100644 index 79588836aa8..00000000000 --- a/danish/security/2012/dsa-2508.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="878b8653453da10270cec8f226b0c69d9e52fadc" mindelta="1" -rettighedsforøgelse - -

Rafal Wojtczuk fra Bromium, opdagede at FreeBSD ikke på korrekt vis -håndterede ukanoniske returadresser på Intel amd64-CPU'er, hvilket muliggjorde -rettighedsforøgelse til kernen for lokale brugere.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -8.1+dfsg-8+squeeze3.

- -

I distributionen testing (wheezy), er dette problem rettet i version -8.3-4.

- -

I den ustabile distribution (sid), er dette problem rettet i version -8.3-4.

- -

Vi anbefaler at du opgraderer dine kfreebsd-8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2508.data" diff --git a/danish/security/2012/dsa-2509.wml b/danish/security/2012/dsa-2509.wml deleted file mode 100644 index 34f962a3e64..00000000000 --- a/danish/security/2012/dsa-2509.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="756799c325728296ad7f62bcbc9edf461774f6c0" mindelta="1" -fjernudførelse af kode - -

Ulf Härnhammar fandt et bufferoverløb i Pidgin, et chatprogram som -understøtter flere protokoller. Sårbarheden kunne udnyttes af en indgående -meddelelse i MXit-protokolplugin'en. En fjernangriber kunne måske forårsage et -nedbrud, og under nogle omstændigheder fjernudføre kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.7.3-1+squeeze3.

- -

I distributionen testing (wheezy), er dette problem rettet i version -2.10.6-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.10.6-1.

- -

Vi anbefaler at du opgraderer dine pidgin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2509.data" diff --git a/danish/security/2012/dsa-2510.wml b/danish/security/2012/dsa-2510.wml deleted file mode 100644 index 877108d886f..00000000000 --- a/danish/security/2012/dsa-2510.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="17d7878435c8b115028437e93749fd8ceaddf8ef" mindelta="1" -forespørgselsforfalskning på tværs af websteder - -

John Leitch opdagede en sårbarhed i eXtplorer, en meget omfattende rig -webserverfilmanager, som kunne udnyttes af ondsindede personer til at udføre -angreb i forbindelse med forespørgselsforfalkninger på tværs af websteder.

- -

Sårbarheden gjorde det muligt for brugere at iværksætte visse handlinger via -HTTP-forespørgsler, uden at udføre nogen form for valideringskontroller, for at -verificere forespørgslen. Det kunne eksempelvis udnyttes til at oprette en -administrativ brugerkonto, ved at narre en indlogget administrator til at besøge -et angriber-defineret weblink.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.1.0b6+dfsg.2-1+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -2.1.0b6+dfsg.3-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.1.0b6+dfsg.3-3.

- -

Vi anbefaler at du opgraderer dine extplorer-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2510.data" diff --git a/danish/security/2012/dsa-2511.wml b/danish/security/2012/dsa-2511.wml deleted file mode 100644 index b0a2bb4ed8f..00000000000 --- a/danish/security/2012/dsa-2511.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sikkerhedssårbarheder er fundet i Puppet, et program til centraliseret -opsætningshåndtering:

- -
    - -
  • CVE-2012-3864 - -

    Autentificerede klienter kunne læse vilkårlige filer på - puppet-masteren.

    • - -
  • CVE-2012-3865 - -

    Autentificerede klienter kunne slette vilkårliger filer på - puppet-masteren.

    • - -
  • CVE-2012-3866 - -

    Rapporten over den seneste kørsel af Puppet, blev gemt med - verdensskrivbare rettigheder, medførelse informationsafsløring.

    • - -
  • CVE-2012-3867 - -

    Agent-værtsnavne blev ikke valideret tilstrækkeligt.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.6.2-5+squeeze6.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.7.18-1.

- -

Vi anbefaler at du opgraderer dine puppet-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2511.data" diff --git a/danish/security/2012/dsa-2512.wml b/danish/security/2012/dsa-2512.wml deleted file mode 100644 index aa780ecdd3c..00000000000 --- a/danish/security/2012/dsa-2512.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="b7d9bdc98cc4d77da7fdee9f3d342ce967b0978e" mindelta="1" -manglende kontrol af inddata - -

Marcus Meissner opdagede, at webserveren som Mono leveres med, udførte -utilstrækkelig fornuftighedskontrol på forespørgsler, medførelse mulighed for at -udføre skripter på tværs af websteder.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.6.7-5.1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.10.8.1-5.

- -

Vi anbefaler at du opgraderer dine mono-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2512.data" diff --git a/danish/security/2012/dsa-2513.wml b/danish/security/2012/dsa-2513.wml deleted file mode 100644 index 2ca7a3b0efe..00000000000 --- a/danish/security/2012/dsa-2513.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er fundet i internetsuiten Iceape internet, en varemærkefri -udgave af Seamonkey:

- -
    - -
  • CVE-2012-1948 - -

    Benoit Jacob, Jesse Ruderman, Christian Holler og Bill McCloskey fandt - flere problemer i forbindelse med hukommelsessikkerhed, som kunne føre til - udførelse af virkårlig kode.

    • - -
  • CVE-2012-1954 - -

    Abhishek Arya opdagede et problem i forbindelse med anvendelse efter - frigivelse i nsDocument::AdoptNode, der kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2012-1967 - -

    moz_bug_r_a4 opdagede, at under nogle omstændigheder, kunne - javascript:-URL'er udføres, således at skripter kunne slippe ud af - JavaScript-sandkassen og køre med forøgede rettigheder. Det kunne føre til - udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.0.11-14.

- -

I den ustabile distribution (sid) og i distributionen testing (wheezy), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2513.data" diff --git a/danish/security/2012/dsa-2514.wml b/danish/security/2012/dsa-2514.wml deleted file mode 100644 index 59bad4f662f..00000000000 --- a/danish/security/2012/dsa-2514.wml +++ /dev/null @@ -1,61 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Iceweasel, en webbrowser baseret på Firefox. -Det medfølgende XULRunner-bibliotek leverer renderingtjenester til flere andre -applikationer i Debian.

- -
    - -
  • CVE-2012-1948 - -

    Benoit Jacob, Jesse Ruderman, Christian Holler og Bill McCloskey fandt - flere problemer i forbindelse med hukommelsessikkerhed, som kunne føre til - udførelse af virkårlig kode.

    • - -
  • CVE-2012-1950 - -

    Mario Gomes og Code Audit Labs opdagede, at det var muligt at tvinge - Iceweasel til at vise URL'en hørende til et websted, man tidligere har - været inde på, ved hjælp af træk- og sliphandlinger i adresselinjen. Det - kunne udnyttes til at iværksætte phiskingangreb.

    • - -
  • CVE-2012-1954 - -

    Abhishek Arya opdagede et problem i forbindelse med anvendelse efter - frigivelse i nsDocument::AdoptNode, der kunne føre til udførelse af - vilkårlig kode.

    • - -
  • CVE-2012-1966 - -

    moz_bug_r_a4 opdagede, at det var muligt at iværksætte angreb på - tværs af websteder gennem kontekstmenuen, når der bleev anvendt - data:-URL'er.

    • - -
  • CVE-2012-1967 - -

    moz_bug_r_a4 opdagede, at under nogle omstændigheder, kunne - javascript::-URL'er udføres, således at skripter kunne slippe ud af - JavaScript-sandkassen og køre med forøgede rettigheder. Det kunne føre til - udførelse af vilkårlig kode.

    • - -
- -

Bemærk: Vi anbefaler brugerne af Iceweasels 3.5-gren i Debian stable, at -overveje at opgradere til Iceweasel 10.0 ESR (Extended Support Release), som nu -er tilgængelig i Debian Backports. Selv om Debian fortsat vil understøtte -Iceweasel 3.5 i stable med sikkerhedsopdateringer, kan det kun gøres efter -bedste evne, da opstrøm ikke længere understøtter versionen. Desuden tilføjer -10.0-grenen proaktiv sikkerhedsfunktionalitet til browseren.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.5.16-17.

- -

I den ustabile distribution (sid), er dette problem rettet i version -10.0.6esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2514.data" diff --git a/danish/security/2012/dsa-2515.wml b/danish/security/2012/dsa-2515.wml deleted file mode 100644 index 7e1d13bb9b1..00000000000 --- a/danish/security/2012/dsa-2515.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="9b2cf33010168c90a21209352d8f14932899ec47" mindelta="1" -null-pointerdereference - -

Marek Vavruša og Lubos Slovak opdagede, at NSD, en autoritativ -DNS-navneserver, ikke på korrekt vis håndterede ikke-standard-DNS-pakker. Det -kunne medføre en NULL-pointerdereference og håndteringsprocessen til at gå ned. -En fjernangriber kunne udnytte fejlen til at udføre lammelsesangreb (denial of -service).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.2.5-1.squeeze2.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.2.12-1.

- -

Vi anbefaler at du opgraderer dine nsd3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2515.data" diff --git a/danish/security/2012/dsa-2516.wml b/danish/security/2012/dsa-2516.wml deleted file mode 100644 index 0b2535cf7a9..00000000000 --- a/danish/security/2012/dsa-2516.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Der er opdaget to sikkerhedsproblemer, som påvirker ISC dhcpd, en server til -automatisk tildeling af IP-adresser, i Debian.

- -
    - -
  • CVE-2012-3571 - -

    Markus Hietava fra Codenomicon CROSS-projektet, opdagede at det var - muligt at tvinge serveren ind i en uendelig løkke via meddelelser med - misdannede klientidentifikatorer.

    • - -
  • CVE-2012-3954 - -

    Glen Eustace opdagede, at DHCP-servere kørende i DHCPv6-tilstand samt - muligvis DHCPv4-tilstand, var ramt af hukommelseslækager under behandling af - meddelelser. En angriber kunne udnytte fejlen til at opbruge ressourcer og - iværksætte lammelsesangreb (denial of service).

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.1.1-P1-15+squeeze4.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine isc-dhcp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2516.data" diff --git a/danish/security/2012/dsa-2517.wml b/danish/security/2012/dsa-2517.wml deleted file mode 100644 index ac8f432b5bb..00000000000 --- a/danish/security/2012/dsa-2517.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="7477a4e0ec5b3a06fde28c5b88b87c6e43901445" mindelta="1" -lammelsesangreb - -

Einar Lonn opdagede, at under visse omstændigheder, benyttede bind9, en -DNS-server, cachede data før initialisering. Som følge deraf kunne en angriber -udløse en assertion-fejl på servere under høj forespørgselsbelastning, som -foretager DNSSEC-validering.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:9.7.3.dfsg-1~squeeze6.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:9.8.1.dfsg.P1-4.2.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2517.data" diff --git a/danish/security/2012/dsa-2518.wml b/danish/security/2012/dsa-2518.wml deleted file mode 100644 index 7805c80beb7..00000000000 --- a/danish/security/2012/dsa-2518.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb og fjernudførelse af kode - -

Emmanuel Bouillon fra NCI Agency, opdagede flere sårbarheder i MIT Kerberos, -en dæmon hvori netværksautentificeringsprotokollen er implementeret.

- -
    - -
  • CVE-2012-1014 - -

    Ved at sende særligt fremstillede AS-REQ (Authentication Service Request) - til et KDC (Key Distribution Center), kunne en angriber få det til at - frigive en uinitialiseret pointer, hvorved heap blev korrupt. Det kunne - føre til procesnedbrud eller endda udførelse af vilkårlig kode.

    - -

    Denne CVE påvirker kun distributionerne testing (wheezy) og unstable - (sid).

    • - -
  • CVE-2012-1015 - -

    Ved at sende færligt fremstillede AS-REQ til en KDC, kunne en angriber få - det til at afreferere en uinitialiseret pointer, førende til procesnedbrud - eller endda udførelse af vilkårlig kode.

    • - -
- -

I begge tilfælde menes det at være svært, at få udført vilkårlig kode, men -det er nok ikke umuligt.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.8.3+dfsg-4squeeze6.

- -

I distributionen testing (wheezy), er dette problem rettet i version -1.10.1+dfsg-2.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.10.1+dfsg-2.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2518.data" diff --git a/danish/security/2012/dsa-2519.wml b/danish/security/2012/dsa-2519.wml deleted file mode 100644 index b3c86a68387..00000000000 --- a/danish/security/2012/dsa-2519.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sikkerhedssårbarheder, som påvirker ISC dhcpd, en server til automatisk -tildeling af IP-adresser, er opdaget. Desuden rettelserne i den seneste -sikkerhedsopdatering af isc-dhcp, DSA-2516-1, ikke -gennemført korrekt hvad angår -CVE-2012-3571 -og -CVE-2012-3954. -Det er løst i denne ekstra opdatering.

- -
    - -
  • CVE-2011-4539 - -

    BlueCat Networks opdagede, at det var muligt at få DHCP-servere til at gå - ned, hvis de er opsat til at evaluere forespørgsler med regulære udtryk, ved - hjælp af fabrikerede DHCP-forespørgselspakker.

    • - -
  • CVE-2012-3571 - -

    Markus Hietava fra Codenomicon CROSS-projektet, opdagede at det var - muligt at tvinge serveren ind i en uendelig løkke via meddelelser med - misdannede klientidentifikatorer.

    • - -
  • CVE-2012-3954 - -

    Glen Eustace opdagede, at DHCP-servere kørende i DHCPv6-tilstand samt - muligvis DHCPv4-tilstand, var ramt af hukommelseslækager under behandling af - meddelelser. En angriber kunne udnytte fejlen til at opbruge ressourcer og - iværksætte lammelsesangreb (denial of service).

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.1.1-P1-15+squeeze6.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine isc-dhcp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2519.data" diff --git a/danish/security/2012/dsa-2520.wml b/danish/security/2012/dsa-2520.wml deleted file mode 100644 index 4e1b1c046f2..00000000000 --- a/danish/security/2012/dsa-2520.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="fd8cd9379f58d77c7e06f00a1c20c1b12572e845" mindelta="1" -flere heapbaserede bufferoverløb - -

Timo Warns fra PRE-CERT opdagede flere heapbaserede bufferoverløb i -OpenOffice.org, en kontorpakker. Problemerne ligger i XML-manifestets kode til -fortolking af krypteringstag. Med anvendelse af særligt fremstillede filer, -kunne en angriber for applikationen til at gå ned og kunne forårsage udførelse -af vilkårlige filer.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:3.2.1-11+squeeze7.

- -

openoffice.org-pakken er blevet erstattet af libreoffice i distributionen -testing (wheezy) og i den ustabile distribution (sid).

- -

I distributionen testing (wheezy), er dette problem rettet i version -1:3.5.4-7.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:3.5.4-7.

- -

Vi anbefaler at du opgraderer dine openoffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2520.data" diff --git a/danish/security/2012/dsa-2521.wml b/danish/security/2012/dsa-2521.wml deleted file mode 100644 index 6269688087f..00000000000 --- a/danish/security/2012/dsa-2521.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="af74868236b15f9b7cf69d2b1516caa25be0a0bb" mindelta="1" -heltalsoverløb - -

Jueri Aedla opdagede flere heltalsoverløb i libxml, hvilke kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb (denial of service).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.7.8.dfsg-2+squeeze5.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 2.8.0+dfsg1-5.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2521.data" diff --git a/danish/security/2012/dsa-2522.wml b/danish/security/2012/dsa-2522.wml deleted file mode 100644 index 2552301117f..00000000000 --- a/danish/security/2012/dsa-2522.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="cdd4e93d0c481a26ab7621802d7cc8f7dca6d9cb" mindelta="1" -skripting på tværs af servere - -

Emilio Pinna opdagede en sårbarhed i forbindelse med udførelse af skripter på -tværs af servere, i siden spellchecker.php hørende til FCKeditor, en populær -HTML-/DHTML-webeditor.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:2.6.6-1squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -1:2.6.6-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:2.6.6-3.

- -

Vi anbefaler at du opgraderer dine fckeditor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2522.data" diff --git a/danish/security/2012/dsa-2523.wml b/danish/security/2012/dsa-2523.wml deleted file mode 100644 index bb62a636249..00000000000 --- a/danish/security/2012/dsa-2523.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="84fe08732afdb0b35a4d06e866fd277fffa92a10" mindelta="1" -programmeringsfejl - -

Man opdagede, at GridFTP-komponenten fra Globus Toolkit, et værktøjssæt som -anvendes til opbygning af Grid-systemer og -applikationer, udførte -utilstrækkelig validering af navneopslag, hvilket kunne føre til -rettighedsforøgelse.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.23-1+squeeze1 af kildekodepakken globus-gridftp-server og i version -0.43-1+squeeze1 af kildekodepakken globus-gridftp-server-control.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 6.5-1.

- -

Vi anbefaler at du opgraderer dine globus-gridftp-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2523.data" diff --git a/danish/security/2012/dsa-2524.wml b/danish/security/2012/dsa-2524.wml deleted file mode 100644 index e5805b3ce58..00000000000 --- a/danish/security/2012/dsa-2524.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="95a36a26ae1f01d380a70446562b22a2e93ff3c3" mindelta="1" -flere sårbarheder - -

To lammelsesangrebssårbarheder (denial of service) er opdaget i -serverkomponenten i OpenTTD, en fri genimplementering af Transport Tycoon -Deluxe.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.0.4-6.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine openttd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2524.data" diff --git a/danish/security/2012/dsa-2525.wml b/danish/security/2012/dsa-2525.wml deleted file mode 100644 index 6cf84221077..00000000000 --- a/danish/security/2012/dsa-2525.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e86681c44c0b2e865637928ad943a25078cbf221" mindelta="1" -flere sårbarheder - -

Man opdagedem at Expat, et C-bibliotek til fortolkning af XML, var sårbar -over for et lammelsesangreb (denial of service) gennem hash-kollisioner og en -hukommelseslækage i pool-håndteringen.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.0.1-7+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -2.1.0~beta3-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.1.0~beta3-1.

- -

Vi anbefaler at du opgraderer dine expat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2525.data" diff --git a/danish/security/2012/dsa-2526.wml b/danish/security/2012/dsa-2526.wml deleted file mode 100644 index aa66be73b8c..00000000000 --- a/danish/security/2012/dsa-2526.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="91fae6072159043087081679949426134b9e6676" mindelta="1" -heapbaseret bufferoverløb - -

Just Ferguson opdagede, at libotr, et off-the-record-meddelelsessystem (OTR), -kunne tvinges til at udføre nul længde-allokeringer af heapbuffere, som anvendes -i base64-dekodningsrutiner. En angriber kunne udnytte fejlen ved at sende -fabrikerede meddeleleser til en applikation, som anvender libotr, og dermed -iværksætte lammelsesangreb (denial of service) eller potentielt udføre vilkårlig -kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.2.0-2+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -3.2.1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.2.1-1.

- -

Vi anbefaler at du opgraderer dine libotr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2526.data" diff --git a/danish/security/2012/dsa-2527.wml b/danish/security/2012/dsa-2527.wml deleted file mode 100644 index 26ee932bc36..00000000000 --- a/danish/security/2012/dsa-2527.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i webskriptsprog PHP. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2012-2688 - -

    Et bufferoverløb i funktionen scandir() kunne føre til lammelsesangreb - (denial of service) eller udførelse af vilkårlig kode.

    • - -
  • CVE-2012-3450 - -

    Man opdagede, at ikke-konsistent fortolkning af PDO-forberedte statements - kunne føre til lammelsesangreb.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -5.3.3-7+squeeze14.

- -

I den ustabile distribution (sid), er dette problem rettet i version -5.4.4-4.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2527.data" diff --git a/danish/security/2012/dsa-2528.wml b/danish/security/2012/dsa-2528.wml deleted file mode 100644 index bd5ea914b34..00000000000 --- a/danish/security/2012/dsa-2528.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Icedove, Debians version af mail- og -newsklienten Mozilla Thunderbird.

- -
    - -
  • CVE-2012-1948 - -

    Flere uspecificerede sårbarheder i browsermaskinen blev rettet.

    • - -
  • CVE-2012-1950 - -

    Den underliggende browsermaskine muliggjorde adresselinjeforfalskning - gennem træk og slip.

    • - -
  • CVE-2012-1954 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse i funktionen - nsDocument::AdoptNode, gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (korruption af heaphukommelse) eller muligvis udføre - vilkårlig kode.

    • - -
  • CVE-2012-1967 - -

    En fejl i implementeringen af JavaScript-sandkassen, gjorde det muligt - af udføre JavaScript-kode med upassende rettigheder ved brug af - javascript:-URL'er.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.0.11-1+squeeze12.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 10.0.6-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2528.data" diff --git a/danish/security/2012/dsa-2529.wml b/danish/security/2012/dsa-2529.wml deleted file mode 100644 index ccb6d04e342..00000000000 --- a/danish/security/2012/dsa-2529.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Jeroen Dekkers og andre rapporterede om flere sårbarheder i Django, et -Python Web-framework. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2012-3442 - -

    To funktioner validerede ikke redirect-målets skema, hvilket måske gjorde - det muligt for fjernangribere at iværksætte angreb i forbindelse med - udførelse af skripter på tværs af websteder (XSS) gennem en - data:-URL.

    • - -
  • CVE-2012-3443 - -

    Klassen ImageField dekomprimerede fuldstændig billeddata under validering - af billeder, hvilket gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (hukommelseskorruption) ved at uploade en - billedfil.

    • - -
  • CVE-2012-3444 - -

    Funktionen get_image_dimensions i billedhåndteringsfunktionaliteten, - anvendte en konstant chunk-størrelse i alle forsøg på at afgøre - dimensioner, hvilket gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (proces- eller trådforbrug) gennem et stort - TIFF-billede.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.2.3-3+squeeze3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.4.1-1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2529.data" diff --git a/danish/security/2012/dsa-2530.wml b/danish/security/2012/dsa-2530.wml deleted file mode 100644 index 7420044c6a3..00000000000 --- a/danish/security/2012/dsa-2530.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="f8f6f3df0eba4d95b93e41374e54a812c290a0a7" mindelta="1" -shell-kommando-indsprøjtning - -

Henrik Erkkonen opdagede, at rssh, en begrænset SSH-shell, ikke på korrekt -vis begrænsede shell-adgang.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.3.2-13squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.3.3-5.

- -

Vi anbefaler at du opgraderer dine rssh-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2530.data" diff --git a/danish/security/2012/dsa-2531.wml b/danish/security/2012/dsa-2531.wml deleted file mode 100644 index 058b86fb6b8..00000000000 --- a/danish/security/2012/dsa-2531.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb - -

Flere lammelsesangrebssårbarheder er opdaget i Xen, den populære -virtualiseringssoftware. Projektet Common Vulnerabilities and Exposures har -registeret følgende problemer:

- -
    - -
  • CVE-2012-3432 - -

    Upriviligeret kode i gæstetilstand, som har fået tildelt rettigheder til - at tilgå MMIO-områder, kan tillempe adgangen til at få hele gæsten til at gå - ned. Da det benyttes til at få klienten til at gå ned inde fra, anses - sårbarheden for at have en lav virkningsgrad.

    • - -
  • CVE-2012-3433 - -

    En gæsts kerne kunne få værten til at holde op med at svare i et stykke - tid, potentielt førende til et lammelsesangreb. Da en angriber med fuld - kontrol i gæsten kan påvirke værten, anses sårbarheden for at have en høj - virkningsgrad.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.0.1-5.3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -4.1.3-1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2531.data" diff --git a/danish/security/2012/dsa-2532.wml b/danish/security/2012/dsa-2532.wml deleted file mode 100644 index 2d2a78f9edd..00000000000 --- a/danish/security/2012/dsa-2532.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="2dd9aafde8454eb079c7671f3000ce8f650a1276" mindelta="1" -lammelsesangreb - -

Sébastien Bocahu opdagede, at reverse proxy add forward-modulet til -webserveren Apache var sårbart over for et lammelsesangreb (denial of service) -gennem en enkelt fabrikeret forespørgsel med mange headere.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.5-3+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 0.6-1.

- -

Vi anbefaler at du opgraderer dine libapache2-mod-rpaf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2532.data" diff --git a/danish/security/2012/dsa-2533.wml b/danish/security/2012/dsa-2533.wml deleted file mode 100644 index cab380f7073..00000000000 --- a/danish/security/2012/dsa-2533.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Man opdagede, at Performance Co-Pilot (pcp), et framework til overvågning af -performance, indeholdt flere sårbarheder.

- -
    - -
  • CVE-2012-3418 - -

    Flere bufferoverløb i PCP-protokoldekoderne kunne medføre at PCP-klienter - og -servere gik ned eller, potentielt udførte vilkårlig kode mens - fabrikerede PDU'er blev handlet.

    • - -
  • CVE-2012-3419 - -

    linux-PMDA'en, som anvendes af pmcd-dæmonen, afslørede følsomme - oplysninger fra /proc-filsystemet til uautentificerede klienter.

    • - -
  • CVE-2012-3420 - -

    Flere hukommelseslækager ved behandling af fabrikerede foresoørgsler - kunne medføre at pmcd forbrugte store mængder hukommelse og til sidst gik - ned.

    • - -
  • CVE-2012-3421 - -

    Ukorrekt event-drevet programmering gjorde det muligt for ondsindede - klienter, at forhindre andre klienter i at tilgå pmcd-dæmonen.

    • - -
- -

For at løse informationsafsløringssårbarheden, -CVE-2012-3419, -er en ny proc-PMDA blevet indført, der som standard er deaktiveret. Hvis -man har behov for at tilgå disse oplysninger, kan man aktivere -proc-PMDA'en.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.3.3-squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.6.5.

- -

Vi anbefaler at du opgraderer dine pcp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2533.data" diff --git a/danish/security/2012/dsa-2534.wml b/danish/security/2012/dsa-2534.wml deleted file mode 100644 index df40e87873d..00000000000 --- a/danish/security/2012/dsa-2534.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sårbarheder relateret til XML-behandling, blev opdaget i PostgreSQL, en -SQL-database.

- -
    - -
  • CVE-2012-3488 - -

    contrib/xml2's xslt_process() kunne anvendes til at læse og skrive - eksterne filer og URL'er.

    • - -
  • CVE-2012-3489 - -

    xml_parse() hentede eksterne filer eller URL'er, for at resolve DTD- - og entitetsreferencer i XML-værdier.

    • - -
- -

Opdateringen fjerner den problematiske funktionalitet, hvilket potentielt kan -medføre at applikationer, som anvender det legitimt, kan holde op med at -virke.

- -

På grund af sårbarhedernes natur, er det muligt at angribere, som har -indirekte adgang til databasen, kan levere fabrikerede XML-data, som udnytter -sårbarheder.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -8.4.13-0squeeze1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -9.1.5-1 af pakken postgresql-9.1.

- -

Vi anbefaler at du opgraderer dine postgresql-8.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2534.data" diff --git a/danish/security/2012/dsa-2535.wml b/danish/security/2012/dsa-2535.wml deleted file mode 100644 index 9ce6b2e2d2f..00000000000 --- a/danish/security/2012/dsa-2535.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="91d3d0c2f7965a20a86128bd31430bf9dc97033c" mindelta="1" -udførelse af skripter på tværs af websteder - -

Man opdagede, at rtfm, Request Tracker FAQ Manager, indeholdt flere -sårbarheder i forbindelse med udførelse af skripter på tværs af websteder i -topic-administrationssiden.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.4.2-4+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 4.0.6-4 af pakken request-tracker4.

- -

Vi anbefaler at du opgraderer dine rtfm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2535.data" diff --git a/danish/security/2012/dsa-2536.wml b/danish/security/2012/dsa-2536.wml deleted file mode 100644 index 5872fb1cd89..00000000000 --- a/danish/security/2012/dsa-2536.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="dadc4ce074cdca49984b9331abf8786ccca64345" mindelta="1" -udførelse af skripter på tværs af websteder - -

Man opdagede, at Open Ticket Request System (OTRS), et problemsporingssystem, -indeholdt en sårbarhed i forbindelse med udførelse af skripter på tværs af -websteder, når mail blev vist i Internet Explorer. Opdateringen forbedrer også -HTML-sikkerhedsfilteret som kigger efter tag-nesting.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.4.9+dfsg1-3+squeeze3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.1.7+dfsg1-5.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2536.data" diff --git a/danish/security/2012/dsa-2537.wml b/danish/security/2012/dsa-2537.wml deleted file mode 100644 index da12d79878a..00000000000 --- a/danish/security/2012/dsa-2537.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder blev opdaget i TYPO3, et indholdshåndteringssystem.

- -
    - -
  • CVE-2012-3527 - -

    Et usikkert kald til afserialisering i hjælpesystemet muliggjorde - autentificerede brugeres udførelse af vilkårlig kode.

    • - -
  • CVE-2012-3528 - -

    TYPO3-backend'en indeholdt flere sårbarheder i forbindelse med udførelse - af skripter på tværs af websteder.

    • - -
  • CVE-2012-3529 - -

    Autentificerede brugere, som kan tilgå opsætningsmodulet, kunne få fat - i krypteringsnøglen, hvilket gjorde det muligt for dem at forøge deres - rettigheder.

    • - -
  • CVE-2012-3530 - -

    HTML-fornuftighedsfunktione RemoveXSS fjernede ikke flere - HTML5-JavaScript, hvorved resultatet af sårbarheder i forbindelse med - udførelse af skripter på tværs af websteder ikke blev - begrænset.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -4.3.9+dfsg1-1+squeeze5.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 4.5.19+dfsg1-1.

- -

Vi anbefaler at du opgraderer dine typo3-src-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2537.data" diff --git a/danish/security/2012/dsa-2538.wml b/danish/security/2012/dsa-2538.wml deleted file mode 100644 index 6173bfc7ccb..00000000000 --- a/danish/security/2012/dsa-2538.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="67643b436f8be9947bb60cf783cabe1341adb86c" mindelta="1" -rettighedsforøgelse - -

Man opdagede, at Moin, en Python-klon af WikiWiki, på ukorrektiv vurderede -ACL'er når virtuelle grupper er involveret. Det kunne give visse brugere -mulighed for at få yderligere rettigheder (rettighedsforøgelse) eller mangle -forventede rettigheder.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.9.3-1+squeeze2.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.9.4-8.

- -

Vi anbefaler at du opgraderer dine moin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2538.data" diff --git a/danish/security/2012/dsa-2539.wml b/danish/security/2012/dsa-2539.wml deleted file mode 100644 index 6310f47bf51..00000000000 --- a/danish/security/2012/dsa-2539.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="85512c580b2e8ad3e5709c11fe4666d9377cd3e8" mindelta="1" -SQL-indsprøjtning - -

Man opdagede, at Zabbix, en løsning til netværksovervågning, ikke på korrekt -vis validerede brugerinddata, som indgår i en SQL-forespørgsel. Det kunne gøre -det muligt for uautoriserede angribere, at udføre vilkårlige SQL-kommandoer -(SQL-indsprøjtning) og muligvis forøge rettigheder.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:1.8.2-1squeeze4.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:2.0.2+dfsg-1.

- -

Vi anbefaler at du opgraderer dine zabbix-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2539.data" diff --git a/danish/security/2012/dsa-2540.wml b/danish/security/2012/dsa-2540.wml deleted file mode 100644 index 00d2d3858ce..00000000000 --- a/danish/security/2012/dsa-2540.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="5f09d14914c493b24e2e783c69e3abb3e32170ca" mindelta="1" -udførelse af skripter på tværs af websteder - -

Emanuel Bronshtein opdagede, at Mahara, et elektronisk portfolio-, weblog- og -CV-program, indeholdt flere sårbarheder i forbindelse med udførelse af skripter -på tværs af websteder på grund af manglende fornuftighedskontroller og -utilstrækkelig indkapsling af brugerleverede data.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -1.2.6-2+squeeze5.

- -

I distributionen testing (wheezy), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.5.1-2.

- -

Vi anbefaler at du opgraderer dine mahara-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2540.data" diff --git a/danish/security/2012/dsa-2541.wml b/danish/security/2012/dsa-2541.wml deleted file mode 100644 index 59bcb19e916..00000000000 --- a/danish/security/2012/dsa-2541.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="30e553eeea49877d9aa3fb05c09afa45c7784c8a" mindelta="1" -informationsafsløring - -

Man opdagede, at Beaker, et cache- og sessionsbibliotek til Python, ved -benyttelse af backend'en python-crypto, var sårbar over for -informationsafsløring på grund af en kryptografisk svaghed med relation til -anvendelse af AES-cipher'en i ECB-tilstand.

- -

Systemer, der har pakken python-pycryptopp, skulle ikke være sårbare, da den -backend foretrækkes frem for python-crypto.

- -

After applying this update, existing sessions will be invalidated.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.5.4-4+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 1.6.3-1.1.

- -

Vi anbefaler at du opgraderer dine beaker-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2541.data" diff --git a/danish/security/2012/dsa-2542.wml b/danish/security/2012/dsa-2542.wml deleted file mode 100644 index 5548fc1bbd9..00000000000 --- a/danish/security/2012/dsa-2542.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i KVM, en komplet virtualiseringsløsning på -x86-hardware. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2012-2652: - -

    QEMU's snapshottilstand (-snapshot) håndterede på ukorrekt vis - midlertidige filer, som benyttes til at opbevare den aktuelle tilstand, - hvilket gjorde den sårbar over for symlinkangreb (herunder overskrivning af - vilkårlige filer og afsløring af oplysninger om gæster) på grund af en - kapløbstilstand.

    • - -
  • CVE-2012-3515: - -

    QEMU håndterede ikke på korrekt vis VT100-escapesekvenser ved emulering - af visse enheder med en virtuel konsol-backend. En angriber inden for en - gæst med adgang til den sårbare virtuelle konsol kunne overskrive hukommelse - hørende til QEMU og forøge rettighederne til dem fra - qemu-processen.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -0.12.5+dfsg-5+squeeze9.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2542.data" diff --git a/danish/security/2012/dsa-2543.wml b/danish/security/2012/dsa-2543.wml deleted file mode 100644 index 5b88837ee59..00000000000 --- a/danish/security/2012/dsa-2543.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i xen-qemu-dm-4.0, Xen QEMU Device Models -virtuelle maskine som emulerer hardware. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2012-3515: - -

    Enhedsmodellen for HVM-domæner håndterede ikke på korrekt vis - VT100-escapesekvenser, når der blev emuleret visse enheder med en virtuel - konsol-backend. En angriber inden for en gæst med adgang til den sårbare - virtuelle konsol kunne overskrive hukommelse hørende til enhedsmodellen og - forøge rettigheder til dem hørende til enhedsmodellens proces.

    • - -
  • CVE-2012-4411: - -

    QEMU-monitoren var som standard aktiveret, hvilket gjorde det muligt for - administratorer af en gæst, at tilgå ressourcer på værten, hvormed der - muligvis kunne forøges rettigheder eller tilgås ressourcer, som hører til en - anden gæst.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -4.0.1-2+squeeze2.

- -

Distributionen testing (wheezy) og den ustabile distribution (sid), -indeholder ikke længere denne pakke.

- -

Vi anbefaler at du opgraderer dine xen-qemu-dm-4.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2543.data" diff --git a/danish/security/2012/dsa-2544.wml b/danish/security/2012/dsa-2544.wml deleted file mode 100644 index d863f9fcf3f..00000000000 --- a/danish/security/2012/dsa-2544.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb - -

Flere sårbarheder i forbindelse med lammelsesangreb (denial of service) er -opdaget i Xen, en hypervisor. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2012-3494: - -

    Man opdagede, at set_debugreg tillod skrivninger til reserverede bits i - DR7-debugkontrolregisteret på amd64-paravirtualiserede gæster (x86-64), - hvilket gjorde det muligt for en gæst at få værten til at gå ned.

    • - -
  • CVE-2012-3496: - -

    Matthew Daley opdagede, at XENMEM_populate_physmap, når den blev kaldt - med flaget MEMF_populate_on_demand opsat, kunne en BUG (detekteringsrutine) - blive udløst, hvis en translating paging-tilstand ikke blev benyttet, - hvilket gjorde det muligt for en gæst at få værten til at gå ned.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -4.0.1-5.4.

- -

I distributionen testing (wheezy), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -4.1.3-2.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2544.data" diff --git a/danish/security/2012/dsa-2545.wml b/danish/security/2012/dsa-2545.wml deleted file mode 100644 index c37746e71a3..00000000000 --- a/danish/security/2012/dsa-2545.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i QEMU, en hurtig processoremulator. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2012-2652: - -

    QEMU's snapshottilstand (-snapshot) håndterede på ukorrekt vis - midlertidige filer, som benyttes til at opbevare den aktuelle tilstand, - hvilket gjorde den sårbar over for symlinkangreb (herunder overskrivning af - vilkårlige filer og afsløring af oplysninger om gæster) på grund af en - kapløbstilstand.

    • - -
  • CVE-2012-3515: - -

    QEMU håndterede ikke på korrekt vis VT100-escapesekvenser ved emulering - af visse enheder med en virtuel konsol-backend. En angriber inden for en - gæst med adgang til den sårbare virtuelle konsol kunne overskrive hukommelse - hørende til QEMU og forøge rettighederne til dem fra - qemu-processen.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -0.12.5+dfsg-3squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2545.data" diff --git a/danish/security/2012/dsa-2546.wml b/danish/security/2012/dsa-2546.wml deleted file mode 100644 index a06c92b3487..00000000000 --- a/danish/security/2012/dsa-2546.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="301c94628232b53ee41a0d3162065bdb4f9ce778" mindelta="1" -stakbaseret bufferoverløb - -

Timo Warns opdagede, at håndteringen af EAP-TLS i FreeRADIUS, en højtydende -og meget konfigurérbar RADIUS-server, ikke på korrekt vis udførte -længdekontroller på brugerleverede inddata før de blev kopieret til en lokal -stakbuffer. Som følge heraf kunne en uautoriseret angriber udnytte fejlen til -at få dæmonen til at gå ned eller udføre vilkårlig kode via fabrikerede -certifikater.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.1.10+dfsg-2+squeeze1.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.1.12+dfsg-1.1.

- -

Vi anbefaler at du opgraderer dine freeradius-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2546.data" diff --git a/danish/security/2012/dsa-2547.wml b/danish/security/2012/dsa-2547.wml deleted file mode 100644 index 87823a263ad..00000000000 --- a/danish/security/2012/dsa-2547.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="163a88c2015df6f6d869534ba17a8271915fca47" mindelta="1" -upassende assert - -

Man opdagede, at BIND, en DNS-server, ikke håndterede DNS-poster på korrekt -vis, når disse er tæt på størrelsesbegrænsninger som er bestemt af -DNS-protokollen. En angriber kunne anvende fabrikerede DNS-poster til at få -BIND-serverprocessen til at gå ned, førende til et lammelsesangreb (denial of -service).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:9.7.3.dfsg-1~squeeze7.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2547.data" diff --git a/danish/security/2012/dsa-2548.wml b/danish/security/2012/dsa-2548.wml deleted file mode 100644 index 78c175a6a08..00000000000 --- a/danish/security/2012/dsa-2548.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Tor, en onlineværktøj til -privatlivsbeskyttelse.

- -
    - -
  • CVE-2012-3518 - -

    Undgå en læsning af uinitialiseret hukommelse, når der læses et - vote- eller consensus-dokument, som har et ikke-genkendt - flavour-navn. Det kunne føre til et fjernudført nedbrud, medførende - lammelsesangreb (denial of service).

    • - -
  • CVE-2012-3519 - -

    Forsøg på at lække føre oplysninger om hvilke relay en klient vælger til - en side-channel-angriber.

    • - -
  • CVE-2012-4419 - -

    Ved at stille særligt fremstillede datastrenge til rådighed for en - ramt tor-instans, kunne en angriber få den til løbe ind i en assert og - lukke.

    • - -
- -

Desuden indeholder opdateringen af den stabile udgave følgende to rettelser: -Når der ventes på at en klient genforhandler, gives der ikke lov tilat tilføje -bytes til inputbufferen. Det retter et potentielt lammelsesangrebsproblem -(denial of service) -[tor-5934, -tor-6007].

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -0.2.2.39-1.

- -

I den ustabile distribution, er disse problemer rettet i version -0.2.3.22-rc-1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2548.data" diff --git a/danish/security/2012/dsa-2549.wml b/danish/security/2012/dsa-2549.wml deleted file mode 100644 index da8f738c78d..00000000000 --- a/danish/security/2012/dsa-2549.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i devscripts, et sæt skripter til at gøre livet -lettere for vedligeholdere af Debian-pakker. Projektet Common Vulnerabilities -and Exposures har fundet frem til følgende problemer:

- -
    - -
  • CVE-2012-2240: - -

    Raphael Geissert opdagede, at dscverify ikke udførte tilstrækkelig - validering og ikke på korrekt vis escape'de parametre til eksterne - kommandoer, hvilket gjorde det muligt for en fjernangriber (når dscverify - benyttes af dget) til at udføre vilkårlig kode.

    • - -
  • CVE-2012-2241: - -

    Raphael Geissert opdagede, at dget gjorde det muligt for en angriber at - slette vilkårlige filer, når der blev behandlet en særligt fremstillet .dsc- - eller .changes-fil, på grund af utilstrækkelig fornuftighedskontrol af - inddata.

    • - -
  • CVE-2012-2242: - -

    Raphael Geissert opdagede, at dget ikke på korrekt vis escape'de - parametre til eksterne kommandoer, når der blev behandlet .dsc- og - .changes-filer, hvilket gjorde det muligt for en angriber at udføre - vilkårlig kode. Problemet er begrænset med rettelsen af - CVE-2012-2241, - og er allerede rettet i version 2.10.73 på grund af kodeændringer, uden at - tage sikkerhedspåvirkningen i betragtning.

    • - -
  • CVE-2012-3500: - -

    Jim Meyering, Red Hat, opdagede at annotate-output afgjorde navnet på - midlertidige named pipes på en måde, der gjorde det muligt for en - lokal angriber at få det til af afbryde, førende til - lammelsesangreb.

    • - -
- -

Desuden er der rettet en regression i exit-koden i debdiff, som opstod i -forbindelse med rettelsen af DSA-2409-1.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -2.10.69+squeeze4.

- -

I distributionen testing (wheezy), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), vil disse problemer blive rettet i version -2.12.3.

- -

Vi anbefaler at du opgraderer dine devscripts-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2549.data" diff --git a/danish/security/2012/dsa-2550.wml b/danish/security/2012/dsa-2550.wml deleted file mode 100644 index ef1d1f4d30f..00000000000 --- a/danish/security/2012/dsa-2550.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="79ca6dc5cdd8b18f87013ac617a21d30acb72d6c" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Asterisk, et værktøjssæt til PBX og telefoni, -som muliggjorde rettighedsforøgelse i Asterisk Manager, lammelsesangreb (denial -of service) eller rettighedsforøgelse.

- -

Mere detaljerede oplysninger finder man i Asterisks bulletiner: -AST-2012-010, -AST-2012-011, -AST-2012-012 og -AST-2012-013. -

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -1:1.6.2.9-2+squeeze8.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 1:1.8.13.1~dfsg-1.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2550.data" diff --git a/danish/security/2012/dsa-2551.wml b/danish/security/2012/dsa-2551.wml deleted file mode 100644 index 48724a11850..00000000000 --- a/danish/security/2012/dsa-2551.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="209699f1cd99d59926d600169f3afb438163d95f" mindelta="1" -lammelsesangreb - -

Glen Eustace opdagede, at ISC DHCP-serveren, en server til automatisk -tildeling af IP-adresser, ikke på korrekt vis håndterede ændringer til -udlånes udløb. En angriber kunne måske anvende fejlen til at få tjenesten til -at gå ned og dermed forårsage lammelsesangrebsbetingelser (denial of service), -ved at nedsætte udløbstiden på et aktivt IPv6-udlån.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.1.1-P1-15+squeeze8.

- -

I distributionen testing (wheezy), er dette problem rettet i version -4.2.2.dfsg.1-5+deb70u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -4.2.4-2.

- -

Vi anbefaler at du opgraderer dine isc-dhcp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2551.data" diff --git a/danish/security/2012/dsa-2552.wml b/danish/security/2012/dsa-2552.wml deleted file mode 100644 index 415972f0017..00000000000 --- a/danish/security/2012/dsa-2552.wml +++ /dev/null @@ -1,64 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i TIFF, et bibliotekssæt og værktøjer til -understøttelse af Tag Image File Format (TIFF), muliggjorde lammelsesangreb -(denial of service) og potentiel rettighedsforøgelse.

- -

Sårbarhederne kunne udnyttes ved hjælp af et særligt fremstillet -TIFF-billede.

- -
    - -
  • CVE-2012-2113 - -

    Værktøjet tiff2pdf indeholdt en heltalsoverløbsfejl ved fortolkning af - billeder.

    • - -
  • CVE-2012-3401 - -

    Huzaifa Sidhpurwala opdagede et heapbaseret bufferoverløb i funktionen - t2p_read_tiff_init().

    • - -
  • CVE-2010-2482 - -

    Et ugyldigt td_stripbytecount-felt blev ikke håndteret korrekt og kunne - udløse en NULL-pointerdereference.

    • - -
  • CVE-2010-2595 - -

    En arrayindekseringsfejl, med relation til downsampled OJPEG input - i funktionen TIFFYCbCrtoRGB, forårsagede et uventet nedbrud.

    • - -
  • CVE-2010-2597 - -

    Også med relation til downsampled OJPEG input, gik funktionen - TIFFVStripSize uventet ned.

    • - -
  • CVE-2010-2630 - -

    Funktionen TIFFReadDirectory validerede ikke på korrekt vis tags - codec-specifikke datatyper, der ikke var positioneret som forventet i en - TIFF-fil.

    • - -
  • CVE-2010-4665 - -

    Værktøjet tiffdump indeholdt et heltalsoverløb i funktionen - ReadDirectory.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.9.4-5+squeeze5.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -4.0.2-2.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -4.0.2-2.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2552.data" diff --git a/danish/security/2012/dsa-2553.wml b/danish/security/2012/dsa-2553.wml deleted file mode 100644 index b6ee37655d2..00000000000 --- a/danish/security/2012/dsa-2553.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="ccade26e2cd4b9038fba93165fa85a1502c98239" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Iceweasel, en webbrowser baseret på Firefox. -Det medfølgende XULRunner-bibliotek leverer renderingtjenster til flere andre -programmer, som er indeholdt i Debian.

- -

De rapporterede sårbarheder kunne føre til udførelse af vilkårlig kode eller -omgåelse af begrænsninger på indlæsning af indhold via location-objektet.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.5.16-18.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -10.0.7esr-2.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -10.0.7esr-2.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2553.data" diff --git a/danish/security/2012/dsa-2554.wml b/danish/security/2012/dsa-2554.wml deleted file mode 100644 index f67022a4a4f..00000000000 --- a/danish/security/2012/dsa-2554.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="689422477dd7db7cb85f6edfbfa28d177b687e32" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Iceape, en internetsuite baseret på -Seamonkey.

- -

De rapporterede sårbarheder kunne føre til udførelse af vilkårlig kode eller -omgåelse af begrænsninger på indlæsning af indhold via location-objektet.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -2.0.11-15.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -2.7.7-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2.7.7-1.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2554.data" diff --git a/danish/security/2012/dsa-2555.wml b/danish/security/2012/dsa-2555.wml deleted file mode 100644 index 3d4022a1b92..00000000000 --- a/danish/security/2012/dsa-2555.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="0d04733fd22bbb750dae3104f7966662b01fcd05" mindelta="1" -flere sårbarheder - -

Nicholas Gregoire og Cris Neckar opdagede flere fejl i forbindelse med -hukommelseshåndteringen i libxslt, hvilke kunne føre til lammelsesangreb (denial -of service) eller udførelse af vilkårlig kode, hvis et misdannet dokument blev -behandlet.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -1.1.26-6+squeeze2.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.1.26-14.

- -

Vi anbefaler at du opgraderer dine libxslt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2555.data" diff --git a/danish/security/2012/dsa-2556.wml b/danish/security/2012/dsa-2556.wml deleted file mode 100644 index faf40b207b7..00000000000 --- a/danish/security/2012/dsa-2556.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="ae111c6d7d103115f5424f5877280ef09a6d3b4c" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Icedove, Debians udgave af mail- og -newsklienten Mozilla Thunderbird.

- -

Der er blandt andre tale om flere tilfælde af problemer i forbindelse med -anvendelse efter frigivelse og bufferoverløb. De rapporterede sårbarheder kunne -føre til udførelse af vilkårlig kode, samt omgåelse af indlæsningsbegrænsinger -via location-objektet.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.0.11-1+squeeze13.

- -

For the distributionen testing (wheezy), er dette problem rettet i version -10.0.7-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 10.0.7-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2556.data" diff --git a/danish/security/2012/dsa-2557.wml b/danish/security/2012/dsa-2557.wml deleted file mode 100644 index fe28865ebe6..00000000000 --- a/danish/security/2012/dsa-2557.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="08ce0d259bb4acc1bcffe41a9d81ab67181646ae" mindelta="1" -bufferoverløb - -

Timo Warns opdagede, at den interne autentifikationsserver i hostapd, en -brugerrumsautentifikationer til IEEE 802.11 AP og IEEE 802.1X/WPA/WPA2/EAP var -sårbar over for et bufferoverløb ved behandling af fragmenterede -EAP-TLS-meddelelser. Som følge heraf terminerede en intern -overløbskontrolrutine processen. En angriber kunne udnytte fejlen til at -iværksætte lammelsesangreb (denial of service) gennem fabrikerede -EAP-TLS-meddelelser før enhver autentifikation.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:0.6.10-2+squeeze1.

- -

I distributionen testing (wheezy) og i den unstabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine hostapd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2557.data" diff --git a/danish/security/2012/dsa-2558.wml b/danish/security/2012/dsa-2558.wml deleted file mode 100644 index 06e95097892..00000000000 --- a/danish/security/2012/dsa-2558.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="31610b69e582f42f4174beda987dbfe45cb86b9d" mindelta="1" -informationsafsløring - -

Man opdagede, at bacula, en netværkssikkerhedskopiservice, ikke på korrekt -vis håndhævede konsol-ACL'er. Det kunne gøre det muligt for en klient med -ellers begrænsede rettigheder, at dumpe oplysninger om ressourcer.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -5.0.2-2.2+squeeze1.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -5.2.6+dfsg-4.

- -

Vi anbefaler at du opgraderer dine bacula-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2558.data" diff --git a/danish/security/2012/dsa-2559.wml b/danish/security/2012/dsa-2559.wml deleted file mode 100644 index 4933305a7c0..00000000000 --- a/danish/security/2012/dsa-2559.wml +++ /dev/null @@ -1,73 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev fudnet i libexif, et bibliotek som anvendes til at -fortolke EXIF-metadata i kamerafiler.

- -
    - -
  • CVE-2012-2812: - -

    En heapbaseret arraylæsning ud over grænserne i funktionen - exif_entry_get_value gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb (denial of service) eller muligvis få adgang til potentielt - følsomme oplysninger fra proceshukommelse via et billede med fabrikerede - EXIF-tags.

    • - -
  • CVE-2012-2813: - -

    En heapbaseret arraylæsning ud over grænserne i funktionen - exif_convert_utf16_to_utf8 gjorde det muligt for fjernangribere at forårsage - et lammelsesangreb eller muligvis få adgang til potentielt følsomme - oplysninger fra proceshukommelse via et billede med fabrikerede - EXIF-tags.

    • - -
  • CVE-2012-2814: - -

    En bufferoverløb i funktionen exif_entry_format_value gjorde det muligt - for fjernangribere at forårsage et lammelsesangreb eller muligvis udføre - vilkårlig kode via et billede med fabrikerede EXIF-tags.

    • - -
  • CVE-2012-2836: - -

    En heapbaseret arraylæsning ud over grænserne i funktionen - exif_data_load_data gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb eller muligvis få adgang til potentielt følsomme oplysninger - fra proceshukommelse via et billede med fabrikerede EXIF-tags.

    • - -
  • CVE-2012-2837: - -

    En division med én-fejl i funktionen mnote_olympus_entry_get_value, under - formatering af EXIF-producentbemærkningstags gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb via et billede med - fabrikerede EXIF-tags.

    • - -
  • CVE-2012-2840: - -

    En forskudt med én-fejl i funktionen exif_convert_utf16_to_utf8 gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb eller muligvis - udføre vilkårlig kode via et billede med fabrikerede EXIF-tags.

    • - -
  • CVE-2012-2841: - -

    Et heltalsunderløb i funktionen exif_entry_get_value kunne udløse et - heapoverløb og potentiel udførelse af vilkårlig kode, under formatering af - et EXIF-tag, hvis funktionen blev kaldt med et bufferstørrelsesparameter - svarende til nul eller en.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -0.6.19-1+squeeze1.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -0.6.20-3.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -0.6.20-3.

- -

Vi anbefaler at du opgraderer dine libexif-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2559.data" diff --git a/danish/security/2012/dsa-2560.wml b/danish/security/2012/dsa-2560.wml deleted file mode 100644 index 0b68f6b56fa..00000000000 --- a/danish/security/2012/dsa-2560.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="92c186ba89066319859bfe3b81a5a893ed8dfab2" mindelta="1" -lammelsesangreb - -

Man opdagede, at BIND, en DNS-server, hang under konstruktionen af -additional-afsnittet i et DNS-svar, når visse kombinationer af ressourceposter -var til stede. Sårbarheden påvirker både rekursive og autoritative servere.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:9.7.3.dfsg-1~squeeze8.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2560.data" diff --git a/danish/security/2012/dsa-2561.wml b/danish/security/2012/dsa-2561.wml deleted file mode 100644 index 54dd5784c3c..00000000000 --- a/danish/security/2012/dsa-2561.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="d01cd0e6e64ce17a7df815446e41319c512f3328" mindelta="1" -bufferoverløb - -

Man opdagede, at et bufferoverløb i libtiffs fortolkning af filer, som -benytter PixarLog-komprimering, kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.9.4-5+squeeze6.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 3.9.6-9 af kildekodepakken tiff3 og i version -4.0.2-4 af kildekodepakken tiff.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2561.data" diff --git a/danish/security/2012/dsa-2562.wml b/danish/security/2012/dsa-2562.wml deleted file mode 100644 index dae94142d34..00000000000 --- a/danish/security/2012/dsa-2562.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="6a54e1130a478ff4ae59a5210738cddca5a35e83" mindelta="1" -rettighedsforøgelse - -

cups-pk-helper, en PolicyKit-helper til opsætning af CUPS med -finindstillelige rettigheder, indpakkede CUPS-funktionskald på en usikker måde. -Det kunne føre til uploadning af følsomme oplysninger til en CUPS-ressource, -eller overskrivning af specifikke filer med indholdet fra CUPS-ressourcen. -Brugeren skulle eksplicit godkende handlingen.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.1.0-3.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.2.3-1.

- -

Vi anbefaler at du opgraderer dine cups-pk-helper-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2562.data" diff --git a/danish/security/2012/dsa-2563.wml b/danish/security/2012/dsa-2563.wml deleted file mode 100644 index 1c0b18046ba..00000000000 --- a/danish/security/2012/dsa-2563.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev fundet i ViewVC, en webgrænseflade til CVS- og -Subversion-arkiver.

- -
    - -
  • CVE-2009-5024 - -

    Fjernangribere kunne omgå opsætningsindstillingen cvsdb row_limit, og - dermed iværksætte ressourceforbrugsangreb via limit-parameteret.

    • - -
  • CVE-2012-3356 - -

    Fjernvisningsfunktionaliteten til Subversion udførte ikke tilstrækkelig - autorisation, hvilket gjorde det muligt for fjernangribere at omgå - tilsigtede adgangsbegrænsninger.

    • - -
  • CVE-2012-3357 - -

    Subversion-versionsvisningen håndterede ikke på korrekt vis - logmeddelelser, når en læsbar sti blev kopieret fra en ikke-læsbar sti, - hvilket gjorde det muligt for fjernangribere at få fat i følsomme - oplysninger.

    • - -
  • CVE-2012-4533 - -

    function name-linjer fra diff blev ikke indkapslet på korrekt vis, - hvilket gjorde det muligt for angribere med commit-rettigheder, at udføre - skripter på tværs af webservere.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -1.1.5-1.1+squeeze2.

- -

I distributionen testing (wheezy), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.1.5-1.4.

- -

Vi anbefaler at du opgraderer dine viewvc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2563.data" diff --git a/danish/security/2012/dsa-2564.wml b/danish/security/2012/dsa-2564.wml deleted file mode 100644 index a5394da958f..00000000000 --- a/danish/security/2012/dsa-2564.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a5fc65fb871e384c5b337ea200521bce46ef0b0e" mindelta="1" -lammelsesangreb - -

gpernot opdagede, at Tinyproxy, en HTTP-proxy, var sårbar over for et -lammelsesangreb (denial of service) foretaget af fjernangribere ved at sende -fabrikerede forespørgselsheadere.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.8.2-1squeeze3.

- -

I distributionen testing (wheezy), er dette problem rettet i version -1.8.3-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.8.3-3.

- -

Vi anbefaler at du opgraderer dine tinyproxy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2564.data" diff --git a/danish/security/2012/dsa-2565.wml b/danish/security/2012/dsa-2565.wml deleted file mode 100644 index 526c66c0234..00000000000 --- a/danish/security/2012/dsa-2565.wml +++ /dev/null @@ -1,83 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i Iceweasel, Debians udgave af webbrowseren -Mozilla Firefox. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2012-3982: - -

    Flere ikke-angivne sårbarheder i browsermaskinen gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (hukommelseskorruption og - applikationsnedbrud) eller muligvis udføre vilkårlig kode via ukendte - angrebsvinkler.

    • - -
  • CVE-2012-3986: - -

    Iceweasel begrænsede ikke på korrekt vis kald til DOMWindowUtils-metoder, - hvilket gjorde det muligt for fjernangribere at omgå tilsigtede - adgangsbegrænsninger via fabrikeret JavaScript-kode.

    • - -
  • CVE-2012-3990: - -

    En sårbarhed i forbindelse med brug efter frigivelse i implementeringen - af IME State Manager, gjorde det muligt for fjernangribere at udføre - vilkårlig kode via ikke-angivne angrebsvinkler i forbindelse med funktionen - nsIContent::GetNameSpaceID.

    • - -
  • CVE-2012-3991: - -

    Iceweasel begrænsede ikke på korrekt vis JSAPI-adgang til funktionen - GetProperty, hvilket gjorde det muligt for fjernangribere at omgå Same - Origin Policy (samme ophav-reglen) og muligvis have anden ikke-angivet - virkning via et fabrikeret websted.

    • - -
  • CVE-2012-4179: - -

    En sårbarhed i forbindelse med brug efter frigivelse i funktionen - nsHTMLCSSUtils::CreateCSSPropertyTxn, gjorde det muligt for fjernangribere - at udføre vilkårlig kode eller forårsage lammelsesangreb (korruption af - heaphukommelse) via ikke-angivne angrebsvinkler.

    • - -
  • CVE-2012-4180: - -

    Et heapbaseret bufferoverløb i funktionen - nsHTMLEditor::IsPrevCharInNodeWhitespace, gjorde det muligt for - fjernangribere at udføre vilkårlig kode via ikke-angivne - angrebsvinkler.

    • - -
  • CVE-2012-4182: - -

    En sårbarhed i forbindelse med brug efter frigivelse i funktionen - nsTextEditRules::WillInsert, gjorde det muligt for fjernangribere at udføre - vilkårlig kode eller forårsage et lammelsesangreb (korruption af - heaphukommelse) via ikke-angivne angrebsvinkler.

    • - -
  • CVE-2012-4186: - -

    Et heapbaseret bufferoverløb i funktionen nsWav-eReader::DecodeAudioData, - gjorde det muligt for fjernangribere at udføre vilkårlig kode via - ikke-angivne angrebsvinkler.

    • - -
  • CVE-2012-4188: - -

    Et heapbaseret bufferoverløb i funktionen Convolve3x3, gjorde det muligt - for fjernangribere at udføre vilkårlig kode via ikke-angivne - angrebsvinkler.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.5.16-19.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 10.0.8esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2565.data" diff --git a/danish/security/2012/dsa-2566.wml b/danish/security/2012/dsa-2566.wml deleted file mode 100644 index c0b55845e85..00000000000 --- a/danish/security/2012/dsa-2566.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="acd10a17ab494c7316efddb0160ed1450686dc5c" mindelta="1" -heapbaseret bufferoverløb - -

Man opdagede, at Exim, en mailtransportagent, ikke på korrekt vis håndterede -dekodning af DNS-poster vedrørende DKIM. Helt specifikt kunne fabrikerede -poster medføre et heapbaseret bufferoverløb. En angriber kunne udnytte fejlen -til at udføre vilkårlig kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.72-6+squeeze3.

- -

I distributionen testing (wheezy), er dette problem rettet i version -4.80-5.1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -4.80-5.1.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2566.data" diff --git a/danish/security/2012/dsa-2567.wml b/danish/security/2012/dsa-2567.wml deleted file mode 100644 index 273214f4f88..00000000000 --- a/danish/security/2012/dsa-2567.wml +++ /dev/null @@ -1,56 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - - -

Flere sårbarheder er opdaget i Request Tracker (RT), et -problemsporingssystem.

- -
    - -
  • CVE-2012-4730 - -

    Autentificerede brugere kunne tilføje vilkårlige headere eller indhold - til mails genereret af RT.

    • - -
  • CVE-2012-4732 - -

    En CSRF-sårbarhed kunne måske gøre det muligt for angribere at skifte - sagsbogmærker.

    • - -
  • CVE-2012-4734 - -

    Hvis brugere fulgte en fabrikeret URI og loggede på RT, kunne de måske - udløse handlinger, som under almindelige omstændigheder blokeres af logikken - til forhindring af CSRF.

    • - -
  • CVE-2012-6578, - CVE-2012-6579, - CVE-2012-6580, - CVE-2012-6581 - -

    Flere forskellige sårbarheder i GnuPG-behandlingen gjorde det muligt - for angribere at få RT at signere udgående mails på ukorrekt vis.

    • - -
  • CVE-2012-4884 - -

    Hvis GnuPG-understøttelse er aktiveret, kunne autentificerede brugere - oprette vilkårlige filer som webserverbrugeren, hvilket måske gjorde det - muligt at udføre vilkårlig kode.

    • - -
- -

Bemærk, at hvis du kører request-tracker3.8 under webserveren Apache, så -skal du stoppe og startte Apache manuelt. restart-mekanismen anbefales -ikk, særligt når mod_perl anvendes.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.8.8-7+squeeze6.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -4.0.7-2 af pakken request-tracker4.

- -

Vi anbefaler at du opgraderer dine request-tracker3.8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2567.data" diff --git a/danish/security/2012/dsa-2568.wml b/danish/security/2012/dsa-2568.wml deleted file mode 100644 index d7498351d23..00000000000 --- a/danish/security/2012/dsa-2568.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="ea5b489173a269dcd2f303f155effd16dc3aecd9" mindelta="1" -rettighedsforøgelse - -

Man opdagede, at RTFM, FAQ-håndteringsprogrammet til Request Tracker, gjorde -det muligt for autentificerede brugere at oprette artikler i enhver klasse.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.4.2-4+squeeze2.

- -

Vi anbefaler at du opgraderer dine rtfm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2568.data" diff --git a/danish/security/2012/dsa-2569.wml b/danish/security/2012/dsa-2569.wml deleted file mode 100644 index 2d9da944216..00000000000 --- a/danish/security/2012/dsa-2569.wml +++ /dev/null @@ -1,82 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Icedove, Debians udgave af mailklienten -Mozilla Thunderbird. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2012-3982: - -

    Flere ikke-angivne sårbarheder i browsermaskinen gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (hukommelseskorruption og - applikationsnedbrud) eller muligvis udføre vilkårlig kode via ukendte - angrebsvinkler.

    • - -
  • CVE-2012-3986: - -

    Iceweasel begrænsede ikke på korrekt vis kald til DOMWindowUtils-metoder, - hvilket gjorde det muligt for fjernangribere at omgå tilsigtede - adgangsbegrænsninger via fabrikeret JavaScript-kode.

    • - -
  • CVE-2012-3990: - -

    En sårbarhed i forbindelse med brug efter frigivelse i implementeringen - af IME State Manager, gjorde det muligt for fjernangribere at udføre - vilkårlig kode via ikke-angivne angrebsvinkler i forbindelse med funktionen - nsIContent::GetNameSpaceID.

    • - -
  • CVE-2012-3991: - -

    Iceweasel begrænsede ikke på korrekt vis JSAPI-adgang til funktionen - GetProperty, hvilket gjorde det muligt for fjernangribere at omgå Same - Origin Policy (samme ophav-reglen) og muligvis have anden ikke-angivet - virkning via et fabrikeret websted.

    • - -
  • CVE-2012-4179: - -

    En sårbarhed i forbindelse med brug efter frigivelse i funktionen - nsHTMLCSSUtils::CreateCSSPropertyTxn, gjorde det muligt for fjernangribere - at udføre vilkårlig kode eller forårsage lammelsesangreb (korruption af - heaphukommelse) via ikke-angivne angrebsvinkler.

    • - -
  • CVE-2012-4180: - -

    Et heapbaseret bufferoverløb i funktionen - nsHTMLEditor::IsPrevCharInNodeWhitespace, gjorde det muligt for - fjernangribere at udføre vilkårlig kode via ikke-angivne - angrebsvinkler.

    • - -
  • CVE-2012-4182: - -

    En sårbarhed i forbindelse med brug efter frigivelse i funktionen - nsTextEditRules::WillInsert, gjorde det muligt for fjernangribere at udføre - vilkårlig kode eller forårsage et lammelsesangreb (korruption af - heaphukommelse) via ikke-angivne angrebsvinkler.

    • - -
  • CVE-2012-4186: - -

    Et heapbaseret bufferoverløb i funktionen nsWav-eReader::DecodeAudioData, - gjorde det muligt for fjernangribere at udføre vilkårlig kode via - ikke-angivne angrebsvinkler.

    • - -
  • CVE-2012-4188: - -

    Et heapbaseret bufferoverløb i funktionen Convolve3x3, gjorde det muligt - for fjernangribere at udføre vilkårlig kode via ikke-angivne - angrebsvinkler.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.0.11-1+squeeze14.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 10.0.9-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2569.data" diff --git a/danish/security/2012/dsa-2570.wml b/danish/security/2012/dsa-2570.wml deleted file mode 100644 index c8f55afa621..00000000000 --- a/danish/security/2012/dsa-2570.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="5f4a0a2b8caaf9c8d362590e82a1815fe70b0efd" mindelta="1" -flere sårbarheder - -

High-Tech Bridge SA Security Research Lab opdagede flere sårbarheder i -forbindelse med nullpointerdereferencer i OpenOffice.org, hvilket kunne -forårsage applikationsnedbrud eller endda udførelse af vilkårlig kode ved hjælp -af særligt fabrikerede filer. Påvirkede filtyper er LWP (Lotus Word Pro), ODG, -PPT (PowerPoint 2003) og XLS (Excel 2003).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1:3.2.1-11+squeeze8.

- -

openoffice.org-pakken er erstattet af libreoffice i distributionerne testing -(wheezy) og unstable (sid).

- -

I distributionen testing (wheezy), er dette problem rettet i version -1:3.5.4+dfsg-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:3.5.4+dfsg-3.

- -

Vi anbefaler at du opgraderer dine openoffice.org-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2570.data" diff --git a/danish/security/2012/dsa-2571.wml b/danish/security/2012/dsa-2571.wml deleted file mode 100644 index 5afc8af6222..00000000000 --- a/danish/security/2012/dsa-2571.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ba5a5b857826aaf25d1d3138960dbfd6cd097d8a" mindelta="1" -bufferoverløb - -

Red Hat Security Response Team opdagede, at libproxy, et bibliotek til -håndtering af automatisk proxyopsætning, udførte utilstrækkelig validering af -Content-Length-headeren, som sendes af en server der leverer en proxy.pac-file. -Sådanne fjernservere kunne udløse et heltalsoverløb og dermed få en buffer i -hukommelsen til at løbe over.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.3.1-2+squeeze1.

- -

I distributionen testing (wheezy) og i ustabile distribution (sid), er dette -problem rettet i version 0.3.1-5.1.

- -

Vi anbefaler at du opgraderer dine libproxy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2571.data" diff --git a/danish/security/2012/dsa-2572.wml b/danish/security/2012/dsa-2572.wml deleted file mode 100644 index 0aeaf8f4701..00000000000 --- a/danish/security/2012/dsa-2572.wml +++ /dev/null @@ -1,89 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Iceape, en internetsuite baseret på -Seamonkey:

- -
    - -
  • CVE-2012-3982: - -

    Flere ikke-angivne sårbarheder i browsermaskinen gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb (hukommelseskorruption og - applikationsnedbrud) eller muligvis udføre vilkårlig kode via ukendte - angrebsvinkler.

    • - -
  • CVE-2012-3986: - -

    Iceweasel begrænsede ikke på korrekt vis kald til DOMWindowUtils-metoder, - hvilket gjorde det muligt for fjernangribere at omgå tilsigtede - adgangsbegrænsninger via fabrikeret JavaScript-kode.

    • - -
  • CVE-2012-3990: - -

    En sårbarhed i forbindelse med brug efter frigivelse i implementeringen - af IME State Manager, gjorde det muligt for fjernangribere at udføre - vilkårlig kode via ikke-angivne angrebsvinkler i forbindelse med funktionen - nsIContent::GetNameSpaceID.

    • - -
  • CVE-2012-3991: - -

    Iceweasel begrænsede ikke på korrekt vis JSAPI-adgang til funktionen - GetProperty, hvilket gjorde det muligt for fjernangribere at omgå Same - Origin Policy (samme ophav-reglen) og muligvis have anden ikke-angivet - virkning via et fabrikeret websted.

    • - -
  • CVE-2012-4179: - -

    En sårbarhed i forbindelse med brug efter frigivelse i funktionen - nsHTMLCSSUtils::CreateCSSPropertyTxn, gjorde det muligt for fjernangribere - at udføre vilkårlig kode eller forårsage lammelsesangreb (korruption af - heaphukommelse) via ikke-angivne angrebsvinkler.

    • - -
  • CVE-2012-4180: - -

    Et heapbaseret bufferoverløb i funktionen - nsHTMLEditor::IsPrevCharInNodeWhitespace, gjorde det muligt for - fjernangribere at udføre vilkårlig kode via ikke-angivne - angrebsvinkler.

    • - -
  • CVE-2012-4182: - -

    En sårbarhed i forbindelse med brug efter frigivelse i funktionen - nsTextEditRules::WillInsert, gjorde det muligt for fjernangribere at udføre - vilkårlig kode eller forårsage et lammelsesangreb (korruption af - heaphukommelse) via ikke-angivne angrebsvinkler.

    • - -
  • CVE-2012-4186: - -

    Et heapbaseret bufferoverløb i funktionen nsWav-eReader::DecodeAudioData, - gjorde det muligt for fjernangribere at udføre vilkårlig kode via - ikke-angivne angrebsvinkler.

    • - -
  • CVE-2012-4188: - -

    Et heapbaseret bufferoverløb i funktionen Convolve3x3, gjorde det muligt - for fjernangribere at udføre vilkårlig kode via ikke-angivne - angrebsvinkler.

    • - -
- -

Desuden retter denne opdatering en regression i patch'en til -\ -CVE-2012-3959, som blev udgivet i forbindelse med -DSA-2554-1.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -2.0.11-16.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -10.0.10esr-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -10.0.10esr-1.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2572.data" diff --git a/danish/security/2012/dsa-2573.wml b/danish/security/2012/dsa-2573.wml deleted file mode 100644 index 4f54a142b33..00000000000 --- a/danish/security/2012/dsa-2573.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -SSL-certifikatvalideringssvaghed - -

Ralf Paffrath rapporterede, at Radsecproxy, en RADIUS-protokolproxy, blandede -klienters før- og efterhåndtryksklientverifikation. Sårbarheden kunne ukorrekt -acceptere klienter uden at kontrollere deres certifikatkæde i visse -opsætninger.

- -

Raphael Geissert opdagede, at rettelsen af -\ -CVE-2012-4523 var ufuldstændig, med ophav i -\ -CVE-2012-4566. Begge sårbarheder er rettet i forbindelse med denne -opdatering.

- -

Bemærk at rettelsen kan medføre, at Radsecproxy afviser nogle klienter, som i -øjeblikket (fejlagtigt) accepteres.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -1.4-1+squeeze1.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -1.6.2-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.6.2-1.

- -

Vi anbefaler at du opgraderer dine radsecproxy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2573.data" diff --git a/danish/security/2012/dsa-2574.wml b/danish/security/2012/dsa-2574.wml deleted file mode 100644 index 3f2b0c02b61..00000000000 --- a/danish/security/2012/dsa-2574.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="766162dbf110e6ce5d57c20aea63d6612079da5d" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i TYPO3, et indholdshåndteringssystem. -Opdateringen løser sårbarheder i forbindelse med udførelse af skripter på tværs -af websteder, SQL-indsprøjtning og informationsafsløring, svarende til -\ -TYPO3-CORE-SA-2012-005.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.3.9+dfsg1-1+squeeze7.

- -

I den ustabile distribution (sid), er dette problem rettet i version -4.5.19+dfsg1-4.

- -

Vi anbefaler at du opgraderer dine typo3-src-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2574.data" diff --git a/danish/security/2012/dsa-2575.wml b/danish/security/2012/dsa-2575.wml deleted file mode 100644 index 8b6d5e2559a..00000000000 --- a/danish/security/2012/dsa-2575.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="817974f9e13d91b474004228c623c9e15ac6043f" mindelta="1" -heapbaseret bufferoverløb - -

Man opdagede, at ppm2tiff fra TIFF tools, et værktøjssæt til redigering af -konvertering af TIFF-filer, ikke på korrekt vis kontrollerede returværdien fra -en intern funktion, der anvendes til at opdage heltalsoverløb. Som følge heraf -var ppm2tiff ramt af et heapbaseret bufferoverløb. Dermed var det potentielt -muligt for en angriber at udføre vilkårlig kode via et fabrikeret PPM-billede, -særligt under omstændigheder hvor billeder behandles automatisk.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.9.4-5+squeeze7.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -4.0.2-5.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2575.data" diff --git a/danish/security/2012/dsa-2576.wml b/danish/security/2012/dsa-2576.wml deleted file mode 100644 index 5d9d85151b2..00000000000 --- a/danish/security/2012/dsa-2576.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="4c87a5fb00178d9248b1c52fbf9964e8cdc2fd29" mindelta="1" -lammelsesangreb - -

Andy Lutomirski opdagede at tcsd (brugerrumsdæmonen TPM) manglede -inddatavalidering. Med anvendelse af omhyggeligt fremstillede inddata, kunne -det føre til et lammelsesangreb (denial of service) ved at få dæmonen til at gå -ned med en segmenteringsfejl.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.3.5-2+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -0.3.9-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.3.9-1.

- -

Vi anbefaler at du opgraderer dine trousers-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2576.data" diff --git a/danish/security/2012/dsa-2577.wml b/danish/security/2012/dsa-2577.wml deleted file mode 100644 index f55def955d8..00000000000 --- a/danish/security/2012/dsa-2577.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget af Florian Weimer og Xi Wang i libssh:

- -
    - -

  • - CVE-2012-4559: - flere fejl i forbindelse med dobbelt free() -

    • - -

  • - CVE-2012-4561: - flere fejl i forbindelse med ugyldig free() -

    • - -

  • - CVE-2012-4562: - flere ukorrekte overløbskontroller -

    • - -
- -

Disse fejl kunne medføre lammelsesangreb, ved at få en SSH-klient som er -linket til libssh, til at gå ned, samt måske endda udføre vilkårlig kode.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -0.4.5-3+squeeze1.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -0.5.3-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -0.5.3-1.

- -

Vi anbefaler at du opgraderer dine libssh-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2577.data" diff --git a/danish/security/2012/dsa-2578.wml b/danish/security/2012/dsa-2578.wml deleted file mode 100644 index abf7ffd49e5..00000000000 --- a/danish/security/2012/dsa-2578.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -utilstrækkelig filtrering af rsync-kommandolinje - -

James Clawson opdagede at rssh, en begrænset shell til OpenSSH som anvendes -med scp, sftp, rdist og cvs, ikke på korrekt vis filtrerede -kommandolinjeparametre. Det kunne anvendes til at gennemtvinge fjernudførelse -af skripter og dermed tillade udførelse af vilkårlige kommandoer. To CVE'er er -blevet tildelt:

- -
    - -
  • CVE-2012-2251 - -

    Ukorrekt filtrering af kommandolinjen når rsync-protokollen benyttes. - Det var for eksempel muligt at overføre farlige parametre efter en - ---switch. Understøttelse af rsync-protokollen er tilføjet i en - patch som er specifik for Debian (og Fedora/Red Hat), hvorfor sårbarheden - ikke påvirker opstrømsudviklerne.

    • - -
  • CVE-2012-2252 - -

    Ukorrekt filtrering af parameteret --rsh: Filteret der forhindrer - anvendelse af parameteret --rsh= forhindrede ikke overførsel af - --rsh. Sårbarheden påvirker opstrømskode.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.3.2-13squeeze3.

- -

I distributionen testing (wheezy), er dette problem rettet i version -2.3.3-6.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.3.3-6.

- -

Vi anbefaler at du opgraderer dine rssh-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2578.data" diff --git a/danish/security/2012/dsa-2579.wml b/danish/security/2012/dsa-2579.wml deleted file mode 100644 index 8d4aaa18808..00000000000 --- a/danish/security/2012/dsa-2579.wml +++ /dev/null @@ -1,50 +0,0 @@ -#use wml::debian::translation-check translation="c25132d79dab5dda5298236044fc2bd05968ef47" mindelta="1" -flere problemer - -

En sårbarhed er fundet i Apache HTTPD Server:

- -
    - -
  • CVE-2012-4557 - -

    En fejl blev fundet i sammenhæng med når mod_proxy_ajp forbindser sig til - en backendserver, der er for lang tid om at svare. Med en specifik - opsætning kunne en fjernangriber sende visse forespørgsler, og dermed få - backendserveren i en fejltilstand indtil retrytimeout'en udløb. Det kunne - medføre et midlertidigt lammelsesangreb.

    • - -
- -

Desuden indeholder denne opdatering også rettelse på serversiden af følgende -problem:

- -
    - -
  • CVE-2012-4929 - -

    Hvis man anvender SSL-/TLS-datakomprimering med HTTPS i en forbindelse - til en webbrowser, kunne manden i midten-angribere måske få adgang til - HTTP-headere i klartekst. Problemet er kendt som CRIME-angrebet. - Denne opdatering af apache2 deaktiverer som standard SSL-komprimering. En - ny SSLCompression-kommando er blevet tilbageført og kan anvendes til at - genaktivere SSL-datakomprimering i miljøer, hvor CRIME-angrebet ikke - udgør en risiko. For flere oplysninger, se - \ - dokumentationen af SSLCompression Directive.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -2.2.16-6+squeeze10.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -2.2.22-12.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2.2.22-12.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2579.data" diff --git a/danish/security/2012/dsa-2580.wml b/danish/security/2012/dsa-2580.wml deleted file mode 100644 index 4925ed2c481..00000000000 --- a/danish/security/2012/dsa-2580.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="6ab9750f5469f23d2833fd73171cc08cc9a94b15" mindelta="1" -bufferoverløb - -

Jueri Aedla opdagede et bufferoverløb i libxml-XML-biblioteket, hvilket kunne -medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.7.8.dfsg-2+squeeze6.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.8.0+dfsg1-7.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2580.data" diff --git a/danish/security/2012/dsa-2581.wml b/danish/security/2012/dsa-2581.wml deleted file mode 100644 index ec634f099e5..00000000000 --- a/danish/security/2012/dsa-2581.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne løses ved -at opgradere MySQL til en ny opstrømsversion, 5.1.66, som indeholder yderligere -ændringer, så som forbedringer af ydeevnen og rettelser af fejl i forbindelse -med datatab. Ændringerne er beskrevet i -\ -udgivelsesbemærkningerne til MySQL.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 5.5.28+dfsg-1.

- -

Desuden er \ -CVE-2012-5611 blevet rettet i forbindelse med opdateringen. Sårbarheden -(opdaget uafhængigt af Tomas Hoger fra Red Hat Security Response Team og -king cope) var et stakbaseret bufferoverløb i acl_get(), når brugeradgang -til en database blev kontrolleret. Med brug af et omhyggeligt fabrikeret -databasenavn, kunne en allerede autentificeret MySQL-bruger få serveren til at -gå ned eller endda udføre vilkårlig kode som systembrugeren mysql.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -5.1.66-0+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine mysql-5.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2581.data" diff --git a/danish/security/2012/dsa-2582.wml b/danish/security/2012/dsa-2582.wml deleted file mode 100644 index 9a45b56c4f9..00000000000 --- a/danish/security/2012/dsa-2582.wml +++ /dev/null @@ -1,113 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere lammelsesangrebssårbarheder (denial of service) blev opdaget i Xen -Hypervisor. Et af problemerne -(\ -CVE-2012-5513) kunne endda medføre rettighedsforøgelse fra gæst til -vært.

- -

Nogle af de nyligt udgivne Xen Security Advisories -(\ -XSA 25 og -\ -28) er ikke rettet i forbindelse med denne opdatering, og forventes rettet i -en senere udgivelse.

- -
    - -
  • CVE-2011-3131 - (XSA 5): - Lammelsesangreb vha. I/OMMU-fejl fra PCI-gennemstillingsgæst -

    En VM som kontrollerer en PCI[E]-enhed direkte, kunne få den til at - sende DMA-forespørgsler til ugyldige adresser. Selv om disse forespørgsler - afvises af I/OMMU, skal hypervisor'en håndtere interrupt'et og stryge fejlen - fra I/OMMU, og det kunne benyttes at live-låse en CPU samt potentielt få - værten til at hænge.

    • - -
  • CVE-2012-4535 - (XSA 20): - Lammelsesangrebssårbarhed pga. timeroverløb -

    En gæst, der opsætter en VCPU med en upassende deadline kunne forårsage - en uendelig løkke i Xen, hvilket uden tidsbegrænsning blokerede den - påvirkede fysiske CPU.

    • - -
  • CVE-2012-4537 - (XSA 22): - Lammelsesangrebssårbarhed pga. hukommelsesmapningsfejl -

    Når set_p2m_entry fejler, kan Xens interne datastrukturer (p2m- og - m2p-tabellerne) komme ud af synkronisering. Fejlen kunne udløses af - usædvanlig gæsteopførsel ved udnyttelse af den reserverede hukommelse til - p2m-tabellen. Hvis det sker, kunne efterfølgende gæsteaktiverede - hukommelseshandlinger medføre at Xen fejlene en assertion og gik - ned.

    • - -
  • CVE-2012-4538 - (XSA 23): - Lammelsesangrebssårbarhed pga. unhooking af tomme PAE-registreringer -

    Hypercall'et HVMOP_pagetable_dying kontrollerede ikke på korrekt vis den - kaldendes pagetable-tilstand, førende til et hypervisor-nedbrud.

    • - -
  • CVE-2012-4539 - (XSA 24): - Lammelsesangrebssårbarhed pga. uendelig løkke i grant table-hypercall -

    På grund af upassende gentaget brug af den samme variabel til kontrol af - en løkke, blev der overført forkerte parametre til - GNTTABOP_get_status_frames hvilket kunne forårsage en uendelig løkke i - compat hypercall-handler'en.

    • - -
  • CVE-2012-5510 - (XSA 26): - Korruptionssårbarhed i grant table-versionskiftsningsliste -

    Nedgradering af en gæsts grant table-version involverer frigivelse af - dens statussider. Frigivelsen var ikke komplet - siden/siderne blev - frigivet tilbage til allocator'en, men ikke fjernet fra domænets - sporingsliste. Det kunne medføre listekorruption, som med tiden førte til - et hypervisor-nedbrud.

    • - -
  • CVE-2012-5513 - (XSA 29): - XENMEM_exchange kunne overskrive hypervisor-hukommelse -

    Handler'en af XENMEM_exchanges gav adgang til gæstehukommelse uden at - grænsekontrollere gæstens leverede adresser, dermed kunne tilgangene medtage - et interval reserveret til hypervisor'en.

    -

    En ondsindet gæsts administrator kunne få Xen til at gå ned. Hvis - tilgang til adresserum uden for grænserne ikke medførte et nedbrud, kunne en - omhyggeligt fremstillet rettighedsforøgelse ikke udelukkes, selv om gæsten - ikke selv kontrollerede de skrevne værdier.

    • - -
  • CVE-2012-5514 - (XSA 30): - Defekt fejlhåndtering i guest_physmap_mark_populate_on_demand() -

    Før udførelse af sin egentlige handling, kontrollerer - guest_physmap_mark_populate_on_demand() hvorvidt emnets GFN'er - allerede er i brug eller ej. Hvis kontrollen fejlede, ville koden udskrive - en fejlmeddelelse og omgå gfn_unlock() svarende til gfn_lock() udført før - løkken begyndte. En ondsindet gæsts administrator kunne derefter benytte - fejlen til at få Xen til at hænge.

    • - -
  • CVE-2012-5515 - (XSA 31): - Flere hukommelses-hypercall-handlinger tillod ugyldige extent order-værdier -

    Tilladelse af vilkårlige extent_order-inddataværder i - XENMEM_decrease_reservation, XENMEM_populate_physmap og XENMEM_exchange - kunne forårsage at der blev brugt vilkårlig lang tid i løkker, uden at give - vital anden kode mulighed for at blive udført. Det kunne også medføre en - inkonsistent ved afslutningen af disse hypercalls.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -4.0.1-5.5.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -4.1.3-6.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -4.1.3-6.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2582.data" diff --git a/danish/security/2012/dsa-2583.wml b/danish/security/2012/dsa-2583.wml deleted file mode 100644 index 5142d278548..00000000000 --- a/danish/security/2012/dsa-2583.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er fundet i Iceweasel, Debians webbrowser baseret på -Mozilla Firefox:

- -
    - -
  • CVE-2012-5829 - -

    Et heapbaseret bufferoverløb i funktionen nsWindow::OnExposeEvent, kunne - gøre det muligt for fjernangribere at udføre vilkårlig kode.

    • - -
  • CVE-2012-5842 - -

    Flere ikke-angivne sårbarheder i browsermaskinen kunne gøre det muligt - for fjernangribere at forårsage et lammelsesangreb (denial of service; - hukommelseskorruption og applikationsnedbrud) eller muligvis udføre - vilkårlig kode.

    • - -
  • CVE-2012-4207 - -

    Implementeringen af tegnsættet HZ-GB-2312 håndterede ikke på korrekt vis - et tildetegn (~) tæt på en chunk-afgrænsning, hvilket gjorde det muligt for - fjernangribere at udføre skripter på tværs af websteder (XSS) via et - fabrikeret dokument.

    • - -
  • CVE-2012-4201 - -

    Implementeringen af evalInSandbox anvendte en forkert kontekst under - håndteringen af JavaScript-kode, som opsætter egenskaben location.href, - hvilket gjorde det muligt for fjernangribere at udføre skripter på tværs af - websteder (XSS) eller læse vilkårlige filer ved at udnytte en add-on i en - sandkasse.

    • - -
  • CVE-2012-4216 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse i funktionen - gfxFont::GetFontEntry, gjorde det muligt for fjernangribere at udføre - vilkårlig kode eller forårsage et lammelsesangreb (korruption af - heaphukommelse) via ikke-angivne angrebsvinkler.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.5.16-20.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -10.0.11esr-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -10.0.11esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2583.data" diff --git a/danish/security/2012/dsa-2584.wml b/danish/security/2012/dsa-2584.wml deleted file mode 100644 index 150c79e22fc..00000000000 --- a/danish/security/2012/dsa-2584.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Iceape, Debians internetsuite baseret på -Mozilla Seamonkey:

- -
    - -
  • CVE-2012-5829 - -

    Et heapbaseret bufferoverløb i funktionen nsWindow::OnExposeEvent, kunne - gøre det muligt for fjernangribere at udføre vilkårlig kode.

    • - -
  • CVE-2012-5842 - -

    Flere ikke-angivne sårbarheder i browsermaskinen kunne gøre det muligt - for fjernangribere at forårsage et lammelsesangreb (denial of service; - hukommelseskorruption og applikationsnedbrud) eller muligvis udføre - vilkårlig kode.

    • - -
  • CVE-2012-4207 - -

    Implementeringen af tegnsættet HZ-GB-2312 håndterede ikke på korrekt vis - et tildetegn (~) tæt på en chunk-afgrænsning, hvilket gjorde det muligt for - fjernangribere at udføre skripter på tværs af websteder (XSS) via et - fabrikeret dokument.

    • - -
  • CVE-2012-4201 - -

    Implementeringen af evalInSandbox anvendte en forkert kontekst under - håndteringen af JavaScript-kode, som opsætter egenskaben location.href, - hvilket gjorde det muligt for fjernangribere at udføre skripter på tværs af - websteder (XSS) eller læse vilkårlige filer ved at udnytte en add-on i en - sandkasse.

    • - -
  • CVE-2012-4216 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse i funktionen - gfxFont::GetFontEntry, gjorde det muligt for fjernangribere at udføre - vilkårlig kode eller forårsage et lammelsesangreb (korruption af - heaphukommelse) via ikke-angivne angrebsvinkler.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -2.0.11-17.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -2.7.11-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2.7.11-1.

- -

Vi anbefaler at du opgraderer dine iceape-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2584.data" diff --git a/danish/security/2012/dsa-2585.wml b/danish/security/2012/dsa-2585.wml deleted file mode 100644 index 44bdd24b4b9..00000000000 --- a/danish/security/2012/dsa-2585.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="ebd60a0bed0ff6b760916c52463770741c41da7e" mindelta="1" -bufferoverløb - -

Et heapbaseret bufferoverløb blev opdaget i bogofilter, en programpakke til -klassifikation af mail som spam eller ikke-spam. Fabrikerede mails med ugyldig -base64-data kunne føre til heapkorruption og potentielt udførelse af vilkårlig -kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.2.2-2+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 1.2.2+dfsg1-2.

- -

Vi anbefaler at du opgraderer dine bogofilter-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2585.data" diff --git a/danish/security/2012/dsa-2586.wml b/danish/security/2012/dsa-2586.wml deleted file mode 100644 index a07f29681d7..00000000000 --- a/danish/security/2012/dsa-2586.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sårbarheder blev opdaget i implementeringen af programmeringssproget -Perl:

- -
    - -
  • CVE-2012-5195 - -

    Operatoren x kunne forårsage, at Perl-fortolkeren gik ned, hvis - meget lange strenge blev oprettet.

    • - -
  • CVE-2012-5526 - -

    CGI-modulet indkapslede ikke på korrekt vis LF-tegn i Set-Cookie- og - P3P-headere.

    • - -
- -

Desuden tilføjer denne opdatering en advarsel til Storable-dokumentationen, -om at pakken ikke er velegnet til deserialisering af data, der ikke er tillid -til.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -5.10.1-17squeeze4.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -5.14.2-16.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2586.data" diff --git a/danish/security/2012/dsa-2587.wml b/danish/security/2012/dsa-2587.wml deleted file mode 100644 index 896d839ad6d..00000000000 --- a/danish/security/2012/dsa-2587.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="668665228916b41f11148b3119f511999e65c608" mindelta="1" -HTTP-headerindsprøjtning - -

Man opdagede at Perl-CGI-modul ikke på korrekt vis filtrerede LF-tegn i -Set-Cookie- og P3P-headere, hvilket potentielt gjorde det muligt for angribere -at indsprøjte HTTP-headere.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.49-1squeeze2.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.61-2.

- -

Vi anbefaler at du opgraderer dine libcgi-pm-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2587.data" diff --git a/danish/security/2012/dsa-2588.wml b/danish/security/2012/dsa-2588.wml deleted file mode 100644 index 5cd3258386e..00000000000 --- a/danish/security/2012/dsa-2588.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Icedove, Debians udgave af mail- og -newsklienten Mozilla Thunderbird.

- -
    - -
  • CVE-2012-4201 - -

    Implementeringen af evalInSandbox anvendte en forkert kontekst under - håndteringen af JavaScript-kode, som opsætter egenskaben location.href, - hvilket gjorde det muligt for fjernangribere at udføre skripter på tværs af - websteder (XSS) eller læse vilkårlige filer ved at udnytte en add-on i en - sandkasse.

    • - -
  • CVE-2012-4207 - -

    Implementeringen af tegnsættet HZ-GB-2312 håndterede ikke på korrekt vis - et tildetegn (~) tæt på en chunk-afgrænsning, hvilket gjorde det muligt for - fjernangribere at udføre skripter på tværs af websteder (XSS) via et - fabrikeret dokument.

    • - -
  • CVE-2012-4216 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse i funktionen - gfxFont::GetFontEntry, gjorde det muligt for fjernangribere at udføre - vilkårlig kode eller forårsage et lammelsesangreb (korruption af - heaphukommelse) via ikke-angivne angrebsvinkler.

    • - -
  • CVE-2012-5829 - -

    Et heapbaseret bufferoverløb i funktionen nsWindow::OnExposeEvent, kunne - gøre det muligt for fjernangribere at udføre vilkårlig kode.

    • - -
  • CVE-2012-5842 - -

    Flere ikke-angivne sårbarheder i browsermaskinen kunne gøre det muligt - for fjernangribere at forårsage et lammelsesangreb (denial of service; - hukommelseskorruption og applikationsnedbrud) eller muligvis udføre - vilkårlig kode.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -3.0.11-1+squeeze15.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -10.0.11-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2588.data" diff --git a/danish/security/2012/dsa-2589.wml b/danish/security/2012/dsa-2589.wml deleted file mode 100644 index db2f440881d..00000000000 --- a/danish/security/2012/dsa-2589.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="8e702f5aae758a7e91b19fe406788d61efbfdad5" mindelta="1" -bufferoverløb - -

Tiff-biblioteket til håndtering af TIFF-billedfiler indeholdt et stakbaseret -bufferoverløb, som potentielt kunne gøre det muligt for fjernangribere, der kan -sende sådanne filer til et sårbart system, at udføre vilkårlig kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.9.4-5+squeeze8.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 4.0.2-1 af tiff-pakken, og i version 3.9.6-10 af -tiff3-pakken.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2589.data" diff --git a/danish/security/2012/dsa-2590.wml b/danish/security/2012/dsa-2590.wml deleted file mode 100644 index 73ec31af3b4..00000000000 --- a/danish/security/2012/dsa-2590.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="8bfcc81ad0e80ae51eeb1e6bbc24cac0a1b6fe65" mindelta="1" -flere sårbarheder - -

Bjorn Mork og Laurent Butti opdagede nedbrud i PPP- og RTPS2-dissektorerne, -hvilket potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -1.2.11-6+squeeze8.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.8.2-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2590.data" diff --git a/danish/security/2012/dsa-2591.wml b/danish/security/2012/dsa-2591.wml deleted file mode 100644 index 22bda261946..00000000000 --- a/danish/security/2012/dsa-2591.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="82cb6cb596d6e698b405c3c760c6e0517a733f7b" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer blev opdaget i Mahara, et portfolio-, weblog- og -CV-program, hvilke kunne føre til udførelse af skripter på tværs af websteder, -klikjacking og udførelse af vilkårlige filer.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -1.2.6-2+squeeze6.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.5.1-3.1.

- -

Vi anbefaler at du opgraderer dine mahara-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2591.data" diff --git a/danish/security/2012/dsa-2592.wml b/danish/security/2012/dsa-2592.wml deleted file mode 100644 index eae05d3c07d..00000000000 --- a/danish/security/2012/dsa-2592.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="aa8a996da32a4b62257e6df690fb90aabee35efd" mindelta="1" -programmeringsfejl - -

Marko Myllynen opdagede at ELinks, en avanceret teksttilstandswebbrowser, på -ukorrekt vis delegerede brugeroplysninger under GSS-Negotiate.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.12~pre5-2+squeeze1. Siden den oprindelige udgivelse af Squeeze, har det været -nødvendigt at opdatere XULRunner og den aktuelle version i arkivet er ikke -kompatibel med ELinks. Derfor var det nødvendigt at deaktivere understøttelse -af JavaScript (der var også kun understøttet en lille del af den typiske -funktionalitet). Det vil formentlig blive genaktiveret i en senere -punktopdatering.

- -

I distributionen testing (wheezy), er dette problem rettet i version -0.12~pre5-9.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.12~pre5-9.

- -

Vi anbefaler at du opgraderer dine elinks-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2592.data" diff --git a/danish/security/2012/dsa-2593.wml b/danish/security/2012/dsa-2593.wml deleted file mode 100644 index b02942fd778..00000000000 --- a/danish/security/2012/dsa-2593.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="cb1e0f564c0d29ad3c043c0e20c20161e8b1cbd6" mindelta="1" -flere sårbarheder - -

Man opdagede at manglende fornuftighedskontrol af inddata i handlingerne -twikidraw og anywikidraw kunne medføre udførelse af vilkårlig kode. -Sikkerhedsproblemet udnyttes aktivt.

- -

Opdaterer løser også en mappegennemløbsfejl i AttachFile.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.9.3-1+squeeze4.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.9.5-4.

- -

Vi anbefaler at du opgraderer dine moin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2593.data" diff --git a/danish/security/2012/dsa-2594.wml b/danish/security/2012/dsa-2594.wml deleted file mode 100644 index 1848db5e839..00000000000 --- a/danish/security/2012/dsa-2594.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="2b07f2bc75a1af264c227154b2835d0f425b6dca" mindelta="1" -programmeringsfejl - -

halfdog opdagede at ukorrekt interrupthåndtering i VirtualBox, en -x86-virtualiseringsløsning, kunne føres til lammelsesangreb (denial of -service).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.2.10-dfsg-1+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 4.1.18-dfsg-1.1 af kildekodepakken -virtualbox.

- -

Vi anbefaler at du opgraderer dine virtualbox-ose-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2594.data" diff --git a/danish/security/2012/dsa-2595.wml b/danish/security/2012/dsa-2595.wml deleted file mode 100644 index 9477b7d7dc0..00000000000 --- a/danish/security/2012/dsa-2595.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="196396cc6c6459b185cb38b0a7db3c4b6163dd50" mindelta="1" -heltalsoverløb - -

Marc Schoenefeld opdagede at et heltalsoverløb i ICC-fortolkningskoden i -Ghostscript kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -8.71~dfsg2-9+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -9.05~dfsg-6.1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -9.05~dfsg-6.1.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2595.data" diff --git a/danish/security/2012/dsa-2596.wml b/danish/security/2012/dsa-2596.wml deleted file mode 100644 index d2a13abdfc0..00000000000 --- a/danish/security/2012/dsa-2596.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="7b496f5005547f471a669635da8e4ca018706c62" mindelta="1" -udførelse af skripter på tværs af websteder - -

Thorsten Glaser opdagede at RSSReader-udvidelsen til MediaWiki, en -webstedsmaskine til samarbejdsprojekter, ikke på korrekt vis indkapslede tags i -feeds. Det kunne gøre det muligt for et ondsindet feed at sprøjte JavaScript -ind i MediaWiki-sider.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.3squeeze2.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.11.

- -

Vi anbefaler at du opgraderer dine mediawiki-extensions-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2012/dsa-2596.data" diff --git a/danish/security/2012/index.wml b/danish/security/2012/index.wml deleted file mode 100644 index 4216bf26e8f..00000000000 --- a/danish/security/2012/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2012 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2012', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2013/Makefile b/danish/security/2013/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2013/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2013/dsa-2597.wml b/danish/security/2013/dsa-2597.wml deleted file mode 100644 index a9d8055055d..00000000000 --- a/danish/security/2013/dsa-2597.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="349785ad5458f20aa8440cd4ce811d1d37e2b184" mindelta="1" -inddatavalideringsfejl - -

joernchen fra Phenoelit opdagede at rails, et MVC-rubybaseret framework -rettet mod udvikling af webapplikationer, ikke på korrekt vis håndterede -brugerleverede inddata til find_by_*-metoder. Afhængigt af hvordan ruby -on rails-applikatiohner benytter disse metoder, var det muligt for en angriber -at udføre SQL-indsprøjtningsangreb, eksempelvis omgåelse af autentifikation, -hvis Authlogic benyttes og der er et kendt, hemmeligt sessiontoken.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.3.5-1.2+squeeze4.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -ruby-activerecord-2.3 version 2.3.14-3.

- -

Vi anbefaler at du opgraderer dine rails/ruby-activerecord-2.3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2597.data" diff --git a/danish/security/2013/dsa-2598.wml b/danish/security/2013/dsa-2598.wml deleted file mode 100644 index eb5a07bb437..00000000000 --- a/danish/security/2013/dsa-2598.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sikkerhedsproblemer blev opdaget i WeeChat, en hurtig, let og udvidbar -chatklient:

- -
    - -
  • CVE-2011-1428 - -

    X.509-certificater blev valideret på ukorrekt vis.

    • - -
  • CVE-2012-5534 - -

    Funktionen hook_process i plugin-API'et gjorde det muligt at udføre - vilkårlige shell-kommandoer.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -0.3.2-1+squeeze1.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -0.3.8-1+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -0.3.9.2-1.

- -

Vi anbefaler at du opgraderer dine weechat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2598.data" diff --git a/danish/security/2013/dsa-2599.wml b/danish/security/2013/dsa-2599.wml deleted file mode 100644 index cbf7d5e0fe7..00000000000 --- a/danish/security/2013/dsa-2599.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="988dae14809fe862d5712bb104b862404fd43885" mindelta="1" -fejludgivne formidlede certifikater - -

Google, Inc. opdagede at certifikatmyndigheden TurkTrust indholdt i Network -Security Service-bibliotekerne (nss) fejludgav two formidlede CA'er, der kunne -anvendes til at genererre ondsindede end-entity-certifikater. Denne opdatering -har eksplicit mistro til de to formidlede CA'er. TurkTrusts to eksisterende -rod-CA'er er stadig aktive.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.12.8-1+squeeze6.

- -

I distributionen testing (wheezy), er dette problem rettet i version -2:3.13.6-2.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2:3.14.1.with.ckbi.1.93-1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2599.data" diff --git a/danish/security/2013/dsa-2600.wml b/danish/security/2013/dsa-2600.wml deleted file mode 100644 index 2f70630d0e1..00000000000 --- a/danish/security/2013/dsa-2600.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="6d1691ee39a60573b90940b3195da572558a024f" mindelta="1" -rettighedsforøgelse - -

Jann Horn opdagede at brugere af CUPS-udskriftssystemet, som er en del af -lpadmin-gruppen, kunne ændre flere opsætningsparametre med sikkerhedsfølger. -Specifikt var det muligt for en angriber at læse eller skrive vilkårlige filer -som root, hvilket kunne benyttes til at forøge rettigheder.

- -

Opdateringen opdeler opsætningsfilen /etc/cups/cupsd.conf i to filer: -cupsd.conf og cups-files.conf. Mens den førstnævnte forbliver konfigurerbar -via webgrænsefladen, vil den sidstnævnte kun kunne opsættes af root-brugeren. -Se den opdaterede dokumentation, som følger med de nye pakker, for flere -oplysninger om filerne.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.4.4-7+squeeze2.

- -

I distributionen testing (wheezy), er dette problem rettet i version -1.5.3-2.7.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.5.3-2.7.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2600.data" diff --git a/danish/security/2013/dsa-2601.wml b/danish/security/2013/dsa-2601.wml deleted file mode 100644 index eb1f43f079e..00000000000 --- a/danish/security/2013/dsa-2601.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b0f5083d462c0966be7495822eb88a13496facc4" mindelta="1" -manglende fornuftighedskontrol af inddata - -

KB Sriram opdagede at GnuPG, GNU Privacy Guard, ikke på tilstrækkelig vis -fornuftighedskontrollerede offentlige nøgler ved import, hvilket kunne føre til -hukommelses- og nøgleringskorruption.

- -

Problemer påvirker både version 1, i pakken gnupg, og version 2, i -pakken gnupg2.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.4.10-4+squeeze1 af gnupg og i version 2.0.14-2+squeeze1 af gnupg2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -dette problem rettet i version 1.4.12-7 af gnupg og i version 2.0.19-2 af -gnupg2.

- -

Vi anbefaler at du opgraderer dine gnupg and/or gnupg2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2601.data" diff --git a/danish/security/2013/dsa-2602.wml b/danish/security/2013/dsa-2602.wml deleted file mode 100644 index 2c50bfb7900..00000000000 --- a/danish/security/2013/dsa-2602.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="dab56055ad33031be3b29312fafe0981bd2bfca4" mindelta="1" -medtagelse af ekstern XML-entitet - -

Yury Dyachenko opdagede at Zend Framework anvendte PHP XML-fortolkeren på en -usikker måde, hvilket gjorde det muligt for angribere at åbne filer og udløse -HTTP-forespørgsler, potentielt med tilgang til adgangsbegrænsede -oplysninger.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.10.6-1squeeze2.

- -

I distributionen testing (wheezy), er dette problem rettet i version -1.11.13-1.1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.11.13-1.1.

- -

Vi anbefaler at du opgraderer dine zendframework-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2602.data" diff --git a/danish/security/2013/dsa-2603.wml b/danish/security/2013/dsa-2603.wml deleted file mode 100644 index e543b31fbc6..00000000000 --- a/danish/security/2013/dsa-2603.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="a95da6962d8c0b014ba4c4230560924ecae8f63a" mindelta="1" -programmeringsfejl - -

Paul Ling opdagede at Emacs på utilstrækkelig vis begrænsede evaluering af -Lisp-kode, hvis enable-local-variables var sat til safe.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -23.2+1-7+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -23.4+1-4.

- -

I den ustabile distribution (sid), er dette problem rettet i version -23.4+1-4.

- -

Vi anbefaler at du opgraderer dine emacs23-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2603.data" diff --git a/danish/security/2013/dsa-2604.wml b/danish/security/2013/dsa-2604.wml deleted file mode 100644 index 6b9b5d9a4cd..00000000000 --- a/danish/security/2013/dsa-2604.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="11b7e314b8e976a70a428aebe62ca48c5b9d1458" mindelta="1" -utilstrækkelig validering af inddata - -

Man opdagede at Rails, Rubys framework til udvikling af webapplikationer, -udførte utilstrækkelig validering af inddataparametre, hvilket muliggjorde -utilsigtede typekonverteringer. En angriber kunne måske udnytte det til at -omgå autentificeringssystemer, indsprøjte vilkårligt SQL, indsprøjte og udføre -vilkårlig kode eller udføre et lammelsesangreb (DoS) mod applikationen.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.3.5-1.2+squeeze4.1.

- -

I distributionen testing (wheezy) and ustabile distribution (sid), vil dette -problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2604.data" diff --git a/danish/security/2013/dsa-2605.wml b/danish/security/2013/dsa-2605.wml deleted file mode 100644 index d16aeeff426..00000000000 --- a/danish/security/2013/dsa-2605.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="519619946ecfefd74bdbe5fbce38280e7ddb1673" mindelta="1" -flere problemer - -

Flere sårbarheder blev opdaget i Asterisk, et værktøjssæt til PBX og -telefoni, som gjorde det muligt for fjernangribere at iværksætte lammelsesangreb -(denial of service).

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -1:1.6.2.9-2+squeeze10.

- -

I distributionen testing (wheezy) and ustabile distribution (sid), vil disse -problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2605.data" diff --git a/danish/security/2013/dsa-2606.wml b/danish/security/2013/dsa-2606.wml deleted file mode 100644 index 9992c5218ae..00000000000 --- a/danish/security/2013/dsa-2606.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="0be1d5fe4650b48be8f90b920e601837c64b26b6" mindelta="1" -symlink-kapløb - -

Man opdagede at i ProFTPd, en ftp-server, kunne en angriber på den samme -fysiske vært som serveren, måske være i stand til at udføre et symlink-angreb, -som gjorde det muligt at forøge rettigheder i nogle opsætninger.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.3.3a-6squeeze6.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.3.4a-3.

- -

Vi anbefaler at du opgraderer dine proftpd-dfsg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2606.data" diff --git a/danish/security/2013/dsa-2607.wml b/danish/security/2013/dsa-2607.wml deleted file mode 100644 index a1e7b66a1ad..00000000000 --- a/danish/security/2013/dsa-2607.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="48dbc7d22248968c34f0f185db074726dc661a08" mindelta="1" -bufferoverløb - -

Man opdagede at QEMU's kode til emulering af e1000, ikke håndhævede -begrænsninger på framestørrelser på samme måde som hardwaren gør det. Det kunne -udløse et bufferoverløb i gæstestyresystemets driver til det netværkskort, -forudsat at værten ikke smider sådanne frames væk (hvilket den gør som -standard).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.12.5+dfsg-5+squeeze10.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.1.2+dfsg-4.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2607.data" diff --git a/danish/security/2013/dsa-2608.wml b/danish/security/2013/dsa-2608.wml deleted file mode 100644 index 2623c2f73e4..00000000000 --- a/danish/security/2013/dsa-2608.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="295e27bfbf83a396f5819cfd6ea657627a116be2" mindelta="1" -bufferoverløb - -

Man opdagede at QEMU's kode til emulering af e1000, ikke håndhævede -begrænsninger på framestørrelser på samme måde som hardwaren gør det. Det kunne -udløse et bufferoverløb i gæstestyresystemets driver til det netværkskort, -forudsat at værten ikke smider sådanne frames væk (hvilket den gør som -standard).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -0.12.5+dfsg-3squeeze3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.1.2+dfsg-4.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2608.data" diff --git a/danish/security/2013/dsa-2609.wml b/danish/security/2013/dsa-2609.wml deleted file mode 100644 index d94cd04917e..00000000000 --- a/danish/security/2013/dsa-2609.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="6b2ae509dd414b5e3130759951594b529714d704" mindelta="1" -manipulering af SQL-forespørgsel - -

En fortolkningskonflikt kunne medføre at komponenten Active Record i Rails, -et webframework til programmeringssproget Ruby, forkortede forespørgsler på -uventede måder. Dermed kunne det være muligt for angribere at forøge deres -rettigheder.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.3.5-1.2+squeeze5.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2609.data" diff --git a/danish/security/2013/dsa-2610.wml b/danish/security/2013/dsa-2610.wml deleted file mode 100644 index bbe8788f4de..00000000000 --- a/danish/security/2013/dsa-2610.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="bf2f4b36f5e3f8a7ff08126ea864e77e4c7cf595" mindelta="1" -udførelse af vilkårligt skript - -

Utilstrækkelig fornuftighedskontrol af inddata i Ganglia, et webbaseret -overvågningssystem, kunne føre til fjernudførelse af PHP-skript med -rettighederne hørende til brugeren, der kører webserveren.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.1.7-1+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -3.3.8-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.3.8-1.

- -

Vi anbefaler at du opgraderer dine ganglia-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2610.data" diff --git a/danish/security/2013/dsa-2611.wml b/danish/security/2013/dsa-2611.wml deleted file mode 100644 index 9988cf267fc..00000000000 --- a/danish/security/2013/dsa-2611.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="ba0a2b889c3604b8975c4b2280c832c913484fd0" mindelta="1" -flere sårbarheder - -

En problem med fornuftighedskontrol af inddata blev fundet i -opgraderingsfunktionerne i movabletype-opensource, en webbaseret -udgivelsesplatform. Med benyttelse af omhyggeligt fabrikerede forespørgsler -til filen mt-upgrade.cgi, var det muligt at indsprøjte styresystemskommandoer -og SQL-forespørgsler.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -4.3.8+dfsg-0+squeeze3.

- -

I distributionen testing (wheezy), er dette problem rettet i version -5.1.2+dfsg-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -5.1.2+dfsg-1.

- -

Vi anbefaler at du opgraderer dine movabletype-opensource-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2611.data" diff --git a/danish/security/2013/dsa-2612.wml b/danish/security/2013/dsa-2612.wml deleted file mode 100644 index c231bbeea53..00000000000 --- a/danish/security/2013/dsa-2612.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="089608a29e74aca609c82c95f3d318a94d38a00d" mindelta="1" -programmeringsfejl - -

Man opdagede en fejl i ircd-ratbox' kode til serverkapabilitetsforhandling, -hvilket kunne medføre et lammelsesangreb (denial of service).

- -

I den stabile distribution (squeeze), er dette problem rettet i version -3.0.6.dfsg-2+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -3.0.7.dfsg-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.0.7.dfsg-3.

- -

Vi anbefaler at du opgraderer dine ircd-ratbox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2612.data" diff --git a/danish/security/2013/dsa-2613.wml b/danish/security/2013/dsa-2613.wml deleted file mode 100644 index 5aad67b14d5..00000000000 --- a/danish/security/2013/dsa-2613.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="addb5cdb52b8bf6cef92798300e2135a462ab39a" mindelta="1" -utilstrækkelig validering af inddata - -

Lawrence Pit opdagede at Ruby on Rails, et webudviklingsframenwork, var -sårbart over for en fejl i fortolkningen af JSON til YAML. Ved hjælp af en -særligt fremstillet payload, kunne angribere narre backend'en til at dekode en -delmængde af YAML.

- -

Sårbarheden blev løst ved at fjerne YAML-backend'en og tilføjelse af -OkJson-backend'en.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.3.5-1.2+squeeze6.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.3.14-6 af pakken ruby-activesupport-2.3.

- -

3.2-versionen af rails, som man finder i Debian wheezy og sid, er ikke -påvirket af dette problem.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2613.data" diff --git a/danish/security/2013/dsa-2614.wml b/danish/security/2013/dsa-2614.wml deleted file mode 100644 index 89c55b6f013..00000000000 --- a/danish/security/2013/dsa-2614.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="a7beacc3f272e7df58752ca5c7c030bbb07dd2fe" mindelta="1" -flere sårbarheder - -

Flere stakbaserede bufferoverløb blev opdaget i libupnp, et bibliotek til -håndtering af protokollen Universal Plug and Play. HD Moore fra Rapid7 opdagede -at SSDP-forespørgsler ikke blev håndteret korrekt af funktionen -unique_service_name().

- -

En angriber, som sendte omhyggeligt fabrikerede SSDP-forespørgsler til en -dæmon bygget på libupnp, kunne medføre et bufferoverløb, som overskrev stakken, -hvlket føte til at dæmonen gik ned og muligvis fjernudførte kode.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 1:1.6.6-5+squeeze1.

- -

I distributionen testing (wheezy), er disse problemer rettet i -version 1:1.6.17-1.2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:1.6.17-1.2.

- -

Vi anbefaler at du opgraderer dine libupnp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2614.data" diff --git a/danish/security/2013/dsa-2615.wml b/danish/security/2013/dsa-2615.wml deleted file mode 100644 index 404fa8fd27e..00000000000 --- a/danish/security/2013/dsa-2615.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="088e040ce6038d6d3f669175ef7e7ee3c2006aeb" mindelta="1" -flere sårbarheder - -

Flere stakbaserede bufferoverløb blev opdaget i libupnp4, et bibliotek til -håndtering af protokollen Universal Plug and Play. HD Moore fra Rapid7 opdagede -at SSDP-forespørgsler ikke blev håndteret korrekt af funktionen -unique_service_name().

- -

En angriber, som sendte omhyggeligt fabrikerede SSDP-forespørgsler til en -dæmon bygget på libupnp, kunne medføre et bufferoverløb, som overskrev stakken, -hvlket føte til at dæmonen gik ned og muligvis fjernudførte kode.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 1.8.0~svn20100507-1+squeeze1.

- -

I distributionen testing (wheezy), er disse problemer rettet i -version 1.8.0~svn20100507-1.2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.8.0~svn20100507-1.2.

- -

Vi anbefaler at du opgraderer dine libupnp4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2615.data" diff --git a/danish/security/2013/dsa-2616.wml b/danish/security/2013/dsa-2616.wml deleted file mode 100644 index 2a700276e39..00000000000 --- a/danish/security/2013/dsa-2616.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="a98446aaf3adc90dfad1357c7ee75b911b6a90c3" mindelta="1" -bufferoverløb i CGI-skripter - -

Et bufferoverløbsproblem er opdaget i nagios3, et system til overvågning og -håndtering af værter/tjenester/netværk. En ondsindet klient kunne fabrikere en -forespørgsel til history.cgi og forårsage applikationsnedbrud.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3.2.1-2+squeeze1.

- -

I distributionen testing (wheezy), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.4.1-3.

- -

Vi anbefaler at du opgraderer dine nagios3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2616.data" diff --git a/danish/security/2013/dsa-2617.wml b/danish/security/2013/dsa-2617.wml deleted file mode 100644 index 32357a1a111..00000000000 --- a/danish/security/2013/dsa-2617.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere problemer - -

Jann Horn rapporterede om to sårbarheder i Samba, en populære programsamling -der virker på tværs af platforme til deling af filer og printere. Sårbarhederne -påvirker i særdeleshed SWAT, Samba Web Administration Tool.

- -
    - -
  • \ - CVE-2013-0213: Clickjacking-problem i SWAT - -

    En angriber kunne integrere en SWAT-side i en ondsindet webside via en - frame eller iframe og dernæst lade andet indhold ligge ind over den. Hvis - en autentificeret gyldig bruger tilgik den ondsindede side, kunne - vedkommende utilstigtet måske udføre ændringer af Sambas - indstillinger.

    • - -
  • \ - CVE-2013-0214: Potentiel forespørgselsforfalskning på tværs af websteder - -

    En angriber kunne overtale en gyldig SWAT-bruger, der er logget ind som - root, til at klikke på et ondsindet link og udløse vilkårlige utilsigtede - ændringer af Sambas indstillinger. For at være sårbar, skal angriberen - kende offerets adgangskode.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 2:3.5.6~dfsg-3squeeze9.

- -

I distributionen testing (wheezy), er disse problemer rettet i -version 2:3.6.6-5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2:3.6.6-5.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2617.data" diff --git a/danish/security/2013/dsa-2618.wml b/danish/security/2013/dsa-2618.wml deleted file mode 100644 index f8cf3cec847..00000000000 --- a/danish/security/2013/dsa-2618.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a8914697e978e3e81b376de4a364ab44f464804b" mindelta="1" -lammelsesangreb - -

Bob Nomnomnom rapporterede om en lammelsesangrebssårbarhed (denial of -service) i IRCD-Hybrid, en Internet Relay Chat-server. En fjernangriber kunne -udnytte en fejl i maskevalideringen til at få serveren til at gå ned.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:1:7.2.2.dfsg.2-6.2+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 1:7.2.2.dfsg.2-10.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:7.2.2.dfsg.2-10.

- -

Vi anbefaler at du opgraderer dine ircd-hybrid-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2618.data" diff --git a/danish/security/2013/dsa-2619.wml b/danish/security/2013/dsa-2619.wml deleted file mode 100644 index 5fa68c1bf62..00000000000 --- a/danish/security/2013/dsa-2619.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="032eb0ad8a338a9fb3d8f31ba5571271e9901414" mindelta="1" -bufferoverløb - -

Et bufferoverløb blev fundet i e1000-emuleringen, hvilket kunne blive udløst -når der blev behandlet jumbo-frames.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 4.0.1-2+squeeze3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.1.3-8 of the xen source package.

- -

Vi anbefaler at du opgraderer dine xen-qemu-dm-4.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2619.data" diff --git a/danish/security/2013/dsa-2620.wml b/danish/security/2013/dsa-2620.wml deleted file mode 100644 index c356925a692..00000000000 --- a/danish/security/2013/dsa-2620.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sårbarheder blev opdaget i Ruby on Rails, et Ruby-framework til udvikling -af webapplikationer.

- -
    - -
  • CVE-2013-0276 - -

    Sortlisten som leveres af metoden attr_protected kunne omgås med - fabrikerede forespørgsler, med applikationsspecifikke følger.

    • - -
  • CVE-2013-0277 - -

    I nogle applikationer, kunne hjælperen +serialize+ i ActiveRecord narres - til at deserialisere vilkårlige YAML-data, muligvis førende til - fjernudførelse af kode.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet -i version 2.3.5-1.2+squeeze7.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2620.data" diff --git a/danish/security/2013/dsa-2621.wml b/danish/security/2013/dsa-2621.wml deleted file mode 100644 index be0220b02d2..00000000000 --- a/danish/security/2013/dsa-2621.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev fundet i OpenSSL. Projektet Common Vulnerabilities -and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2013-0166 - -

    OpenSSL håndterede ikke på korrekt vis signaturvalidering ved OCSP-svar, - hvilket gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - (denial of service) ved hjælp af en ugyldig nøgle.

    • - -
  • CVE-2013-0169 - -

    Der blev fundet et timingsidekanalsangreb i CBC-padding, som gjorde det - muligt for en angriber at få fat i dele af klartekst gennem statistisk - analyse af fabrikerede pakker, kendt som Lucky Thirteen-problemet - (heldige tretten-problemet).

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 0.9.8o-4squeeze14.

- -

I distributionen testing (wheezy), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.1e-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2621.data" diff --git a/danish/security/2013/dsa-2622.wml b/danish/security/2013/dsa-2622.wml deleted file mode 100644 index be76f3bdd3a..00000000000 --- a/danish/security/2013/dsa-2622.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev fundet i PolarSSL. Projektet Common Vulnerabilities -and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2013-0169 - -

    Der blev fundet et timingsidekanalsangreb i CBC-padding, som gjorde det - muligt for en angriber at få fat i dele af klartekst gennem statistisk - analyse af fabrikerede pakker, kendt som Lucky Thirteen-problemet - (heldige tretten-problemet).

    • - -
  • CVE-2013-1621 - -

    En arrayindekseringsfejl kunne måske gøre det muligt for fjernangribere - at forårsage lammelsesangreb ved hjælp af angrebsvinkler, der involverer en - fabrikeret paddinglængdeværdi under validering af CBC-padding i en - TLS-session.

    • - -
  • CVE-2013-1622 - -

    Misdannede CBC-data i en TLS-session kunne gøre det muligt for - fjernangribere at gennemføre kendetegnsangreb ved hjælp af statistisk - analyse af timingsidekanalsdata til fabrikerede pakker.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 0.12.1-1squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er disse problemer rettet i version 1.1.4-2.

- -

Vi anbefaler at du opgraderer dine polarssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2622.data" diff --git a/danish/security/2013/dsa-2623.wml b/danish/security/2013/dsa-2623.wml deleted file mode 100644 index 5df588ccf8d..00000000000 --- a/danish/security/2013/dsa-2623.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="0afaf17f4b4eef2125a79971c192dcb67cff5ea0" mindelta="1" -bufferoverløb - -

Kevin Cernekee opdagede at en ondsindet VPN-gateway kunne sende fabrikerede -forespørgsler, hvilket udløste stakbaserede bufferoverløb.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.25-0.1+squeeze2.

- -

Vi anbefaler at du opgraderer dine openconnect-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2623.data" diff --git a/danish/security/2013/dsa-2624.wml b/danish/security/2013/dsa-2624.wml deleted file mode 100644 index 5a6f73e122f..00000000000 --- a/danish/security/2013/dsa-2624.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="4d75731dd01cdd9b2bd21c48a1cd7e52ffc1bd4b" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i FFmpeg, en multimedieafspiller, -server og --encoder. Flere valideringer af inddata i decodere/demuxere til filerne -Shorten, kinesisk AVS-video, VP5, VP6, AVI, AVS og MPEG-1/2, kunne føre til -udførelse af vilkårlig kode.

- -

De fleste af problemerne blev opdaget af Mateusz Jurczyk og Gynvael -Coldwind.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 4:0.5.10-1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 6:0.8.5-1 af kildekodepakken libav.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2624.data" diff --git a/danish/security/2013/dsa-2625.wml b/danish/security/2013/dsa-2625.wml deleted file mode 100644 index ceb3dbc802c..00000000000 --- a/danish/security/2013/dsa-2625.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="5d3af69981a5d246d8907eb91f6ef42625391c8c" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i dissectorerne til protokollerne CLNP, DTLS, -DCP-ETSI og NTLMSSP, hvilket kunne medføre lammelsesangreb (denial of service) -eller udførelse af vilkårlig kode.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 1.2.11-6+squeeze9.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2625.data" diff --git a/danish/security/2013/dsa-2626.wml b/danish/security/2013/dsa-2626.wml deleted file mode 100644 index 08e23fa7622..00000000000 --- a/danish/security/2013/dsa-2626.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere problemer - -

Flere sårbarheder blev opdaget i TLS-/SSL-protokollen. Denne opdatering -af protokolsårbarhederne i lighttpd.

- -
    - -
  • CVE-2009-3555 - -

    Marsh Ray, Steve Dispensa og Martin Rex opdagede at TLS- og - SSLv3-protokollerne ikke på korrekt vis tilknyttede genforhandlingshåndtryk - til en eksisterende forbindelse, hvilket gjorde det muligt for manden i - midten-angribere at indsætte data i HTTPS-sessioner. Problemet er løst i - lighttpd ved som standard at deaktivere klientinitialiseret - genforhandling.

    - -

    De brugere, som rent faktisk har brug for en sådan genforhandling, kan - genaktivere den via det nye parameter - ssl.disable-client-renegotiation.

    • - -
  • CVE-2012-4929 - -

    Juliano Rizzo og Thai Duong opdagede en svaghed i TLS-/SSL-protokollen, - når der anvendes komprimering. Sidekanalsangrebet, kaldet CRIME, - gjorde det muligt for smuglyttere at opsamle oplysninger til at erhverve - den oprindelige rene tekst i protokollen. Opdateringen deaktiverer - komprimering.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 1.4.28-2+squeeze1.2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid) -er disse problemer rettet i version 1.4.30-1.

- -

Vi anbefaler at du opgraderer dine lighttpd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2626.data" diff --git a/danish/security/2013/dsa-2627.wml b/danish/security/2013/dsa-2627.wml deleted file mode 100644 index de619cfb3b1..00000000000 --- a/danish/security/2013/dsa-2627.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="94bc0cfa49a2c8f942c6de66e7d6742efc3f16df" mindelta="1" -informationslækage - -

Juliano Rizzo og Thai Duong opdagede en svaghed i TLS-/SSL-protokollen, -når der anvendes komprimering. Sidekanalsangrebet, kaldet CRIME, -gjorde det muligt for smuglyttere at opsamle oplysninger til at erhverve -den oprindelige rene tekst i protokollen. Denne opdatering til nginx -deaktiverer SSL-komprimering.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.7.67-3+squeeze3.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), -er dette problem rettet i version 1.1.16-1.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2627.data" diff --git a/danish/security/2013/dsa-2628.wml b/danish/security/2013/dsa-2628.wml deleted file mode 100644 index 88f4d69fabd..00000000000 --- a/danish/security/2013/dsa-2628.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="61669122c124b7c8aef909848a1841b34f845aca" mindelta="1" -bufferoverløb - -

Garth Mollett opdagede et overløbsproblem med en fildescriptor i anvendelsen -af FD_SET() i nss-pam-ldapd, som leverer NSS- og PAM-moduler til brug af LDAP -som en navngivelsestjeneste, kunne føre til et stakbaseret bufferoverløb. En -angriber kunne, under visse omstændigheder, udnytte fejlen til at få en proces, -der har indlæst NSS- eller PAM-modulet, til at gå ned eller potentielt udføre -vilkårlig kode.

- -

I den stabile distribution (squeeze) er dette problem rettet i -version 0.7.15+squeeze4.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 0.8.10-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.8.10-3.

- -

Vi anbefaler at du opgraderer dine nss-pam-ldapd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2628.data" diff --git a/danish/security/2013/dsa-2629.wml b/danish/security/2013/dsa-2629.wml deleted file mode 100644 index ad1cc10d8a5..00000000000 --- a/danish/security/2013/dsa-2629.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere problemer - - -
    - -
  • CVE-2009-5030 - -

    Heaphukommelseskorruption førte til ugyldig frigivelse når der blev - behandlet visse Gray16 TIFF-billeder.

    • - -
  • CVE-2012-3358 - -

    Huzaifa Sidhpurwala fra Red Hat Security Response Team fandt et - heapbaseret bufferoverløb i JPEG2000-billedfortolkningen.

    • - -
  • CVE-2012-3535 - -

    Huzaifa Sidhpurwala fra Red Hat Security Response Team fandt et - heapbaseret bufferoverløb ved dekodning af JPEG2000-billeder.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 1.3+dfsg-4+squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distributions (sid), er -disse problemer rettet i version 1.3+dfsg-4.6.

- -

Vi anbefaler at du opgraderer dine openjpeg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2629.data" diff --git a/danish/security/2013/dsa-2630.wml b/danish/security/2013/dsa-2630.wml deleted file mode 100644 index 6c80f678db4..00000000000 --- a/danish/security/2013/dsa-2630.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="0df7ab72a9f485ce1c0b6619e4a9af941d3b18aa" mindelta="1" -programmeringsfejl - -

Sumit Soni opdagede at PostgreSQL, en objekt-relationel database, kunne -tvinges til at gå ned, når en intern funktion blev kaldt med ugyldige parametre, -medførende et lammelsesangreb (denial of service).

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 8.4.16-0squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 8.4.16-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 8.4.16-1.

- -

Vi anbefaler at du opgraderer dine postgresql-8.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2630.data" diff --git a/danish/security/2013/dsa-2631.wml b/danish/security/2013/dsa-2631.wml deleted file mode 100644 index cacab9e03df..00000000000 --- a/danish/security/2013/dsa-2631.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb - -

Squid3, en komplet webproxycache, var sårbar over for et lammelsesangreb -(denial of service) på grund af hukommelsesforbrug forårsaget af -hukommelseslækager i cachemgr.cgi:

- -
    - -
  • CVE-2012-5643 - -

    squids cachemgr.cgi var sårbar over for overdrevet ressourceforbrug. En - fjernangriber kunne udnytte fejlen til at iværksætte et lammelsesangreb på - serveren og andre hostede tjenester.

    • - -
  • CVE-2013-0189 - -

    Den oprindelige rettelse til - CVE-2012-5643 - var ufuldstændig. En fjernangriber kunne stadig udnytte fejlen til at - iværksætte et lammelsesangreb.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 3.1.6-1.2+squeeze3.

- -

I distributionen testing (wheezy), er disse problemer rettet i -version 3.1.20-2.1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.1.20-2.1.

- -

Vi anbefaler at du opgraderer dine squid3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2631.data" diff --git a/danish/security/2013/dsa-2632.wml b/danish/security/2013/dsa-2632.wml deleted file mode 100644 index 4a9585251e9..00000000000 --- a/danish/security/2013/dsa-2632.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/lammelsesangreb - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til et -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2013-0231 - -

    Jan Beulich leverede en rettelse til et problem i Xen - PCI-backenddriverne. Brugere af gæster på et system som anvender - videreførte PCI-enheder, kunne iværksætte et lammelsesangreb på - værtssystemet på grund anvendelse af ikke-hyppighedsbegrænsede - kernelogmeddelelser.

    • - -
  • CVE-2013-0871 - -

    Suleiman Souhlal og Salman Qazi fra Google, med hjælp fra Aaron Durbin og - Michael Davidson fra Google, opdagede et problem i ptrace-undersystemet. På - grund af en kapløbstilstand med PTRACE_SETREGS, kunne lokale brugere - forårsage korruption af kernestakken og udførelse af vilkårlig - kode.

    • - -
- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.6.32-48squeeze1.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage nytte af opdateringen:

- -
- - - - - - - - - -
 Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+48squeeze1
-
- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2632.data" diff --git a/danish/security/2013/dsa-2633.wml b/danish/security/2013/dsa-2633.wml deleted file mode 100644 index dc7cd7129f4..00000000000 --- a/danish/security/2013/dsa-2633.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="15cae58e86a1c51c703ac6d07d3b9486dc654baf" mindelta="1" -rettighedsforøgelse - -

Helmut Grohne opdagede flere rettighedsforøgelsesfejl i FusionForge, et -webbaseret projekthåndterings- og samarbejdsprogrammel. De fleste af -sårbarhederne har at gøre med dårlig håndtering af priviligerede handlinger på -brugerkontrollerede filer eller mapper.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 5.0.2-5+squeeze2.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine fusionforge-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2633.data" diff --git a/danish/security/2013/dsa-2634.wml b/danish/security/2013/dsa-2634.wml deleted file mode 100644 index 473ac019da3..00000000000 --- a/danish/security/2013/dsa-2634.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Django, et Python-webudviklingsframework på -højt niveau. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2012-4520 - -

    James Kettle opdagede at Django ikke på korrekt vis filtrerede HTTP - Host-headeren under behandling af visse forespørgsler. En angriber kunne - udnytte det til at generere og forårsage at dele af Django, særligt - mekanismen til nulstilling af adgangskoder, viste vilkårlige URL'er til - brugerne.

    • - -
  • CVE-2013-0305 - -

    Orange Tsai opdagede at den medfølgende administrationsbrugerflade i - Django kunne udstille oplysninger, der ellers skulle være skjulte, gennem - programmellets historiklog.

    • - -
  • CVE-2013-0306 - -

    Mozilla opdagede at en angriber kunne misbruge Djangos sporing af - antallet af formularer i et formset til at forårsage et lammelsesangreb - (denial of service) på grund af ekstremt hukommelsesforbrug.

    • - -
  • CVE-2013-1665 - -

    Michael Koziarski opdagede at Djangos XML-deserialisation var sårbar over - for entity-expansion- og external-entity/DTD-angreb.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 1.2.3-3+squeeze5.

- -

I distributionen testing (wheezy), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.4.4-1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2634.data" diff --git a/danish/security/2013/dsa-2635.wml b/danish/security/2013/dsa-2635.wml deleted file mode 100644 index dd490a94a64..00000000000 --- a/danish/security/2013/dsa-2635.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="49a739be7e0e7d2bbae62d3f93205de0565f36aa" mindelta="1" -bufferoverløb - -

Malcolm Scott opdagede et fjernudnytbart bufferoverløb i RFC1413-klienten -(ident) hørende til cfingerd, en konfigurerbar fingerdæmon. Sårbarheden opstod -via en tidligere anvendt rettelse af cfingerd-pakken i 1.4.3-3.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.4.3-3+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 1.4.3-3.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.3-3.1.

- -

Vi anbefaler at du opgraderer dine cfingerd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2635.data" diff --git a/danish/security/2013/dsa-2636.wml b/danish/security/2013/dsa-2636.wml deleted file mode 100644 index 2cce7665b7f..00000000000 --- a/danish/security/2013/dsa-2636.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Xen-hypervisoren. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2012-4544 - -

    Utilstrækkelig validering af kerne- og ramdiskstørrelser i Xen - PV-domæneopbyggeren kunne medføre lammelsesangreb (denial of - service.

    • - -
  • CVE-2012-5511 - -

    Flere HVM-kontrolhandlinger udførte utilstrækkelig validering af inddata, - hvilket kunne medføre lammelsesangreb gennem ressourceudmattelse.

    • - -
  • CVE-2012-5634 - -

    Ukorrekt interrupthåndtering, når VT-d-hardware benyttes, kunne medføre - lammelsesangreb.

    • - -
  • CVE-2013-0153 - -

    Utilstrækkelige begrænsninger på interrapttilgang kunne medføre - lammelsesangreb.

    • -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 4.0.1-5.8.

- -

I distributionen testing (wheezy), er disse problemer rettet i -version 4.1.4-2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.1.4-2.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2636.data" diff --git a/danish/security/2013/dsa-2637.wml b/danish/security/2013/dsa-2637.wml deleted file mode 100644 index 72ce2301551..00000000000 --- a/danish/security/2013/dsa-2637.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere problemer - -

Flere sårbarheder er fundet i Apache HTTPD-serveren.

- -
    - -
  • CVE-2012-3499 - -

    Modulerne mod_info, mod_status, mod_imagemap, mod_ldap og mod_proxy_ftp - indkapslede ikke på korrekt vis værtsnavne og URI'er i HTML-uddata, hvilket - medførte sårbareheder i forbindelse med udførelse af skripter på tværs af - servere.

    • - -
  • CVE-2012-4558 - -

    Mod_proxy_balancer indkapslede ikke på korrekt vis værtsnavne og URI'er - i sin balancer-manager-grænseflade, hvilket medførte en sårbarehed i - forbindelse med udførelse af skripter på tværs af servere.

    • - -
  • CVE-2013-1048 - -

    Hayawardh Vijayakumar bemærkede at skriptet apache2ctl oprettede - låsningsmappen på usikker vis, hvilket gjorde det muligt for en lokal - angriber at opnå forøgede rettigheder via et symlinkangreb. Det er et - Debian-specifikt problem.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 2.2.16-6+squeeze11.

- -

I distributionen testing (wheezy), vil disse problemer blive rettet i -version 2.2.22-13.

- -

I den ustabile distribution (sid), vil disse problemer blive rettet i -version 2.2.22-13.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2637.data" diff --git a/danish/security/2013/dsa-2638.wml b/danish/security/2013/dsa-2638.wml deleted file mode 100644 index 9520a8541f3..00000000000 --- a/danish/security/2013/dsa-2638.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="106fc6ed3d98e8a3b89b38704b6866f797b8923c" mindelta="1" -bufferoverløb - -

Flere bufferoverløb blev opdaget i OpenAFS, implementeringen af det -distribuerede filsystem AFS, hvilket måske kunne medføre lammelsesangreb -(denial of service) eller udførelse af vilkårlig kode. Yderligere oplysninger -er tilgængelige på \ -http://www.openafs.org/security.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.4.12.1+dfsg-4+squeeze1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.1-3.

- -

Vi anbefaler at du opgraderer dine openafs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2638.data" diff --git a/danish/security/2013/dsa-2639.wml b/danish/security/2013/dsa-2639.wml deleted file mode 100644 index d707eb0ecee..00000000000 --- a/danish/security/2013/dsa-2639.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i PHP, webscriptsproget. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2013-1635 - -

    Hvis en PHP-applikation accepterede SOAP-objektinddata fra fjerne - klienter, som der ikke er tillid til, kunne en angriber læse systemfiler som - er læsbare for webserveren.

    • - -
  • CVE-2013-1643 - -

    Funktionen soap.wsdl_cache_dir tag ikke PHP open_basedir-begrænsinger i - betragtning. Bemærk at Debian fraråder at benytte open_basedir-begrænsninger - som en sikkerhedsforanstaltning.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 5.3.3-7+squeeze15.

- -

I distributionen testing (wheezy), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.4.4-14.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2639.data" diff --git a/danish/security/2013/dsa-2640.wml b/danish/security/2013/dsa-2640.wml deleted file mode 100644 index b172c21c02e..00000000000 --- a/danish/security/2013/dsa-2640.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere problemer - -

Flere sårbarheder blev opdaget i zoneminder, en video- og kamerasikkerheds- -og overvågningsløsning til Linux. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2013-0232 - -

    Brendan Coles opdagede at zoneminder var sårbar over for vilkårlig - udførelse af kommandoer. Fjerne (autentificerede) angribere kunne udføre - vilkårlige kommandoer som webservernes bruger.

    • - -
  • CVE-2013-0332 - -

    zoneminder var sårbar over for en sårbarhed i forbindelse med en lokal - filmedtagelse. Fjernangribere kunne undersøge filer på systemet, som kører - zoneminder.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 1.24.2-8+squeeze1.

- -

I distributionen testing (wheezy), er disse problemer rettet i -version 1.25.0-4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.25.0-4.

- -

Vi anbefaler at du opgraderer dine zoneminder-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2640.data" diff --git a/danish/security/2013/dsa-2641.wml b/danish/security/2013/dsa-2641.wml deleted file mode 100644 index 8befc3e0e62..00000000000 --- a/danish/security/2013/dsa-2641.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="5dcf66c575db6d07664f30d8eb7f55e6db92e79c" mindelta="1" -rehashing-fejl - -

Yves Orton opdagede en fejl i Perls rehashing-kode. Fejlen kunne udnyttes -til at gennemføre lammelsesangreb (denial af service) mod kode, der anvender -vilkårlige brugerindata som hash-nøgler. Specifikt kunne en angriber oprette et -sæt nøgler fra en hash, forårsagende lammelsesangreb gennem -hukommelsesudmatelse.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 5.10.1-17squeeze6 af perl og i version -2.0.4-7+squeeze1 af libapache2-mod-perl2.

- -

I distributionen testing (wheezy) og i den ustabile distribution -(sid), er dette problem rettet i version 5.14.2-19 af -perl og i version 2.0.7-3 af libapache2-mod-perl2.

- -

Vi anbefaler at du opgraderer dine perl og libapache2-mod-perl2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2641.data" diff --git a/danish/security/2013/dsa-2642.wml b/danish/security/2013/dsa-2642.wml deleted file mode 100644 index a6142eda8e7..00000000000 --- a/danish/security/2013/dsa-2642.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere problemer - -

Flere sårbarheder er opdaget i sudo, et program designet til at gøre det -muligt for en systemadministrator at give root-rettigheder til brugere. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2013-1775 - -

    Marco Schoepl opdagede en autentifikationsomgåelse når uret er sat til - UNIX-epoken [00.00.00 UTC den 1. januar 1970].

    • - -
  • CVE-2013-1776 - -

    Ryan Castellucci og James Ogden opdagede aspekter ved et problem, der - kunne gøre det muligt at kapre en sessions-id fra en anden autoriseret - tty.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 1.7.4p4-2.squeeze.4.

- -

I distributionen testing (wheezy) og i den ustabile distributions (sid), er -disse problemer rettet i version 1.8.5p2-1+nmu1.

- -

Vi anbefaler at du opgraderer dine sudo-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2642.data" diff --git a/danish/security/2013/dsa-2643.wml b/danish/security/2013/dsa-2643.wml deleted file mode 100644 index 03b5edccb3d..00000000000 --- a/danish/security/2013/dsa-2643.wml +++ /dev/null @@ -1,80 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Puppet, et system til centraliseret -opsætningshåndtering.

- -
    - -
  • CVE-2013-1640 - -

    En autentificeret, ondsindet klient kunne bede om sit katalog fra - puppet-masteren, og forårsage at puppet-masteren udførte vilkårlig kode. - Puppet-master skal være opsat til at kalde template- eller - inline_template-funktioner under katalogkompilering.

    • - -
  • CVE-2013-1652 - -

    En autentificeret, ondsindet klient kunne hente kataloger fra - puppet-masteren, som den ikke er autoriseret til at tilgå. Med et gyldigt - certifikat og privat nøgle, var det muligt at konstruere en HTTP - GET-forespørgsel, der leverede kataloget hørende til en vilkårlig klient.

    • - -
  • CVE-2013-1653 - -

    En autentificeret, ondsindet klient kunne måske udføre vilkårlig kode på - puppet-agenter, der accepterer kick-forbindelser. Puppet-agenter er ikke - sårbare i deres standardopsætning. Men hvis puppet-agenten er opsat til at - lytte efter indgående forbindelser, fx listen = true, og agenten auth.conf - tillader adgang til REST-endpoint'et run, da kunne en autentificeret - klient konstruere en HTTP PUT-forespørgsel til at udføre vilkårlig kode på - agenten. Problemet blev gjort værre af det faktum, at puppet-agenter typisk - kører som root.

    • - -
  • CVE-2013-1654 - -

    En fejl i puppet tillod SSL-forbindelser kunne nedgraderes til SSLv2, - der er kendt for at indeholde svagheder i forbindelse med designet. Det - påvirkede SSL-forbindelser mellem puppet-agtenter og -master, foruden - forbindelser, som puppet-agenter foretager til tredjepartsservere, som - accepterer SSLv2-forbindelser. Bemærk at SSLv2 har været deaktiveret siden - OpenSSL 1.0.

    • - -
  • CVE-2013-1655 - -

    En uautentificeret, ondsindet klient kunne måske sende forespørgsler til - puppet-masteren og få masteren til at indlæse kode på en usikker måde. - Det påvirkede kun brugere, hvis puppet-mastere kører ruby 1.9.3 og - senere.

    • - -
  • CVE-2013-2274 - -

    En autentificeret, ondsindet klient kunne måske udføre vilkårlig kode på - puppet-masteren i dennes standardopsætning. Med et gyldigt certifikat og - privat nøgle, kunne en klient konstruere en HTTP PUT-forespørgsel, der er - autoriseret til at gemme klientens egen rapport, men forespørgslen ville i - virkeligheden medføre at puppet-masteren udførte vilkårlig kode.

    • - -
  • CVE-2013-2275 - -

    Standardudgaven af auth.conf tillod at en autentificeret node kunne - indsende en rapport for en anden node, hvilket er et complianceproblem. - Det er gjort mere restriktivt som standard, så en node kun har lov til at - gemme sin egen rapport.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 2.6.2-5+squeeze7.

- -

I distributionen testing (wheezy), er disse problemer rettet i -version 2.7.18-3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.7.18-3.

- -

Vi anbefaler at du opgraderer dine puppet-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2643.data" diff --git a/danish/security/2013/dsa-2644.wml b/danish/security/2013/dsa-2644.wml deleted file mode 100644 index 88e7949924f..00000000000 --- a/danish/security/2013/dsa-2644.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="76d46d6df1a4f36e14e12bcff2e7f29b84c45381" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i dissektorerne til protokollerne MS-MMS, RTPS, -RTPS2, Mount, ACN, CIMD og DTLS, hvilket kunne medføre lammelsesangreb (denial -of service) eller udførelse af vilkårlig kode.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 1.2.11-6+squeeze10.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.8.2-5.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2644.data" diff --git a/danish/security/2013/dsa-2645.wml b/danish/security/2013/dsa-2645.wml deleted file mode 100644 index ae7536ccdb6..00000000000 --- a/danish/security/2013/dsa-2645.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="0852993c1a4125fc45a9310dd9446f294903d4b6" mindelta="1" -lammelsesangreb - -

Ovidiu Mara rapporterede i 2010 en sårbarhed i ping-værktøjet, som hyppigt -anvendes af system- og netværksadministratorer. Ved omhyggeligt at fabrikere -ICMP-svar, kunne en angriber få ping-kommandoen til at hænge.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2:1.6-3.1+squeeze2.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 2:1.9-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:1.9-2.

- -

Vi anbefaler at du opgraderer dine inetutils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2645.data" diff --git a/danish/security/2013/dsa-2646.wml b/danish/security/2013/dsa-2646.wml deleted file mode 100644 index 0784b9f1204..00000000000 --- a/danish/security/2013/dsa-2646.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

TYPO3, et PHP-baseret system til indholdshåndtering, viste sig at indeholde -flere sårbarheder.

- -
    - -
  • CVE-2013-1842 - -

    Helmut Hummel og Markus Opahle opdagede at Extbase-databaselaget ikke på - korrekt vis fornuftigheskontrollerede brugerinddata, når - Query-objektmodellen blev anvendt. Det kunne føre til SQL-indsprøjtning, - ved at en ondsindet brugere leverede fabrikerede relationsværdier.

    • - -
  • CVE-2013-1843 - -

    Manglende validering af brugerinddata i adgangssporingsmekanismen, kunne - føre til vilkårlige URL-omdirigeringer.

    - -

    Bemærk: Retten medfører at allerede offentliggjorte links ikke længere - fungerer. Opstrøms bulletin - \ - TYPO3-CORE-SA-2013-001, indeholder flere oplysninger om hvordan det - løses.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 4.3.9+dfsg1-1+squeeze8.

- -

I distributionen testing (wheezy), er disse problemer rettet i -version 4.5.19+dfsg1-5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.5.19+dfsg1-5.

- -

Vi anbefaler at du opgraderer dine typo3-src-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2646.data" diff --git a/danish/security/2013/dsa-2647.wml b/danish/security/2013/dsa-2647.wml deleted file mode 100644 index 9ebebff4aeb..00000000000 --- a/danish/security/2013/dsa-2647.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="96999b256f8116840fcf9796d0c2895f898b7d6d" mindelta="1" -bufferoverløb - -

Et bufferoverløb blev opdaget i databaseserveren Firebird, hvilket kunne -medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.1.3.18185-0.ds1-11+squeeze1.

- -

I distributionen testing (wheezy), firebird2.1 will be removed in -favour of firebird2.5.

- -

I den ustabile distribution (sid), firebird2.1 will be removed in -favour of firebird2.5.

- -

Vi anbefaler at du opgraderer dine firebird2.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2647.data" diff --git a/danish/security/2013/dsa-2648.wml b/danish/security/2013/dsa-2648.wml deleted file mode 100644 index 7b5c4027486..00000000000 --- a/danish/security/2013/dsa-2648.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="8fbc21f00fdeecb5e07967a6296e12f43ad39eb0" mindelta="1" -flere sårbarheder - -

Et bufferoverløb blev opdaget i databaseserveren Firebird, hvilket kunne -meføre udførelse af vilkårlig kode. Desuden blev der opdaget en -lammelsesangrebssårbarhed (denial of service) i TraceManager.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.

- -

I distributionen testing (wheezy), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine firebird2.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2648.data" diff --git a/danish/security/2013/dsa-2649.wml b/danish/security/2013/dsa-2649.wml deleted file mode 100644 index c0e488ef812..00000000000 --- a/danish/security/2013/dsa-2649.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="2b49fe479f1c05b78f5bf261b56e01f3253d3d0c" mindelta="1" -fast socket-navn i mappe som er skrivbar for alle - -

Stefan Bühler opdagede, at i den Debian-specifikke opsætningsfil til -webserveren lighttpd's understøttelse af FastCGI-PHP, blev der benyttet et fast -socket-navn i mappen /tmp, som er skrivbar for alle. Et symlink-angreb eller -kapløbstilstand kunne udnyttes af en ondsindet brugere på den samme maskine til -at overtage PHP's controlsocket og eksempelvis tvinge webserveren til at anvende -en anden version af PHP.

- -

Da rettelsen er i opsætningsfilen, som befinder sig i /etc, vil opdateringen -ikke blive gennemtvunget såfremt filen er blevet ændret af administratoren. I -det tilfælde skal man sørge for selv at foretage rettelsen.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.4.28-2+squeeze1.3.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 1.4.31-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.31-4.

- -

Vi anbefaler at du opgraderer dine lighttpd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2649.data" diff --git a/danish/security/2013/dsa-2650.wml b/danish/security/2013/dsa-2650.wml deleted file mode 100644 index 35f5b903023..00000000000 --- a/danish/security/2013/dsa-2650.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="de8c425679bcef95af74cccb077b7de1160d9517" mindelta="1" -filers og enhedsnoders ejerskab ændres til kvm-gruppe - -

Bastian Blank opdagede at libvirtd, en dæmon til håndtering af virtuelle -maskiner, netværk og lagerplads, kunne ændre ejerskabet på enhedsfiler, så de -blev ejet af brugeren libvirt-qemu og gruppen kvm, som er en -generel gruppe, der ikke specifikt vedrører libvirt, og dermed var der -utilsigtet skriveadgang til disse enheder og filer for medlemmer af -kvm-gruppen.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 0.8.3-5+squeeze5.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 0.9.12-11.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.9.12-11.

- -

Vi anbefaler at du opgraderer dine libvirt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2650.data" diff --git a/danish/security/2013/dsa-2651.wml b/danish/security/2013/dsa-2651.wml deleted file mode 100644 index d660ba98417..00000000000 --- a/danish/security/2013/dsa-2651.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="185c0d4e569bbacaca9dc39e1563c09c934b1fc3" mindelta="1" -sårbarhed i forbindelse med udførelse af skripter på tværs af websteder - -

En sårbarhed i forbindelse med udførelse af skripter på tværs af websteder, -blev opdaget i smokeping, et latencylognings- og grafsystem. Inddata overført -til parameteret displaymode, blev ikke på korrekt vis -fornuftighedskontrolleret. En angriber kunne udnytte fejlen til at udføre -vilkårligt HTML- og skriptkode i brugerens brugerens browsersession i det -påvirkede websteds kontekst.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 2.3.6-5+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 2.6.7-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.6.7-1.

- -

Vi anbefaler at du opgraderer dine smokeping-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2651.data" diff --git a/danish/security/2013/dsa-2652.wml b/danish/security/2013/dsa-2652.wml deleted file mode 100644 index 75503bace3a..00000000000 --- a/danish/security/2013/dsa-2652.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="3f97242cbf8bd1416f288678c97af17426b8faba" mindelta="1" -udvidelse af ekstern entitet - -

Brad Hill fra iSEC Partners opdagede at mange XML-implementeringer var -sårbare over for problemer i forbindelse med udvidelse af eksterne entiteter, -hvilket kan benyttes til forskellige formål, så som omgåelse af firewall, -forklædning af en IP-adresse og lammelsesangreb (denial of service). libxml2 -var sårbart over for disse problemer, når der blev udført strengerstatning -under entitetsudvidelse.

- -

I den stabile distribution (squeeze), er disse problemer rettet i -version 2.7.8.dfsg-2+squeeze7.

- -

I distributionen testing (wheezy) og i den ustabile distributions (sid), er -disse problemer rettet i version 2.8.0+dfsg1-7+nmu1.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2652.data" diff --git a/danish/security/2013/dsa-2653.wml b/danish/security/2013/dsa-2653.wml deleted file mode 100644 index baa976d03e7..00000000000 --- a/danish/security/2013/dsa-2653.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="2421089de56a30f2ce873a5215fd123fec79ba18" mindelta="1" -bufferoverløb - -

Man opdagede at Icinga, et system til overvågning af værter og netværk, -indeholdt flere bufferoverløb i CGI-programmet history.cgi.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.0.2-2+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 1.7.1-5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.7.1-5.

- -

Vi anbefaler at du opgraderer dine icinga-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2653.data" diff --git a/danish/security/2013/dsa-2654.wml b/danish/security/2013/dsa-2654.wml deleted file mode 100644 index 1f44549fdb5..00000000000 --- a/danish/security/2013/dsa-2654.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="70788fbaf28de6b365aa8738f5f848738d2a1902" mindelta="1" -lammelsesangreb - -

Nicolas Gregoire opdagede at libxslt, et XSLT-processing runtime-bibliotek, -var sårbart over for et lammelsesangreb (denial of service) via fabrikerede -XSL-stylesheets.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1.1.26-6+squeeze3.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 1.1.26-14.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.26-14.1.

- -

Vi anbefaler at du opgraderer dine libxslt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2654.data" diff --git a/danish/security/2013/dsa-2655.wml b/danish/security/2013/dsa-2655.wml deleted file mode 100644 index 72d0777021b..00000000000 --- a/danish/security/2013/dsa-2655.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="82372bb07e8bae43e3e5a8f905e5ea8f245a9223" mindelta="1" -flere sårbarheder - -

Flere sårbarheder i forbindelse med udførelse af skripter på tværs af -websteder blev opdaget i Ruby on Rails, et Ruby-framework til udvikling af -webapplikationer.

- -

I den stabile distribution (squeeze), er disse problemer rettet i version -2.3.5-1.2+squeeze8.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -disse problemer rettet i version 3.2.6-5 af ruby-activerecord-3.2, version -2.3.14-6 af ruby-activerecord-2.3, version 2.3.14-7 af ruby-activesupport-2.3, -version 3.2.6-6 af ruby-actionpack-3.2 og i version 2.3.14-5 af -ruby-actionpack-2.3.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2655.data" diff --git a/danish/security/2013/dsa-2656.wml b/danish/security/2013/dsa-2656.wml deleted file mode 100644 index 2cf263c5749..00000000000 --- a/danish/security/2013/dsa-2656.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="296ac48b761d4f2ccd7f1b362253d9ca563dec25" mindelta="1" -lammelsesangreb - -

Matthew Horsfall fra Dyn, Inc. opdagede at BIND, en DNS-server, var sårbar -over for en lammelsesangreb (denial of service). En fjernangriber kunne anvende -fejlen til at sende en særligt fremstillet DNS-forespørgsel til named, der når -den blev behandlet, forårsagede at named benyttede en alt for stor mængde -hukommelse eller muligvis gik ned.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 1:9.7.3.dfsg-1~squeeze10.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 1:9.8.4.dfsg.P1-6+nmu1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:9.8.4.dfsg.P1-6+nmu1.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2656.data" diff --git a/danish/security/2013/dsa-2657.wml b/danish/security/2013/dsa-2657.wml deleted file mode 100644 index f04515ad6fd..00000000000 --- a/danish/security/2013/dsa-2657.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -gætbare tilfældige tal - -

En sårbarhed blev opdaget i databaseserveren PostgreSQL. Tilfældige tal -genereret af contrib/pgcrypto-funktioner kunne måske være lette at gætte for en -anden databasebruger.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 8.4.17-0squeeze1.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), er -postgresql-8.4-pakkerne blevet fjernet; problemet er rettet i postgresql-9.1, -henholdsvis 9.1.9-0wheezy1 (wheezy) og 9.1.9-1 (sid).

- -

Bemærk: postgresql-8.4 i Squeeze er ikke påvirket af -CVE-2013-1899 -(korruption af databasefiler) og -CVE-2013-1901 -(upriviligeret bruger kan forstyrre igangværende sikkerhedskopieringer).

- -

Vi anbefaler at du opgraderer dine postgresql-8.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2657.data" diff --git a/danish/security/2013/dsa-2658.wml b/danish/security/2013/dsa-2658.wml deleted file mode 100644 index 4a0947e2e30..00000000000 --- a/danish/security/2013/dsa-2658.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i databaseserveren PostgreSQL.

- -
    - -
  • CVE-2013-1899 - -

    Mitsumasa Kondo og Kyotaro Horiguchi fra NTT Open Source Software Center, - opdagede at det var muligt for en forbindelsesforespørgsel indeholdende et - databasenavn som begynder med - at blive fabrikeret på en sådan måde, - at filer i serveres data-mappe kunne blive beskadiget eller ødelagt. Alle - med adgang til porten, som PostgreSQL-serveren lytter til, kunne initiere en - sådan forespørgsel.

    • - -
  • CVE-2013-1900 - -

    Tilfældige tal generet af contrib/pgcrypto-funktioner, kunne måske være - lette at gætte for en anden databasebruger.

    • - -
  • CVE-2013-1901 - -

    En upriviligeret bruger kunne køre kommandoer, som kunne forstyrre - igangværende sikkerhedkopieringer.

    • - -
- -

I den stabile distribution (squeeze), er postgresql-9.1 ikke tilgængelig -DSA-2657-1 er udgivet vedrørende -CVE-2013-1900, -der påvirker posgresql-8.4.

- -

I distributionen testing (wheezy), er disse problemer rettet i version -9.1.9-0wheezy1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -9.1.9-1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2658.data" diff --git a/danish/security/2013/dsa-2659.wml b/danish/security/2013/dsa-2659.wml deleted file mode 100644 index 06214c01aa4..00000000000 --- a/danish/security/2013/dsa-2659.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="8257097da4e4ec8b1f6a43752f47d486618a067b" mindelta="1" -XML-sårbarhed i ekstern entitetsbehandling - -

Timur Yunusov og Alexey Osipov fra Positive Technologies opdagede at -XML-filfortolkeren i ModSecurity, et Apache-modul hvis formål er at forøge -webapplikationssikkerheden, var sårbar over for angreb i forbindelse med -eksterne XML-entiteter. En særligt fremstillet XML-fil leveret af en -fjernangriber, kunne føre til lokal filblotlæggelse eller ekstremt forbrug af -ressourcer (CPU, hukommelse) under behandlingen.

- -

Opdateringen indfører valgmuligeheden SecXmlExternalEntity, der som standard -er Off. Dermed deaktiveres libxml2's mulighed for at indlæse eksterne -entiteter.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2.5.12-1+squeeze2.

- -

I distributionen testing (wheezy), er dette problem rettet i version -2.6.6-6 af pakken modsecurity-apache.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.6.6-6 af pakken modsecurity-apache.

- -

Vi anbefaler at du opgraderer dine libapache-mod-security-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2659.data" diff --git a/danish/security/2013/dsa-2660.wml b/danish/security/2013/dsa-2660.wml deleted file mode 100644 index 8c8d8296691..00000000000 --- a/danish/security/2013/dsa-2660.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="fceebc5888fd750f4089685d9e1ab2c6f335592c" mindelta="1" -blotlæggelse af følsomme oplysninger - -

Yamada Yasuharu opdagede at cURL, et bibliotek til overførsel af URL'er, var -sårbart over for blotlæggelse af potentielt følsomme oplysninger, når der blev -udført forespørgsler på tværs af domæner med matchende tails. På grund -af en fejl i tailmatch-funktionen når domænenavne blev matchet, var det muligt -at cookies opsat for fx domænet ample.com, ved en fejl også kunne blive -opsat af libcurl når der blev kommunikeret med example.com.

- -

Både kommandolinjeværktøjet curl og applikationer der benytter biblioteket -libcurl er sårbare.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -7.21.0-2.1+squeeze3.

- -

I distributionen testing (wheezy), er dette problem rettet i version -7.26.0-1+wheezy2.

- -

I den ustabile distribution (sid), er dette problem rettet i version -7.29.0-2.1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2660.data" diff --git a/danish/security/2013/dsa-2661.wml b/danish/security/2013/dsa-2661.wml deleted file mode 100644 index 89a9ec21b59..00000000000 --- a/danish/security/2013/dsa-2661.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="e52ae82010f174668775e3726d5f6d91252d05f1" mindelta="1" -informationsafsløring - -

David Airlie og Peter Hutterer fra Red Hat opdagede at xorg-server, X.Org's -X-server, var ramt af en informationsafsløringsfejl i forbindelse med -inddatahåndtering og enheds-hotplug.

- -

Når en X-server kører, men ikke i forgrunden (for eksempel på grund af en -VT-switch), kunne en nyligt tilsluttet inddataenhed stadig blive genkendt og -håndteret af X-serveren, hvilket faktisk ville overføre inddataevents til dens -klienter i baggrunden.

- -

Dermed kunne det være muligt for en angriber at få fat i nogle inddataevents, -som ikke var rettet mod X-klienterne, herunder følsomme oplysninger.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -2:1.7.7-16.

- -

I distributionen testing (wheezy), er dette problem rettet i version -2:1.12.4-6.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2:1.12.4-6.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2661.data" diff --git a/danish/security/2013/dsa-2662.wml b/danish/security/2013/dsa-2662.wml deleted file mode 100644 index 4aab4a42a92..00000000000 --- a/danish/security/2013/dsa-2662.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Xen-hypervisoren. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2013-1917 - -

    SYSENTER-instruktionen kunne anvendes af PV-gæster til at accelerere - systemkaldbehandlingen. Instruktionen efterlader dog mestendels - EFLAGS-registeret uæandret. Det kunne udnyttes fra et ondsindet eller - fejlbehæftet brugerrum til at få hele værten til at gå ned.

    • - -
  • CVE-2013-1919 - -

    Forskellige IRC-relaterede adgangskontrolhandlinger havde måske ikke den - tilsigtede virkning, potentielt gørende det muligt for at stubdomæne at give - dets klienter domæneadgang til en IRC, som det ikke selv har adgang til. - Det kunne udnyttes af ondsindede eller fejlbehæftede stubdomænekerner til at - iværksætte et lammelsesangreb (denial of service), som muligvis påvirkede - hele systemet.

    • - -
- -

I den stabile distribution (squeeze), er disse problemer rettet i version -4.0.1-5.9.

- -

I distributionen testing (wheezy) og i den ustabile distribution (sid), vil -disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2662.data" diff --git a/danish/security/2013/dsa-2663.wml b/danish/security/2013/dsa-2663.wml deleted file mode 100644 index 443d7a64ee1..00000000000 --- a/danish/security/2013/dsa-2663.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="3ec6bc952c4082395c3c19aae1d6315092c1b61b" mindelta="1" -stakbaseret bufferoverløb - -

Martin Schobert opdagede en stakbaseret sårbarhed i tinc, en Virtual Private -Network-dæmon (VPN).

- -

Når pakker videresendes via TCP, kontrolleres pakkelængden ikke mod -stakbufferens længde. Autentificerede peers kunne udnytte det til at få -tinc-dæmonen til at gå ned samt muligvis udføre vilkårlig kode.

- -

Bemærk, at under Wheezy og Sid er tinc opbygget med hardening-flag og i -særdeleshed staksmashing-beskyttelse, hvilket skulle hjælpe med at beskytte mod -udførelse af vilkårlig kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i version -1.0.13-1+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i version -1.0.19-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.0.19-3.

- -

Vi anbefaler at du opgraderer dine tinc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2663.data" diff --git a/danish/security/2013/dsa-2664.wml b/danish/security/2013/dsa-2664.wml deleted file mode 100644 index 2b24c740b49..00000000000 --- a/danish/security/2013/dsa-2664.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="023e9a5865378046d0558188ac70e4f701b186d1" mindelta="1" -bufferoverløb - -

Stunnel, et program designet med det formål at fungere som en universel -SSL-tunnel til netværksdæmoner, var sårbar over for en bufferoverløbssårbarhed, -når der blev anvendt Microsoft NT LAN Manager-autentifikation (NTLM) -(protocolAuthentication = NTLM) sammen med -connect-protokolmetoden (protocol = connect). Med disse -forudsætninger og med anvendelse af stunnel4 i SSL-klienttilstand -(client = yes) på en 64 bits-vært, kunne en angriber muligvis udføre -vilkårlig kode med rettighederne hørende til stunnel-processen, hvis angriberen -enten kunne kontrollere den angivne proxyserver eller udføre manden i -midten-angreb på tcp-sessionen mellem stunnel og proxyserveren.

- -

Bemærk at i distributionen testing (wheezy) og i den ustabile distribution -(sid), er stunnel4 oversat med aktiveret stak-smashing-beskyttelse, hvilket -skulle hjælpe med at beskytte mod udførelse af vilkårlig kode.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 3:4.29-1+squeeze1.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 3:4.53-1.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3:4.53-1.1.

- -

Vi anbefaler at du opgraderer dine stunnel4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2664.data" diff --git a/danish/security/2013/dsa-2665.wml b/danish/security/2013/dsa-2665.wml deleted file mode 100644 index ac2c2592be6..00000000000 --- a/danish/security/2013/dsa-2665.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -autentifikationsomgåelse - -

Kevin Wojtysiak opdagede en sårbarhed i strongSwan, en IPsec-baseret -VPN-løsning.

- -

Ved anvendelse af en OpenSSL-plugin'en til ECDSA-baseret autentifikation, -blev en tom, nulstillet eller på anden måde ugyldig signatur håndteret som en -legitim. En angriber kunne anvende en forfalsket signatur til autentificere sig -som en legitim bruger og dermed opnå adgang til VPN'en (og alt der er beskyttet -af denne).

- -

Mens problemet ligner -\ -CVE-2012-2388 (omgåelse af RSA-baserede signaturer), er det ikke -beslægtet.

- -

I den stabile distribution (squeeze), er dette problem rettet i -version 4.4.1-5.3.

- -

I distributionen testing (wheezy), er dette problem rettet i -version 4.5.2-1.5+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.6.4-7.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2665.data" diff --git a/danish/security/2013/dsa-2666.wml b/danish/security/2013/dsa-2666.wml deleted file mode 100644 index 94bee2999db..00000000000 --- a/danish/security/2013/dsa-2666.wml +++ /dev/null @@ -1,63 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Xen-hypervisoren. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2013-1918 - -

    (\ - XSA 45) flere handlinger med lang latency er ikke preemptbare.

    - -

    Nogle tabelminipulationshandlinger vedrørende PV-gæster, blev ikke gjort - preemptbare, hvilket gjorde det muligt for en ondsindet eller fejlbehæftet - PV-gæstekerne at iværksætte et lammelsesangreb (denial of service), som - påvirkede hele systemet.

    • - -
  • CVE-2013-1952 - -

    (\ - XSA 49) kildevalideringsfejl i forbindelse med VT-d-interruptremapping - ved bridges.

    - -

    På grund af manglende kildevalidring af interruptremappingtabelposter - vedrørende MSI-interrupts opsat af bridge-enheder, kunne et ondsindet domæne - med adgang til en sådan enhed iværksætte et lammelsesangreb, som påvirkede - hele systemet.

    • - -
  • CVE-2013-1964 - -

    (\ - XSA 50) ubalance mellem acquire/release ved granttablehypercall.

    - -

    Ved frigivelse af en bestemt, ikke-transitiv grant efter udførelse af en - grant copy-handling, frigav Xen på ukorrekt vis en ikke-relateret - grantreference, muligvis førende til nedbrud af værtssystemet. Desuden kan - informationslækage eller rettighedsforøgelse ikke udelukkes.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 4.0.1-5.11.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.1.4-3+deb7u1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 4.1.4-4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.1.4-4.

- -

Bemærk, at i den stabile (wheezy), testing samt i den ustabile distribution, -er CVE-2013-1964 -(XSA -50) allerede rettet i version 4.1.4-3.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2666.data" diff --git a/danish/security/2013/dsa-2667.wml b/danish/security/2013/dsa-2667.wml deleted file mode 100644 index 72cc8f6e71b..00000000000 --- a/danish/security/2013/dsa-2667.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="8481d66105ec53aae063422e2b5ee127d48ba99f" mindelta="1" -flere sårbarheder - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne løses ved -at opgradere MySQL til en ny opstrømsversion, 5.5.31, der indeholder yderligere -ændringer, så som forberet ydeevne af rettelser af fejl i forbindelse med -datatab.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.5.31+dfsg-0+wheezy1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.5.31+dfsg-1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2667.data" diff --git a/danish/security/2013/dsa-2668.wml b/danish/security/2013/dsa-2668.wml deleted file mode 100644 index 3c61a924254..00000000000 --- a/danish/security/2013/dsa-2668.wml +++ /dev/null @@ -1,266 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/lammelsesangreb/informationslækage - -

Flere sårbarheder er opdaget i Linux-kerne, hvilke kan føre til -lammelsesangreb (denial of service), informationslækage eller -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2012-2121 - -

    Benjamin Herrenschmidt og Jason Baron opdagede problemer med - IOMMU-mapningen af hukommelsesslots anvendt ved KVM-enhedstildeling. Lokale - brugere med mulighed for at tildele enheder, kunne forårsage et - lammelsesangreb på grund af en hukommelsessidelækage.

    • - -
  • CVE-2012-3552 - -

    Hafid Lin rapporterede et problem i IP-netværksundersystemet. En - fjernbruger kunne forårsage et lammelsesangreb (systemnedbrud) på servere, - der kører applikationer, hvor der er opsat valgmuligheder på sockets, der - er under aktiv behandling.

    • - -
  • CVE-2012-4461 - -

    Jon Howell rapporterede om et lammelsesangreb i KVM-undersystemet. På - systemer, der ikke understøtter funktionen XSAVE, kunne lokale brugere med - adgang til /dev/kvm-grænsefladen, forårsage et systemnedbrud.

    • - -
  • CVE-2012-4508 - -

    Dmitry Monakhov og Theodore Ts'o rapporterede om en kapløbstilstand i - ext4-filsystemet. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2012-6537 - -

    Mathias Krause opdagede informationslækageproblemer i Transformations - brugeropsætningsgrænseflade. Lokale brugere med CAP_NET_ADMIN-muligheder, - kunne få adgang til følsom kernehukommelse.

    • - -
  • CVE-2012-6539 - -

    Mathias Krause opdagede et problem i netværksundersystemet. Lokale - brugere på 64 bit-systemer kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2012-6540 - -

    Mathias Krause opdagede et problem i Linux' virtuel server-undersystem. - Lokale brugere kunne få adgang til følsom kernehukommelse. Bemærk at - problemet ikke påvirker Debian-leverede kerner, men kan påvirke - tilpassede kerner opbygget ud fra Debians - linux-source-2.6.32-pakke.

    • - -
  • CVE-2012-6542 - -

    Mathias Krause opdagede et problem i koden til protokolunderstøttelsen af - LLC. Lokale brugere kunne få adgang til følsom kernehukommelse.

    • - -
  • CVE-2012-6544 - -

    Mathias Krause opdagede et problem i Bluetooth-undersystemet. Lokale - brugere kunne få adgang til følsom kernehukommelse.

    • - -
  • CVE-2012-6545 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af Bluetooth - RFCOMM. Lokale brugere kunne få adgang til følsom kernehukommelse.

    • - -
  • CVE-2012-6546 - -

    Mathias Krause opdagede et problem i ATM-netværksunderstøttelsen. Lokale - brugere kunne få adgang til følsom kernehukommelse.

    • - -
  • CVE-2012-6548 - -

    Mathias Krause opdagede et problem i understøttelsen af UDF-filsystemet. - Lokale brugere kunne få adgang til følsom kernehukommelse.

    • - -
  • CVE-2012-6549 - -

    Mathias Krause opdagede et problem i understøttelsen af - isofs-filsystemet. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-0349 - -

    Anderson Lizardo opdagede et problem i Bluetooth Human Interface Device - Protocol-stakken (HIDP). Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-0914 - -

    Emese Revfy opdagede et problem i signal-implementeringen. Lokale - brugere kunne måske omgå Address Space Layout Randomization-faciliteten - (ASLR), på grund af informationslækage til child-processer.

    • - -
  • CVE-2013-1767 - -

    Greg Thelen rapporterede et problem i det virtuelle hukommelsesfilsystem - tmpfs. Lokale brugere med tilstrækkelige rettigheder til at mount'e - filsystemer, kunne forårsage et lammelsesangreb eller muligvis få forøgede - rettigehder på grund af en fejl i forbindelse med anvendelse efter - frigivelse.

    • - -
  • CVE-2013-1773 - -

    Alan Stern leverede en rettelse af en fejl i faciliteten til - strengkonvertering mellem UTF8 og UTF16, som anvendes af VFAT-filsystemet. - En lokal bruger kunne forårsage en bufferoverløbstilstand, medførende et - lammelsesangreb eller potentielt forøgede rettigheder.

    • - -
  • CVE-2013-1774 - -

    Wolfgang Frisch leverede en rettelse af en fejl i forbindelse med en - NULL-pointer-dereference i driverne til nogle serielle USB-enheder fra - Inside Out Networks. Lokale brugere med rettigheder til at tilgå disse - enheder, kunne forårsage et lammelsesangreb (kerne-ups) ved at få udvirke - enhedens fjernelse mens den er i brug.

    • - -
  • CVE-2013-1792 - -

    Mateusz Guzik fra Red Hat EMEA GSS SEG Team opdagede en kapløbstilstand i - understøttelse af adgangsnøgle-retention i kernen. En lokal bruger kunne - forårsage et lammelsesangreb (NULL-pointer-dereference).

    • - -
  • CVE-2013-1796 - -

    Andrew Honig fra Google rapporterede om et problem i KVM-undersystemet. - En bruger i et gæstestyresystem, kunne gøre kernehukommelsen korrupt, - meførende et lammelsesangreb.

    • - -
  • CVE-2013-1798 - -

    Andrew Honig fra Google rapporterede om et problem i KVM-undersystemet. - En bruger i et gæstestyresystem, kunne forårsage et lammelsesangreb på - grund af en fejl i forbindelse med anvendelse efter frigivelse.

    • - -
  • CVE-2013-1826 - -

    Mathias Krause opdagede et problem i brugeropsætningsgrænsefladen - Transformation (XFRM) i netværksstakken. En bruger med - CAP_NET_ADMIN-muligheden kunne måske opnå forøgede rettigheder.

    • - -
  • CVE-2013-1860 - -

    Oliver Neukum opdagede et problem i driveren USB CDC WCM Device - Management. Lokale brugere med mulighed for at tilslutte enheder, kunne - forårsage et lammelsesangreb (kernenedbrud) eller potenielt opnå forøgede - rettigheder.

    • - -
  • CVE-2013-1928 - -

    Kees Cook leverende en rettelse af en informationslækage i ioctl'en - VIDEO_SET_SPU_PALETTE til 32 bit-applikationer, som kører på en - 64 bit-kerne. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-1929 - -

    Oded Horovitz og Brad Spengler rapporterede om et problem i - enhedsdriveren til Broadcom Tigon3-baseret gigabit-Ethernet. Brugere med - muligheden for at tilslutte enheder, som der ikke er tillid til, kunne - iværksætte en overløbstilstand, medførende et lammelsesangreb eller forøgede - rettigheder.

    • - -
  • CVE-2013-2015 - -

    Theodore Ts'o leverede en retttelse af at problem i ext4-filsystemet. - Lokale brugere med mulighed for at mount'e et særligt fremstillet filsystem, - kunne forårsage et lammelsesangreb (uendelig løkke).

    • - -
  • CVE-2013-2634 - -

    Mathias Krause opdagede nogle få problemer i netlinkgrænsefladen til Data - Center Bridging (DCB). Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3222 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af - Asynchronous Transfer Mode (ATM). Lokale brugere kunne få adgang til - følsom kernehukommelse.

    • - -
  • CVE-2013-3223 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af Amateur - Radio AX.25. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3224 - -

    Mathias Krause opdagede et problem i Bluetooth-undersystemet. Lokale - brugere kunne få adgang til følsom kernehukommelse.

    • - -
  • CVE-2013-3225 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af Bluetooth - RFCOMM. Lokale brugere kunne få adgang til følsom kernehukommelse.

    • - -
  • CVE-2013-3228 - -

    Mathias Krause opdagede et problem i understøttelsen af - IrDA-undersystemet (infrared). Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3229 - -

    Mathias Krause opdagede et problem i IUCV-understøttelsen på - s390-systemer. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3231 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af ANSI/IEEE - 802.2 LLC type 2. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3234 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af Amateur - Radio X.25 PLP (Rose). Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3235 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af - Transparent Inter Process Communication (TIPC). Lokale brugere kunne få - adgang til følsom kernehukommelse.

    • - -
- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -2.6.32-48squeeze3.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage nytte af opdateringen:

- -
- - - - - - - - - -
 Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+48squeeze3
-
- -

Vi anbefaler at du opgraderer dine linux- og user-mode-linux-pakker. - -

Bemærk: Debian holder omhyggeligt rede på alle kendte -sikkerhedsproblemer på tværs af alle linux-kerne-pakker i alle udgivelser med -aktiv sikkerhedsunderstøttelse. Men den store mængde sikkerhedsproblemer af lav -prioritet, der opdages i kernen og ressourcekravene til at foretage en -opdatering, taget i betragtning, vil problemer af lavere sikkerhedsprioritet -typisk ikke blive udgivet til alle kerner på samme tid. I stedet vil de blive -opsamlet og udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2668.data" diff --git a/danish/security/2013/dsa-2669.wml b/danish/security/2013/dsa-2669.wml deleted file mode 100644 index 1506a188974..00000000000 --- a/danish/security/2013/dsa-2669.wml +++ /dev/null @@ -1,162 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/lammelsesangreb/informationslækage - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kan føre til -lammelsesangreb (denial of service), informationslækage eller -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2013-0160 - -

    vladz rapporterede om en timinglækage i forbindelse med - /dev/ptmx-tegnenheden. En lokal bruger kunne udnytte det til at konstatere - følsomme oplysninger, så som længden på adgangskoder.

    • - -
  • CVE-2013-1796 - -

    Andrew Honig fra Google rapporterede om et problem i KVM-undersystemet. - En bruger i et gæstestyresystem kunne gøre kernehukommelse korrupt, - medførende et lammelsesangreb.

    • - -
  • CVE-2013-1929 - -

    Oded Horovitz og Brad Spengler rapporterede om et problem i - enhedsdriveren til Broadcom Tigon3-baseret gigabit-Ethernet. Brugere med - muligheden for at tilslutte enheder, som der ikke er tillid til, kunne - iværksætte en overløbstilstand, medførende et lammelsesangreb eller forøgede - rettigheder.

    • - -
  • CVE-2013-1979 - -

    Andy Lutomirski rapporterede om et problem i undersystemet til behandling - af kontrolmeddelelser på socket-niveau. Lokale brugere kunne måske få - forøgede rettigheder.

    • - -
  • CVE-2013-2015 - -

    Theodore Ts'o leverede en retttelse af at problem i ext4-filsystemet. - Lokale brugere med mulighed for at mount'e et særligt fremstillet filsystem, - kunne forårsage et lammelsesangreb (uendelig løkke).

    • - -
  • CVE-2013-2094 - -

    Tommie Rantala opdagede et problem i perf-undersystemet. En sårbarhed i - forbindelse med tilgang uden for grænserne, gjorde det muligt for lokale - brugere at opnå forøgede rettigheder.

    • - -
  • CVE-2013-3076 - -

    Mathias Krause opdagede et problem i brugerrumsgrænsefladen til - hash-algoritmer. Lokale brugere kunne opnå adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3231 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af ANSI/IEEE - 802.2 LLC type 2. Lokale brugere kunne opnå adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3222 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af - Asynchronous Transfer Mode (ATM). Lokale brugere kunne få adgang til - følsom kernehukommelse.

    • - -
  • CVE-2013-3223 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af Amateur - Radio AX.25. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3224 - -

    Mathias Krause opdagede et problem i Bluetooth-undersystemet. Lokale - brugere kunne få adgang til følsom kernehukommelse.

    • - -
  • CVE-2013-3225 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af Bluetooth - RFCOMM. Lokale brugere kunne få adgang til følsom kernehukommelse.

    • - -
  • CVE-2013-3227 - -

    Mathias Krause opdagede et problem i Communication CPU to Application CPU - Interface (CAIF). Lokale brugere kunne opnå adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3228 - -

    Mathias Krause opdagede et problem i understøttelsen af - IrDA-undersystemet (infrared). Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3229 - -

    Mathias Krause opdagede et problem i IUCV-understøttelsen på - s390-systemer. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3231 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af ANSI/IEEE - 802.2 LLC type 2. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3234 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af Amateur - Radio X.25 PLP (Rose). Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-3235 - -

    Mathias Krause opdagede et problem i protokolunderstøttelsen af - Transparent Inter Process Communication (TIPC). Lokale brugere kunne få - adgang til følsom kernehukommelse.

    • - -
  • CVE-2013-3301 - -

    Namhyung Kim rapporterede om et problem i tracing-undersystemet. En - priviligeret lokal bruger kunne forårsage et lammelsesangreb - (systemnedbrud). Sårbarheden rammer i standardopsætningen ikke - Debian-systemer.

    • - -
- -

I den stabile distribution (wheezy), er dette problem rettet i version -3.2.41-2+deb7u1. -

Bemærk: Pt. er der opdateringer tilgængelige til arkitekturene amd64, -i386, ia64, s390, s390x og sparc. Opdateringer til de resterende arkitekturer -vil blive frigivet efterhånden som de blive tilgængelige.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage nytte af opdateringen:

- -
- - - - - - - - - -
 Debian 7.0 (wheezy)
user-mode-linux3.2-2um-1+deb7u1
-
- -

Vi anbefaler at du opgraderer dine linux- og user-mode-linux-pakker. - -

Bemærk: Debian holder omhyggeligt rede på alle kendte -sikkerhedsproblemer på tværs af alle linux-kerne-pakker i alle udgivelser med -aktiv sikkerhedsunderstøttelse. Men den store mængde sikkerhedsproblemer af lav -prioritet, der opdages i kernen og ressourcekravene til at foretage en -opdatering, taget i betragtning, vil problemer af lavere sikkerhedsprioritet -typisk ikke blive udgivet til alle kerner på samme tid. I stedet vil de blive -opsamlet og udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2669.data" diff --git a/danish/security/2013/dsa-2670.wml b/danish/security/2013/dsa-2670.wml deleted file mode 100644 index 7c9c1eed3b4..00000000000 --- a/danish/security/2013/dsa-2670.wml +++ /dev/null @@ -1,80 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Request Tracker, et udvidbart -fejlsporingssystem. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2013-3368 - -

    Kommandolinjeværktøjet rt anvendte delvist forudsigelige midlertidige - filer. En ondsindet bruger kunne udnytte fejlen til at overskrive filer med - rettighederne hørende til brugeren, der benytter kommandolinjeværktøjet - rt.

    • - -
  • CVE-2013-3369 - -

    En ondsindet bruger, der har lov til at se administrative sider, kunne - køre vilkårlige Mason-komponenter (uden kontrol af parametrene), hvilket - måske kunne have negative bivirkninger.

    • - -
  • CVE-2013-3370 - -

    Request Tracker tillod direkte forespørgsler til private - callback-komponenter, hvilket kunne anvendes til at udnytte en Request - Tracker-udvidelse eller en lokal callback, som anvender modtagne parametre - på usikker vis.

    • - -
  • CVE-2013-3371 - -

    Request Tracker var sårbar over for udførelse af skripter på tværs af - websteder via vedhæftelsesfilnavne.

    • - -
  • CVE-2013-3372 - -

    Dominic Hargreaves opdagede at Request Tracker var sårbar over for en - HTTP-headerindsprøjtning, begrænset til værdien af headeren - Content-Disposition.

    • - -
  • CVE-2013-3373 - -

    Request Tracker var sårbar over for en MIME-headerindsprøjtning i - udgående mails genereret af Request Tracker.

    - -

    Request Trackers medfølgende skabeloner rettes af denne opdatering, men - eventuelt tilpassede mailskabeloner bør opdateres for at sikre, at værdier - der havner i mailheadere ikke indeholder linjeskift.

    • - -
  • CVE-2013-3374 - -

    Request Tracker er sårbar over for begrænset sessionsgenbrug, når man - anvender filbaseret sessionsopbevaring, Apache::Session::File. Dog benytter - Request Trackers standardsessionsopsætning kun Apache::Session::File, når - den er opsat til Oracle-databaser.

    • - -
- -

Denne version af Request Tracker indeholder en opdatering af databaseindhold. -Hvis man benytter en dbconfig-håndteret database, vil man få tilbudt muligheden -for at iværksætte det automatisk. Ellers kan man læse forklaringen i -/usr/share/doc/request-tracker3.8/NEWS.Debian.gz for de manuelle trin, der skal -udføres.

- -

Bemærk at hvis man kører request-tracker3.8 under webserveren Apache, skal -man starte og stoppe Apache manuelt. restart-mekanismen anbefales ikke, -særligt hvis man anvender mod_perl eller enhver form for persistente -Perl-processer så som FastCGI eller SpeedyCGI.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 3.8.8-7+squeeze7.

- -

Distributionerne stable, testing og unstable indeholder ikke længere -request-tracker3.8, som er blevet erstattet af request-tracker4.

- -

Vi anbefaler at du opgraderer dine request-tracker3.8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2670.data" diff --git a/danish/security/2013/dsa-2671.wml b/danish/security/2013/dsa-2671.wml deleted file mode 100644 index a745f9a5658..00000000000 --- a/danish/security/2013/dsa-2671.wml +++ /dev/null @@ -1,90 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Request Tracker, et udvidbart -fejlsporingssystem. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2012-4733 - -

    En bruger med ModifyTicket-rettigheder, kunne omgå - DeleteTicket-rettigheden eller enhver tilpasset lifecycle - transition-rettighed, og dermed ændre ticketdata uden - autorisation.

    • - -
  • CVE-2013-3368 - -

    Kommandolinjeværktøjet rt anvendte delvist forudsigelige midlertidige - filer. En ondsindet bruger kunne udnytte fejlen til at overskrive filer med - rettighederne hørende til brugeren, der benytter kommandolinjeværktøjet - rt.

    • - -
  • CVE-2013-3369 - -

    En ondsindet bruger, der har lov til at se administrative sider, kunne - køre vilkårlige Mason-komponenter (uden kontrol af parametrene), hvilket - måske kunne have negative bivirkninger.

    • - -
  • CVE-2013-3370 - -

    Request Tracker tillod direkte forespørgsler til private - callback-komponenter, hvilket kunne anvendes til at udnytte en Request - Tracker-udvidelse eller en lokal callback, som anvender modtagne parametre - på usikker vis.

    • - -
  • CVE-2013-3371 - -

    Request Tracker var sårbar over for udførelse af skripter på tværs af - websteder via vedhæftelsesfilnavne.

    • - -
  • CVE-2013-3372 - -

    Dominic Hargreaves opdagede at Request Tracker var sårbar over for en - HTTP-headerindsprøjtning, begrænset til værdien af headeren - Content-Disposition.

    • - -
  • CVE-2013-3373 - -

    Request Tracker var sårbar over for en MIME-headerindsprøjtning i - udgående mails genereret af Request Tracker.

    - -

    Request Trackers medfølgende skabeloner rettes af denne opdatering, men - eventuelt tilpassede mailskabeloner bør opdateres for at sikre, at værdier - der havner i mailheadere ikke indeholder linjeskift.

    • - -
  • CVE-2013-3374 - -

    Request Tracker er sårbar over for begrænset sessionsgenbrug, når man - anvender filbaseret sessionsopbevaring, Apache::Session::File. Dog benytter - Request Trackers standardsessionsopsætning kun Apache::Session::File, når - den er opsat til Oracle-databaser.

    • - -
- -

Denne version af Request Tracker indeholder en opdatering af databaseindhold. -Hvis man benytter en dbconfig-håndteret database, vil man få tilbudt muligheden -for at iværksætte det automatisk. Ellers kan man læse forklaringen i -/usr/share/doc/request-tracker3.8/NEWS.Debian.gz for de manuelle trin, der skal -udføres.

- -

Bemærk at hvis man kører request-tracker3.8 under webserveren Apache, skal -man starte og stoppe Apache manuelt. restart-mekanismen anbefales ikke, -særligt hvis man anvender mod_perl eller enhver form for persistente -Perl-processer så som FastCGI eller SpeedyCGI.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.0.7-5+deb7u2.

- -

I distributionen testing (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.0.12-2.

- -

Vi anbefaler at du opgraderer dine request-tracker4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2671.data" diff --git a/danish/security/2013/dsa-2672.wml b/danish/security/2013/dsa-2672.wml deleted file mode 100644 index 9cd1a1d6f34..00000000000 --- a/danish/security/2013/dsa-2672.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="91da8cc33a38cf6c2e183b1bee3391478a841034" mindelta="1" -fortolkningskonflikt - -

Adam Nowacki opdagede at den nye FreeBSD NFS-implementering behandler en -fabrikeret READDIR-forespørgsel, der instruerer om at et filsystem på en filnode -skal behandles, som var det en mappenode, hvilket førte til et kernenedbrud -eller potentielt udførelse af vilkårlig kode.

- -

Kernen kfreebsd-8 i den gamle stabile distribution (squeeze) aktiverer ikke -den nye NFS-implementering. Linux-kernen er ikke påvirket af sårbarheden.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -9.0-10+deb70.1.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), er -dette problem rettet i version 9.0-11.

- -

Vi anbefaler at du opgraderer dine kfreebsd-9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2672.data" diff --git a/danish/security/2013/dsa-2673.wml b/danish/security/2013/dsa-2673.wml deleted file mode 100644 index 59010d16320..00000000000 --- a/danish/security/2013/dsa-2673.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="598e72709cdfa45a2d0f0f83006540844e7b49f4" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -1:1.1.0-2+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1:1.1.2-1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:1.1.2-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine libdmx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2673.data" diff --git a/danish/security/2013/dsa-2674.wml b/danish/security/2013/dsa-2674.wml deleted file mode 100644 index fd6d3c19939..00000000000 --- a/danish/security/2013/dsa-2674.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 2:1.0.5-1+squeeze1.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -2:1.0.7-1+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2:1.0.7-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxv-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2674.data" diff --git a/danish/security/2013/dsa-2675.wml b/danish/security/2013/dsa-2675.wml deleted file mode 100644 index aecdb3151d8..00000000000 --- a/danish/security/2013/dsa-2675.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="d65f9f4840ece06f5d2f3ee29592013c5eff582b" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 2:1.0.5-1+squeeze2.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -2:1.0.7-1+deb7u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2:1.0.7-1+deb7u2.

- -

Vi anbefaler at du opgraderer dine libxvmc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2675.data" diff --git a/danish/security/2013/dsa-2676.wml b/danish/security/2013/dsa-2676.wml deleted file mode 100644 index 9fc8e1a97fa..00000000000 --- a/danish/security/2013/dsa-2676.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="598e72709cdfa45a2d0f0f83006540844e7b49f4" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -1:4.0.5-1+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1:5.0-4+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:5.0-4+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxfixes-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2676.data" diff --git a/danish/security/2013/dsa-2677.wml b/danish/security/2013/dsa-2677.wml deleted file mode 100644 index 38dcac06a0f..00000000000 --- a/danish/security/2013/dsa-2677.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -1:0.9.6-1+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1:0.9.7-1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:0.9.7-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxrender-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2677.data" diff --git a/danish/security/2013/dsa-2678.wml b/danish/security/2013/dsa-2678.wml deleted file mode 100644 index be3c9d66222..00000000000 --- a/danish/security/2013/dsa-2678.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -7.7.1-6.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -8.0.5-4+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -8.0.5-6.

- -

Vi anbefaler at du opgraderer dine mesa-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2678.data" diff --git a/danish/security/2013/dsa-2679.wml b/danish/security/2013/dsa-2679.wml deleted file mode 100644 index ec2fa86b5b3..00000000000 --- a/danish/security/2013/dsa-2679.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="1d6985bf96094953c358c04a8e6464b12b9d66ba" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -1:0.2.904+svn842-2+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1:0.2.906-2+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:0.2.906-2+deb7u1.

- -

Vi anbefaler at du opgraderer dine xserver-xorg-video-openchrome-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2679.data" diff --git a/danish/security/2013/dsa-2680.wml b/danish/security/2013/dsa-2680.wml deleted file mode 100644 index 73ed3520d47..00000000000 --- a/danish/security/2013/dsa-2680.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1:1.0.7-1+squeeze1.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -1:1.1.3-1+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1:1.1.3-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2680.data" diff --git a/danish/security/2013/dsa-2681.wml b/danish/security/2013/dsa-2681.wml deleted file mode 100644 index 7774a85b8ac..00000000000 --- a/danish/security/2013/dsa-2681.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -1:1.1.10-2+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1:1.1.13-1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:1.1.13-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxcursor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2681.data" diff --git a/danish/security/2013/dsa-2682.wml b/danish/security/2013/dsa-2682.wml deleted file mode 100644 index aa00b236224..00000000000 --- a/danish/security/2013/dsa-2682.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -2:1.1.2-1+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -2:1.3.1-2+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2:1.3.1-2+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxext-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2682.data" diff --git a/danish/security/2013/dsa-2683.wml b/danish/security/2013/dsa-2683.wml deleted file mode 100644 index 381b580adb3..00000000000 --- a/danish/security/2013/dsa-2683.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 2:1.3-8.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -2:1.6.1-1+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2:1.6.1-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxi-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2683.data" diff --git a/danish/security/2013/dsa-2684.wml b/danish/security/2013/dsa-2684.wml deleted file mode 100644 index 596c47a7134..00000000000 --- a/danish/security/2013/dsa-2684.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -2:1.3.0-3+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -2:1.3.2-2+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2:1.3.2-2+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxrandr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2684.data" diff --git a/danish/security/2013/dsa-2685.wml b/danish/security/2013/dsa-2685.wml deleted file mode 100644 index 119bd289125..00000000000 --- a/danish/security/2013/dsa-2685.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -1:1.0.0.xsf1-2+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1:1.0.1-2+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:1.0.1-2+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2685.data" diff --git a/danish/security/2013/dsa-2686.wml b/danish/security/2013/dsa-2686.wml deleted file mode 100644 index b068f8bd5f7..00000000000 --- a/danish/security/2013/dsa-2686.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -1.6-1+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1.8.1-2+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.8.1-2+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxcb-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2686.data" diff --git a/danish/security/2013/dsa-2687.wml b/danish/security/2013/dsa-2687.wml deleted file mode 100644 index 0baefec7583..00000000000 --- a/danish/security/2013/dsa-2687.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -2:1.0.2-1+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -2:1.0.4-1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2:1.0.4-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine libfs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2687.data" diff --git a/danish/security/2013/dsa-2688.wml b/danish/security/2013/dsa-2688.wml deleted file mode 100644 index 5fac27afc4f..00000000000 --- a/danish/security/2013/dsa-2688.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="598e72709cdfa45a2d0f0f83006540844e7b49f4" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -2:1.0.4-1+squeeze.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -2:1.0.6-1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2:1.0.6-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxres-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2688.data" diff --git a/danish/security/2013/dsa-2689.wml b/danish/security/2013/dsa-2689.wml deleted file mode 100644 index 27c1d8a9b78..00000000000 --- a/danish/security/2013/dsa-2689.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -2:1.1.0-3+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -2:1.2.1-1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2:1.2.1-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxtst-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2689.data" diff --git a/danish/security/2013/dsa-2690.wml b/danish/security/2013/dsa-2690.wml deleted file mode 100644 index b01681daaa9..00000000000 --- a/danish/security/2013/dsa-2690.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 2:1.1.1-2+squeeze1.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -2:1.1.3-2+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2:1.1.3-2+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxxf86dga-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2690.data" diff --git a/danish/security/2013/dsa-2691.wml b/danish/security/2013/dsa-2691.wml deleted file mode 100644 index 8e31e388181..00000000000 --- a/danish/security/2013/dsa-2691.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="1d6985bf96094953c358c04a8e6464b12b9d66ba" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -2:1.1-3+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -2:1.1.2-1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2:1.1.2-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxinerama-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2691.data" diff --git a/danish/security/2013/dsa-2692.wml b/danish/security/2013/dsa-2692.wml deleted file mode 100644 index 97cb3a0fcc5..00000000000 --- a/danish/security/2013/dsa-2692.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bf19873cfacaabd4a8e3d91f0c5d1ea44544743" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), vil dette problem snart blive -rettet som version 1:1.1.0-2+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1:1.1.2-1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1:1.1.2-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine libxxf86vm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2692.data" diff --git a/danish/security/2013/dsa-2693.wml b/danish/security/2013/dsa-2693.wml deleted file mode 100644 index bb9578ca234..00000000000 --- a/danish/security/2013/dsa-2693.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5b8f357029e297cc28872c6499817ee45278a2da" mindelta="1" -flere sårbarheder - -

Ilja van Sprundel fra IOActive opdagede sikkerhedsproblemer i flere -komponenter i X.org's grafikstak og relaterede biblioteker: Forskellige -heltalsoverløb, fortegnshåndteringsfejl ved heltalskonverteringer, -bufferoverløb, hukommelseskorruption og manglende fornuftighedskontrol af -inddata kunne føre til rettighedsforøgelse eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 2:1.3.3-4+squeeze1.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -2:1.5.0-1+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2:1.5.0-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine libx11-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2693.data" diff --git a/danish/security/2013/dsa-2694.wml b/danish/security/2013/dsa-2694.wml deleted file mode 100644 index 99a657bb953..00000000000 --- a/danish/security/2013/dsa-2694.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="0884187a671ab0defa1bf3d305b229daa21d404f" mindelta="1" -rettighedsforøgelse - -

En rettighedsforøgelsessårbarhed er fundet i SPIP, en webstedsmaskine til -udgivelse, hvilket gjorde det muligt for enhver at overtage kontrollen med -webstedet.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -2.1.1-3squeeze6.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -2.1.17-1+deb7u1.

- -

I distributionen testing (jessie), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1.22-1.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2694.data" diff --git a/danish/security/2013/dsa-2695.wml b/danish/security/2013/dsa-2695.wml deleted file mode 100644 index 7b51136c726..00000000000 --- a/danish/security/2013/dsa-2695.wml +++ /dev/null @@ -1,127 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere problemer - -

Flere sårbarheder er opdaget i webbrowseren Chromium. Flere sårbarheder i -forbindelse med anvendelse efter frigivelse, læsning uden for grænserne, -hukommelsessikkerhed og udførelse af skripter på tværs af websteder, blev -opdaget og rettet.

- -
    - -
  • CVE-2013-2837 - -

    En anvendelse efter frigivelse-sårbarhed i SVG-implementeringen, gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb (denial of - service) eller muligvis have anden ikke-angivet indvirkning via ukendte - angrebsvinkler.

    • - -
  • CVE-2013-2838 - -

    Google V8, som anvendes i Chromium før version 27.0.1453.93, gjorde det - muligt for fjernangribere at forårsage et lammelsesangreb (læsning uden for - grænserne) via ikke-angivne angrebsvinkler.

    • - -
  • CVE-2013-2839 - -

    Chromium før version 27.0.1453.93 udførte ikke på korrekt vis en cast of - en ikke-angivet variabel under håndtering af klippebordsdata, hvilket gjorde - det muligt for fjernangribere at forårsage et lammelsesangerb eller muligvis - have anden ikke-angivet indvirkning via ukendte angrebsvinkler.

    • - -
  • CVE-2013-2840 - -

    En anvendelse efter frigivelse-sårbarhed i Chromiums medieindlæser i - versioner før 27.0.1453.93, gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb eller muligvis have anden ikke-angivet - indvirkning via ukendte angrebsvinkler; det er en anden sårbarhed end - CVE-2013-2846.

    • - -
  • CVE-2013-2841 - -

    En anvendelse efter frigivelse-sårbarhed i Chromium før version - 27.0.1453.93, gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb eller muligvis have anden ikke-angivet indvirkning via - angrebsvinkler i forbindelse med håndtering af Pepper-ressourcer.

    • - -
  • CVE-2013-2842 - -

    En anvendelse efter frigivelse-sårbarhed i Chromium før version - 27.0.1453.93, gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb eller muligvis have anden ikke-angivet indvirkning via - angrebsvinkler i forbindelse med håndtering af widgets.

    • - -
  • CVE-2013-2843 - -

    En anvendelse efter frigivelse-sårbarhed i Chromium før version - 27.0.1453.93, gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb eller muligvis have anden ikke-angivet indvirkning via - angrebsvinkler i forbindelse med håndtering af taledata.

    • - -
  • CVE-2013-2844 - -

    En anvendelse efter frigivelse-sårbarhed i implementeringen af Cascading - Style Sheets (CSS) i Chromium før version 27.0.1453.93, gjorde det muligt - for fjernangribere at forårsage et lammelsesangreb eller muligvis have anden - ikke-angivet indvirkning via angrebsvinkler i forbindelse med - styleresolution.

    • - -
  • CVE-2013-2845 - -

    Implementeringen af Web Audio i Chromium før version 27.0.1453.93, gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb - (hukommelseskorruption) eller muligvis have anden ikke-angivet indvirkning - via ukendte angrebsvinkler.

    • - -
  • CVE-2013-2846 - -

    En anvendelse efter frigivelse-sårbarhed i mediaindlæseren i Chromium før - version 27.0.1453.93, gjordet det muligt for fjernangribere at forårsage et - lammelsesangreb eller muligvis have anden ikke-angivet indvirkning via - ukendte angrebsvinkler; det er en anden sårbarhed end - CVE-2013-2840.

    • - -
  • CVE-2013-2847 - -

    En kapløbstilstand i workers-implementeringen i Chromium før version - 27.0.1453.93, gjordet det muligt for fjernangribere at forårsage et - lammelsesangreb (anvendelse efter frigivelse eller applikationsnedbrud) - eller muligvis anden ikke-angivet indvirkning via ukendte - angrebsvinkler.

    • - -
  • CVE-2013-2848 - -

    XSS Auditor i Chromium før version 27.0.1453.93, gjorde det måske muligt - for fjernangribere at få fat i følsomme oplysninger via ikke-angivne - angrebsvinkler.

    • - -
  • CVE-2013-2849 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (XSS) i Chromium før version 27.0.1453.93, gjordet det muligt for - brugerhjulpne fjernangribere at indsprøjte vilkårligt webskript eller HTML - via angrebsvinkler med relation til (1) træk og slip- eller (2) kopier og - indsæt-handlinger.

    • - -
- -

I den gamle stabile distribution (squeeze), er tidsrummet med -sikkerhedsunderstøttelse af Chromium udløbet. Brugere af Chromium i den gamle -stabile distribution, opfordres derfor meget kraftigt til at opgradere til den -aktuelle stabile Debian-udgave (wheezy). Sikkerhedsunderstøttelse af Chromium -i wheezy fortsætter indtil den næste stabile udgave (jessie), som forventes en -gang i løbet af 2015.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -27.0.1453.93-1~deb7u1.

- -

I distributionen testing (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -27.0.1453.93-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2695.data" diff --git a/danish/security/2013/dsa-2696.wml b/danish/security/2013/dsa-2696.wml deleted file mode 100644 index bb0b398bb3b..00000000000 --- a/danish/security/2013/dsa-2696.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="fc8c9b419d532b5615b364c03c1d87ad72fb0066" mindelta="1" -rettighedsforøgelse - -

En sårbarhed er opdaget i Open Ticket Request System, og den kunne udnyttes -af ondsindede brugere til at afsløre potentielt følsomme oplysninger.

- -

En angriber med en gyldig login, kunne manipulere URL'er i mekanismen til -opsplitning af registreringer, med det formål at se registreringer, der ikke er -rettigheder til.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket af problemet.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -3.1.7+dfsg1-8+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i version -3.2.7-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.2.7-1.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2696.data" diff --git a/danish/security/2013/dsa-2697.wml b/danish/security/2013/dsa-2697.wml deleted file mode 100644 index b948a808b5a..00000000000 --- a/danish/security/2013/dsa-2697.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a0acabec6cdd1a7a7acb0fd1372e3096cedbb808" mindelta="1" -arraylæsning uden for grænserne - -

Man opdagede at en ondsindet klient kunne få en GNUTLS-server til at gå ned, -og omvendt, ved at sende TLS-poster krypteret med en blokcipher, der indeholder -ugyldig padding.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket, da den -sikkerhedsopdateringer som medførte sårbarheden, ikke blev udført dér.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -2.12.20-7.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.12.23-5.

- -

Vi anbefaler at du opgraderer dine gnutls26-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2697.data" diff --git a/danish/security/2013/dsa-2698.wml b/danish/security/2013/dsa-2698.wml deleted file mode 100644 index f66e35047a8..00000000000 --- a/danish/security/2013/dsa-2698.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -bufferoverløb - -

Flere problemer blev opdaget i TIFF-værktøjerne, et værktøjssæt til -manipulering og konvertering af TIFF-billedfiler.

- -
    - -
  • CVE-2013-1960 - -

    Emmanuel Bouillon opdagede et heapbaseret bufferoverløb i funktionen - tp_process_jpeg_strip i værktøjet tiff2pdf. Det kunen potentielt føre til - et nedbrud eller udførelse af vilkårlig kode.

    • - -
  • CVE-2013-1961 - -

    Emmanuel Bouillon opdagede mange stakbaserede bufferoverløb i - TIFF-værktøjerne. Problemerne kunne potentielt føre til et nedbrud eller - udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 3.9.4-5+squeeze9.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.0.2-6+deb7u1.

- -

I distributionen testing (jessie), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.0.2-6+nmu1.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2698.data" diff --git a/danish/security/2013/dsa-2699.wml b/danish/security/2013/dsa-2699.wml deleted file mode 100644 index 3d39771d90f..00000000000 --- a/danish/security/2013/dsa-2699.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="40ac58241472080b10f4e27c231c5d078930f2bc" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer er fundet i Iceweasel, Debians version af -webbrowseren Mozilla Firefox: Flere fejl i forbindelse med -hukommelsessikkerhed, manglende fornuftighedskontrol af inddata, anvendelse -efter frigivelse, bufferoverløb og andre programmeringsfejl kunne føre til -udførelse af vilkårlig kode, rettighedsforøgelse, informationslækager eller -udførelse af skripter på tværs af websteder.

- -

Vi ændrer på hvordan sikkerhedsopdateringer af Iceweasel, Icedove og Iceape -håndteres i stable-security: I stedet for at tilbageføre sikkerhedsrettelser, -leverer vi udgivelser baseret på forgreningen Extended Support Release. Dermed -introducerer denne opdatering pakker baseret på Firefox 17, og en gang i -fremtiden vil vi skifte til den næste ESR-forgrening, når ESR 17 ikke længere -understøttes.

- -

Nogle Xul-udvidelser, der i øjeblikket er pakket i Debians arkiv, er ikke -kompatbile med den nyere browsermotor. Opdaterede og kompatible versioner kan -hentes fra http://addons.mozilla.org, -som en kortsigtet løsning. Der arbejdes stadig på en løsning, der gør at -pakkede udvidelser forbliver kompatible med Mozillas udgivelser.

- -

Vi har ikke længere ressourcer til at tilbageføre sikkerhedsrettelser til -Iceweasel-udgaven i oldstable-security. Hvis du har evenerne og har lyst til -at hjælpe til, så kontakt team@security.debian.org på engelsk. Ellers vil vi -annoncere, at sikkerhedsunderstøttelsen af Iceweasel, Icedove og Iceape i -Squeeze ophører fra og med næste opdateringsrunde.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 17.0.6esr-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 17.0.6esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2699.data" diff --git a/danish/security/2013/dsa-2700.wml b/danish/security/2013/dsa-2700.wml deleted file mode 100644 index a73b3965ce5..00000000000 --- a/danish/security/2013/dsa-2700.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="430313f59ed8b7598bfc4ce2a4ac80e433ec952c" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i dissektorerne til GTPv2, ASN.1 BER, PPP CCP, -DCP ETSI, MPEG DSM-CC og Websocket, hvilket kunne medføre lammelsesangreb -(denial of service) eller udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.8.2-5wheezy3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.8.7-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2700.data" diff --git a/danish/security/2013/dsa-2701.wml b/danish/security/2013/dsa-2701.wml deleted file mode 100644 index a803b22e06c..00000000000 --- a/danish/security/2013/dsa-2701.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="c471d1bcf6117ca423467b96e04a19d1a6328d6d" mindelta="1" -lammelsesangreb - -

Man opdagede at kpasswd-servicen, der kører på UDP-port 464, kunne finde på -at svare på svarpakker, og dermed oprette en pakkeløkke og en -lammelsesangrebstilstand (denial of service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.8.3+dfsg-4squeeze7.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.10.1+dfsg-5+deb7u1.

- -

I distributionen testing (jessie), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.10.1+dfsg-6.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2701.data" diff --git a/danish/security/2013/dsa-2702.wml b/danish/security/2013/dsa-2702.wml deleted file mode 100644 index bb17bd5a937..00000000000 --- a/danish/security/2013/dsa-2702.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="ed43effc6df249a689fee1f7e63935bb1402972d" mindelta="1" -omgåelse af TLS-verifikation - -

Maksim Otstavnov opdagede at Wocky-undermodulet, som anvendes af -telepathy-gabble, Jabber/XMPP-forbindelsesmanageren til Telepathy-frameworket, -ikke respekterede flaget tls-required på gamle Jabber-servere. En -netværksmellemmand kunne anvende sårbarheden til at omgå TLS-verifikation og -udføre et manden i midten-angreb.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.9.15-1+squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.16.5-1+deb7u1.

- -

I distributionen testing (jessie) og i den ustabile distribution -(sid), er dette problem rettet i version 0.16.6-1.

- -

Vi anbefaler at du opgraderer dine telepathy-gabble-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2702.data" diff --git a/danish/security/2013/dsa-2703.wml b/danish/security/2013/dsa-2703.wml deleted file mode 100644 index d4ef0cb7a4d..00000000000 --- a/danish/security/2013/dsa-2703.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Subversion, et versionskontrolsystem. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2013-1968 - -

    Subversion-arkiver som benytter arkivdataopbevaringsformatet FSFS, kunne - blive gjort korreupte ved ny linje-tegn i filnavne. En fjernangriber med - en ondsindet klient, kunne udnytte fejlen til at afbryde tjensten for andre - brugere, som anvender arkivet.

    • - -
  • CVE-2013-2112 - -

    Subversions svnserve-serverproces kunne afbryde, når en indkommende - TCP-forbindelse blev lukket tidlig i forbindelsesprocessen. En - fjernangriber kunne forårsage afbrydelse af svnserve og dermed forhindre - brugere af tjensten i at benytte den.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.6.12dfsg-7.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.6.17dfsg-4+deb7u3.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine subversion-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2703.data" diff --git a/danish/security/2013/dsa-2704.wml b/danish/security/2013/dsa-2704.wml deleted file mode 100644 index 9014cdd3e24..00000000000 --- a/danish/security/2013/dsa-2704.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b6a7948fa22eb40076a6bfdcaad690461f19b7c5" mindelta="1" -tilgang uden for grænserne - -

Man opdagede at applikationer, der benytter mesa-biblioteket, en fri -implementering af OpenGL-API'et, kunne gå ned eller udføre vilkårlig kode, på -grund af en hukommelsestilgang uden for grænserne i biblioteket. Sårbarheden -påvirker kun systemer med Intel-chipset.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket at dette -problem.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 8.0.5-4+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 8.0.5-7.

- -

Vi anbefaler at du opgraderer dine mesa-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2704.data" diff --git a/danish/security/2013/dsa-2705.wml b/danish/security/2013/dsa-2705.wml deleted file mode 100644 index 4ba45dc052f..00000000000 --- a/danish/security/2013/dsa-2705.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="4b17fce2f34d0c9fdf3124ac47c4495f09e24e69" mindelta="1" -lammelsesangreb - -

Jibbers McGee opdagede at PyMongo, et højtydende, skemafrit -dokumentorienteret datastore, var ramt af en lammelsesangrebssårbarhed (denial -of service).

- -

En angriber kunne fjernudløse en NULL-pointerdereference, som forårsagede at -MongoDB gik ned.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket af dette -problem.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.2-4+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 2.5.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.5.2-1.

- -

Vi anbefaler at du opgraderer dine pymongo-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2705.data" diff --git a/danish/security/2013/dsa-2706.wml b/danish/security/2013/dsa-2706.wml deleted file mode 100644 index db69d4abbcb..00000000000 --- a/danish/security/2013/dsa-2706.wml +++ /dev/null @@ -1,92 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i webbrowseren Chromium.

- -
    - -
  • CVE-2013-2855 - -

    Developer Tools-API'et i Chromium før version 27.0.1453.110 gjorde det - muligt for fjernangribere at forårsage et lammelsesangreb (denial of - service: hukommelseskorruption) eller muligvis anden ikke-angivet - indvirkning via ukendte angrebsvinkler.

    • - -
  • CVE-2013-2856 - -

    En anvendelse efter frigivelse-sårbarhed i Chromium før version - 27.0.1453.110, gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb eller muligvis have anden indvirkning via angrebsvinkler i - forbindelse med håndtering af inddata.

    • - -
  • CVE-2013-2857 - -

    En anvendelse efter frigivelse-sårbarhed i Chromium før version - 27.0.1453.110, gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb eller muligvis have anden ikke-angivet indvirkning via - angrebsvinkler i forbindelse med håndtering af billeder.

    • - -
  • CVE-2013-2858 - -

    En anvendelse efter frigivelse-sårbarhed i implementeringen af HTML5 - Audio i Chromium før version 27.0.1453.110, gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb eller muligvis have - anden ikke-angivet indvirkning via ukendte angrebsvinkler.

    • - -
  • CVE-2013-2859 - -

    Chromium før version 27.0.1453.110, gjorde det muligt for fjernangribere - at omgå Same Origin Policy samt udløse navnerumsforurening via ikke-angivne - angrebsvinkler.

    • - -
  • CVE-2013-2860 - -

    En anvendelse efter frigivelse-sårbarhed i Chromium før version - 27.0.1453.110, gjorde det muligt for fjernangribere at forårsage et - lammelsesangreb eller muligvis have anden ikke-angivet indvirkning via - angrebsvinkler, der involverer adgang til et database-API gennem en - worker-proces.

    • - -
  • CVE-2013-2861 - -

    En anvendelse efter frigivelse-sårbarhed i SVG-implementeringen i - Chromium før version 27.0.1453.110, gjorde det muligt for fjernangribere at - forårsage et lammelsesangreb eller muligvis have anden ikke-angivet - indvirkning via ukendte angrebsvinkler.

    • - -
  • CVE-2013-2862 - -

    Skia, som anvendt i Chromium før version 27.0.1453.110, håndterer ikke på - korrekt via GPU-acceleration, hvilket gjorde det muligt for fjernangribere - at forårsage et lammelsesangreb (hukommelseskorrouption) eller muligvis have - anden ikke-angivet indvirkning via ukendte angrebsvinkler.

    • - -
  • CVE-2013-2863 - -

    Chromium før version 27.0.1453.110, håndterede ikke på korrekt vis - SSL-sockets, hvilket gjorde det muligt for fjernangribere at udføre - vilkårlig kode eller forårsage et lammelsesangreb (hukommelseskorruption) - via ikke-angivne angrebsvinkler.

    • - -
  • CVE-2013-2865 - -

    Flere ikke-angivne sårbarheder i Chromium før version 27.0.1453.110, - gjorde det muligt for angribere, at forårsage et lammelsesangreb eller - muligvis have anden indvirkning via ukendte angrebsvinkler.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 27.0.1453.110-1~deb7u1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 27.0.1453.110-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 27.0.1453.110-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2706.data" diff --git a/danish/security/2013/dsa-2707.wml b/danish/security/2013/dsa-2707.wml deleted file mode 100644 index 3602e07d031..00000000000 --- a/danish/security/2013/dsa-2707.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="c03395939e3b62d78f8901e729797bb2968ffb53" mindelta="1" -lammelsesangreb - -

Alexandru Cornea opdagede en sårbarhed i libdbus, forårsaget af en -implementeringsfejl i _dbus_printf_string_upper_bound(). Sårbarheden kunne -udnyttes af en lokal bruger til at få systemtjenster, der benytter libdbus, til -at gå ned, medførende et lammelsesangreb (denial of service). Afhængigt af de -kørende dbus-tjenester, kunne det medføre et totalt systemnedbrud.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket at dette -problem.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.6.8-1+deb7u1.

- -

For the distributionen testing (jessie), er dette problem rettet i -version 1.6.12-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.12-1.

- -

Vi anbefaler at du opgraderer dine dbus-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2707.data" diff --git a/danish/security/2013/dsa-2708.wml b/danish/security/2013/dsa-2708.wml deleted file mode 100644 index a6e7b9c773e..00000000000 --- a/danish/security/2013/dsa-2708.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="9e6b645e852098c13b36db79305fd74aad81fcd8" mindelta="1" -lammelsesangreb - -

Krzysztof Katowicz-Kowalewski opdagede en sårbarhed i Fail2ban, et program -til overvågning af logfiler og systemer, der kan reagere på angreb ved at -forhindre værter i at forbinde sig til angivne tjenster ved hjælp af den lokale -firewall.

- -

Ved anvendelse af Fail2ban til overvågning af Apache-logfiler, kunne ukorrekt -validering af inddata i logfortolkningen gøre det muligt for en fjernangriber at -udløse en IP-blokering af vilkårlige adresser og dermed forårsage et -lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.8.4-3+squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.8.6-3wheezy2.

- -

I distributionen testing (jessie), er dette problem rettet i -version 0.8.10-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.8.10-1.

- -

Vi anbefaler at du opgraderer dine fail2ban-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2708.data" diff --git a/danish/security/2013/dsa-2709.wml b/danish/security/2013/dsa-2709.wml deleted file mode 100644 index 7200b8277db..00000000000 --- a/danish/security/2013/dsa-2709.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="b860b4e43a35951b1ff10620a7226dce78ec28a3" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i dissektorerne til CAPWAP, GMR-1 BCCH, PPP, -NBAP, RDP, HTTP, DCP ETSI og i filfortolkeren Ixia IxVeriWave, hvilket kunne -medføre lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.8.2-5wheezy4.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2709.data" diff --git a/danish/security/2013/dsa-2710.wml b/danish/security/2013/dsa-2710.wml deleted file mode 100644 index e62e76aaa6c..00000000000 --- a/danish/security/2013/dsa-2710.wml +++ /dev/null @@ -1,51 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

James Forshaw fra Context Information Security opdagede flere sårbarheder i -xml-security-c, en implementering af XML Digital Security-specifikationen. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2013-2153 - -

    Implementeringen af XML Digital-signaturer i biblioteket Santuario-C++, - var sårbar over for et forfalskningsproblem (spoofing), som gjorde det - muligt for en angriber, at genbruge eksisterende siganturer med vilkårligt - indhold.

    • - -
  • CVE-2013-2154 - -

    Et stakoverløb, muligvis medførende udførelse af vilkårlig kode, blev - fundet i behandlingen af misdannede XPointer-udtryk i koden til behandling - af XML Signature Reference.

    • - -
  • CVE-2013-2155 - -

    En fejl i behandlingen af uddatalængden i en HMAC-baseret XML Signature, - medførte et lammelsesangreb (denial of service), når der blev behandlet - særligt valgte inddata.

    • - -
  • CVE-2013-2156 - -

    Et heapoverløb blev fundet i behandlingen af PrefixList-attributten, der - valgfrit benyttes i forbindelse med Exclusive Canonicalization, hvilket - potentielt gjorde det muligt at udføre vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.5.1-3+squeeze2.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.6.1-5+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.6.1-6.

- -

Vi anbefaler at du opgraderer dine xml-security-c-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2710.data" diff --git a/danish/security/2013/dsa-2711.wml b/danish/security/2013/dsa-2711.wml deleted file mode 100644 index e422cb133e5..00000000000 --- a/danish/security/2013/dsa-2711.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer blev fundet i HAProxy, en load-balancing, omvendt proxy:

- -
    - -
  • CVE-2012-2942 - -

    Bufferoverløb i headerfangstkoden.

    • - -
  • CVE-2013-1912 - -

    Bufferoverløb i HTTP-keepalivekoden.

    • - -
  • CVE-2013-2175 - -

    Lammelsesangreb (denial of service) i fortolkningen af - HTTP-headere.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.4.8-1+squeeze1.

- -

Den stabile distribution (wheezy) indeholder ikke haproxy.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.4.24-1.

- -

Vi anbefaler at du opgraderer dine haproxy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2711.data" diff --git a/danish/security/2013/dsa-2712.wml b/danish/security/2013/dsa-2712.wml deleted file mode 100644 index 1ecb63c0a58..00000000000 --- a/danish/security/2013/dsa-2712.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="31ea7670f4161d1b8bb616bcc692315f8863c8e9" mindelta="1" -rettighedsforøgelse - -

Man opdagede at brugere med en gyldig agentlogin, kunne anvende fabrikerede -URL'er til at omgå adgangskontrolbegrænsninger og dermed læse sager, som de ikke -burde have adgang til.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket at dette problem.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.1.7+dfsg1-8+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.2.8-1.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2712.data" diff --git a/danish/security/2013/dsa-2713.wml b/danish/security/2013/dsa-2713.wml deleted file mode 100644 index b4521af0fb8..00000000000 --- a/danish/security/2013/dsa-2713.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="777c4005911fa865791b525565d7396a78cd9c99" mindelta="1" -heapoverløb - -

Timo Sirainen opdagede at cURL, et URL-overførselsbibliotek, var sårbar over -for et heapoverløb på grund af dårlig kontrol af inddata i funktionen -curl_easy_unescape.

- -

Kommandolinjeværktøjet curl er ikke påvirket af dette problem, da det ikke -anvender funktionen curl_easy_unescape.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 7.21.0-2.1+squeeze4.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 7.26.0-1+wheezy3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.31.0-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2713.data" diff --git a/danish/security/2013/dsa-2714.wml b/danish/security/2013/dsa-2714.wml deleted file mode 100644 index ee029334a62..00000000000 --- a/danish/security/2013/dsa-2714.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="e16d172fd59ad74eccafd23efb87bcde82e9bbbd" mindelta="1" -programmeringsfejl - -

Konstantin Belousov og Alan Cox opdagede at utilstrækkelige -rettighedskontroller i hukommelseshåndteringen i FreeBSD-kernen, kunne føre til -rettighedsforøgelse.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 9.0-10+deb70.2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 9.0-12.

- -

Vi anbefaler at du opgraderer dine kfreebsd-9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2714.data" diff --git a/danish/security/2013/dsa-2715.wml b/danish/security/2013/dsa-2715.wml deleted file mode 100644 index cc74f8ac595..00000000000 --- a/danish/security/2013/dsa-2715.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="13c85e7cf74a28fc991efd1f3c3566336e871c46" mindelta="1" -udførelse af kode - -

Man opdagede at puppet, et system til centraliseret opsætningshåndtering, -ikke på korrekt vis håndterede YAML-payloads. En fjernangriber kunne anvende -en særligt fremstillet payload til at udføre vilkårlig kode på -puppet-masteren.

- -

I den gamle stabile distribution (squeeze), vil dette problem blive rettet i -version 2.6.2-5+squeeze8.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -2.7.18-5.

- -

I distributionen testing (jessie), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.2.2-1.

- -

Vi anbefaler at du opgraderer dine puppet-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2715.data" diff --git a/danish/security/2013/dsa-2716.wml b/danish/security/2013/dsa-2716.wml deleted file mode 100644 index 2c1a3a88526..00000000000 --- a/danish/security/2013/dsa-2716.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="5ed4b6f6ceb9a642e063362a1b6219a813b2e6aa" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer er fundet i Iceweasel, Debians version af -webbrowseren Mozilla Firefox: Flere fejl i forbindelse med -hukommelsessikkerhed, anvendelse efter frigivelse, manglende -rettighedskontroller, ukorrekt hukommelseshåndtering og andre -implementeringsfejl, kunne måske føre til udførelse af vilkårlig kode, -rettighedsforøgelse, informationsafsløring eller forespørgselsforfalskning på -tværs af websteder.

- -

Iceweasel-versionen i den gamle stabile distribution (squeeze), er ikke -længere understøttet med sikkerhedsopdateringer.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 17.0.7esr-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 17.0.7esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2716.data" diff --git a/danish/security/2013/dsa-2717.wml b/danish/security/2013/dsa-2717.wml deleted file mode 100644 index 25fc9b14fcf..00000000000 --- a/danish/security/2013/dsa-2717.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -heapoverløb - -

Jon Erickson fra iSIGHT Partners Labs opdagede et heapoverløb i -xml-security-c, en implementering af XML Digital Security-specifikationen. -Retten der løser -\ -CVE-2013-2154, indførte mulighed for et heapoverløb i behandlingen af -misdannede XPointer-udtryk i behandlingskoden vedrørende XML Signature -Reference, muligvis førende til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.5.1-3+squeeze3.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.6.1-5+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.1-7.

- -

Vi anbefaler at du opgraderer dine xml-security-c-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2717.data" diff --git a/danish/security/2013/dsa-2718.wml b/danish/security/2013/dsa-2718.wml deleted file mode 100644 index 3631a5aac55..00000000000 --- a/danish/security/2013/dsa-2718.wml +++ /dev/null @@ -1,84 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i WordPress, et værktøj til webblogging. Da -CVE'erne blev registreret ud fra udgivelsesannonceringer og de specifikke -rettelser almindeligvis ikke identificeres, har man besluttet at opgradere -wordpress-pakken til den seneste opstrømsversion, i stedet for at tilbageføre -rettelserne.

- -

Det betyder at man skal være ekstra omhyggelig ved opgradering, særligt ved -anvendelse af tredjepartsplugins- eller tema, da kompabiliteten kan være blevet -påvirket, som tiden er gået. Vi anbefaler at brugere kontrollerer deres -installation, før opgraderingen udføres.

- -
    - -
  • CVE-2013-2173 - -

    Et lammelsesangreb (denial of service) blev fundet i den måde, hvorpå - WordPress udfører hashberegninger, når adgangskoder til beskyttede indlæg - kontrolleres. En angriber, der leverer omhyggeligt fabrikerede inddata som - en adgangskode, kunne få platformen til at bruge alt for mange - CPU-ressourcer.

    • - -
  • CVE-2013-2199 - -

    Flere sårbarheder i forbindelse med forespørgselsforfalskninger på - serversiden (SSRF), blev fundet i HTTP-API'et. Det er relateret til - \ - CVE-2013-0235, der specifikt vedrørte SSRF i pingback-forespørgsler og - som blev rettet i version 3.5.1.

    • - -
  • CVE-2013-2200 - -

    Utilstrækkelig kontrol af en brugers muligheder, kunne føre til en - rettighedsforøgelse, hvilket medførte at vedkommende kunne udgive indlæg, - når brugerrollen ellers ikke tillader det, samt tildele indlæg til andre - brugere.

    • - -
  • CVE-2013-2201 - -

    Flere sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder (XSS), på grund af dårligt indkapslede inddata, blev fundet i - mediefilerne og pluginuploadformularerne.

    • - -
  • CVE-2013-2202 - -

    Sårbarhed i forbindelse med XML External Entity Injection (XXE) via - oEmbed-svar.

    • - -
  • CVE-2013-2203 - -

    En komplet sti-afsløring (FPD) blev fundet i filuploadmekanismen. - Hvis uploadmappen ikke var skrivbar, indeholdt fejlbeskeden den komplette - sti til mappen.

    • - -
  • CVE-2013-2204 - -

    Indholdsforfalskning via Flash-applet i den indlejrede - tinyMCE-medieplugin.

    • - -
  • CVE-2013-2205 - -

    XSS på tværs af domæner i den indlejrede SWFupload-uploader.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 3.5.2+dfsg-1~deb6u1.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.5.2+dfsg-1~deb7u1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 3.5.2+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.5.2+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2718.data" diff --git a/danish/security/2013/dsa-2719.wml b/danish/security/2013/dsa-2719.wml deleted file mode 100644 index a50c0914632..00000000000 --- a/danish/security/2013/dsa-2719.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i PDF-renderingbiblioteket poppler.

- -
    - -
  • CVE-2013-1788 - -

    Flere problemer med tilgang til ugyldig hukommelse, som potentielt kunne - føre til udførelse af vilkårlig kode, hvis brugeren blev narret til at åbne - et misdannet PDF-dokument.

    • - -
  • CVE-2013-1790 - -

    Et problem med uinitialiseret hukommelse, der potentielt kunne føre til - udførelse af vilkårlig kode, hvis brugeren blev narret til at åbne et - misdannet PDF-dokument.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 0.12.4-1.2+squeeze3.

- -

I distributionerne stable (wheezy), testing (jessie) og unstable (sid), er -disse problemer rettet i version 0.18.4-6.

- -

Vi anbefaler at du opgraderer dine poppler-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2719.data" diff --git a/danish/security/2013/dsa-2720.wml b/danish/security/2013/dsa-2720.wml deleted file mode 100644 index 682338af1e3..00000000000 --- a/danish/security/2013/dsa-2720.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="f87d86ac3b2541a4c2f36bb0b57f9774005f9f4f" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer blev fundet i Icedove, Debians version af mail- og -newsklienten Mozilla Thunderbird. Flere hukommelsessikkerhedsfejl, sårbarheder -i forbindelse med anvendelse efter frigivelse, manglende rettighedskontroller, -ukorrekt hukommelseshåndtering og andre implementeringsfejl, kunne føre til -udførelse af vilkårlig kode, rettighedsforøgelse, informationsafsløring eller -forespørgselsforfalskning på tværs af websteder.

- -

Som allerede annonceret angående Iceweasel: Vi ændrer fremgangsmåden -vedrørende sikkerhedsopdateringer til Icedove i stable-security. I stedet for -at tilbageføre sikkerhedsrettelse, leverer vi nu en udgave baseret på -forgreningen Extended Support Release. Dermed introducerer denne opdatering -pakker baseret på Thunderbird 17, og på et tidspunkt i fremtiden vil vi skifte -til den næste ESR-forgrening, når ESR 17 en gang udgår.

- -

Nogle Icedove-udvidelser, som i øjeblikket er pakket i Debians arkiv, er ikke -kompatible med den nye browsermotor. Ajourførte og kompatible versioner kan -hentes fra http://addons.mozilla.org, -som en midlertidig løsning.

- -

En opdateret og kompatibel version af Enigmail er indeholdt i denne -opdatering.

- -

Icedove-versionen i den gamle stabile distribution (squeeze), er ikke længere -understøttet med komplette sikkerhedsopdateringer. Men man bør bemærke, at -næsten alle sikkerhedsproblemer i Icedove stammer fra den medfølgende -browsermotor. De sikkerhedsproblemer påvirker kun Icedove, hvis scipting og -HTML er aktiveret i mails. Hvis der er sikkerhedsproblemer, som er specifikt -vedrørende Icedove (fx et hypotetisk bufferoverløb i IMAP-implementeringen), -vil vi bestræbe os på at tilbageføre sådanne rettelser til oldstable.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 17.0.7-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 17.0.7-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2720.data" diff --git a/danish/security/2013/dsa-2721.wml b/danish/security/2013/dsa-2721.wml deleted file mode 100644 index 067abfc7620..00000000000 --- a/danish/security/2013/dsa-2721.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="4ce78ac30674d4d2cfcb069573f538f49beb964e" mindelta="1" -bufferoverløb - -

Et bufferoverløb er opdaget i nginx, en lille ydedygtig, skalerbar -web-/proxyserver, når der behandles visse chunked -overførselsencodingforespørgsler, hvis proxy_pass benyttes ved -opstrøms-HTTP-servere, som der ikke er tillid til. En angriber kunne udnytte -fejlen til at udføre et lammelsesangreb (denial of service), afsløre -arbejderprocessers hukommelse eller muligvis udføre vilkårlig kode.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket af dette -problem.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.1-2.2+wheezy1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.1-1.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2721.data" diff --git a/danish/security/2013/dsa-2722.wml b/danish/security/2013/dsa-2722.wml deleted file mode 100644 index b4037d92d3b..00000000000 --- a/danish/security/2013/dsa-2722.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="58bb5942e6ae50ed9f7409b101aa9879aebefe6f" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i OpenJDK, en implementering af Oracle -Java-platformen, medførende udførelse af vilkårlig kode, udbrud fra -Java-sandkassen, informationsafsløring og lammelsesangreb.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -7u25-2.3.10-1~deb7u1. Desuden var det nødvendigt at opdatere icedtea-web til -version 1.4-3~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7u25-2.3.10-1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2722.data" diff --git a/danish/security/2013/dsa-2723.wml b/danish/security/2013/dsa-2723.wml deleted file mode 100644 index b1bc8756045..00000000000 --- a/danish/security/2013/dsa-2723.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="d6d1daa0bc10da649e0a1966f5a561e21300e5e9" mindelta="1" -heapkorruption - -

Man opdagede at PHP kunne udføre en ugyldig frigivelsesforespørgsel, når der -blev behandlet fabrikerede XML-dokumenter, hvilket gjorde heap korrupt og -potentielt kunne føre til udførelse af vilkårlig kode. Afhængigt af -PHP-applikationen, kunne sårbarheden fjernudnyttes.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 5.3.3-7+squeeze16.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.4.4-14+deb7u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.5.0+dfsg-15.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2723.data" diff --git a/danish/security/2013/dsa-2724.wml b/danish/security/2013/dsa-2724.wml deleted file mode 100644 index 9700027a9b4..00000000000 --- a/danish/security/2013/dsa-2724.wml +++ /dev/null @@ -1,85 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i webbrowseren Chromium.

- -
    - -
  • CVE-2013-2853 - -

    Implementeringen af HTTPS sikrede ikke, at headerne afsluttes med \r\n\r\n - (vognretur, nylinje, vognretur, nylinje).

    • - -
  • CVE-2013-2867 - -

    Chrome forhindrede ikke på korrekt vis pop-under-vinduer.

    • - -
  • CVE-2013-2868 - -

    common/extensions/sync_helper.cc fortsætter med synkroniseringshandlinger - i NPAPI-udvidelser, uden at kontrollere opsætningen af en bestemt - plugintilladelse.

    • - -
  • CVE-2013-2869 - -

    Lammelsesangreb (læsning uden for grænserne) via et fabrikeret - JPEG2000-billede.

    • - -
  • CVE-2013-2870 - -

    Anvendelse efter frigivelse-sårbarhed i netværkssockets.

    • - -
  • CVE-2013-2871 - -

    Anvendelse efter frigivelse-sårbarhed i håndtering af inddata.

    • - -
  • CVE-2013-2873 - -

    Anvendelse efter frigivelse-sårbarhed i indlæsning af - ressourcer.

    • - -
  • CVE-2013-2875 - -

    Læsning uden for grænserne i håndtering af SVG-filer.

    • - -
  • CVE-2013-2876 - -

    Chromium håndhæver ikke på korrekt vis begræsninger på udvidelsers - optagelse af screenshots, hvilket kunne føre til informationsafsløring af - tidligere sidebesøg.

    • - -
  • CVE-2013-2877 - -

    Læsning uden for grænserne i håndteringen af XML-filer.

    • - -
  • CVE-2013-2878 - -

    Læsning uden for grænserne i håndtering af tekst.

    • - -
  • CVE-2013-2879 - -

    Omstændighederne under hvilke en renderingsproces kan betragtes som en - proces, der er tillid til vedrørende sign-in og efterfølgende - synkroniseringshandlinger, blev ikke kontrolleret korrekt.

    • - -
  • CVE-2013-2880 - -

    Udviklingsholdet bag Chromium 28, fandt forskellige problemer i - forbindelse med intern fuzzing, audit og andre gennemgange.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 28.0.1500.71-1~deb7u1.

- -

I distributionen testing (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 28.0.1500.71-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2724.data" diff --git a/danish/security/2013/dsa-2725.wml b/danish/security/2013/dsa-2725.wml deleted file mode 100644 index 251baff94c4..00000000000 --- a/danish/security/2013/dsa-2725.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sikkerhedsproblemer er fundet i servlet'en Tomcat og JSP-motoren:

- -
    - -
  • CVE-2012-3544 - -

    Inddatafilteret til chunked transfer-indkapslinger, kunne udløse - et højt ressourceforbrug gennem misdannede CRLF-sekvenser, medførende et - lammelsesangreb (denial of service).

    • - -
  • CVE-2013-2067 - -

    Modulet FormAuthenticator var sårbart over for - sessionsfiksering.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 6.0.35-1+squeeze3. Opdateringen indeholder også rettelser af -CVE-2012-2733, -CVE-2012-3546, -CVE-2012-4431, -CVE-2012-4534, -CVE-2012-5885, -CVE-2012-5886 og -CVE-2012-5887, -som allerede er rettet i den stabile udgave.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 6.0.35-6+deb7u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine tomcat6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2725.data" diff --git a/danish/security/2013/dsa-2726.wml b/danish/security/2013/dsa-2726.wml deleted file mode 100644 index b256f30458d..00000000000 --- a/danish/security/2013/dsa-2726.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="7d70ccd4e40fd43e308b858256ab75d0c7fe6165" mindelta="1" -bufferoverløb - -

Et bufferoverløb blev fundet i Radius-udvidelsen til PHP. Funktionen, der -håndterer Vendor Specific Attributes forudsatte at de givne attributter altid -ville have en gyldig længde. En angriber kunne anvende forudsætningen til at -udløse et bufferoverløb.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.2.5-2+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.5-2.3+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2.5-2.4.

- -

Vi anbefaler at du opgraderer dine php-radius-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2726.data" diff --git a/danish/security/2013/dsa-2727.wml b/danish/security/2013/dsa-2727.wml deleted file mode 100644 index 71d15dcf593..00000000000 --- a/danish/security/2013/dsa-2727.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="0e0422a7766808e5f94538fd9d0ee82b77257ba7" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i OpenJDK, en implementering af Oracle -Java-platformen; de medførte udførelse af vilkårlig kode, udbrud fra -Java-sandkassen, informationsafsløring og lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 6b27-1.12.6-1~deb6u1.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 6b27-1.12.6-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 6b27-1.12.6-1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2727.data" diff --git a/danish/security/2013/dsa-2728.wml b/danish/security/2013/dsa-2728.wml deleted file mode 100644 index 8d70ffa6a8a..00000000000 --- a/danish/security/2013/dsa-2728.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="fae708b249723001636f8ac7412e8dd65f5e580f" mindelta="1" -lammelsesangreb - -

Maxim Shudrak og HP Zero Day Initiative rapporterede om en -lammelsesangrebssårbarhed (denial of service) i BIND, en DNS-server. En særligt -fremstillet forespørgsel, indeholdende misdannede rdata, kunne medføre at at -named-dæmonen gik ned med en assertion-fejl, når den misdannede forespørgsel -blev afvist.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1:9.7.3.dfsg-1~squeeze11.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1:9.8.4.dfsg.P1-6+nmu2+deb7u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2728.data" diff --git a/danish/security/2013/dsa-2729.wml b/danish/security/2013/dsa-2729.wml deleted file mode 100644 index fb20098e664..00000000000 --- a/danish/security/2013/dsa-2729.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="3d74fbe35803c7c96c63c8f6d6489d6a6d75bf10" mindelta="1" -flere sårbarheder - -

OpenAFS, implementeringen af det distributerede filsystem AFS, er blevet -opdateret til ikke længere at anvende DES til kryptering af tickets. Yderligere -migreringstrin er nødvendige, for at tage opdateringen i brug. For flere -oplysninger, læs opstrømsudviklerings bulletin: -\ -OPENAFS-SA-2013-003

- -

Desuden blev valgmuligheden encrypt i vos-værktøjet rettet.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.4.12.1+dfsg-4+squeeze2.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.6.1-3+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.6.5-1.

- -

Vi anbefaler at du opgraderer dine openafs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2729.data" diff --git a/danish/security/2013/dsa-2730.wml b/danish/security/2013/dsa-2730.wml deleted file mode 100644 index 1b263c0cf0c..00000000000 --- a/danish/security/2013/dsa-2730.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="6cab84c6e31afa18e9223c57ca2ec248f88267d4" mindelta="1" -informationslækage - -

Yarom og Falkner opdagede, at hemmelige RSA-nøgler kunne lækkes via et -sidekanalangreb, hvor en ondsindet lokal bruger kunne få adgang til private -nøgleoplysninger fra en anden bruger på systemet.

- -

Opdateringen retter problemet i GnuPG's 1.4-serie. GnuPG 2.x er påvirket via -anvendelsen af biblioteket libgcrypt11, til hvilken en rettelse vil blive -udgivet i DSA 2731.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.4.10-4+squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4.12-7+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.14-1.

- -

Vi anbefaler at du opgraderer dine gnupg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2730.data" diff --git a/danish/security/2013/dsa-2731.wml b/danish/security/2013/dsa-2731.wml deleted file mode 100644 index 05d99688710..00000000000 --- a/danish/security/2013/dsa-2731.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="14db61b81cc4b11338ac03d4bed3f74b4bd384a6" mindelta="1" -informationslækage - -

Yarom og Falkner opdagede, at hemmelige RSA-nøgler i applikationer, som -benytter biblioteket libgcrypt11, eksempelvis GnuPG 2.x, kunne lækkes via et -sidekanalangreb, hvor en onsindet lokal bruger kunne få adgang til private -nøgleoplysninger fra en anden bruger på systemet.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.4.5-2+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.5.0-5+deb7u1.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), -er dette problem rettet i version 1.5.3-1.

- -

Vi anbefaler at du opgraderer dine libgcrypt11-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2731.data" diff --git a/danish/security/2013/dsa-2732.wml b/danish/security/2013/dsa-2732.wml deleted file mode 100644 index ff55371c735..00000000000 --- a/danish/security/2013/dsa-2732.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i webbrowseren Chromium.

- -
    - -
  • CVE-2013-2881 - -

    Karthik Bhargavan opdagede en måde, at omgå Same Origin Policy på i - frame-håndteringen.

    • - -
  • CVE-2013-2882 - -

    Cloudfuzzer opdagede et typeforvirringsproblem i - V8-javascriptbiblioteket.

    • - -
  • CVE-2013-2883 - -

    Cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - MutationObserver.

    • - -
  • CVE-2013-2884 - -

    Ivan Fratric fra Google Security Team opdagede et problem med anvendelse - efter frigivelse i DOM-implementeringen.

    • - -
  • CVE-2013-2885 - -

    Ivan Fratric fra Google Security Team opdagede et problem med anvendelse - efter frigivelse i håndteringen af inddata.

    • - -
  • CVE-2013-2886 - -

    Udviklingsholdet bag Chrome 28, fandt forskellige problemer i forbindelse - med intern fuzzing, audits og andre gennemgange.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 28.0.1500.95-1~deb7u1.

- -

I distributionen testing (jessie), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 28.0.1500.95-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2732.data" diff --git a/danish/security/2013/dsa-2733.wml b/danish/security/2013/dsa-2733.wml deleted file mode 100644 index aec842fbdf1..00000000000 --- a/danish/security/2013/dsa-2733.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -SQL-indsprøjtning - -

Man opdagede at otrs2, Open Ticket Request System, ikke på korrekt vis -fornuftighedskontrollerede brugerleverede inddata, som anvendes i -SQL-forespørgsler. En angriber med en gyldig login til systemet, kunne udnytte -problemet til at fabrikere SQL-forespørgsler, ved at indsprøjte vilkårlig -SQL-kode gennem manipulerede URL'er.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -2.4.9+dfsg1-3+squeeze4. Opdateringen indeholder også rettelser af -CVE-2012-4751, -CVE-2013-2625 og -CVE-2013-4088, -som alle allerede er rettet i den stabile udgave.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.1.7+dfsg1-8+deb7u3.

- -

I distributionen testing (jessie), er dette problem rettet i -version 3.2.9-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.2.9-1.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2733.data" diff --git a/danish/security/2013/dsa-2734.wml b/danish/security/2013/dsa-2734.wml deleted file mode 100644 index 50ef9743d89..00000000000 --- a/danish/security/2013/dsa-2734.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="338e19b4295c749ce14b11b43f3e6a9ba0889fb6" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i dissektorerne til DVB-CI, GSM A Common og -ASN.1 PER, samt i Netmon-filfortolkeren.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.2.11-6+squeeze11.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.8.2-5wheezy5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.10.1-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2734.data" diff --git a/danish/security/2013/dsa-2735.wml b/danish/security/2013/dsa-2735.wml deleted file mode 100644 index 1bd10ccb1af..00000000000 --- a/danish/security/2013/dsa-2735.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="9ef467b1d0578998feb38afd582922882ec592c2" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer blev fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Flere hukommelsessikkerhedsfejl, manglende -rettighedskontroller og andre implementeringsfejl kunne føre til udførelse af -vilkårlig kode, udførelse af skripter på tværs af websteder, -rettighedsforøgelse, omgåelse af samme ophav-reglen og installering af -ondsindede udvidelser.

- -

Iceweasel-udgaven i den gamle stabile distribution (squeeze) understøttes -ikke længere med sikkerhedsopdateringer.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 17.0.8esr-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 17.0.8esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2735.data" diff --git a/danish/security/2013/dsa-2736.wml b/danish/security/2013/dsa-2736.wml deleted file mode 100644 index 6aaea3b7e72..00000000000 --- a/danish/security/2013/dsa-2736.wml +++ /dev/null @@ -1,64 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i PuTTY, en telnet-/SSH-klient til X. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2013-4206 - -

    Mark Wooding opdagede en underløbsfejl i forbindelse med heapkorruption i - funktionen modmul, som udfører modulær multiplikation. Da modmul-funktionen - kaldes under validering af en DSA-signatur modtaget af PuTTY, herunder den - indledende nøgleudvekslingsfase, kunne en ondsindet server udnytte - sårbarheden før klienten havde modtaget og verificeret værtsnøglen. Et - angreb ved hjælp af sårbarheden, kunne dermed udføres af en manden i midten, - mellem SSH-klienten og -serveren, og de normale værtsnøglebeskyttelser af - manden i midten-angreb derved omgået.

    • - -
  • CVE-2013-4207 - -

    Man opdagede at ikke-coprime værdier i DSA-signaturer kunne forårsage et - bufferoverløb i beregningskoden af modulære inverses, når en DSA-signatur - blev verificeret. Sådan en signatur er ugyldig. Fejlen gælder dog enhver - DSA-signatur modtaget af PuTTY, blandt andet under fasen med den indledende - nøgleudveksling, og dermed kunne fejlen udnyttes af en ondsindet server før - klienten havde modtaget og verificeret værtsnøglesignaturen.

    • - -
  • CVE-2013-4208 - -

    Man opdagede at private nøgler blev efterladt i hukommelsen, efter de - havde været benyttet af PuTTY-værktøjer.

    • - -
  • CVE-2013-4852 - -

    Gergely Eberhardt fra SEARCH-LAB Ltd., opdagede at PuTTY var sårbar over - for et heltalsoverløb, førende til heapoverløb under SSH-håndtrykket, før - autentificering, på grund af ukorrekte grænsekontroller af længdeparametre - modtaget fra SSH-serveren. En fjernangriber kunne udnytte sårbarheden til - at iværksætte et lokalt lammelsesangreb (denial of service), ved at få - putty-klienten til at gå ned.

    • - -
- -

Desuden tilbageimplementeres med denne opdatering nogle generelle proaktive, -potentielt sikkerhedsreleveante stramninger fra opstrøm.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 0.60+2010-02-20-1+squeeze2. Opdateringen indeholder også en rettelse af -\ -CVE-2011-4607, som allerede er rettet i den stabile udgave.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.62-9+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.63-1.

- -

Vi anbefaler at du opgraderer dine putty-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2736.data" diff --git a/danish/security/2013/dsa-2737.wml b/danish/security/2013/dsa-2737.wml deleted file mode 100644 index 348bbbb88f9..00000000000 --- a/danish/security/2013/dsa-2737.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Swift, Openstacks objektopbevaring. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2013-2161 - -

    Alex Gaynor fra Rackspace rapporterede om en sårbarhed i XML-håndteringen - i Swift-kontoservere. Kontostrenge blev unescaped i xml-lister, og en - angriber kunne potentielt generere ufortolkbare eller vilkårlige XML-svar, - der måske kunne anvendes som en løftestang til andre sårbarheder i den - kaldende software.

    • - -
  • CVE-2013-4155 - -

    Peter Portante fra Red Hat, rapporterede om en sårbarhed i Swift. Ved - at udsende forespørgsler med en gammel X-Timestamp-værdi, kunne en - autentificeret angriber fylde en objektserver med overflødige - objektgravsten, hvilket i afgørende grad sløve efterfølgende - forespørgsler til den pågældende server ned, dermed udførende et - lammelsesangreb (denial of service) mod Swift-klynger.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.4.8-2+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.8.0-6.

- -

Vi anbefaler at du opgraderer dine swift-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2737.data" diff --git a/danish/security/2013/dsa-2738.wml b/danish/security/2013/dsa-2738.wml deleted file mode 100644 index 31f80089e27..00000000000 --- a/danish/security/2013/dsa-2738.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i fortolken til sproget Ruby, hvilket kunne føre -til lammelsesangreb (denial of service) og andre sikkerhedsproblemer. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2013-1821 - -

    Ben Murphy opdagede at ubegrænset entitetsudvidelse i REXML, kunne føre - til et lammelsesangreb, ved at opbruge al værtsmaskinens - hukommelse.

    • - -
  • CVE-2013-4073 - -

    William (B.J.) Snow Orvis opdagede en sårbarhar i værtsnavnkontrollen i - Rubys SSL-klient, hvilket kunne gøre det muligt for manden i - midten-angrebere, at forfalske SSL-servere ved hjælp af et gyldigt - certifikat udstedt af en certificeringsmyndighed, der er tillid - til.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.9.2.0-2+deb6u1.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.9.3.194-8.1+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.3.194-8.2.

- -

Vi anbefaler at du opgraderer dine ruby1.9.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2738.data" diff --git a/danish/security/2013/dsa-2739.wml b/danish/security/2013/dsa-2739.wml deleted file mode 100644 index 0e354cefb71..00000000000 --- a/danish/security/2013/dsa-2739.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="438c4dd992dbc3e81ec2ee12a7eaf908bf42edfd" mindelta="1" -flere sårbarheder - -

To sikkerhedsproblemer (SQL-indsprøjtning og kommandolinjeindsprøjtning -gennem SNMP-indstillinger) blev fundet i Cacti, en webgrænseflade til -grafisk afbildning af overvågningssystemer.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 0.8.7g-1+squeeze2.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.8.8a+dfsg-5+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.8.8b+dfsg-2.

- -

Vi anbefaler at du opgraderer dine cacti-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2739.data" diff --git a/danish/security/2013/dsa-2740.wml b/danish/security/2013/dsa-2740.wml deleted file mode 100644 index bd686755a9c..00000000000 --- a/danish/security/2013/dsa-2740.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="29b02b42199757574b8261270eff22d3390eaa7a" mindelta="1" -sårbarhed i forbindelse med udførelse af skripter på tværs af servere - -

Nick Brunn opdaterede en mulig sårbarhed i forbindelse med udførelse af -skripter på tværs af servere i python-django, et Python-webudviklingsframework -på højt niveau.

- -

Værktøjsfunktionen is_safe_url, der anvendes til at validere hvorvidt en -benyttet URL er på den aktuelle vært, for at undgå potentielt farlige -viderestillinger fra ondsindet fremstillede querystrings, virkede som -tilsigtet hvad angår HTTP- og HTTPS-URL'er, men tillod viderestillinger til -andre schemes, så som javascript:.

- -

Funktionen is_safe_url er ændret til på korrekt vis at genkende og afvise -URL'er, som angiver et scheme andet end HTTP eller HTTPS, for at forhindre -angreb i forbindelse med udførelselse af skripter på tværs af webstedet gennem -viderestilling til andre schemes.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.2.3-3+squeeze6.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4.5-1+deb7u2.

- -

I distributionen testing (jessie) og i den ustabile distribution -(sid), er dette problem rettet i version 1.5.2-1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2740.data" diff --git a/danish/security/2013/dsa-2741.wml b/danish/security/2013/dsa-2741.wml deleted file mode 100644 index ca59fa1740a..00000000000 --- a/danish/security/2013/dsa-2741.wml +++ /dev/null @@ -1,56 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i webbrowseren Chromium.

- -
    - -
  • CVE-2013-2887 - -

    Udviklingsholdet bag Chrome 29 fandt forskellige problemer i forbindelse - med intern fuzzing, audit og andre gennemgange.

    • - -
  • CVE-2013-2900 - -

    Krystian Bigaj opdagede fornuftighedskontrolproblem i forbindelse med en - filhåndteringsti.

    • - -
  • CVE-2013-2901 - -

    Alex Chapman opdagede et heltalsoverløbsproblem i ANGLE, Almost Native - Graphics Layer.

    • - -
  • CVE-2013-2902 - -

    cloudfuzzer opdagede et anvendelse efter frigivelse-problem i XSLT.

    • - -
  • CVE-2013-2903 - -

    cloudfuzzer opdagede et anvendelse efter frigivelse-problem i - HTMLMediaElement.

    • - -
  • CVE-2013-2904 - -

    cloudfuzzer opdagede et anvendelse efter frigivelse-problem i fortolkning - af XML-dokumenter.

    • - -
  • CVE-2013-2905 - -

    Christian Jaeger opdagede en informationslækage, som opstod på grund af - utilstrækkelige filrettigheder.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 29.0.1547.57-1~deb7u1.

- -

I distributionen testing (jessie), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 29.0.1547.57-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2741.data" diff --git a/danish/security/2013/dsa-2742.wml b/danish/security/2013/dsa-2742.wml deleted file mode 100644 index df96e548723..00000000000 --- a/danish/security/2013/dsa-2742.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="f98d4020b6fc6e8defa7aa4a780c4cab5f339e0f" mindelta="1" -fortolkningskonflikt - -

Man opdagede at PHP, et skriptsprog der er anvendeligt til alle formål og som -benyttes i udstrakt grad til webapplikationsudvikling, ikke på korrekt vis -behandlede indlejrede NUL-tegn i subjectAltName-udvidelsen i X.509-certifikater. -Afhængigt af applikationen, og med utilstrækkelige CA-niveaukontroller, kunne -det udnyttes til at udgive sig for at være andre brugere.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 5.3.3-7+squeeze17.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.4.4-14+deb7u4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.5.3+dfsg-1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2742.data" diff --git a/danish/security/2013/dsa-2743.wml b/danish/security/2013/dsa-2743.wml deleted file mode 100644 index ff4d0ad4758..00000000000 --- a/danish/security/2013/dsa-2743.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/informationslækage - -

Flere sårbarheder er opdaget i FreeBSD-kernen, hvilke måske kunne føre til en -rettighedsforøgelse eller informationslækage. Projektet Common Vulnerabilities -and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2013-3077 - -

    Clement Lecigne fra Google Security Team rapporterede om et - heltalsoverløb i beregningen af størrelsen på en midlertidig buffer i - IP multicast-koden, hvilket kunne medføre en buffer, der var for lille til - den ønskede handling. En proces uden særlige privilegier kunne læse eller - skrive hukommelsessider, der tilhører kernen. Det kunne medføre - blotlæggelse af følsomme oplysninger eller muliggøre - rettighedsforøgelse.

    • - -
  • CVE-2013-4851 - -

    Rick Macklem, Christopher Key og Tim Zingelman rapporterede at - FreeBSD-kernen på ukorrekt vis benytter klient-leverede brugeroplysninger, - i stedet for dem der er defineret i exports(5), når de anonyme - brugeroplysninger udfyldes til en NFS-eksport samtidig med at -network- - eller -host-begrænsninger anvendes. Den fjerne klient kunne levere - priviligerede brugeroplysninger (fx root-brugeren), når en fil på NFS-sharet - blev tilgået, hvilket omgik de normale adgangskontroller.

    • - -
  • CVE-2013-5209 - -

    Julian Seward og Michael Tuexen rapporterede om en - kernehukommelsesblotlæggelse, ved initialiseringen af SCTP-tilstandscookien, - der sendes i INIT-ACK-chunks, blev en buffer allokeret fra kernestakken ikke - fuldstændig initialiseret. Fragmenter af kernehukommelsen kunne være - indeholdt i SCTP-pakker og blive overført via netværket. For hver - SCTP-session er der to separate forekomster i hvilke et 4-byte-fragment kan - blive overført.

    - -

    Hukommelsen kunne indeholde følsomme oplysninger, så som dele af - filcachen eller terminalbuffere. Oplysningerne kunne være direkte - anvendelige, eller de kunne benyttes som udgangspunkt for at opnå forøgede - rettigheder på en eller anden måde. Eksempelvis kunne en terminalbuffer - indeholde en brugerindtastet adgangskode.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i version -9.0-10+deb70.3.

- -

Vi anbefaler at du opgraderer dine kfreebsd-9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2743.data" diff --git a/danish/security/2013/dsa-2744.wml b/danish/security/2013/dsa-2744.wml deleted file mode 100644 index 36a81f76628..00000000000 --- a/danish/security/2013/dsa-2744.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="ae2f8ebabf9b59c698233dafb743d584d11fb4d5" mindelta="1" -flere sårbarheder - -

Pedro Ribeiro og Huzaifa S. Sidhpurwala opdagede flere sårbarheder i -forskellige værktøjer, der distribueres sammen med tiff-biblioteket. -Behandling af en misdannet fil kunne føre til lammelsesangreb (denial of -service) eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 3.9.4-5+squeeze10.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.0.2-6+deb7u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.0.3-3.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2744.data" diff --git a/danish/security/2013/dsa-2745.wml b/danish/security/2013/dsa-2745.wml deleted file mode 100644 index 3375f065150..00000000000 --- a/danish/security/2013/dsa-2745.wml +++ /dev/null @@ -1,107 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/lammelsesangreb/informationslækage - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke måske kunne føre til et -lammelsesangreb (denial of service), informationslækage eller -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problems:

- -
    - -
  • CVE-2013-1059 - -

    Chanam Park rapporterede om et problem i det distribuerede storagesystem - Ceph. Fjernbrugere kunne forårsage et lammelsesangreb ved at sende en - særligt fremstillet auth_reply-meddelelse.

    • - -
  • CVE-2013-2148 - -

    Dan Carpenter rapporterede om en informationslækage i undersystemet - filesystem wide access notification (fanotify). Lokale brugere kunne - få adgang til følsom kernehukommelse.

    • - -
  • CVE-2013-2164 - -

    Jonathan Salwan rapporterede om en informationslækage i CD-ROM-driveren. - En lokal bruger på et system med fejlbehæftet CD-ROM-drev, kunne få adgang - til følsom hukommelse.

    • - -
  • CVE-2013-2232 - -

    Dave Jones og Hannes Frederic Sowa løste et problem i IPv6-undersystemet. - Lokale brugere kunne forårsage et lammelsesangreb ved at benytte en - AF_INET6-socket til at forbinde sig med en IPv4-destination.

    • - -
  • CVE-2013-2234 - -

    Mathias Krause rapporterede en hukommelseslækage i implementeringen af - PF_KEYv2-sockets. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-2237 - -

    Nicolas Dichtel rapporterede om en hukommelseslækage i implementeringen - af PF_KEYv2-sockets. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-2851 - -

    Kees Cook reported an issue in the block subsystem. Local users with - uid 0 could gain elevated ring 0 privileges. This is only a security - issue for certain specially configured systems.

    • - -
  • CVE-2013-2852 - -

    Kees Cook rapporterede om et problem i b43-netværksdriveren hvad angår - visse trådløse Broadcom-enheder. Lokale brugere med uid 0, kunne få - forøgede ring 0-rettigheder. Sikkerhedsproblemet berører kun visse særligt - opsatte systemer.

    • - -
  • CVE-2013-4162 - -

    Hannes Frederic Sowa rapporterede om et problem i - IPv6-netværksundersystemet. Lokale brugere kunne forårsage et - lammelsesangreb (systemnedbrud)).

    • - -
  • CVE-2013-4163 - -

    Dave Jones rapporterede om et problem i IPv6-netværksundersystemet. - Lokale brugere kunne forårsage et lammelsesangreb (systemnedbrud).

    • - -
- -

Opdateringen indeholder også en rettelse af en regression i undersystemet -Xen.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -3.2.46-1+deb7u1.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage nytte af opdateringen:

- -
- - - - - - - - - -
 Debian 7.0 (wheezy)
user-mode-linux3.2-2um-1+deb7u2
-
- -

Vi anbefaler at du opgraderer dine linux- og user-mode-linux-pakker.

- -

Bemærk: Debian holder omhyggeligt rede på alle kendte -sikkerhedsproblemer på tværs af alle linux-kerne-pakker i alle udgivelser med -aktiv sikkerhedsunderstøttelse. Men den store mængde sikkerhedsproblemer af lav -prioritet, der opdages i kernen og ressourcekravene til at foretage en -opdatering, taget i betragtning, vil problemer af lavere sikkerhedsprioritet -typisk ikke blive udgivet til alle kerner på samme tid. I stedet vil de blive -opsamlet og udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2745.data" diff --git a/danish/security/2013/dsa-2746.wml b/danish/security/2013/dsa-2746.wml deleted file mode 100644 index 68a4ad839c6..00000000000 --- a/danish/security/2013/dsa-2746.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="418912fad0de9e7f55845ed3561f031faef9b13a" mindelta="1" -flere sårbarheder - -

Flere sikkerhedssårbarheder blev fundet i Icedove, Debians udgave af mail- -og newsklienten Mozilla Thunderbird. Flere hukommelsessikkerhedsfejl, manglende -rettighedskontroller og andre implementeringsfejl kunne føre til udførelse af -vilkårlig kode eller udførelse af skripter på tværs af websteder.

- -

Versionen af Icedove i den gamle stabile distribution (squeeze) understøttes -ikke længere med komplette sikkerhedsopdateringer. Men man bør bemærke, at -næsten alle sikkerhedsproblemer i Icedove stammer fra den medfølgende -browsermotor. Sikkerhedsproblemerne påvirker kun Icedove hvis scripting og -HTML-mails er aktiveret. Hvis der er sikkerhedsproblemer, som specifikt -vedrører Icedove (fx et hypotetisk bufferoverløb i IMAP-implementeringen), vil -vi forsøge at tilbageføre sådanne rettelser til den gamle stabile -distribution.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 17.0.8-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 17.0.8-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2746.data" diff --git a/danish/security/2013/dsa-2747.wml b/danish/security/2013/dsa-2747.wml deleted file mode 100644 index 948c0093c36..00000000000 --- a/danish/security/2013/dsa-2747.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sårbarheder blev opdaget i Cacti, en webgrænseflade til grafisk afbildning -af overvågede systemer:

- -
    - -
  • CVE-2013-5588 - -

    install/index.php og cacti/host.php var ramt af sårbarheder i forbindelse - med udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2013-5589 - -

    cacti/host.php indeholdt en SQL-indsprøjtningssårbarhed, som gjorde det - muligt for en angriber at udføre SQL-kode på databasen, som anvendes af - Cacti.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 0.8.7g-1+squeeze3.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.8.8a+dfsg-5+deb7u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.8.8b+dfsg-3.

- -

Vi anbefaler at du opgraderer dine cacti-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2747.data" diff --git a/danish/security/2013/dsa-2748.wml b/danish/security/2013/dsa-2748.wml deleted file mode 100644 index eab67539af5..00000000000 --- a/danish/security/2013/dsa-2748.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e2bc2d8acb09c62700ded3606ff7d260af3c4ea7" mindelta="1" -lammelsesangreb - -

Flere lammelsesangrebssårbarheder (denial of service) blev opdaget i dcraw's -kodebase, et program til behandling af billeder i RAW-format fra digitale -kameraer. Opdateringen retter sårbarhederne i den kopi, som følger med pakken -exactimage.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.8.1-3+deb6u2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.8.5-5+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.8.9-1.

- -

Vi anbefaler at du opgraderer dine exactimage-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2748.data" diff --git a/danish/security/2013/dsa-2749.wml b/danish/security/2013/dsa-2749.wml deleted file mode 100644 index 6f6b45585cb..00000000000 --- a/danish/security/2013/dsa-2749.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="8192d7d9566511564538e38abd90d805142622be" mindelta="1" -flere sårbarheder - -

Colin Cuthbertson og Walter Doekes opdagede to sårbarheder i -SIP-behandlingskoden i Asterisk, et open source-PBX- og telefoniværktøjssæt, -hvilke kunne medføre lammelsesangreb.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1:1.6.2.9-2+squeeze11.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.8.13.1~dfsg-3+deb7u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2749.data" diff --git a/danish/security/2013/dsa-2750.wml b/danish/security/2013/dsa-2750.wml deleted file mode 100644 index 3a0b566c5ad..00000000000 --- a/danish/security/2013/dsa-2750.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="0eb3609808ed99d85bc0de7d0cd4efa566743335" mindelta="1" -bufferoverløb - -

Anton Kortunov rapporterede om et tilfælde af heapkorruption i ImageMagick, -en programsamling og bibliotek til konvertering og behandling af billedfiler. -Fabrikerede GIF-filer kunne få ImageMagick til at gå ned, potentielt medførende -udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket af dette -problem.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 8:6.7.7.10-5+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 8:6.7.7.10-6.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2750.data" diff --git a/danish/security/2013/dsa-2751.wml b/danish/security/2013/dsa-2751.wml deleted file mode 100644 index 7c326112145..00000000000 --- a/danish/security/2013/dsa-2751.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="a44ecbe2693ea8c6b0a94b7d13ec18c2c61c93a3" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i libmodplug, et bibliotek baseret på -ModPlug til mod-musik, som kunne muliggøre udførelse af vilkårlig kode, ved -behandling af særligt fremstillede ABC-filer gennem applikationer, der anvender -biblioteket, så som medieafspillere.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1:0.8.8.1-1+squeeze2+git20130828.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1:0.8.8.4-3+deb7u1+git20130828.

- -

I distributionen testing (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:0.8.8.4-4.

- -

Vi anbefaler at du opgraderer dine libmodplug-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2751.data" diff --git a/danish/security/2013/dsa-2752.wml b/danish/security/2013/dsa-2752.wml deleted file mode 100644 index c67cf7da672..00000000000 --- a/danish/security/2013/dsa-2752.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a30964a96394f9d7daf701a4dd489a4f8b3417fe" mindelta="1" -for omfattende rettigheder - -

Andreas Beckmann opdagede at phpBB, et webforum, som det installeres i -Debian, opsatte forkerte rettigheder på cachede filer, hvilket gjorde det muligt -for en ondsindet lokal bruger, at overskrive dem.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 3.0.7-PL1-4+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.0.10-4+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.0.11-4.

- -

Vi anbefaler at du opgraderer dine phpbb3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2752.data" diff --git a/danish/security/2013/dsa-2753.wml b/danish/security/2013/dsa-2753.wml deleted file mode 100644 index 39ff2834a1f..00000000000 --- a/danish/security/2013/dsa-2753.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="4030d1ca755421838b73c516cd299cdd4bb80d5a" mindelta="1" -informationslækage - -

Man opdagede at der i MediaWiki, en wikimotor, var flere API-moduler, som -tillod at anti-CSRF-tokens kunne tilgås via JSONP. Disse tokens beskytter mod -forespørgselsforfalskninger på tværs af servere og er fortrolige.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.15.5-2squeeze6.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.19.5-1+deb7u1.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), -er dette problem rettet i version 1.19.8+dfsg-1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2753.data" diff --git a/danish/security/2013/dsa-2754.wml b/danish/security/2013/dsa-2754.wml deleted file mode 100644 index be443ac38be..00000000000 --- a/danish/security/2013/dsa-2754.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb - -

Man opdagede at exactimage, et hurtigt billedbehandlingsbibliotek, ikke på -korrekt vis håndterede fejlsituationer i forbindelse med den indlejrede version -af dcraw. Det kunne medføre et nedbrud eller andet i en applikation, som -anvender biblioteket, på grund af en uinitialiseret variabel, som overføres til -longjmp.

- -

Det er et andet problem, end -\ -CVE-2013-1438/DSA-2748-1.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.8.1-3+deb6u3.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.8.5-5+deb7u3.

- -

I distributionen testing (jessie) og i den ustabile distribution -(sid), er dette problem rettet i version 0.8.9-2.

- -

Vi anbefaler at du opgraderer dine exactimage-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2754.data" diff --git a/danish/security/2013/dsa-2755.wml b/danish/security/2013/dsa-2755.wml deleted file mode 100644 index 72fbf3fd4f6..00000000000 --- a/danish/security/2013/dsa-2755.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="bf745a3ef1eb7cd1daba8f1a6d005ff60eacbab0" mindelta="1" -mappegennemløb - -

Rainer Koirikivi opdagede en mappegennemløbssårbarhed i forbindelse med -ssi-skabelontags i python-django, et højniveauwebudviklingsframework -til Python.

- -

Det blev bevist, at håndtering af indstillingen ALLOWED_INCLUDE_ROOTS, -som benyttes til at repræsentere tilladte præfiks til skabelontag'et {% ssi %}, -var sårbart over for et mappegennemløbsangreb, ved at angive en filsti, der -begynder som den absolutte sti til en mappe i ALLOWED_INCLUDE_ROOTS, og -dernæst anvender relative stier til at bryde ud.

- -

For at udnytte sårbarheden, skulle angriberen have mulighed for at ændre -skabeloner på webstedet, eller det angrebne websted skulle have en eller flere -skabeloner, der anvender ssi-tag'et, samt skulle tillade en eller anden -form for brugerinddata, som ikke er fornuftighedskontrolleret, der anvendes som -et parameter til ssi-tag'et.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.2.3-3+squeeze7.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4.5-1+deb7u3.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2755.data" diff --git a/danish/security/2013/dsa-2756.wml b/danish/security/2013/dsa-2756.wml deleted file mode 100644 index 990dec1f180..00000000000 --- a/danish/security/2013/dsa-2756.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="c991c9f49e2ef25cf12d8c4326f5eca445e4dfd8" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i dissectorerne til LDAP, RTPS og NBAP samt i -Netmon-filfortolkeren, hvilke kunne medføre lammelsesangreb (denial of service) -eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.2.11-6+squeeze12.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.8.2-5wheezy6.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.10.2-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2756.data" diff --git a/danish/security/2013/dsa-2757.wml b/danish/security/2013/dsa-2757.wml deleted file mode 100644 index 1909931ccd5..00000000000 --- a/danish/security/2013/dsa-2757.wml +++ /dev/null @@ -1,63 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev registreret i Wordpress, et webbloggingværktøj. Da -CVE'erne blev tildelt ud fra udgivelsesannonceringer og specifikke rettelser -normalt ikke angives, har man besluttet at opgradere Wordpress-pakken til den -seneste opstrømsversion, i stedet for at tilbageføre rettelserne.

- -

Det betyder at man skal være særlig omhyggelig under opgraderingen, især når -man benytter tredjepartsplugins eller -temaer, forbi kompabiliteten kan være -påvirket. Vi anbefaler at brugerne kontrollerer deres installering, før -opgraderingen gennemføres.

- -
    - -
  • CVE-2013-4338 - -

    Usikker PHP-afserialisering i wp-includes/functions.php kunne forårsage - udførelse af vilkårlig kode.

    • - -
  • CVE-2013-4339 - -

    Utilstrækkelig fornuftighedskontrol af inddata kunne medføre - viderestilling eller at få en bruger sendt til et andet websted.

    • - -
  • CVE-2013-4340 - -

    Rettighedsforøgelse gjorde det muligt for en bruger med author-rollen, - at oprette en post, der udgiver sig for at være skrevet af en anden - bruger.

    • - -
  • CVE-2013-5738 - -

    Utilstrækkelige muligheder var krævet for at kunne uploade - .html-/.html-filer, hvilket gjorde det lettere for autentificereede brugere - at udføre skriptangreb på tværs af websteder (XSS), ved at anvende - fabrikerede HTML-filuploads.

    • - -
  • CVE-2013-5739 - -

    Wordpress' standardopsætning gjorde det muligt at uploade - .swf-/.exe-filer, hvilket gjorde det lettere for autentificerede brugere at - udføre skriptangreb på tværs af websteder (XSS).

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 3.6.1+dfsg-1~deb6u1.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.6.1+dfsg-1~deb7u1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 3.6.1+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.6.1+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2757.data" diff --git a/danish/security/2013/dsa-2758.wml b/danish/security/2013/dsa-2758.wml deleted file mode 100644 index f0637794aec..00000000000 --- a/danish/security/2013/dsa-2758.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="2ae66201fd80f52a1e460c9650f0fe0737ac78b3" mindelta="1" -lammelsesangreb - -

Man opdagede at python-django, et højniveauwebudviklingsframework, var -sårbart over for en lammelsesangrebssårbarhed (denial of service) via store -adgangskoder.

- -

En ikke-autentificeret fjernangriber kunne iværksætte et lammelsesangreb ved -at indsende adgangskoder med vilkårlig længde, og dermed bruge serverressourcer -i den dyre beregning af de tilsvarende hashes, til kontrol af adgangskoden.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.2.3-3+squeeze8.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4.5-1+deb7u4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.5.4-1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2758.data" diff --git a/danish/security/2013/dsa-2759.wml b/danish/security/2013/dsa-2759.wml deleted file mode 100644 index cd2eeed706a..00000000000 --- a/danish/security/2013/dsa-2759.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="fd86e42dd04afcc50b2cac1409df92cf18570a6d" mindelta="1" -flere sårbarheder - -

Flere sikkerhedssårbarheder blev fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Flere hukommelsesikkeredsproblemer og -bufferoverløb, kunne føre til udførelse af vilkårlig kode.

- -

Iceweasel-versionen i den gamle stabile distribution (squeeze), er ikke -længere understøttet med sikkerhedsopdateringer.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 17.0.9esr-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 24.0-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2759.data" diff --git a/danish/security/2013/dsa-2760.wml b/danish/security/2013/dsa-2760.wml deleted file mode 100644 index 7593c7a3d11..00000000000 --- a/danish/security/2013/dsa-2760.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="84e8f8fe4f93afadc1470d77e88601c6513da555" mindelta="1" -flere sårbarheder - -

Florian Weimer opdagede to sikkerhedsproblemer i -tidssynkroniseringsprogrammet Chrony (bufferoverløb og anvendelse af -uinitialiserede data i kommandosvar).

- -

I den gamle stabile distribution (squeeze), vil disse problemer snart blive -rettet i 1.24-3+squeeze1 (på grund af en teknisk begrænsning i -arkivbehandlingsskriptet, kan de to opdateringer ikke udsendes på samme tid).

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -1.24-3.1+deb7u2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine chrony-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2760.data" diff --git a/danish/security/2013/dsa-2761.wml b/danish/security/2013/dsa-2761.wml deleted file mode 100644 index 8ec5d07cd71..00000000000 --- a/danish/security/2013/dsa-2761.wml +++ /dev/null @@ -1,48 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i puppet, et centraliseret håndteringssystem -til opsætninger. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2013-4761 - -

    Tjenesten resource_type (deaktiveret som standard) kunne anvendes - til at få puppet til at indlæse vilkårlig Ruby-kode fra puppet masters - filsystem.

    • - -
  • CVE-2013-4956 - -

    Moduler installeret med Puppet Module Tool, blev måske installeret med - svage rettigheder, måske givende lokale brugere adgang til at læse eller - ændre dem.

    • - -
- -

Den stabile distribution (wheezy) er blevet opdateret til version 2.7.33 af -puppet. Versionen indeholder rettelser af alle tidligere DSA'er vedrørende -puppet i wheezy. I versionen angives puppets rappportformat nu korrekt som -version 3.

- -

Man kan forvente, at fremtidige DSA'er vedrørende puppet medfører opdatering -til en nyere udgave af 2.7-forgreningen, som kun indeholder fejlrettelser.

- -

Den gamle stabile distribution (squeeze) er ikke opdateret i forbindelse med -denne bulletin: på nuværende tidspunkt er der ingen rettelse af -CVE-2013-4761 -og pakken er ikke påvirket af -CVE-2013-4956.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -2.7.23-1~deb7u1.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), er -disse problemer rettet i version 3.2.4-1.

- -

Vi anbefaler at du opgraderer dine puppet-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2761.data" diff --git a/danish/security/2013/dsa-2762.wml b/danish/security/2013/dsa-2762.wml deleted file mode 100644 index 562a09cbc19..00000000000 --- a/danish/security/2013/dsa-2762.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="dfbec10fe87c831884eed313d61b147187dec3e5" mindelta="1" -flere sårbarheder - -

Flere sikkerhedproblemer er fundet i Icedove, Debians udgave af mail- og -newsklienten Mozilla Thunderbird. Flere fejl i forbindelse med -hukommelsessikkerhed og bufferoverløb, kunne føre til udførelse af vilkårlig -kode.

- -

Versionen af Icedove i den gamle stabile distribution (squeeze) understøttes -ikke længere med komplette sikkerhedsopdateringer. Men man bør bemærke, at -næsten alle sikkerhedsproblemer i Icedove stammer fra den medfølgende -browsermotor. Sikkerhedsproblemerne påvirker kun Icedove hvis scripting og -HTML-mails er aktiveret. Hvis der er sikkerhedsproblemer, som specifikt -vedrører Icedove (fx et hypotetisk bufferoverløb i IMAP-implementeringen), vil -vi forsøge at tilbageføre sådanne rettelser til den gamle stabile -distribution.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -17.0.9-1~deb7u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2762.data" diff --git a/danish/security/2013/dsa-2763.wml b/danish/security/2013/dsa-2763.wml deleted file mode 100644 index 874bce4304f..00000000000 --- a/danish/security/2013/dsa-2763.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="c0621a6161f6bb886e00de58526f59edbdbe3795" mindelta="1" -omgåelse af kontrol af værtsnavn - -

Man opdagede at PyOpenSSL, en Python-wrapper om OpenSSL-biblioteket, ikke på -korrekt vis håndterede certifikater med NULL-tegn i feltet Subject Alternative -Name.

- -

En fjernangriber med mulighed for at få fat i et certifikat til -www.foo.org\0.example.com fra en CA, som en SSL-klient har tillid til, -kunne udnytte fejlen til at udgive sig for at være www.foo.org og -iværksætte manden i midten-angreb mellem klienten, der anvender PyOpenSSL, og -SSL-serveren.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.10-1+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.13-2+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.13-2.1.

- -

Vi anbefaler at du opgraderer dine pyopenssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2763.data" diff --git a/danish/security/2013/dsa-2764.wml b/danish/security/2013/dsa-2764.wml deleted file mode 100644 index 45a0b1d9504..00000000000 --- a/danish/security/2013/dsa-2764.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="61a3bc9723007c7a51ba67bc0ec7b1eda76e3e62" mindelta="1" -programmeringsfejl - -

Daniel P. Berrange opdagede at ukorrekt hukommelseshåndtering i funktionen -remoteDispatchDomainMemoryStats(), kunne føre til lammelsesangreb (denial of -service).

- -

Den gamle stabile distribution (squeeze) er ikke påvirket.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.9.12-11+deb7u4. Opdateringen indeholder også nogle fejlrettelser, -der ikke vedrører sikkerhed, som var planlagt til den kommende Wheezy -7.2-punktopdatering.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libvirt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2764.data" diff --git a/danish/security/2013/dsa-2765.wml b/danish/security/2013/dsa-2765.wml deleted file mode 100644 index 3da18f12036..00000000000 --- a/danish/security/2013/dsa-2765.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="d0d009e5396066efaf4ba889c111b0ab849a22eb" mindelta="1" -rettighedsforøgelse - -

Davfs2, en filsystemklient til WebDAV, kaldte funktionen system() på usikker -vis, mens setuid er root. Det kunne muliggøre en rettighedsforøgelse.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.4.6-1.1+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4.6-1.1+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1.4.7-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.7-3.

- -

Vi anbefaler at du opgraderer dine davfs2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2765.data" diff --git a/danish/security/2013/dsa-2766.wml b/danish/security/2013/dsa-2766.wml deleted file mode 100644 index 6a3e80a81b7..00000000000 --- a/danish/security/2013/dsa-2766.wml +++ /dev/null @@ -1,109 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/lammelsesangreb/informationslækage - -

Flere sårbarheder er opdaget i Linux-kernen, som måske kunne føre til et -lammelsesangreb (denial of service), informationslækage eller -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2013-2141 - -

    Emese Revfy leverede en rettelse til en informationslækage i - systemkaldene tkill og tgkill. En lokal bruger på et 64 bit-system, var - måske i stand til at få adgang til følsomt hukommelsesindhold.

    • - -
  • CVE-2013-2164 - -

    Jonathan Salwan rapporterede om en informationslækage i CD-ROM-driveren. - En lokal bruger på et system med et fejlbehæftet CD-ROM-drev, kunne få - adgang til følsom hukommelse.

    • - -
  • CVE-2013-2206 - -

    Karl Heiss rapporterede om et problem i implementeringen af Linux SCTP. - En fjernbruger kunne forårsage et lammelsesangreb (systemnedbrud).

    • - -
  • CVE-2013-2232 - -

    Dave Jones og Hannes Frederic Sowa løste et problem i IPv6-undersystemet - subsystem. Lokale brugere kunne forårsage et lammelsesangreb ved at anvende - en AF_INET6-socket til at forbinde sig til en IPv4-destination.

    • - -
  • CVE-2013-2234 - -

    Mathias Krause rapporterede om en hukommelseslækage i implementeringen af - PF_KEYv2-sockets. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-2237 - -

    Nicolas Dichtel rapporterede om en hukommelseslækage i implementeringen - af PF_KEYv2-sockets. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-2239 - -

    Jonathan Salwan opdagede flere hukommelseslækager i kernen til openvz. - Lokale brugere kunne få adgang til følsom kernehukommelse.

    • - -
  • CVE-2013-2851 - -

    Kees Cook rapporterede om et problem i block-undersystemet. Lokale - brugere med uid 0 kunne få forøgede ring 0-rettigheder. Det er kun et - sikkerhedsproblem på visse særligt opsatte systemer.

    • - -
  • CVE-2013-2852 - -

    Kees Cook rapporterede om et problem i b43-netværksdriveren til visse - trådløse Broadcom-enheder. Lokale brugere med uid 0 kunne få forøgede - ring 0-rettigheder. Det er kun et sikkerhedsproblem på visse særligt - opsatte systemer.

    • - -
  • CVE-2013-2888 - -

    Kees Cook rapporterede om et problem i HID-driverundersystemet. En lokal - bruger med mulighed for at tilslutte en enhed, kunne forårsage et - lammelsesangreb (systemnedbrud).

    • - -
  • CVE-2013-2892 - -

    Kees Cook rapporterede om et problem i pantherlord-HID-enhedsdriveren. - Lokale brugere med mulighed for at tilslutte en enhed, kunne forårsage et - lammelsesangreb eller muligvis få forøgede rettigheder.

    • - -
- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.6.32-48squeeze4.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage nytte af opdateringen:

- -
- - - - - - - - - -
 Debian 6.0 (wheezy)
user-mode-linux2.6.32-1um-4+48squeeze4
-
- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker. - -

Bemærk: Debian holder omhyggeligt rede på alle kendte -sikkerhedsproblemer på tværs af alle linux-kerne-pakker i alle udgivelser med -aktiv sikkerhedsunderstøttelse. Men den store mængde sikkerhedsproblemer af lav -prioritet, der opdages i kernen og ressourcekravene til at foretage en -opdatering, taget i betragtning, vil problemer af lavere sikkerhedsprioritet -typisk ikke blive udgivet til alle kerner på samme tid. I stedet vil de blive -opsamlet og udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2766.data" diff --git a/danish/security/2013/dsa-2767.wml b/danish/security/2013/dsa-2767.wml deleted file mode 100644 index dab67c22856..00000000000 --- a/danish/security/2013/dsa-2767.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="97b8ff2bd6d60ba794da1bddafc016083a7eac27" mindelta="1" -lammelsesangreb - -

Kingcope opdagede at modulerne mod_sftp og mod_sftp_pam i proftpd, en -avanceret, modulær FTP-/SFTP-/FTPS-server, ikke på korrekt vis validerede -indata før pool-allokeringer blev gennemført. En angriber kunne anvende fejlen -til at iværksætte lammelsesangreb (denial of service) mod systemet, der kører -proftpd (ressourceudmattelse).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.3.3a-6squeeze7.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.3.4a-5+deb7u1.

- -

I distributionen testing (jessie) og i den ustabile (sid) distributions, vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine proftpd-dfsg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2767.data" diff --git a/danish/security/2013/dsa-2768.wml b/danish/security/2013/dsa-2768.wml deleted file mode 100644 index 7fff4e03d83..00000000000 --- a/danish/security/2013/dsa-2768.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -heapbaseret bufferoverløb - -

En heapbaseret bufferoverløbssårbarhed blev fundet i icedtea-web, en -webbrowserplugin til kørsel af applets skrevet i programmeringssproget Java. -Hvis en bruger blev narret til at tilgå et ondsindet websted, kunne en angriber -forårsage at plugin'en gik ned eller muligvis udførte vilkårlig kode, som -brugeren, der kører programmet.

- -

Problemet blev oprindelig opdaget af Arthur Gerkis og fik tildelt -\ -CVE-2012-4540. Rettelser er foretaget i 1.1-, 1.2- og 1.3-forgreningerne, -men ikke til 1.4-forgreningen.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4-3~deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4-3.1.

- -

Vi anbefaler at du opgraderer dine icedtea-web-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2768.data" diff --git a/danish/security/2013/dsa-2769.wml b/danish/security/2013/dsa-2769.wml deleted file mode 100644 index 26dd7b8508d..00000000000 --- a/danish/security/2013/dsa-2769.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -rettighedsforøgelse/lammelsesangreb - -

Flere sårbarheder er opdaget i FreeBSD-kernen, hvilke måske kunne føre til -lammelsesangreb (denial of service) eller rettighedsforøgelse. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2013-5691 - -

    Loganaden Velvindron og Gleb Smirnoff opdagede at ioctl-forespørgslerne - SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR og SIOCSIFNETMASK, ikke udførte - validering af inddata eller kontrollerede den kaldendes brugeroplysninger. - En bruger uden rettigheder, med mulighed for at køre vilkårlig kode, kunne - få et vilkårligt netværksinterface på systemet til at udføre link - layer-handlinger i forbindelse med ovennævnte ioctl-forespørgsler eller - udløse kernepanik ved at levere en særligt fremstillet adressestruktur, som - fik en netværksinterfacedriver til at dereferere en ugyldig - pointer.

    • - -
  • CVE-2013-5710 - -

    Konstantin Belousov opdagede at implementeringen af nullfs(5) i - VOP_LINK(9)'s VFS-operation, ikke kontrollerede hvorvidt linkets kilde og - mål begge er i den samme nullfs-instans. Det var derfor muligt at oprette - et hårdt link fra en placering i en nullfs-instans, til en fil i en anden, - såfremt det underliggende (kilde)filsystem, var det samme. Hvis flere - nullfs-views pegende på det samme filsystem er mount'et forskellige steder, - kunne en bruger måske få skriveadgang til filer, der normalt befinder sig - på et kun læsbart filsystem.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 9.0-10+deb70.4.

- -

Vi anbefaler at du opgraderer dine kfreebsd-9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2769.data" diff --git a/danish/security/2013/dsa-2770.wml b/danish/security/2013/dsa-2770.wml deleted file mode 100644 index 536d4b6cfda..00000000000 --- a/danish/security/2013/dsa-2770.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="07f53e915b829ca3c842faf426e69f234def8382" mindelta="1" -autentifikationsomgåelse - -

John Fitzpatrick fra MWR InfoSecurity opdagede en -autentifikationsomgåelsessårbarhed i torque, en PBS-afledt køsystem til -batchbehandling.

- -

Torques autentifikationsmodul tager sig af anvendelse af priviligerede porte. -Hvis en forespørgsel ikke foretages fra en priviligeret port, antages den for -ikke at være til at stole på eller ikke-autentificeret. Man opdagede at pbs_mom -ikke udfører en kontrol for at sikre, at forbindelser etableres fra en -priviligeret port.

- -

En bruger der kan afvikle jobs eller logge på en node, der kører pbs_server -eller pbs_mom, kunne udnytte sårbarheden til fjernudførelse af kode som root på -klyngen, ved at indsende kommendoer direkte til en pbs_mom-dæmon, for at sætte -et job i kø og afvikle det.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.4.8+dfsg-9squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.4.16+dfsg-1+deb7u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine torque-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2770.data" diff --git a/danish/security/2013/dsa-2771.wml b/danish/security/2013/dsa-2771.wml deleted file mode 100644 index 7003433530f..00000000000 --- a/danish/security/2013/dsa-2771.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="433b821b9978270431558bcf1ca0c2a4e219d8e0" mindelta="1" -flere sårbarheder - -

Hamid Zamani opdagede flere sikkerhedsproblemer (bufferoverløb, -formatstrengssårbarheder og manglende fornuftighedskontrol af inddata), hvilke -kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.9.2-4squeeze1.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.9.3-5wheezy1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 1.9.3-6.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.3-6.

- -

Vi anbefaler at du opgraderer dine nas-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2771.data" diff --git a/danish/security/2013/dsa-2772.wml b/danish/security/2013/dsa-2772.wml deleted file mode 100644 index 9a589da90a9..00000000000 --- a/danish/security/2013/dsa-2772.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="0c818110a9f1627720a4ff0f4230238b1845894f" mindelta="1" -udførelse af skripter på tværs af websteder - -

Markus Pieton og Vytautas Paulikas opdagede at den indlejrede video- og -lydafspiller i håndteringssystemet til webindhold, TYPO3, var sårbar over for -udførelse af skripter på tværs af websteder.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 4.5.19+dfsg1-5+wheezy1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 4.5.29+dfsg1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.5.29+dfsg1-1.

- -

Vi anbefaler at du opgraderer dine typo3-src-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2772.data" diff --git a/danish/security/2013/dsa-2773.wml b/danish/security/2013/dsa-2773.wml deleted file mode 100644 index e3394a9b203..00000000000 --- a/danish/security/2013/dsa-2773.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sårbarheder blev opdaget i GnuPG, GNU privacy guard, en frit tilgængelig -erstatning for PGP. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2013-4351 - -

    Når en nøgles eller undernøgles key flags-underpakket var opsat - med alle bits slået fra, behandlede GnuPG nøglen som havende alle bits slået - til. Det vil sige, når ejeren ønskede at indikere no use permitted - (ingen anvendelse tilladt), fortolkede GnuPG det som all use - permitted (al anvendelse tilladt). Sådanne no use - permitted-nøgler er sjældne og benyttes kun under særlige omstændigheder.

    • - -
  • CVE-2013-4402 - -

    En undelig løkke var mulig i fortolkeren af komprimerede pakker, med - fabrikerede inddata, hvilket måske kunne anvendes til at forårsage et - lammelsesangreb (denial of service).

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.4.10-4+squeeze3.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.4.12-7+deb7u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.4.15-1.

- -

Vi anbefaler at du opgraderer dine gnupg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2773.data" diff --git a/danish/security/2013/dsa-2774.wml b/danish/security/2013/dsa-2774.wml deleted file mode 100644 index 76235c9d705..00000000000 --- a/danish/security/2013/dsa-2774.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sårbarheder blev opdaget i GnuPG 2, GNU privacy guard, en frit tilgængelig -erstatning for PGP. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2013-4351 - -

    Når en nøgles eller undernøgles key flags-underpakket var opsat - med alle bits slået fra, behandlede GnuPG nøglen som havende alle bits slået - til. Det vil sige, når ejeren ønskede at indikere no use permitted - (ingen anvendelse tilladt), fortolkede GnuPG det som all use - permitted (al anvendelse tilladt). Sådanne no use - permitted-nøgler er sjældne og benyttes kun under særlige omstændigheder.

    • - -
  • CVE-2013-4402 - -

    En undelig løkke var mulig i fortolkeren af komprimerede pakker, med - fabrikerede inddata, hvilket måske kunne anvendes til at forårsage et - lammelsesangreb (denial of service).

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 2.0.14-2+squeeze2.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.0.19-2+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.0.22-1.

- -

Vi anbefaler at du opgraderer dine gnupg2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2774.data" diff --git a/danish/security/2013/dsa-2775.wml b/danish/security/2013/dsa-2775.wml deleted file mode 100644 index 077a191bf49..00000000000 --- a/danish/security/2013/dsa-2775.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="96e7c19e50d15e82b16f7959463dfd3e54c77ed1" mindelta="1" -usikker anvendelse af SSL - -

Man opdagede at ejabberd, en Jabber-/XMPP-server, anvendte SSLv2 og svage -krypteringsalgoritmer til kommunikation, hvilket betragtes som usikkert. -Softwaren tilbyder ingen opsætningsindstillinger på kørselstidspunktet, som kan -deaktivere dem. Denne opdatering deaktiverer anvendelse af SSLv2 og svage -Krypteringsalgoritmer.

- -

Den opdaterede pakke til Debian 7 (wheezy) indeholder også ekstra -fejlrettelser, oprindelig planlagt til den næste stabile punktopdatering.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.1.5-3+squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.1.10-4+deb7u1.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine ejabberd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2775.data" diff --git a/danish/security/2013/dsa-2776.wml b/danish/security/2013/dsa-2776.wml deleted file mode 100644 index 55fc9787399..00000000000 --- a/danish/security/2013/dsa-2776.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="30925b77f419d38754a7652afba51ce427dcbc2e" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er rettet i Drupal, et framework til indholdshåndtering, -hvilke medførte informationsafsløring, utilstrækkelig validering, udførelse og -forfalskning af skripter på tværs af websteder.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 6.28-1.

- -

I den stabile distribution (wheezy), er disse problemer allerede rettet i -drupal7-pakken.

- -

I den ustabile distribution (sid), er disse problemer allerede rettet i -drupal7-pakken.

- -

Vi anbefaler at du opgraderer dine drupal6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2776.data" diff --git a/danish/security/2013/dsa-2777.wml b/danish/security/2013/dsa-2777.wml deleted file mode 100644 index d18e7c76c8b..00000000000 --- a/danish/security/2013/dsa-2777.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f2e2c10066f8a2c2d5b0366ecc132049c16a36d9" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer i systemd blev opdaget af Sebastian Krahmer og -Florian Weimer: Usikker interaktion med DBUS kunne føre til omgåelse af -Policykit-begrænsninger og rettighedsforøgelse eller lammelsesangreb (denial of -service) gennem et heltalsoverløb i journald samt manglende fornuftighedkontrol -af inddata i behandlingen af X keyboard extension-filer (XKB).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 44-11+deb7u4.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine systemd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2777.data" diff --git a/danish/security/2013/dsa-2778.wml b/danish/security/2013/dsa-2778.wml deleted file mode 100644 index a795970a33a..00000000000 --- a/danish/security/2013/dsa-2778.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="80c9ef297175b18efce190e2657b7043adb7ed19" mindelta="1" -heapbaseret bufferoverløb - -

Robert Matthews opdagede at Apaches FCGID-modul, en FastCGI-implementering -til Apache HTTP Server, ikke udførte tilstrækkelige grænsekontroller på -brugerleverede inddata. Dermed kunne det være muligt for en fjernangriber at -forårsage et heapbaseret bufferoverløb, medførende et lammelsesangreb (denial of -service) eller potentielt muliggørende udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1:2.3.6-1+squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:2.3.6-1.2+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:2.3.9-1.

- -

Vi anbefaler at du opgraderer dine libapache2-mod-fcgid-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2778.data" diff --git a/danish/security/2013/dsa-2779.wml b/danish/security/2013/dsa-2779.wml deleted file mode 100644 index 87a3b4deed6..00000000000 --- a/danish/security/2013/dsa-2779.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="3849e632e159ad71ff33e9ac7435af4ecd8bbffc" mindelta="1" -lammelsesangreb - -

Aki Helin fra OUSPG opdagede mange problemer med læsning uden for grænserne i -libxml2, GNOME-projektets XML-fortolkningsbibliotek, hvilke kunne føre til -lammelsesangrebsproblemer (denial of service) ved håndtering af XML-dokumenter, -som slutter pludseligt.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.7.8.dfsg-2+squeeze8.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.8.0+dfsg1-7+nmu2.

- -

I distributionen testing (jessie) og i den ustabile distributions (sid), er -dette problem rettet i version 2.9.1+dfsg1-1.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2779.data" diff --git a/danish/security/2013/dsa-2780.wml b/danish/security/2013/dsa-2780.wml deleted file mode 100644 index 51f6b8ee6fb..00000000000 --- a/danish/security/2013/dsa-2780.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="e83d05dbbf1409adc6a7c339904577c6d5f22f7a" mindelta="1" -flere sårbarheder - -

Denne DSA opdaterer MySQL-databasen til version 5.1.72. Dermed rettes flere -uspecificerede sikkerhedsproblemer i Optimizer-komponenten: -\ -http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 5.1.72-2.

- -

Vi anbefaler at du opgraderer dine mysql-5.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2780.data" diff --git a/danish/security/2013/dsa-2781.wml b/danish/security/2013/dsa-2781.wml deleted file mode 100644 index 918eac78a2b..00000000000 --- a/danish/security/2013/dsa-2781.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="cf6a93b6e5d1a4cf12a8f7ed1132898c1c6370cc" mindelta="1" -PRNG gen-seedes ikke på korrekt vis i nogle situationer - -

En kryptografisk sårbarhed blev opdaget i pseudo-tilfældighedstalgeneratoren -i python-crypto.

- -

I nogle situationer kunne en kapløbstilstand forhindre gen-seedning af -generatoren, når flere processer blev forgrenet fra den samme forælder. Det -kunne føre til generering af identiske uddata i alle processer, hvilket måske -kunne lække følsomme værdier så som kryptografiske nøgler.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.1.0-2+squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.6-4+deb7u3.

- -

I distributionen testing (jessie), er dette problem rettet i -version 2.6.1-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.6.1-1.

- -

Vi anbefaler at du opgraderer dine python-crypto-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2781.data" diff --git a/danish/security/2013/dsa-2782.wml b/danish/security/2013/dsa-2782.wml deleted file mode 100644 index c3f971a3cbd..00000000000 --- a/danish/security/2013/dsa-2782.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer blev opdaget i PolarSSL, et letvægts -kryptograferings og SSL-TLS-bibliotek:

- -
    - -
  • CVE-2013-4623 - -

    Jack Lloyd opdagede et lammelsesangrebssårbarhed (denial of service) i - fortolkningen af PEM-encoded certifikater.

    • - -
  • CVE-2013-5914 - -

    Paul Brodeur og TrustInSoft opdagede et bufferoverløb i funktionen - ssl_read_record(), hvilket potentielt gjorde det muligt at udføre vilkårlig - kode.

    • - -
  • CVE-2013-5915 - -

    Cyril Arnaud og Pierre-Alain Fouque opdagede timingangreb mod - implementeringen af RSA.

    • - -
- -

I den gamle stabile distribution (squeeze), vil disse problemer snart blive -rettet i version 1.2.9-1~deb6u1 (på grund af en teknisk begrænsing kan -opdateringerne ikke frigives på samme tid).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.2.9-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.3.1-1.

- -

Vi anbefaler at du opgraderer dine polarssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2782.data" diff --git a/danish/security/2013/dsa-2783.wml b/danish/security/2013/dsa-2783.wml deleted file mode 100644 index d9d3dd25b91..00000000000 --- a/danish/security/2013/dsa-2783.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Rack, en modulær webservicegrænseflade til -Ruby. ProjektetCommon Vulnerabilites and Exposures har registreret følgende -sårbarheder:

- -
    - -
  • CVE-2011-5036 - -

    Rack beregner hashværdier til formularparametre, uden at begrænse - muligheden for at udløse hashkollioner på forudsigelig vis, hvilket gjorde - det muligt for fjernangribere at forårsage et lammelsesangreb (CPU-forbrug), - ved at snede mange fabrikerede parametre.

    • - -
  • CVE-2013-0184 - -

    En sårbarhed i Rack::Auth::AbstractRequest gjorde det muligt for - fjernangribere at forårsage et lammelsesangreb via ukendte - angrebsvinkler.

    • - -
  • CVE-2013-0183 - -

    En fjernangriber kunne forårsage et lammelsesangreb (hukommelsesforbrug - og uden for hukommelsen-fejl) via en lang streng i en Multipart - HTTP-pakke.

    • - -
  • CVE-2013-0263 - -

    Rack::Session::Cookie gjorde det muligt for fjernangribere at gætte - sessionscookien, opnå rettigheder og udføre vilkårlig kode via et - timingangreb, som involverede en HMAC-sammenligningsfunktion, der ikke - kører i konstant tid.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.1.0-4+squeeze1.

- -

Distributionerne stable, testing og unstable indeholder ikke pakken -librack-ruby. Problemerne er allerede løst i version 1.4.1-2.1 af pakken -ruby-rack.

- -

Vi anbefaler at du opgraderer dine librack-ruby-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2783.data" diff --git a/danish/security/2013/dsa-2784.wml b/danish/security/2013/dsa-2784.wml deleted file mode 100644 index 8826567fa7e..00000000000 --- a/danish/security/2013/dsa-2784.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="3d5d744db772d6fa9af6e12ede9dc3a30ba064c6" mindelta="1" -anvendelse efter frigivelse - -

Pedro Ribeiro opdagende en forekomst af anvendelse efter frigivelse i -håndteringen af ImageText-forespørgsler i Xorg Xserver, hvilket kunne medføre -lammelsesangreb (denial of service) eller rettighedsforøgelse.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.7.7-17.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.12.4-6+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1.14.3-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.14.3-4.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2784.data" diff --git a/danish/security/2013/dsa-2785.wml b/danish/security/2013/dsa-2785.wml deleted file mode 100644 index 695a11b6432..00000000000 --- a/danish/security/2013/dsa-2785.wml +++ /dev/null @@ -1,124 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2013-2906 - -

    Atte Kettunen fra OUSPG opdagede kapløbstilstande i Web Audio.

    • - -
  • CVE-2013-2907 - -

    Boris Zbarsky opdagede en læsning uden for grænserne i - window.prototype.

    • - -
  • CVE-2013-2908 - -

    Chamal de Silva opdagede spoofingproblem i adressebjælken.

    • - -
  • CVE-2013-2909 - -

    Atte Kuttenen fra OUSPG opdagede et problem med anvendelse efter - frigivelse i inline-block.

    • - -
  • CVE-2013-2910 - -

    Byoungyoung Lee fra Georgia Tech Information Security Center opdagede et - problem med anvendelse efter frigivelse i Web Audio.

    • - -
  • CVE-2013-2911 - -

    Atte Kettunen fra OUSPG opdagede et problem med anvendelse efter - frigivelse i Blinks XSLT-håndtering.

    • - -
  • CVE-2013-2912 - -

    Chamal de Silva og 41.w4r10r(at)garage4hackers.com opdagede et problem - med anvendelse efter frigivelse i Pepper Plug-in-API'et.

    • - -
  • CVE-2013-2913 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i Blinks - XML-dokumentfortolkning.

    • - -
  • CVE-2013-2915 - -

    Wander Groeneveld opdagede et spoofingproblem i adressebjælken.

    • - -
  • CVE-2013-2916 - -

    Masato Kinugawa opdagede et spoofingproblem i adressebjælken.

    • - -
  • CVE-2013-2917 - -

    Byoungyoung Lee and Tielei Wang discovered an out-of-bounds read - issue in Web Audio.

    • - -
  • CVE-2013-2918 - -

    Byoungyoung Lee opdagede en læsning uden for grænserne i Blinks - DOM-implementering.

    • - -
  • CVE-2013-2919 - -

    Adam Haile fra Concrete Data opdagede et problem med - hukommelseskorruption i JavaScript-biblioteket V8.

    • - -
  • CVE-2013-2920 - -

    Atte Kuttunen fra OUSPG opdagede en læsning uden for grænserne i - fremfindinge af URL-værter.

    • - -
  • CVE-2013-2921 - -

    Byoungyoung Lee og Tielei Wang opdagede et problem med anvendelse efter - frigivelse i ressourceindlæsningen.

    • - -
  • CVE-2013-2922 - -

    Jon Butler opdagede et problem med anvendelse efter frigivelse i Blinks - implementering af HTML-skabelonelementer.

    • - -
  • CVE-2013-2924 - -

    Et problem med anvendelse efter frigivelse blev opdaget i biblioteket - International Components for Unicode (ICU).

    • - -
  • CVE-2013-2925 - -

    Atte Kettunen fra OUSPG opdagede et problem med anvendelse efter - frigivelse i Blinks implementering af XML HTTP-forespørgsler.

    • - -
  • CVE-2013-2926 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - implementeringen af listeindrykningen.

    • - -
  • CVE-2013-2927 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - implementeringen af HTML-formulareafsendelse.

    • - -
  • CVE-2013-2923 - og CVE-2013-2928 - -

    Chrome 30-udviklingsholdet fandt forskellige problemer ved intern - fuzzing, audit og andre kodegennemgange.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i version -30.0.1599.101-1~deb7u1.

- -

I distributionen testing (jessie), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -30.0.1599.101-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2785.data" diff --git a/danish/security/2013/dsa-2786.wml b/danish/security/2013/dsa-2786.wml deleted file mode 100644 index 3ea112b819e..00000000000 --- a/danish/security/2013/dsa-2786.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Google Chrome Security Team opdagede to problemer (en kapløbstilstand og et -problem med anvendelse efter frigivelse) i biblioteket International Components -for Unicode (ICU).

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 4.4.1-8+squeeze2.

- -

I den stabile distribution (wheezy), som kun er påvirket af -\ -CVE-2013-2924, er dette problem rettet i version 4.8.1.1-12+deb7u1.

- -

I distributionen testing (jessie), som kun er påvirket af -\ -CVE-2013-2924, vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), som kun er påvirket af -\ -CVE-2013-2924, er dette problem rettet i version 4.8.1.1-13+nmu1.

- -

Vi anbefaler at du opgraderer dine icu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2786.data" diff --git a/danish/security/2013/dsa-2787.wml b/danish/security/2013/dsa-2787.wml deleted file mode 100644 index c24c49a7c23..00000000000 --- a/danish/security/2013/dsa-2787.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="9e77f32585425eb60ab2e38897500736d2976f3d" mindelta="1" -designfejl - -

Man opdagede at roundcube, en skindbar AJAX-baseret webmailløsning til -IMAP-servere, ikke på korrekt vis fornuftighedskontrollerede parameteret -_session i steps/utils/save_pref.inc under gemning af indstillinger. -Sårbarheden kunne udnyttes til at overskrive opsætningsindstillinger og som -følge deref gøre det muligt at tilgå tilfældige filer, manipulere med -SQL-forespørgsler samt endda udførelse af kode.

- -

roundcube i den gamle stabile distribution (squeeze) er ikke påvirket af -dette problem.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -0.7.2-9+deb7u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine roundcube-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2787.data" diff --git a/danish/security/2013/dsa-2788.wml b/danish/security/2013/dsa-2788.wml deleted file mode 100644 index 44b4dc02bd0..00000000000 --- a/danish/security/2013/dsa-2788.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1c059cb1c46c70d9220b6d74f87bdccf7ff610eb" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer blev fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Flere hukommelsessikkerhedsfejl samt andre -implementeringsfejl kunne føre til udførelse af vilkårlig kode.

- -

Versionen af Iceweasel i den gamle stabile distribution (squeeze) -understøttes ikke længere med sikkerhedsopdateringer.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 17.0.10esr-1~deb7u1.

- -

I den ustabile distribution (sid), these problems will fixed soon.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2788.data" diff --git a/danish/security/2013/dsa-2789.wml b/danish/security/2013/dsa-2789.wml deleted file mode 100644 index 4b229642524..00000000000 --- a/danish/security/2013/dsa-2789.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="6fc9c5965a68ed19091dec075678aa92d76743f2" mindelta="1" -lammelsesangreb og autorisationsomgåelse - -

En sårbarhed blev fundet i ASN.1-fortolkeren i strongSwan, en IKE-dæmon, der -anvendes til at etablere IPsec-beskyttede links.

- -

Ved at sende en fabrikeret ID_DER_ASN1_DN ID-last til en sårbar pluto- eller -charon-dæmon, kunne en ondsindet fjernbruger fremprovokere et lammelsesangreb -(dæmonnedbrud) eller autorisationsomgåelse (udgivende sig for at være en anden -bruger samt potentielt få fat i VPN-rettigheder, som vedkommende ikke har).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 4.4.1-5.4.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 4.5.2-1.5+deb7u2.

- -

I distributionen testing (jessie), er dette problem rettet i -version 5.1.0-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.1.0-3.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2789.data" diff --git a/danish/security/2013/dsa-2790.wml b/danish/security/2013/dsa-2790.wml deleted file mode 100644 index dbe9666d6ca..00000000000 --- a/danish/security/2013/dsa-2790.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="7ad15ebc4646dff99e3b8ebf12c8a8131edd6ecb" mindelta="1" -læsning af uinitialiseret hukommelse - -

En fejl blev fundet i den måde hvorpå Mozilla Network Security -Service-biblioteket (nss) læste uinitialiserede data, når der var en -dekrypteringsfejl. En fjernangriber kunne udnytte fejlen til at forårsage et -lammelsesangreb (applikationsnedbrud) i applikationer, linket med -nss-biblioteket.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket af dette -problem.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2:3.14.4-1.

- -

Pakkerne i den stabile distribution blev opdateret til den seneste -patchudgivelse 3.14.4 af biblioteket, til også at indeholde en -regressionsrettelse af en fejl, der påvirkede libpkix' -certificateverifikationscache. Flere oplysninger finder man via:

- -

\ -https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14.4_release_notes

- -

I distributionen testing (jessie), er dette problem rettet i -version 2:3.15.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:3.15.2-1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2790.data" diff --git a/danish/security/2013/dsa-2791.wml b/danish/security/2013/dsa-2791.wml deleted file mode 100644 index 94f5500f425..00000000000 --- a/danish/security/2013/dsa-2791.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="3ef8d324ed32fd0d459b508158bb600e000e97e7" mindelta="1" -manglende fornuftighedskontrol af inddata - -

Cedric Krier opdagede, at Tryton-klienten ikke fornuftighedskontrollerede -filudvidelsen leveret af serveren, når der blev behandlet rapporter. Som følge -heraf kunne en ondsindet server sende en rapport med en fabrikeret filudvidelse, -som medførte at klienten skrev til enhver lokal fil, som brugeren der kører -klienten, har skriveadgang til.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.6.1-1+deb6u1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.2.3-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine tryton-client-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2791.data" diff --git a/danish/security/2013/dsa-2792.wml b/danish/security/2013/dsa-2792.wml deleted file mode 100644 index 513a58a7ef6..00000000000 --- a/danish/security/2013/dsa-2792.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i dissektorerne til IEEE 802.15.4, NBAP, SIP -og TCP, hvilke kunne medføre lammelsesangreb (denial of service).

- -

Den gamle stabile distribution (squeeze) er kun påvirket af -\ -CVE-2013-6340. Dette problem er rettet i version 1.2.11-6+squeeze13.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.8.2-5wheezy7.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.10.3-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2792.data" diff --git a/danish/security/2013/dsa-2793.wml b/danish/security/2013/dsa-2793.wml deleted file mode 100644 index cd3e538c2be..00000000000 --- a/danish/security/2013/dsa-2793.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c232533217f9f9d4d2fcde479a3591c1bc2a5d61" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer er blevet rettet i adskillige demuxers og dekodere -i multimediebiblioteket libav. CVE-ID'erne nævnt her er kun et lille udvalg af -de sikkerhedsproblemer, der rettes med denne opdatering. En komplet liste over -ændringerne er tilgængelig på \ -http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.9

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.8.9-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 9.10-1.

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2793.data" diff --git a/danish/security/2013/dsa-2794.wml b/danish/security/2013/dsa-2794.wml deleted file mode 100644 index 93684a7e091..00000000000 --- a/danish/security/2013/dsa-2794.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="140164a55b3131923be612ec7e7e8a18c4653a5f" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev fundet i SPIP, en webstedsmotor til udgivelse, -medførende forespørgselsforfalskning på tværs af websteder ved logud, -udførelse af skripter på tværs af websteder på forfattersiden samt -PHP-indsprøjtning.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet -i version 2.1.1-3squeeze7.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.1.17-1+deb7u2.

- -

I distributionen testing (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.1.24-1.

- -

I den eksperimentelle distribution, er disse problemer rettet i -version 3.0.12-1.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2794.data" diff --git a/danish/security/2013/dsa-2795.wml b/danish/security/2013/dsa-2795.wml deleted file mode 100644 index be6fa609d50..00000000000 --- a/danish/security/2013/dsa-2795.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i webserveren lighttpd.

- -

Man opdagede at SSL-forbindelser med klientcertifikater holdt op med at virke -efter DSA-2795-1-opdateringen af lighttpd. En opstrømsrettelse er nu blevet -metaget, hvilken leverer en passende identifikation til -klientcertifikatvalidering.

- -
    - -
  • CVE-2013-4508 - -

    Man opdagede at lighttpd anvendte svage SSL-ciphers når SNI (Server Name - Indication) er aktiveret. Problemet blev løst ved at sikre, at stærktere - SSL-ciphers benyttes når SNI er valgt.

    • - -
  • CVE-2013-4559 - -

    Det statiske analyseringsværktøj clang blev anvendt til at opdage - rettighedsforøgelsesproblemer på grund af manglende kontroller i forbindelse - med lighttpd's setuid-, setgid- og setgroups-kald. De kontrolleres nu på - passende vis.

    • - -
  • CVE-2013-4560 - -

    Det statiske analyseringsværktøj clang blev anvendt til at opdagede et - problem i forbindelse med anvendelse efter frigivelse, når en - FAM-statcachemotor er aktiveret, hvilket nu er rettet.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.4.28-2+squeeze1.5.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.4.31-4+deb7u2.

- -

I distributionen testing (jessie), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version lighttpd_1.4.33-1+nmu1.

- -

I distributionen testing (jessie) og i den ustabile distributions (sid), vil -regressionsproblemet snart blive rettet.

- -

Vi anbefaler at du opgraderer dine lighttpd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2795.data" diff --git a/danish/security/2013/dsa-2796.wml b/danish/security/2013/dsa-2796.wml deleted file mode 100644 index b3a73b8c1a6..00000000000 --- a/danish/security/2013/dsa-2796.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="b1ce682bfee4093db7595142e3a877f479d00591" mindelta="1" -udførelse af vilkårlig kode - -

Matt Ezell fra Oak Ridge National Labs rapporterede om en sårbarhed i torque, -et PBS-afledt batchbehandlings- og køsystem.

- -

En bruger kunne afsende udførbare shell-kommandoer i enden af hvad der blev -overført via parameteret -M til qsub. Det blev senere overført til en pip, -hvilket gjorde det muligt for disse kommandoer, at blive udført som root på -pbs_server.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.4.8+dfsg-9squeeze3.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.4.16+dfsg-1+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.16+dfsg-1.3.

- -

Vi anbefaler at du opgraderer dine torque-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2796.data" diff --git a/danish/security/2013/dsa-2797.wml b/danish/security/2013/dsa-2797.wml deleted file mode 100644 index fb9d56920e7..00000000000 --- a/danish/security/2013/dsa-2797.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="053bae2904c0bf59fe0bfe4a3b204f5ce691a128" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer er fundet i Icedove, Debians udgave af mail- og -newsklienten Mozilla Thunderbird. Flere hukommelsessikkerhedsfejl samt andre -implementeringsfejl kunne føre til udførelse af vilkårlig kode.

- -

Versionen af Icedove i den gamle stabile distribution (squeeze) understøttes -ikke længere med komplette sikkerhedsopdateringer. Men man bør bemærke, at -næsten alle sikkerhedsproblemer i Icedove stammer fra den medfølgende -browsermotor. Sikkerhedsproblemerne påvirker kun Icedove hvis scripting og -HTML-mails er aktiveret. Hvis der er sikkerhedsproblemer, som specifikt -vedrører Icedove (fx et hypotetisk bufferoverløb i IMAP-implementeringen), vil -vi forsøge at tilbageføre sådanne rettelser til den gamle stabile -distribution.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 17.0.10-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 17.0.10-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2797.data" diff --git a/danish/security/2013/dsa-2798.wml b/danish/security/2013/dsa-2798.wml deleted file mode 100644 index 5f8e3b6a6b4..00000000000 --- a/danish/security/2013/dsa-2798.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="4d60b553e2fc2e049569ddfdadbce9eb4011d97c" mindelta="1" -ukontrolleret værtsnavn i SSL-certifikat - -

Scott Cantor opdagede at curl, et filhentningsværktøj, deaktiverede -kontrollen CURLOPT_SSLVERIFYHOST når indstillingen CURLOPT_SSL_VERIFYPEER var -slået fra. Dermed blev også kontroller af værtsnavne i SSL-certifikater -deaktiveret, hvor kun verifikationen at certifikatets trust-kæde, skulle have -været slået fra.

- -

Standardopsætningen af curl-pakken er ikke påvirket af problemet, da -CURLOPT_SSLVERIFYPEER som standard er aktiveret.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 7.21.0-2.1+squeeze5.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 7.26.0-1+wheezy5.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), er -dette problem rettet i version 7.33.0-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2798.data" diff --git a/danish/security/2013/dsa-2799.wml b/danish/security/2013/dsa-2799.wml deleted file mode 100644 index d5664d9ad57..00000000000 --- a/danish/security/2013/dsa-2799.wml +++ /dev/null @@ -1,88 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2013-2931 - -

    Chrome 31-udviklingsholdet fandt forskellige problemer ved intern - fuzzing, audit og andre kodegennemgange.

    • - -
  • CVE-2013-6621 - -

    Khalil Zhani opdagede et anvendelse efter frigivelse-problem i - håndteringen af taleinddata.

    • - -
  • CVE-2013-6622 - -

    cloudfuzzer opdagede et anvendelse efter frigivelse-problem i - HTMLMediaElement.

    • - -
  • CVE-2013-6623 - -

    miaubiz opdagede en læsning uden for grænserne i implementeringen - af Blink/Webkit SVG.

    • - -
  • CVE-2013-6624 - -

    Jon Butler opdagede et anvendelse efter frigivelse-problem i - id-atributstrenge.

    • - -
  • CVE-2013-6625 - -

    cloudfuzzer opdagede et anvendelse efter frigivelse-problem i - implementeringen af Blink/Webkit DOM.

    • - -
  • CVE-2013-6626 - -

    Chamal de Silva opdagede et forfalskningsproblem vedrørende - adressebjælken.

    • - -
  • CVE-2013-6627 - -

    skylined opdagede en læsning uden for grænserne i fortolkeren af - HTTP-stream.

    • - -
  • CVE-2013-6628 - -

    Antoine Delignat-Lavaud og Karthikeyan Bhargavan fra INRIA Paris - opdagede, at et forskelligt (uverificeret) certifikat kunne anvendes efter - en succesrig TLS-genforhandling med et gyldigt certifikat.

    • - -
  • CVE-2013-6629 - -

    Michal Zalewski opdagede et uinitialiseret hukommelseslæsning i - bibliotekerne libjpeg og libjpeg-turbo.

    • - -
  • CVE-2013-6630 - -

    Michal Zalewski opdagede en anden uinitialiseret hukommelseslæsning i - bibliotekerne libjpeg og libjpeg-turbo.

    • - -
  • CVE-2013-6631 - -

    Patrik Höglund opdagede et problem i forbindelse med anvendelse og - frigivelse i biblioteket libjingle.

    • - -
  • CVE-2013-6632 - -

    Pinkie Pie opdagede flere hukommelseskorruptionsproblemer.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 31.0.1650.57-1~deb7u1.

- -

I distributionen testing (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.0.1650.57-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2799.data" diff --git a/danish/security/2013/dsa-2800.wml b/danish/security/2013/dsa-2800.wml deleted file mode 100644 index 5f5690e4455..00000000000 --- a/danish/security/2013/dsa-2800.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="497797c5ee35bad8a14dae3fd536775a9756bcb2" mindelta="1" -bufferoverløb - -

Andrew Tinits rapporterede om et potentielt udnytbart bufferoverløb i -biblioteket Mozilla Network Security Service (nss). Med en særligt fremstillet -forespørgsel, kunne en fjernangriber forårsage et lammelsesangreb (denial of -service) eller muligvis udføre vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 3.12.8-1+squeeze7.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2:3.14.5-1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 2:3.15.3-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:3.15.3-1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2800.data" diff --git a/danish/security/2013/dsa-2801.wml b/danish/security/2013/dsa-2801.wml deleted file mode 100644 index 01a93bcc0a7..00000000000 --- a/danish/security/2013/dsa-2801.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="c1c25263267467b181523864aaa70cd144954fd6" mindelta="1" -designfejl - -

Jonathan Dolle rapporterede om en designfejl i HTTP::Body, et Perl-modul til -behandling af data fra HTTP POST-forespørgsler. Fortolkeren af -multipart-HTTP-body opretter midlertidige filer, hvilket bevarer filendelsen på -den uploadede fil. En angriber med mulighed for at uploade filer til en -tjeneste, der anvender HTTP::Body::Multipart, kunne potentielt udføre kommandoer -på serveren, hvis disse midlertidige filnavne blev benyttet i efterfølgende -kommandoer uden yderligere kontroller.

- -

Opdateringen begrænser de mulige filendelser, som anvendes til at oprette -midlertidige filer.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket af dette problem.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.11-1+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1.17-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.17-2.

- -

Vi anbefaler at du opgraderer dine libhttp-body-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2801.data" diff --git a/danish/security/2013/dsa-2802.wml b/danish/security/2013/dsa-2802.wml deleted file mode 100644 index 003febf0f83..00000000000 --- a/danish/security/2013/dsa-2802.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="778bbfaac229c1ea008e58777ccb97f94fd1158c" mindelta="1" -omgåelse af begrænsning - -

Ivan Fratric fra Google Security Team opdagede en fejl i nginx, en webserver, -hvilket måske kunne gøre det muligt for en angriber at omgå -sikkerhedsbegrænsinger, ved at anvende en særligt fremstillet forespørgsel.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket af dette problem.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.1-2.2+wheezy2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.4-1.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2802.data" diff --git a/danish/security/2013/dsa-2803.wml b/danish/security/2013/dsa-2803.wml deleted file mode 100644 index beaf03552f5..00000000000 --- a/danish/security/2013/dsa-2803.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Quagga, en routingdæmon til BGP/OSPF/RIP:

- -
    - -
  • CVE-2013-2236 - -

    Et bufferoverløb blev fundet i OSPF API-serveren (eksport af LSDB'en og - muliggørelse af annoncering af Opaque-LSA'er).

    • - -
  • CVE-2013-6051 - -

    Man kunne få bgpd til at gå ned gennem BGP-opdateringer. Det påvirker - kun Wheezy/stable.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 0.99.20.1-0+squeeze5.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.99.22.4-1+wheezy1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.99.22.4-1.

- -

Vi anbefaler at du opgraderer dine quagga-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2803.data" diff --git a/danish/security/2013/dsa-2804.wml b/danish/security/2013/dsa-2804.wml deleted file mode 100644 index 5eba1a4277a..00000000000 --- a/danish/security/2013/dsa-2804.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="8fdc8d284c746c69dda8274caf6e0a2f96b75265" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Drupal, et komplet system til -indholdshåndtering: Udførelse af forespørgsler på tværs af websteder, usikker -generering af pseudo-tilfældige tal, udførelse af kode, ukorrekt validering af -sikkerhedstoken samt udførelse af scripter på tværs af websteder.

- -

For at undgå sårbarheden vedrørende fjernudførelse af kode, anbefales det at -oprette en .htaccess-fil (eller en tilsvarende opsætningsindstilling, i fald man -ikke anvender Apache som server til sine Drupal-websteder) i hvert af ens -websteders files-mapper (både offentlige og private, i fald man har -opsat begge slags).

- -

Se NEWS-filen som følger med denne opdatering samt opstrømsbulletinen på -drupal.org/SA-CORE-2013-003 -for flere oplysninger.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 7.14-2+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.24-1.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2804.data" diff --git a/danish/security/2013/dsa-2805.wml b/danish/security/2013/dsa-2805.wml deleted file mode 100644 index 6e2e07a0751..00000000000 --- a/danish/security/2013/dsa-2805.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -kommandoindsprøjtning - -

Joernchen fra Phenoelit opdagede to kommandoindsprøjtningsfejl i Sup, en -konsolbaseret mailklient. En angriber kunne måske udføre vilkårlige kommandoer, -hvis brugeren åbnede en ondsindet, fabrikeret mail.

- -
    - -
  • CVE-2013-4478 - -

    Sup håndterede vedhæftelsers filnavne forkert.

    • - -
  • CVE-2013-4479 - -

    Sup fornuftighedskontrollerede ikke vedhæftelsers content-type.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 0.11-2+nmu1+deb6u1.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.12.1+git20120407.aaa852f-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine sup-mail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2805.data" diff --git a/danish/security/2013/dsa-2806.wml b/danish/security/2013/dsa-2806.wml deleted file mode 100644 index 644701ca826..00000000000 --- a/danish/security/2013/dsa-2806.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="c88ef48986a56b23281b8b7643a5e2894072d76b" mindelta="1" -rettighedsforøgelse - -

Man opdagede at nbd-server, serveren til Network Block Device-protokollen, -ikke på korrekt vis fortolkede adgangskontrollisterne, hvilket muliggjorde -adgang til enhver vært med en IP-adresse, som deler præfiks med en tilladt -adresse.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1:2.9.16-8+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:3.2-4~deb7u4.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine nbd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2806.data" diff --git a/danish/security/2013/dsa-2807.wml b/danish/security/2013/dsa-2807.wml deleted file mode 100644 index 50ca37c14a4..00000000000 --- a/danish/security/2013/dsa-2807.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="b8648b22ee70d300cc97ec0cf977b41dc6f926ce" mindelta="1" -heltalsoverløb - -

Mikulas Patocka opdagede et heltalsoverløb i fortolkning af HTML-tabeller i -webbrowseren Links. Det kan kun udnyttes når Links køres i grafisk -tilstand.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.3~pre1-1+squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.7-1+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 2.8-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.8-1.

- -

Vi anbefaler at du opgraderer dine links2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2807.data" diff --git a/danish/security/2013/dsa-2808.wml b/danish/security/2013/dsa-2808.wml deleted file mode 100644 index bde9c907da4..00000000000 --- a/danish/security/2013/dsa-2808.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i OpenJPEG, et JPEG 2000-billedbibliotek, hvilke -kunne føre til denial of service/lammelsesangreb -(\ -CVE-2013-1447) via applikationsnedbrud eller højt hukommelsesforbrug, -muligvis udførelse af kode gennem heapbufferoverløb -(\ -CVE-2013-6045), informationsafsløring -(\ -CVE-2013-6052), eller et andet heapbufferoverløb som kun lader til at -påvirke OpenJPEG 1.3 -(\ -CVE-2013-6054).

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.3+dfsg-4+squeeze2.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.3+dfsg-4.7.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), -vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine openjpeg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2808.data" diff --git a/danish/security/2013/dsa-2809.wml b/danish/security/2013/dsa-2809.wml deleted file mode 100644 index 9de393b4552..00000000000 --- a/danish/security/2013/dsa-2809.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i fortolkeren af Ruby-sproget. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2013-1821 - -

    Ben Murphy opdagede at ubegrænset entitetsudvidelse i REXML, kunne føre - til et lammelsesangreb (denial of service) ved at forbruge al hukommelsesen - på værtsmaskinen.

    • - -
  • CVE-2013-4073 - -

    William (B.J.) Snow Orvis opdagede en sårbarhed i kontrollen af - værtsnavne i Rubys SSL-klient, hvilket kunne gøre det muligt for manden i - midten-angribere, at udgive sig for at være SSL-servere gennem et fabrikeret - certifikat udgivet af en certificeringsmyndighed, der er tillid til.

    • - -
  • CVE-2013-4164 - -

    Charlie Somerville opdagede at Ruby på ukorrekt vis håndterede - konverteringer med flydende komma. Hvis en applikation, der anvender Ruby, - accepterede strenge, der ikke er tillid til, og konverterede dem til - flydende komma-tal, kunne en angriber med mulighed for at levere sådanne - inddata, få applikationen til at gå ned eller muligvis udføre vilkårlig kode - med rettighederne hørende til applikationen.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.8.7.302-2squeeze2.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.8.7.358-7.1+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.8.7.358-9.

- -

Vi anbefaler at du opgraderer dine ruby1.8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2809.data" diff --git a/danish/security/2013/dsa-2810.wml b/danish/security/2013/dsa-2810.wml deleted file mode 100644 index c038894b697..00000000000 --- a/danish/security/2013/dsa-2810.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="d16ec14fb629056ca8754b317db3f2088b433251" mindelta="1" -heapoverløb - -

Charlie Somerville opdagede at Ruby på ukorrekt vis håndterede -konverteringer med flydende komma. Hvis en applikation, der anvender Ruby, -accepterede strenge, der ikke er tillid til, og konverterede dem til flydende -komma-tal, kunne en angriber med mulighed for at levere sådanne inddata, få -applikationen til at gå ned eller muligvis udføre vilkårlig kode med -rettighederne hørende til applikationen.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.9.2.0-2+deb6u2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.9.3.194-8.1+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.9.3.484-1.

- -

Vi anbefaler at du opgraderer dine ruby1.9.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2810.data" diff --git a/danish/security/2013/dsa-2811.wml b/danish/security/2013/dsa-2811.wml deleted file mode 100644 index 3c228e80ecd..00000000000 --- a/danish/security/2013/dsa-2811.wml +++ /dev/null @@ -1,57 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2013-6634 - -

    Andrey Labunets opdagede at den forkerte URL blev benyttet under - validering i hjælperen til enkeltkliklogon.

    • - -
  • CVE-2013-6635 - -

    cloudfuzzer opdagede problemer med anvendelse efter frigivelse i - DOM-redigeringskommandoerne InsertHTML og Indent.

    • - -
  • CVE-2013-6636 - -

    Bas Venis opdagede et problem med forfalskning i adressebjælken.

    • - -
  • CVE-2013-6637 - -

    Udviklingsholdet bag chrome opdagede og rettede en række problemer med - potentiel sikkerhedspåvirkning.

    • - -
  • CVE-2013-6638 - -

    Jakob Kummerow fra Chromium-projektet opdagede et bufferoverløb i - v8-javascriptbiblioteket.

    • - -
  • CVE-2013-6639 - -

    Jakob Kummerow fra Chromium-projektet opdagede en skrivning uden for - grænserne i v8-javascriptbiblioteket.

    • - -
  • CVE-2013-6640 - -

    Jakob Kummerow fra Chromium-projektet opdagede en læsning uden for - grænserne i v8-javascriptbiblioteket.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 31.0.1650.63-1~deb7u1.

- -

I distributionen testing (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.0.1650.63-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2811.data" diff --git a/danish/security/2013/dsa-2812.wml b/danish/security/2013/dsa-2812.wml deleted file mode 100644 index 0cf4a03930d..00000000000 --- a/danish/security/2013/dsa-2812.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

To sikkerhedsproblemer blev fundet i Samba, en SMB-/CIFS-fil, -print og --loginserver:

- -
    - -
  • CVE-2013-4408 - -

    Man opdagede at fkere bufferoverløb i behandlingen af DCE-RPC-pakker - måske kunne medføre udførelse af vilkårlig kode.

    • - -
  • CVE-2013-4475 - -

    Hemanth Thummala opdagede at ACL'er ikke blev kontrolleret, når der blev - åbnet filer med alternative datstrømme. Problemet kan kun udnyttes hvis - VFS-moulerne vfs_streams_depot og/eller vfs_streams_xattr anvendes.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 3.5.6~dfsg-3squeeze11.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.6.6-6+deb7u2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2812.data" diff --git a/danish/security/2013/dsa-2813.wml b/danish/security/2013/dsa-2813.wml deleted file mode 100644 index b3d76107fcd..00000000000 --- a/danish/security/2013/dsa-2813.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Murray McAllister opdagede flere heltals- og bufferoverløb i XWD-plugin'en i -Gimp, hvilke kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 2.6.10-1+squeeze4. Opdateringen retter også -CVE-2012-3403, -CVE-2012-3481 og -CVE-2012-5576.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.8.2-2+deb7u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine gimp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2813.data" diff --git a/danish/security/2013/dsa-2814.wml b/danish/security/2013/dsa-2814.wml deleted file mode 100644 index 473f629a33a..00000000000 --- a/danish/security/2013/dsa-2814.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="0fa23206c72c9c543a94218c3c5486e87d43577c" mindelta="1" -lammelsesangreb - -

En lammelsesangrebssårbarhed blev rapporteret i varnish, en moderne og -højtydende webaccelerator. I nogle opsætninger af varnish, kunne en -fjernangriber iværksætte et lammelsesangreb (nedbrud af childproces og -udfald af midlertidig cache) via en GET-forespørgsel med efterfølgende -whitespacetegn og ingen URI.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.1.3-8+deb6u1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.0.2-2+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.0.5-1.

- -

Vi anbefaler at du opgraderer dine varnish-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2814.data" diff --git a/danish/security/2013/dsa-2815.wml b/danish/security/2013/dsa-2815.wml deleted file mode 100644 index 877df8a2dd2..00000000000 --- a/danish/security/2013/dsa-2815.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb - -

Christoph Biedl opdagede to lammelsesangrebssårbarheder i munin, et -netværksomspændende grafframework. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2013-6048 - -

    Modulet Munin::Master::Node i munin validerede ikke på korrekt vis visse - data, som en node sender. En ondsindet node kunne udnytte det til at få en - munin-html-proces ind i en uendelig løkke med opbrugt hukommelse på - munin-masteren til følge.

    • - -
  • CVE-2013-6359 - -

    En ondsindet node, med en plugin aktiveret, der anvender - multigraph som multigraph-servicenavn, kunne afbryde dataindsamling - for hele den node, plugin'en kører på.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.0.6-4+deb7u2.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 2.0.18-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.0.18-1.

- -

Vi anbefaler at du opgraderer dine munin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2815.data" diff --git a/danish/security/2013/dsa-2816.wml b/danish/security/2013/dsa-2816.wml deleted file mode 100644 index 3e1494873ed..00000000000 --- a/danish/security/2013/dsa-2816.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev fundet i PHP, et skriptsprog egnet til alle formål, -der ofte anvendes til udvikling af webapplikationer. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer

- -
    - -
  • CVE-2013-6420 - -

    Stefan Esser rapporterede om mulig hukommelseskorruption i - openssl_x509_parse().

    • - -
  • CVE-2013-6712 - -

    Oprettelse af DateInterval-objekter fra fortolkede ISO-datoer, var ikke - begrænset på korrekt vis, hvilket gjorde det muligt at forårsage et - lammelsesangreb (denial of service).

    • - -
- -

Desuden indeholder opdateringen til Debian 7 Wheezy flere -fejlrettelser, som oprindelig var planlagt til at blive medtaget i den kommende -punktopdatering af Wheezy.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 5.3.3-7+squeeze18.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.4.4-14+deb7u7.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.5.6+dfsg-2.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2816.data" diff --git a/danish/security/2013/dsa-2817.wml b/danish/security/2013/dsa-2817.wml deleted file mode 100644 index f8c3c035c18..00000000000 --- a/danish/security/2013/dsa-2817.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="d0a3dccdfc2500264bddbf6deb3dd22cba2e0dc7" mindelta="1" -heltalsoverløb - -

Timo Warns rapporterede om flere heltalsoverløbssårbarheder i libtar, et -bibliotek til manipulering af tar-arkiver, hvilket kunne medføre udførelse af -vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.2.11-6+deb6u1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.16-1+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1.2.20-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2.20-1.

- -

Vi anbefaler at du opgraderer dine libtar-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2817.data" diff --git a/danish/security/2013/dsa-2818.wml b/danish/security/2013/dsa-2818.wml deleted file mode 100644 index 6ca5ebdd465..00000000000 --- a/danish/security/2013/dsa-2818.wml +++ /dev/null @@ -1,50 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til en ny opstrømsversion, 5.5.33, som indeholder andre -ændringer, så som ydelsesforbedringer, fejlrettelse, ny funktionalitet samt -muligvis ikke-kompatible ændringer. Se MySQL 5.5 Release Notes for flere -oplysninger:

- - - -

Desuden retter opdateringen to problemer, som specifikt påvirker Debians -mysql-5.5-pakke:

- -

En kapløbstilstand i postinstalleringskriptet fra mysql-server-5.5-pakken, -oprettede opsætningsfilen /etc/mysql/debian.cnf med rettigheder, som gør -filen læsbar for alle, før rettighedernes begrænses, hvilket gjorde det muligt -for lokale brugere at læse filen og få adgang til følsomme oplysningeer, så som -brugeroplysningerne til debian-sys-maint, til udførelse af administrative -opgaver. (\ -CVE-2013-2162)

- -

Matthias Reichl rapporterede at mysql-5.5-pakken mangler rettelserne, som -tidligere blev udført på Debians mysql-5.1, som smider databasen test -væk, samt fjerner rettighederne, som tillader anonym adgang uden en adgangskode, -fra localhost til test-databasen og enhver database hvis navn begynder -med test_. Opdateringen indfører rettelserne i mysql-5.5-pakken.

- -

Eksisterende databaser og rettigheder berørers ikke. Se NEWS-filen, som -følger med opdateringen, for flere oplysninger.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.5.33+dfsg-0+wheezy1.

- -

I den ustabile distribution (sid), vil de Debian-specifikke problemer snart -blive rettet.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2818.data" diff --git a/danish/security/2013/dsa-2819.wml b/danish/security/2013/dsa-2819.wml deleted file mode 100644 index 5aad94fb4b0..00000000000 --- a/danish/security/2013/dsa-2819.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="13ad01c1b15c800d409d0a73366ce01fc8abaf8f" mindelta="1" -ophørsannoncering vedrørende iceape - -

Sikkerhedsunderstøttelse af Iceape, Debians version af Seamonkey-suiten, er -nødt til at stoppe før den regulære livscyklus for sikkerhedsvedligeholdelse -ophører.

- -

Vi anbefaler at man migrerer til Iceweasel hvad angår -webbrowserfunktionalitet og til Icedove for maildelens vedkommende. Iceweasel -og Icedove er baseret på den samme kodebase, og vil fortsat blive understøttet -med sikkerhedsopdateringer. Alternativt kan man skifte til de binære filer, -som stilles til rådighed af Mozilla på -\ -http://www.seamonkey-project.org/releases/ - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2819.data" diff --git a/danish/security/2013/dsa-2820.wml b/danish/security/2013/dsa-2820.wml deleted file mode 100644 index 0b615ce9c79..00000000000 --- a/danish/security/2013/dsa-2820.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="3b235a77d315707de01c8c2d1284fdda2d2bc7b3" mindelta="1" -heltalsoverløb - -

Man opdagede at NSPR, Netscape Portable Runtime library, kunne få en -applikation, der benytter biblioteket, til at gå ned, når der blev fortolket et -certifikat, som forårsagede et heltalsoverløb. Fejlen påvirker kun 64 -bit-systemer.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 4.8.6-1+squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2:4.9.2-1+deb7u1.

- -

I distributionen testing (jessie), og i den ustabile distribution -(sid), er dette problem rettet i version 2:4.10.2-1.

- -

Vi anbefaler at du opgraderer dine nspr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2820.data" diff --git a/danish/security/2013/dsa-2821.wml b/danish/security/2013/dsa-2821.wml deleted file mode 100644 index 4cfbd500588..00000000000 --- a/danish/security/2013/dsa-2821.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="9ca93e12c89492dcf8444ce75097035c265ab7bd" mindelta="1" -sidekanalsangreb - -

Genkin, Shamir og Tromer opdagede at RSA-nøglemateriale kunne udtrækkes ved -at benytte lyden, der genereres af computeren under dekrypteringen af nogle -udvalgte ciphertekster.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.4.10-4+squeeze4.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4.12-7+deb7u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.15-3.

- -

Vi anbefaler at du opgraderer dine gnupg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2821.data" diff --git a/danish/security/2013/dsa-2822.wml b/danish/security/2013/dsa-2822.wml deleted file mode 100644 index 906da5fddc4..00000000000 --- a/danish/security/2013/dsa-2822.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7106055027b649b348d3e2d77ee72a7b0c48ce28" mindelta="1" -heltalsunderløb - -

Bryan Quigley opdagede et heltalsunderløb i Xorg X-serveren, hvilket kunne -føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.7.7-18.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.12.4-6+deb7u2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2822.data" diff --git a/danish/security/2013/dsa-2823.wml b/danish/security/2013/dsa-2823.wml deleted file mode 100644 index 159a53b242c..00000000000 --- a/danish/security/2013/dsa-2823.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="2f46483b99e3767a76e06f1448255e7bd0aef07e" mindelta="1" -heltalsunderløb - -

Bryan Quigley opdagede et heltalsunderløb i Pixman, hvilket kunne føre til -lammelsesangreb (denial of service) eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.16.4-1+deb6u1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.26.0-4+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.30.2-2.

- -

Vi anbefaler at du opgraderer dine pixman-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2823.data" diff --git a/danish/security/2013/dsa-2824.wml b/danish/security/2013/dsa-2824.wml deleted file mode 100644 index 47f0d60a3b3..00000000000 --- a/danish/security/2013/dsa-2824.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="143c3e1844802f89bdcd0235f64b3f3b97e310e2" mindelta="1" -ukontrolleret værtsnavn i tls-/ssl-certifikat - -

Marc Deslauriers opdagede at curl, et filhentningsværktøj, sprang ved en fejl -kontrol af CN- og SAN-navnefelterne over, når kontrol af digital signatur var -deaktiveret i libcurl's GnuTLS-backend.

- -

Standardopsætningen af curl-pakken er ikke påvirket af problemet, da kontrol -af digital signatur som standard er aktiveret.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket af dette problem.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 7.26.0-1+wheezy7.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.34.0-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2824.data" diff --git a/danish/security/2013/dsa-2825.wml b/danish/security/2013/dsa-2825.wml deleted file mode 100644 index bf312d6cb84..00000000000 --- a/danish/security/2013/dsa-2825.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="aa4c5bfb61791d854fa3e74e2ebcf9f55d532882" mindelta="1" -flere sårbarheder - -

Laurent Butti og Garming Sam opdagede flere sårbarheder i dissektorerne til -NTLMSSPv2 og BSSGP, hvilke kunne føre til lammelsesangreb (denial of service) -eller udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.8.2-5wheezy9.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.10.4-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2825.data" diff --git a/danish/security/2013/dsa-2826.wml b/danish/security/2013/dsa-2826.wml deleted file mode 100644 index fd174aca9e5..00000000000 --- a/danish/security/2013/dsa-2826.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="9a22cd8ebe1c7f6405d75595e6e2313ed27a1e47" mindelta="1" -fjern-ssh-lammelsesangreb - -

Helmut Grohne opdagede at denyhosts, et værktøj som forhindrer SSH- -brute force-angreb, kunne anvendes til fjernudførte lammelsesangreb mod -SSH-dæmonen. Ukorrekt angivne regulære udtryk benyttet til at opdage brute -force-angreb i autentifikationslogger, kunne udnyttes af en ondsindet bruger -til at forfalske fabrikerede loginnavne, for at få denyhost til at banlyse -vilkårlige IP-adresser.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.6-7+deb6u2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.6-10+deb7u2.

- -

I distributionen testing (jessie), er dette problem rettet i -version 2.6-10.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.6-10.1.

- -

Vi anbefaler at du opgraderer dine denyhosts-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2826.data" diff --git a/danish/security/2013/dsa-2827.wml b/danish/security/2013/dsa-2827.wml deleted file mode 100644 index 5b6e49c12e9..00000000000 --- a/danish/security/2013/dsa-2827.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="c7e7cde6356d6f3b4028ffcda30f910877ffe53d" mindelta="1" -upload af vilkårlig fil via deserialisation - -

Man opdagede at Apache Commons FileUpload, en pakke der gør det let at -tilføje robuste, højtydende filuploadmulighed til servlets og webapplikationer, -på ukorrekt vis håndterede filnavne med NULL-bytes i serialiserede instanser. -En fjernangriber med mulighed for at levere en serialiseret instans af klassen -DiskFileItem, der kunne deserialiseres på en server, kunne udnytte fejlen til at -skrive vilkårligt indhold til enhver placering på serveren, som er tilgængelig -for brugeren, der kører applikationens serverproces.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.2.2-1+deb6u1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.2-1+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1.3-2.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3-2.1.

- -

Vi anbefaler at du opgraderer dine libcommons-fileupload-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2827.data" diff --git a/danish/security/2013/dsa-2828.wml b/danish/security/2013/dsa-2828.wml deleted file mode 100644 index 7326a70c7cf..00000000000 --- a/danish/security/2013/dsa-2828.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="d609ff4fcb0021e6dd288de057a1ef6cd2b1ac13" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Drupal, et komplet framework til -indholdshåndtering: sårbarheder på grund af optimisktisk beskyttelse mod -forespørgsler på tværs af websteder, usikker generering af pseudo-tilfældige -tal, udførelse af kode samt ukorrekt validering af sikkerhedstoken.

- -

For at undgå den fjernudnytbare kodeudførselssårbarhed, anbefales det at -oprette en .htaccess-fil (eller tilsvarende hvis Apache ikke anvendes til at -servere dine Drupal-websteder) i hvert af dine websteders files-mapper -(både offentlige og og private, i tilfælde af at begge er opsat).

- -

Se NEWS-filen, der følger med opdateringen samt opstrøms bulletin på -drupal.org/SA-CORE-2013-003 -for yderligere oplysninger.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 6.29-1.

- -

Vi anbefaler at du opgraderer dine drupal6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2828.data" diff --git a/danish/security/2013/dsa-2829.wml b/danish/security/2013/dsa-2829.wml deleted file mode 100644 index a3ea6b93c83..00000000000 --- a/danish/security/2013/dsa-2829.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="565e5f69e752ffb77a2dd9febee91bc7d7fcaa14" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er fundet i Linux Printing and Imaging System: Usikre -midlertidige filer, utilstrækkelige rettighedskontroller i PackageKit og den -usikre service hp-upgrade er blevet deaktiveret.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 3.10.6-2+squeeze2.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.12.6-3.1+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.13.11-2.

- -

Vi anbefaler at du opgraderer dine hplip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2829.data" diff --git a/danish/security/2013/dsa-2830.wml b/danish/security/2013/dsa-2830.wml deleted file mode 100644 index 2ff75d000ab..00000000000 --- a/danish/security/2013/dsa-2830.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="814d157b203d98f3fd3173fe6e5a02a4479e3dd0" mindelta="1" -udførelse af skripter på tværs af websteder - -

Peter McLarnan opdagede at internationaliseringskomponenten i Ruby on Rails -ikke på korrekt vis indkapslede parametre i genereret HTML-kode, medførende en -sårbarhed i forbindelse med udførelse af skripter på tværs af websteder. -Opdateringen retter den underliggende sårbarhed i i18n-gem, som leveres via -pakken ruby-i18n.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket af dette problem; -pakken libi18n-ruby indeholder ikke den sårbare kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.6.0-3+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.6.9-1.

- -

Vi anbefaler at du opgraderer dine ruby-i18n-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2830.data" diff --git a/danish/security/2013/dsa-2831.wml b/danish/security/2013/dsa-2831.wml deleted file mode 100644 index 528020df35e..00000000000 --- a/danish/security/2013/dsa-2831.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="a6652b1047d53af15ac92038a327380ec2f4420b" mindelta="1" -usikre midlertidige filer - -

Man opdagede en usikker anvendelse af midlertidige filer i Puppet, et værktøj -til centraliseret opsætningshåndtering. En angriber kunne udnytte sårbarheden -til at overskrive en vilkårlig fil i systemet.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.6.2-5+squeeze9.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.7.23-1~deb7u2.

- -

I distributionen testing (jessie), er dette problem rettet i -version 3.4.1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.4.1-1.

- -

Vi anbefaler at du opgraderer dine puppet-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2013/dsa-2831.data" diff --git a/danish/security/2013/index.wml b/danish/security/2013/index.wml deleted file mode 100644 index b072ae4e32b..00000000000 --- a/danish/security/2013/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2013 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="b8114b588961778dbd04974c1464a2f388a90c28" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2013', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2014/Makefile b/danish/security/2014/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2014/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2014/dsa-2832.wml b/danish/security/2014/dsa-2832.wml deleted file mode 100644 index c5116c3c549..00000000000 --- a/danish/security/2014/dsa-2832.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er fundet i memcached, et højtydende system til caching af -hukommelsesobjekter. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2011-4971 - -

    Stefan Bucur rapporterede, at memcached kunne bringes til at gå ned, ved - at sende en særligt fremstillet pakke.

    • - -
  • CVE-2013-7239 - -

    Der blev rapporteret, at SASL-autentifikation kunne omgås på grund af en - fejl i forbindelse med håndtering af SASL-autentifikationstilstanden. Med - en særligt fremstillet forespørgsel, kunne en fjernangriber måske blive - autentificeret med ugyldige SASL-brugeroplysninger.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.4.5-1+deb6u1. Bemærk at rettelsen til -\ -CVE-2013-7239 ikke er taget i brug i den gamle stabile distribution, da -SASL-understøttelse ikke er aktiveret i den version. Opdateringen indeholder -også en rettelse af -\ -CVE-2013-0179, som allerede var rettet i den stabile udgave.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.4.13-0.2+deb7u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine memcached-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2832.data" diff --git a/danish/security/2014/dsa-2833.wml b/danish/security/2014/dsa-2833.wml deleted file mode 100644 index a65138edcef..00000000000 --- a/danish/security/2014/dsa-2833.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="ac06f787fe7c0436820894f4c9ff01a212795c14" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer er rettet i OpenSSL: TLS 1.2-understøttelsen var -sårbar over for lammelsesangreb (denial of service) og genoverførsel af -DTLS-meddelelser blev rettet. Desuden deaktiverer opdateringen den usikre -Dual_EC_DRBG-algoritme (der heller ikke blev benyttet, se -\ -http://marc.info/?l=openssl-announce&m=138747119822324&w=2 for -yderligere oplysninger) og anvender ikke længere RdRand-funktionen, der er -tilgængelig i nogle Intel-CPU'er, som den eneste kilde til entropi, med mindre -der specifikt bedes om det.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.0.1e-2+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.1e-5.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2833.data" diff --git a/danish/security/2014/dsa-2834.wml b/danish/security/2014/dsa-2834.wml deleted file mode 100644 index fa76b461bcd..00000000000 --- a/danish/security/2014/dsa-2834.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="bc18159ae82429e05910ed3b4fb682bfdf2e1203" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i TYPO3, et indholdshåndteringssystem. -Opdateringen løser sårbarheder i forbindelse med udførelse af skripter på tværs -af websteder, informationsafsløring, massetildeling, åben viderestilling samt -usikker unserialize; den modsvarer -\ -TYPO3-CORE-SA-2013-004.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 4.3.9+dfsg1-1+squeeze9.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.5.19+dfsg1-5+wheezy2.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 4.5.32+dfsg1-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.5.32+dfsg1-1.

- -

Vi anbefaler at du opgraderer dine typo3-src-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2834.data" diff --git a/danish/security/2014/dsa-2835.wml b/danish/security/2014/dsa-2835.wml deleted file mode 100644 index ca5dbc5f7d6..00000000000 --- a/danish/security/2014/dsa-2835.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="45ffa5839adc6718ff9b040625747eace5365812" mindelta="1" -bufferoverløb - -

Jan Juergens opdagede et bufferoverløb i fortolkeren af SMS-beskeder i -Asterisk.

- -

Yderligere en ændring blev tilbageført, hvilken er udførligt beskrevet i -\ -http://downloads.asterisk.org/pub/security/AST-2013-007.html

- -

Med rettelsen af AST-2013-007, blev en ny opsætningsmulighed tilføjet, for at -kunne gøre det muligt for systemadministratoren at deaktivere udvidelse af -farlige funktioner (så som SHELL()) i enhver grænseflade, som ikke er -dialplan'en. I stable og oldstable er denne som standard deaktiveret. For at -aktivere den, tilføjes følgende linje til afsnittet [options] i -/etc/asterisk/asterisk.conf (hvorefter asterisk skal genstartes)

- - 
live_dangerously = no
- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1:1.6.2.9-2+squeeze12.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:1.8.13.1~dfsg1-3+deb7u3.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1:11.7.0~dfsg-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:11.7.0~dfsg-1.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2835.data" diff --git a/danish/security/2014/dsa-2836.wml b/danish/security/2014/dsa-2836.wml deleted file mode 100644 index 2615b7c4701..00000000000 --- a/danish/security/2014/dsa-2836.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -udførelse af vilkårlig kode - -

Flere sårbarheder blev opdaget i uscan, et værktøj til at scanne -opstrømssteder efter nye udgaver af pakker; det indgår i pakken devscripts. En -angriber, som kontrollerer et websted, hvorfra uscan prøver at hente en -kildekode-tarball, kunne udføre vilkårlig kode med rettighederne hørende til -brugeren, der kører uscan.

- -

Projektet Common Vulnerabilities and Exposures har tildelt id'en -\ -CVE-2013-6888 til problemerne.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.12.6+deb7u2.

- -

I distributionen testing (jessie) og i den ustabile distribution -(sid), er disse problemer rettet i version 2.13.9.

- -

Vi anbefaler at du opgraderer dine devscripts-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2836.data" diff --git a/danish/security/2014/dsa-2837.wml b/danish/security/2014/dsa-2837.wml deleted file mode 100644 index 45d83206bc1..00000000000 --- a/danish/security/2014/dsa-2837.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="4afba0de9c573b4fcccb6ea0d41e02425a3d2906" mindelta="1" -programmeringsfejl - -

Anton Johansson opdagede at en ugyldig TLS-handshakepakke kunne få OpenSSL -til at gå ned med en NULL-pointerdereference.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.0.1e-2+deb7u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.0.1f-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2837.data" diff --git a/danish/security/2014/dsa-2838.wml b/danish/security/2014/dsa-2838.wml deleted file mode 100644 index c073f636edf..00000000000 --- a/danish/security/2014/dsa-2838.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="4845ecdd5643e5e38661ccfb33053fdce3cc2956" mindelta="1" -bufferoverløb - -

Man opdagede at et bufferoverløb i behandlingen af Glyph Bitmap -Distribution-skrifttyper (BDF), kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1:1.4.1-4.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:1.4.5-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.4.7-1.

- -

Vi anbefaler at du opgraderer dine libxfont-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2838.data" diff --git a/danish/security/2014/dsa-2839.wml b/danish/security/2014/dsa-2839.wml deleted file mode 100644 index a255c8ee9eb..00000000000 --- a/danish/security/2014/dsa-2839.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb - -

Flere sårbarheder er fundet i spice, et klient- og serverbibiotek til -SPICE-protokollen. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2013-4130 - -

    David Gibson fra Red Hat, opdagede at SPICE håndterede visse netværksfejl - på ukorrekt vis. En fjernbruger med mulighed for at iværksætte en - SPICE-forbindelse til en applikation, fungerende som en SPICE-server, kunne - anvende fejlen til at få applikationen til at gå ned.

    • - -
  • CVE-2013-4282 - -

    Tomas Jamrisko fra Red Hat, opdagede at SPICE håndterede visse lange - adgangskoder i SPICE-tickets på ukorrekt vis. En fjernbruger med mulighed - for at iværksætte en SPICE-forbindelse til en applikation, fungerende som - en SPICE-server, kunne anvende fejlen til at få applikationen til at gå - ned.

    • - -
- -

Applikationer, der fungerer som en SPICE-server, skal genstartes for at denne -opdatering kan træde i kraft.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.11.0-1+deb7u1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 0.12.4-0nocelt2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.12.4-0nocelt2.

- -

Vi anbefaler at du opgraderer dine spice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2839.data" diff --git a/danish/security/2014/dsa-2840.wml b/danish/security/2014/dsa-2840.wml deleted file mode 100644 index 6142eaf9981..00000000000 --- a/danish/security/2014/dsa-2840.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="46a7bc77fec32beac32c51870012deb422f62de1" mindelta="1" -bufferoverløb - -

Fernando Russ fra Groundworks Technologies rapporterede om en -bufferoverløbsfejl i srtp, Ciscos referenceimplementering af Secure Real-time -Transport Protocol (SRTP), i hvordan funktionen -crypto_policy_set_from_profile_for_rtp() tildeler kryptografiske profiler til -en srtp_policy. En fjernangriber kunne udnytte sårbarheden til at få en -applikation, som er linket mod libsrtp, til at gå ned, hvilket medførte et -lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.4.4~dfsg-6+deb6u1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4.4+20100615~dfsg-2+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1.4.5~20130609~dfsg-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.5~20130609~dfsg-1.

- -

Vi anbefaler at du opgraderer dine srtp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2840.data" diff --git a/danish/security/2014/dsa-2841.wml b/danish/security/2014/dsa-2841.wml deleted file mode 100644 index b3951cbb5b4..00000000000 --- a/danish/security/2014/dsa-2841.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="8af45dec601c1bb2d638d5978077ed7f9d859c12" mindelta="1" -udførelse af skripter på tværs af websteder - -

En sårbarhed i forbindelse med udførelse af skripter på tværs af websteder, -blev opdaget i rich text-editoren hørende bloggingmotoren Movable Type.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 4.3.8+dfsg-0+squeeze4.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.1.4+dfsg-4+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.2.9+dfsg-1.

- -

Vi anbefaler at du opgraderer dine movabletype-opensource-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2841.data" diff --git a/danish/security/2014/dsa-2842.wml b/danish/security/2014/dsa-2842.wml deleted file mode 100644 index 3c5847ee3b6..00000000000 --- a/danish/security/2014/dsa-2842.wml +++ /dev/null @@ -1,48 +0,0 @@ -#use wml::debian::translation-check translation="e57e8a7d527825d1c59f9a76988b3333337eab66" mindelta="1" -lammelsesangreb - -

Alvaro Munoz opdagede en XML External Entity-indsprøjtning (XXE) i Spring -Framework, hvilket kunne anvendes til at iværksætte CSRF- og DoS-angreb mod -andre websteder.

- -

Spring OXM-wrapper'en udstillede ingen property til deaktivering af -entitetsopløsning, når JAXB-unmarshaller'en benyttes. Der er fire mulige -kildeimplementeringer, som kan overføres til unmarshaller'en:

- -
    -
  • DOMSource
    • -
  • StAXSource
    • -
  • SAXSource
    • -
  • StreamSource
    • -
- -

Ved en DOMSource er XML'et allerede fortolket af brugerkode, og den kode er -ansvarlig for at beskytte mod XXE.

- -

Ved en StAXSource er XMLStreamReader'en allerede blevet oprettet af -brugerkode, og den kode er ansvarlig for at beskytte mod XXE.

- -

Ved SAXSource- og StreamSource-instancerne, behandler Spring eksterne -entiteter som standard, og dermed opstår sårbarheden.

- -

Problemet blev løst ved at deaktivere behandling af eksterne entiteter som -standard, samt tilføje en indstillingsmulighed, som kan aktivere det for de -brugere, der har behov for funktionen, når der behandles XML fra en kilde, der -er tillid til.

- -

Man har også fundet ud af, at Spring MVC behandlede brugerleveret XML med -JAXB i kombination med en StAX-XMLInputFactory, uden at deaktivere ekstern -entitetsopløsning. Ekstern entitetsopløsning er blevet deaktiveret i denne -situation.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.0.6.RELEASE-6+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.0.6.RELEASE-10.

- -

Vi anbefaler at du opgraderer dine libspring-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2842.data" diff --git a/danish/security/2014/dsa-2843.wml b/danish/security/2014/dsa-2843.wml deleted file mode 100644 index 64a40841eb9..00000000000 --- a/danish/security/2014/dsa-2843.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -bufferoverløb - -

To bufferoverløbssårbarheder blev rapporteret i Graphviz, en omfattende -samling af værktøjer til graftegning. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2014-0978 - -

    Man opdagede at brugerleverede inddata, som anvendes i funktionen - yyerror() i lib/cgraph/scan.l, ikke blev grænsekontrolleret før de blev - kopieret til en for lille hukommelsesbuffer. En kontaktafhængig angriber - kunne levere en særligt fremstillet inddatafil indeholdende en lang linje, - for udløse et stakbaseret bufferunderløb, medførende et lammelsesangreb - (applikationsnedbrud) eller potentielt gørende det muligt at udføre - vilkårlig kode.

    • - -
  • CVE-2014-1236 - -

    Sebastian Krahmer rapporterede om en overløbstilstand i funktionen - chkNum() i lib/cgraph/scan.l, som blev udløst da et anvendt regulært udtryk - accepterede en vilkårligt lang cifferliste. Med en særligt fremstillet - inddatafil, kunne en kontekstafhængig angriber forårsage et stakbaseret - bufferoverløb, medførende et lammelsesangreb (applikationsnedbrud) eller - potentielt gørende det muligt at udføre vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 2.26.3-5+squeeze2.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.26.3-14+deb7u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine graphviz-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2843.data" diff --git a/danish/security/2014/dsa-2844.wml b/danish/security/2014/dsa-2844.wml deleted file mode 100644 index 3afa56fcf4b..00000000000 --- a/danish/security/2014/dsa-2844.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="e153d8338e79b8967c02d2ea8cd1e068f21ad572" mindelta="1" -udførelse af vilkårlig kode - -

Man opdagede at djvulibre, open source-implementeringen af DjVu, kunne -bringes til at gå ned eller fås til at udføre vilkårlig kode, når der blev -behandlet en særligt fremstillet djvu-fil.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 3.5.23-3+squeeze1.

- -

Problemet blev rettet før udgivelsen af den stabile distribution (wheezy), -som derfor ikke er påvirket.

- -

Vi anbefaler at du opgraderer dine djvulibre-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2844.data" diff --git a/danish/security/2014/dsa-2845.wml b/danish/security/2014/dsa-2845.wml deleted file mode 100644 index c07039ad12a..00000000000 --- a/danish/security/2014/dsa-2845.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="909c4503c7c54687bd06a11ee859b54249493b25" mindelta="1" -flere sårbarheder - -

Med denne DSA opdateres MySQL 5.1-databasen til 5.1.73. Dermed rettes flere -ikke-angivne sikkerhedsproblemer i MySQL: -\ -http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 5.1.73-1.

- -

Vi anbefaler at du opgraderer dine mysql-5.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2845.data" diff --git a/danish/security/2014/dsa-2846.wml b/danish/security/2014/dsa-2846.wml deleted file mode 100644 index 4b3dd53e370..00000000000 --- a/danish/security/2014/dsa-2846.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer er fundet i Libvirt, en bibliotek til -virtualiseringsabstraktion:

- -
    - -
  • CVE-2013-6458 - -

    Man opdagede at usikker jobanvendelse kunne føre til lammelsesangreb - (denial of service) mod libvirtd.

    • - -
  • CVE-2014-1447 - -

    Man opdagede at en kapløbstilstand i keepalive-håndteringen kunne føre - til lammelsesangreb mod libvirtd.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.9.12.3-1. Denne fejlrettelsespunktopdatering tager desuden hånd om -nogle flere fejlrettelser.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.2.1-1.

- -

Vi anbefaler at du opgraderer dine libvirt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2846.data" diff --git a/danish/security/2014/dsa-2847.wml b/danish/security/2014/dsa-2847.wml deleted file mode 100644 index 0021db1c79c..00000000000 --- a/danish/security/2014/dsa-2847.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarhed er opdaget i Drupal, et komplet framework til -indholdshåndtering. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2014-1475 - -

    Christian Mainka og Vladislav Mladenov rapporterede om en sårbarhed i - OpenID-modulet, som gjorde det muligt for en ondsindet bruger, at logge på - som andre brugere af webstedet, herunder administratorer, samt kapre deres - konti.

    • - -
  • CVE-2014-1476 - -

    Matt Vance og Damien Tournoud rapporterede om sårbarhed i forbindelse med - omgåelse af adgangsbegrænsinger i taxonomy-modulet. Under visse - omstændigheder kunne uudgivet indhold vise sig på listesider, leveret af - taxonomy-modulet, og var synlige for brugere, der ikke skulle have haft - adgang til at se dem.

    • - -
- -

Disse rettelser kræver ekstra opdatering af databasen, hvilket kan udføres -fra administrationssiderne. Desuden indfører opdateringen et nyt -sikkerhedshærdende element til form-API'et. Se opstrømsbulletinen på -drupal.org/SA-CORE-2014-001 -for flere oplysninger.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 7.14-2+deb7u2.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 7.26-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.26-1.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2847.data" diff --git a/danish/security/2014/dsa-2848.wml b/danish/security/2014/dsa-2848.wml deleted file mode 100644 index b14a93be85a..00000000000 --- a/danish/security/2014/dsa-2848.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="5dc7b4bdff96b260f7add85aca772659b3cd08c6" mindelta="1" -flere sårbarheder - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne løses ved -at opgradere MySQL til den nye opstrømsversion 5.5.35. Se bulletinerne MySQL -5.5 Release Notes og Oracles Critical Patch Update for yderligere -oplysninger:

- - - -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.5.35+dfsg-0+wheezy1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.5.35+dfsg-1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2848.data" diff --git a/danish/security/2014/dsa-2849.wml b/danish/security/2014/dsa-2849.wml deleted file mode 100644 index bd162a83265..00000000000 --- a/danish/security/2014/dsa-2849.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="d0be637467cbd2e3bbec76e0e3c6193e1d2d811c" mindelta="1" -informationsafsløring - -

Paras Sethia opdagede at libcurl, et URL-overførselsbibliotek på klientsiden, -sammenblandede nogle gange flere HTTP- og HTTPS-forbindelser med -NTLM-autentifikation til den samme server, ved at sende forespørgsler vedrørende -en bruger over forbindelsen autentificeret som en anden bruger.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 7.21.0-2.1+squeeze7.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 7.26.0-1+wheezy8.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.35.0-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2849.data" diff --git a/danish/security/2014/dsa-2850.wml b/danish/security/2014/dsa-2850.wml deleted file mode 100644 index 5c3f4621617..00000000000 --- a/danish/security/2014/dsa-2850.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="57ced59d2f13e7b5ec60a8a44b4d056fccacd850" mindelta="1" -heapbaseret bufferoverløb - -

Florian Weimer fra Red Hat Product Security Team opdagede en heapbaseret -bufferoverløbsfejl i LibYAML, et hurtig YAML 1.1-fortolknings- og --kildebibliotek. En fjernangriber kunne levere et YAML-dokument med et -særligt fremstillet tag, som ved dets fortolkning i en applikation som -benytter libyaml, kunne medføre at applikationen gik ned, eller potentielt -udførelse af vilkårlig kode med rettighederne hørende til brugeren, der -kører applikationen.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.1.3-1+deb6u2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.1.4-2+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.1.4-3.

- -

Vi anbefaler at du opgraderer dine libyaml-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2850.data" diff --git a/danish/security/2014/dsa-2851.wml b/danish/security/2014/dsa-2851.wml deleted file mode 100644 index 0c1b19cc14f..00000000000 --- a/danish/security/2014/dsa-2851.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="80a276a3f6a6419e5aebc82b8d24e33dcefa13ea" mindelta="1" -falsk identitiet - -

Christian Mainka og Vladislav Mladenov rapporterede om en sårbarhed i -OpenID-modulet i Drupal, et komplet framework til indholdshåndtering. En -ondsindet bruger kunne udnytte fejlen til at logge på som andre brugere af -webstedet, herunder administratorer, og kapre deres konti.

- -

Rettelserne kræver ekstra opdatering af databasen, hvilket kan udføres fra -administrationssiderne.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 6.30-1.

- -

Vi anbefaler at du opgraderer dine drupal6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2851.data" diff --git a/danish/security/2014/dsa-2852.wml b/danish/security/2014/dsa-2852.wml deleted file mode 100644 index 0b1234c81f5..00000000000 --- a/danish/security/2014/dsa-2852.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="898c2200ceb1c05065e4dd35c0ea88975029aeb1" mindelta="1" -heapbaseret bufferoverløb - -

Yves Younan og Ryan Pentney opdagede at libgadu, et bibliotek beregnet til -tilgang til chattjenesten Gadu-Gadu, indeholdt et heltalsoverløb førende til et -bufferoverløb. Angribere, der udgiver sig for at være serveren, kunne få -klienter til at gå ned, samt potentielt udføre vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet -i version 1:1.9.0-2+squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:1.11.2-1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.11.3-1.

- -

Vi anbefaler at du opgraderer dine libgadu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2852.data" diff --git a/danish/security/2014/dsa-2853.wml b/danish/security/2014/dsa-2853.wml deleted file mode 100644 index 8233441d6ab..00000000000 --- a/danish/security/2014/dsa-2853.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="34b84ad03dc624b6460d071de726880c9bfec71d" mindelta="1" -fjernudførelse af kode - -

Pedro Ribeiro fra Agile Information Security fandt en mulig fjernudførelse af -kode-fejl i Horde3, et webapplikationsframework. Variabler, der ikke var -fornuftighedskontrolleret, blev overført til PHP-funktionen unserialize(). En -fjernangriber kunne fremstille en særlig sådan varibal, som gjordet det muligt -for vedkommende at indlæse og udføre kode.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 3.3.8+debian0-3.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), -distribueres Horde i pakken php-horde-util. Dette problem er rettet i version -2.3.0-1.

- -

Vi anbefaler at du opgraderer dine horde3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2853.data" diff --git a/danish/security/2014/dsa-2854.wml b/danish/security/2014/dsa-2854.wml deleted file mode 100644 index bf5ae589ec0..00000000000 --- a/danish/security/2014/dsa-2854.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere problemer er opdaget i mumble, en VoIP-klient med lav latency. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2014-0044 - -

    Man opdagede at en misdannet Opus-voice-pakke sendt til en Mumble-klient, - kunne udløse en NULL-pointerdereference eller tilgang til et array uden for - grænserne. En ondsindet fjernangriber kunne udnytte fejlen til at indlede - et lammelsesangreb (denial of service) mod en mumble-klient, ved at få - applikationen til at gå ned.

    • - -
  • CVE-2014-0045 - -

    Man opdagede at en misdannet Opus-voice-pakke sendt til en Mumble-klient, - kunne udløse et heapbaseret bufferoverløb. En ondsindet fjernangriber kunne - udnytte fejlen til at få klienten til at gå ned (lammelsesangreb) eller - potentielt anvende den til at udføre vilkårlig kode.

    • - -
- -

Den gamle stabile distribution (squeeze) er ikke påvirket af disse -problemer.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -1.2.3-349-g315b5f5-2.2+deb7u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine mumble-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2854.data" diff --git a/danish/security/2014/dsa-2855.wml b/danish/security/2014/dsa-2855.wml deleted file mode 100644 index 05cbcbf3579..00000000000 --- a/danish/security/2014/dsa-2855.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="02b0a13d14075dafdc818d411b2d581b4da0fd96" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer er rettet i forskellige demuxere og dekodere i -multimediabiblioteket libav. De nævnte id'er er kun en del af de rettede -sikkerhedsproblemer i denne opdatering. En komplet liste over ændringer er -tilgængelige på: -\ -http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.10

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 6:0.8.10-1

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 6:9.11-1.

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2855.data" diff --git a/danish/security/2014/dsa-2856.wml b/danish/security/2014/dsa-2856.wml deleted file mode 100644 index 086685447b0..00000000000 --- a/danish/security/2014/dsa-2856.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="fc1479089acf4a89c7696796331c5e612ec8fa27" mindelta="1" -lammelsesangreb - -

Man opdagede at pakken Apache Commons FileUpload til Java kunne komme ind i -en uendelig løkke, mens der blev behandlet en multipart-forespørgsel med en -fabrikeret Content-Type, medførende en lammelsesangrebstilstand (denial of -service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.2.2-1+deb6u2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.2-1+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3.1-1.

- -

Vi anbefaler at du opgraderer dine libcommons-fileupload-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2856.data" diff --git a/danish/security/2014/dsa-2857.wml b/danish/security/2014/dsa-2857.wml deleted file mode 100644 index 8b7717b45bf..00000000000 --- a/danish/security/2014/dsa-2857.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Springs udviklingshold opdagede at rettelsen til XML External Entity (XXE) -Injection (\ -CVE-2013-4152) i Spring Framework, ikke var fuldstændig.

- -

Spring MVC's SourceHttpMessageConverter behandlede også brugerleveret XML, -og deaktiverede hverken eksterne XML-entiteter eller gav mulighed for at -deaktivere dem. SourceHttpMessageConverter er ændret til at give mulighed for -at kontrollere behandlingen af eksterne XML-entiteter, og behandlingen er nu -deaktiveret som standard.

- -

Desuden opdagede Jon Passki en mulig XSS-sårbarhed: Metoden -JavaScriptUtils.javaScriptEscape() indkapslede ikke alle tegn, som er følsomme -inden for enten en JS-streng med enkelte eller dobbelte anførselstegn eller en -HTML-skriptdatakontekst. I de fleste tilfælde ville det medføre en -fortolkningsfejl, der ikke kan udnyttes, men i nogle situationer kunne det -medføre en XSS-sårbarhed.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.0.6.RELEASE-6+deb7u2.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 3.0.6.RELEASE-11.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.0.6.RELEASE-11.

- -

Vi anbefaler at du opgraderer dine libspring-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2857.data" diff --git a/danish/security/2014/dsa-2858.wml b/danish/security/2014/dsa-2858.wml deleted file mode 100644 index 03598abaf5c..00000000000 --- a/danish/security/2014/dsa-2858.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="3814134ad1f061b3c1456e6bd5b481b241f88296" mindelta="1" -flere sårbarheder - -

Flere sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Flere hukommelsessikkerhedsproblemer, anvendelser -efter frigivelse, for udførlige fejlmeddelelser samt manglende -rettighedskontroller, kunne føre til udførelse af vilkårlig kode, omgåelse af -sikkerhedskontroller eller informationsafsløring. Denne opdatering løser også -sikkerhedsproblemer i det medfølgende NSS-crypto-bibliotek.

- -

Iceweasel opdateres til ESR24-serien af Firefox.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 24.3.0esr-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 24.3.0esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2858.data" diff --git a/danish/security/2014/dsa-2859.wml b/danish/security/2014/dsa-2859.wml deleted file mode 100644 index c9ee4828504..00000000000 --- a/danish/security/2014/dsa-2859.wml +++ /dev/null @@ -1,87 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i Pidgin, en chatklient som understøtter flere -protokoller:

- -
    - -
  • CVE-2013-6477 - -

    Jaime Breva Ribes opdagede at en fjern-XMPP-bruger kunne udløse et - nedbrud ved at sende en meddelelse med en tidsstempling i den fjerne - fremtid.

    • - -
  • CVE-2013-6478 - -

    Pidgin kunne bringes til at gå ned ved hjælp af alt for brede - tooltip-vinduer.

    • - -
  • CVE-2013-6479 - -

    Jacob Appelbaum opdagede at en ondsindet server eller en manden i - midten, kunne sende en misdannet HTTP-header, medførende et - lammelsesangreb (denial of service).

    • - -
  • CVE-2013-6481 - -

    Daniel Atallah opdagede at Pidgin kunne bringes til at gå ned gennem - misdannede Yahoo! P2P-meddelelser.

    • - -
  • CVE-2013-6482 - -

    Fabian Yamaguchi og Christian Wressnegger opdagede at Pidgin kunne - bringes til at gå ned gennem misdannede MSN-meddelelser.

    • - -
  • CVE-2013-6483 - -

    Fabian Yamaguchi og Christian Wressnegger opdagede at Pidgin kunne - bringes til at gå ned gennem misdannede XMPP-meddelelser.

    • - -
  • CVE-2013-6484 - -

    Man opdagede at ukorrekt fejlhåndtering ved læsning af et svar fra en - STUN-server, kunne medføre et nedbrud.

    • - -
  • CVE-2013-6485 - -

    Matt Jones opdagede et bufferoverløb i fortolkningen af misdannede - HTTP-svar.

    • - -
  • CVE-2013-6487 - -

    Yves Younan og Ryan Pentney opdagede et bufferoverløb ved fortolkning af - Gadu-Gadu-meddelelser.

    • - -
  • CVE-2013-6489 - -

    Yves Younan og Pawel Janic opdagede et heltalsoverløb ved fortolkning af - MXit-emoticons.

    • - -
  • CVE-2013-6490 - -

    Yves Younan opdagede et bufferoverløb ved fortolkning af - SIMPLE-headere.

    • - -
  • CVE-2014-0020 - -

    Daniel Atallah opdagede at Pidgin kunne bringes til at gå ned gennem - misdannede IRC-parametre.

    • - -
- -

I den gamle stabile distribution (squeeze), stilles der ikke direkte -tilbageførsel til rådighed. En rettet pakke vil om kort tid blive stillet til -rådighed gennem backports.debian.org.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.10.9-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.10.9-1.

- -

Vi anbefaler at du opgraderer dine pidgin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2859.data" diff --git a/danish/security/2014/dsa-2860.wml b/danish/security/2014/dsa-2860.wml deleted file mode 100644 index 9dfb449ad1d..00000000000 --- a/danish/security/2014/dsa-2860.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="9c35ecceb07ef51aed5d522b48021957eb709f1b" mindelta="1" -informationsafsløring - -

Holger Levsen opdagede at parcimonie, et privatlivsvenligt hjælpeprogram til -opfriskning af en GnuPG-nøglering, var påvirket af et designproblem, som -underminerede nytten ved programmet i den tilsigtede trusselsmodel.

- -

Ved anvendelse af parcimonie med en stor nøglering (1000 eller flere -offentlige nøgler), ville programmet altid sove i præcis ti minutter mellem to -nøglehentninger. Dermed kunne det formentlig benyttes af en fjende, som kan -overvåge tilstrækkeligt mange nøglehentninger, til at korrelere adskillige -nøglehentninger med hinanden, hvilket parcimonie forsøger at forhindre. Mindre -nøgleringe er pårvirket i mindre grad. Problemet er afhjælpes en anelse, når -man benytter en HKP(s)-pool som den opsatte GnuPG-nøgleserver.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.7.1-1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.8.1-1.

- -

Vi anbefaler at du opgraderer dine parcimonie-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2860.data" diff --git a/danish/security/2014/dsa-2861.wml b/danish/security/2014/dsa-2861.wml deleted file mode 100644 index d07a9343533..00000000000 --- a/danish/security/2014/dsa-2861.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb - -

Man opdagede at file, en værktøj til at klassificere filtyper, indeholdt en -fejl i håndteringen af indirekte magiske regler i biblioteket libmagic, -hvilket medførte en uendelig løkke når man forsøgte at afgøre visse filers -typer. Projektet Common Vulnerabilities and Exposures har tildelt id'en -\ -CVE-2014-1943 til registrering af fejlen. Desuden kunne andre veldannede -filer medføre lange beregningstider (mens 100 procent af CPU'en blev benyttet) -og for lange resultater.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 5.04-5+squeeze3.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.11-2+deb7u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine file-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2861.data" diff --git a/danish/security/2014/dsa-2862.wml b/danish/security/2014/dsa-2862.wml deleted file mode 100644 index e6a4b11b4f4..00000000000 --- a/danish/security/2014/dsa-2862.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er opdaget i webbrowseren Chromium.

- -
    - -
  • CVE-2013-6641 - -

    Atte Kettunen et problem med anvendelse efter frigivelse i - Blink-/Webkit-formularelementer.

    • - -
  • CVE-2013-6643 - -

    Joao Lucas Melo Brasio opdagede et problem med afsløring af - Google-kontooplysninger i forbindelse med funktionen at logge på med et - klik.

    • - -
  • CVE-2013-6644 - -

    Chrome-udviklingsholdet opdagede og rettede flere problemer med potentiel - sikkerhedsindvirkning.

    • - -
  • CVE-2013-6645 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - forbindelse med taleinddata.

    • - -
  • CVE-2013-6646 - -

    Colin Payne opdagede et problem med anvendelse efter frigivelse i - implementeringen af webworkers.

    • - -
  • CVE-2013-6649 - -

    Atte Kettunen opdagede et problem med anvendelse efter frigivelse i - SVG-implementeringen i Blink/Webkit.

    • - -
  • CVE-2013-6650 - -

    Christian Holler opdagede et tilfælde af hukommelseskorruption i - JavaScript-biblioteket v8.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 32.0.1700.123-1~deb7u1.

- -

I distributionen testing (jessie), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 32.0.1700.123-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2862.data" diff --git a/danish/security/2014/dsa-2863.wml b/danish/security/2014/dsa-2863.wml deleted file mode 100644 index fdd0dce1d43..00000000000 --- a/danish/security/2014/dsa-2863.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="0355a7a7801d5b4b7f5975e75733618a2b36418c" mindelta="1" -mappegennemløb - -

Et mappegennemløbsangreb blev rapporteret mod libtar, et C-bibliotek til -behandling af tar-arkiver. Applikationen validerede ikke filnavne inde i -tar-arkivet, hvilket gjorde det muligt at udpakke filer på en vilkårlig sti. -En angriber kunne fabrikere en tar-fil med det formål at overskrive filer uden -for rækkevidde af præfiksparametrene tar_extract_glob og tar_extract_all.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.2.11-6+deb6u2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.16-1+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2.20-2.

- -

Vi anbefaler at du opgraderer dine libtar-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2863.data" diff --git a/danish/security/2014/dsa-2864.wml b/danish/security/2014/dsa-2864.wml deleted file mode 100644 index 6ec9c73a80f..00000000000 --- a/danish/security/2014/dsa-2864.wml +++ /dev/null @@ -1,109 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Forskellige sårbarheder blev opdaget i PostgreSQL:

- -
    -
  • CVE-2014-0060 - Shore up GRANT ... WITH ADMIN OPTION-begrænsinger (Noah Misch) - -

    At grant'e en rolle uden ADMIN OPTION har til formål at forhindre - grant'eren i at tilføje eller fjerne medlemmer fra den grantede rolle, men - begrænsningen kunne let omgås ved først at foretage en SET ROLE. - Sikkerhedspåvirkningen gælder primært det faktum, at et rollemedlem kunne - tilbagetrække andres adgang, imodsætning til grant'erens ønsker. - Uautoriseret tilføjelse af rollemedlemmer er en mindre bekymring, da et - ikke-samarbejdende rollemedlem allerede kunne tildele de fleste af sine - rettigheder ved at oprette views eller SECURITY - DEFINER-funktioner.

    • - -
  • CVE-2014-0061 - Forhindrer rettighedsforøgelse vha. manuelle kald til - PL-valideringsfunktioner (Andres Freund) - -

    PL-valideringsfunktionernes primære rolle er at blive kaldt implicit - under CREATE FUNCTION, men de er også almindelige SQL-funktioner, som en - bruger kan kalde eksplicit. Der blev ikke kontrollet for kald til en - valideringsfunktion faktisk skrevet i et andet sprog, og kunne dermed - udnyttes til rettighedsforøgelsesformål. Rettelsen involverer tilføjelse af - et kald til en rettighedskontrolfunktion i hver valideringsfunktion. - Ikke-grundlæggede procedurale sprog skal også foretage denne ændring af - deres egne valideringsfunktioner, om nogen.

    • - -
  • CVE-2014-0062 - Undgår flere navneopslag under tabel- og indeks-DDL - (Robert Haas, Andres Freund) - -

    Hvis navneopslagene drager forskellige konklussioner på grund af - sideløbende aktivitet, udfører vi måske nogle dele af DDL'en på en anden - tabel end de øvrige dele. I hvert fald i tilfælde af CREATE INDEX, kunne - det udnyttes til at medføre rettighedskontroller mod en anden tabel, end - indeksoprettelsen, hvilket muliggjorde et - rettighedsforøgelsesangreb.

    • - -
  • CVE-2014-0063 - Forhindrer bufferoverløb med lange datetime-strenge (Noah Misch) - -

    Konstanten MAXDATELEN var for lille til den længst mulige værdi i - typeintervallet, hvilket muliggjorde et bufferoverløb i interval_out(). - Selv om datatime-inddatafunktioner mere omhyggeligt prøvede at forhindre - bufferoverløb, var begrænsningen kort nok til at medføre at de afviste - nogle gyldige inddata, så som inddata indeholdende et meget langt - tidszonenavn. Biblioteket ecpg indeholdt disse tre sårbarheder, samt - nogle af sine egne.

    • - -
  • CVE-2014-0064 - Forhindrer bufferoverløb på grund af heltalsoverløb i størrelsesberegninger - (Noah Misch, Heikki Linnakangas) - -

    Flere funktioner, primært typeinddatafunktioner, begrengede en - allokeringsstørrelse uden at kontrollere for overløb. Hvis et overløb - opstod, blev en for lille buffer allokeret og skrevet ud over.

    • - -
  • CVE-2014-0065 - Forhindrer overløb af buffere med faste størrelser - (Peter Eisentraut, Jozef Mlich) - -

    Brug strlcpy() og beslægtede funktioner til at levere en klar garanti for - at buffere med faste størrelser ikke overløbes. I modsætning til de - foregående punkter, er det uklart hvorvidt der her er tale om aktuelle - problemstillinger, da de i de fleste tilfælde lader til at være tidligere - begrænsninger på inddatastrenges størrelser. Ikke desto mindre forekommer - det fornuftigt at få alle denne types Coverity-advarsler til at - forstumme.

    • - -
  • CVE-2014-0066 - Undgår nedbrud hvis crypt() returnerer NULL (Honza Horak, Bruce Momjian) - -

    Der er relativt få situationer hvor crypt() kan returnere NULL, men - contrib/chkpass gik ned i disse tilfælde. Et tilfælde, hvor det i praksis - kunne være et problem, er hvis libc er opsat til at nægte at udføre - ikke-godkendte hashing-algoritmer (fx FIPS mode).

    • - -
  • CVE-2014-0067 - Dokumenterer risici ved make-check i regressionstestvejledningen - (Noah Misch, Tom Lane) - -

    De den midlertidige server, der startes af make-check, anvender - trust-autentifikation, kunne en anden bruger på denne samme maskine - forbinde sig med den som databasesuperbruger, og dermed potentielt udnytte - rettighederne hørende til styresystemsbrugeren, som iværksatte testene. - I en fremtidig udgivelse vil der formentlig blive indført ændringer til - testprocedurerne, for at forhindre denne risiko, men først er det nødvendigt - med noget offentlig debat derom. Så i øjeblikket advares man mod at - anvende make-check, når der på samme maskine er brugere, som man ikke - har tillid til.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 8.4.20-0squeeze1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 9.3.3-1 of the postgresql-9.3 package.

- -

Vi anbefaler at du opgraderer dine postgresql-8.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2864.data" diff --git a/danish/security/2014/dsa-2865.wml b/danish/security/2014/dsa-2865.wml deleted file mode 100644 index 03ca2102789..00000000000 --- a/danish/security/2014/dsa-2865.wml +++ /dev/null @@ -1,110 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Forskellige sårbarheder blev opdaget i PostgreSQL:

- -
    -
  • CVE-2014-0060 - Shore up GRANT ... WITH ADMIN OPTION-begrænsinger (Noah Misch) - -

    At grant'e en rolle uden ADMIN OPTION har til formål at forhindre - grant'eren i at tilføje eller fjerne medlemmer fra den grantede rolle, men - begrænsningen kunne let omgås ved først at foretage en SET ROLE. - Sikkerhedspåvirkningen gælder primært det faktum, at et rollemedlem kunne - tilbagetrække andres adgang, imodsætning til grant'erens ønsker. - Uautoriseret tilføjelse af rollemedlemmer er en mindre bekymring, da et - ikke-samarbejdende rollemedlem allerede kunne tildele de fleste af sine - rettigheder ved at oprette views eller SECURITY - DEFINER-funktioner.

    • - -
  • CVE-2014-0061 - Forhindrer rettighedsforøgelse vha. manuelle kald til - PL-valideringsfunktioner (Andres Freund) - -

    PL-valideringsfunktionernes primære rolle er at blive kaldt implicit - under CREATE FUNCTION, men de er også almindelige SQL-funktioner, som en - bruger kan kalde eksplicit. Der blev ikke kontrollet for kald til en - valideringsfunktion faktisk skrevet i et andet sprog, og kunne dermed - udnyttes til rettighedsforøgelsesformål. Rettelsen involverer tilføjelse af - et kald til en rettighedskontrolfunktion i hver valideringsfunktion. - Ikke-grundlæggede procedurale sprog skal også foretage denne ændring af - deres egne valideringsfunktioner, om nogen.

    • - -
  • CVE-2014-0062 - Undgår flere navneopslag under tabel- og indeks-DDL - (Robert Haas, Andres Freund) - -

    Hvis navneopslagene drager forskellige konklussioner på grund af - sideløbende aktivitet, udfører vi måske nogle dele af DDL'en på en anden - tabel end de øvrige dele. I hvert fald i tilfælde af CREATE INDEX, kunne - det udnyttes til at medføre rettighedskontroller mod en anden tabel, end - indeksoprettelsen, hvilket muliggjorde et - rettighedsforøgelsesangreb.

    • - -
  • CVE-2014-0063 - Forhindrer bufferoverløb med lange datetime-strenge (Noah Misch) - -

    Konstanten MAXDATELEN var for lille til den længst mulige værdi i - typeintervallet, hvilket muliggjorde et bufferoverløb i interval_out(). - Selv om datatime-inddatafunktioner mere omhyggeligt prøvede at forhindre - bufferoverløb, var begrænsningen kort nok til at medføre at de afviste - nogle gyldige inddata, så som inddata indeholdende et meget langt - tidszonenavn. Biblioteket ecpg indeholdt disse tre sårbarheder, samt - nogle af sine egne.

    • - -
  • CVE-2014-0064 - CVE-2014-2669 - Forhindrer bufferoverløb på grund af heltalsoverløb i størrelsesberegninger - (Noah Misch, Heikki Linnakangas) - -

    Flere funktioner, primært typeinddatafunktioner, begrengede en - allokeringsstørrelse uden at kontrollere for overløb. Hvis et overløb - opstod, blev en for lille buffer allokeret og skrevet ud over.

    • - -
  • CVE-2014-0065 - Forhindrer overløb af buffere med faste størrelser - (Peter Eisentraut, Jozef Mlich) - -

    Brug strlcpy() og beslægtede funktioner til at levere en klar garanti for - at buffere med faste størrelser ikke overløbes. I modsætning til de - foregående punkter, er det uklart hvorvidt der her er tale om aktuelle - problemstillinger, da de i de fleste tilfælde lader til at være tidligere - begrænsninger på inddatastrenges størrelser. Ikke desto mindre forekommer - det fornuftigt at få alle denne types Coverity-advarsler til at - forstumme.

    • - -
  • CVE-2014-0066 - Undgår nedbrud hvis crypt() returnerer NULL (Honza Horak, Bruce Momjian) - -

    Der er relativt få situationer hvor crypt() kan returnere NULL, men - contrib/chkpass gik ned i disse tilfælde. Et tilfælde, hvor det i praksis - kunne være et problem, er hvis libc er opsat til at nægte at udføre - ikke-godkendte hashing-algoritmer (fx FIPS mode).

    • - -
  • CVE-2014-0067 - Dokumenterer risici ved make-check i regressionstestvejledningen - (Noah Misch, Tom Lane) - -

    De den midlertidige server, der startes af make-check, anvender - trust-autentifikation, kunne en anden bruger på denne samme maskine - forbinde sig med den som databasesuperbruger, og dermed potentielt udnytte - rettighederne hørende til styresystemsbrugeren, som iværksatte testene. - I en fremtidig udgivelse vil der formentlig blive indført ændringer til - testprocedurerne, for at forhindre denne risiko, men først er det nødvendigt - med noget offentlig debat derom. Så i øjeblikket advares man mod at - anvende make-check, når der på samme maskine er brugere, som man ikke - har tillid til.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 9.1_9.1.12-0wheezy1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 9.3.3-1 of the postgresql-9.3 package.

- -

Vi anbefaler at du opgraderer dine postgresql-9.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2865.data" diff --git a/danish/security/2014/dsa-2866.wml b/danish/security/2014/dsa-2866.wml deleted file mode 100644 index 108da63a1c0..00000000000 --- a/danish/security/2014/dsa-2866.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="480588e2eff1b449ca92913a4d98927d97b8967e" mindelta="1" -certifikatverifikationsfejl - -

Suman Jana rapporterede at GnuTLS, i modsætning til den dokumenterede -virkemåde, som standard betragter et version 1 intermediate-certifikat som et -CA-certifikat.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket af dette problem, -da X.509 version 1 trusted CA-certifikater som standard ikke er tilladt.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.12.20-8.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), er -dette problem rettet i version 2.12.23-12.

- -

Vi anbefaler at du opgraderer dine gnutls26-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2866.data" diff --git a/danish/security/2014/dsa-2867.wml b/danish/security/2014/dsa-2867.wml deleted file mode 100644 index 694c1a5decc..00000000000 --- a/danish/security/2014/dsa-2867.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i otrs2, Open Ticket Request System. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2014-1694 - -

    Norihiro Tanaka rapporteredeom manglende challenge token-kontroller. En - angriber, som det er lykkedes at ovvertag en indlogget kundes session, kunne - oprette tickets og/eller sende opfølgende beskeder til eksisterende tickets - på grund af de manglende kontroller.

    • - -
  • CVE-2014-1471 - -

    Karsten Nielsen fra Vasgard GmbH opdagede at en angriber med en gyldig - kunde- eller agentlogin, kunne indsprøjte SQL-kode gennem - ticketsøgnings-URL'en.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 2.4.9+dfsg1-3+squeeze5.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -3.1.7+dfsg1-8+deb7u4.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), er -disse problemer rettet i version 3.3.4-1.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2867.data" diff --git a/danish/security/2014/dsa-2868.wml b/danish/security/2014/dsa-2868.wml deleted file mode 100644 index f4838ab2364..00000000000 --- a/danish/security/2014/dsa-2868.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -lammelsesangreb - -

Man opdagede at file, et værktøj til klassifikation af filtyper, indeholdt en -fejl i håndteringen af indirect magiske regler i biblioteket libmagic, -hvilket førte til en uendelig løkke når værktøjet prøvede at visse filers -filtype. Projektet Common Vulnerabilities and Exposures har tildelt id'en -\ -CVE-2014-1943, til identifikation af fejlen. Desuden kunne andre veldannede -filer måske medføre lange behandlingstider (mens 100 procent af CPU'en blev -benyttet) og for lange resultater.

- -

Opdateringen retter fejlen i den indlejrede kopi af værktøjet i -php5-pakken.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 5.3.3-7+squeeze19.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.4.4-14+deb7u8.

- -

I distributionen testing (jessie) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2868.data" diff --git a/danish/security/2014/dsa-2869.wml b/danish/security/2014/dsa-2869.wml deleted file mode 100644 index b2f994805d2..00000000000 --- a/danish/security/2014/dsa-2869.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="e87526db9a07481f7bf360e1fb47503df7529914" mindelta="1" -ukorrekt certifikatverifikation - -

Nikos Mavrogiannopoulos fra Red Hat opdagede et verifikationsproblem med -X.509-certifikater i GnuTLS, et SSL-/TLS-bibliotek. En certifikatvalidering -kunne blive rapport som vellykket, selv i tilfælde hvor en fejl forhindrede alle -verifikationstrin i at blive udført.

- -

En angriber, der udfører et manden i midten-angreb mod en TLS-forbindelse, -kunne anvende sårbarheden til at præsentere et omhyggeligt fremstillet -certifikat, der kunne blive accepteret af GnuTLS som gyldigt, selv hvis det ikke -er signeret af en certifikatmyndighed, man har tillid til.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.8.6-1+squeeze3.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.12.20-8+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 2.12.23-13.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.12.23-13.

- -

Vi anbefaler at du opgraderer dine gnutls26-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2869.data" diff --git a/danish/security/2014/dsa-2870.wml b/danish/security/2014/dsa-2870.wml deleted file mode 100644 index 2b3ed4a4646..00000000000 --- a/danish/security/2014/dsa-2870.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="e8f432b37897ea68ae3c936c794d349a17b8504d" mindelta="1" -heap-baseret bufferoverløb - -

Florian Weimer fra Red Hat Product Security Team opdagede en heap-baseret -bufferoverløbsfejl i LibYAML, et hurtigt bibliotek til fortolkning og dannelse -af YAML 1.1. En fjernangriber kunne levere et YAML-dokument med et særligt -fremstillet tag, der ved fortolking af en applikation som benytter libyaml, -medførte at applikationen gik ned eller potentielt udførte vilkårlig kode med -rettighederne hørende til brugeren, der kører applikationen.

- -

Opdateringen retter fejlen i kopien, som følger med pakken -libyaml-libyaml-perl.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.33-1+squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.38-3+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 0.41-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.41-4.

- -

Vi anbefaler at du opgraderer dine libyaml-libyaml-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2870.data" diff --git a/danish/security/2014/dsa-2871.wml b/danish/security/2014/dsa-2871.wml deleted file mode 100644 index cedbb4e9d4c..00000000000 --- a/danish/security/2014/dsa-2871.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder blev opdaget i Wireshark:

- -
    - -
  • CVE-2014-2281 - -

    Moshe Kaplan opdagede at NFS-dissektoren kunne bringes til at gå ned, - medførende et lammelsesangreb (denial of service).

    • - -
  • CVE-2014-2283 - -

    Man opdagede at RLC-dissektoren kunne bringes til at gå ned, medførende - et lammelsesangreb.

    • - -
  • CVE-2014-2299 - -

    Wesley Neelen opdagede et bufferoverløb i MPEG-filfortolkeren, hvilket - kunne medføre udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.2.11-6+squeeze14.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.8.2-5wheezy10.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.10.6-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2871.data" diff --git a/danish/security/2014/dsa-2872.wml b/danish/security/2014/dsa-2872.wml deleted file mode 100644 index e29179eee13..00000000000 --- a/danish/security/2014/dsa-2872.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="27894e5d054d19341491f3ac090577803ecb8047" mindelta="1" -flere sårbarheder - -

Florian Weimer opdagede et bufferoverløb i udisks' kode til fortolkning af -mount-stien, hvilket kunne medføre en rettighedsforøgelse.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.0.1+git20100614-3squeeze1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.0.4-7wheezy1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.0.5-1.

- -

Vi anbefaler at du opgraderer dine udisks-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2872.data" diff --git a/danish/security/2014/dsa-2873.wml b/danish/security/2014/dsa-2873.wml deleted file mode 100644 index aef489fff73..00000000000 --- a/danish/security/2014/dsa-2873.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -flere sårbarheder - -

Flere sårbarheder er fundet i file, et værktøj til at klassificere -filtyper.

- -

Aaron Reffett rapporterede om en fejl i den måde, file-værktøjet -identificerer filtyper i formatet Portable Executable (PE), det udførbare -format, som benyttes af Windows. Ved behandling af defekte eller bevidst -forberedte udførbare PE-filer indeholdende ugyldige offsetoplysninger, tilgik -rutinen file_strncmp hukommelse uden for grænserne, hvilket fik file til at gå -ned. Projektet Common Vulnerabilities and Exposures har tildelt id'en -\ -CVE-2014-2270 til registrering af fejlen.

- -

Mike Frysinger rapporterede at files regel til at genkende AWK-skripter -sløvede file betydeligt ned. Det regulære udtryk, som genkender AWK-filer, -indeholdt to stjerne-operatorer, hvilket kunne udnyttes til at forårsage -for megen backtracking i regex-motoren.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet -i version 5.04-5+squeeze4.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.11-2+deb7u2.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 1:5.17-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:5.17-1.

- -

Vi anbefaler at du opgraderer dine file-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2873.data" diff --git a/danish/security/2014/dsa-2874.wml b/danish/security/2014/dsa-2874.wml deleted file mode 100644 index e60ef14bafb..00000000000 --- a/danish/security/2014/dsa-2874.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a62acf1603e9b564c259775d5a834fe0f9cbb79c" mindelta="1" -sikkerhedsopdatering - -

Beatrice Torracca og Evgeni Golov opdagede et bufferoverløb i maillæseren -mutt. Misdannede RFC2047-headerlinjer kunne medføre lammelsesangreb (denial of -service) eller potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 1.5.20-9+squeeze3.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.5.21-6.2+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.5.22-2.

- -

Vi anbefaler at du opgraderer dine mutt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2874.data" diff --git a/danish/security/2014/dsa-2875.wml b/danish/security/2014/dsa-2875.wml deleted file mode 100644 index 5593618efd1..00000000000 --- a/danish/security/2014/dsa-2875.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="a62acf1603e9b564c259775d5a834fe0f9cbb79c" mindelta="1" -sikkerhedsopdatering - -

Florian Weimer fra Red Hat Product Security Team opdagede flere sårbarheder i -CUPS-filteret pdftoopvp, hvilke kunne medføre udførelse af vilkårlig kode, hvis -en misdannet PDF-fil blev behandlet.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.0.18-2.1+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.47-1.

- -

Vi anbefaler at du opgraderer dine cups-filters-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2875.data" diff --git a/danish/security/2014/dsa-2876.wml b/danish/security/2014/dsa-2876.wml deleted file mode 100644 index 6a5abc14293..00000000000 --- a/danish/security/2014/dsa-2876.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="a62acf1603e9b564c259775d5a834fe0f9cbb79c" mindelta="1" -sikkerhedsopdatering - -

Florian Weimer fra Red Hat Product Security Team opdagede flere sårbarheder i -CUPS-filteret pdftoopvp, hvilke kunne medføre udførelse af vilkårlig kode, hvis -en misdannet PDF-fil blev behandlet.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.4.4-7+squeeze4.

- -

I den stabile distribution (wheezy) og i den ustabile distribution (sid) -indgår filteret nu i kildekodepakken cups-filters.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2876.data" diff --git a/danish/security/2014/dsa-2877.wml b/danish/security/2014/dsa-2877.wml deleted file mode 100644 index 45e28afc805..00000000000 --- a/danish/security/2014/dsa-2877.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i webserveren lighttpd.

- -
    - -
  • CVE-2014-2323 - -

    Jann Horn opdagede at særligt fremstillede værtsnavne kunne anvendes til - at indsprøjte vilkårlige MySQL-forespørgsler på lighttpd-servere, som - benytter det virtuelle MySQL-hostingmodel (mod_mysql_vhost).

    - -

    Det påvirker kun installationer, hvor den binære pakke - lighttpd-mod-mysql-vhost er installeret og i brug.

    • - -
  • CVE-2014-2324 - -

    Jann Horn opdagede at særligt fremstillede værtsnavne kunne anvendes til - at bevæge sig uden for dokumentroden i visse situationer på - lighttpd-servere, der anvender et af de virtuelle hostingmoduler - mod_mysql_vhost, mod_evhost eller mod_simple_vhost.

    - -

    Servere, der ikke anvender disse moduler, er ikke påvirkede.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.4.28-2+squeeze1.6.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.4.31-4+deb7u3.

- -

I distributionen testing (jessie), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.4.33-1+nmu3.

- -

Vi anbefaler at du opgraderer dine lighttpd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2877.data" diff --git a/danish/security/2014/dsa-2878.wml b/danish/security/2014/dsa-2878.wml deleted file mode 100644 index 7e4918886e3..00000000000 --- a/danish/security/2014/dsa-2878.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="0452387eccf6c600b918419a76036fe2f4041064" mindelta="1" -sikkerhedsopdatering - -

Matthew Daley opdagede flere sårbarheder i VirtualBox, en -virtualiseringsløsning til x86, hvilket medførte lammelsesangreb (denial of -service), rettighedsforøgelse og en informationslækage.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 3.2.10-dfsg-1+squeeze2 af kildekodepakken virtualbox-ose.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.1.18-dfsg-2+deb7u2.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 4.3.6-dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.3.6-dfsg-1.

- -

Vi anbefaler at du opgraderer dine virtualbox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2878.data" diff --git a/danish/security/2014/dsa-2879.wml b/danish/security/2014/dsa-2879.wml deleted file mode 100644 index 95b27be71f8..00000000000 --- a/danish/security/2014/dsa-2879.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="1b5d5d1de20b4e80c9575e451fbc613e3e1bf3f6" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libssh, et lille SSH-bibliotek skrevet i C, ikke nulstillede -PRNG'ens tilstand efter at have accepteret en forbindelse. En applikation i -servertilstand, som fork'er sig selv for at håndtere indgående forbindelser, -kunne se sine børn, som delte den samme PRNG-tilstand, medførende en -kryptografisk svaghed samt muligvis adgang til den private nøgle.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.4.5-3+squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.5.4-1+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 0.5.4-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.5.4-3.

- -

Vi anbefaler at du opgraderer dine libssh-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2879.data" diff --git a/danish/security/2014/dsa-2880.wml b/danish/security/2014/dsa-2880.wml deleted file mode 100644 index 3890ee2a02e..00000000000 --- a/danish/security/2014/dsa-2880.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer blev opdaget i Python:

- -
    - -
  • CVE-2013-4238 - -

    Ryan Sleevi opdagede at NULL-tegn i SSL-certifikaters subject - alternate names blev fortolket på ukorrekt vis.

    • - -
  • CVE-2014-1912 - -

    Ryan Smith-Roberts opdagede et bufferoverløb i funktionen - socket.recvfrom_into().

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.7.3-6+deb7u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.7.6-7.

- -

Vi anbefaler at du opgraderer dine python2.7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2880.data" diff --git a/danish/security/2014/dsa-2881.wml b/danish/security/2014/dsa-2881.wml deleted file mode 100644 index 9c9d41f8b74..00000000000 --- a/danish/security/2014/dsa-2881.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="434004e1bf94c03bdc03c735e102cd1ead5b8151" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Flere fejl i forbindelse med hukommelsessikkerhed, -læsninger uden for grænserne, frigivelser efter anvendelse samt andre -implementeringsfejl kunne føre til udførelse af vilkårlig kode, -informationsafsløring og lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 24.4.0esr-1~deb7u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 24.4.0esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2881.data" diff --git a/danish/security/2014/dsa-2882.wml b/danish/security/2014/dsa-2882.wml deleted file mode 100644 index cc4bc167111..00000000000 --- a/danish/security/2014/dsa-2882.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="9d5943d52275cb10c5c59143dd76c76b78e30bc7" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder i forbindelse med udførelse af skripter på tværs af -websteder (XSS) er opdaget i extplorer, en webfiludforsker og -manager, som -anvender Ext JS. En fjernangriber kunne indsprøjte vilkårligt webskript eller -HTML-kode via en fabrikeret string i URL'en til application.js.php, admin.php, -copy_move.php, functions.php, header.php og upload.php.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.1.0b6+dfsg.2-1+squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.1.0b6+dfsg.3-4+deb7u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine extplorer-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2882.data" diff --git a/danish/security/2014/dsa-2883.wml b/danish/security/2014/dsa-2883.wml deleted file mode 100644 index e5cac190e35..00000000000 --- a/danish/security/2014/dsa-2883.wml +++ /dev/null @@ -1,135 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2013-6653 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - chromiums webindholdsfarvevælger.

    • - -
  • CVE-2013-6654 - -

    TheShow3511 opdagede et problem i SVG-håndteringen.

    • - -
  • CVE-2013-6655 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - DOM-eventhåndteringen.

    • - -
  • CVE-2013-6656 - -

    NeexEmil opdagede en informationslækage i XSS-auditoren.

    • - -
  • CVE-2013-6657 - -

    NeexEmil opdagede en måde at omgå Same Origin-policy i - XSS-auditoren.

    • - -
  • CVE-2013-6658 - -

    cloudfuzzer opdagede flere problemer vedrørende anvendelse efter - frigivelse med relation til funktionen updateWidgetPositions.

    • - -
  • CVE-2013-6659 - -

    Antoine Delignat-Lavaud og Karthikeyan Bhargavan opdagede at det var - muligt at udløse en uventet certifikatkøde under - TLS-genforhandling.

    • - -
  • CVE-2013-6660 - -

    bishopjeffreys opdagede en informationslækage i implementeringen af træk - og slip.

    • - -
  • CVE-2013-6661 - -

    Google Chrome-holdet opdagede og rettede flere problemer i version - 33.0.1750.117.

    • - -
  • CVE-2013-6663 - -

    Atte Kettunen opdagede et problem med anvendelse efter frigivelse i - SVG-håndteringen.

    • - -
  • CVE-2013-6664 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - funktionen til talegenkendelse.

    • - -
  • CVE-2013-6665 - -

    cloudfuzzer opdagede et bufferoverløbsproblem i - softwarerendereren.

    • - -
  • CVE-2013-6666 - -

    netfuzzer opdagede en begrænsningsomgåelse i plugin'en Pepper - Flash.

    • - -
  • CVE-2013-6667 - -

    Google Chrome-holdet opdagede og rettede flere problemer i version - 33.0.1750.146.

    • - -
  • CVE-2013-6668 - -

    Flere sårbarheder blev rettet i version 3.24.35.10 af - JavaScript-biblioteket V8.

    • - -
  • CVE-2014-1700 - -

    Chamal de Silva opdagede et problem med anvendelse efter frigivelse i - talesyntesen.

    • - -
  • CVE-2014-1701 - -

    aidanhs opdagede et problem med udførelse af skripter på tværs af - websteder i eventhåndteringen.

    • - -
  • CVE-2014-1702 - -

    Colin Payne opdagede et problem med anvendelse efter frigivelse i - implemeteringen af webdatabasen.

    • - -
  • CVE-2014-1703 - -

    VUPEN opdagede et problem med anvendelse efter frigivelse i websockets, - hvilket kunne føre til undslippelse fra sandkassen.

    • - -
  • CVE-2014-1704 - -

    Flere sårbarhed blev rettet i version 3.23.17.18 af - JavaScript-biblioteket V8.

    • - -
  • CVE-2014-1705 - -

    En problem med hukommelseskorruption blev opdaget i - JavaScript-biblioteket V8.

    • - -
  • CVE-2014-1713 - -

    Et problem med anvendelse efter frigivelse blev opdaget i funktionen - AttributeSetter.

    • - -
  • CVE-2014-1715 - -

    Et mappegennemløbsproblem blev fundet og rettet.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i version -33.0.1750.152-1~deb7u1.

- -

I distributionen testing (jessie), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -33.0.1750.152-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2883.data" diff --git a/danish/security/2014/dsa-2884.wml b/danish/security/2014/dsa-2884.wml deleted file mode 100644 index af4128f2133..00000000000 --- a/danish/security/2014/dsa-2884.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="599b15feb5e47279f3decc2e12f7424495ab6aab" mindelta="1" -sikkerhedsopdatering - -

Ivan Fratric fra Google Security Team opdagede en heapbaseret -bufferoverløbssårbarhed i LibYAML, et hurtigt bibliotek til fortolkning og -dannelse af YAML 1.1. En fjernangriber kunne levere et særligt fremstillet -YAML-dokument, som når det blev fortolket af en applikation, der anvender -libyaml, fik applikationen til at gå ned eller potentielt udføre vilkårlig kode -med rettighederne hørende til brugeren, der kører applikationen.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.1.3-1+deb6u4.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.1.4-2+deb7u4.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libyaml-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2884.data" diff --git a/danish/security/2014/dsa-2885.wml b/danish/security/2014/dsa-2885.wml deleted file mode 100644 index 2651e911392..00000000000 --- a/danish/security/2014/dsa-2885.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="ec2fb54b2aa898630f9f324f8e34cb7d671c2f07" mindelta="1" -sikkerhedsopdatering - -

Ivan Fratric fra Google Security Team opdagede en heapbaseret -bufferoverløbsårbarhed i LibYAML, et hurtig bibliotek til fortolkning og -dannelse af YAML 1.1. En fjernangriber kunne levere et særligt fremstillet -YAML-dokument, som når det blev fortolket af en applikation, der anvender -libyaml, fik applikationen til at gå ned eller potentielt udføre vilkårlig kode -med rettighederne hørende til brugeren, der kører applikationen.

- -

Opdateringen retter fejlen i den indlejrede kopi i pakken -libyaml-libyaml-perl.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.33-1+squeeze3.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.38-3+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.41-5.

- -

Vi anbefaler at du opgraderer dine libyaml-libyaml-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2885.data" diff --git a/danish/security/2014/dsa-2886.wml b/danish/security/2014/dsa-2886.wml deleted file mode 100644 index 4926208dbca..00000000000 --- a/danish/security/2014/dsa-2886.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="6446b140d67c47fe6833579d25736d20b12b860b" mindelta="1" -sikkerhedsopdatering - -

Nicolas Gregoire opdagede flere sårbarheder i libxalan2-java, et -Java-bibliotek til XSLT-behandling. Fabrikerede XSLT-programmer kunne -tilgå systemegenskaber eller læse vilkårlige klasser, med -informationsblotlæggelse til følge, samt potentielt udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.7.1-5+deb6u1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.7.1-7+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.7.1-9.

- -

Vi anbefaler at du opgraderer dine libxalan2-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2886.data" diff --git a/danish/security/2014/dsa-2887.wml b/danish/security/2014/dsa-2887.wml deleted file mode 100644 index 0ced87e64a9..00000000000 --- a/danish/security/2014/dsa-2887.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="9e60cc7018f92ec94af53c9436aaaf375b240abc" mindelta="1" -sikkerhedsopdatering - -

Aaron Neyer opdagede at manglende fornuftighedskontrol af inddata i Ruby -Actionmailers logningskomponent, kunne føre til lammelsesangreb (denial of -service) gennem en misdannet e-mail-meddelelse.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -3.2.6-2+deb7u1. ruby-activesupport-3.2 blev opdateret i en relateret ændring -til 3.2.6-6+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.2.16-3+0 af kildekodepakken rails-3.2.

- -

Vi anbefaler at du opgraderer dine ruby-actionmailer-3.2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2887.data" diff --git a/danish/security/2014/dsa-2888.wml b/danish/security/2014/dsa-2888.wml deleted file mode 100644 index 99e56a6b9e0..00000000000 --- a/danish/security/2014/dsa-2888.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="02d8a418bb8efe7a2d3a1750d6a02beadce8318f" mindelta="1" -sikkerhedsopdatering - -

Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao og Kevin Reintjes -opdagede flere sårbarheder i forbindelse med udførelse af skripter på tværs af -websteder og lammelsesangreb (denial of service) i Ruby Actionpack.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -3.2.6-6+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.2.16-3+0 af kildekodepakken rails-3.2.

- -

Vi anbefaler at du opgraderer dine ruby-actionpack-3.2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2888.data" diff --git a/danish/security/2014/dsa-2889.wml b/danish/security/2014/dsa-2889.wml deleted file mode 100644 index 05e7ba76379..00000000000 --- a/danish/security/2014/dsa-2889.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="c27adc8f33a24f7fdf912db35a969641730e3935" mindelta="1" -sikkerhedsopdatering - -

En SQL-indsprøjtningssårbarhed blev opdaget i postfixadmin, en -webadministrationgrænseflade til Postfix Mail Transport Agent, hvilket gjorde -det muligt for autentificerede brugere at foretage vilkårlige ændringer i -databasen.

- -

Den gamle stabile distribution (squeeze) indeholder ikke postfixadmin.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -2.3.5-2+deb7u1.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), er -dette problem rettet i version 2.3.5-3.

- -

Vi anbefaler at du opgraderer dine postfixadmin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2889.data" diff --git a/danish/security/2014/dsa-2890.wml b/danish/security/2014/dsa-2890.wml deleted file mode 100644 index 918b1d3c0f0..00000000000 --- a/danish/security/2014/dsa-2890.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i libspring-java, Debian-pakken indeholdende Java -Spring-frameworket.

- -
    - -
  • CVE-2014-0054 - -

    Jaxb2RootElementHttpMessageConverter i Spring MVC behandlede eksterne - XML-entiteter.

    • - -
  • CVE-2014-1904 - -

    Spring MVC indeholdt en sårbarhed i forbindelse med udførelse af skripter - på tværs af websteder, såfremt der ikke var angivet en handling på en - Spring-formular.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i version -3.0.6.RELEASE-6+deb7u3.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), er -disse problemer rettet i version 3.0.6.RELEASE-13.

- -

Vi anbefaler at du opgraderer dine libspring-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2890.data" diff --git a/danish/security/2014/dsa-2891.wml b/danish/security/2014/dsa-2891.wml deleted file mode 100644 index 93cec0b9d30..00000000000 --- a/danish/security/2014/dsa-2891.wml +++ /dev/null @@ -1,75 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i MediaWiki, en wikimotor. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2013-2031 - -

    Et angreb i forbindelse med udførelse af skripter på tværs af websteder - ved hjælp af gyldige indkapslede UTF-7-sekvenser i en SVG-fil.

    • - -
  • CVE-2013-4567 - & CVE-2013-4568 - -

    Kevin Israel (Wikipedia-brugeren PleaseStand) rapporterede to måder, at - indsprøjte JavaScript på, på grund af en ufuldstændig sortliste i funktionen - til fornuftighedskontrol af CSS.

    • - -
  • CVE-2013-4572 - -

    MediaWiki og udvidelsen CentralNotice opsatte ukorrekt cacheheadere, når - en bruger blev automatisk oprettet, hvilket medførte at brugerens - sessioncookie blev cachet, og returneret til andre brugere.

    • - -
  • CVE-2013-6452 - -

    Chris fra RationalWiki rapporterede at SVG-filer kunne uploades - indeholdende eksterne stylesheets, hvilket kunne føre til XSS, når et XSL - indeholdt JavaScript.

    • - -
  • CVE-2013-6453 - -

    MediaWikis SVG-fornuftighedskontrol kunne omgås, når XML'et blev anset - for at være ugyldigt.

    • - -
  • CVE-2013-6454 - -

    MediaWikis CSS-fornuftighedskontrol bortfiltrerede ikke - -o-link-attributter, hvilket kunne anvendes til at udføre JavaScript i Opera - 12.

    • - -
  • CVE-2013-6472 - -

    MediaWiki viste nogle oplysninger om slettede sider i log-API'et, - udvidede seneste ændringer og brugerovervågningslister.

    • - -
  • CVE-2014-1610 - -

    En sårbarhed i forbindelse med fjernudførelse af kode, fandtes hvis - filupload understøttende DjVu (håndteret internt) eller PDF-filer - (kombineret med PdfHandler-udvidelsen) var aktiveret. Ingen af filtyperne - er som standard aktiveret i MediaWiki.

    • - -
  • CVE-2014-2665 - -

    Forespørgselsforfalskning på tværs af websteder var muligt på - loginformularen: en angriber kunne logge et offer på som angriberen.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i version -1:1.19.14+dfsg-0+deb7u1 af pakken mediawiki og i 3.5~deb7u1 af pakken -mediawiki-extensions.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1:1.19.14+dfsg-1 af pakken mediawiki og i 3.5 af pakken -mediawiki-extensions.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2891.data" diff --git a/danish/security/2014/dsa-2892.wml b/danish/security/2014/dsa-2892.wml deleted file mode 100644 index fbec7bce92a..00000000000 --- a/danish/security/2014/dsa-2892.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i a2ps, en Anything to PostScript-converter -(alt til PostScript) samt pretty-printer. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2001-1593 - -

    Funktionen spy_user, som aktiveres når a2ps kaldes med flaget --debug, - anvendte midlertidige filer på usikker vis.

    • - -
  • CVE-2014-0466 - -

    Brian M. Carlson rapporterede at a2ps's fixps-skript ikke kaldte - gs med valgmuligheden -dSAFER. Dermed kunne udførelse af fixps på en - ondsindet PostScript-fil medføre, at filen blev slettet eller vilkårlige - kommandoer udført med rettighederne hørende til brugeren, som kører - fixps.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1:4.14-1.1+deb6u1.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -1:4.14-1.1+deb7u1.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), vil -disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine a2ps-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2892.data" diff --git a/danish/security/2014/dsa-2893.wml b/danish/security/2014/dsa-2893.wml deleted file mode 100644 index 444aec62c91..00000000000 --- a/danish/security/2014/dsa-2893.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev rettet i Openswan, en implementering af IKE/IPsec til -Linux.

- -
    - -
  • CVE-2013-2053 - -

    Under en audit af Libreswan (som Openswan der noget kode med), fandt - Florian Weimer et fjernudførbart bufferoverløb i funktionen atodn(). - Sårbarheden kan udløses når Opportunistic Encryption (OE) er aktiveret og en - angriber kontrollerer PTR-registreringen af en peer-IP-adresse. - Autentifikation er ikke nødvendig for at udløse sårbarheden.

    • - -
  • CVE-2013-6466 - -

    Iustina Melinte fandt en sårbarhed i Libreswan, hvilket også gælder - Openswan-koden. Ved omhyggeligt at fremstille IKEv2-pakker, kunne en - angriber få pluto-dæmonen til at dereferere ikke-modtaget IKEv2-payload, - førende til at dæmonen gik ned. Autentifikation er ikke nødvendig for at - udløse sårbarheden.

    • - -
- -

Rettelser blev oprindelig skrevet til sårbarhederne i Libreswan, og de er -blevet tilpasset Openswan af Paul Wouters fra Libreswan-projektet.

- -

Da Openswan-pakken ikke længere vedligeholdes i Debian-distributionen, og -ikke er tilgængelig i hverken testing eller unstable, anbefales brugere af -IKE/IPsec at skifte til en understøttet implementering, så som strongSwan.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 2.6.28+dfsg-5+squeeze2.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.6.37-3.1.

- -

Vi anbefaler at du opgraderer dine openswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2893.data" diff --git a/danish/security/2014/dsa-2894.wml b/danish/security/2014/dsa-2894.wml deleted file mode 100644 index e8605c528b3..00000000000 --- a/danish/security/2014/dsa-2894.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i OpenSSH, en implementerin af -SSH-protokolsuiten. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2014-2532 - -

    Jann Horn opdagede at OpenSSH på ukorrekt vis håndterede wildcards i - AcceptEnv-linjer. En fjernangriber kunne udnytte problemet til at narre - OpenSSH til at acceptere en vilkårlig miljøvariabel, som indeholder tegnene - før wildcard-tegnene.

    • - -
  • CVE-2014-2653 - -

    Matthew Vernon rapporterede at hvis en SSH-server tilbød et - HostCertificate, som ssh-klienten ikke accepterede, kiggede klienten ikke i - DNS efter SSHFP-poster. Som følge heraf kunne en ondsindet server - deaktivere SSHFP-kontrol ved at præsentere et certifikat.

    - -

    Bemærk at værtsverifikationsspørgsmålet stadig vises før der - forbindes.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1:5.5p1-6+squeeze5.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1:6.0p1-4+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:6.6p1-1.

- -

Vi anbefaler at du opgraderer dine openssh-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2894.data" diff --git a/danish/security/2014/dsa-2895.wml b/danish/security/2014/dsa-2895.wml deleted file mode 100644 index 7209132aa68..00000000000 --- a/danish/security/2014/dsa-2895.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="019cd3b809959b8e21b9b66c3bfd4660ffc8dace" mindelta="1" -sikkerhedsopdatering - -

En lammelsesangrebssårbared (denial of service) er rapporteret vedrørende -Prosody, en XMPP-server. Hvis komprimering er aktiveret, kunne en angriber -måske sende stærkt komprimerede XML-elementer (et angreb kendt som -zip bomb eller zip-bombe) over XMPP-streams samt forbruge alle -serverens ressourcer.

- -

SAX XML-fortolkeren lua-expat var også påvirket af problemerne.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.8.2-4+deb7u1 of prosody.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.9.4-1 of prosody.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.0-5+deb7u1 of lua-expat.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3.0-1 lua-expat.

- -

Vi anbefaler at du opgraderer dine prosody- og lua-expat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2895.data" diff --git a/danish/security/2014/dsa-2896.wml b/danish/security/2014/dsa-2896.wml deleted file mode 100644 index c64f040f3d7..00000000000 --- a/danish/security/2014/dsa-2896.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="77ae07f8a2af63a8ba978637f20f741059c7a62e" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed er opdaget i OpenSSL's understøttelse af TLS/DTLS -Heartbeat-udvidelsen. En angriber kunne få adgang til 64KB hukommelse fra enten -klient eller server. Sårbarheden kunne gøre det muligt for en angriber at -kompromittere den private nøgle og andre følsomme data i hukommelsen.

- -

Alle brugere bør opgradere deres openssl-pakker (særligt libssl1.0.0) samt -genstarte applikationer så hurtigt som muligt.

- -

Ifølge de i øjeblikket tilgængelige oplysninger, bør private nøgler betragtes -som kompromitterede og bør genfremstilles så hurtigt som muligt. Senere vil -flere oplysninger blive offentliggjort.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket af denne -sårbarhed.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1.0.1e-2+deb7u5.

- -

I distributionen testing (jessie), er dette problem rettet i version -1.0.1g-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.0.1g-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2896.data" diff --git a/danish/security/2014/dsa-2897.wml b/danish/security/2014/dsa-2897.wml deleted file mode 100644 index 4eebc81c1b0..00000000000 --- a/danish/security/2014/dsa-2897.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer blev fundet i Tomcat-servlet'en og JSP-motoren:

- -
    - -
  • CVE-2013-2067 - -

    FORM-autentifikation forbinder den seneste forespørgsel, som kræver - autentifikation, med den aktuelle session. Ved at sende gentagne - forespørgsler til en autentificeret ressource, men offeret er ved at udfylde - loginformularen, kunne en angriber indsprøjte en forespørgsel, som blev - udført med offerets brugerrettigheder.

    • - -
  • CVE-2013-2071 - -

    En exception på kørselstidspunktet i AsyncListener.onComplete(), - forhindrede forespørgslen i at blive genbrugt. Det kunne udstille elementer - fra en tidligere forespørgsel til den aktuelle.

    • - -
  • CVE-2013-4286 - -

    Afvisning af forespørgsler med flere content-length-headere eller med en - content-length-header, når chunked encoding anvendes.

    • - -
  • CVE-2013-4322 - -

    Ved behandling af en forespørgsel indsendt ved hjælp af chunked - transfer-encoding, ignorerede Tomcat den, men begrænsede ikke nogen - indeholdte udvidelser. Dermed var det muligt for en klient at iværksætte - et begrænset lammelsesangreb (denial of service), ved at streame en - ubegrænset datamængde til serveren.

    • - -
  • CVE-2014-0050 - -

    Multipart-forespørgsler med en misdannet Content-Type-header, kunne - udløse en uendelig løkke, forårsagende et lammelsesangreb.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 7.0.28-4+deb7u1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 7.0.52-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.0.52-1.

- -

Vi anbefaler at du opgraderer dine tomcat7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2897.data" diff --git a/danish/security/2014/dsa-2898.wml b/danish/security/2014/dsa-2898.wml deleted file mode 100644 index b4a833a913e..00000000000 --- a/danish/security/2014/dsa-2898.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="279323ec8f0aae53301a6852770aae785988503d" mindelta="1" -sikkerhedsopdatering - -

Flere bufferoverløb blev fundet i Imagemagick, en samling af programmer til -billedbehandling. Behandling af misdannede PSD-filer kunne føre til udførelse -af vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet -i version 8:6.6.0.4-3+squeeze4.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 8:6.7.7.10-5+deb7u3.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 8:6.7.7.10+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 8:6.7.7.10+dfsg-1.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2898.data" diff --git a/danish/security/2014/dsa-2899.wml b/danish/security/2014/dsa-2899.wml deleted file mode 100644 index 500d03a0160..00000000000 --- a/danish/security/2014/dsa-2899.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="4f2a4678d1f7446ddbbe6cc9cbb075c38942c7f5" mindelta="1" -sikkerhedsopdatering - -

Michael Meffie opdagede at i OpenAFS, et distributeret filsystem, kunne en -angriber med mulighed for at forbinde sig til en OpenAFS-filserver, udløse et -bufferoverløb, hvilket fik filserveren til at gå ned samt potentielt tillade -udførelse af vilkårlig kode.

- -

Desuden løser denne opdatering et mindre lammelsesangrebsproblem: Serverens -lyttetråd hang i omkring et sekund, når den modtog en ugyldig pakke, hvilket gav -mulighed for at sløve serveren ned til en ubrugbar tilstand, når der blev sendt -sådanne pakker til den.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet -i version 1.4.12.1+dfsg-4+squeeze3.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.6.1-3+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.7-1.

- -

Vi anbefaler at du opgraderer dine openafs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2899.data" diff --git a/danish/security/2014/dsa-2900.wml b/danish/security/2014/dsa-2900.wml deleted file mode 100644 index daae912aba3..00000000000 --- a/danish/security/2014/dsa-2900.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="f998f4d2128d1eee67a8122f146968e14e82a776" mindelta="1" -sikkerhedsopdatering - -

Florian Weimer fra Red Hats produktsikkerhedshold, opdagede flere -bufferoverløb i jbigkit, hvilke kunne føre til udførelse af vilkårlig kode ved -behandling af misdannede billeder.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.0-2+deb7u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine jbigkit-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2900.data" diff --git a/danish/security/2014/dsa-2901.wml b/danish/security/2014/dsa-2901.wml deleted file mode 100644 index 6929b3c26d4..00000000000 --- a/danish/security/2014/dsa-2901.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Wordpress, et værktøj til webblogging. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2014-0165 - -

    En bruger med en contributor-rolle, kunne ved hjælp af en særligt - fremstillet forespørgsel, udgive indlæg, hvilket er modsat for brugere af - den næste, højere rolle.

    • - -
  • CVE-2014-0166 - -

    Jon Cave fra WordPress' sikkerhedshold, opdagede at funktionen - wp_validate_auth_cookie i wp-includes/pluggable.php ikke på korrekt vis - afgjorde autentifikationscookies gyldighed, hvilket gjorde det muligt for en - fjernangriber at få adgang via en forfalsket cookie.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet -i version 3.6.1+dfsg-1~deb6u2.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.6.1+dfsg-1~deb7u2.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 3.8.2+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.8.2+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2901.data" diff --git a/danish/security/2014/dsa-2902.wml b/danish/security/2014/dsa-2902.wml deleted file mode 100644 index 80f17a48082..00000000000 --- a/danish/security/2014/dsa-2902.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev op daget i cURL, et URL-overførselsbibliotek. Projektet -Common Vulnerabilities and Exposures har registeret følgende problemer:

- -
    - -
  • CVE-2014-0138 - -

    Steve Holme opdagede at libcurl under nogle omstændigheder genanvendte - den forkerte forbindelse, når det blev bedt om at foretage overførsler ved - hjælp af andre protokoller end HTTP and FTP.

    • - -
  • CVE-2014-0139 - -

    Richard Moore fra Westpoint Ltd. rapporterede atlibcurl ikke overholdt - RFC 2828 under visse omstændigheder, samt at der blev foretage ukorrekte - valideringer af wildcard-SSL-certifikater indehldende litterale -IP-adresser.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 7.21.0-2.1+squeeze8.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 7.26.0-1+wheezy9.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 7.36.0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.36.0-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2902.data" diff --git a/danish/security/2014/dsa-2903.wml b/danish/security/2014/dsa-2903.wml deleted file mode 100644 index f77bc271a4f..00000000000 --- a/danish/security/2014/dsa-2903.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="1101211a46ee35992ddbf23f45fe8d0409c48b68" mindelta="1" -sikkerhedsopdatering - -

En autentifikationsomgåelsessårbarhed blev fundet i charon, dæmonen som -håndterre IKEv2 i strongSwan, en IKE-/IPsec-programsamling. Tilstandsmaskinen -som håndterer sikkerhedstilknytningen (IKE_SA), håndterede nogle -tilstandsovergange på ukorrekt vis.

- -

En angriber kunne udløse sårbarheden ved at rekey'e en ikke-etableret -IKE_SA under selve initialiseringen. Dermed blev IKE_SA tilstanden narret til -established (etableret) uden behov for at lvere gyldige -identifikationsoplysninger.

- -

Sårbare opsætninger er blandt andre dem, der aktivt igangsætter IKEv2-IKE_SA -(så som clients og roadwarriors), men også under genautentifkation -(hvilket kan igangsættes af den svarende). Installationer som anvender IKEv1 -(pluto-dæmonen i strongSwan 4 og tidligere, samt IKEv1-kode i charon 5.x) er -ikke påvirket.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 4.4.1-5.5.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 4.5.2-1.5+deb7u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.1.2-4.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2903.data" diff --git a/danish/security/2014/dsa-2904.wml b/danish/security/2014/dsa-2904.wml deleted file mode 100644 index 6ce4b8b5a2a..00000000000 --- a/danish/security/2014/dsa-2904.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="0744ddd0daeaccea007cbcaa86b411dd4f627b7d" mindelta="1" -sikkerhedsopdatering - -

Francisco Falcon opdagede at manglende fornuftighedskontrol af inddaa i -3-D-accelerationskoden i VirtualBox kunne føre til udførelse af vilkårlig kode -på værtssystemet.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 3.2.10-dfsg-1+squeeze3.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.1.18-dfsg-2+deb7u3.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 4.3.10-dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.3.10-dfsg-1.

- -

Vi anbefaler at du opgraderer dine virtualbox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2904.data" diff --git a/danish/security/2014/dsa-2905.wml b/danish/security/2014/dsa-2905.wml deleted file mode 100644 index 131cf1ee6f0..00000000000 --- a/danish/security/2014/dsa-2905.wml +++ /dev/null @@ -1,94 +0,0 @@ -#use wml::debian::translation-check translation="b128ca5f062ffd92dfde8a7b5888d4e87ec075f2" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2014-1716 - -

    Et problev med udførelse af skripter på tværs af websteder blev opdaget i - i JavaScript-biblioteket v8.

    • - -
  • CVE-2014-1717 - -

    Et problem med læsning uden for grænserne blev opdaget i - JavaScript-biblioteket v8.

    • - -
  • CVE-2014-1718 - -

    Aaron Staple opdagede et heltalsoverløbsproblem i chromiums - softwarecompositor.

    • - -
  • CVE-2014-1719 - -

    Colin Payne opdagede et problem med anvendelse efter frigivelse i - implementeringen af webworkers.

    • - -
  • CVE-2014-1720 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - implementeringen af dokumentobjektmodellen Blink/Webkit.

    • - -
  • CVE-2014-1721 - -

    Christian Holler opdagede et problem med hukommelseskorruption i - JavaScript-biblioteket v8.

    • - -
  • CVE-2014-1722 - -

    miaubiz opdagede et problem med anvendelse efter frigivelse i - blokendering.

    • - -
  • CVE-2014-1723 - -

    George McBay opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2014-1724 - -

    Atte Kettunen opdagede et problem med anvendelse efter frigivelse i - freebsofts bibliotek libspeechd.

    - -

    På grund af problemet, er funktionen vedrørende tekst til tale nu - deaktiveret som standard (--enable-speech-dispatcher på - kommandolinjen genaktiverer det).

    • - -
  • CVE-2014-1725 - -

    En læsning uden for grænserne blev opdaget i implementeringen af - base64.

    • - -
  • CVE-2014-1726 - -

    Jann Horn opdagede en måde, at omgå same ophav-reglen på.

    • - -
  • CVE-2014-1727 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - implementeringen af webfarvevælgeren.

    • - -
  • CVE-2014-1728 - -

    Google Chrome-udviklingsholdet opdagede og rettede flere problemer me - potentielt sikkerhedspåvirkning.

    • - -
  • CVE-2014-1729 - -

    oogle Chrome-udviklingsholdet opdagede og rettede flere problemer i - version 3.24.35.22 af JavaScript-biblioteket v8.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 34.0.1847.116-1~deb7u1.

- -

I distributionen testing (jessie), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 34.0.1847.116-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2905.data" diff --git a/danish/security/2014/dsa-2906.wml b/danish/security/2014/dsa-2906.wml deleted file mode 100644 index bf007e9d245..00000000000 --- a/danish/security/2014/dsa-2906.wml +++ /dev/null @@ -1,198 +0,0 @@ -#use wml::debian::translation-check translation="4007e36d42f1282cea67ecf936b8b9eb66d7194a" mindelta="1" -rettighedsforøgelse/lammelsesangreb/informationslækage - -

Flere sårbarheder er opdaget i Linux-kerne, hvilke kunne føre til et -lammelsesangreb (denial of service), informationslækage og rettighedsforøgelse. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2013-0343 - -

    George Kargiotakis rapporterede om et problem i håndteringen af - midlertidige adresser i IPv6-privatlivsudvidelser. Brugere på det samme - LAN, kunne forårsage lammelsesangreb eller få adgang til følsomme - oplysninger, ved at sende routerannonceringsmeddelelser, som forårsagede - at generering af midlertidige adresser blev slået fra.

    • - -
  • CVE-2013-2147 - -

    Dan Carpenter rapporterede problemer i cpqarray-driveren til Compaq - Smart2-controllere og cciss-driveren til HP Smart Array-controllere, - hvilket gjorde det muligt for brugere, at få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-2889 - -

    Kees Cook opdagede manglende fornuftighedskontrol af inddata i - HID-driveren til Zeroplus-gamepads, hvilket kunne føre til et lokalt - lammelsesangreb.

    • - -
  • CVE-2013-2893 - -

    Kees Cook opdagede at manglende fornuftighedskontrol i HID-driveren til - forskellige Logitech-forcefeedbackenheder kunne føre til et lokalt - lammelsesangreb.

    • - -
  • CVE-2013-2929 - -

    Vasily Kulikov opdagede at en fejl i funktionen get_dumpable() i - ptrace-undersystemet kunne føre til informationsafsløring. Kun systemer med - sysctl'en fs.suid_dumpable opsat til en ikke-standardværdi på 2 er - sårbare.

    • - -
  • CVE-2013-4162 - -

    Hannes Frederic Sowa opdagede at ukorrekt håndtering af IPv6-sockets - som anvender valgmuligheden UDP_CORK, kunne medføre - lammelsesangreb.

    • - -
  • CVE-2013-4299 - -

    Fujitsu rapporterede om et problem i undersystemet device-mapper. Lokale - brugere kunne få adgang til følsom kernehukommelse.

    • - -
  • CVE-2013-4345 - -

    Stephan Mueller fandt en fejl i generatoren af ANSI-pseudo-tilfældige - tal, hvilket kunne føre til anvende af mindre entropi end - forventet.

    • - -
  • CVE-2013-4512 - -

    Nico Golde og Fabian Yamaguchi rapporterede om et problem i - brugertilstandslinuxporten. En bufferoverløbtilstand fandtes i - skrivemetoden vedrørende filen /proc/exitcode. Lokale brugere med - tilstrækkelige rettigheder, som giver dem lov til at skrive til denne fil, - kunne få adgang til yderligere forøgede rettigheder.

    • - -
  • CVE-2013-4587 - -

    Andrew Honig fra Google rapporterede om et problem i - KVM-virtualiseringsundersystemet. En lokal bruger kunne opnå forøgede - rettigheder ved at overføre et stort vcpu_id-parameter.

    • - -
  • CVE-2013-6367 - -

    Andrew Honig fra Google rapporterede om et problem i - KVM-virtualiseringsundersystemet. En division med nul-tilstand kunne gøre - det muligt for en gæstebruger, at forårsage et lammelsesangreb på værten - (nedbrud).

    • - -
  • CVE-2013-6380 - -

    Mahesh Rajashekhara rapporterede om et problem i aacraid-driveren til - storage-produkter fra forskellige leverandører. Lokale brugere med - CAP_SYS_ADMIN-rettigheder kunne få yderlige forøgede rettigheder.

    • - -
  • CVE-2013-6381 - -

    Nico Golde og Fabian Yamaguchi rapporterede om et problem i - enhedsunderstøttelsen af Gigabit Ethernet på s390-systemer. Lokale brugere - kunne forårsage et lammelsesangreb eller opnå forøgede rettigheder ved hjælp - af ioctl'en SIOC_QETH_ADP_SET_SNMP_CONTROL.

    • - -
  • CVE-2013-6382 - -

    Nico Golde og Fabian Yamaguchi rapporterede om et problem i - XFS-filsystemet. Lokale brugere med CAP_SYS_ADMIN-rettigheder, kunne opnå - yderligere forøgede rettigheder.

    • - -
  • CVE-2013-6383 - -

    Dan Carpenter rapporterede om et problem i aacraid-driveren til - storage-enheder fra forskellige leverandører. En lokal bruger kunne få - forøgede rettigheder på grund af en manglende rettighedsniveaukontrol i - funktionen aac_compat_ioctl.

    • - -
  • CVE-2013-7263 - CVE-2013-7264 - CVE-2013-7265 - -

    mpb rapporterede om en informationslækage i systemkaldende recvfrom, - recvmmsg og recvmsg. En lokal bruger kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2013-7339 - -

    Sasha Levin rapporterede om et problem i RDS-netværksprotokollen over - Infiniband. En lokal bruger kunne forårsage en - lammelsesangrebstilstand.

    • - -
  • CVE-2014-0101 - -

    Nokia Siemens Networks rapporterede om et problem i - SCTP-netværksprotokolsundersystemet. Fjernbrugere kunne forårsage - lammelsesangreb (NULL-pointerdereference).

    • - -
  • CVE-2014-1444 - -

    Salva Peiro rapporterede om et problem i FarSync WAN-driveren. Lokale - brugere med CAP_NET_ADMIN-muligheden, kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2014-1445 - -

    Salva Peiro rapporterede om et problem i driveren til det serielle - wanXL-kort. Lokale brugere kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2014-1446 - -

    Salva Peiro rapporterede om et problem i YAM-radiomodemdriveren. Lokal - brugere med CAP_NET_ADMIN-muligheden, kunne få adgang til følsom - kernehukommelse.

    • - -
  • CVE-2014-1874 - -

    Matthew Thode rapporterede om et problem i undersystemet SELinux. En lokal - bruger med CAP_MAC_ADMIN-rettigheder, kunne forårsage lammelsesangreb ved at - opsætte en tom sikkerhedskontekst på en feil.

    • - -
  • CVE-2014-2039 - -

    Martin Schwidefsky rapporterede om et problem på s390-systemer. En lokal - bruger kunne forårsage et lammelsesangreb (kerne-ups) ved at udføre en - applikation med en linkagestakinstruktion.

    • - -
  • CVE-2014-2523 - -

    Daniel Borkmann leverede en rettelse af et problem i modulet - nf_conntrack_dccp. Fjernbrugere kunne forårsage et lammelsesangreb - (systemnedbrud) eller potentielt opnå forøgede rettigheder.

    • - -
- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.6.32-48squeeze5.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage nytte af opdateringen:

- -
- - - - - - - - - -
 Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+48squeeze5
-
- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker. - -

Bemærk: Debian holder omhyggeligt rede på alle kendte -sikkerhedsproblemer på tværs af alle linux-kerne-pakker i alle udgivelser med -aktiv sikkerhedsunderstøttelse. Men den store mængde sikkerhedsproblemer af lav -prioritet, der opdages i kernen og ressourcekravene til at foretage en -opdatering, taget i betragtning, vil problemer af lavere sikkerhedsprioritet -typisk ikke blive udgivet til alle kerner på samme tid. I stedet vil de blive -opsamlet og udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2906.data" diff --git a/danish/security/2014/dsa-2907.wml b/danish/security/2014/dsa-2907.wml deleted file mode 100644 index a26238137b8..00000000000 --- a/danish/security/2014/dsa-2907.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="1d62dd886062da12519eec32eacba73cbb179380" mindelta="1" -annoncering af langtidsunderstøttelse af Debian oldstable - -

Dette er et forvarsel om at almindelig sikkerhedsunderstøttelse af Debian -GNU/Linux 6.0 (kodenavn squeeze) ophører den 31. maj.

- -

Dog er vi glade for at kunne annoncere, at sikkerhedsunderstøttelsen af -squeeze vil blive udvidet til februar 2016, dvs. fem år efter den oprindelige -udgivelse. Arbejdet udføres af forskellige interessenter/virksomheder, som har -behov for længere sikkerhedsunderstøttelse. -Se afsnittet LTS i den -\ -oprindelige annoncering.

- -

I øjeblikket er man ved at fastlægge hvordan det kommer til at fungere, og en -mere udførlig annoncering vil snart blive offentliggjort.

- -

En kort fremadrettet OSS (men man bør virkelige vente på den mere udførlige -annoncering): -

- -
-
Hvad er forskellen mellem den almindelige sikkerhedsunderstøttelse - og LTS-understøttelsen?
- -
squeeze-lts vil kun understøtte i386 og amd64. Benytter man en anden - arkitektur, er man nødt til at opgradere til Debian 7 (wheezy). Der vil - også være nogle få pakker, som ikke understøttes i squeeze-lts (fx nogle - enkelte webbaserede applikationer, som ikke kan understøttes i fem år). - Der vil være et værktøj, som finder sådanne pakker, der ikke er - understøttet.
- -
Betyder det at Debian 7 (wheezy) og/eller Debian 8 (jessie) også får - fem års sikkerhedsunderstøttelse?
- -
Formentlig, vi får se hvordan squeeze-lts kommer til at fungere. Hvis der - er tilstrækkelig understøttelse, vil det desuden fortsætte ved senere - udgivelser. Se også nedenfor.
- -
Er der brug for ekstra hjælp?
- -
Helt sikkert, squeeze-lts bliver ikke håndteret af Debians sikkerhedshold, - men af en separat gruppe frivillige og virksomheder, med interesse for at - gøre det til en succes (med et vist overlap blandt involverede personer). - Så, hvis du har en virksomhed, der anvender Debian og ser en fordel ved - sikkerhedsunderstøttelse i fem år, så kontakt på engelsk - team@security.debian.org, og vi vil kigge på, hvordan du kan hjælpe til - (hvis du fx ikke har mandskab eller viden, men er villig til at bidrage, - kan vi henvise til en liste over Debian-konsulenter).
- -
- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2907.data" diff --git a/danish/security/2014/dsa-2908.wml b/danish/security/2014/dsa-2908.wml deleted file mode 100644 index e2c491ea596..00000000000 --- a/danish/security/2014/dsa-2908.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="4becc05191e59ce32520eb4af5a283d6ed3d1e41" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i OpenSSL. Projektet Common Vulnerabilities -and Exposures har registreret følgende id'er:

- -
    - -
  • CVE-2010-5298 - -

    En læsningsbuffer kunne blive frigivet, selv når den stadig indeholdt - data, som anvendes senere, førende til anvendelse efter frigivelse. Med en - kapløbstilstand i en flertrådet applikation, kunne det give en angriber - mulighed for at indsprøjte data fra en forbindelse ind i en anden eller - forårsage et lammelsesangreb (denial of service).

    • - -
  • CVE-2014-0076 - -

    ECDSA-nonces kunne opsnappes gennem sidekanalcacheangrebet Yarom/Benger - FLUSH+RELOAD.

    • - -
- -

Et tredje problem, ikke tildelt en CVE-id, er manglende genkendelse af flaget -critical for anvendelse af udvidet TSA-nøgle under visse -omstændigheder.

- -

Desuden kontrollerer denne opdatering flere tjenster, som måske har behov for -at blive genstartet efter opgradering af libssl, genkendlese af apache2 og -postgresql rettes, og der tilføjes understøttelse af debconf-opsætningen -libraries/restart-without-asking. Dermed kan tjenster blive genstarten -ved opgradering, uden at brugeren bliver spurgt.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket af -CVE-2010-5298 -og den bliver måske opdateret på et senere tidspunkt for at løse tilbageværende -sårbarheder.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.0.1e-2+deb7u7.

- -

I distributionen testing (jessie), these problems will be fixed -soon.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.1g-3.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2908.data" diff --git a/danish/security/2014/dsa-2909.wml b/danish/security/2014/dsa-2909.wml deleted file mode 100644 index a24ee0ac9fb..00000000000 --- a/danish/security/2014/dsa-2909.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="c6854ed3925915816537ef8804f8c5809e81ef3e" mindelta="1" -sikkerhedsopdatering - -

Michael S. Tsirkin fra Red Hat opdagede en bufferoverløbsfejl i den måde qemu -behandlede opdateringsforespørgsler fra gæsten af MAC-tabeladresser på.

- -

En priviligeret bruger kunne udnytte fejlen til at gøre qemus -proceshukommelsen korrupt på værtsmaskinen, hvilket potentielt kunne medføre -udførelse af vilkårlig kode med rettighederne hørende til qemu-processens.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.12.5+dfsg-3squeeze4.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.1.2+dfsg-6a+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1.7.0+dfsg-8.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.7.0+dfsg-8.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2909.data" diff --git a/danish/security/2014/dsa-2910.wml b/danish/security/2014/dsa-2910.wml deleted file mode 100644 index f2656fc062d..00000000000 --- a/danish/security/2014/dsa-2910.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="779b452788a4a12efb1184cddd2c525ed88766e2" mindelta="1" -sikkerhedsopdatering - -

Michael S. Tsirkin fra Red Hat opdagede en bufferoverløbsfejl i den måde qemu -behandlede opdateringsforespørgsler fra gæsten af MAC-tabeladresser på.

- -

En priviligeret bruger kunne udnytte fejlen til at gøre qemus -proceshukommelsen korrupt på værtsmaskinen, hvilket potentielt kunne medføre -udførelse af vilkårlig kode med rettighederne hørende til qemu-processens.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.12.5+dfsg-5+squeeze11.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.1.2+dfsg-6+deb7u1.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2910.data" diff --git a/danish/security/2014/dsa-2911.wml b/danish/security/2014/dsa-2911.wml deleted file mode 100644 index b12e9c43e96..00000000000 --- a/danish/security/2014/dsa-2911.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="88e2f614a98eeb1397ccdf9932ac55ba24330a08" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i Icedove, Debians udgave af mail- og -newsklienten Mozilla Thunderbird. Flere fejl i forbindelse med -hukommelsessikkerhed, læsninger uden for grænserne, anvendelse efter frigivelse -samt andre implementeringsfejl, kunne føre til udførelse af vilkårlig kode, -informationsafsløring og lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -24.4.0-1~deb7u1. Dette opdaterer Icedove til Extended Support -Release-forgrening 24 (ESR). En opdateret og kompatibel version af Enigmail er -indeholdt i opdateringen.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 24.4.0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 24.4.0-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2911.data" diff --git a/danish/security/2014/dsa-2912.wml b/danish/security/2014/dsa-2912.wml deleted file mode 100644 index e4a019379ce..00000000000 --- a/danish/security/2014/dsa-2912.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="2f78ff38b625c1443701da5866e12b6f7ada69ba" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udførelse af vilkårlig kode, udbrud fra sandkassen, -informationsafsløring og lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet -i version 6b31-1.13.3-1~deb6u1.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 6b31-1.13.3-1~deb7u1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 6b31-1.13.3-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 6b31-1.13.3-1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2912.data" diff --git a/danish/security/2014/dsa-2913.wml b/danish/security/2014/dsa-2913.wml deleted file mode 100644 index 8ca151745ce..00000000000 --- a/danish/security/2014/dsa-2913.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="e36025ffe1e148b5655afb17df795380ca370475" mindelta="1" -sikkerhedsopdatering - -

En informationsafsløringssårbarhed blev opdaget i Drupal, et komplet -framework til indholdshåndtering. Når sider blev cachet for anonyme brugere, -kunne formular-tilstanden blive lækket mellem anonyme brugere. Følsomme eller -private oplysninger, gemt vedrørende én anonym bruger, kunne dermed blive -afsløret til andre andre brugere, som benyttede den samme formular på det samme -tidspunkt.

- -

Sikkerhedsopdateringen indfører små API-ændringer, se opstrømsbulletinen på -drupal.org/SA-CORE-2014-002 -for flere oplysninger.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 7.14-2+deb7u4.

- -

I distributionen testing (jessie), er dette problem rettet i -version 7.27-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.27-1.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2913.data" diff --git a/danish/security/2014/dsa-2914.wml b/danish/security/2014/dsa-2914.wml deleted file mode 100644 index e1280b85441..00000000000 --- a/danish/security/2014/dsa-2914.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="a87f1d8f4f5eb72531f41e5968d4cb2cf0182e3d" mindelta="1" -sikkerhedsopdatering - -

En informationsafsløringssårbarhed blev opdaget i Drupal, et komplet -framework til indholdshåndtering. Når sider blev cachet for anonyme brugere, -kunne formular-tilstanden blive lækket mellem anonyme brugere. Følsomme eller -private oplysninger, gemt vedrørende én anonym bruger, kunne dermed blive -afsløret til andre andre brugere, som benyttede den samme formular på det samme -tidspunkt.

- -

Sikkerhedsopdateringen indfører små API-ændringer, se opstrømsbulletinen på -drupal.org/SA-CORE-2014-002 -for flere oplysninger.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 6.31-1.

- -

Vi anbefaler at du opgraderer dine drupal6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2914.data" diff --git a/danish/security/2014/dsa-2915.wml b/danish/security/2014/dsa-2915.wml deleted file mode 100644 index 5e7bea7f992..00000000000 --- a/danish/security/2014/dsa-2915.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="2dcaf19bb1f02a0122fb67734760b8009a727abc" mindelta="1" -sikkerhedsopdatering - -

Jakub Wilk opdagede at dpkg ikke på korrekt vis fortolkede filnavne omgivet -af anførselstegn på C-stil, hvilket gjorde det muligt at gennemløbe stier, når -en kildekodepakke blev udpakket, førende til oprettede af filer uden for den -mappe hvori kildekoden blev udpakket.

- -

Opdateringen til den stabile distribution (wheezy) indeholder desuden -ændringer som ikke er sikkerhedsrelaterede, som skulle have været medtaget i -punktopdateringen til 7.5.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i version -1.15.9.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1.16.13.

- -

I distributionen testing (jessie), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), this problem will be fixed in -version 1.17.8.

- -

Vi anbefaler at du opgraderer dine dpkg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2915.data" diff --git a/danish/security/2014/dsa-2916.wml b/danish/security/2014/dsa-2916.wml deleted file mode 100644 index f8d27ab81aa..00000000000 --- a/danish/security/2014/dsa-2916.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="746c70c87d1f0fd4947480fd25a3081a6140d079" mindelta="1" -sikkerhedsopdatering - -

Alex Chapman opdagede at et bufferoverløb i behandlingen af MMS over -HTTP-meddelelser, kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 0.6-1+squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.6.2-3+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.6.2-4.

- -

Vi anbefaler at du opgraderer dine libmms-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2916.data" diff --git a/danish/security/2014/dsa-2917.wml b/danish/security/2014/dsa-2917.wml deleted file mode 100644 index 6428f3f66a8..00000000000 --- a/danish/security/2014/dsa-2917.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="b1bbd35537edbcba3b124f21f4a077876772c8aa" mindelta="1" -sikkerhedsopdatering - -

John Lightsey fra Debian Security Audit-projektet, opdagede at pakken super -ikke kontrollerede for setuid-fejl, hvilket gjorde det muligt for lokale brugere -at forøge rettigheder på kerneversioner, som ikke beskytter mod -RLIMIT_NPROC-angreb.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 3.30.0-3+squeeze2.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.30.0-6+deb7u1.

- -

Vi anbefaler at du opgraderer dine super-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2917.data" diff --git a/danish/security/2014/dsa-2918.wml b/danish/security/2014/dsa-2918.wml deleted file mode 100644 index 48f9778769c..00000000000 --- a/danish/security/2014/dsa-2918.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="27acc86eb3da7df32f13afeb36ee572d39c992eb" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Flere fejl i forbindelse med -hukommelsessikkerhed, bufferoverløb, manglende rettighedskontroller, læsninger -uden for grænserne, anvendelse efter frigivelse samt andre implementeringsfejl -kunne føre til udførelse af vilkårlig kode, rettighedsforøgelse, udførelse af -skripter på tværs af websteder eller lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 24.5.0esr-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 24.5.0esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2918.data" diff --git a/danish/security/2014/dsa-2919.wml b/danish/security/2014/dsa-2919.wml deleted file mode 100644 index 24994628d97..00000000000 --- a/danish/security/2014/dsa-2919.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="d71e88824191eeb3540c4def5b7bf8b1d01bd839" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere til den nye opstrømsversion 5.5.37. Se MySQL 5.5 Release Notes -og Oracles Critical Patch Update-bulletin for flere oplysninger:

- - - -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.5.37-0+wheezy1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 5.5.37-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.5.37-1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2919.data" diff --git a/danish/security/2014/dsa-2920.wml b/danish/security/2014/dsa-2920.wml deleted file mode 100644 index 6228cede807..00000000000 --- a/danish/security/2014/dsa-2920.wml +++ /dev/null @@ -1,56 +0,0 @@ -#use wml::debian::translation-check translation="8ffa5318df7225e78295a28cb43c0cbad194f416" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2014-1730 - -

    Et typeforvirringsproblem blev opdaget i JavaScript-biblioteket - v8.

    • - -
  • CVE-2014-1731 - -

    John Butler opdagede et typeforvirringsproblem i implementeringen af - WebKits/Blinks dokumentopbjektmodel.

    • - -
  • CVE-2014-1732 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - funktionen til talegenkendelse.

    • - -
  • CVE-2014-1733 - -

    Jed Davis opdagede en måde at omgå seccomp-bpf's sandkasse.

    • - -
  • CVE-2014-1734 - -

    Google Chrome-udviklingsholdet opdagede og rettede flere problemer med - potentiel sikkerhedspåvirkning.

    • - -
  • CVE-2014-1735 - -

    Google Chrome-udviklingsholdet opdagede og rettede flere problemer i - version 3.24.35.33 af JavaScript-biblioteket v8.

    • - -
  • CVE-2014-1736 - -

    SkyLined opdagede et heltalsoverløbsproblem i JavaScript-biblioteket - v8.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 34.0.1847.132-1~deb7u1.

- -

I distributionen testing (jessie), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 34.0.1847.132-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2920.data" diff --git a/danish/security/2014/dsa-2921.wml b/danish/security/2014/dsa-2921.wml deleted file mode 100644 index cad1c1ae88c..00000000000 --- a/danish/security/2014/dsa-2921.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="30bc9cbd06621fb0efd2f0dc5e7678f5fc455b79" mindelta="1" -sikkerhedsopdatering - -

Michael Niedermayer opdagede en sårbarhed i xbuffy, et værktøj til visning af -beskedantallet i mailboks- og nyhedsgruppekonti.

- -

Ved at sende omhyggeligt fabrikerede beskeder til mail- eller newskonti, -overvåget af xbuffy, kunne en angriber udløse et stakbaseret bufferoverløb, -førende til at xbuffy gik ned eller fjernudførelse af kode.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 3.3.bl.3.dfsg-8+deb6u1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.3.bl.3.dfsg-8+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 3.3.bl.3.dfsg-9.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.3.bl.3.dfsg-9.

- -

Vi anbefaler at du opgraderer dine xbuffy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2921.data" diff --git a/danish/security/2014/dsa-2922.wml b/danish/security/2014/dsa-2922.wml deleted file mode 100644 index 33c071c60af..00000000000 --- a/danish/security/2014/dsa-2922.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="1268bac61f8acd4530d08f69e50de11b59b453f5" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed er fundet i fortolkeren af ASN.1 i strongSwan, en -IKE-/IPsec-programsamling, som anvendes til at etablere IPsec-beskyttede -links.

- -

Ved at sende en fabrikeret ID_DER_ASN1_DN ID-payload til en sårbar pluto- -eller charon-dæmon, kunne en ondsindet fjernbruger fremprovokere en -nullpointerdereference i dæmonen, som fortolker identiteten, førende til et -nedbrud eller et lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 4.4.1-5.6.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 4.5.2-1.5+deb7u4.

- -

I distributionen testing (jessie), er dette problem rettet i -version 5.1.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.1.2-1.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2922.data" diff --git a/danish/security/2014/dsa-2923.wml b/danish/security/2014/dsa-2923.wml deleted file mode 100644 index a778c5beb8e..00000000000 --- a/danish/security/2014/dsa-2923.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="846ab8f4211469307bedb1a97ca0563cab82678f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udførelse af vilkårlig kode, udbrud fra -Java-sandkassen, informationsafsløring eller lammelsesangreb (denial of -service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 7u55-2.4.7-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7u55-2.4.7-1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2923.data" diff --git a/danish/security/2014/dsa-2924.wml b/danish/security/2014/dsa-2924.wml deleted file mode 100644 index 01daadb4173..00000000000 --- a/danish/security/2014/dsa-2924.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="d78e5d0c0fd42df9826c0145373670c20b7b94fb" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet iIcedove, Debians udgave af mail- og -newsklienten Mozilla Thunderbird: Flere hukommelsessikkerhedsfejl, -bufferoverløb, manglende rettighedskontroller, læsninger uden for grænserne, -anvendelse efter frigivelse samt andre implementeringsfejl kunne føre til -udførelse af vilkårlig kode, rettighedsforøgelse, udførelse af skripter på tværs -af websteder eller lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 24.5.0-1~deb7u1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 24.5.0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 24.5.0-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2924.data" diff --git a/danish/security/2014/dsa-2925.wml b/danish/security/2014/dsa-2925.wml deleted file mode 100644 index bf7cfcf4ad2..00000000000 --- a/danish/security/2014/dsa-2925.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="c41f11f69dd0cba4e843d830db5282725001a659" mindelta="1" -sikkerhedsopdatering - -

Phillip Hallam-Baker opdagede at der kunne forespørges på vinduers -egenskabsværdier i rxvt-unicode, hvilket potentielt kunne føre til udførelse af -vilkårlige kommandoer.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 9.07-2+deb6u1.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 9.15-2+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 9.20-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 9.20-1.

- -

Vi anbefaler at du opgraderer dine rxvt-unicode-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2925.data" diff --git a/danish/security/2014/dsa-2926.wml b/danish/security/2014/dsa-2926.wml deleted file mode 100644 index c506b4d90c4..00000000000 --- a/danish/security/2014/dsa-2926.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="7b73bdce7bc1cb792cbf305e8951c771d2bf6b01" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til et -lammelsesangreb (denial of service), informationslækager eller -rettighedsforøgelse:

- -
    - -
  • CVE-2014-0196 - -

    Jiri Slaby opdagede en kapløbstilstand i pty-laget, hvilket kunne føre - til lammelsesangreb eller rettighedsforøgelse.

    • - -
  • CVE-2014-1737 / - CVE-2014-1738 - -

    Matthew Daley opdagede at manglende fornuftighedskontrol af inddata i - ioctl'en FDRAWCMD og en informationslækage kunne føre til - rettighedsforøgelse.

    • - -
  • CVE-2014-2851 - -

    Ukorrekt referenceoptælling i funktionen ping_init_sock() muliggjorde et - lammelsesangreb eller rettighedsforøgelse.

    • - -
  • CVE-2014-3122 - -

    Ukorrekt låsning af hukommelse kunne medføre et lokalt - lammelsesangreb.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i version -3.2.57-3+deb7u1. Opdateringen retter også en regression i isci-driveren samt -suspend-problemer med visse AMD CPU'er (opstået i den opdaterede kerne fra -Wheezy 7.5-punktopdateringen).

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2926.data" diff --git a/danish/security/2014/dsa-2927.wml b/danish/security/2014/dsa-2927.wml deleted file mode 100644 index 81fb8882534..00000000000 --- a/danish/security/2014/dsa-2927.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="cb796037bf3028c075b1b1d4e737893d43c775bf" mindelta="1" -sikkerhedsopdatering - -

Ilja van Sprundel fra IOActive opdagede flere sikkerhedsproblemer i X.Org's -libXfont-bibliotek, hvilke kunne gøre det muligt for en lokal, autentificeret -bruger at forsøge at forøge sine rettigheder, eller for en fjernangriber, der -kan kontrollere fontserveren, at forsøge at udføre kode med X-serverens -rettigheder.

- -
    - -
  • CVE-2014-0209 - -

    Heltalsoverløb ved allokeringer i fortolkningen af fontmetadatafil, kunne - gøre det muligt for en lokal bruger, der allerede er autentificeret mod - X-serveren, at overskrive anden heaphukommelse.

    • - -
  • CVE-2014-0210 - -

    libxfont validerede ikke længdefelter, når der blev fortolket svar fra - xfs-protokollen, hvilket gjorde det muligt at skrive ud over grænserne for - allokeret hukommelse, når data modtaget fra fontserveren blev gemt.

    • - -
  • CVE-2014-0211 - -

    Heltalsoverløb ved beregning af hukommelsesbehov til xfs-svar kunne - medføre allokering af for lidt hukommelse, og dernæst kunne de modtagne data - fra fontserveren blive skrevet ud over slutningen af den allokerede - buffer.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1:1.4.1-5.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1:1.4.5-4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:1.4.7-2.

- -

Vi anbefaler at du opgraderer dine libxfont-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2927.data" diff --git a/danish/security/2014/dsa-2928.wml b/danish/security/2014/dsa-2928.wml deleted file mode 100644 index 53bdec91ee5..00000000000 --- a/danish/security/2014/dsa-2928.wml +++ /dev/null @@ -1,56 +0,0 @@ -#use wml::debian::translation-check translation="5c536ea6a0bbbbd675c12205244aa35a4c01567e" mindelta="1" -rettighedsforøgelse/lammelsesangreb/informationslækage - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til et -lammelsesangreb (denial of service), informationslækage eller -rettighedsforøgelse. Projektet Common Vulnerabilities and Exposures har -registreret følgende problems:

- -
    - -
  • CVE-2014-0196 - -

    Jiri Slaby opdagede en kapløbstilstand i pty-laget, hvilket kunne føre - til et lammelsesangreb eller rettighedsforøgelse.

    • - -
  • CVE-2014-1737 - CVE-2014-1738 - -

    Matthew Daley opdagede en informationslækage og manglende - fornuftighedskontrol af inddata i ioctl'en FDRAWCMD i floppy-driveren. Det - kunne medføre en rettighedsforøgelse.

    • - -
- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.6.32-48squeeze6.

- -

Følgende matriks opremser yderligere kildekodepakker, der blev genopbygget -af hensyn til kompabilitet eller for at kunne drage nytte af opdateringen:

- -
- - - - - - - - - -
 Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+48squeeze6
-
- -

Vi anbefaler at du opgraderer dine linux-2.6- og user-mode-linux-pakker. - -

Bemærk: Debian holder omhyggeligt rede på alle kendte -sikkerhedsproblemer på tværs af alle linux-kerne-pakker i alle udgivelser med -aktiv sikkerhedsunderstøttelse. Men den store mængde sikkerhedsproblemer af lav -prioritet, der opdages i kernen og ressourcekravene til at foretage en -opdatering, taget i betragtning, vil problemer af lavere sikkerhedsprioritet -typisk ikke blive udgivet til alle kerner på samme tid. I stedet vil de blive -opsamlet og udgivet i større klumper.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2928.data" diff --git a/danish/security/2014/dsa-2929.wml b/danish/security/2014/dsa-2929.wml deleted file mode 100644 index 5bec0930ba8..00000000000 --- a/danish/security/2014/dsa-2929.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="85c9e8b04765ab7b93a91c6c358500fcf3b37cdc" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Action Pack, en komponent hørende til Ruby -on Rails.

- -
    - -
  • CVE-2014-0081 - -

    actionview/lib/action_view/helpers/number_helper.rb indeholdt flere - sårbarheder i forbindelse med udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2014-0082 - -

    actionpack/lib/action_view/template/text.rb udførte symbolinterning på - MIME-typestrenge, hvilket muliggjorde fjernudført lammelsesangreb (denial of - service) ved hjælp af forøget hukommelsesforbrug.

    • - -
  • CVE-2014-0130 - -

    En mappegennemløbssårbarhed i actionpack/lib/abstract_controller/base.rb - gjorde det muligt for fjernangribere at læse vilkårlige filer.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.2.6-6+deb7u2.

- -

Vi anbefaler at du opgraderer dine ruby-actionpack-3.2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2929.data" diff --git a/danish/security/2014/dsa-2930.wml b/danish/security/2014/dsa-2930.wml deleted file mode 100644 index 865bdebadda..00000000000 --- a/danish/security/2014/dsa-2930.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="d62cf605bb517ebc60466c6d05b9e4f16bd7f77c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2014-1740 - -

    Collin Payne opdagede et problem med anvendelse efter frigivelse i - chromiums implementering af WebSockets.

    • - -
  • CVE-2014-1741 - -

    John Butler opdagede flere problemer med heltalsoverløb i - implementeringen af Blink/Webkit-dokumentobjektmodellen.

    • - -
  • CVE-2014-1742 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - tekstredigeringsfunktionen i Blink/Webkit.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 34.0.1847.137-1~deb7u1.

- -

I distributionen testing (jessie), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 34.0.1847.137-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2930.data" diff --git a/danish/security/2014/dsa-2931.wml b/danish/security/2014/dsa-2931.wml deleted file mode 100644 index fbfcd09e38e..00000000000 --- a/danish/security/2014/dsa-2931.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="893370cb8f261fd42cb991e657fd376a70de73a9" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ukorrekt hukommelseshåndtering i OpenSSL's funktion -do_ssl3_write(), kunne medføre lammelsesangreb (denial of service).

- -

Den gamle stabile distribution (squeeze) er ikke påvirket.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.0.1e-2+deb7u9.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1.0.1g-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.0.1g-4.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2931.data" diff --git a/danish/security/2014/dsa-2932.wml b/danish/security/2014/dsa-2932.wml deleted file mode 100644 index 1a15fa0cdd9..00000000000 --- a/danish/security/2014/dsa-2932.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="515ec59207bb1d71ed67796c2d94f86ee38d7de9" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu, en hurtig processoremulator.

- -
    - -
  • CVE-2013-4344 - -

    Et bufferoverløb i SCSI-implementeringen i QEMU; når en SCSI-controller - har flere end 256 tilsluttede enheder, var det muligt for lokale brugere at - opnå forøgede rettigheder ved hjælp af en lille overførselsbuffer i en - REPORT LUNS-kommando.

    • - -
  • CVE-2014-2894 - -

    En forskudt med én-fejl i funktionen cmd_smart smart-selvtesten i - hw/ide/core.c i QEMU, gjorde det muligt for lokale brugere at have - ikke-angivet indvirkning ved hjælp af en SMART EXECUTE OFFLINE-kommando, som - udløste et bufferunderløb og hukommelseskorruption.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.1.2+dfsg-6a+deb7u3.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 2.0.0+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.0.0+dfsg-1.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2932.data" diff --git a/danish/security/2014/dsa-2933.wml b/danish/security/2014/dsa-2933.wml deleted file mode 100644 index 7221c551f23..00000000000 --- a/danish/security/2014/dsa-2933.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="2f14178d29c52f7e447da350f46201c1a92db717" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu-kvm, en komplet -virtualiseringsløsning på x86-hardware.

- -
    - -
  • CVE-2013-4344 - -

    Et bufferoverløb i SCSI-implementeringen i QEMU; når en SCSI-controller - har flere end 256 tilsluttede enheder, var det muligt for lokale brugere at - opnå forøgede rettigheder ved hjælp af en lille overførselsbuffer i en - REPORT LUNS-kommando.

    • - -
  • CVE-2014-2894 - -

    En forskudt med én-fejl i funktionen cmd_smart smart-selvtesten i - hw/ide/core.c i QEMU, gjorde det muligt for lokale brugere at have - ikke-angivet indvirkning ved hjælp af en SMART EXECUTE OFFLINE-kommando, som - udløste et bufferunderløb og hukommelseskorruption.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.1.2+dfsg-6+deb7u3.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2933.data" diff --git a/danish/security/2014/dsa-2934.wml b/danish/security/2014/dsa-2934.wml deleted file mode 100644 index e68316db050..00000000000 --- a/danish/security/2014/dsa-2934.wml +++ /dev/null @@ -1,63 +0,0 @@ -#use wml::debian::translation-check translation="c42b2a9a03df6ff47391c1ee90b29a4cd5dc4427" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Django, et webudviklingsframework på højt -niveau til Python. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2014-0472 - -

    Benjamin Bach opdagede at Django på ukorrekt vis håndterede dottede - Python-stier, når URL-resolverfunktionen reverse() blev benyttet. En - angriber med mulighed for at forespørge efter et særligt fremstillet view - fra en Django-applikation, kunne udnytte problemer til at forårsage, at - Django importerede vilkårlige moduler fra Python-stien, muligvis medførende - kodeudførelse.

    • - -
  • CVE-2014-0473 - -

    Paul McMillan opdagede at Django på ukorrekt vis cachede visse sider, som - indeholder CSRF-cookies. En fjernangriber kunne udnytte denne fejl til at - få fat i en anden brugers CSRF-token, og omgå tilsigtet CSRF-bekyttelse i en - Django-applikation.

    • - -
  • CVE-2014-0474 - -

    Michael Koziarski opdagede at visse Django-modelfeltklasser ikke på - korrekt vis udførte typekonvertering på deres parametre, hvilket gjorde det - muligt for fjernangribere at få adgang til uventede resultater.

    • - -
  • CVE-2014-1418 - -

    Michael Nelson, Natalia Bidart og James Westby opdagede at cachede data i - Django kunne blive serveret for en anden session, eller til en bruger helt - uden en session. En angriber kunne måske udnytte det til at hente private - date eller forgifte cacher.

    • - -
  • CVE-2014-3730 - -

    Peter Kuma og Gavin Wahl opdagede at Django på ukorrekt vis validerede - visse misdannede URL'er fra brugerinddata. En angriber kunne måske udnytte - det til at forårsage uventede viderestillinger.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.2.3-3+squeeze10.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.4.5-1+deb7u7.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 1.6.5-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.6.5-1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2934.data" diff --git a/danish/security/2014/dsa-2935.wml b/danish/security/2014/dsa-2935.wml deleted file mode 100644 index 0b5f76e26d7..00000000000 --- a/danish/security/2014/dsa-2935.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="cdbf3a3ed3cca02a32f0e4c0df75a1b0467673a4" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at misdannede var fra en Gadu-Gadu-filrelayserver, kunne fære -til lammelsesangreb (denial of service) eller udførelse af vilkårlig kode i -applikationer, som linket til libgadu-biblioteket.

- -

Den gamle stabile distribution (squeeze) er ikke påvirket.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.11.2-1+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.12.0~rc3-1.

- -

Vi anbefaler at du opgraderer dine libgadu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2935.data" diff --git a/danish/security/2014/dsa-2936.wml b/danish/security/2014/dsa-2936.wml deleted file mode 100644 index 52204fdd3e6..00000000000 --- a/danish/security/2014/dsa-2936.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="fceea15f1be0b3d68cfd911283a211b7867d087c" mindelta="1" -sikkerhedsopdatering - -

John Fitzpatrick fra MWR Labs rapporterede om en stakbaseret -bufferoverløbssårbarhed i torque, et PBS-afledt køsystem til batchafvikling. -En uautentificeret fjernangriber kunne udnytte fejlen til at udføre vilkårlig -kode med root-rettigheder.

- -

I den gamle stabile distribution (squeeze), er dette problem rettet i -version 2.4.8+dfsg-9squeeze4.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.4.16+dfsg-1+deb7u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.16+dfsg-1.4.

- -

Vi anbefaler at du opgraderer dine torque-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2936.data" diff --git a/danish/security/2014/dsa-2937.wml b/danish/security/2014/dsa-2937.wml deleted file mode 100644 index be4bcad79b8..00000000000 --- a/danish/security/2014/dsa-2937.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="724a9cabb3855272825cbdee4a5208fc08f1611b" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer er fundet i Pythons WSGI-adaptermodul til Apache:

- -
    - -
  • CVE-2014-0240 - -

    Robert Kisteleki opdagede en potentiel rettighedsforøgelse i - dæmontilstand. Det er ikke udnytbart med kernen, der anvendes i Debian - 7.0/wheezy.

    • - -
  • CVE-2014-0242 - -

    Buck Golemon opdagede at ukorrekt hukommelseshåndtering kunne føre til - informationsafsløring under behandling af Content-Type-headere.

    • - -
- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 3.3-2+deb6u1.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.3-4+deb7u1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 3.5-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.5-1.

- -

Vi anbefaler at du opgraderer dine mod-wsgi-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2937.data" diff --git a/danish/security/2014/dsa-2938.wml b/danish/security/2014/dsa-2938.wml deleted file mode 100644 index bfa2d30f579..00000000000 --- a/danish/security/2014/dsa-2938.wml +++ /dev/null @@ -1,80 +0,0 @@ -#use wml::debian::translation-check translation="40fd790b1ec0c5522b743cdbbdcbe11e4b771856" mindelta="1" -Tilgængelighed af LTS-understøttelse af Debian 6.0 / squeeze - -

Den indledende organisering og opsætning af Squeeze LTS er nu gennemført og -er klar til at overtage sikkerhedsunderstøttelsen, når den standardmæssige -sikkerhedsunderstøttelse ophører ved månedens udgang:

- - - -

Oplysninger til brugerne

- -

Understøttelse af Squeeze LTS ophører fem år efter udgivelsen af Squeeze, -dvs. den varer indtil den 6. februar 2016.

- -

Man er nødt til manuelt at aktivere apt-kilder til squeeze-lts. -Oplysninger om hvordan det gøres, finder man på -

- -

Man bør desuden tegne abonnement på den nye annonceringspostliste vedrørende -sikkerhedsopdateringer til squeeze-lts: -

- -

Nogle få pakker er ikke dækket af Squeeze LTS-understøttelsen. De kan findes -med det nye værktøj debian-security-support. Oplysninger om hvordan -det benyttes, findes her: -

- -

Hvis debian-security-support finder en pakke, som ikke er -understøttet, og som man anser for kritisk, så kontakt på engelsk -debian-lts@lists.debian.org -(se nedenfor).

- -

squeeze-backports vil fortsat blive understøttet i Squeeze LTS' -levetid.

- - - -

Oplysninger til Debian-vedligeholdere

- -

Først og fremmest forventes Debians pakkevedligeholdere ikke at arbejde på -opdateringer af deres pakker til squeeze-lts. Pakkeopdateringer til -squeeze-lts vil blive håndteret af Debian LTS-holdet.

- -

Hvis man dog er interesseret i at stå for det (da vedligeholderen jo -altid ved bedst angående sine pakker), er man sandelig velkommen til det; alle i -Debian.org og Debian-vedligeholdernøgleringene kan uploade til -squeeze-lts-suiten. Oplysninger om hvordan man uploader en rettet pakke, -finder man på -

- - - -

Postlister

- -

Hele koordineringen af arbejdet med Debian LTS håndteres gennem postlisten -debian-lts:

- -

Vær venlig at tegne abonnement eller følg os via -(gmane.linux.debian.devel.lts)

- -

Ud over listen debian-lts-announce, er der også en liste hvor man kan -følge alle uploads til debian-lts: -

- - - -

Security Tracker

- -

Alle oplysninger om status på sårbarheder (fx hvis versionen i -squeeze-lts viser sig at være upåvirket, mens wheezy er påvirket) -spores i Debians Debians Security Tracker:

- -

- -

Hvis man bliver opmærksom på fejl i dataene, så se -

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2938.data" diff --git a/danish/security/2014/dsa-2939.wml b/danish/security/2014/dsa-2939.wml deleted file mode 100644 index d73e4a7e8ca..00000000000 --- a/danish/security/2014/dsa-2939.wml +++ /dev/null @@ -1,62 +0,0 @@ -#use wml::debian::translation-check translation="57fa341e0d54914dde40462e32c2cee074b7623f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2014-1743 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - implemteringen af dokumentobjektmodellen hørende til Blink/Webkit.

    • - -
  • CVE-2014-1744 - -

    Aaron Staple opdagede et heltalsoverløbsproblem i håndtering af - lydinddata.

    • - -
  • CVE-2014-1745 - -

    Atte Kettunen opdagede et problem med anvendelse efter frigivelse i - implementeringen af skalerbar vektorgrafik hørende til - Blink/Webkit.

    • - -
  • CVE-2014-1746 - -

    Holger Fuhrmannek opdagede et problem med læsningn uden for grænserne i - implementeringen af URL-protokollen til håndtering af medier.

    • - -
  • CVE-2014-1747 - -

    packagesu opdagede et problem med udførelse af skripter på tværs af - websteder, som involverede misdanede MHTML-filer.

    • - -
  • CVE-2014-1748 - -

    Jordan Milne opdagede et spoofingproblem med brugergrænsefladen.

    • - -
  • CVE-2014-1749 - -

    Google Chrome-udviklingsholdet opdagede og rettede flere problemer, som - potentielt har sikkerhedspåvirkning.

    • - -
  • CVE-2014-3152 - -

    En problem med heltalsunderløb blev opdaget i JavaScript-biblioteket - v8.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 35.0.1916.114-1~deb7u2.

- -

I distributionen testing (jessie), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 35.0.1916.114-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2939.data" diff --git a/danish/security/2014/dsa-2940.wml b/danish/security/2014/dsa-2940.wml deleted file mode 100644 index b3022a2b7f7..00000000000 --- a/danish/security/2014/dsa-2940.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="619c722415d54b21d9a8785427f654eca0b29aee" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at manglende adgangskontroller i Struts' ActionForm-objekt kunne -medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.9-5+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2.9-9.

- -

Vi anbefaler at du opgraderer dine libstruts1.2-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2940.data" diff --git a/danish/security/2014/dsa-2941.wml b/danish/security/2014/dsa-2941.wml deleted file mode 100644 index 13f1a4cb419..00000000000 --- a/danish/security/2014/dsa-2941.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c6626648f9ec5ca3dd577e95ec3e1735b4f841bd" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at funktionen clean_html() i lxml (pythonske bindinger til -bibliotekerne libxml2 og libxslt) udførte utilstrækkelig fornuftighedskontrol -vedrørende nogle ikke-skrivbare tegn. Det kunne føre til udførelse af skripter -på tværs af websteder.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.3.2-1+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 3.3.5-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.3.5-1.

- -

Vi anbefaler at du opgraderer dine lxml-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2941.data" diff --git a/danish/security/2014/dsa-2942.wml b/danish/security/2014/dsa-2942.wml deleted file mode 100644 index cfce0094232..00000000000 --- a/danish/security/2014/dsa-2942.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="369e987027dbb08ef5afa7ee048411b1958be0bb" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er opdaget i Typo3 CMS'en. Flere oplysninger -finder man i opstrømsbulletinen: -\ -http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 4.5.19+dfsg1-5+wheezy3.

- -

I distributionen testing (jessie), er dette problem rettet i -version 4.5.34+dfsg1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.5.34+dfsg1-1.

- -

Vi anbefaler at du opgraderer dine typo3-src-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2942.data" diff --git a/danish/security/2014/dsa-2943.wml b/danish/security/2014/dsa-2943.wml deleted file mode 100644 index 1091c611f2b..00000000000 --- a/danish/security/2014/dsa-2943.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="2df13a8821c107f651b743e3c0d2b08d994eef36" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et skriptsprog til generel anvendelse, -som almindeligvis anvendes til webapplikationsudvikling:

- -
    - -
  • CVE-2014-0185 - -

    PHP FPM's standardsocketrettighed er ændret fra 0666 til 0660, for at - modvirke en sikkerhedssårbarhed - (\ - CVE-2014-0185) i PHP FPM, som gjorde det muligt for enhver lokal bruger, - at køre PHP-kode som FPM-processens aktive bruger, ved hjælp af en - fabrikeret FastCGI-klient.

    - -

    Debians standardopsætning opsætter nu korrekt listen.owner og - listen.group til www-data:www-data i standard php-fpm.conf'en. Hvis man har - flere FPM-instanser eller en webserver som ikke kører under brugeren - www-data, skal man ændre sin opsætning af FPM-pools i /etc/php5/fpm/pool.d/, - så processen har de korrekte rettigheder til at tilgå socket'en.

    • - -
  • CVE-2014-0237 / - CVE-2014-0238 - -

    Lammelsesangreb (denial of service) i CDF-fortolkeren i - fileinfo-modulet.

    • - -
  • CVE-2014-2270 - -

    Lammelsesangreb i fileinfo-modulet.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.4.4-14+deb7u10.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2943.data" diff --git a/danish/security/2014/dsa-2944.wml b/danish/security/2014/dsa-2944.wml deleted file mode 100644 index 8e059b87793..00000000000 --- a/danish/security/2014/dsa-2944.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="8e049d6205dea058510f0647a20a4626c8ee87e5" mindelta="1" -sikkerhedsopdatering - -

Joonas Kuorilehto opdagede at GNU TLS udførte utilstrækkelig validering af -sessions-id'er under TLS/SSL-handshakes. En ondsindet server kunne anvende det -til at udføre vilkårlig kode eller iværksætte lammelsesangreb (denial of -service).

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.12.20-8+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.12.23-16.

- -

Vi anbefaler at du opgraderer dine gnutls26-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2944.data" diff --git a/danish/security/2014/dsa-2945.wml b/danish/security/2014/dsa-2945.wml deleted file mode 100644 index b1a3b688a6d..00000000000 --- a/danish/security/2014/dsa-2945.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="ed18ccc64b2a8f343569c8da7dc1d2bf66019e5a" mindelta="1" -sikkerhedsopdatering - -

Thomas Stangner opdagede en sårbarhed i chkrootkit, en rootkitdetektor, -hvilket gjorde det muligt for lokale angribere, at opnå rootadgang når /tmp er -mountet uden noexec-valgmuligheden.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.49-4.1+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.49-5.

- -

Vi anbefaler at du opgraderer dine chkrootkit-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2945.data" diff --git a/danish/security/2014/dsa-2946.wml b/danish/security/2014/dsa-2946.wml deleted file mode 100644 index 35c6de189d6..00000000000 --- a/danish/security/2014/dsa-2946.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="53377ec39838df9ac3845c6c23084f2f4897cf82" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Python-wrapperen til Gnu Privacy Guard -(GPG). Utilstrækkelig fornuftighedskontrol kunne føre til udførelse af -vilkårlige shell-komandoer.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.3.6-1~deb7u1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 0.3.6-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.3.6-1.

- -

Vi anbefaler at du opgraderer dine python-gnupg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2946.data" diff --git a/danish/security/2014/dsa-2947.wml b/danish/security/2014/dsa-2947.wml deleted file mode 100644 index bd9feacd692..00000000000 --- a/danish/security/2014/dsa-2947.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="97fea40de048337fb307557d44bfa1db7ec5fa56" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er rettet i flere demuxere og dekodere i -multimediebiblioteket libav. En komplet liste over ændringerne findes i -\ -http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.12

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.8.12-1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 6:10.1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 6:10.1-1.

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2947.data" diff --git a/danish/security/2014/dsa-2948.wml b/danish/security/2014/dsa-2948.wml deleted file mode 100644 index 7fce984a452..00000000000 --- a/danish/security/2014/dsa-2948.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="fc2080444504f740aebbd9eb015343b9293f68f2" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Bottle, et WSGI-framework til Python, udførte en for -eftergivende genkendelse af JSON-indhold, potentielt medførende omgåelse af -sikkerhedsmekanismer.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.10.11-1+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 0.12.6-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.12.6-1.

- -

Vi anbefaler at du opgraderer dine python-bottle-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2948.data" diff --git a/danish/security/2014/dsa-2949.wml b/danish/security/2014/dsa-2949.wml deleted file mode 100644 index 4197ca49970..00000000000 --- a/danish/security/2014/dsa-2949.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="8b154d1c2f8168f06145bc498fbb34c7ee942a2c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til et -lammelsesangreb (denial of service) eller rettighedsforøgelse:

- -
    - -
  • CVE-2014-3144 / - CVE-2014-3145 - -

    En lokal bruger kunne forårsage et lammelsesangreb (systemnedbrud) via - fabrikerede BPF-instruktioner.

    • - -
  • CVE-2014-3153 - -

    Pinkie Pie opdagede et problem i futex-undersystemet, som gjorde det - muligt for en lokal bruger, at få kontrol over ring 0 via - futex-systemkaldet. En upriviligeret bruger kunne udnytte fejlen til at få - kernen til at gå ned(medførende lammelsesangreb) eller til - rettighedsforøgelse.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.2.57-3+deb7u2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2949.data" diff --git a/danish/security/2014/dsa-2950.wml b/danish/security/2014/dsa-2950.wml deleted file mode 100644 index 02dcaaf489b..00000000000 --- a/danish/security/2014/dsa-2950.wml +++ /dev/null @@ -1,51 +0,0 @@ -#use wml::debian::translation-check translation="e012477fbf8f0342a7294ce1d09a99bcdb4221cb" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenSSL:

- -
    - -
  • CVE-2014-0195 - -

    Jueri Aedla opdagede at et bufferoverløb i behandlingen af - DTLS-fragmenter kunne føre til udførelse af vilkårlig kode eller - lammelsesangreb (denial of service).

    • - -
  • CVE-2014-0221 - -

    Imre Rad opdagede at behandling af DTLS-hallopakker var sårbar over for - et lammelsesangreb.

    • - -
  • CVE-2014-0224 - -

    KIKUCHI Masashi opdagde at omhyggeligt fremstillede handshakes - kunne gennemtvinge brugen af svage nøgler, medførende potentielle manden i - midten-angreb.

    • - -
  • CVE-2014-3470 - -

    Felix Groebert og Ivan Fratric opdagede at implementeringen af anonyme - ECDH-ciphersuites var sårbar over for lammelsesangreb.

    • - -
- -

Yderligere oplysninger findes i -\ -http://www.openssl.org/news/secadv_20140605.txt

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.0.1e-2+deb7u10. Alle applikationer, som er linket til openssl, skal -genstartes. Man kan anvende værktøjet checkrestart fra pakken debian-goodies, -til at finde påvirkede programmer eller genstarte systemet. Senere på dagen er -der også en kommende sikkerhedsopdatering til Linux-kernen -(\ -CVE-2014-3153), så der skal under alle omstændigheder genstartes. Perfekt -timing, ikk'?

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2950.data" diff --git a/danish/security/2014/dsa-2951.wml b/danish/security/2014/dsa-2951.wml deleted file mode 100644 index 6eec684a763..00000000000 --- a/danish/security/2014/dsa-2951.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="cb00833d9b85e635a610526fb174adde3da39f57" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at et bufferoverløb i MuPDF-fremviseren kunne føre til udførelse -af vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.9-2+deb7u2.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1.3-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3-2.

- -

Vi anbefaler at du opgraderer dine mupdf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2951.data" diff --git a/danish/security/2014/dsa-2952.wml b/danish/security/2014/dsa-2952.wml deleted file mode 100644 index 7330a8ef411..00000000000 --- a/danish/security/2014/dsa-2952.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="004a84d902374524395e3cda3dbb3f5ceab004d8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i FreeBSD-kernen, hvilke kunne føre til et -lammelsesangreb (denial of service) eller muligvis blotlæggelse af -kernehukommelse. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2014-1453 - -

    En fjern, autentificeret angriber kunne forårsage at NFS-serveren kom i - en deadlock, medførende et lammelsesangreb.

    • - -
  • CVE-2014-3000: - -

    En angriber, der kan sende en serie særligt fremstillede pakker ved hjælp - af en forbindelse, kunne forårsage en lammelsesangrebssituation, ved at få - kernen til at gå ned.

    - -

    Desuden, på grund af den udefinerede stakhukommelse kunne blive - overskrevet af andre kernetråde, kunne det med noget besvær være muligt for - en angriber omhyggeligt at konstruere et angreb med det formål at få adgang - til en del af kernehukommelsen via en forbundet socket. Det kunne medføre - blotlæggelse af følsomme oplysninger, så som loginoplysninger, osv., før, - eller endda uden, at systemet blev bragt til at gå ned.

    • - -
  • CVE-2014-3880 - -

    En lokal angriber kunne udløse et kernenedbrud (tredobbelt fault) med - potentielt datatab, i forbindelse med systemkaldene execve/fexecve. - Rapporteret af Ivo De Decker.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 9.0-10+deb70.7.

- -

I den ustabile distribution (sid) og i distributionen testing (jessie), er -disse problemer rettet i kfreebsd-10's version 10.0-6.

- -

Vi anbefaler at du opgraderer dine kfreebsd-9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2952.data" diff --git a/danish/security/2014/dsa-2953.wml b/danish/security/2014/dsa-2953.wml deleted file mode 100644 index fab9177466b..00000000000 --- a/danish/security/2014/dsa-2953.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="64f1bdd05970d2e3a6e32b4883f83cf8a5472d91" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i dpkg, hvilke gjorde det muligt at ændre -filer ved hjælp af mappegennemløb, ved udpakning af kildekodepakker med særligt -fremstillede patchfiler.

- -

Opdateringen var planlagt før ophøret af sikkerhedsunderstøttelse til den -gamle stabile distribution (squeeze), derfor sendes denne opdatering -undtagelsesvis via sikkerhedsarkivet. Der kan dog ikke forventes yderligere -opdateringer.

- -

I den gamle stabile distribution (squeeze), er disse problemer rettet i -version 1.15.11.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.16.15.

- -

I distributionen testing (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.17.10.

- -

Vi anbefaler at du opgraderer dine dpkg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2953.data" diff --git a/danish/security/2014/dsa-2954.wml b/danish/security/2014/dsa-2954.wml deleted file mode 100644 index 19364ba560b..00000000000 --- a/danish/security/2014/dsa-2954.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="0d62d72b836bed87ab94bc478cb8f5df35974856" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at mailserveren Dovecot var sårbar over for et lammelsesangreb -(denial of service) mod imap-/pop3-loginprocesserne på grund af ukorrekt -håndtering af lukning af inaktive SSL-/TLS-forbindelser.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:2.1.7-7+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1:2.2.13~rc1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:2.2.13~rc1-1.

- -

Vi anbefaler at du opgraderer dine dovecot-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2954.data" diff --git a/danish/security/2014/dsa-2955.wml b/danish/security/2014/dsa-2955.wml deleted file mode 100644 index 90e9a7a113a..00000000000 --- a/danish/security/2014/dsa-2955.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="d28d30249ad6868daa77a794070df9885c47ab53" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Flere hukommelsessikkerhedsfejl og bufferoverløb -kunne måske føre til udførelse af vilkårlig kode eller lammelsesangreb (denial -of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 24.6.0esr-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 30.0-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2955.data" diff --git a/danish/security/2014/dsa-2956.wml b/danish/security/2014/dsa-2956.wml deleted file mode 100644 index 3dbd9bcaa5c..00000000000 --- a/danish/security/2014/dsa-2956.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="a792fe3e62ccf918314baab7b2351032fb8d4172" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i overvågningssystemet til hosts og -netværk, Icinga (bufferoverløb, forespørgselsforfalskning på tværs af websteder, -forskydninger med en), hvilke kunne føre til udførelse af vilkårlig kode, -lammelsesangreb (denial of service) eller sessionskapring.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.7.1-7.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 1.11.0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.11.0-1.

- -

Vi anbefaler at du opgraderer dine icinga-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2956.data" diff --git a/danish/security/2014/dsa-2957.wml b/danish/security/2014/dsa-2957.wml deleted file mode 100644 index 1e557ed17f7..00000000000 --- a/danish/security/2014/dsa-2957.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="5f7f04fa25d4ebc5b992a7d7e58b3d9cbc52d84f" mindelta="1" -sikkerhedsopdatering - -

Omer Iqbal opdagede at Mediawiki, en wikimotor, fortolkende ugyldige -brugernavne på Special:PasswordReset som wikitekst når $wgRawHtml er aktiveret. -På sådanne wikier, var det dermed muligt for en uautoriseret angriber at -indsætte ondsindet JavaScript, et angreb i forbindelse med udførelse af skripter -på tværs af servere.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:1.19.16+dfsg-0+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.19.16+dfsg-1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2957.data" diff --git a/danish/security/2014/dsa-2958.wml b/danish/security/2014/dsa-2958.wml deleted file mode 100644 index 9e1881bd7e1..00000000000 --- a/danish/security/2014/dsa-2958.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e2b8ec27908c79328c03337d2c589f1e9072b418" mindelta="1" -sikkerhedsopdatering - -

Jakub Wilk opdagede at APT, et pakkehåndteringsprogram på højt niveau, ikke -på korrekt vis udførte autentifikationskontroller vedrørende kildekodepakker -downloadet ved hjælp af apt-get source. Det påvirker kun -anvendelsessituationer, hvor kildekodepakker downloades med denne kommando; det -påvirker ikke den almindelige installering af og opgradering af -Debian-pakker.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.9.7.9+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.0.4.

- -

Vi anbefaler at du opgraderer dine apt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2958.data" diff --git a/danish/security/2014/dsa-2959.wml b/danish/security/2014/dsa-2959.wml deleted file mode 100644 index cc7053793e7..00000000000 --- a/danish/security/2014/dsa-2959.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="9c6f4c2c69890af6c662d432d2e1bd14e7de10bb" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2014-3154 - -

    Collin Payne opdagede et problem med anvendelse efter frigivelse i - filsystem-API'et.

    • - -
  • CVE-2014-3155 - -

    James March, Daniel Sommermann og Alan Frindell opdagede flere problemer - med læsning uden for grænserne i implementeringen af - SPDY-protokollen.

    • - -
  • CVE-2014-3156 - -

    Atte Kettunen opdagede et bufferoverløbsproblem i bitmaphåndteringen i - implementeringen af klippebordet.

    • - -
  • CVE-2014-3157 - -

    Et heapbaseret bufferoverløbsproblem blev opdaget i chromiums - ffmpeg-mediafilter.

    • - -
- -

Desuden rettes i denne version en regression fra den foregående opdatering. -Understøttelse af ældre i386-processorerer blev droppet, men er nu blevet -genindført.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 35.0.1916.153-1~deb7u1.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), er -disse problemer rettet i version 35.0.1916.153-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2959.data" diff --git a/danish/security/2014/dsa-2960.wml b/danish/security/2014/dsa-2960.wml deleted file mode 100644 index 45c8bfa2bad..00000000000 --- a/danish/security/2014/dsa-2960.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="b819ba614e80ec004b2eeb167ef26de24ea5de69" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i Icedove, Debians udgave af mail- og -newsklienten Mozilla Thunderbird: flere hukommelsessikkerhedsfejl og -bufferoverløb kunne måske føre til udførelse af vilkårlig kode eller -lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 24.6.0-1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2960.data" diff --git a/danish/security/2014/dsa-2961.wml b/danish/security/2014/dsa-2961.wml deleted file mode 100644 index 7357c98119a..00000000000 --- a/danish/security/2014/dsa-2961.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="8f119c1c6e76e357c7a215dca17533ca68ee1559" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at PHP, et skriptsprog til generel anvendelse, som almindeligvis -anvendes til webapplikationsudvikling, var sårbar over for et heapbaseret -bufferoverløb i fortolkningen af DNS TXT-poster. En ondsindet server eller -manden i midten-angriber, kunne muligvis udnytte fejlen til at udføre vilkårlig -kode som PHP-fortolkeren, hvis en PHP-applikation anvender dns_get_record() til -at udføre en DNS-forespørgsel.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.4.4-14+deb7u11.

- -

I distributionen testing (jessie), er dette problem rettet i -version 5.6.0~beta4+dfsg-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.6.0~beta4+dfsg-3.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2961.data" diff --git a/danish/security/2014/dsa-2962.wml b/danish/security/2014/dsa-2962.wml deleted file mode 100644 index 42f3f9288c0..00000000000 --- a/danish/security/2014/dsa-2962.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="c2d52a1c4376aa145a4a44090db3b6639517c570" mindelta="1" -sikkerhedsopdatering - -

Abhiskek Arya opdagede en skrivning uden for grænserne i funktionen cvt_t() -i NetScape Portable Runtime Library, hvilket kunne medføre udførelse af -vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2:4.9.2-1+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:4.10.6-1.

- -

Vi anbefaler at du opgraderer dine nspr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2962.data" diff --git a/danish/security/2014/dsa-2963.wml b/danish/security/2014/dsa-2963.wml deleted file mode 100644 index d7a0168aa7f..00000000000 --- a/danish/security/2014/dsa-2963.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="4156f27f1b32b2ccaba7eae62ab3302a1be7bd83" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i Solr, en open source-enterprisesøgeserver -baseret på Lucene, medførende informationsafsløring eller udførelse af kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.6.0+dfsg-1+deb7u1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 3.6.2+dfsg-2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.6.2+dfsg-2.

- -

Vi anbefaler at du opgraderer dine lucene-solr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2963.data" diff --git a/danish/security/2014/dsa-2964.wml b/danish/security/2014/dsa-2964.wml deleted file mode 100644 index ef276f44504..00000000000 --- a/danish/security/2014/dsa-2964.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="149881a9cf3d05b0c83db2e16d05eaeca043a8d6" mindelta="1" -sikkerhedsopdatering - -

Oscar Reparaz opdagede en sårbarhed i forbindelse med omgåelse af -autentifikation i iodine, en værktøj til tunnelering af IPv4-data gennem en -DNS-server. En fjernangriber kunne provokere serveren til at acceptere resten -af opsætningen eller også netværkstrafikken, ved at udnytte fejlen.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.6.0~rc1-12+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 0.6.0~rc1-19.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.6.0~rc1-19.

- -

Vi anbefaler at du opgraderer dine iodine-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2964.data" diff --git a/danish/security/2014/dsa-2965.wml b/danish/security/2014/dsa-2965.wml deleted file mode 100644 index 3bc1a77233e..00000000000 --- a/danish/security/2014/dsa-2965.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="6e7acdf44a52eb7ff8883dacd52f850f666eab77" mindelta="1" -sikkerhedsopdatering - -

Murray McAllister opdagede et heapbaseret bufferoverløb i -kommandolinjeværktøjet gif2tiff. Udførelse af gif2tiff på et ondsindet -tiff-billede kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 4.0.2-6+deb7u3.

- -

I distributionen testing (jessie), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.0.3-9.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2965.data" diff --git a/danish/security/2014/dsa-2966.wml b/danish/security/2014/dsa-2966.wml deleted file mode 100644 index d612b6e85c7..00000000000 --- a/danish/security/2014/dsa-2966.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="8f77956af5dce4dea18a6543231016865ac5d651" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget og rettet i Samba, en SMB-/CIFS-fil-, print- -og loginserver:

- -
    - -
  • CVE-2014-0178 - -

    En informationslækagesårbarhed i VFS-koden, gjorde det muligt for en - autentificeret bruger, at hente otte bytes fra uinitialiseret hukommelse, - når skyggekopiering er aktiveret.

    • - -
  • CVE-2014-0244 - -

    Lammelsesangreb (uendelig CPU-løkke) i nmbd-Netbios-navneservicedæmonen. - En misdannet pakke kunne forårsage, at nmbd-serveren kom i en uendelig - løkke, hvilket forhindrede behandling af efterfølgende forespørgsler til - Netbios-navneservicen.

    • - -
  • CVE-2014-3493 - -

    Lammelsesangreb (dæmonnedbrud) i smbd-filserverdæmonen. En - autentificeret bruger, som forsøgte at læse en Unicode-sti ved hjælp af en - ikke-Unicode-forespørgsel, kunne tvinge dæmonen til at overskrive hukommelse - på en ugyldig adresse.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2:3.6.6-6+deb7u4.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 2:4.1.9+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2:4.1.9+dfsg-1.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2966.data" diff --git a/danish/security/2014/dsa-2967.wml b/danish/security/2014/dsa-2967.wml deleted file mode 100644 index b307d0411b0..00000000000 --- a/danish/security/2014/dsa-2967.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="fbce10449306201403332ca19ab5a20e097302e0" mindelta="1" -sikkerhedsopdatering - -

Jean-René Reinhard, Olivier Levillain og Florian Maury rapporterede, at -GnuPG, GNU Privacy Guard, ikke på korrekt vis fortolkede visse forvanskede, -komprimerede datapakker. En fjernangriber kunne udnytte fejlen til at -igangsætte et lammelsesangreb (denial of service) mod GnuPG, ved at bevirke en -uendelig løkke.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4.12-7+deb7u4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.16-1.2.

- -

Vi anbefaler at du opgraderer dine gnupg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2967.data" diff --git a/danish/security/2014/dsa-2968.wml b/danish/security/2014/dsa-2968.wml deleted file mode 100644 index 29811a25dd0..00000000000 --- a/danish/security/2014/dsa-2968.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="1335cc4541e7a7fc86189194ffa2aaffdc00df0a" mindelta="1" -sikkerhedsopdatering - -

Jean-René Reinhard, Olivier Levillain og Florian Maury rapporterede, at -GnuPG, GNU Privacy Guard, ikke på korrekt vis fortolkede visse forvanskede, -komprimerede datapakker. En fjernangriber kunne udnytte fejlen til at -igangsætte et lammelsesangreb (denial of service) mod GnuPG, ved at bevirke en -uendelig løkke.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.0.19-2+deb7u2.

- -

I distributionen testing (jessie), er dette problem rettet i -version 2.0.24-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.24-1.

- -

Vi anbefaler at du opgraderer dine gnupg2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2968.data" diff --git a/danish/security/2014/dsa-2970.wml b/danish/security/2014/dsa-2970.wml deleted file mode 100644 index 82afbfd8e62..00000000000 --- a/danish/security/2014/dsa-2970.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="99153483846df99ed738eb1d18f6c63675889483" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer (udførelse af skripter på tværs af websteder, -forfalskning af forespørgsler på tværs af websteder, SQL-indsprøjtninger, -manglende fornuftighedskontrol af inddata) er fundet i Cacti, en webfrontend til -RRDTool.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.8.8a+dfsg-5+deb7u3.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 0.8.8b+dfsg-6.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.8.8b+dfsg-6.

- -

Vi anbefaler at du opgraderer dine cacti-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2970.data" diff --git a/danish/security/2014/dsa-2971.wml b/danish/security/2014/dsa-2971.wml deleted file mode 100644 index aa91003cd40..00000000000 --- a/danish/security/2014/dsa-2971.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="f2fcdf37cef60f05e55efd0d653d2b3322a0c394" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i dbus, et system til asynkron kommunikation -mellem processer. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2014-3477 - -

    Alban Crequy fra Collabora Ltd., opdagede at dbus-daemon sendte en - AccessDenied-fejl til servicen i stedet for klienten, når klientens - forhindres i at tilgå servicen. En lokal angriber kunne udnytte fejlen til - at forårsage, at en bus-aktiveret service, som pt. ikke kører, blev startet - og dernæst fejlede, hvilket forhindrede andre brugere i at tilgå - servicen.

    • - -
  • CVE-2014-3532 - -

    Alban Crequy fra Collabora Ltd., opdagede en fejl i dbus-daemons - understøttelse af fortolkning af fildescriptors. En ondsindet proces kunne - tvinge systemservices eller brugerapplikationer til at miste forbindelsen - til D-Bus-systemet, ved at sende dem en besked indeholdende en - fildescriptor, førende til et lammelsesangreb (denial of service).

    • - -
  • CVE-2014-3533 - -

    Alban Crequy fra Collabora Ltd. og Alejandro Martínez Suárez, opdagede at - en ondsindet proces kunne tvinge services til at miste forbindelsen med - D-Bus-systemet, ved at forårsage at dbus-daemon forsøgte at videresende - ugyldige fildescriptors til en offer-proces, førende til et - lammelsesangreb.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.6.8-1+deb7u3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.8.6-1.

- -

Vi anbefaler at du opgraderer dine dbus-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2971.data" diff --git a/danish/security/2014/dsa-2972.wml b/danish/security/2014/dsa-2972.wml deleted file mode 100644 index 64d85c6cfe4..00000000000 --- a/danish/security/2014/dsa-2972.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b3f97b721a5b6b5466555815e0d34a44463ebbd8" mindelta="1" -sikkerhedsopdatering - -

Andy Lutomirski opdagede at ptrace-syskaldet ikke kontrollerede hvorvidt -RIP-registeret var validt i ptrace-API'et på x86_64-processorer. En -ikke-priviligeret bruger kunne udnytte fejl til at få kernen til at gå ned -(medførende lammelsesangreb) eller rettighedsforøgelse.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.2.60-1+deb7u1. Desuden indeholder opdateringen flere fejlrettelser, -som oprindelig skulle have været medtaget i den kommende punktopdatering af -Wheezy.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2972.data" diff --git a/danish/security/2014/dsa-2973.wml b/danish/security/2014/dsa-2973.wml deleted file mode 100644 index bec625abf7d..00000000000 --- a/danish/security/2014/dsa-2973.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="81e44728af82c2704ca0662ef8deb46312dd1dc1" mindelta="1" -sikkerhedsopdatering - -

Flere bufferoverløb er fundet i medieafspilleren VideoLAN. Behandling af -misdannede undertekster eller filmfiler, kunne føre til lammelseangreb (denial -of service) og potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.0.3-5+deb7u1.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 2.1.0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.1.0-1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2973.data" diff --git a/danish/security/2014/dsa-2974.wml b/danish/security/2014/dsa-2974.wml deleted file mode 100644 index 4b4f4a481a4..00000000000 --- a/danish/security/2014/dsa-2974.wml +++ /dev/null @@ -1,65 +0,0 @@ -#use wml::debian::translation-check translation="96885ab8ef16bfe18677e048e46cc7d89287c442" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et skriptsprog til generel anvendelse, -som almindeligvis anvendes til webapplikationsudvikling. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2014-0207 - -

    Francisco Alonso fra Red Hat Security Response Team rapporterede om en - ukorrekt grænsekontrol i funktionen cdf_read_short_sector().

    • - -
  • CVE-2014-3478 - -

    Francisco Alonso fra Red Hat Security Response Team opdagede en fejl i - den måde den trunkerede Pasccal-strengstørrelse i funktionen mconvert() - beregnes.

    • - -
  • CVE-2014-3479 - -

    Francisco Alonso fra Red Hat Security Response Team rapporterede om en - ukorrekt grænsekontrol i funktionen cdf_check_stream_offset().

    • - -
  • CVE-2014-3480 - -

    Francisco Alonso fra Red Hat Security Response Team rapporterede om en - utilstrækkelig grænsekontrol i funktionen cdf_count_chain().

    • - -
  • CVE-2014-3487 - -

    Francisco Alonso fra Red Hat Security Response Team opdagede en ukorrekt - grænsekontrol i funktionen cdf_read_property_info().

    • - -
  • CVE-2014-3515 - -

    Stefan Esser opdagede at unserialize()-handlerne ArrayObject og - SPLObjectStorage ikke kontrollerede de userialiserede typers data, før de - blev anvendt. En fjernangriber kunne udnytte fejlen til at udføre vilkårlig - kode.

    • - -
  • CVE-2014-4721 - -

    Stefan Esser opdagede et typeforveksliningsproblem, som påvirkede - phpinfo(), hvilket kunne medføre at en angriber kunne få adgang til - følsomme oplysninger fra proceshukommelse.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i version -5.4.4-14+deb7u12. Desuden indeholder opdateringen flere fejlrettelser, som -oprindelig var tiltænkt den kommende punktopdatering af Wheezy.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 5.6.0~rc2+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.6.0~rc2+dfsg-1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2974.data" diff --git a/danish/security/2014/dsa-2975.wml b/danish/security/2014/dsa-2975.wml deleted file mode 100644 index cc59cd778f0..00000000000 --- a/danish/security/2014/dsa-2975.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="91d0401a6d994558c7db4837365a72b85b76e533" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i phpMyAdmin, et værktøj til administrering af -MySQL via web. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2013-4995 - -

    Autentificerede brugere kunne indsprøjte vilkårligt webskript eller HTML - ved hjælp af en fabrikeret SQL-forespørgsel.

    • - -
  • CVE-2013-4996 - -

    Udførelse af skripter på tværs af websteder var muligt gennem en - fabrikeret logo-URL i navigeringspanelet eller en fabrikeret forekomst i - Trusted Proxies-listen.

    • - -
  • CVE-2013-5002 - -

    Autentificerede brugere kunne indsprøjte vilkårligt webskript eller HTML - ved hjælp af en fabrikeret pageNumber-værdi i Schema Export.

    • - -
  • CVE-2013-5003 - -

    Autentificerede brugere kunne udføre vilkårlige SQL-kommandoer som - phpMyAdmins control user gennem scale-parameteret PMD PDF-eksport og - parameteret pdf_page_number i Schema Export.

    • - -
  • CVE-2014-1879 - -

    Autentificerede brugere kunne indsprøjte vilkårligt webskript eller HTML - gennem et fabrikeret filnavn i funktionen Import.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4:3.4.11.1-2+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4:4.2.5-1.

- -

Vi anbefaler at du opgraderer dine phpmyadmin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2975.data" diff --git a/danish/security/2014/dsa-2976.wml b/danish/security/2014/dsa-2976.wml deleted file mode 100644 index 5b989a02669..00000000000 --- a/danish/security/2014/dsa-2976.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="aeaa87494ad1d7aface2b55c443e3b0f83dc131e" mindelta="1" -sikkerhedsopdatering - -

Stephane Chazelas opdagede at GNU C-biblioteket, glibc, behandlede -..-stielementer i locale-relaterede miljøvariabler, hvilket muligvis -gjorde det muligt for angribere at omgå tilsigtede begrænsinger, så som -ForceCommand i OpenSSH, forudsat at de er i stand til at levere fabrikerede -locale-indstillinger.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -2.13-38+deb7u3.

- -

Opdateringen indeholder også ændringer, som oprindelig var planlagt til at -indgå i den kommende punktopdatering af wheeszy, som version 2.13-38+deb7u2. -Se Debians changelog for flere oplysninger.

- -

Vi anbefaler at du opgraderer dine eglibc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2976.data" diff --git a/danish/security/2014/dsa-2977.wml b/danish/security/2014/dsa-2977.wml deleted file mode 100644 index 8b31ec1cc81..00000000000 --- a/danish/security/2014/dsa-2977.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7aef9de36727d7d631ac77d19f683272593d2dec" mindelta="1" -sikkerhedsopdatering - -

Don A. Baley opdagede et heltalsoverløb i rutinen til håndtering af -lzo-kompression, hvilket kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 6:0.8.13-1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 6:10.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 6:10.2-1.

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2977.data" diff --git a/danish/security/2014/dsa-2978.wml b/danish/security/2014/dsa-2978.wml deleted file mode 100644 index 14ac24b0544..00000000000 --- a/danish/security/2014/dsa-2978.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="53818e82472602984554a8e51638d291a08d26a0" mindelta="1" -sikkerhedsopdatering - -

Daniel P. Berrange opdagede en lammelsesangrebssårbarhed (denial of service) -i libxml2's entity-erstatning.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.8.0+dfsg1-7+wheezy1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.9.1+dfsg1-4.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2978.data" diff --git a/danish/security/2014/dsa-2979.wml b/danish/security/2014/dsa-2979.wml deleted file mode 100644 index f1d2f32a833..00000000000 --- a/danish/security/2014/dsa-2979.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5984a524ec5c1819b344e4b3c93ad1cae0b19dad" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Fail2ban, en løsning til bandlysning af værter, -som forårsager mange autentifikationsfejl. Når Fail2ban anvendes til at -overvåge Postfix- eller Cyrus IMAP-logfiler, kunne ukorrekt fornuftighedskontrol -af inddata i logfortolkningen gøre det muligt for en fjernangriber at udløse -blokering af vilkårlige IP-adresser, medførende lammelsesangreb (denial of -service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.8.6-3wheezy3.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 0.8.11-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.8.11-1.

- -

Vi anbefaler at du opgraderer dine fail2ban-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2979.data" diff --git a/danish/security/2014/dsa-2980.wml b/danish/security/2014/dsa-2980.wml deleted file mode 100644 index c569c8f38a1..00000000000 --- a/danish/security/2014/dsa-2980.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="29e7eb93f973cb42c159de757272ebff8620e9b7" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udførelse af vilkårlig kode, udbrud fra -Java-sandkassen, informationsafsløring eller lammelsesangreb (denial of -service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 6b32-1.13.4-1~deb7u1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2980.data" diff --git a/danish/security/2014/dsa-2981.wml b/danish/security/2014/dsa-2981.wml deleted file mode 100644 index 660da471341..00000000000 --- a/danish/security/2014/dsa-2981.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="ea9cc23e8850767ce4cccf72f84d7c4cec6261e5" mindelta="1" -sikkerhedsopdatering - -

En fejl blev opdaget i PolarSSL, letvægts-krypto- og -SSL/TLS-biblioteket, -hvilket kunne udnyttes af en fjern ikke-autentificeret angribere til at -iværksætte et lammelsesangreb (denial of service) mod PolarSSL-servere, som -tilbyder GCM-ciphersuiter. Potentielt er klienter også påvirket, hvis en -ondsindet server beslutter at udføre et lammelsesangreb mod sine klienter.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.9-1~deb7u3.

- -

I the distributionen testing (jessie), er dette problem rettet i -version 1.3.7-2.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3.7-2.1.

- -

Vi anbefaler at du opgraderer dine polarssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2981.data" diff --git a/danish/security/2014/dsa-2982.wml b/danish/security/2014/dsa-2982.wml deleted file mode 100644 index bb2058f201c..00000000000 --- a/danish/security/2014/dsa-2982.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="ba66f4f727202a95fb38e4001c7f015fb906dcc3" mindelta="1" -sikkerhedsopdatering - -

Sean Griffin opdagede to sårbarheder i PostgreSQL-adapteren til Active -Record, hvilket kunne føre til SQL-indsprøjtning.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.2.6-5+deb7u1. Debian leverer to varianter af Ruby on Rails i -Wheezy (2.3 og 3.2). Understøttelse af 2.3-varianter er på nuværende -tidspunkt ikke længere muligt. Det påvirker følgende kildekodepakker: -ruby-actionmailer-2.3, ruby-actionpack-2.3, ruby-activerecord-2.3, -ruby-activeresource-2.3, ruby-activesupport-2.3 og ruby-rails-2.3. Versionen af -Redmine i Wheezy kræver stadig 2.3, men man kan anvende en opdateret version fra -backports.debian.org, som er kompatibel med rails 3.2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.2.19-1 af kildekodepakken rails-3.2.

- -

Vi anbefaler at du opgraderer dine ruby-activerecord-3.2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2982.data" diff --git a/danish/security/2014/dsa-2983.wml b/danish/security/2014/dsa-2983.wml deleted file mode 100644 index 6182c1688b0..00000000000 --- a/danish/security/2014/dsa-2983.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="4a213f03de6631f2509340c48bb032beba25f601" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er opdaget i indholdshåndteringssystemet Drupal, -spændende fra lammelsesangreb (denial of service) til udførelse af skripter på -tværs af websteder. Flere oplysninger finder man i -\ -https://www.drupal.org/SA-CORE-2014-003.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 7.14-2+deb7u5.

- -

I distributionen testing (jessie), er dette problem rettet i -version 7.29-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.29-1.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2983.data" diff --git a/danish/security/2014/dsa-2984.wml b/danish/security/2014/dsa-2984.wml deleted file mode 100644 index a2f097803e6..00000000000 --- a/danish/security/2014/dsa-2984.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="5f08f27f70a78e9467b16fbaec34fe5b8a012ed2" mindelta="1" -sikkerhedsopdatering - -

CESG opdagede en root-eskaleringsfejl i pakken acpi-support. En -upriviligeret bruger kunne indsprøjte miljøvariablen DBUS_SESSION_BUS_ADDRESS, -for at køre vilkårlige kommandoer som root-brugeren ved hjælp af skriptet -policy-funcs.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.140-5+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 0.142-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.142-2.

- -

Vi anbefaler at du opgraderer dine acpi-support-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2984.data" diff --git a/danish/security/2014/dsa-2985.wml b/danish/security/2014/dsa-2985.wml deleted file mode 100644 index 4a11487228d..00000000000 --- a/danish/security/2014/dsa-2985.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="9756ed13b077c72645cdd5cf18e17f8683992b0f" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion 5.5.38. Se MySQL 5.5 Release -Notes og Oracles Critical Patch Update-bulletin for flere oplysninger:

- - - -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.5.38-0+wheezy1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2985.data" diff --git a/danish/security/2014/dsa-2986.wml b/danish/security/2014/dsa-2986.wml deleted file mode 100644 index f2c56dde845..00000000000 --- a/danish/security/2014/dsa-2986.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="fa78971e23e01fd3cde1f729ea94c13b8cef463a" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af - webbrowseren Mozilla Firefox: Flere fejl i forbindelse med -hukommelsessikkerhed og anvendelse efter frigivelse, kunne måske føre til -udførelse af vilkårlig kode eller lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 24.7.0esr-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.0-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2986.data" diff --git a/danish/security/2014/dsa-2987.wml b/danish/security/2014/dsa-2987.wml deleted file mode 100644 index af4b05d8dd6..00000000000 --- a/danish/security/2014/dsa-2987.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="85a09db6dfce8a2dba63708809327a2b2e80042c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udførelse af vilkårlig kode, udbrud fra -Java-sandkassen, informationsafsløring eller lammelsesangreb (denial of -service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 7u65-2.5.1-2~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7u65-2.5.1-1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2987.data" diff --git a/danish/security/2014/dsa-2988.wml b/danish/security/2014/dsa-2988.wml deleted file mode 100644 index 5d89eed91ae..00000000000 --- a/danish/security/2014/dsa-2988.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="dcdd03851973fa1e2459548fbf7af29086a57d7e" mindelta="1" -sikkerhedsopdatering - -

Ben Hawkes opdagede at ukorrekt håndtering af peer-beskeder i -bittorrentklienten Transmission, kunne føre til lammelsesangreb (denial of -service) eller udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.52-3+nmu2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine transmission-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2988.data" diff --git a/danish/security/2014/dsa-2989.wml b/danish/security/2014/dsa-2989.wml deleted file mode 100644 index 9b254e7b3c5..00000000000 --- a/danish/security/2014/dsa-2989.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="3991c4e7cbe62c542759d2c8868acb4747dc850a" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i Apache HTTP-serveren.

- -
    - -
  • CVE-2014-0118 - -

    Inputfilteret DEFLATE (oppuster forespørgselskroppe) i mod_deflate, - gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - (ressourceforbrug) ved hjælp af fabrikerede forespørgselsdata, som - dekomprimeres til en meget større størrelse.

    • - -
  • CVE-2014-0226 - -

    En kapløbstilstand blev fundet i mod_status. En angriber med mulighed - for at tilgå en offentlig serverstatusside på en server, kunne sende - omhyggeligt fabrikerede forespørgsler, hvilket kunne føre til et - heapbufferoverløb, forårsagede lammelsesangreb (denial of service), - afsløring af følsomme oplysninger eller potentielt udførelse af vilkårlig - kode.

    • - -
  • CVE-2014-0231 - -

    En fejl blev fundet i mod_cgid. Hvis en server, som anvender - mod_cgid-hostede CGI-skripter som ikke konsumerer standardinddata, kunne en - fjernangriber forårsage at børneprocesser hang i uendelig tid, førende til - lammelsesangreb.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.2.22-13+deb7u3.

- -

I distributionen testing (jessie), vil disse problemer blive rettet i -version 2.4.10-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.4.10-1.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2989.data" diff --git a/danish/security/2014/dsa-2990.wml b/danish/security/2014/dsa-2990.wml deleted file mode 100644 index bae9e4cc2e8..00000000000 --- a/danish/security/2014/dsa-2990.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="5aefe5d8ce78574509c6e71c7a603347896c32f1" mindelta="1" -sikkerhedsopdatering - -

It was discovered that the web interface in CUPS, the Common UNIX -Printing System, incorrectly validated permissions on rss files and -directory index files. A local attacker could possibly use this issue -to bypass file permissions and read arbitrary files, possibly leading -to a rettighedsforøgelse.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.5.3-5+deb7u4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.7.4-2.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2990.data" diff --git a/danish/security/2014/dsa-2991.wml b/danish/security/2014/dsa-2991.wml deleted file mode 100644 index 81359fa9457..00000000000 --- a/danish/security/2014/dsa-2991.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="3fd504b0834c3960a38252e5d1fced02bcf62d7d" mindelta="1" -sikkerhedsopdatering - -

Martin Holst Swende discovered a flaw in the way chunked requests are -handled in ModSecurity, an Apache module whose purpose is to tighten the -Web application security. A remote attacker could use this flaw to -bypass intended mod_security restrictions by using chunked transfer -coding with a capitalized Chunked value in the Transfer-Encoding HTTP -header, allowing to send requests containing content that should have -been removed by mod_security.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.6.6-6+deb7u2.

- -

For the distributionen testing (jessie), er dette problem rettet i -version 2.7.7-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.7.7-1.

- -

Vi anbefaler at du opgraderer dine modsecurity-apache-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2991.data" diff --git a/danish/security/2014/dsa-2992.wml b/danish/security/2014/dsa-2992.wml deleted file mode 100644 index 8bd7745285a..00000000000 --- a/danish/security/2014/dsa-2992.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="863617956faa110c23c49633b5ebc788b82e3065" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder have been discovered in the Linux kernel that -may lead to a denial of service or rettighedsforøgelse:

- -
    - -
  • CVE-2014-3534 - -

    Martin Schwidefsky of IBM discovered that the ptrace subsystem does - not properly sanitize the psw mask value. On s390 systems, an - unprivileged local user could use this flaw to set address space - control bits to kernel space combination and thus gain read/write - access to kernel memory.

    • - -
  • CVE-2014-4667 - -

    Gopal Reddy Kodudula of Nokia Siemens Networks discovered that the - sctp_association_free function does not properly manage a certain - backlog value, which allows remote attackers to cause a denial of - service (socket outage) via a crafted SCTP packet.

    • - -
  • CVE-2014-4943 - -

    Sasha Levin discovered a flaw in the Linux kernel's point-to-point - protocol (PPP) when used with the Layer Two Tunneling Protocol - (L2TP). An unprivileged local user could use this flaw for privilege - escalation.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.2.60-1+deb7u3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.14.13-2.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2992.data" diff --git a/danish/security/2014/dsa-2993.wml b/danish/security/2014/dsa-2993.wml deleted file mode 100644 index 6d886a06d4b..00000000000 --- a/danish/security/2014/dsa-2993.wml +++ /dev/null @@ -1,60 +0,0 @@ -#use wml::debian::translation-check translation="5b028360cb42da0e01e7abe17329aa378f8f43d4" mindelta="1" -sikkerhedsopdatering - -

Several issues have been discovered in Tor, a connection-based -low-latency anonymous communication system, resulting in information -leaks.

- -
    -

  • Relay-early cells could be used by colluding relays on the network to - tag user circuits and so deploy traffic confirmation attacks - [CVE-2014-5117]. The updated version emits a warning and drops the - circuit upon receiving inbound relay-early cells, preventing this - specific kind of attack. Please consult the following advisory for - more details about this issue:

    - -

    \ - https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack

    -
    • - -

  • A bug in the bounds-checking in the 32-bit curve25519-donna - implementation could cause incorrect results on 32-bit - implementations when certain malformed inputs were used along with a - small class of private ntor keys. This flaw does not currently - appear to allow an attacker to learn private keys or impersonate a - Tor server, but it could provide a means to distinguish 32-bit Tor - implementations from 64-bit Tor implementations.

    • -
- -

The following additional security-related improvements have been -implemented:

- -
    -

  • As a client, the new version will effectively stop using CREATE_FAST - cells. While this adds computational load on the network, this - approach can improve security on connections where Tor's circuit - handshake is stronger than the available TLS connection security - levels.

    • - -

  • Prepare clients to use fewer entry guards by honoring the consensus - parameters. The following article provides some background:

    - -

    \ - https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters

    -
    • -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.2.4.23-1~deb7u1.

- -

For the distributionen testing (jessie) and the ustabile distribution -(sid), er disse problemer rettet i version 0.2.4.23-1.

- -

For the experimental distribution, er disse problemer rettet i -version 0.2.5.6-alpha-1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2993.data" diff --git a/danish/security/2014/dsa-2994.wml b/danish/security/2014/dsa-2994.wml deleted file mode 100644 index 7a9585c295f..00000000000 --- a/danish/security/2014/dsa-2994.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="9ee1811408c17449678cf76df63e03b10fb35bd8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder have been discovered in nss, the Mozilla Network -Security Service library:

- -
    - -
  • CVE-2013-1741 - -

    Runaway memset in certificate parsing on 64-bit computers leading to - a crash by attempting to write 4Gb of nulls.

    • - -
  • CVE-2013-5606 - -

    Certificate validation with the verifylog mode did not return - validation errors, but instead expected applications to determine - the status by looking at the log.

    • - -
  • CVE-2014-1491 - -

    Ticket handling protection mechanisms bypass due to the lack of - restriction of public values in Diffie-Hellman key exchanges.

    • - -
  • CVE-2014-1492 - -

    Incorrect IDNA domain name matching for wildcard certificates could - allow specially-crafted invalid certificates to be considered as - valid.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2:3.14.5-1+deb7u1.

- -

For the distributionen testing (jessie), and the ustabile distribution (sid), -er disse problemer rettet i version 2:3.16-1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2994.data" diff --git a/danish/security/2014/dsa-2995.wml b/danish/security/2014/dsa-2995.wml deleted file mode 100644 index e664e3ed782..00000000000 --- a/danish/security/2014/dsa-2995.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="11c19da83bd50b10d5848055dd789406a1d9e637" mindelta="1" -sikkerhedsopdatering - -

Don A. Bailey fra Lab Mouse Security opdagede en heltalsoverløbsfejl i den -måde, lzo-biblioteket dekomprimerede visse arkiver, komprimeret med -LZO-algoritmen. En angriber kunne oprette særligt fremstillede LZO-komprimerede -inddata, der ved dekomprimering af en applikation, som anvender lzo-biblioteket, -medførte af applikationen gik ned eller potentielt udførte vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.06-1+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 2.08-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.08-1.

- -

Vi anbefaler at du opgraderer dine lzo2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2995.data" diff --git a/danish/security/2014/dsa-2996.wml b/danish/security/2014/dsa-2996.wml deleted file mode 100644 index 00481fd58d9..00000000000 --- a/danish/security/2014/dsa-2996.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="19d930a2e2a3f07cae95e4a43cc416502a079cd3" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i Icedove, Debians udgave af mail- og -newsklienten Mozilla Thunderbird: Flere fejl i forbindelse med -hukommelsessikkerhed og anvendelse efter frigivelse, kunne måske føre til udførelse -af vilkårlig kode eller lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 24.7.0-1~deb7u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2996.data" diff --git a/danish/security/2014/dsa-2997.wml b/danish/security/2014/dsa-2997.wml deleted file mode 100644 index 8cd7c7565c6..00000000000 --- a/danish/security/2014/dsa-2997.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="d514bdf2eabaab9aa108afa8f00b13f8cf85a64f" mindelta="1" -sikkerhedsopdatering - -

Jakub Wilk opdagede en fejl i forbindelse med fjernudførelse af kommandoer i -reportbug, et værktøj til rapportering af fejl i Debians distribution. En -manden i midten-angriber kunne indsætte shell-metadaa i versionsnummeret, -hvilket gjorde det muligt at udføre vilkårlige kommandoer med rettighederne -hørende til brugeren, der kører reportbug.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 6.4.4+deb7u1.

- -

I distributionen testing (jessie), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 6.5.0+nmu1.

- -

Vi anbefaler at du opgraderer dine reportbug-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2997.data" diff --git a/danish/security/2014/dsa-2998.wml b/danish/security/2014/dsa-2998.wml deleted file mode 100644 index 7070ab90456..00000000000 --- a/danish/security/2014/dsa-2998.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="869dc31d8677976fd4452fbe79c6a9af1eaaf970" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i OpenSSL, et Secure Sockets Layer-toolkit, -hvilke kunne medføre lammelsesangreb (applikationsnedbrud, stort -hukommelsesforbrug), informationslækage, protokolnedgradering. Desuden er der -rettet et bufferoverløb, som kun påvirkede applikationer, der eksplicit er opsat -til SRP (\ -CVE-2014-3512).

- -

Detaljerede beskrivelser af sårbarhederne, finder man i: -\ -www.openssl.org/news/secadv_20140806.txt

- -

Det er vigtigt, at man opgraderer sin libssl1.0.0-pakke, og ikke blot -openssl-pakken.

- -

Alle applikationer som er linket til openssl, skal genstartes. Man kan -anvende værktøjet checkrestart fra pakken debian-goodies package, for at -finde påvirkede programmer. Alternativt kan man genstarte sit system.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.0.1e-2+deb7u12.

- -

I distributionen testing (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.1i-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2998.data" diff --git a/danish/security/2014/dsa-2999.wml b/danish/security/2014/dsa-2999.wml deleted file mode 100644 index 07aac815007..00000000000 --- a/danish/security/2014/dsa-2999.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="07a7e8a09f38897f70eb16a85c92f5915a7423eb" mindelta="1" -sikkerhedsopdatering - -

En lammelsesangrebssårbarhed blev opdaget i Drupal, et komplet framework til -indholdshåndtering. En fjernangriber kunne udnytte fejlen til at forårsage CPU- -og hukommelsesudmattelse, og få webstedets database til at nå det maksimale -antal åbne forbindelser, førende til at webstedet blev utilgængeligt eller holdt -op med at svare. Flere oplysninger finder man i -\ -https://www.drupal.org/SA-CORE-2014-004.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 7.14-2+deb7u6.

- -

I distributionen testing (jessie), er dette problem rettet i -version 7.31-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.31-1.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-2999.data" diff --git a/danish/security/2014/dsa-3000.wml b/danish/security/2014/dsa-3000.wml deleted file mode 100644 index 2a45bc2017e..00000000000 --- a/danish/security/2014/dsa-3000.wml +++ /dev/null @@ -1,60 +0,0 @@ -#use wml::debian::translation-check translation="f30d01b3c321cffe8811272611d8977ba52e1d38" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i krb5, MIT's implementering af Kerberos. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2014-4341 - -

    En uautentificeret fjernangriber med mulighed for at sprøjte pakker ind i - en legitimt etableret GSSAPI-applikationssession, kunne medføre et - programnedbrud på grund af ugyldige hukommelsesreferencer, når der forsøges - at læse ud over slutningen af en buffer.

    • - -
  • CVE-2014-4342 - -

    En uautentificeret fjernangriber med mulighed for at sprøjte pakker ind i - en legitimt etableret GSSAPI-applikationssession, kunne medføre et - programnedbrud på grund af ugyldige hukommelsesreferencer, når der forsøges - at læse ud over slutningen på en buffer eller ved at forårsage en - nullpointerdereference.

    • - -
  • CVE-2014-4343 - -

    En uautentificeret fjernangriber med mulighed for at forfalske pakker, - som lader til at komme fra en GSSAPI-acceptor, kunne medføre en dobbelt - frigivelse-tilstand i GSSAPI-initiators (klienter), som anvender - SPNEGO-mekanismen, ved at returnere en anden underliggende mekanisme, end - der blev foreslået af initiatoren. En fjernangriber kunne udnytte fejlen - til at medføre et applikationsnedbrud eller potentielt udførelse af - vilkårlig kode.

    • - -
  • CVE-2014-4344 - -

    En uautentificeret eller delvist autentificeret fjernangriber kunne - forårsage en NULL-dereference og applikationsnedbrud under en - SPNEGO-forhandling, ved at sende et tomt token, som det andet eller senere - konteksttoken fra initiator til acceptor.

    • - -
  • CVE-2014-4345 - -

    Når kadmind er opsat til at anvende LDAP til KDC-databasen, kunne en - autenticeret fjernangriber få det til at udføre en skrivning uden for - grænserne (bufferoverløb).

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.10.1+dfsg-5+deb7u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.12.1+dfsg-7.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3000.data" diff --git a/danish/security/2014/dsa-3001.wml b/danish/security/2014/dsa-3001.wml deleted file mode 100644 index 826c6f9ac3b..00000000000 --- a/danish/security/2014/dsa-3001.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f142ce5b358b32fec3e90c73d18c5076bbc083b9" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er opdaget i Wordpress, et webbloggingværktøj, -medførende lammelsesangreb (denial of service) eller informationsafsløring. -Flere oplysninger finder man i opstrømsbulletinen i -\ -https://wordpress.org/news/2014/08/wordpress-3-9-2/.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.6.1+dfsg-1~deb7u4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.9.2+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3001.data" diff --git a/danish/security/2014/dsa-3002.wml b/danish/security/2014/dsa-3002.wml deleted file mode 100644 index ee8d27583d2..00000000000 --- a/danish/security/2014/dsa-3002.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="08ca122e6211015f4854d8c40cd77357c61bd20d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i dissektorerne til Catapult DCT2000, IrDA, -GSM Management, RLC ASN.1 BER, hvilke kunne medøre lammelsesangreb (denial of -service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.8.2-5wheezy11.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3002.data" diff --git a/danish/security/2014/dsa-3003.wml b/danish/security/2014/dsa-3003.wml deleted file mode 100644 index ae02c78c820..00000000000 --- a/danish/security/2014/dsa-3003.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="515a717f85b92f5489fcd3c6129ce220df345324" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er rettet i en række demuxerere og dekodere i -multimediebiblioteket libav. En komplet liste over ændringer er tilgængelig i -\ -http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 6:0.8.15-1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3003.data" diff --git a/danish/security/2014/dsa-3004.wml b/danish/security/2014/dsa-3004.wml deleted file mode 100644 index c016db1d439..00000000000 --- a/danish/security/2014/dsa-3004.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1308bf4fab42a729a28393d1cb00368f6812a6cc" mindelta="1" -sikkerhedsopdatering - -

Sebastian Krahmer opdagede at Kauth anvende Policykit på usikker vis, ved at -være afhængig af proces-id'en. Det kunne medføre rettighedsforøgelse.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 4:4.8.4-4+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 4:4.13.3-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4:4.13.3-2.

- -

Vi anbefaler at du opgraderer dine kde4libs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3004.data" diff --git a/danish/security/2014/dsa-3005.wml b/danish/security/2014/dsa-3005.wml deleted file mode 100644 index 11560ce8eec..00000000000 --- a/danish/security/2014/dsa-3005.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="2c06e63d5556aef515b141d1bfb4202d58c15c5e" mindelta="1" -sikkerhedsopdatering - -

Tomáš Trnka opdagede et heapbaseret bufferoverløb i statushandleren gpgsm i -GPGME, et bibliotek beregnet til at gøre adgang til GnuPG lettere for -applikationer. En angriber kunne udnytte problemet til at forårsage, at en -applikation, der anvender GPGME, gik ned (lammelsesangreb/denial of service) -eller muligvis udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.0-1.4+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1.5.1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.5.1-1.

- -

Vi anbefaler at du opgraderer dine gpgme1.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3005.data" diff --git a/danish/security/2014/dsa-3006.wml b/danish/security/2014/dsa-3006.wml deleted file mode 100644 index 3df5ebee70c..00000000000 --- a/danish/security/2014/dsa-3006.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="72bc1ed400ff8d1f93e3c8e8bfbf7f57f932323a" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er opdaget i virtualiseringsløsningen Xen, hvilket -kunne medføre informationslækager eller lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.1.4-3+deb7u2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3006.data" diff --git a/danish/security/2014/dsa-3007.wml b/danish/security/2014/dsa-3007.wml deleted file mode 100644 index 2d7ef461f0e..00000000000 --- a/danish/security/2014/dsa-3007.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="710a7a719b77ce050c2c73980006d8ec7d19ebe5" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer (udførelse af skripter på tværs af websteder, -manglende fornuftighedskontrol af inddata, og SQL-indsprøjtning) er opdaget i -Cacti, en webgrænseflade til overvågningssystemer, der laver grafer.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.8.8a+dfsg-5+deb7u4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.8.8b+dfsg-8.

- -

Vi anbefaler at du opgraderer dine cacti-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3007.data" diff --git a/danish/security/2014/dsa-3008.wml b/danish/security/2014/dsa-3008.wml deleted file mode 100644 index d01608b3e6c..00000000000 --- a/danish/security/2014/dsa-3008.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="086cceebb3da4acdf05e9aaddcea7156526f83f4" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et skriptsprog til generel anvendelse, -som almindeligvis anvendes til webapplikationsudvikling. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2014-3538 - -

    Man opdagede at den oprindelse rettelse af - \ - CVE-2013-7345 ikke på tilstrækkelig vis løste problemet. En - fjernangriber kunne stadig forårsge et lammelsesangreb (CPU-forbrug) via en - særligt fremstillet inddatafil, som udløser backtracking under behandlingen - af en et regulært udtræk i AWK.

    • - -
  • CVE-2014-3587 - -

    Man opdagede at CDF-fortolkeren i modulet fileinfo, ikke på korrekt vis - behandlede misdannede filer i formatet Composite Document File (CDF), - førende til nedbrud.

    • - -
  • CVE-2014-3597 - -

    Man opdagede at den oprindelige retttelse af - \ - CVE-2014-4049 ikke fuldstændig løste problemet. En ondsindet server - eller manden i midten-angriber, kunne forårsage et lammelsesangreb (nedbrud) - samt potentielt udføre vilkårlig kode via en fabrikeret - DNS-TXT-record.

    • - -
  • CVE-2014-4670 - -

    Man opdagede at PHP på ukorrekt vis håndterede vis SPL Iterators. En - lokal angriber kunne udnytte fejlen til at få PHP til at gå ned, medførende - et lammelsesangreb (denial of service).

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i version -5.4.4-14+deb7u13. Desuden indeholder opdateringen flere fejlrettelser, som -oprindelig var planlagt til den kommune punktopdatering af Wheezy.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3008.data" diff --git a/danish/security/2014/dsa-3009.wml b/danish/security/2014/dsa-3009.wml deleted file mode 100644 index cebd6651eb7..00000000000 --- a/danish/security/2014/dsa-3009.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="2f47e3c981d1457b73e5a4730704a9f949754ba7" mindelta="1" -sikkerhedsopdatering - -

Andrew Drake opdagede at manglende fornuftighedskontrol af inddata i -icns-dekoderen i Python Imaging Library kunne føre til lammelsesangreb (denial -of service), hvis et misdannet billede blev behandlet.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.1.7-4+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.5.3-1 af kildekodepakkene pillow.

- -

Vi anbefaler at du opgraderer dine python-imaging-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3009.data" diff --git a/danish/security/2014/dsa-3010.wml b/danish/security/2014/dsa-3010.wml deleted file mode 100644 index 1767eb9fb84..00000000000 --- a/danish/security/2014/dsa-3010.wml +++ /dev/null @@ -1,57 +0,0 @@ -#use wml::debian::translation-check translation="a13f27ba5d6ec963655966809db861944e629661" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Django, et webudviklingframework på højt -niveau til Python. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2014-0480 - -

    Florian Apolloner opdagede at under visse omstændigheder, kunne - URL-omvending generere scheme-relativ URL'er, som uventet kunne - omdirigere en bruger til en anden vært, førende til - phishing-angreb.

    • - -
  • CVE-2014-0481 - -

    David Wilson rapporterede som en lammelsesangrebssårbarhed ved filupload. - Djangos håndtering af filupload kunne i sin standardopsætning falde tilbage - til et enormt stort antal os.stat()-systemkald, når et duplikeret - filnavn blev uploadet. En fjernangriber med mulighed for at uploade filer, - kunne udvirke dårlig ydeevne i uploadhåndteringen, som endte med at gøre den - meget langsom.

    • - -
  • CVE-2014-0482 - -

    David Greisen opdagede at under visse omstændigheder, kunne anvendelse af - middlewaren RemoteUserMiddleware og autentifikationsbackend'en - RemoteUserBackend medføre at en bruger modtog en anden brugers session, hvis - en ændring til REMOTE_USER-headeren skete uden tilhørende - logud-/logind-handlinger.

    • - -
  • CVE-2014-0483 - -

    Collin Anderson opdagede at det var muligt at afsløre ethvert felts data, - ved at ændre parametrene popup og to_field i - forespørgselsstrengen på en administratorsændringsformularside. En bruger - med adgang til administrationsgrænsefladen, samt med tilstrækkelig viden om - modelstrukturen og de korrekte URL'er, kunne fremstille popupvisning, hvilke - kunne vise værdierne af ikke-relationsfelter, herunder felter som - applikationsudvikleren ikke havde til hensigt at udstille på en sådan - måde.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.4.5-1+deb7u8.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.6.6-1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3010.data" diff --git a/danish/security/2014/dsa-3011.wml b/danish/security/2014/dsa-3011.wml deleted file mode 100644 index 46959daec4b..00000000000 --- a/danish/security/2014/dsa-3011.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e220484605b32caea025706fad4ed6e8e6922e55" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at MediaWiki, en webstedsmotor til samarbejder, var sårbar over -for JSONP-indsprøjtning i Flash -(\ -CVE-2014-5241) og klikjacking mellem OutputPage og ParserOutput -(\ -CVE-2014-5243). Sårbarhederne løses ved at opgradere MediaWiki til den nye -opstrømsversion 1.19.18, som indeholder yderligere ændringer.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -1:1.19.18+dfsg-0+deb7u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3011.data" diff --git a/danish/security/2014/dsa-3012.wml b/danish/security/2014/dsa-3012.wml deleted file mode 100644 index 480c3cfbfe7..00000000000 --- a/danish/security/2014/dsa-3012.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="1e6edff17ac49ab1ef035934b52fd6f383348361" mindelta="1" -sikkerhedsopdatering - -

Tavis Ormandy opdagede et heapbaseret bufferoverløb i -translitterationsmodulet, som indlæser kode i eglibc, Debians udgave af GNU -C-biblioteket. Som følge deraf, kunne en angriber, med mulighed for at levere -et fabrikeret destinationstegnsætparameter til iconv-relaterede -tegnkonverteringsfunktioner, få mulighed for at udføre vilkårlig kode.

- -

Opdateringen fjerner understøttelse af indlæsbare -gconv-translitterationsmoduler. Ud over sikkerhedssårbarheden, havde -modulindlæsningskoden funktionelle fejl, som forhindrede det i at udføre det -tilsigtede formål.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -2.13-38+deb7u4.

- -

Vi anbefaler at du opgraderer dine eglibc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3012.data" diff --git a/danish/security/2014/dsa-3013.wml b/danish/security/2014/dsa-3013.wml deleted file mode 100644 index f8ef1a562ff..00000000000 --- a/danish/security/2014/dsa-3013.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="faec17e7fae985b6d96e7892fd05c5b9100d5e55" mindelta="1" -sikkerhedsopdatering - -

Nikolaus Rath opdagede at s3ql, et filsystem til onlineopbevaring af data, -anvendte pickle-funktionaliteten i programmeringssproget Python på en usikker -måde. Som følge heraf kunne en ondsindet storagebackend- eller manden i -midten-angriber udføre vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.11.1-3+deb7u1.

- -

Vi anbefaler at du opgraderer dine s3ql-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3013.data" diff --git a/danish/security/2014/dsa-3014.wml b/danish/security/2014/dsa-3014.wml deleted file mode 100644 index e85aaf03eef..00000000000 --- a/danish/security/2014/dsa-3014.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="ab509bee89b4edb760e4f1dad6f13d1aef6a3ead" mindelta="1" -sikkerhedsopdatering - -

Matthew Daley opdagede at Squid3, en komplet webproxycache, ikke på korrekt -vis udførte fornuftighedskontrol af inddata i forespørgselsfortolkning. En -fjernangriber kunne udnytte fejlen til at iværksætte et lammelsesangreb (denial -of service) ved at sende fabrikerede Range-forspørgsler.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -3.1.20-2.2+deb7u2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine squid3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3014.data" diff --git a/danish/security/2014/dsa-3015.wml b/danish/security/2014/dsa-3015.wml deleted file mode 100644 index 437e61eb8e2..00000000000 --- a/danish/security/2014/dsa-3015.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="3c38f14e389fee175d891dbf847f4ed0f3480959" mindelta="1" -sikkerhedsopdatering - -

En heapbaseret overløbssårbarhed blev fundet i den måde Lua, et simpelt -udvidbart, embedbart programmeringssprog, håndterede varargs-funktioner med -mange faste parametre kaldt med få argumenter, førende til applikationsnedbrud -eller potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.1.5-4+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.1.5-7.

- -

Vi anbefaler at du opgraderer dine lua5.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3015.data" diff --git a/danish/security/2014/dsa-3016.wml b/danish/security/2014/dsa-3016.wml deleted file mode 100644 index 60236e87c47..00000000000 --- a/danish/security/2014/dsa-3016.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="8c8e82ad6748019890720485196c61505ddb45c8" mindelta="1" -sikkerhedsopdatering - -

En heapbaseret overløbssårbarhed blev fundet i den måde Lua, et simpelt -udvidbart, embedbart programmeringssprog, håndterede varargs-funktioner med -mange faste parametre kaldt med få argumenter, førende til applikationsnedbrud -eller potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.2.1-3+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 5.2.3-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.2.3-1.

- -

Vi anbefaler at du opgraderer dine lua5.2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3016.data" diff --git a/danish/security/2014/dsa-3017.wml b/danish/security/2014/dsa-3017.wml deleted file mode 100644 index f1d55155a32..00000000000 --- a/danish/security/2014/dsa-3017.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="f32c33721cc135a8a3048b45257dd549162f897b" mindelta="1" -sikkerhedsopdatering - -

Marvin S. Addison opdagede at Jasig phpCAS, et PHP-bibliotek til -autentifikationsprotokollen CAS, ikke encodede tickets før de blev føjet til en -URL, hvilket gjorde det muligt at udføre skripter på tværs af servere.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.3.1-4+deb7u1.

- -

Den ustabile distribution (sid) vil snart blive rettet.

- -

Vi anbefaler at du opgraderer dine php-cas-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3017.data" diff --git a/danish/security/2014/dsa-3018.wml b/danish/security/2014/dsa-3018.wml deleted file mode 100644 index 37f5d5224af..00000000000 --- a/danish/security/2014/dsa-3018.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="81650afab1160f3469e0325fde8dc344758d74ed" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Flere fejl i forbindelse med hukommelsessikkerhed -og anvendelse efter frigivelse kunne føre til udførelse af vilkårlig kode eller -lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 24.8.0esr-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.1.0esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3018.data" diff --git a/danish/security/2014/dsa-3019.wml b/danish/security/2014/dsa-3019.wml deleted file mode 100644 index 9a1402b0795..00000000000 --- a/danish/security/2014/dsa-3019.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="3dd65e051c5b7b40635134d28b2199d2b0b5a85a" mindelta="1" -sikkerhedsopdatering - -

Boris pi Piwinger og Tavis Ormandy rapporterede om en -heapoverløbssårbarhed i procmails formail-værktøj, når der blev behandlet -særligt fremstillede mailheadere. En fjernangriber kunne udnytte fejlen til at -forårsage et nedbrud, medførende et lammelsesangreb (denial of service) eller -datatab, eller måske udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.22-20+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.22-22.

- -

Vi anbefaler at du opgraderer dine procmail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3019.data" diff --git a/danish/security/2014/dsa-3020.wml b/danish/security/2014/dsa-3020.wml deleted file mode 100644 index c0216db0f83..00000000000 --- a/danish/security/2014/dsa-3020.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="cda7846219e8029c291ff0db55c3b76caff74202" mindelta="1" -sikkerhedsopdatering - -

Under en gennemgang for EDF, opdagede Raphael Geissert har pakken -acpi-support ikke på korrekt vis håndterede data skaffet fra brugerens miljø. -Det kunne føre til et programfejl eller gør det muligt for en lokal bruger, at -forøge rettigheder til root-brugeren på grund af en programmeringsfejl.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.140-5+deb7u3.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid) -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine acpi-support-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3020.data" diff --git a/danish/security/2014/dsa-3021.wml b/danish/security/2014/dsa-3021.wml deleted file mode 100644 index d531d505057..00000000000 --- a/danish/security/2014/dsa-3021.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="2582191af2fd381e0e0ffba268e24f3ae88cb4a2" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i file, et værktøj til af bestemme en -fils type. Sårbarhederne gjorde det muligt for fjernangribere for forårsage et -lammelsesangreb (denial of service) gennem ressourceforbrug eller -applikationsnedbrud.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.11-2+deb7u4.

- -

I distributionen testing (jessie), er disse problemer rettet i -version file 1:5.19-2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version file 1:5.19-2.

- -

Vi anbefaler at du opgraderer dine file-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3021.data" diff --git a/danish/security/2014/dsa-3022.wml b/danish/security/2014/dsa-3022.wml deleted file mode 100644 index 33a063fa569..00000000000 --- a/danish/security/2014/dsa-3022.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="4b7726c46d58282680c98dcc34e5eff9886cc43d" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i cURL, et URL-overførselsbibliotek. De kunne -anvendes til at lække cookieoplysninger:

- -
    - -
  • CVE-2014-3613 - -

    Ved ikke på tilstrækkelig vis at genkende og afvise domænenavne til - delvist literale IP-adresser, når der blev modtaget HTTP-cookies, kunne - libcurl blive narret til både at sende cookies af den forkerte størrelse - og til at tilllade at vilkårlige websteder opsætter cookies for - andre.

    • - -
  • CVE-2014-3620 - -

    libcurl tillod fejlagtigt at cookies kunne blive opsat for Top Level - Domains (TLD'er), hvilket dermed gjorde at det gjaldt bredere, end det er - tilladt for cookies. Det kunne gøre det muligt for vilkårlige websteder, - at opsætte cookies, som dermed ville blive sendt til et andet og - ikke-relateret websted eller domæne.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 7.26.0-1+wheezy10.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 7.38.0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.38.0-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3022.data" diff --git a/danish/security/2014/dsa-3023.wml b/danish/security/2014/dsa-3023.wml deleted file mode 100644 index 64fabb228b9..00000000000 --- a/danish/security/2014/dsa-3023.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="3f96e81155f3e33f74260c0d7225502ca0de942a" mindelta="1" -sikkerhedsopdatering - -

Jared Mauch rapporterede om en lammelsesangrebsfejl (denial of service) i den -måde BIND, en DNS-server, håndterede forespørgsler vedrørende NSEC3-signerede -zoner. En fjernangriber kunne udnytte fejlen mod en autoritativ navneserver, -som leverer NCES3-signerede zoner, ved at sende en særligt fremstillet -forespørgsel, som - når behandlet - ville medføre at named gik ned.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:9.8.4.dfsg.P1-6+nmu2+deb7u2.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1:9.9.5.dfsg-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:9.9.5.dfsg-2.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3023.data" diff --git a/danish/security/2014/dsa-3024.wml b/danish/security/2014/dsa-3024.wml deleted file mode 100644 index 1a0229034ea..00000000000 --- a/danish/security/2014/dsa-3024.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="e59364a2cc079bd2a9f629d316170c4c36a56b4d" mindelta="1" -sikkerhedsopdatering - -

Genkin, Pipman og Tromer opdagede et sidekanalsangreb mod -Elgamal-krypteringssubkeys -(\ -CVE-2014-5270).

- -

Desuden styrker denne opdatering GnuPG's virkemåde når der behandles -keyserversvar; GnuPG filtrerer nu keyserversvar, så der kun accepteres de -keyid'er, som brugeren faktisk bad om.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4.12-7+deb7u6.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), er -dette problem rettet i version 1.4.18-4.

- -

Vi anbefaler at du opgraderer dine gnupg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3024.data" diff --git a/danish/security/2014/dsa-3025.wml b/danish/security/2014/dsa-3025.wml deleted file mode 100644 index 8822d7051e9..00000000000 --- a/danish/security/2014/dsa-3025.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="adaa24eb8c7b4bdc17d66c12b6a0d58dccc9220c" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at APT, højniveaupakkehåndteringsprogrammet, ikke på korrekt vis -ugyldiggjorde uautentificerede data -(\ -CVE-2014-0488), udførte ukorrekte kontroller af 304-svar -(\ -CVE-2014-0487), ikke udførte tjeksumkontrollen når valgmuligheden -Acquire::GzipIndexes anvendes -(\ -CVE-2014-0489) og heller ikke udførte tilstrækkelig validering af binære -pakker downloadet med kommandoen apt-get download -(\ -CVE-2014-0490).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.9.7.9+deb7u3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.9.

- -

Vi anbefaler at du opgraderer dine apt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3025.data" diff --git a/danish/security/2014/dsa-3026.wml b/danish/security/2014/dsa-3026.wml deleted file mode 100644 index 43066c2cd1a..00000000000 --- a/danish/security/2014/dsa-3026.wml +++ /dev/null @@ -1,51 +0,0 @@ -#use wml::debian::translation-check translation="fe919c2ae8796f4207eecffd76a224a2e73468fb" mindelta="1" -sikkerhedsopdatering - -

Alban Crequy og Simon McVittie opdagede flere sårbarheder i meddelelsesdæmonen -D-Bus.

- -
    - -
  • CVE-2014-3635 - -

    På 64 bit-platforme kunne overførsel af fildescriptorer blive misbrug af - lokale brugere til at forårsage heapkorreuption ved dbus-daemon, førende til - et nedbrud eller potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2014-3636 - -

    En lammelsesangrebssårbarhed (denial of service) i dbus-daemon gjorde det - muligt for lokale angribere at forhindre nye forbindelser til dbus-daemon, - eller afbryde eksisterende klienter, ved at udmatte - descriptorbegrænsninger.

    • - -
  • CVE-2014-3637 - -

    Ondsindede lokale brugere kunne oprette D-Bus-forbindelse til - dbus-daemon, som ikke kunne termineres ved at dræbe de deltagende - processer, medførende en lammelsesangrebssårbarhed.

    • - -
  • CVE-2014-3638 - -

    dbus-daemon var ramt af en lammelsesangrebssårbarhed i koden, der holder - styr på hvilke meddelelser, der forventer et svar, hvilket gjorde det muligt - for lokale angribere at formindske dbus-daemons ydeevne.

    • - -
  • CVE-2014-3639 - -

    dbus-daemon afviste ikke på korrekt vis ondsindede forbindelser fra - lokale brugere, medførende en lammelsesangrebssårbarhed.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.6.8-1+deb7u4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.8.8-1.

- -

Vi anbefaler at du opgraderer dine dbus-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3026.data" diff --git a/danish/security/2014/dsa-3027.wml b/danish/security/2014/dsa-3027.wml deleted file mode 100644 index 63537b780a5..00000000000 --- a/danish/security/2014/dsa-3027.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b897981bc35dfeb7a034e14d4c9b879d6507eb72" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er rettet i forskellige demuxere og dekodere i -multimediebiblioteket libav. En komplet liste over ændringer er tilgængelig i -\ -http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 6:0.8.16-1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 6:11~alpha2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 6:11~alpha2-1.

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3027.data" diff --git a/danish/security/2014/dsa-3028.wml b/danish/security/2014/dsa-3028.wml deleted file mode 100644 index 7c659c04a24..00000000000 --- a/danish/security/2014/dsa-3028.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="e0d7d3816e4539046a900763a488139a49895089" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i Icedove, Debians udgave af mail- og -newsklienten Mozilla Thunderbird: Flere fejl i forbindelse med -hukommelsessikkerhed samt anvendelse efter frigivelse, kunne måske føre til -udførelse af vilkårlig kode eller lammelsesangreb ( denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 24.8.0-1~deb7u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3028.data" diff --git a/danish/security/2014/dsa-3029.wml b/danish/security/2014/dsa-3029.wml deleted file mode 100644 index 87ed39cc3e0..00000000000 --- a/danish/security/2014/dsa-3029.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="5d2b47c8dcfe6d4f095b7b0a5bdc4a0ab1fdf859" mindelta="1" -sikkerhedsopdatering - -

Antoine Delignat-Lavaud og Karthikeyan Bhargavan opdagede at det var muligt -at genanvende cachede SSL-sessioner i ikke-relaterede sammenhænge, hvilket -muliggjorde virtuel vært-forvirringsangreb i nogle opsætninger, udført af en -angriber i en priviligeret position.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.1-2.2+wheezy3.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1.6.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.2-1.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3029.data" diff --git a/danish/security/2014/dsa-3030.wml b/danish/security/2014/dsa-3030.wml deleted file mode 100644 index 2aeb8880df7..00000000000 --- a/danish/security/2014/dsa-3030.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="5bdbe463a83e372791e016f80df5e6988e2d46eb" mindelta="1" -sikkerhedsopdatering - -

Flere SQL-indsprøjtningssårbarheder er opdaget i fejlsporingssystemet -Mantis.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.2.11-1.2+deb7u1.

- -

Vi anbefaler at du opgraderer dine mantis-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3030.data" diff --git a/danish/security/2014/dsa-3031.wml b/danish/security/2014/dsa-3031.wml deleted file mode 100644 index 7fdb94e8e10..00000000000 --- a/danish/security/2014/dsa-3031.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="4f587e9417025dd9adc3fd9ba1f31a3bea303cee" mindelta="1" -sikkerhedsopdatering - -

Google Security Team opdagede en bufferoverløbssårbarhed i -HTTP-transportkoden i apt-get. En angriber med mulighed for at udføre en -manden i midten-HTTP-forespørgsel til et apt-arkiv, kunne udløse -bufferoverløbet, førende til et nedbrud i den binære apt-metode http -eller potentielt udførelse af vilkårlig kode.

- -

To rettelser af regressionsfejl er medtaget i opdateringen:

- -
    -

  • Retter regression fra den tidligere opdatering DSA-3025-1, hvor den - skræddersyede apt-opsætningsvalgmulighed til Dir::state::lists er opsat til - en relativ sti (#762160).

    • - -

  • Retter regression i genverifikationshåndternen af cdrom:-kilder, som - måske kunne føre til ukorrekte hashsum-advarsler. Påvirkede brugere er nødt - til at køre apt-cdrom add igen efter en opdateringen er lagt - på.

    • -
- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.9.7.9+deb7u5.

- -

Vi anbefaler at du opgraderer dine apt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3031.data" diff --git a/danish/security/2014/dsa-3032.wml b/danish/security/2014/dsa-3032.wml deleted file mode 100644 index 4b598db0daa..00000000000 --- a/danish/security/2014/dsa-3032.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="94a512c7b9c1f0f3c37fde942cfabae5fa418795" mindelta="1" -sikkerhedsopdatering - -

Stephane Chazelas opdagede en sårbarhed i bash, GNU Bourne-Again Shell, med -relation til hvordan miljøvariabler behandles. I mange almindelige opsætninger -er sårbarheden udnytbar over netværket, særligt hvis bash er opsat som -systemshell'en.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 4.2+dfsg-0.1+deb7u1.

- -

Vi anbefaler at du opgraderer dine bash-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3032.data" diff --git a/danish/security/2014/dsa-3033.wml b/danish/security/2014/dsa-3033.wml deleted file mode 100644 index 592857650fe..00000000000 --- a/danish/security/2014/dsa-3033.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="07bc37449e03eacb1cdb48813acaa4f969aa2986" mindelta="1" -sikkerhedsopdatering - -

Antoine Delignat-Lavaud fra Inria opdagede et problem med den måde, NSS -(biblioteket Mozilla Network Security Service) fortolkede ASN.1-data anvendt i -signaturer, hvilket gjorde det sårbarhed over for et -signaturforfalskningsangreb.

- -

En angriber kunne fabrikere ASN.1-data for at forfalske RSA-certifikater med -en gyldig certifikatkæde til en CA, der er tillid til.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2:3.14.5-1+deb7u2.

- -

I distributionen testing (jessie), er dette problem rettet i -version 2:3.17.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:3.17.1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3033.data" diff --git a/danish/security/2014/dsa-3034.wml b/danish/security/2014/dsa-3034.wml deleted file mode 100644 index cdddfd7077d..00000000000 --- a/danish/security/2014/dsa-3034.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="a1cc3a9c502b1cc6702c38e9b9ddb7389da26cd7" mindelta="1" -sikkerhedsopdatering - -

Antoine Delignat-Lavaud fra Inria opdagede et problem med den måde, NSS -(biblioteket Mozilla Network Security Service, medfølgende Wheezys -Iceweasel-pakke) fortolkede ASN.1-data anvendt i signaturer, hvilket gjorde det -sårbarhed over for et signaturforfalskningsangreb.

- -

En angriber kunne fabrikere ASN.1-data for at forfalske RSA-certifikater med -en gyldig certifikatkæde til en CA, der er tillid til.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 24.8.1esr-1~deb7u1.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), -anvender Iceweasel systemets NSS-bibliotek, som opdateres via DSA 3033-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3034.data" diff --git a/danish/security/2014/dsa-3035.wml b/danish/security/2014/dsa-3035.wml deleted file mode 100644 index 770f1f26892..00000000000 --- a/danish/security/2014/dsa-3035.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="c0968cd5d4cfd7d145914d0c90a56116952da38b" mindelta="1" -sikkerhedsopdatering - -

Tavis Ormandy opdagede at rettelsen af -\ -CVE-2014-6271 udgivet i DSA-3032-1 vedrørende bash, GNU Bourne-Again Shell, -var ufuldstændig og stadig kunne gøre det muligt at indsprøjte nogle tegn i et -andet miljø -(\ -CVE-2014-7169). Denne opdatering tilføjes præfiks og suffiks til -miljøvariabelnavne indeholdede shellfunktioner, som en hærdende -foranstaltning.

- -

Desuden rettes to arraytilgange uden for grænserne i bash-fortolkeren, som -blev afsløret under Red Hats interne analyse af problemerne, samt uafhængigt -rapporteret af Todd Sabin.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.2+dfsg-0.1+deb7u3.

- -

Vi anbefaler at du opgraderer dine bash-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3035.data" diff --git a/danish/security/2014/dsa-3036.wml b/danish/security/2014/dsa-3036.wml deleted file mode 100644 index e0920faf0b7..00000000000 --- a/danish/security/2014/dsa-3036.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="6407809281dc6d9e3602a133703091022a556f18" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at MediaWiki, en wikimotor, ikke på tilstrækkelig vis filtrerede -CSS i uploadede SVG-filer, hvilket muliggjorde udførelse af skripter på tværs af -servere.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:1.19.19+dfsg-0+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.19.19+dfsg-1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3036.data" diff --git a/danish/security/2014/dsa-3037.wml b/danish/security/2014/dsa-3037.wml deleted file mode 100644 index 22e16bbb173..00000000000 --- a/danish/security/2014/dsa-3037.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="d20934ce8becc701685ac68ee9d968eb67708f41" mindelta="1" -sikkerhedsopdatering - -

Antoine Delignat-Lavaud fra Inria opdagede et problem med den måde, NSS -(biblioteket Mozilla Network Security Service, medfølgende Wheezys -Icedove-pakke) fortolkede ASN.1-data anvendt i signaturer, hvilket gjorde det -sårbarhed over for et signaturforfalskningsangreb.

- -

En angriber kunne fabrikere ASN.1-data for at forfalske RSA-certifikater med -en gyldig certifikatkæde til en CA, der er tillid til.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 24.8.1-1~deb7u1.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), -anvender Iceweasel systemets NSS-bibliotek, som opdateres via DSA 3033-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3037.data" diff --git a/danish/security/2014/dsa-3038.wml b/danish/security/2014/dsa-3038.wml deleted file mode 100644 index ba69b460104..00000000000 --- a/danish/security/2014/dsa-3038.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="c11be6f246a7cbf046ad495f48f8755591c840f0" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Libvirt, et bibliotek indeholdende et -virtualiseringsabstraktionslag. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2014-0179 - -

    Richard Jones og Daniel P. Berrange opdagede at libvirt overførte flaget - XML_PARSE_NOENT, når XML-dokumenter blev behandlet ved hjælp af biblioteket - libxml2, hvorved alle XML-entiteter i det fortolkede dokument udvides. En - bruger med mulighed for at tvinge libvirtd til at fortolke et XML-dokument - med en vilkårlig entitet pegende på en særlig fil, som blokerer for - læseadgang, kunne udnytte fejlen til at få libvirtd til at hænge i uendelig - tid, medførende et lammelsesangreb på systemet.

    • - -
  • CVE-2014-3633 - -

    Luyao Huang fra Red Hat opdagede at qemu-implementeringen af - virDomainGetBlockIoTune, beregnede et indeks hørende til diskarrayet til - live-definitionen, og dernæst anvende det som et indeks til diskarrayet til - den blivende definition, hvilket kunne medføre læseadgang uden for grænserne - i qemuDomainGetBlockIoTune().

    - -

    En fjernangriber med mulighed for at etablere en kun læsning-forbindelse - til libvirtd, kunne udnytte fejlen til at få libvirtd til at gå ned eller - potentielt lække hukommelse fra libvirtd-processen.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.9.12.3-1+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.2.8-2.

- -

Vi anbefaler at du opgraderer dine libvirt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3038.data" diff --git a/danish/security/2014/dsa-3039.wml b/danish/security/2014/dsa-3039.wml deleted file mode 100644 index 86bee0ed056..00000000000 --- a/danish/security/2014/dsa-3039.wml +++ /dev/null @@ -1,105 +0,0 @@ -#use wml::debian::translation-check translation="489607ea6bf791c90a0a548cec5455a94c704960" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2014-3160 - -

    Christian Schneider opdagede et problem med omgåelse af samme ophav i - hentningen SVG-filressourcer.

    • - -
  • CVE-2014-3162 - -

    Google Chrome-udviklingsholdet løste adskillige problemer med potentiel - sikkerhedspåvirkning i chromium 36.0.1985.125.

    • - -
  • CVE-2014-3165 - -

    Colin Payne opdagede et problem med anvendelse efter frigivelse i - implementeringen af Web Sockets.

    • - -
  • CVE-2014-3166 - -

    Antoine Delignat-Lavaud opdagede en informationslækage i implementeringen - af SPDY-protokollen.

    • - -
  • CVE-2014-3167 - -

    Google Chrome-udviklingsholdet løste adskillige problemer med potentiel - sikkerhedspåvirkning i chromium 36.0.1985.143.

    • - -
  • CVE-2014-3168 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - håndteringen SVG-billedfiler.

    • - -
  • CVE-2014-3169 - -

    Andrzej Dyjak opdagede et problem med anvendelse efter frigivelse i - implementeringen af Document Object Model i Webkit/Blink.

    • - -
  • CVE-2014-3170 - -

    Rob Wu opdagede en måde, at forfalske chromium-udvidelsers - URL'er.

    • - -
  • CVE-2014-3171 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - chromiums v8-bindinger.

    • - -
  • CVE-2014-3172 - -

    Eli Grey opdagede en måde at omgå adgangsbegrænsinger på, ved hjælp af - chromiums Debugger-udvidelses-API.

    • - -
  • CVE-2014-3173 - -

    jmuizelaar opdagede et problem med uinitialiseret læsning i - WebGL.

    • - -
  • CVE-2014-3174 - -

    Atte Kettunen opdagede et problem med uinitialiseret læsning i Web - Audio.

    • - -
  • CVE-2014-3175 - -

    Google Chrome-udviklingsholdet løste adskillige problemer med potentiel - sikkerhedspåvirkning i chromium 37.0.2062.94.

    • - -
  • CVE-2014-3176 - -

    lokihardt@asrt opdagede en kombination af fejl, som kunne føre til - fjernudførelse af kode uden for chromiums sandkasse.

    • - -
  • CVE-2014-3177 - -

    lokihardt@asrt opdagede en kombination af fejl, som kunne føre til - fjernudførelse af kode uden for chromiums sandkasse.

    • - -
  • CVE-2014-3178 - -

    miaubiz opdagede et problem med anvendelse efter frigivelse i - implementeringen af Document Object Model i Blink/Webkit.

    • - -
  • CVE-2014-3179 - -

    Google Chrome-udviklingsholdet løste adskillige problemer med potentiel - sikkerhedspåvirkning i chromium 37.0.2062.120.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 37.0.2062.120-1~deb7u1.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), er -disse problemer rettet i version 37.0.2062.120-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3039.data" diff --git a/danish/security/2014/dsa-3040.wml b/danish/security/2014/dsa-3040.wml deleted file mode 100644 index c46eb39bdb9..00000000000 --- a/danish/security/2014/dsa-3040.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ef6c296f2d3d731efa8786987fdb6d74f92e3edf" mindelta="1" -sikkerhedsopdatering - -

Rainer Gerhards, projektleder for rsyslog, rapporterede om en sårbarhed i -Rsyslog, et system til logbehandling. På grund af sårbarheden kunne en angriber -sende misdannede meddelelser til en server, hvis den accepterer data fra kilder, -der ikke er tillid til, og dermed udløse et lammelsesangreb (denial of -service).

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.8.11-3+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 8.4.1-1.

- -

Vi anbefaler at du opgraderer dine rsyslog-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3040.data" diff --git a/danish/security/2014/dsa-3041.wml b/danish/security/2014/dsa-3041.wml deleted file mode 100644 index ecf6af6f4cc..00000000000 --- a/danish/security/2014/dsa-3041.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="562c48220cf41606617a8e63fc206b9c492641e3" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er opdaget i virtualiseringsløsningen Xen, -hvilke måske kunne medføre lammelsesangreb (denial of service), -informationsafsløring eller rettighedsforøgelse.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.1.4-3+deb7u3.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3041.data" diff --git a/danish/security/2014/dsa-3042.wml b/danish/security/2014/dsa-3042.wml deleted file mode 100644 index b4d04d13ae6..00000000000 --- a/danish/security/2014/dsa-3042.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="86edebaba31f30e6f6f9937dc2d9c75400e06b62" mindelta="1" -sikkerhedsopdatering - -

Stefano Zacchiroli opdagede en sårbarhed i exuberant-ctags, et værktøj til -opbygning af tagfilindeks over kildekodedefinitioner: Visse JavaScript-filer -medførte at ctags kom i en uendelig løkke, indtil den løb tør for diskplads, -hvilket slutteligt medførte et lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:5.9~svn20110310-4+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1:5.9~svn20110310-8.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:5.9~svn20110310-8.

- -

Vi anbefaler at du opgraderer dine exuberant-ctags-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3042.data" diff --git a/danish/security/2014/dsa-3044.wml b/danish/security/2014/dsa-3044.wml deleted file mode 100644 index d3608066a44..00000000000 --- a/danish/security/2014/dsa-3044.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="e2754af96d91f78e611453172eef4e1ee80e91e6" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu-kvm, en komplet virtualiseringsløsning -til x86-hardware:

- -
    -
  • Forskellige sikkerhedsproblemer blev fundet i blok-qemu-driverne. - Misdannede filaftryk kunne måske medføre udførelse af vilkårlig - kode.
    • -
  • En NULL-pointerdereference i SLIRP kunne måske medføre lammelsesangreb - (denial of service).
    • -
  • En informationslækage blev opdaget i VGA-emulationen.
    • -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.1.2+dfsg-6+deb7u4.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3044.data" diff --git a/danish/security/2014/dsa-3045.wml b/danish/security/2014/dsa-3045.wml deleted file mode 100644 index 006ce519ecb..00000000000 --- a/danish/security/2014/dsa-3045.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="8c34852989f7983b0bd7f8a66af7c163891a9d3c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu, en hurtig processoremulator:

- -
    -
  • Forskellige sikkerhedsproblemer blev fundet i blok-qemu-driverne. - Misdannede filaftryk kunne måske medføre udførelse af vilkårlig - kode.
    • -
  • En NULL-pointerdereference i SLIRP kunne måske medføre lammelsesangreb - (denial of service).
    • -
  • En informationslækage blev opdaget i VGA-emulationen.
    • -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.1.2+dfsg-6a+deb7u4.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3045.data" diff --git a/danish/security/2014/dsa-3046.wml b/danish/security/2014/dsa-3046.wml deleted file mode 100644 index 0c38190470a..00000000000 --- a/danish/security/2014/dsa-3046.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="3c27c783d6ceba76d1c1c296137b09f4d75bc245" mindelta="1" -sikkerhedsopdatering - -

Der blev rapporteret at MediaWiki, en webstedsmotor til samarbejdsprojekter, -tillod brugerfremstillet CSS på sider, hvor brugerfremstillet JavaScript ikke er -tilladt. En wikibruger kunne blive narret til at udføre handlinger, ved fra CSS -at manipulere med grænsefladen, eller JavaScript-kode kunne blive udført fra CSS, -på sikkerhedsfølsomme sider så som Special:Preferences og Special:UserLogin. -Opdateringen fjerner adskillelsen af CSS- og JavaScript-modulernes -tilladelser.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:1.19.20+dfsg-0+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.19.20+dfsg-1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3046.data" diff --git a/danish/security/2014/dsa-3047.wml b/danish/security/2014/dsa-3047.wml deleted file mode 100644 index 2f2f533c46d..00000000000 --- a/danish/security/2014/dsa-3047.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="fdd54e8982faf6aea51cfe06772200d65b10cad5" mindelta="1" -sikkerhedsopdatering - -

Mancha opdagede en sårbarhed i rsyslog, et system til logbehandling. -Sårbarheden var et heltalsoverløb, som kunne udløses af misdannede meddelelser -til en server, hvis den accepterer data fra kilder, der ikke er tillid til, -fremprovokende et meddelelsestab, lammelsesangreb (denial of service) samt -potentielt fjernudførelse af kode.

- -

Sårbarheden kan ses som en ufuldstændig rettelse af -\ -CVE-2014-3634 (DSA 3040-1).

- -

For flere oplysninger: -\ -http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.8.11-3+deb7u2.

- -

I distributionen testing (jessie), er dette problem rettet i -version 8.4.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 8.4.2-1.

- -

Vi anbefaler at du opgraderer dine rsyslog-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3047.data" diff --git a/danish/security/2014/dsa-3048.wml b/danish/security/2014/dsa-3048.wml deleted file mode 100644 index cc696a976fa..00000000000 --- a/danish/security/2014/dsa-3048.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="46e03cfff45c32c06a388708c3069102f987f4e6" mindelta="1" -sikkerhedsopdatering - -

Guillem Jover opdagede at funktionaliteten til hentning af changelog i -apt-get, anvendte midlertidige filer på en usikker måde, hvilket gjorde det -muligt for en lokal bruger, at forårsage at vilkårlige filer blev -overskrevet.

- -

Sårbarheden neutraliseres af indstillingen fs.protected_symlinks i -Linux-kernen, hvilket som standard er aktiveret i Debian 7 Wheezy og senere.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.9.7.9+deb7u6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.0.9.2.

- -

Vi anbefaler at du opgraderer dine apt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3048.data" diff --git a/danish/security/2014/dsa-3049.wml b/danish/security/2014/dsa-3049.wml deleted file mode 100644 index 06a846af317..00000000000 --- a/danish/security/2014/dsa-3049.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="c6d99fba37df78f554a7b054dbc67ae26ffc77ee" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i dissektorer/fortolkere af RTP, MEGACO, -Netflow, RTSP, SES og Sniffer, hvilket kunne medføre lammelsesangreb (denial -of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.8.2-5wheezy12.

- -

I distributionen testing (jessie), er disse problemer rettet i -version 1.12.1+g01b65bf-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.12.1+g01b65bf-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3049.data" diff --git a/danish/security/2014/dsa-3050.wml b/danish/security/2014/dsa-3050.wml deleted file mode 100644 index a29fa52d18d..00000000000 --- a/danish/security/2014/dsa-3050.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="9f59503f7ec59cbbfa474618308603821d35f7c7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedproblemer er fundet i Iceweasel, Debians udgavev af -webbroseren Mozilla Firefox: Adskillige fejl i forbindelse med -hukommelsessikkerhed, bufferoverløb, anvendelse efter frigivelse samt andre -implementeringsfejl, kunne måske føre til udførelse af vilkårlig kode, -lammelsesangreb (denial of service), omgåelse af samme ophav-reglen samt tab af -privalivsoplysninger.

- -

Iceweasel opdateres til ESR31-serien af Firefox. Den nye udgave indfører en -ny brugergrænseflade.

- -

Desuden deaktiveres SSLv3 med denne opdatering.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 31.2.0esr-2~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.2.0esr-1.

- -

I den eksperimentelle distribution, er disse problemer rettet i -version 33.0-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3050.data" diff --git a/danish/security/2014/dsa-3051.wml b/danish/security/2014/dsa-3051.wml deleted file mode 100644 index 0174bb9db12..00000000000 --- a/danish/security/2014/dsa-3051.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="80fcedffb55ea69b4f47eb4500d1d2bcff2059f1" mindelta="1" -sikkerhedsopdatering - -

Stefan Horst opdagede en sårbarhed i Drupals databaseabstraktions-API, -hvilket måske kunne føre til SQL-indsprøjtning.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 7.14-2+deb7u7.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.32-1.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3051.data" diff --git a/danish/security/2014/dsa-3052.wml b/danish/security/2014/dsa-3052.wml deleted file mode 100644 index 60fcec4dc59..00000000000 --- a/danish/security/2014/dsa-3052.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="001f238af5addfe627ddf8a260eaef00aad146e8" mindelta="1" -sikkerhedsopdatering - -

Jouni Malinen opdagede et problem med fornuftighedskontrol af inddata i -værktøjerne wpa_cli og hostapd_cli, som er indeholdt i wpa-pakken. Et fjernt -wikisystem inden for rækkevidde, kunne levere en fabrikeret streng, som udløste -udførelse af vilkårlig kode afviklet med rettighederne hørende til de påvirkede -wpa_cli- eller hostapd_cli-processer.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1.0-3+deb7u1.

- -

I distributionen testing (jessie), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.3-1.

- -

Vi anbefaler at du opgraderer dine wpa-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3052.data" diff --git a/danish/security/2014/dsa-3053.wml b/danish/security/2014/dsa-3053.wml deleted file mode 100644 index d5fce57e0af..00000000000 --- a/danish/security/2014/dsa-3053.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="eb07ed1d1aa3fba5629a6141af3070f9506707bd" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i OpenSSL, biblioteket og værktøjssættet Secure -Sockets Layer.

- -
    - -
  • CVE-2014-3513 - -

    En hukommelseslækagefejl blev fundet i den måde OpenSSL fortolkede - udvidelsesdata i DTLS Secure Real-time Transport Protocol (SRTP). En - fjernangriber kunne sende adskillige særligt fremstillede - handshakemeddelelser, for at udnytte al tilgængelig hukommelse i en - SSL-/TLS- eller DTLS-server.

    • - -
  • CVE-2014-3566 ("POODLE") - -

    En fejl blev fundet i den måde SSL 3.0 håndterede paddingbytes, når der - blev dekrypteret meddelelser krypteret ved hjælp af block ciphers i - cipher block chaining-tilstand (CBC). Fejlen gjorde det muligt for - en manden i midten-angriber (MITM) at dekryptere en udvalgt byte fra en - ciphertekst på så lidt som 256 forsøg, hvis vedkommende var i stand til at - tvinge offerapplikationen til gentagne gange at sende de samme data via - nyligt oprettede SSL 3.0-forbindelser.

    - -

    Med denne opdatering tilføjes understøttelse af Fallback SCSV, for at - afhjælpe problemet.

    • - -
  • CVE-2014-3567 - -

    En hukommelseslækagefejl blev fundet i den måde OpenSSL håndterede - fejlede integritetskontroller af sessionsticket. En fjernangriber kunne - udnytte al tilgængelig hukommelse i en SSL-/TLS- eller DTLS-server, ved at - sende et stort antal udgyldige sessiontickets til serveren.

    • - -
  • CVE-2014-3568 - -

    Når OpenSSL er opsat med no-ssl3 som opbygningsvalgmulighed, kunne - servere acceptere og gennemføre en SSL 3.0-handshake, og klienter kunne - blive opsat til at sende dem.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.0.1e-2+deb7u13.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.1j-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3053.data" diff --git a/danish/security/2014/dsa-3054.wml b/danish/security/2014/dsa-3054.wml deleted file mode 100644 index 9828aade57a..00000000000 --- a/danish/security/2014/dsa-3054.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="1b912ead1cdf587c8d4217953868b9349152f9f6" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion version 5.5.40. Se MySQL 5.5 -Release Notes og Oracles Critical Patch Update advisory for yderligere -oplysninger:

- - - -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.5.40-0+wheezy1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3054.data" diff --git a/danish/security/2014/dsa-3055.wml b/danish/security/2014/dsa-3055.wml deleted file mode 100644 index f5d87b40248..00000000000 --- a/danish/security/2014/dsa-3055.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="00b82401aed7a577e753f6d66dd85e76d5eb6374" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Pidgin, en chatklient som understøtter -adskillige protokoller:

- -
    - -
  • CVE-2014-3694 - -

    Man opdagede at SSL-/TLS-plugin'erne ikke validerede grundlæggende - begrænsninger-udvidelsen i mellemliggende CA-certifikater.

    • - -
  • CVE-2014-3695 - -

    Yves Younan og Richard Johnson opdagede at emoticons med alt for store - længdeværdier kunne få Pidgin til at gå ned.

    • - -
  • CVE-2014-3696 - -

    Yves Younan og Richard Johnson opdagede at misdannede Groupwise-beskeder - kunne få Pidgin til at gå ned.

    • - -
  • CVE-2014-3698 - -

    Thijs Alkemade og Paul Aurich opdagede at miosdannede XMPP-beskeder kunne - medføre hukommelsesblotlæggelse.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.10.10-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.10.10-1.

- -

Vi anbefaler at du opgraderer dine pidgin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3055.data" diff --git a/danish/security/2014/dsa-3056.wml b/danish/security/2014/dsa-3056.wml deleted file mode 100644 index fb8bafe1565..00000000000 --- a/danish/security/2014/dsa-3056.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="5d56e540020ecc51c0dbfa4690869b89576b52ee" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libtasn1-3, et bibliotek til håndtering af -ASN1-strukturer (Abstract Syntax Notation One). En angriber kunne udnytte -fejlene til at forårsage et lammelsesangreb (denial of service) via tilgang uden -for grænserne eller NULL-pointerdereference.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.13-2+deb7u1.

- -

Vi anbefaler at du opgraderer dine libtasn1-3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3056.data" diff --git a/danish/security/2014/dsa-3057.wml b/danish/security/2014/dsa-3057.wml deleted file mode 100644 index d0e84790a1f..00000000000 --- a/danish/security/2014/dsa-3057.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="0fe13a351afbc7a497ddd7c0ae2b51084eb040ec" mindelta="1" -sikkerhedsopdatering - -

Sogeti fandt en lammelsesangrebsfejl i libxml2, et bibliotek som gør det -muligt at læse, ændre og skrive XML- og HTML-filer. En fjernangriber kunne -gennem en særligt fremstillet XML-fil, som ved behandling af en applikation, -der anvender libxml2, kunne føre til alt for stort CPU-forbrug (lammelsesangreb) -baseret på overdrevne entitetserstatninger, selv hvis entitetserstatninger var -slået fra, hvilket er fortolkerens standardindstilling. -(CVE-2014-3660)

- -

Desuden korrigerer denne opdateringn en fejlplaceret chunk til en -patch udgivet med version 2.8.0+dfsg1-7+wheezy1 (#762864), samt en -hukommeleslækageregression (#765770) opstået i version 2.8.0+dfsg1-7+nmu3.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.8.0+dfsg1-7+wheezy2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.9.2+dfsg1-1.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3057.data" diff --git a/danish/security/2014/dsa-3058.wml b/danish/security/2014/dsa-3058.wml deleted file mode 100644 index 3c6c3030385..00000000000 --- a/danish/security/2014/dsa-3058.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="395db7007a0be5c21c0de47ba2e20597b273422a" mindelta="1" -sikkerhedsopdatering - -

Chad Vizino rapporterede om en sårbarhed i torque, et PBS-afledt -batchbehandlende køsystem. En bruger, der ikke er root, kunne udnytte fejlen i -bibliotekskaldet tm_adopt() til at dræbe vilkårlige processer, herunder -root-ejede, på enhver node i et job.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.4.16+dfsg-1+deb7u4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.16+dfsg-1.5.

- -

Vi anbefaler at du opgraderer dine torque-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3058.data" diff --git a/danish/security/2014/dsa-3059.wml b/danish/security/2014/dsa-3059.wml deleted file mode 100644 index 7f1f55d3db5..00000000000 --- a/danish/security/2014/dsa-3059.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="b6427fcfebfad93e49ff02bf1affda299b50e9a9" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i dokuwiki. Adgangskontrollen i mediemanageren -var utilstrækkeligt begrænset, og autentifikation kunne omgås, når man benytter -Active Directory til LDAP-autentifikation.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.0.20120125b-2+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.0.20140929.a-1.

- -

Vi anbefaler at du opgraderer dine dokuwiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3059.data" diff --git a/danish/security/2014/dsa-3060.wml b/danish/security/2014/dsa-3060.wml deleted file mode 100644 index 8208d5ebdc4..00000000000 --- a/danish/security/2014/dsa-3060.wml +++ /dev/null @@ -1,92 +0,0 @@ -#use wml::debian::translation-check translation="f43a4036b85dfab0f910e94d0caf32ba9a5dfbc4" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke måske kunne føre til -lammelsesangreb (denial of service):

- -
    - -
  • CVE-2014-3610 - -

    Lars Bull fra Google og Nadav Amit rapporterede om en fejl i den måde - KVM håndterer ikke-kanoniske skrivninger til visse MSR-registre. En - priviligeret gæstebruger kunne udnytte fejlen til at forårsagge et - lammelsesangreb (kernepanik) på værtsmaskinen.

    • - -
  • CVE-2014-3611 - -

    Lars Bull fra Google rapporterede om en kapløbstilstand i - PIT-emuleringskoden i KVM. En lokal gæstebruger med adgang til PIT's - I/O-porte kunne udnytte fejlen til at forårsage et lammelsesangreb (nedbrud) - på værtsmaskinen.

    • - -
  • CVE-2014-3645 -/ CVE-2014-3646 - -

    Advanced Threat Research Team hos Intel Security opdagede at - KVM-undersystemet ikke håndterede VM-exit'erne på en pæn måde hvad angår - invept- (Invalidate Translations afledt af EPT) og invvpid-instruktioner - (Invalidate Translations baseret på VPID). På værtsmaskiner med en - Intel-processor og understøttelse af invept-/invppid-VM-exit, kunne en - ikke-priviligeret gæstebruger anvende instruktionerne til at få gæsten til - at gå ned.

    • - -
  • CVE-2014-3647 - -

    Nadav Amit rapporterede at KVM fejlhåndterede ikke-kanoniske adresser, - når der blev emuleret instruktioner, som ændrer RIP, hvilket potentielt - kunne forårsage en fejlet VM-registrering. En gæstebruger med adgang til - I/O eller MMIO'en, kunne udnytte fejlen til at forårage et lammelsesangreb - (systemnedbrud) i gæsten.

    • - -
  • CVE-2014-3673 - -

    Liu Wei fra Red Hat opdagede en fejl i net/core/skbuff.c førende til en - kernepanik, når der blev modtaget misdannede ASCONF-chunks. En - fjernangriber kunne udnytte fejlen til at få systemet til at gå - ned.

    • - -
  • CVE-2014-3687 - -

    En fejl i sctp-stakken blev opdaget, hvilket kunne føre til en kernepanik - når der blev modtaget duplikerede ASCONF-chunks. En fjernangriber kunne - udnytte fejlen til at få systemet til at gå ned.

    • - -
  • CVE-2014-3688 - -

    Man opdagede at sctp-stakken var udsat for et problem med fjernudløsbart - hukommelsespres, forårsaget af overdrevet ikøsættelse. En fjernangriber - kunne udnytte fejlen til at forårsage lammelsesangrebstilstande på - systemet.

    • - -
  • CVE-2014-3690 - -

    Andy Lutomirski opdagede at ukorrekt registerhåndtering i KVM kunne føre - til lammelsesangreb.

    • - -
  • CVE-2014-7207 - -

    Flere Debian-udviklere rapporterede om et problem i - IPv6-netværksundersystemet. En lokal bruger med adgang til tun- eller - macvtap-enheder, eller en virtuel maskine forbundet til en sådan enhed, - kunne forårsage et lammelsesangreb (systemnedbrud).

    • - -
- -

Opdateringen indeholder en fejlrettelse med relation til -\ -CVE-2014-7207, som deaktiverer UFO (UDP Fragmentation Offload) i driverne -til macvtap, tun og virtio_net. Det vil medføre, at migrering af en kørende VM -fra en vært, der anvender en tidligere kerneversion, til en vært, der anvender -denne kerneversion, fejler, hvis VM'en er blevet tildelt en -virtio-netværksenhed. For at migrere en sådan VM, skal den først -lukkes.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.2.63-2+deb7u1.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3060.data" diff --git a/danish/security/2014/dsa-3061.wml b/danish/security/2014/dsa-3061.wml deleted file mode 100644 index 2a73b96cf1c..00000000000 --- a/danish/security/2014/dsa-3061.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="cdf011719dc270d32e1df988083efdc1ef23abdb" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af mail- -og newsklienten Mozilla Thunderbird: Adskillige hukommelsessikkerhedsfejl, -errors, bufferoverløb, anvendelse efter frigivelse samt andre -implementeringsfejl kunne føre til udførelse af vilkårlig kode eller -lammelsesangreb.

- -

Icedove opdateres til ESR31-serien af Thunderbird. Desuden blev Enigmail -opdateret til version 1.7.2-1~deb7u1, for at sikre kompabilitet med den nye -opstrømsudgave.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 31.2.0-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.2.0-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3061.data" diff --git a/danish/security/2014/dsa-3062.wml b/danish/security/2014/dsa-3062.wml deleted file mode 100644 index 9cd4936e18b..00000000000 --- a/danish/security/2014/dsa-3062.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="073250af9779d48e3355f4ecd7b3b6701ae06b60" mindelta="1" -sikkerhedsopdatering - -

HD Moore fra Rapid7 opdagede et symlinkangreb i Wget, et kommandolinjeværktøj -til at hente filer via HTTP, HTTPS og FTP. Sårbarheden gjorde det muligt at -oprette vilkårlige filer på brugerens system, når Wget kørte i rekursiv tilstand -mod en ondsindet FTP-server. Vilkårlige filoprettelser kunne overskrive -indeholdet af brugerens filer eller muliggøre fjernudførelse af kode med -brugerens rettigheder.

- -

Opdateringen ændrer standardindstillingen i Wget, så der ikke længere -oprettes lokale symbolske links; i stedet gennemløbes de, og de filer, der -peges på, hentes.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.13.4-3+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.16-1.

- -

Vi anbefaler at du opgraderer dine wget-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3062.data" diff --git a/danish/security/2014/dsa-3063.wml b/danish/security/2014/dsa-3063.wml deleted file mode 100644 index 7114fe0934f..00000000000 --- a/danish/security/2014/dsa-3063.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="614ae76958de3526c4a7a4535a072c67a6f61bc3" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med læsning uden for grænserne blev opdaget i -Quassel-core, en af komponenterne i den distribuerede IRC-klient Quassel. En -angriber kunne sende en fabrikeret meddelelse, som fik komponenten til at gå -ned, forårsagende et lammelsesangreb (denial of service) eller afsløring af -oplysninger fra proceshukommelsen.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.8.0-1+deb7u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.10.0-2.1 (will be available soon).

- -

Vi anbefaler at du opgraderer dine quassel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3063.data" diff --git a/danish/security/2014/dsa-3064.wml b/danish/security/2014/dsa-3064.wml deleted file mode 100644 index 1907b9abd8b..00000000000 --- a/danish/security/2014/dsa-3064.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a9150cbf1e72dda12b01ebe58615da8abd60cfef" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et generelt anvendeligt skriptsprog der -hyppigt anvendes til udvikling af webapplikationer. Man har besluttet at følge -de stabile 5.4.x-udgivelser hvad angår PHP-pakkerne i Wheezy. Derfor er -sårbarhederne løst ved at opgradere PHP til en ny opstrømsversion 5.4.34, der -indeholder yderligere fejlrettelser, ny funktionalitet samt måske -inkompatible ændringer. Se opstrøms changelog for flere oplysninger:

- -

\ -http://php.net/ChangeLog-5.php#5.4.34

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.4.34-0+deb7u1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3064.data" diff --git a/danish/security/2014/dsa-3065.wml b/danish/security/2014/dsa-3065.wml deleted file mode 100644 index 1e0bee1b2fb..00000000000 --- a/danish/security/2014/dsa-3065.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b689fbf9b41d18e91cea334b5fbc53c73d938c9a" mindelta="1" -sikkerhedsopdatering - -

James Forshaw opdagede at i Apache Santuario XML Security for Java, blev -CanonicalizationMethod-parametre valideret på forkert vis; ved at angive en -vilkårlig svag kanonikaliseringsalgoritme, kunne en angriber forfalske -XML-signaturer.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4.5-1+deb7u1.

- -

I distributionen testing (jessie), er dette problem rettet i -version 1.5.5-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.5.5-2.

- -

Vi anbefaler at du opgraderer dine libxml-security-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3065.data" diff --git a/danish/security/2014/dsa-3066.wml b/danish/security/2014/dsa-3066.wml deleted file mode 100644 index f54f0046bfc..00000000000 --- a/danish/security/2014/dsa-3066.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="4c4113e974006f3b100382eb7d97a0b563cc7e28" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu, en hurtig processoremulator.

- -
    - -
  • CVE-2014-3689 - -

    Advanced Threat Research-holdet hos Intel Security rapporterede, at - gæsteleverede parametre blev valideret utilstrækkelig i rektangelfunktioner - i vmware-vga-driveren. En priviligeret gæstebruger kunne udnytte fejlen - til at skrive ind i qemus adresserum på værten, hvilket potentielt kunne - forøge vedkommendes rettigheder til dem hørende til qemus - værtsproces.

    • - -
  • CVE-2014-7815 - -

    James Spadaro fra Cisco rapporteret om utilstrækkeligt - fornuftighedskontrolleret bits_per_pixel fra klienten i QEMU - VNC-skærmdriveren. En angriber med adgang til gæstens VNC-consol kunne - udnytte fejlen til at få gæsten til at gå ned.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.1.2+dfsg-6a+deb7u5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.1+dfsg-7.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3066.data" diff --git a/danish/security/2014/dsa-3067.wml b/danish/security/2014/dsa-3067.wml deleted file mode 100644 index c666df45b7d..00000000000 --- a/danish/security/2014/dsa-3067.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="e1f305e8aecadfcd2daeb9430cc649b0fc1dd5a9" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu-kvm, en komplet virtualiseringsløsning -til x86-hardware.

- -
    - -
  • CVE-2014-3689 - -

    Advanced Threat Research-holdet hos Intel Security rapporterede, at - gæsteleverede parametre blev valideret utilstrækkelig i rektangelfunktioner - i vmware-vga-driveren. En priviligeret gæstebruger kunne udnytte fejlen - til at skrive ind i qemus adresserum på værten, hvilket potentielt kunne - forøge vedkommendes rettigheder til dem hørende til qemus - værtsproces.

    • - -
  • CVE-2014-7815 - -

    James Spadaro fra Cisco rapporteret om utilstrækkeligt - fornuftighedskontrolleret bits_per_pixel fra klienten i QEMU - VNC-skærmdriveren. En angriber med adgang til gæstens VNC-consol kunne - udnytte fejlen til at få gæsten til at gå ned.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.1.2+dfsg-6+deb7u5.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3067.data" diff --git a/danish/security/2014/dsa-3068.wml b/danish/security/2014/dsa-3068.wml deleted file mode 100644 index 6592efd5c38..00000000000 --- a/danish/security/2014/dsa-3068.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="2c13980afb217ca40f54e8ac0fc6616110f0409b" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Konversation, en IRC-klient til KDE, kunne bringes til at gå -ned, når der blev modtaget misdannede meddelelser, hvor FiSH-kryptering var -anvendt.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4-1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.5-2.

- -

Vi anbefaler at du opgraderer dine konversation-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3068.data" diff --git a/danish/security/2014/dsa-3069.wml b/danish/security/2014/dsa-3069.wml deleted file mode 100644 index 8c92870288e..00000000000 --- a/danish/security/2014/dsa-3069.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="2eb8a8cac36937941637546fffbab0bd9d7c470f" mindelta="1" -sikkerhedsopdatering - -

Symeon Paraschoudis opdagede at funktionen curl_easy_duphandle() i cURL, et -bibliotek til URL-overførsler, indeholdt en fejl, som kunne føre til at libcurl -endte med at afsende følsomme oplysninger, der ikke er beregnet til at sende, -mens der blev udført en HTTP POST-handling.

- -

Fejlen forudsætter at CURLOPT_COPYPOSTFIELDS og curl_easy_duphandle() -anvendes i den rækkefølge, og dernæst at den duplikerede handle benyttes til at -udføre HTTP POST. Kommandolinjeværktøjet curl er ikke påvirket af problemet, da -det ikke anvende denne rækkefølge.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -7.26.0-1+wheezy11.

- -

I den kommende stabile distribution (jessie), vil dette blive blive rettet i -version 7.38.0-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.38.0-3.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3069.data" diff --git a/danish/security/2014/dsa-3070.wml b/danish/security/2014/dsa-3070.wml deleted file mode 100644 index e07b972e917..00000000000 --- a/danish/security/2014/dsa-3070.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="6815559c29d5446c5234024b1471b6b77d2de18f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i FreeBSD-kernen, hvilke kunne føre til et -lammelsesangreb (denial of service) eller informationsafsløring.

- -
    - -
  • CVE-2014-3711 - -

    Lammelsesangreb via hukommelseslækage i sandboxed namei-lookups, der - foregår i sandkasse.

    • - -
  • CVE-2014-3952 - -

    Kernehukommelseafsløring i sockbuf-kontrolbeskeder.

    • - -
  • CVE-2014-3953 - -

    Kernehukommelseafsløring i SCTP. Denne opdatering deaktiverer SCTP, da - brugerrumsværktøjerne der leveres med Wheezy alligevel ikke understøtter - SCTP.

    • - -
  • CVE-2014-8476 - -

    Kernestakafsløring i setlogin() og getlogin().

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 9.0-10+deb70.8.

- -

Vi anbefaler at du opgraderer dine kfreebsd-9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3070.data" diff --git a/danish/security/2014/dsa-3071.wml b/danish/security/2014/dsa-3071.wml deleted file mode 100644 index 669dd18db55..00000000000 --- a/danish/security/2014/dsa-3071.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="aaecdb28624783edcf4f22612267937824528d44" mindelta="1" -sikkerhedsopdatering - -

I nss, en samling biblioteker designet med det formål at understøtte -udvikling af sikkerhedsopmærksommme klient- og serverapplikationer på tværs af -platforme, opdagede Tyson Smith og Jesse Schwartzentruber en sårbarhed i -forbindelse med anvendelse efter frigivelse, som gjorde det muligt for -fjernangribere at udføre vilkårlig kode, ved at udløse en ukorrekt fjernelse af -en NSSCertificate-struktur fra et domæne, man har tillid til.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2:3.14.5-1+deb7u3.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 2:3.16.3-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:3.16.3-1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3071.data" diff --git a/danish/security/2014/dsa-3072.wml b/danish/security/2014/dsa-3072.wml deleted file mode 100644 index 52665496714..00000000000 --- a/danish/security/2014/dsa-3072.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="690bdffbfa274ee4d8baed1e7d5009ed17d5ae37" mindelta="1" -sikkerhedsopdatering - -

Francisco Alonso fra Red Hat Product Security fandt et problem i værktøjet -file: når ELF-filer blev undersøgt, blev bemærkningsheadere fejlagtigt -kontrolleret, hvilket potentielt kunne gøre det muligt for angribere at -forårsage et lammelsesangreb (læsning uden for grænserne og -applikationsnedbrud), ved at leveret en særligt fremstillet ELF-fil.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.11-2+deb7u6.

- -

I den kommende stabile distribution (jessie), vil dette problem snart blive -rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:5.20-2.

- -

Vi anbefaler at du opgraderer dine file-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3072.data" diff --git a/danish/security/2014/dsa-3073.wml b/danish/security/2014/dsa-3073.wml deleted file mode 100644 index 6045f7a04f0..00000000000 --- a/danish/security/2014/dsa-3073.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="80aaf6e3c17855f439a8b4f0fe7b444756a90a54" mindelta="1" -sikkerhedsopdatering - -

Daniel Genkin, Itamar Pipman og Eran Tromer opdagede at -Elgamal-krypteringsundernøgler i applikationer, som anvender biblioteket -libgcrypt11, for eksempel GnuPG 2.x, kunne lækkes gennem et sidekanalangreb.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.5.0-5+deb7u2.

- -

Vi anbefaler at du opgraderer dine libgcrypt11-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3073.data" diff --git a/danish/security/2014/dsa-3074.wml b/danish/security/2014/dsa-3074.wml deleted file mode 100644 index 5c47f8dd47d..00000000000 --- a/danish/security/2014/dsa-3074.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="2122409f736016e5d3be4457e5c5efc49d251857" mindelta="1" -sikkerhedsopdatering - -

Francisco Alonso fra Red Hat Product Security fandt et problem i værktøjet -file, hvis kode er indlejret i PHP, et generelt anvendeligt skriptsprog. -Når ELF-filer blev undersøgt, blev bemærkningsheadere fejlagtigt -kontrolleret, hvilket potentielt kunne gøre det muligt for angribere at -forårsage et lammelsesangreb (læsning uden for grænserne og -applikationsnedbrud), ved at leveret en særligt fremstillet ELF-fil.

- -

Som annonceret i DSA-3064-1, har vi besluttet at følge de stabile -5.4.x-udgivelser hvad angår php5-pakkerne i Wheezy. Som følge der af er -sårbarheden løst ved at opgradere PHP til en ny opstrømsversion, 5.4.35, der -indeholder yderligere fejlrettelser, ny funktionalitet og muligvis inkompatible -ændringer. Se optrømschangelog for flere oplysninger:

- - - -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.4.35-0+deb7u1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3074.data" diff --git a/danish/security/2014/dsa-3075.wml b/danish/security/2014/dsa-3075.wml deleted file mode 100644 index ea0ee14d91e..00000000000 --- a/danish/security/2014/dsa-3075.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="7832d8f8ada386a53b8cb7cc07fefcc3ab2ad56d" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Drupal, en komplet framework til -indholdshåndtering. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2014-9015 - -

    Aaron Averill opdagede at en særligt fremstillet forespørgsel kunne give - en bruger adgang til en anden brugers session, hvilket gjorde det muligt for - en angriber at kapre en tilfældig session.

    • - -
  • CVE-2014-9016 - -

    Michael Cullum, Javier Nieto og Andres Rojas Guerrero opdagede at API'et - til adgangskodehasing, gjorde det muligt for en angriber at sende særligt - fremstillede forespørgsler, medførende CPU- og hukommelsesudmattelse. Det - kunne ende med, at webstedet blev utilgængeligt eller ikke svarede - (lammelsesangreb, denial of service).

    • - -
- -

Tilpassede opsætning i session.inc og password.inc skal desuden gennemses, -for at konstatere hvorvidt de er ramt af de nævnte sårbarheder. Flere -oplysninger finder man i opstrøms bulletin på -

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 7.14-2+deb7u8.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3075.data" diff --git a/danish/security/2014/dsa-3076.wml b/danish/security/2014/dsa-3076.wml deleted file mode 100644 index f4ff22774f2..00000000000 --- a/danish/security/2014/dsa-3076.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="89c684d94c9a9cd81a09dd4aa2ac79e0d571c246" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i dissektorerne/fortolkerne af SigComp -UDVM, AMQP, NCP og TN5250, hvilke kunne medføre lammelsesangreb (denial of -service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -1.8.2-5wheezy13.

- -

I den kommende stabile distribution (jessie), er disse problemer rettet i -version 1.12.1+g01b65bf-2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.12.1+g01b65bf-2.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3076.data" diff --git a/danish/security/2014/dsa-3077.wml b/danish/security/2014/dsa-3077.wml deleted file mode 100644 index dd7c09521c4..00000000000 --- a/danish/security/2014/dsa-3077.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="a8229f2c142721483e5a67e5cd4abdcebde6f68c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udførelse af vilkårlig kode, informationsafsløring -eller lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 6b33-1.13.5-2~deb7u1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3077.data" diff --git a/danish/security/2014/dsa-3078.wml b/danish/security/2014/dsa-3078.wml deleted file mode 100644 index b70e66a3cc6..00000000000 --- a/danish/security/2014/dsa-3078.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="ed8a4886d51e563934e657bd3dbe32680f492b8e" mindelta="1" -sikkerhedsopdatering - -

En heltalsunderløbsfejl, førende til et heapbaseret bufferoverløb, blev -fundet i funktionen ksba_oid_to_str() i libksba, et X.509- og -CMS-(PKCS#7)-bibliotek. Ved at anvende særligt fremstillede S/MIME-meddelelser -eller ECC-baserede OpenPGP-data, var det muligt at udvirke et bufferoverløb, som -kunne medføre at en applikation, der anvender libksba, gik ned -(lammelsesangreb), eller potentielt kunne udføre vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.0-2+deb7u1.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 1.3.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3.2-1.

- -

Vi anbefaler at du opgraderer dine libksba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3078.data" diff --git a/danish/security/2014/dsa-3079.wml b/danish/security/2014/dsa-3079.wml deleted file mode 100644 index c933482be60..00000000000 --- a/danish/security/2014/dsa-3079.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="2917d777bdfb3305d9ccbc3ad034a59e2d00c42c" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i ppp, en implementering af Point-to-Point -Protocol: et heltalsoverløb i rutinen med ansvar for at fortolke brugerleverede -valgmuligheder gjorde det potentielt muligt for en lokal angriber at få -rootrettigheder.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.4.5-5.1+deb7u1.

- -

I den kommende stablie distribution (jessie) og i den ustabile distribution -(sid), er dette problem rettet i version 2.4.6-3.

- -

Vi anbefaler at du opgraderer dine ppp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3079.data" diff --git a/danish/security/2014/dsa-3080.wml b/danish/security/2014/dsa-3080.wml deleted file mode 100644 index 01b33533589..00000000000 --- a/danish/security/2014/dsa-3080.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="4ff9cc018bbe0c00ef5001c70aa816cb4176e3ce" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udførelse af vilkårlig kode, informationsafsløring -eller lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 7u71-2.5.3-2~deb7u1.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 7u71-2.5.3-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7u71-2.5.3-1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3080.data" diff --git a/danish/security/2014/dsa-3081.wml b/danish/security/2014/dsa-3081.wml deleted file mode 100644 index d691fc752b2..00000000000 --- a/danish/security/2014/dsa-3081.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="1131ec0db3a1ced704102b56069786a73be1f5e5" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i libvncserver, et bibliotek til implementering -af VNC-serverfunktionalitet. Sårbarhederne kunne medføre udførelse af vilkårlig -kode eller lammelsesangreb (denial of service) på både klient- og -serversiden.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.9.9+dfsg-1+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.9.9+dfsg-6.1.

- -

Vi anbefaler at du opgraderer dine libvncserver-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3081.data" diff --git a/danish/security/2014/dsa-3082.wml b/danish/security/2014/dsa-3082.wml deleted file mode 100644 index 5a1ee54f983..00000000000 --- a/danish/security/2014/dsa-3082.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="68910124b5f50e991c6d4a75d8fc6dd51a06460c" mindelta="1" -sikkerhedsopdatering - -

Michele Spagnuolo, fra Google Security Team, og Miroslav Lichvar, fra Red -Hat, opdagede to problemer i flac, et bibliotek til håndtering af Free Lossless -Audio Codec-medier: Ved at levere en særligt fremstillet FLAC-fil, kunne en -angriber udføre vilkårlig kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.2.1-6+deb7u1.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), -er disse problemer rettet i version 1.3.0-3.

- -

Vi anbefaler at du opgraderer dine flac-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3082.data" diff --git a/danish/security/2014/dsa-3083.wml b/danish/security/2014/dsa-3083.wml deleted file mode 100644 index da1e80dc76b..00000000000 --- a/danish/security/2014/dsa-3083.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="7128b46f485659fc085e2c73444ffd5282620341" mindelta="1" -sikkerhedsopdatering - -

En fejl blev opdaget i mutt, et tekstbaseret program til læsning af mail. En -særligt fremstillet mailheader kunne få mutt til at gå ned, førende til en -lammelsesangrebstilstand (denial of service).

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.5.21-6.2+deb7u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.5.23-2.

- -

Vi anbefaler at du opgraderer dine mutt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3083.data" diff --git a/danish/security/2014/dsa-3084.wml b/danish/security/2014/dsa-3084.wml deleted file mode 100644 index 1fd493a5a4a..00000000000 --- a/danish/security/2014/dsa-3084.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="5bfd8843847d7badbff1ba5f64c6e72aae514334" mindelta="1" -sikkerhedsopdatering - -

Dragana Damjanovic opdagede at en autentificeret klient kunne få en -OpenVPN-server til at gå ned, ved at sende en kontrolpakke indeholdende mindre -end fire bytes som payload.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.2.1-8+deb7u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.3.4-5.

- -

Vi anbefaler at du opgraderer dine openvpn-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3084.data" diff --git a/danish/security/2014/dsa-3085.wml b/danish/security/2014/dsa-3085.wml deleted file mode 100644 index 451bb49e833..00000000000 --- a/danish/security/2014/dsa-3085.wml +++ /dev/null @@ -1,78 +0,0 @@ -#use wml::debian::translation-check translation="7a5c26245e818a99000bf9a1732df7a7e0d36ae7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er opdaget i Wordpress, et webbloggingværktøj, -medførende lammelsesangreb (denial of service) eller informationsafsløring. -Flere oplysninger finder man i opstrøms bulletin på -

- -
    - -
  • CVE-2014-9031 - -

    Jouko Pynnonen opdagede sårbarhed i forbindelse med uautentificeret - udførelse af skripter på tværs af servere (XSS) i wptexturize(), udnytbar - via kommentarer eller indlæg.

    • - -
  • CVE-2014-9033 - -

    En sårbarhed i forbindelse med forfalskning af forespørgsler på tværs af - websteder (CSRF) i processen til ændring af adgangskoder, kunne udnyttes af - en angriber til at narre en bruger til at ændre sin adgangskode.

    • - -
  • CVE-2014-9034 - -

    Javier Nieto Arevalo og Andres Rojas Guerrero rapporterede om et - potentielt lammelsesangreb i den måde, phpass-biblioteket anvendes til at - håndtere adgangskoder, da der ikke var opsat en maksimal - adgangskodelængde.

    • - -
  • CVE-2014-9035 - -

    John Blackbourn rapporterede om et XSS i funktionen Press This - (anvendes til hurtig udgivelse vha. af en browsers - bookmarklet).

    • - -
  • CVE-2014-9036 - -

    Robert Chapin rapporterede om et XSS i HTML-filtreringen af CSS i - indlæg.

    • - -
  • CVE-2014-9037 - -

    David Anderson rapporterede om en hashsammenligningssårbarhed vedrørende - adgangskoder, som gemmes på den gammeldags MD5-manér. Om end det er - usandsynligt, kunne sårbarheden udnyttes til at kompromittere en konto, hvis - brugeren ikke var logget på efter en opdatering til Wordpress 2.5 (uploadet - til Debian den 2. april 2008) og adgangskodens MD5-hash kunne der blive - kolliderer med på grund af dynamisk sammenligning i PHP.

    • - -
  • CVE-2014-9038 - -

    Ben Bidner rapporterede eom forespørgselsforfalskning på serversiden - (SSRF) i kerne-HTTP-laget, der på utilstrækkelig vis blokerede - loopback-IP-adresserummet.

    • - -
  • CVE-2014-9039 - -

    Momen Bassel, Tanoy Bose og Bojan Slavkovic rapporterede om en sårbarhed - i processen til nulstilling af adgangskoder: En mailadresseændring - ugyldiggjorde ikke en tidligere mail vedrørende nulstilling af - adgangskoden.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.6.1+dfsg-1~deb7u5.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 4.0.1+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.0.1+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3085.data" diff --git a/danish/security/2014/dsa-3086.wml b/danish/security/2014/dsa-3086.wml deleted file mode 100644 index 2f2ede093b0..00000000000 --- a/danish/security/2014/dsa-3086.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="5bc174060114b96e1a2a7f9008a1c751daa37c5f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i tcpdump, et kommandolinjeprogram til -analysering af netværkstrafik. Sårbarhederne kunne måske medføre -lammelsesangreb (denial of service), lækage af følsomme oplysninger fra -hukommelsen eller potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.3.0-1+deb7u1.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 4.6.2-3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.6.2-3.

- -

Vi anbefaler at du opgraderer dine tcpdump-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3086.data" diff --git a/danish/security/2014/dsa-3087.wml b/danish/security/2014/dsa-3087.wml deleted file mode 100644 index 0d535cb0395..00000000000 --- a/danish/security/2014/dsa-3087.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="d661f5778ba95708582516b6a8e76833def93442" mindelta="1" -sikkerhedsopdatering - -

Paolo Bonzini fra Red Hat opdagede at blit-regionskontrollerne var -utilstrækkelige i Cirrus VGA-emulatoren i qemu, en hurtigt processoremulator. -En priviligeret gæstebruger kunne udnytte fejlen til at skrive ind i -qemus adresserum på værtsmaskinen, potentielt eskalerende rettighederne til dem, -der tilhører qemus værtsproces.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.1.2+dfsg-6a+deb7u6.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3087.data" diff --git a/danish/security/2014/dsa-3088.wml b/danish/security/2014/dsa-3088.wml deleted file mode 100644 index 40cd95cd5e5..00000000000 --- a/danish/security/2014/dsa-3088.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="34aac100db750a39d2e70298622025d2736b0702" mindelta="1" -sikkerhedsopdatering - -

Paolo Bonzini fra Red Hat opdagede at blit-regionskontrollerne var -utilstrækkelige i Cirrus VGA-emulatoren i qemu-kvm, en komplet -virtualiseringsløsning på x86-hardware. En priviligeret gæstebruger kunne -udnytte fejlen til at skrive ind i qemus adresserum på værtsmaskinen, -potentielt eskalerende rettighederne til dem, der tilhører qemus -værtsproces.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.1.2+dfsg-6+deb7u6.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3088.data" diff --git a/danish/security/2014/dsa-3089.wml b/danish/security/2014/dsa-3089.wml deleted file mode 100644 index 95ebdbd070f..00000000000 --- a/danish/security/2014/dsa-3089.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="7fd0a1579b23de7f9b7f823b02420cca01005497" mindelta="1" -sikkerhedsopdatering - -

Jose Duart fra Google Security Team opdagede heapbaserede bufferoverløbsfejl -i JasPer, et bibliotek til behandling af JPEG-2000-filer, hvilket kunne føre til -lammelsesangreb (applikationsnedbrud) eller udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet -i version 1.900.1-13+deb7u1.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine jasper-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3089.data" diff --git a/danish/security/2014/dsa-3090.wml b/danish/security/2014/dsa-3090.wml deleted file mode 100644 index 2b2803ab656..00000000000 --- a/danish/security/2014/dsa-3090.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="f725ed62d65307fd7b06cd59add9295746e4b381" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -Mozillas webbrowser Firefox: Adskillige hukommelsessikkerhedsfejl, -bufferoverløb, anvendelse efter frigivelse samt andre implementeringsfejl kunne -føre til udførelse af vilkårlig kode, omgåelse af sikkerhedsbegrænsninger -eller lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 31.3.0esr-1~deb7u1.

- -

I den kommende stabile distribution (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.3.0esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3090.data" diff --git a/danish/security/2014/dsa-3091.wml b/danish/security/2014/dsa-3091.wml deleted file mode 100644 index 79e7929f39b..00000000000 --- a/danish/security/2014/dsa-3091.wml +++ /dev/null @@ -1,48 +0,0 @@ -#use wml::debian::translation-check translation="d890a7299ad36c20b1fc84dddacd7956ee9175bf" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i getmail4, et posthentningsprogram med -understøttelse af POP3, IMAP4 og SDPS, som kunne muliggøre manden i -midten-angreb.

- -
    - -
  • CVE-2014-7273 - -

    Implementeringen af IMAP-over-SSL i getmail 4.0.0 til og med 4.43.0, - kontroller ikke X.509-certifikater fra SSL-servere, hvilket gjorde det - muligt for manden i midten-angribere at forfalske IMAP-servere og få adgang - til følsomme oplysninger ved hjælp af et fabrikeret certifikat.

    • - -
  • CVE-2014-7274 - -

    Implementeringen af IMAP-over-SSL i getmail 4.44.0 kontrollerede ikke - hvorvidt serverværtsnavnet svarer til et domænenavn i emnets Common - Name-felt (CN) i X.509-certifikater, hvilket gjorde det muligt for manden i - midten-angribere at forfalske IMAP-servere og få adgang til følsomme - oplysninger ved hjælp af et fabrikeret certifikat fra en anerkendt - Certification Authority.

    • - -
  • CVE-2014-7275 - -

    Implementeringen af POP3-over-SSL i getmail 4.0.0 til og med 4.44.0 - kontrollerer ikke X.509-certifikater fra SSL-servere, hvilket gjorde det - muligt for manden i midten-angribere, at forfalske POP3-servere og få adgang - til følsomme oplysninger ved hjælp af et fabrikeret certifikat.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.46.0-1~deb7u1.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 4.46.0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.46.0-1.

- -

Vi anbefaler at du opgraderer dine getmail4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3091.data" diff --git a/danish/security/2014/dsa-3092.wml b/danish/security/2014/dsa-3092.wml deleted file mode 100644 index d8c0cb6a0a8..00000000000 --- a/danish/security/2014/dsa-3092.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="d65b491227797196f2079e8ca7798c23668fd549" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af mail- -og newsklienten Mozilla Thunderbird: Adskillige hukommelsessikkerhedsfejl, -bufferoverløb, anvendelse efter frigivelse og andre implementeringsfejl, kunne -føre til udførelse af vilkårlig kode, omgåelse af sikkerhedsbegrænsinger eller -lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 31.3.0-1~deb7u1.

- -

I den kommende stabile distribution (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.3.0-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3092.data" diff --git a/danish/security/2014/dsa-3093.wml b/danish/security/2014/dsa-3093.wml deleted file mode 100644 index c907497dfb3..00000000000 --- a/danish/security/2014/dsa-3093.wml +++ /dev/null @@ -1,51 +0,0 @@ -#use wml::debian::translation-check translation="9f998b98a7ff5210ca3c8a5a82663adb1bf9efee" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til et -lammelsesangreb (denial of service) eller rettighedsforøgelse:

- -
    - -
  • CVE-2014-7841 - -

    Liu Wei fra Red Hat opdagede at en SCTP-server, som udfører ASCONF, gik i - panik ved misdannede INIT-chunks, ved udløsning af en - NULL-pointerdereference.

    • - -
  • CVE-2014-8369 - -

    En fejl blev opdaget i den måde, iommu-mappingfejl blev håndteret i - funktionen kvm_iommu_map_pages() i Linux-kernen. En gæstestyresystemsbruger - kunne udnytte fejlen til at forårsage et lammelsesangreb (korruption af - værtshukommelsen) eller muligvis have andre ikke-angivne virkninger på - værtens styresystem.

    • - -
  • CVE-2014-8884 - -

    En stakbaseret bufferoverløbsfejl blev opdaget i USB-driveren til - TechnoTrend/Hauppauge DEC. En lokal bruger med skriveadgang til den - tilhørende enhed, kunne udnytte fejlen til at få kernen til at gå ned eller - potentielt forøge vedkommendes rettigheder.

    • - -
  • CVE-2014-9090 - -

    Andy Lutomirski opdagede at funktionen do_double_fault i - arch/x86/kernel/traps.c i Linux-kernen, ikke på korrekt vis håndterede - fejl med tilknytning til Stack Segment-segmentregisteret (SS), hvilket - gjorde det muligt for lokale brugere at forårsage et lammelsesangreb - (panik).

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i version -3.2.63-2+deb7u2. Denne opdatering indeholder også rettelser af regressioner, -som er opstået under tidligere opdateringer.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet -i version 3.16.7-ckt2-1.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3093.data" diff --git a/danish/security/2014/dsa-3094.wml b/danish/security/2014/dsa-3094.wml deleted file mode 100644 index 5323954fc10..00000000000 --- a/danish/security/2014/dsa-3094.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="eec0d04f0e9d9e27c3a5c40ddf71fb413aae5e8e" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at BIND, en DNS-server, var sårbar over for en -lammelsesangrebsårbarhed (denial of service).

- -

Ved anvende ondsindet fremstillede zoner eller en skrupelløs server, kunne en -angriber udnytte en forglemmelse i den kode, som BIND 9 anvender til at følge -delegeringer i Domain Name Service, hvilket medført at BIND udsende ubegrænsede -forespørgsler i et forsøg på at følge delegeringen.

- -

Det kunne føre til ressourceudmattelse samt lammelsesangreb (op til samt -omfattende afslutning af named-serverprocessen.)

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1:9.8.4.dfsg.P1-6+nmu2+deb7u3.

- -

I den kommende stabile distribution (jessie), vil dette problem snart blive -rettet.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3094.data" diff --git a/danish/security/2014/dsa-3095.wml b/danish/security/2014/dsa-3095.wml deleted file mode 100644 index 5ab9a661ede..00000000000 --- a/danish/security/2014/dsa-3095.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b7ef0f851ee858310da27fe5eacfa946fdb8db22" mindelta="1" -sikkerhedsopdatering - -

Ilja van Sprundel fra IOActive opdagede flere sikkerhedsproblemer i -X-serveren X.org, hvilke kunne føre til rettighedsforøgelse eller -lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.12.4-6+deb7u5.

- -

I den kommende stabile distribution (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2:1.16.2.901-1.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3095.data" diff --git a/danish/security/2014/dsa-3096.wml b/danish/security/2014/dsa-3096.wml deleted file mode 100644 index fe05c41a28e..00000000000 --- a/danish/security/2014/dsa-3096.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="3481a31414f6c294fac52c370b4b86faf1c5f874" mindelta="1" -sikkerhedsopdatering - -

Florian Maury fra ANSSI opdagede en fejl i pdns-recursorat, en rekursiv -DNS-server: En fjernangriber med kontrol over ondsidet fremstillede zoner eller -en skrupelløs server, kunne påvirke pdns-recursors ydeevne, og dermed forårsage -udmattelse af ressourcer og et potentielt lammelsesangreb (denial of -service).

- -

I den stabile distribution (wheezy), er dette problem rettet i version -3.3-3+deb7u1.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), er dette problem rettet i version 3.6.2-1.

- -

Vi anbefaler at du opgraderer dine pdns-recursor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3096.data" diff --git a/danish/security/2014/dsa-3097.wml b/danish/security/2014/dsa-3097.wml deleted file mode 100644 index b7c70274735..00000000000 --- a/danish/security/2014/dsa-3097.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="a9dbfe9872c788650244a89b6b476418e01f10ea" mindelta="1" -sikkerhedsopdatering - -

Florian Maury fra ANSSI opdagede at unbound, en validerende og rekursiv -DNS-resolver, var sårbar over for et lammelsesangreb (denial of service). En -angriber, som fremstiller en ondsindet zone og er i stand til at sende (eller -foranledige afsendelse af) forespørgsler til serveren, kunne narre resolveren -til at følge en uendelig række delegeringer, førende til udmattelse af -ressourcer og en stor netværksbelastning.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4.17-3+deb7u2.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 1.4.22-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.22-3.

- -

Vi anbefaler at du opgraderer dine unbound-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3097.data" diff --git a/danish/security/2014/dsa-3098.wml b/danish/security/2014/dsa-3098.wml deleted file mode 100644 index 33ca1d35de4..00000000000 --- a/danish/security/2014/dsa-3098.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="03eddc156b33aa7724a6157cff3f20cd7bfdc0dc" mindelta="1" -sikkerhedsopdatering - -

Joshua Rogers opdagede en formatstrengssårbarhed i funktionen yyerror i -lib/cgraph/scan.l som indgår i Graphviz, en omfattende værktøjssæt til tegning -af grafer. En angriber kunne udnytte fejlen til at få graphviz til at gå ned -eller muligvis udføre vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.26.3-14+deb7u2.

- -

I den kommende stabile distribution (jessie), vil dette problem snart blive -rettet i version 2.38.0-7.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.38.0-7.

- -

Vi anbefaler at du opgraderer dine graphviz-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3098.data" diff --git a/danish/security/2014/dsa-3099.wml b/danish/security/2014/dsa-3099.wml deleted file mode 100644 index e00c6241466..00000000000 --- a/danish/security/2014/dsa-3099.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="cc8052792852bb3e2e035b34f20e24fc61ea8c4e" mindelta="1" -sikkerhedsopdatering - -

Simon McVittie opdagede at rettelsen af -\ -CVE-2014-3636 var forkert, da den ikke fuldt ud løste den underliggende -lammelsesangrebsvektor. Denne opdatering begynder med at starte D-Bus-dæmonen -som root, så den på korrekt vis kan forøge sin fildeskriptortæller.

- -

Desuden fører denne opdatering ændringen til auth_timeout i den foregående -sikkerhedsopdatering, tilbage dens oprindelige værdi, fordi den nye værdi -medførte bootfejl på nogle systemer. Se filen README.Debian for oplysninger om -hvordan man hærder D-Bus-dæmonen mod ondsindede lokale brugere.

- -

I den stabile distribution (wheezy), er disse problemer rettet i version -1.6.8-1+deb7u5.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), er disse problemer rettet i version 1.8.10-1.

- -

Vi anbefaler at du opgraderer dine dbus-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3099.data" diff --git a/danish/security/2014/dsa-3100.wml b/danish/security/2014/dsa-3100.wml deleted file mode 100644 index 38f97147b70..00000000000 --- a/danish/security/2014/dsa-3100.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="67fefa79302e52056dbe18ab7dea358349195825" mindelta="1" -sikkerhedsopdatering - -

En fejl blev opdaget i mediawiki, en wikimotor: Forvrænging tværdomænereglen -gjorde det muligt for en artikelredaktør at indsprøjte kode i API-forbugere, som -deserialiserede PHP-repræsentationer af siden fra API'et.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:1.19.20+dfsg-0+deb7u2.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3100.data" diff --git a/danish/security/2014/dsa-3101.wml b/danish/security/2014/dsa-3101.wml deleted file mode 100644 index 8725d26498b..00000000000 --- a/danish/security/2014/dsa-3101.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="5eb41c35494f3fcf4f85a9aff8ae0ace493b10e8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i c-icap, en ICAP-serverimplementering, hvilket -kunne gøre det muligt for fjernangribere at få c-icap til at gå ned eller have -anden, ikke-angivne indvirkninger.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1:0.1.6-1.1+deb7u1.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 1:0.3.1-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:0.3.1-1.

- -

Vi anbefaler at du opgraderer dine c-icap-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3101.data" diff --git a/danish/security/2014/dsa-3102.wml b/danish/security/2014/dsa-3102.wml deleted file mode 100644 index 75bcfa6af1f..00000000000 --- a/danish/security/2014/dsa-3102.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="4dce4f5c77a1bcdf09f3cb3b15c8e603882f6416" mindelta="1" -sikkerhedsopdatering - -

Jonathan Gray og Stanislaw Pitucha fandt en assertionfejl i den måde, -linjedelte strenge fortolkes på i LibYAML, et hurtigt YAML 1.1-fortolknings- og -udsendelsesbibliotek. En angriber med mulighed for at indlæse særligt -fremstillet YAML-inddata i en applikation, som anvender libyaml, kunne få -applikationen til at gå ned.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.1.4-2+deb7u5.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 0.1.6-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.1.6-3.

- -

Vi anbefaler at du opgraderer dine libyaml-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3102.data" diff --git a/danish/security/2014/dsa-3103.wml b/danish/security/2014/dsa-3103.wml deleted file mode 100644 index 9d0a1b6148f..00000000000 --- a/danish/security/2014/dsa-3103.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="72153d0bb9551bb4754557dd5c085e84fffcd21a" mindelta="1" -sikkerhedsopdatering - -

Jonathan Gray og Stanislaw Pitucha fandt en assertionfejl i den måde, -linjedelte strenge fortolkes på i LibYAML, et hurtigt YAML 1.1-fortolknings- og -udsendelsesbibliotek. En angriber med mulighed for at indlæse særligt -fremstillet YAML-inddata i en applikation, som anvender libyaml, kunne få -applikationen til at gå ned.

- -

Denne opdatering retter fejlen i den udgave, som er indlejret i pakken -libyaml-libyaml-perl.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.38-3+deb7u3.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 0.41-6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.41-6.

- -

Vi anbefaler at du opgraderer dine libyaml-libyaml-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3103.data" diff --git a/danish/security/2014/dsa-3104.wml b/danish/security/2014/dsa-3104.wml deleted file mode 100644 index 48b88a0a3c3..00000000000 --- a/danish/security/2014/dsa-3104.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="14ef9a740428bd5a3bb35de97d4c20e1c20bc2cf" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at bsd-mailx, en implementering af kommandoen mail, havde -en udokumenteret funktionalitet, der behandlede syntaksmæssigt gyldige -mailadresser som shell-kommandoer til udførsel.

- -

Brugere, der har behov for denne funktionalitet, kan genaktivere den ved -hjælp af expandaddr i en passende ailrc-fil. Opdateringen fjerner også -den uaktuelle valgmulighed -T. En ældre sikkerhedssårbarhed, -\ -CVE-2004-2771, var allerede løst i Debians bsd-mailx-pakke.

- -

Bemærk at sikkerhedsopdateringen dog ikke fjerne alle mailx' faciliteter til -udførelse af kommandoer. Skripter, som sender mail til adresser indhentet fra -kilder, der ikke er tillid til (så som en webformular), bør anvende separatoren --- før mailadresserne (hvilket i denne opdatering er rettet til at -fungere ordentligt), eller de bør ændres til i stedet at aktivere -mail -t eller sendmail -i -t, således at -modtageradressen overføres som en del af mailheaderen.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 8.1.2-0.20111106cvs-1+deb7u1.

- -

Vi anbefaler at du opgraderer dine bsd-mailx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3104.data" diff --git a/danish/security/2014/dsa-3105.wml b/danish/security/2014/dsa-3105.wml deleted file mode 100644 index 653d819205a..00000000000 --- a/danish/security/2014/dsa-3105.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b456da5ef82cc8a566d590e59254e92fbb3a1a85" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedssårbarheder blev opdaget i Heirlooms mailx, en implementering af -kommandoen mail:

- -
    - -
  • CVE-2004-2771 - -

    mailx fortolker shell-metategn i visse mailadresser.

    • - -
  • CVE-2014-7844 - -

    En uventet funktionalitet i mailx, behandlede syntaksmæssigt gyldige - mailadresser som shell-kommandoer til udførsel.

    • - -
- -

Udførelse af shell-kommandoer, kan genaktiveres ved hjælp af valgmuligheden -expandaddr.

- -

Bemærk at sikkerhedsopdateringen dog ikke fjerne alle mailx' faciliteter til -udførelse af kommandoer. Skripter, som sender mail til adresser indhentet fra -kilder, der ikke er tillid til (så som en webformular), bør anvende separatoren --- før mailadresserne (hvilket i denne opdatering er rettet til at -fungere ordentligt), eller de bør ændres til i stedet at aktivere -mail -t eller sendmail -i -t, således at -modtageradressen overføres som en del af mailheaderen.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 12.5-2+deb7u1.

- -

Vi anbefaler at du opgraderer dine heirloom-mailx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3105.data" diff --git a/danish/security/2014/dsa-3106.wml b/danish/security/2014/dsa-3106.wml deleted file mode 100644 index 3b77e8e637f..00000000000 --- a/danish/security/2014/dsa-3106.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="4998a1e51285f77f5a22ebada76311fd7b53cf69" mindelta="1" -sikkerhedsopdatering - -

Jose Duart fra Google Security Team opdagede en fejl i forbindelse med -dobbelt frigivelse -(\ -CVE-2014-8137) og en heapbaseret bufferoverløbsfejl -(\ -CVE-2014-8138) i JasPer, et bibliotek til behandling af JPEG-2000-filer. En -særligt fremstillet fil kunne medføre, at applikationer som anvender JasPer gik -ned eller måske kunne udføre vilkårlig kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.900.1-13+deb7u2.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine jasper-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3106.data" diff --git a/danish/security/2014/dsa-3107.wml b/danish/security/2014/dsa-3107.wml deleted file mode 100644 index e4acca582be..00000000000 --- a/danish/security/2014/dsa-3107.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="ec6d64054aa5fc49beb0306cb2d0c4ea28562794" mindelta="1" -sikkerhedsopdatering - -

Evgeny Kotkov opdagede en NULL-pointerdereference ved behandling af -REPORT-forespørgsler i mod_dav_svn, den komponent i Subversion, som anvendes til -sammen med Apache-webserveren til at servere repositories. En fjernangriber -kunne misbruge sårbarheden til et lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.6.17dfsg-4+deb7u7.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.8.10-5.

- -

Vi anbefaler at du opgraderer dine subversion-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3107.data" diff --git a/danish/security/2014/dsa-3108.wml b/danish/security/2014/dsa-3108.wml deleted file mode 100644 index 98f65a17dab..00000000000 --- a/danish/security/2014/dsa-3108.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="173f059975580bea10ab2d7c042565160c994195" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i ntp-pakken, en implementering af Network -Time Protocol.

- -
    - -
  • CVE-2014-9293 - -

    ntpd genererede en svag nøgle til intern brug, med fuldstændige - administrative rettigheder. Angribere kunne anvende nøglen til at - genopsætte ntpd (eller til at udnytte andre sårbarheder).

    • - -
  • CVE-2014-9294 - -

    Værktøjet ntp-keygen genererede svagte MD5-nøgler med utilstrækkelig - entropi.

    • - -
  • CVE-2014-9295 - -

    ntpd indeholdt flere bufferoverløb (både på stakken og i datasektionen), - hvilket gjorde det muligt for fjernautentificerede angribere at få ntpd til - at gå ned eller potentielt udføre vilkårlig kode.

    • - -
  • CVE-2014-9296 - -

    Den generelle funktion til pakkebehandling i ntpd, håndterede ikke en - fejlsituation korrekt.

    • - -
- -

Debians standardopsætning af ntpd begrænser adgang til localhost (samt -muligvis nærtliggende netvæk hvad angår IPv6).

- -

Nøgler eksplicit genereret med ntp-keygen -M bør genereres -igen.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1:4.2.6.p5+dfsg-2+deb7u1.

- -

Vi anbefaler at du opgraderer dine ntp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3108.data" diff --git a/danish/security/2014/dsa-3109.wml b/danish/security/2014/dsa-3109.wml deleted file mode 100644 index 4f7a9c61485..00000000000 --- a/danish/security/2014/dsa-3109.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="a5dc01e85d756b308679d475768c28b942dab1c2" mindelta="1" -sikkerhedsopdatering - -

Dmitry Kovalenko opdagede at databaseserveren Firebird var sårbar over for en -lammelsesangrebssårbarhed (denial of service). En uautentificeret fjernangriber -kunne sende en misdannet netværkspakke til en firebird-server, hvilket fik -serveren til at gå ned.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.5.2.26540.ds4-1~deb7u2.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 2.5.3.26778.ds4-5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.5.3.26778.ds4-5.

- -

Vi anbefaler at du opgraderer dine firebird2.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3109.data" diff --git a/danish/security/2014/dsa-3110.wml b/danish/security/2014/dsa-3110.wml deleted file mode 100644 index 30deb8e9606..00000000000 --- a/danish/security/2014/dsa-3110.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="c049f2dce646bf8089126a7b3b2a50add8ab74f7" mindelta="1" -sikkerhedsopdatering - -

En fejl opdaget i mediawiki, en wikimotor: thumb.php leverede -wikitext-meddelelser som rå HTML, potentielt førende til udførelse af -skripter på tværs af websteder (XSS).

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.19.20+dfsg-0+deb7u3; denne version retter desuden en regression -opstået i den foregående udgave, DSA-3100-1.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), er dette problem rettet i version 1:1.19.20+dfsg-2.2.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3110.data" diff --git a/danish/security/2014/dsa-3111.wml b/danish/security/2014/dsa-3111.wml deleted file mode 100644 index 0cc5859b588..00000000000 --- a/danish/security/2014/dsa-3111.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="0927a48f7072f16d915566f9b360af1853eec762" mindelta="1" -sikkerhedsopdatering - -

Michal Zalewski opdagede et problem med skrivning uden for grænserne i cpio, -et værktøj til oprettelse og udpakning af cpio-arkivfiler. Samtidig med at -cpio-udviklerne rettede dette problem, fandt og rettede de yderligere problemer -med grænsekontroller og null-pointerdereferencer.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.11+dfsg-0.1+deb7u1.

- -

I den kommende stabile distribution (jessie), vil dette problem snart blive -rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.11+dfsg-4.

- -

Vi anbefaler at du opgraderer dine cpio-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3111.data" diff --git a/danish/security/2014/dsa-3112.wml b/danish/security/2014/dsa-3112.wml deleted file mode 100644 index 7329579fffb..00000000000 --- a/danish/security/2014/dsa-3112.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="7565caaa9da7e26b6cf474dd0dcd418c7ee2d112" mindelta="1" -sikkerhedsopdatering - -

Michele Spagnuolo fra Google Security Team opdagede to heapbaserede -bufferoverløb i SoX, schweizerkniven blandt lydbehandlingsprogrammer. En -særligt fremstillet wav-fil kunne forårsage, at en applikation som anvender -SoX, til at gå ned eller muligvis udføre vilkårlig kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 14.4.0-3+deb7u1.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine sox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3112.data" diff --git a/danish/security/2014/dsa-3113.wml b/danish/security/2014/dsa-3113.wml deleted file mode 100644 index b3402d6b19e..00000000000 --- a/danish/security/2014/dsa-3113.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="1550abca3d44042b386810514223a5c63669bcc9" mindelta="1" -sikkerhedsopdatering - -

Michele Spagnuolo fra Google Security Team opdagede at unzip, et -udpakningsværktøj til arkiver komprimeret i .zip-formatet, var påvirket af et -heapbaseret bufferoverløb i funktionen til CRC32-verifikation -(\ -CVE-2014-8139), i funktionen test_compr_eb() -(\ -CVE-2014-8140) og i funktionen getZip64Data() -(\ -CVE-2014-8141), hvilke kunne føre til udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 6.0-8+deb7u1.

- -

I den kommende stabile distribution (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 6.0-13.

- -

Vi anbefaler at du opgraderer dine unzip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3113.data" diff --git a/danish/security/2014/dsa-3114.wml b/danish/security/2014/dsa-3114.wml deleted file mode 100644 index 19ec1a10103..00000000000 --- a/danish/security/2014/dsa-3114.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="4ee92ccd1241b615becb1252405727e3f1472a68" mindelta="1" -sikkerhedsopdatering - -

Timothy D. Morgan opdagede at run-mailcap, et værktøj til udførelse af -programmer via registreringer i filen mailcap, var sårbar over for -shell-kommandoindsprøjtning gennem shell-metategn i filnavne. Under specifikke -omstændigheder kunne fejlen gøre det muligt for en angriber at fjernudføre -vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.52-1+deb7u1.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine mime-support-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3114.data" diff --git a/danish/security/2014/dsa-3115.wml b/danish/security/2014/dsa-3115.wml deleted file mode 100644 index 10cab6f0b57..00000000000 --- a/danish/security/2014/dsa-3115.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="bd349ae60f5540d8044c2019c1b599ca1054f3d0" mindelta="1" -sikkerhedsopdatering - -

Jonathan Gray og Stanislaw Pitucha fandt en assertionfejl i den måde, -linjedelte strenge fortolkes på i Python-YAML, en YAML-fortolker og -udsender -til Python. En angriber med mulighed for at indlæse særligt fremstillet -YAML-inddata i en applikation, som anvender python-yaml, kunne få applikationen -til at gå ned.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.10-4+deb7u1.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 3.11-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.11-2.

- -

Vi anbefaler at du opgraderer dine pyyaml-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3115.data" diff --git a/danish/security/2014/dsa-3116.wml b/danish/security/2014/dsa-3116.wml deleted file mode 100644 index 8d2dcf02029..00000000000 --- a/danish/security/2014/dsa-3116.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c2e3212b89f7af7ed54c308b6645057380630e4d" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at en hukommelseslækage i fortolkningen af X.509-certifikar -kunne medføre lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.9-1~deb7u4.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 1.3.9-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3.9-1.

- -

Vi anbefaler at du opgraderer dine polarssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3116.data" diff --git a/danish/security/2014/dsa-3117.wml b/danish/security/2014/dsa-3117.wml deleted file mode 100644 index 83cbaf3a8c0..00000000000 --- a/danish/security/2014/dsa-3117.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="c2e3212b89f7af7ed54c308b6645057380630e4d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et generelt anvendelig skriptsprog der -hyppigt anvendes til udvikling af webapplikationer.

- -

SA'er offentliggjorde i DSA 3064-1, at man har besluttet at følge de stabile -5.4.x-udgivelser hvad angår php5-pakkerne i Wheezy. Som en følge deraf, er -sårbarhederne løst ved at opgradere PHP til den nye opstrømsversion 5.4.36, der -indeholder yderligere fejlrettelser, ny funktionalitet og muligvis inkompatible -ændringer. Se opstrøms changelog for flere oplysninger:

- -

- -

To yderligere rettelser blev føjet oven på den importerede, nye -opstrømsversion. Der blev rettet en fejl i forbindelse med læsning uden for -grænserne, som kunne medføre, at php5-cgi gik ned. Desuden blev der rettet en -fejl i php5-pgsql, kombineret med PostgreSQL 9.1 -(\ -Debian fejl nummer 773182).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.4.36-0+deb7u1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2014/dsa-3117.data" diff --git a/danish/security/2014/index.wml b/danish/security/2014/index.wml deleted file mode 100644 index a58f683a227..00000000000 --- a/danish/security/2014/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2014 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security -#use wml::debian::translation-check translation="ed54eda7d637b53fe29a2c72db3fc396fd5cd983" - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/security/2014' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2015/Makefile b/danish/security/2015/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2015/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2015/dsa-3118.wml b/danish/security/2015/dsa-3118.wml deleted file mode 100644 index 9164e3d9ee2..00000000000 --- a/danish/security/2015/dsa-3118.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="e7fa285577bcf2cb96aef9f3fd7e6e7c2e72a96f" mindelta="1" -sikkerhedsopdatering - -

Mike Daskalakis rapporterede om en lammelsesangrebssårbarhed (denial of -service) i charon, IKEv2-dæmonen til strongSwan, en IKE/IPsec-programsamling, -der anvendes til at etablere IPsec-beskyttede links.

- -

Fejlen kan udløses af en IKEv2 Key Exchange-payload (KE), som indeholder -Diffie-Hellman (DH) gruppe 1025. Identifikatoren er fra et intervel, der er -beregnet til privat anvendelse, og kun anvendes internt af libtls til DH-grupper -med skræddersyet generator og prime (MODP_CUSTOM). Den instantierede metode -forventer, at disse to værder overføres til constructoren. Det er ikke -tilfældet, når et DH-objekt oprettes og det er baseret på gruppen i -KE-payload'en. Derfpr derefereres senere en ugyldig pointer, hvilket medfører -en segmenteringsfejl.

- -

Det betyder, at charon-dæmonen kan bringes til at gå ned med en enkelt -IKE_SA_INIT-meddelelse, indeholdende en sådan KE-payload. Starterprocessen -skulle dernæst genstarte dæmonen, men det kan forøge belastningen på systemet. -Fjernudførelse af kode er ikke muligt på grund af problemet, desuden er IKEv1 -ikke påvirket i hverken charon eller pluto.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 4.5.2-1.5+deb7u6.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 5.2.1-5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.2.1-5.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3118.data" diff --git a/danish/security/2015/dsa-3119.wml b/danish/security/2015/dsa-3119.wml deleted file mode 100644 index 2589d1698e8..00000000000 --- a/danish/security/2015/dsa-3119.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="4bfd3f8179566cab8a6949a0f5bc2d6cb000f992" mindelta="1" -sikkerhedsopdatering - -

Andrew Bartlett fra Catalyst rapporterede om en fejl, der påvirkede visse -applikationer, som anvender Libevents evbuffer-API. Fejlen medførete, at -applikationer, der overfører enormt store inddata til evbuffers, potentielt var -udsatte for heapoverløb eller uendelig løkke. For at udnytte fejlen, skal en -angriber være i stand til at finde en måde, at provokere programmet til at -forsøge, at danne en bufferchunk, som er større end hvad der er plads til i en -enkelt size_t eller off_t.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.0.19-stable-3+deb7u1.

- -

I den kommende stabile distribution (jessie) og i den ustabile -distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libevent-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3119.data" diff --git a/danish/security/2015/dsa-3120.wml b/danish/security/2015/dsa-3120.wml deleted file mode 100644 index ed2b81d46e1..00000000000 --- a/danish/security/2015/dsa-3120.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="a246fd6c07d80f7fd6441bb5457564d3be98ec0c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i fejlsporingssystemet Mantis, -hvilke kunne medføre phishing, informationsafsløring, omgåelse af CAPTCHA, -SQL-indsprøjtning, udførelse af skripter på tværs af websteder eller udførelse -af vilkårlig PHP-kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.2.18-1.

- -

Vi anbefaler at du opgraderer dine mantis-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3120.data" diff --git a/danish/security/2015/dsa-3121.wml b/danish/security/2015/dsa-3121.wml deleted file mode 100644 index 84562f9b9d4..00000000000 --- a/danish/security/2015/dsa-3121.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="610ab3e2a02078bbdfa2c92215ecd25220371fe5" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i file, et værktøj/bibliotek til at -afgøre en fils type. Behandling af en misdannet fil, kunne medføre -lammelsesangreb (denial of service). De fleste af ændringerne er forbundet med -fortolkning af ELF-filer.

- -

Blandt rettelserne blev flere begrænsninger på aspekter ved filgenkendelsen -enten tilføjet eller opstrammet, nogle gange medførende meddelelser så som -recursion limit exceeded eller too many program header -sections.

- -

For at omgå sådanne ulemper, er begrænsningerne gjort kontrollerbare ved -hjælp af et nyt -P hhv. --parameter i file-programmet.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.11-2+deb7u7.

- -

I den kommende stabile distribution (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:5.21+15-1.

- -

Vi anbefaler at du opgraderer dine file-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3121.data" diff --git a/danish/security/2015/dsa-3122.wml b/danish/security/2015/dsa-3122.wml deleted file mode 100644 index 39740b4ef1f..00000000000 --- a/danish/security/2015/dsa-3122.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="72f0a5530a35cd67e06595c41cee039843ba5d11" mindelta="1" -sikkerhedsopdatering - -

Andrey Labunets fra Facebook opdagede at cURL, en bibliotek til overførsel af -URL'er, ikke på korrekt vis håndterede URL'er med indlejrede slut på -linjen-tegn. En angriber med mulighed for at lave en applikation, som anvender -libcurl til at tilgå en særligt fremstillet URL via en HTTP-proxy, kunne udnytte -fejlen til at foretage yderligere forespørgsler på en måde, som ikke var -tiltænkt, eller der kunne indsættes yderligere forespørgselsheadere i -forespørgslen.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 7.26.0-1+wheezy12.

- -

I den kommende stabile distribution (jessie), vil dette problem snart blive -rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.38.0-4.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3122.data" diff --git a/danish/security/2015/dsa-3123.wml b/danish/security/2015/dsa-3123.wml deleted file mode 100644 index d1961f401e5..00000000000 --- a/danish/security/2015/dsa-3123.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e2a3312d34e7d627dae59cfac14dd9c91efbe8be" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i binutils, en værktøjskasse til -manipulering af binære filer. Sårbarhederne er blandt andre adskillige fejl i -forbindelse med hukommelsessikkerhed, bufferoverløb, anvendelse efter frigivelse -samt andre implementeringsfejl, der kunne føre til udførelse af vilkårlig kode, -omgåelse af sikkerhedsbegrænsninger, mappegennemløbsangreb eller lammelsesangreb -(denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.22-8+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.25-3.

- -

Vi anbefaler at du opgraderer dine binutils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3123.data" diff --git a/danish/security/2015/dsa-3124.wml b/danish/security/2015/dsa-3124.wml deleted file mode 100644 index d2f3a7e44f0..00000000000 --- a/danish/security/2015/dsa-3124.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="d45e67eca887ec8e0dc5aba06313ebb5820fc72f" mindelta="1" -sikkerhedsopdatering - -

Thorsten Eckel fra Znuny GMBH og Remo Staeuble fra InfoGuard opdagede en -rettighedsforøgelsessårbarhed i otrs2, Open Ticket Request System. En angriber -med gyldige OTRS-loginoplysninger kunne tilgå og ændre ticketdata hørende til -andre brugere via GenericInterface, hvis en ticketwebservice var opsat og ikke -yderligere sikret.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.1.7+dfsg1-8+deb7u5.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 3.3.9-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.3.9-3.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3124.data" diff --git a/danish/security/2015/dsa-3125.wml b/danish/security/2015/dsa-3125.wml deleted file mode 100644 index 2a0ac0d3cd3..00000000000 --- a/danish/security/2015/dsa-3125.wml +++ /dev/null @@ -1,88 +0,0 @@ -#use wml::debian::translation-check translation="f64baf49f0e431d9ebba52c84ae30ded463e45e9" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i OpenSSL, et Secure Sockets -Layer-værktøjssæt. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2014-3569 - -

    Frank Schmirler rapporterede at funktionen ssl23_get_client_hello i - OpenSSL ikke på korrekt vis håndterede forsøg på at anvende - ikke-understøttede protokoller. Når OpenSSL er opbygget med valgmuligheden - no-ssl3 og en SSL v3-ClientHello modtages, blev ssl-metoden sat til NULL, - hvilket senere kunne medføre en NULL-pointerdereference og - dæmonnedbrud.

    • - -
  • CVE-2014-3570 - -

    Pieter Wuille fra Blockstream rapporterede at bignum-kvadrering (BN_sqr) - kunne give ukorrekte resultater på nogle platforme, hvilket kunne gøre det - lettere for fjernangribere at omgå kryptografiske - beskyttelsesmekanismer.

    • - -
  • CVE-2014-3571 - -

    Markus Stenberg fra Cisco Systems, Inc. rapporterede at en omhyggeligt - fremstillet DTLS-meddelelse kunne medføre en segmenteringsfejl i OpenSSL på - grund af en NULL-pointerdereference. En fjernangriber kunne udnytte fejlen - til at iværksætte et lammelsesangreb (denial of service).

    • - -
  • CVE-2014-3572 - -

    Karthikeyan Bhargavan fra PROSECCO-holdet ved INRIA rapporterede, at en - OpenSSL-klient tog imod et håndtryk fra en flygtig ECDH-ciphersuite, hvis - meddelelsen til udveksling af servernøglen blev udeladt. Dermed var det - muligt for fjerne SSL-servere, at udføre ECDHE til ECDH-nedgraderingsangreb - samt udløse et tab af videresendt hemmeligholdelse.

    • - -
  • CVE-2014-8275 - -

    Antti Karjalainen og Tuomo Untinen fra Codenomicon CROSS-projektet samt - Konrad Kraszewski fra Google rapporterede om forskellige problemer med - certifikatfingeraftryk, hvilke gjorde det muligt for fjernangribere at omgå - en beskyttelsesmekanisme vedrørende fingeraftryksbaseret - certifikatsortliste.

    • - -
  • CVE-2015-0204 - -

    Karthikeyan Bhargavan fra PROSECCO-holdet ved INRIA rapporterede, at en - OpenSSL-klient accepterede anvendelse af en flygtig RSA-nøgle i en - ikke-eksporterbar RSA-nøgleudvekslingsciphersuite, hvilket overtrådte - TLS-standarden. Dermed var det muligt for fjerne SSL-servere at nedgradere - sessionens sikkerhed.

    • - -
  • CVE-2015-0205 - -

    Karthikeyan Bhargavan fra PROSECCO-holdet ved INRIA rapporterede, at en - OpenSSL-server accepterede et DH-certifikat til klientautentifikation, uden - certifikatverfikationsmeddelelsen. Fejlen gjorde det reelt set muligt at - autentifikere uden at benytte en privat nøgle, gennem fabrikeret - TLS-håndtryksprotokoltrafik til en server, som accepterer en - certifikeringsmyndighed med DH-understøttelse.

    • - -
  • CVE-2015-0206 - -

    Chris Mueller opdagede en hukommelseslækage i funktionen - dtls1_buffer_record. En fjernangriber kunne udnytte fejlen til at - iværksætte et lammelsesangreb gennem hukommelsesudmattelse, ved gentagne - gange at sende særligt fremstillede DTLS-poster.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.0.1e-2+deb7u14.

- -

I den kommende stabile distribution (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.1k-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3125.data" diff --git a/danish/security/2015/dsa-3126.wml b/danish/security/2015/dsa-3126.wml deleted file mode 100644 index 48723f97d93..00000000000 --- a/danish/security/2015/dsa-3126.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="04d6a726b50748ca6b95a4be31ecacdbcce87818" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libmagic, der anvendes af PHP, kunne udløse en -hukommelsestilgang uden for grænserne, når der blev prøvet at identificere en -fabrikeret fil.

- -

Desuden retter denne opdatering en potentiel afhængighedsløkke i dpkg -trigger handling.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.4.36-0+deb7u3.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3126.data" diff --git a/danish/security/2015/dsa-3127.wml b/danish/security/2015/dsa-3127.wml deleted file mode 100644 index e46ac0a5981..00000000000 --- a/danish/security/2015/dsa-3127.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f83671ce42b8d6b7f5ecefcce4d08a34ce30149a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Adskillige fejl i forbindelse med -hukommelsessikkerhed og implementeringsfejl kunne føre til udførelse af -vilkårlig kode, informationslækager eller lammelsesangreb (denial of -service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 31.4.0esr-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.4.0esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3127.data" diff --git a/danish/security/2015/dsa-3128.wml b/danish/security/2015/dsa-3128.wml deleted file mode 100644 index 041e39ba0c4..00000000000 --- a/danish/security/2015/dsa-3128.wml +++ /dev/null @@ -1,63 +0,0 @@ -#use wml::debian::translation-check translation="518da07e45fafd52c412dc67d4b2705497baf582" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til et -lammelsesangreb (denial of service) eller informationslækager.

- -
    - -
  • CVE-2013-6885 - -

    Man opdagede, at under særlige omstændigheder kunne en kombination af - skrivningshandlinger og skriv-kombineret-hukommelse og låste - CPU-instruktioner føre til at en hængende core på AMD-processorerne 16h 00h - til og med 0Fh. En lokal bruger kunne udnytte fejlen til at iværksætte et - lammelsesangreb (hængende system) gennem en fabrikeret applikation.

    - -

    For flere oplysninger, se AMD CPU erratum 793 i - \ - http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf

    • - -
  • CVE-2014-8133 - -

    Man opdagede at espfix-funktionaliteten kunne omgås ved at installere et - 16 bits-RW-datasegment i GDT i stedet for LDT (som espfix kigger efter) og - anvende det som stak. En lokal upriviligeret bruger kunne potentielt - udnytte fejlen til at lække kernestakadresser og dermed gøre det muligt at - omgå ASLR-beskyttelsesmekanismen.

    • - -
  • CVE-2014-9419 - -

    Man opdagede at på Linux-kerne kompileret med 32 bit-grænseflader - (CONFIG_X86_32), kunne et ondsindet brugerprogram foretage en delvis - omgåelse af ASLR gennem en TLS-baseadresselækage, når andre programmer blev - angrebet.

    • - -
  • CVE-2014-9529 - -

    Man opdagede at Linux-kernen var påvirket af en kapløbstilstandsfejl, når - den foretog garbage-collection af nøgler, hvilket gjorde det muligt for - lokale brugere at forårsage et lammelsesangreb (hukommelseskorruption eller - panik).

    • - -
  • CVE-2014-9584 - -

    Man opdagede at Linux-kernen ikke validerede en længdeværdi i Extensions - Reference (ER) System Use Field, hvilket gjorde det muligt for lokale - brugere at få fat i følsomme oplysninger fra kernehukommelsen gennem et - fabrikeret iso9660-filaftryk.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.2.65-1+deb7u1. Desuden retter opdateringen en -suspend-/resume-regression, opstået i 3.2.65.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3128.data" diff --git a/danish/security/2015/dsa-3129.wml b/danish/security/2015/dsa-3129.wml deleted file mode 100644 index 587078d89f5..00000000000 --- a/danish/security/2015/dsa-3129.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="0b4cbee2d53faeb6f9efef91772d84c99fd2f893" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i pakkehåndteringsprogrammet RPM.

- -
    - -
  • CVE-2013-6435 - -

    Florian Weimer opdagede en kapløbstilstand i valideringen af - pakkesignaturer.

    • - -
  • CVE-2014-8118 - -

    Florian Weimer opdagede et heltalsoverløb i fortolkningen af - CPIO-headere, hvilket måske kunne medføre udførelse af vilkårlig - kode.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.10.0-5+deb7u2.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 4.11.3-1.1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.11.3-1.1.

- -

Vi anbefaler at du opgraderer dine rpm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3129.data" diff --git a/danish/security/2015/dsa-3130.wml b/danish/security/2015/dsa-3130.wml deleted file mode 100644 index e0a73c5fadd..00000000000 --- a/danish/security/2015/dsa-3130.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b5da47d9c39f16fd0e3ee3927523ff3828af15b7" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at lsyncd, en dæmon til synkronisering af lokale mapper ved -hjælp af rsync, udførte utilstrækkelig fornuftighedskontrol på filnavne, hvilket -kunne medføre udførelse af vilkårlige kommandoer.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.0.7-3+deb7u1.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 2.1.5-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1.5-2.

- -

Vi anbefaler at du opgraderer dine lsyncd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3130.data" diff --git a/danish/security/2015/dsa-3131.wml b/danish/security/2015/dsa-3131.wml deleted file mode 100644 index 9b740727bba..00000000000 --- a/danish/security/2015/dsa-3131.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="829376514bbadf278afbf99a91874100125a25c6" mindelta="1" -sikkerhedsopdatering - -

John Houwer opdagede en måde, der kunne medføre at xdg-open, et værktøj til -automatisk åbning af URL'er i brugerens foretrukne applikation, fjernudførte -vilkårlige kommandoer.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.1.0~rc1+git20111210-6+deb7u2.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid) er dette problem rettet i version 1.1.0~rc1+git20111210-7.3.

- -

Vi anbefaler at du opgraderer dine xdg-utils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3131.data" diff --git a/danish/security/2015/dsa-3132.wml b/danish/security/2015/dsa-3132.wml deleted file mode 100644 index c759e5e2b92..00000000000 --- a/danish/security/2015/dsa-3132.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="12e8388509d66a387f50a745dffce089f3118221" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af mail- -og newsklienten Mozilla Thunderbird: Adskillige hukommelsessikkerhedsfejl og -implementeringsfejl, kunne føre til udførelse af vilkårlig kode, -informationslækager eller lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 31.4.0-1~deb7u1.

- -

I den kommende stabile distribution (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.4.0-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3132.data" diff --git a/danish/security/2015/dsa-3133.wml b/danish/security/2015/dsa-3133.wml deleted file mode 100644 index 6f26d8a1c93..00000000000 --- a/danish/security/2015/dsa-3133.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c38e544cb4e343cbef41877078921c8f5bb440ff" mindelta="1" -sikkerhedsopdatering - -

Adskillige fejl i forbindelse med anvendelse efter frigivelse, blev opdaget i -Privoxy, en HTTP-proxy, der forøger beskyttelsen af privatlivet.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.0.19-2+deb7u1.

- -

I den kommende stabile distribution (jessie), vil dette problem snart blive -rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.0.21-5.

- -

Vi anbefaler at du opgraderer dine privoxy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3133.data" diff --git a/danish/security/2015/dsa-3134.wml b/danish/security/2015/dsa-3134.wml deleted file mode 100644 index 190cc3935ff..00000000000 --- a/danish/security/2015/dsa-3134.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="5096bbc297f10401aa30f723d6d8c6e14b9cd589" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i webgræsefladen til sympa, et program til -håndtering af postlister. En angriber kunne drage nytte af fejlen i området -til udsendelse af nyhedsbreve, hvilket gjorde det muligt at sende til listen -eller sende til en selv, enhver fil på serverens filsystem som er læsbar af -sympa-brugeren.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 6.1.11~dfsg-5+deb7u2.

- -

I den kommende stabile distribution (jessie), vil dette problem snart -blive rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 6.1.23~dfsg-2.

- -

Vi anbefaler at du opgraderer dine sympa-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3134.data" diff --git a/danish/security/2015/dsa-3135.wml b/danish/security/2015/dsa-3135.wml deleted file mode 100644 index 8ae50362c3c..00000000000 --- a/danish/security/2015/dsa-3135.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="1b27d8a7e2da6e243fa361ce123f202db060fdb2" mindelta="1" -sikkerhedsopdatering - -

Flere problemer blev opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion 5.5.41. For flere -oplysninger, se MySQL 5.5 Release Notes og Oracles Critical Patch -Update-bulletin:

- - - -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.5.41-0+wheezy1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3135.data" diff --git a/danish/security/2015/dsa-3136.wml b/danish/security/2015/dsa-3136.wml deleted file mode 100644 index ce57eb9dc4f..00000000000 --- a/danish/security/2015/dsa-3136.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="9aa2571f0bb79d51eab41aacfc17bd0f6a8379bc" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i PolarSSL, et letvægtsbibliotek til kryptering -og SSL/TLS. En fjernangriber kunne udnytte fejlen ved hjælp af særligt -fremstillede certifikater, til at iværksætte et lammelsesangreb (denial of -service) mod en applikation, som er linket mod biblioteket (applikationsnedbrud) -eller potentielt udføre vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2.9-1~deb7u5.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine polarssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3136.data" diff --git a/danish/security/2015/dsa-3137.wml b/danish/security/2015/dsa-3137.wml deleted file mode 100644 index cb53d303754..00000000000 --- a/danish/security/2015/dsa-3137.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="843d2f7b868611d25a5a0ba31345a6706f2ae942" mindelta="1" -sikkerhedsopdatering - -

James Clawson opdagede at websvn, en webfremviser til Subversion-arkiver, -fulgte symlinks i et arkiv, når en fil blev præsenteret til download. En -angriber med skriveadgang til arkivet kunne dermed tilgå enhver fil på disken, -som er læsbar af den bruger, som webserveren kører under.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.3.3-1.1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.3.3-1.2.

- -

Vi anbefaler at du opgraderer dine websvn-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3137.data" diff --git a/danish/security/2015/dsa-3138.wml b/danish/security/2015/dsa-3138.wml deleted file mode 100644 index 198b9a6d88c..00000000000 --- a/danish/security/2015/dsa-3138.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="555b76bf89c0899a25f2981249153dcc7abe2971" mindelta="1" -sikkerhedsopdatering - -

En forskud med en-fejl, førende til et heapbaseret bufferoverløb -(\ -CVE-2014-8157) samt en fejl i forbindelse med ubegrænset stakhukommelse -(\ -CVE-2014-8158) blev fundet i JasPer, et bibliotek til behandling af -JPEG-2000-filer. En særligt fremstillet fil kunne medføre, at en applikation, -som anvender JasPer, gik ned eller potentielt udførte vilkårlig kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.900.1-13+deb7u3.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine jasper-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3138.data" diff --git a/danish/security/2015/dsa-3139.wml b/danish/security/2015/dsa-3139.wml deleted file mode 100644 index f54199e6a4f..00000000000 --- a/danish/security/2015/dsa-3139.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="8039a5dc74710c5a871ed6dbf0b0167bd61d83d9" mindelta="1" -sikkerhedsopdatering - -

Matthew Daley opdagede at squid, en webproxycache, ikke udførte korrekt -fornuftighedskontrol af inddata, når forespørgsler behandles. En fjernangriber -kunne udnytte fejlen til at iværksætte et lammelsesangreb (denial of service), -ved at sende særligt fremstillede Range-forespørgsler.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.7.STABLE9-4.1+deb7u1.

- -

Vi anbefaler at du opgraderer dine squid-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3139.data" diff --git a/danish/security/2015/dsa-3140.wml b/danish/security/2015/dsa-3140.wml deleted file mode 100644 index 8dd60f71b24..00000000000 --- a/danish/security/2015/dsa-3140.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="1e6796b099b14faa04cd1d21d3674bac13340060" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i virtualiseringsløsningen Xen, -hvilke kunne medføre lammelsesangreb (denial of service), informationsafsløring -eller rettighedsforøgelse.

- -
    - -
  • CVE-2014-8594 - -

    Roger Pau Monne og Jan Beulich opdagede at ufuldstændige begrænsinger på - MMU-opdateringshyperkald, kunne medføre rettighedsforøgelse.

    • - -
  • CVE-2014-8595 - -

    Jan Beulich opdagede at manglende kontroller af rettighedsniveau i - x86-emularingen af fjerne forgreninger, kunne medføre - rettighedsforøgelse.

    • - -
  • CVE-2014-8866 - -

    Jan Beulich opdagede at en fejl i parameteroversættelsen af hyperkald i - kompatibilitetstilstand, kunne medføre lammelsesangreb.

    • - -
  • CVE-2014-8867 - -

    Jan Beulich opdagede at en utilstrækkelig begrænsing i - accelerationunderstøttelsen af REP MOVS-instruktionen, kunne medføre - lammelsesangreb.

    • - -
  • CVE-2014-9030 - -

    Andrew Cooper opdagede en sidereferencelækage i håndteringen af - MMU_MACHPHYS_UPDATE, medførende lammelsesangreb.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.1.4-3+deb7u4.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 4.4.1-4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.4.1-4.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3140.data" diff --git a/danish/security/2015/dsa-3141.wml b/danish/security/2015/dsa-3141.wml deleted file mode 100644 index bbaf19de5d1..00000000000 --- a/danish/security/2015/dsa-3141.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="cd1774d717aefd6053036edf9a84fa6b318f61a2" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i dissektorer/fortolkerne af SSL/TLS og -DEC DNA, hvilke kunne medføre lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.8.2-5wheezy14.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 1.12.1+g01b65bf-3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.12.1+g01b65bf-3.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3141.data" diff --git a/danish/security/2015/dsa-3142.wml b/danish/security/2015/dsa-3142.wml deleted file mode 100644 index 7eef7388e8a..00000000000 --- a/danish/security/2015/dsa-3142.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="560449c3c14616d0bff43d7714d09946f5507c83" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er rettet i eglibc, Debians udgave af GNU C-biblioteket:

- -
    - -
  • CVE-2015-0235 - -

    Qualys opdagede at funktionerne gethostbyname og gethostbyname2, var - udsat for et bufferoverløb, hvis de fik leveret et fabrikeret - IP-adresseparameter. Det kunne anvendes af en angriber til at udføre - vilkårlig kode i processer, der kalder de påvirkede funktioner.

    - -

    Den oprindelige fejl i glibc blev rapporteret af Peter Klotz.

    • - -
  • CVE-2014-7817 - -

    Tim Waugh fra Red Hat opdagede at valgmuligheden WRDE_NOCMD i funktionen - wordexp, ikke undertrykte kommandoudførelse i alle situationer. Dermed var - det muligt for en kontaktafhængig angriber, at udføre - shellkommandoer.

    • - -
  • CVE-2012-6656 - CVE-2014-6040 - -

    Koden til tegnsætskonvertering af visse IBM-multibytetegnsæt, kunne - udføre en arraytilgang uden for grænserne, medførende at processen gik ned. - I nogle situationer var det dermed muligt for en fjernangriber at forårsage - et vedholdende lammelsesangreb (denial of service).

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.13-38+deb7u7.

- -

I den kommende stabile distribution (jessie) og i den ustabile -distribution (sid), er problemet benævnt -CVE-2015-0235 -rettet i version 2.18-1 af glibc-pakken.

- -

Vi anbefaler at du opgraderer dine eglibc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3142.data" diff --git a/danish/security/2015/dsa-3143.wml b/danish/security/2015/dsa-3143.wml deleted file mode 100644 index 5a90bc4beb3..00000000000 --- a/danish/security/2015/dsa-3143.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="8f38b375df9b8207cb4b2cc055d171e93e231b49" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i VirtualBox, en x86-virtualiseringsløsning, -hvilket måske kunne medføre lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.1.18-dfsg-2+deb7u4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.3.18-dfsg-2.

- -

Vi anbefaler at du opgraderer dine virtualbox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3143.data" diff --git a/danish/security/2015/dsa-3144.wml b/danish/security/2015/dsa-3144.wml deleted file mode 100644 index 175c9205f7f..00000000000 --- a/danish/security/2015/dsa-3144.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="56d88a860861279c0aee1f49b301ea98e3d534cd" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udførelse af vilkårlig kode, informationsafsløring -eller lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 7u75-2.5.4-1~deb7u1.

- -

I den kommende stabile distribution (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7u75-2.5.4-1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3144.data" diff --git a/danish/security/2015/dsa-3145.wml b/danish/security/2015/dsa-3145.wml deleted file mode 100644 index 2cced9396d3..00000000000 --- a/danish/security/2015/dsa-3145.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="d2db60f13e13ca1eab5baeb5848725b194bd321f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Privoxy, en HTTP-proxy der forøger -privatlivsbeskyttelsen, hvilke kunne medføre lammelsesangreb (denial of -service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.0.19-2+deb7u2.

- -

I den kommende stabile distribution (jessie), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.0.21-7.

- -

Vi anbefaler at du opgraderer dine privoxy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3145.data" diff --git a/danish/security/2015/dsa-3146.wml b/danish/security/2015/dsa-3146.wml deleted file mode 100644 index 4dc582987ad..00000000000 --- a/danish/security/2015/dsa-3146.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="b25e92a39f7ff2ff1b5f4236de30c0bdcff1c022" mindelta="1" -sikkerhedsopdatering - -

Jakub Wilk opdagede at requests, et HTTP-bibliotek til Python-sproget, -håndterede autentifkationsoplysninger på ukorrekt vis, når en omdirigering -fandt sted. Dermed kunne fjerne servere få adgang til to forskellige former for -følsomme oplysninger: proxyadgangskoder fra Proxy-Authorization-headeren -(\ -CVE-2014-1830) og netrc-adgangskoder fra Authorization-headeren -(\ -CVE-2014-1829).

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.12.1-1+deb7u1.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), er dette problem rettet i version 2.3.0-1.

- -

Vi anbefaler at du opgraderer dine requests-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3146.data" diff --git a/danish/security/2015/dsa-3147.wml b/danish/security/2015/dsa-3147.wml deleted file mode 100644 index f676ad91a09..00000000000 --- a/danish/security/2015/dsa-3147.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="099f951589c7fede3232f9a5056de2b463252db3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udførelse af vilkårlig kode, informationsafsløring -eller lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 6b34-1.13.6-1~deb7u1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3147.data" diff --git a/danish/security/2015/dsa-3148.wml b/danish/security/2015/dsa-3148.wml deleted file mode 100644 index 8314ea09a47..00000000000 --- a/danish/security/2015/dsa-3148.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="6f0063b49127f977a7a185b807cf862c694c66b0" mindelta="1" -ophørt livsforløb - -

Sikkerhedsunderstøttelse af webbrowseren Chromium er nu ophørt i den stabile -distribution (wheezy). Chromium-opstrøm er holdt op med at understtøtte det -buildmiljø, som anvendes i wheezy (gcc 4.7, make, osv.), hvorfor der ikke -længere er nogen praktisk måde, at fortsætte med at opbygge -sikkerhedsopdateringer på.

- -

Brugere af Chromium, som ønsker fortsatte sikkerhedsopdateringer, opfordres -til tidligt at opgradere til den kommende stabile udgave (jessie), Debian 8.

- -

Et alternativ er at skifte til webbrowseren Iceweasel, som endnu i nogen tid -vil blive sikkerhedsopdateret i wheezy.

- -

Bemærk, at indtil den officielle udgivelse finder sted, vil opdateringer til -pakken chromium i jessie, været forsinket længere end normalt, på grund af -mulige fejl og migreringsregler til testing.

- -

Desuden vil der ikke blive udsendt flere DSA'er vedrørende opdateringer til -chromium-pakken, indtil jessie er blevet udgivet officielt.

- -

Vejledning i opgradering fra Debian 7 til 8 er tilgængelig i: -

- -

Medier til installering af Debian 8 fra bunden, er også tilgængelige (vi -anbefaler medier med udgivelseskandidaten jessie_di_rc1):

- - - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3148.data" diff --git a/danish/security/2015/dsa-3149.wml b/danish/security/2015/dsa-3149.wml deleted file mode 100644 index d25e682a642..00000000000 --- a/danish/security/2015/dsa-3149.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="df17be9fd37ac22d12cf196d1eb0c0939afa9161" mindelta="1" -sikkerhedsopdatering - -

Florian Weimer fra Red Hat Product Security opdagede et problem i condor, et -system til håndtering af distributeret arbejdsbelastning. Ved afslutning af et -job, kan det som en valgmulighed give brugeren besked via mail; mailx-kaldet, -der anvendes i den proces, gjorde det muligt for enhver autentificeret bruger -med tilladelse til at igangsætte jobs, at udføre vilkårlig kode med -rettighederne hørende til condor-brugeren.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -7.8.2~dfsg.1-1+deb7u3.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), er dette problem rettet i version 8.2.3~dfsg.1-6.

- -

Vi anbefaler at du opgraderer dine condor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3149.data" diff --git a/danish/security/2015/dsa-3150.wml b/danish/security/2015/dsa-3150.wml deleted file mode 100644 index febe316ae75..00000000000 --- a/danish/security/2015/dsa-3150.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="c22b8579d06c856c7d910f4993a6ef81d4584944" mindelta="1" -sikkerhedsopdatering - -

Fabian Yamaguchi opdagede adskillige sårbarheder i VLC, en -multimedieafspiller og -streamer:

- -
    - -
  • CVE-2014-9626 - -

    MP4-demuxeren, når den fortolker strengbokse, kontrollerede ikke på - korrekt vis boksens længde, førende til et muligt heltalsunderløb, når den - længdeværdi blev anvendt i et kald til memcpy(). Det kunne gøre det muligt - for fjernangribere, at forårsage et lammelsesangreb (nedbrud) eller udføre - vilkårlig kode med fabrikerede MP4-filer.

    • - -
  • CVE-2014-9627 - -

    MP4-demuxeren, når den fortolker strengbokse, kontrollerede ikke på - korrekt vis konverteringen af bokslængden fra 64 bit-heltal til 32 - bit-heltal på 32 bit-platforme ikke medførte en trunkering, førende til et - muligt bufferoverløb. Dermed kunne det være muligt for fjernangribere at - forårsage et lammelsesangreb (nedbrud) eller udføre vilkårlig kode med - fabrikerede MP4-filer.

    • - -
  • CVE-2014-9628 - -

    MP4-demuxeren, når den fortolker strengbokse, kontrollerede ikke på - korrekt vis boksens længde, førende til et muligt bufferoverløb. Dermed - kunne det være muligt for fjernangribere at forårsage et lammelsesangreb - (nedbrud) eller udføre vilkårlig kode med fabrikerede MP4-filer.

    • - -
  • CVE-2014-9629 - -

    Dirac- og Schroedinger-enkoderne, kontrollerede ikke på korrekt vis om et - heltalsoverløb var påstået på 32 bit-platforme, førende til et muligt - bufferoverløb. Dermed kunne fjernangribere forårsage et lammelsesangreb - (nedbrud) eller udføre vilkårlig kode.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.0.3-5+deb7u2.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 2.2.0~rc2-2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.2.0~rc2-2.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3150.data" diff --git a/danish/security/2015/dsa-3151.wml b/danish/security/2015/dsa-3151.wml deleted file mode 100644 index 7cea5f28a6f..00000000000 --- a/danish/security/2015/dsa-3151.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="20c4faeac01b799f2bd48a05755e2ce9e87ab672" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Django, et Python-webudviklingsframework på -højt niveau. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2015-0219 - -

    Jedediah Smith rapporterede at WSGI-environ'en i Django ikke skelnede - mellem headere indeholdende bindestreger og headere indeholdende - understregninger. En fjernangriber kunne udnytte fejlen til at forfalske - WSGI-headere.

    • - -
  • CVE-2015-0220 - -

    Mikko Ohtamaa opdagede at funktionen django.util.http.is_safe_url() i - Django ikke på korrekt vis håndterede foranstillet whitespace i - brugerleverede viderestillings-URL'er. En fjernangriber kunne potentielt - udnytte fejlen til at udføre et angrib i forbindelse med udførelse af - skripter på tværs af websteder.

    • - -
  • CVE-2015-0221 - -

    Alex Gaynor rapporterede om en fejl i den måde, Django håndterede læsning - af filer i viewet django.views.static.serve(). En fjernangriber kunne - muligvis udnytte fejlen til at iværksætte et lammelsesangreb (denial of - service) gennem ressourcerforbrug.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.4.5-1+deb7u9.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 1.7.1-1.1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.7.1-1.1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3151.data" diff --git a/danish/security/2015/dsa-3152.wml b/danish/security/2015/dsa-3152.wml deleted file mode 100644 index e03e5f308fa..00000000000 --- a/danish/security/2015/dsa-3152.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="85962590dd1eb1a1b2ddd8912a5943d7ab7391fa" mindelta="1" -sikkerhedsopdatering - -

En fejl blev fundet i funktionen test_compr_eb(), hvilket gjorde det muligt -at læse og skrive i hukommelsen uden for grænserne. Ved omhyggeligt at -fremstille et defekt ZIP-arkiv, kunne en angriber udløse et heapoverløb, -medførende et applikationsnedbrud eller muligvis andre ikke-oplyste følger.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -6.0-8+deb7u2. Opdateringen retter desuden en defekt patch, som blev anvendt -til at løse \ -CVE-2014-8139, der forårsagede en regression med udførbare jar-filer.

- -

I den ustabile distribution (sid), er dette problem rettet i version 6.0-15. -Den defekte patch, der blev anvendt til at løse -\ -CVE-2014-8139 blev rettet i version 6.0-16.

- -

Vi anbefaler at du opgraderer dine unzip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3152.data" diff --git a/danish/security/2015/dsa-3153.wml b/danish/security/2015/dsa-3153.wml deleted file mode 100644 index 840d1eb7fef..00000000000 --- a/danish/security/2015/dsa-3153.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="ed6cac0661db8b46b8d9cb40ef9677b6bfe97220" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i krb5, MIT's implementering af -Kerberos:

- -
    - -
  • CVE-2014-5352 - -

    Ukorrekt hukommelseshåndtering i biblioteket libgssapi_krb5 kunne medføre - lammelsesangreb (denial of service) eller udførelse af vilkårlig - kode.

    • - -
  • CVE-2014-9421 - -

    Ukorrekt hukommelseshåndtering i kadminds behandling af XDR-data kunne - medføre lammelsesangreb eller udførelse af vilkårlig kode.

    • - -
  • CVE-2014-9422 - -

    Ukorrekt behandling af to-komponents-server-principaler kunne medføre - imitiationsangreb.

    • - -
  • CVE-2014-9423 - -

    En informationslækage i biblioteket libgssrpc.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.10.1+dfsg-5+deb7u3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.12.1+dfsg-17.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3153.data" diff --git a/danish/security/2015/dsa-3154.wml b/danish/security/2015/dsa-3154.wml deleted file mode 100644 index 342515f0199..00000000000 --- a/danish/security/2015/dsa-3154.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="5df577d7ee609fda96a551bed43beb2b1a7f4186" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i pakken ntp, en implementering af Network -Time Protocol. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2014-9750 - -

    Stephen Roettger fra Google Security Team, Sebastian Krahmer fra SUSE - Security Team og Harlan Stenn fra Network Time Foundation, opdagede at - længdeværdien i udvidelsesfelter, ikke på korrekt vis blev valideret i - flere kodestier i ntp_crypto.c, hvilket kunne føre til informationslækage - eller lammelsesangreb (nedbrud i ntpd).

    • - -
  • CVE-2014-9751 - -

    Stephen Roettger fra Google Security Team rapporterede, at ACL'er baseret - på IPv6 ::1-adresser, kunne omgås.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1:4.2.6.p5+dfsg-2+deb7u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:4.2.6.p5+dfsg-4.

- -

Vi anbefaler at du opgraderer dine ntp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3154.data" diff --git a/danish/security/2015/dsa-3155.wml b/danish/security/2015/dsa-3155.wml deleted file mode 100644 index 692d04c5e4d..00000000000 --- a/danish/security/2015/dsa-3155.wml +++ /dev/null @@ -1,48 +0,0 @@ -#use wml::debian::translation-check translation="db4f5424e551b616b9c1d82f50ce760c33b28b9b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i PostgreSQL-9.1, et SQL-databasesystem.

- -
    - -

  • CVE-2014-8161: -Informationslækage

    - -

    En bruger med begrænsede rettigheder til en tabel, kunne måske have adgang -til oplysninger i kolonner uden SELECT-rettigheder gennem fejlmeddelelser fra -serveren.

    • - -

  • CVE-2015-0241: -Læsning/skrivning uden for grænserne

    - -

    Funktionen to_char() kunne læse/skrive forbi slutningen af en buffer. Dermed -kunne serveren måske gå ned, når en formatingsskabelon blev behandlet.

    • - -

  • CVE-2015-0243: -Bufferoverløb i contrib/pgcrypto

    - -

    Modulet ppgcrypto var sårbart over for stakbufferoverløb, der måske kunne få -serveren til at gå ned.

    • - -

  • CVE-2015-0244: -SQL-kommandoindsprøjtning

    - -

    Emil Lenngren rapporterede, at en angriber kunne indsprøjte SQL-kommandoer, -når synkroniseringen mellem klienten og serveren blev mistet.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 9.1.15-0+deb7u1.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 9.1.14-0+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 9.1.15-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3155.data" diff --git a/danish/security/2015/dsa-3157.wml b/danish/security/2015/dsa-3157.wml deleted file mode 100644 index dc98b0a999c..00000000000 --- a/danish/security/2015/dsa-3157.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b858c9e314c8304a6764c2445e682bcb7f0462a5" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarhed blev opdaget i fortolkeren af Ruby-sproget:

- -
    - -
  • CVE-2014-4975 - -

    Funktionen encodes() i pack.c havde en forskudt med en-fejl, som kunne - føre til et stakbaseret bufferoverløb. Det kunne gøre det muligt for - fjernangribere, at forårsage et lammelsesangreb (nedbrud) eller udføre - vilkårlig kode.

    • - -
  • CVE-2014-8080, - CVE-2014-8090 - -

    REXML-fortolkeren kunne blive narret til at allokere store - strengobjekter, der kunne forbruge al tilgængelig hukommelse på systemet. - Det kunne gøre det muligt for fjernangribere, at forårsage et - lammelsesangreb (nedbrud).

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.9.3.194-8.1+deb7u3.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 2.1.5-1 af kildekodepakken ruby2.1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.1.5-1 af kildekodepakken ruby2.1.

- -

Vi anbefaler at du opgraderer dine ruby1.9.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3157.data" diff --git a/danish/security/2015/dsa-3158.wml b/danish/security/2015/dsa-3158.wml deleted file mode 100644 index e5f736bf69f..00000000000 --- a/danish/security/2015/dsa-3158.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="29ea8d025f958bf1b3b25f0683a87d1be7b99405" mindelta="1" -sikkerhedsopdatering - -

Michal Zalewski og Hanno Boeck opdagede flere sårbarheder i unrtf, et -konverteringsprogram fra RTF til andre formater, førende til et lammelsesangreb -(applikationsnedbrud) eller potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.21.5-3~deb7u1. Opdateringen er baseret på en ny opstrømsversion af -unrtf, indeholdende yderligere fejlrettelser, ny funktionalitet og inkompatible -ændringer (især er PostScript-understøttelsen droppet).

- -

I den kommende statbile distribution (jessie) og i den ustabile distribution -(sid), er disse problemer rettet i version 0.21.5-2.

- -

Vi anbefaler at du opgraderer dine unrtf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3158.data" diff --git a/danish/security/2015/dsa-3159.wml b/danish/security/2015/dsa-3159.wml deleted file mode 100644 index ca80fd2be18..00000000000 --- a/danish/security/2015/dsa-3159.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="6d7ef8b8b08c1b01d981838ed07a887360ae82b8" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at REXML-parseren, som er en del af fortolkeren til sproget -Ruby, kunne blive narret til at allokere store strengobjekter, som kunne -forbruge al tilgængelig hukommelse på systemet. Dermed kunne fjernangribere -have mulighed for at forårsage et lammelsesangreb (nedbrud).

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1.8.7.358-7.1+deb7u2.

- -

I den kommende stabile distribution (jessie), er dette problem rettet i -version 2.1.5-1 af kildekodepakken ruby2.1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.1.5-1 af kildekodepakken ruby2.1.

- -

Vi anbefaler at du opgraderer dine ruby1.8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3159.data" diff --git a/danish/security/2015/dsa-3160.wml b/danish/security/2015/dsa-3160.wml deleted file mode 100644 index 7d6941ce33c..00000000000 --- a/danish/security/2015/dsa-3160.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="3a5e003b8d278d472bcafefd339ffd7ac771019b" mindelta="1" -sikkerhedsopdatering - -

Olivier Fourdan opdagede at manglende fornuftighedskontrol af inddata i -X-serverens håndtering af XkbSetGeometry-forespørgsler, kunne medføre en -informationslækage eller et lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2:1.12.4-6+deb7u6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:1.16.4-1.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3160.data" diff --git a/danish/security/2015/dsa-3161.wml b/danish/security/2015/dsa-3161.wml deleted file mode 100644 index 8cbed65621f..00000000000 --- a/danish/security/2015/dsa-3161.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c4cb67abd88943406a4a8f49e4c1075ba8629d9a" mindelta="1" -sikkerhedsopdatering - -

Simon McVittie opdagede en lokal lammelsesangrebsfejl (denial of service) i -dbus, et asynkront interproces-kommunikationssystem. På systemer med -serviceaktivering i systemd-stil, forhindrede dbus-daemon ikke forfalskede -ActivationFailure-meddelelser fra ikke-root-processer. En ondsindet lokal -bruger kunne udnytte fejlen til at narre dbus-daemon til at tro, at det ikke -lykkedes systemd at aktivere en systemservice, medførende et fejlsvar tilbage -til den anmodende proces.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.6.8-1+deb7u6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.8.16-1.

- -

Vi anbefaler at du opgraderer dine dbus-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3161.data" diff --git a/danish/security/2015/dsa-3162.wml b/danish/security/2015/dsa-3162.wml deleted file mode 100644 index 53ab4bcb2de..00000000000 --- a/danish/security/2015/dsa-3162.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="f31630edd45345904c7715182fff5a30b84f2490" mindelta="1" -sikkerhedsopdatering - -

Jan-Piet Mens opdagede at DNS-serveren BIND gik ned når den behandlede et -ugyldigt DNSSEC-keyrollover, enten på grund af en fejl hos zoneoperatøren eller -på grund af en angribers indgriben i netværkstrafik. Problemet påvirker -opsætninger med indstillingerne dnssec-validation auto; (aktiveret som -standard i Debian-installeringer) eller dnssec-lookaside auto;.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:9.8.4.dfsg.P1-6+nmu2+deb7u4.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3162.data" diff --git a/danish/security/2015/dsa-3163.wml b/danish/security/2015/dsa-3163.wml deleted file mode 100644 index c52241826d8..00000000000 --- a/danish/security/2015/dsa-3163.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="02378c6242119509b0109681ccba42abb7531fec" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at LibreOffice, en kontorpakke, kunne forsøge at skrive til -ugyldige hukommelsesområder, når misdannede RTF-filer. Det kunne gøre det -muligt for fjernangribere at forårsage et lammelsesangreb (nedbrud) eller -udføre vilkårlig kode ved hjælp af fabrikerede RTF-filer.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:3.5.4+dfsg2-0+deb7u3.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 1:4.3.3-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:4.3.3-2.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3163.data" diff --git a/danish/security/2015/dsa-3164.wml b/danish/security/2015/dsa-3164.wml deleted file mode 100644 index 01e3b5b86d9..00000000000 --- a/danish/security/2015/dsa-3164.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="3c51f2991eb07763c98b2bff91eb480756d6eb2b" mindelta="1" -sikkerhedsopdatering - -

Pierrick Caillon opdagede at autentifikationen kunne omgås i -indholdshåndteringssystemet Typo 3. Se opstrømsbulletinen for yderligere -oplysninger: -

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 4.5.19+dfsg1-5+wheezy4.

- -

Den kommende stabile distribution (jessie) indeholder ikke længere Typo -3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.5.40+dfsg1-1.

- -

Vi anbefaler at du opgraderer dine typo3-src-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3164.data" diff --git a/danish/security/2015/dsa-3165.wml b/danish/security/2015/dsa-3165.wml deleted file mode 100644 index 611fad02e12..00000000000 --- a/danish/security/2015/dsa-3165.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="001350b1aec94042a63f02fc0c3b4bb6b46b2b6b" mindelta="1" -sikkerhedsopdatering - -

Jiri Horner opdagede en måde at få xdg-open, et værktøj der automatisk åbner -URL'er i brugerens foretrukne applikation, til at fjernudføre vilkårlige -komandoer.

- -

Problemet påvirker kun /bin/sh-implementeringer, som ikke -fornuftighedskontrollerer lokale variabler. Dash, som er Debians -/bin/sh-standard, er påvirket. Man ved at Bash som /bin/sh ikke er -påvirket.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.1.0~rc1+git20111210-6+deb7u3.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xdg-utils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3165.data" diff --git a/danish/security/2015/dsa-3166.wml b/danish/security/2015/dsa-3166.wml deleted file mode 100644 index 911881bffb2..00000000000 --- a/danish/security/2015/dsa-3166.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="849b13962e17cf39976eea7620f3e01af30de2d2" mindelta="1" -sikkerhedsopdatering - -

Jose Duart fra Google Security Team opdagede et bufferoverløb i e2fsprogs, et -værktøjssæt til filsystemerne ext2, ext3 og ext4. Problemet kunne muligvis føre -til udførelse af vilkårlig kode, hvis en ondsindet enhed blev tilsluttet og -systemet samtidig er opsat til automatisk at montere den, samt -monteringsprocessen samtidig beslutter at køre fsck på enhedens ondsindede -filsystem.

- - - -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.42.5-1.1+deb7u1.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine e2fsprogs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3166.data" diff --git a/danish/security/2015/dsa-3167.wml b/danish/security/2015/dsa-3167.wml deleted file mode 100644 index 8624d29165a..00000000000 --- a/danish/security/2015/dsa-3167.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b4e0fbde00690e6ea544bea09c3a47225783db9d" mindelta="1" -sikkerhedsopdatering - -

Jakub Wilk rapporterede at sudo, et program der har til formål at give -begrænset superbrugeradgang til specifikke brugere, bevarede en TZ-variabel fra -en brugers miljø, uden nogen fornuftighedskontrol. En bruger med sudoadgang, -kunne drage nytte af det til at misbruge fejl i C-biblioteksfunktioner, der -fortolker TZ-miljøvariablen eller til at åbne filer, som brugeren ellers ikke -ville være i stand til at åbne. Sidstnævnte kunne potentielt forårsage -ændringer i den måde, systemet opfører sig på, hvis enhedsspecifikke filer -læses, eller medføre at programmet kører via sudo til block'en.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.8.5p2-1+nmu2.

- -

Vi anbefaler at du opgraderer dine sudo-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3167.data" diff --git a/danish/security/2015/dsa-3168.wml b/danish/security/2015/dsa-3168.wml deleted file mode 100644 index 4a2093aaccf..00000000000 --- a/danish/security/2015/dsa-3168.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="31270f92e5153d19fe364e715cb95a05128b65f4" mindelta="1" -sikkerhedsopdatering - -

Kousuke Ebihara opdagede at redcloth, et Ruby-modul der anvendes til at -konvertere Textile-markup til HTML, ikke på korrekt vis -fornuftighedskontrollerede dets inddata. Dermed var det muligt for en -fjernangriber at iværksætte skriptangreb på tværs af websteder, ved at -indsprøjte vilkårlig JavaScript-kode i den genererede HTML-kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 4.2.9-2+deb7u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.2.9-4.

- -

Vi anbefaler at du opgraderer dine ruby-redcloth-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3168.data" diff --git a/danish/security/2015/dsa-3169.wml b/danish/security/2015/dsa-3169.wml deleted file mode 100644 index f61bcb3faa9..00000000000 --- a/danish/security/2015/dsa-3169.wml +++ /dev/null @@ -1,68 +0,0 @@ -#use wml::debian::translation-check translation="fe7e0607ee997c793c503d52ac1696cdde1b76ac" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er rettet i eglibc, Debians version af GNU -C-biblioteket:

- -
    - -
  • CVE-2012-3406 - -

    Funktionen vfprintf i stdio-common/vfprintf.c i GNU C-biblioteket (alias - glibc) 2.5, 2.12 og måske andre versioner, begrænsede ikke på korrekt vis - brugen af alloca-funktionen, når SPECS-array'et blev allokeret, hvilket - gjorde det muligt for kontekstafhængige angribere at omgå - FORTIFY_SOURCE-mekanismen til formatstrengsbeskyttelse og dermed forårsage - et lammelsesangreb (nedbrud) eller muligvis udføre vilkårlig kode ved hjælp - af fabrikerede formatstrenge med brug af positionsparametre og et stort - antal formatmarkører; det er en anden sårbarhed end - \ - CVE-2012-3404 og - \ - CVE-2012-3405.

    • - -
  • CVE-2013-7424 - -

    En ugyldig frigivelse-fejl blev fundet i glibc's funktion getaddrinfo(), - når den anvendes med flaget AI_IDN. En fjernangriber med mulighed for at - foretage et applikationskald til funktionen, kunne udnytte fejlen til at - udføre vilkårlig kode med rettighederne hørende til brugeren, der kører - applikationen. Bemærk at fejlen kun påvirker applikationer, som anvender - glibc kompileret med understøttelse af libidn.

    • - -
  • CVE-2014-4043 - -

    Funktionen posix_spawn_file_actions_addopen i glibc før version 2.20 - kopierer ikke sit stiparameter i overensstemmelse med POSIX-specifikationen, - hvilket gjorde det muligt for kontekstafhængige angribere at udløse - sårbarheder i forbindelse med anvendelse efter frigivelse.

    • - -
  • CVE-2014-9402 - -

    Funktionen getnetbyname i glibc 2.21 eller tidligere gik i en uendelig - løkke, hvis DNS-backend'en er aktiveret i systemopsætningen af Name Service - Switch, og DNS-resolveren modtager et positivt svar mens netværksnavnet - behandles.

    • - -
  • CVE-2015-1472 / - CVE-2015-1473 - -

    Under visse omstændigheder allokerede wscanf for lidt hukommelse til - parameteret to-be-scanned, hvilket fik den allokerede buffer til at løbe - over. Ukorrekt anvendelse af __libc_use_alloca (newsize), medførte - en anden (og svagere) policy blev håndhævet, hvilket kunne muliggøre - lammelsesangreb (denial of service).

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i version -2.13-38+deb7u8 af eglibc-pakken.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2.19-15 af glibc-pakken.

- -

Vi anbefaler at du opgraderer dine eglibc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3169.data" diff --git a/danish/security/2015/dsa-3170.wml b/danish/security/2015/dsa-3170.wml deleted file mode 100644 index 134739fb45b..00000000000 --- a/danish/security/2015/dsa-3170.wml +++ /dev/null @@ -1,100 +0,0 @@ -#use wml::debian::translation-check translation="f55b03755bc9caa466b99111b7884ea4b8e9c82b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke måske kunne føre til et -lammelsesangreb (denial of service), informationslækager eller -rettighedsforøgelse.

- -
    - -
  • CVE-2013-7421 / - CVE-2014-9644 - -

    Man opdagede at Crypto-API'et tillod upriviligerede brugere at indlæse - vilkårlige kernemoduler. En lokal bruger kunne benytte fejlen til at - udnytte sårbarheder i moduler, som normalt ikke ville blive - indlæst.

    • - -
  • CVE-2014-7822 - -

    Akira Fujita opdagede at systemkaldet splice() ikke validerede det givne - filoffset og -længde. En lokal upriviligeret bruger kunne udnytte fejlen - til at forårsage korruption af ext4-filsystemer eller muligvis have anden - indvirkning.

    • - -
  • CVE-2014-8160 - -

    Florian Westphal opdagede at en netfilterregel (iptables/ip6tables), som - accepterer pakker til en specifik SCTP-, DCCP-, GRE eller - UDPlite-port/-endpoint, kunne medføre en ukorrekt - forbindelsessporingstilstand. Hvis kun det generiske - forbindelsessporingsmodul (nf_conntrack) var indlæst, og ikke det - protokolspecifikke forbindelsessporingsmodul, ville der blive givet adgang - til enhver port/endpoint hørende til de speficierede protokol.

    • - -
  • CVE-2014-8559 - -

    Man opdagede at kernefunktioner, som itererer over et mappetræ, kunne gå - i dead-lock eller live-lock, i tilfælde af at nogle af mapperne nyligt var - slettet eller droppet fra cachen. En lokal upriviligeret bruger kunne - udnytte fejlen til lammelsesangreb.

    • - -
  • CVE-2014-9585 - -

    Andy Lutomirski opdagede at adressetilfældighedsgenerering for vDSO'en i - 64 bit-processer, var ekstremt forudindtaget. En lokal upriviligeret bruger - kunne potentielt udnytte fejlen til at omgå - ASLR-beskyttelsesmekanismen.

    • - -
  • CVE-2014-9683 - -

    Dmitry Chernenkov opdagede at eCryptfs skrev forbi slutningen af den - allokerede buffer under dekodning af krypterede filnavne, medførende - lokalt lammelsesangreb.

    • - -
  • CVE-2015-0239 - -

    Man opdagede at KVM ikke på korrekt vis emulerede x86's - SYSENTER-instruktion. En upriviligeret bruger på et gæstesystem, hvor - SYSENTER ikke er aktiveret, for eksempel fordi den emulerede CPU-leverandør - er AMD, kunne potentielt udnytte fejlen til at forårsage et lammelsesangreb - eller rettighedsforøgelse på denne gæst.

    • - -
  • CVE-2015-1420 - -

    Man opdagede at systemkaldet open_by_handle_at() læste handlestørrelsen - fra brugerens hukommelse en ekstra gang efter at have valideret den. En - lokal bruger med CAP_DAC_READ_SEARCH-muligheden, kunne udnytte fejlen til - rettighedsforøgelse.

    • - -
  • CVE-2015-1421 - -

    Man opdagede at SCTP-implementeringen kunne frigive en - autentificeringstilstand, mens den stadig var i brug, medførende korreuption - af heap. Dermed kunne det være muligt for fjernbrugere at forårsage et - lammelsesangreb eller rettighedsforøgelse.

    • - -
  • CVE-2015-1593 - -

    Man opdagede at adressetilfældighedsgeneratoren til den indledende stak i - 64 bit-processer, var begrænset til en entropi på 20 i stedet for 22 bits. - En lokal upriviligeret bruger kunne potentielt udnytte fejlen til at omgå - ASLR-beskyttelsesmekanismen.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i version -3.2.65-1+deb7u2. Desuden retter opdateringen regressioner opstået i versionerne -3.2.65-1 og 3.2.65-1+deb7u1.

- -

I den kommende stabile distribution (jessie), vil disse problemer snart blive -rettet (nogle er allerede rettet).

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet -(nogle er allerede rettet).

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3170.data" diff --git a/danish/security/2015/dsa-3171.wml b/danish/security/2015/dsa-3171.wml deleted file mode 100644 index d6016b7969a..00000000000 --- a/danish/security/2015/dsa-3171.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="b295e5faab77a29a560ea68000568c46ce830563" mindelta="1" -sikkerhedsopdatering - -

Richard van Eeden fra Microsoft Vulnerability Research opdagede at Samba, en -SMB-/CIFS-fil, -print og -loginserver til Unix, indeholdt en fejl i serverkoden -til netlogon, hvilket muliggjorde fjernudførelse af kode med rootrettigheder fra -en uautentificeret forbindelse.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2:3.6.6-6+deb7u5.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3171.data" diff --git a/danish/security/2015/dsa-3172.wml b/danish/security/2015/dsa-3172.wml deleted file mode 100644 index d0135a6622d..00000000000 --- a/danish/security/2015/dsa-3172.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="0fe7b4d89a001d5b365d1daa42edfd4ac2d85a54" mindelta="1" -sikkerhedsopdatering - -

Peter De Wachter opdagede at CUPS, Common UNIX Printing System, ikke på -korrekt vis fortolkede komprimerede rasterfiler. Ved at levere en særligt -fremstillet rasterfil, kunne en fjernangriber udnytte sårbarheden til at -udløse et bufferoverløb.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.5.3-5+deb7u5.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), er dette problem rettet i version 1.7.5-11.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3172.data" diff --git a/danish/security/2015/dsa-3173.wml b/danish/security/2015/dsa-3173.wml deleted file mode 100644 index 1241f2934ce..00000000000 --- a/danish/security/2015/dsa-3173.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="acce4c7cd463268056390d131b60eb9a1ab320b8" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libgtk2-perl, en Perl-grænseflade til 2.x-serien af Gimp -Toolkit-biblioteket, på ukorrekt vis frigav hukommelse, som GTK+ stadig holdt -fast i og senere kunne tilgå, førende til et lammelsesangreb -(applikationsnedbrud) eller potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2:1.244-1+deb7u1.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 2:1.2492-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:1.2492-4.

- -

Vi anbefaler at du opgraderer dine libgtk2-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3173.data" diff --git a/danish/security/2015/dsa-3174.wml b/danish/security/2015/dsa-3174.wml deleted file mode 100644 index 8613ab560a0..00000000000 --- a/danish/security/2015/dsa-3174.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="9aeec759c23c709076b2f527775d1e20b1fbdf80" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Flere hukommelsessikkerhedsfejl og -implementeringsfejl kunne føre til udførelse af vilkårlig kode eller -informationsafsløring.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 31.5.0esr-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.5.0esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3174.data" diff --git a/danish/security/2015/dsa-3175.wml b/danish/security/2015/dsa-3175.wml deleted file mode 100644 index e8ef00626d6..00000000000 --- a/danish/security/2015/dsa-3175.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="4dfbc3f9726f7562a0e47f907728772af7221ac3" mindelta="1" -sikkerhedsopdatering - -

Mateusz Kocielski og Marek Kroemeke opdagede at et heltalsoverløb i -IGMP-behandlingen kunne føre til et lammelsesangreb (denial of service) gennem -misdannede IGMP-pakker.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 9.0-10+deb70.9.

- -

Vi anbefaler at du opgraderer dine kfreebsd-9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3175.data" diff --git a/danish/security/2015/dsa-3176.wml b/danish/security/2015/dsa-3176.wml deleted file mode 100644 index 5860c0ce992..00000000000 --- a/danish/security/2015/dsa-3176.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="6ecc16b942bd3a70eab1f2430ed46ac878b16caf" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Request Tracker, et udvideligt system -til registrering af fejl og problemer. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2014-9472 - -

    Christian Loos opdagede et fjernudnytbar lammelsesangreb (denial of - service), udbytbart via mailgatewayen, som påvirkede enhver installation, - der accepterer mail fra kilder, der ikke er tillid til. Afhængight af RT's - logningsopsætning, kunne en fjernangriber drage nytte af fejlen til at - forårsage overdrevet brug af CPU og disk.

    • - -
  • CVE-2015-1165 - -

    Christian Loos opdagede en inforamtionsafsløringsfejl, som kunne - blotlægge RSS-feed-URL'er, og dermed ticketdata.

    • - -
  • CVE-2015-1464 - -

    Man opdagede at RSS-feed-URL'er kunne udnytes til at udføre - sessionskapring, hvilket gjorde det muligt for en bruger med URL'en, at - logge på som brugeren, der oprettede feed'et.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.0.7-5+deb7u3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.2.8-3.

- -

Vi anbefaler at du opgraderer dine request-tracker4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3176.data" diff --git a/danish/security/2015/dsa-3177.wml b/danish/security/2015/dsa-3177.wml deleted file mode 100644 index 1265886954e..00000000000 --- a/danish/security/2015/dsa-3177.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="029e6ea4f51bf08f2e1e7581a7c41d5f3e00b5e9" mindelta="1" -sikkerhedsopdatering - -

Thomas Klute opdagede at der i mod-gnutls, en Apache-modul som leverer SSL- -og TLS-kryptering vha. GnuTls, var en fejl som medførte at serverens -klientverifikationstilstand slet ikke blev taget i betragtning, i situationer -hvor mappens indstillinger ikke var opsat. Klienter med ugyldige certifikater -kunne da udnytte fejlen til at få adgang til den pågældende mappe.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.5.10-1.1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.6-1.3.

- -

Vi anbefaler at du opgraderer dine mod-gnutls-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3177.data" diff --git a/danish/security/2015/dsa-3178.wml b/danish/security/2015/dsa-3178.wml deleted file mode 100644 index f0c438d13f7..00000000000 --- a/danish/security/2015/dsa-3178.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="a710d7e7612485e64860042d4102bbaacc6ed485" mindelta="1" -sikkerhedsopdatering - -

Jakub Wilk opdagede at unace, et værktøj tli at udpakke teste og se -indeholdet af .ace-arkiver, var ra,t af et heltalsoverløb førende til et -bufferoverløb. Hvis en bruger eller automatisk system blev narret til at -behandle et særligt fremstillet ace-arkiv, kunne en angriber forårsage et -lammelsesangreb (applikationsnedbrud) eller muligvis udføre vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.2b-10+deb7u1.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 1.2b-12.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2b-12.

- -

Vi anbefaler at du opgraderer dine unace-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3178.data" diff --git a/danish/security/2015/dsa-3179.wml b/danish/security/2015/dsa-3179.wml deleted file mode 100644 index 04a8df2636a..00000000000 --- a/danish/security/2015/dsa-3179.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="76e750b77fed6083cc00bb29cd9513625662065a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af mail- -og newsklienten Mozilla Thunderbird. Flere hukommelsessikkerhedsfejl og -implementeringsfejl kunne måske føre til udførelse af vilkårlig kode eller -informationsafsløring.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 31.5.0-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.5.0-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3179.data" diff --git a/danish/security/2015/dsa-3180.wml b/danish/security/2015/dsa-3180.wml deleted file mode 100644 index 4ad2326a932..00000000000 --- a/danish/security/2015/dsa-3180.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b65766929f02cc45af8e20b62e0a6aa1366fedda" mindelta="1" -sikkerhedsopdatering - -

Alexander Cherepanov opdagede at bsdcpio, en implementering af programmet -cpio, som er en del af libarchive-projektet, var ramt af en -mappegennemløbssårbarhed via absolutte stier.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.0.4-3+wheezy1.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 3.1.2-11.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.1.2-11.

- -

Vi anbefaler at du opgraderer dine libarchive-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3180.data" diff --git a/danish/security/2015/dsa-3181.wml b/danish/security/2015/dsa-3181.wml deleted file mode 100644 index 8b79a18b312..00000000000 --- a/danish/security/2015/dsa-3181.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="11bc26bfc1ce0e4213104969551e2ec3eebb696f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev fundet i virtualiseringsløsningen -Xen:

- -
    - -
  • CVE-2015-2044 - -

    Informationslækage via x86-systemenhedsemuleringen.

    • - -
  • CVE-2015-2045 - -

    Informationslækage i hypercall'et HYPERVISOR_xen_version().

    • - -
  • CVE-2015-2151 - -

    Manglende fornuftighedskontrol af inddata i x86-emulatoren, kunne medføre - informationsafsløring, lammelsesangreb (denial of service) eller potentielt - rettighedsforøgelse.

    • - -
- -

Desuden rapporterede Xen-udviklerne om en begrænsning i håndteringen af -ikke-standard-PCI-enheder, som ikke kan løses. Se - for flere -oplysninger.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.1.4-3+deb7u5.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3181.data" diff --git a/danish/security/2015/dsa-3182.wml b/danish/security/2015/dsa-3182.wml deleted file mode 100644 index bee7071d5aa..00000000000 --- a/danish/security/2015/dsa-3182.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a38c1dbd52714ec7090ccc0a4cafece00c9879fa" mindelta="1" -sikkerhedsopdatering - -

Mariusz Ziulek rapporterede at libssh2, et SSH2-klientsidebibliotek, læste og -anvendte SSH_MSG_KEXINIT-pakken uden at udføre tilstrækkelige grænsekontroller, -når der blev forhandlet en ny SSH-session med en fjern server. En ondsindet -angriber kunne udgive sig for at være en rigtig server (manden i midten) og -forårsage at klienten, som anvender libssh2-biblioteket, gik ned -(lammelsesangreb) samt ellers læse og anvende utilsigtede hukommelsesområder -under processen.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4.2-1.1+deb7u1.

- -

Vi anbefaler at du opgraderer dine libssh2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3182.data" diff --git a/danish/security/2015/dsa-3183.wml b/danish/security/2015/dsa-3183.wml deleted file mode 100644 index 4a08a073295..00000000000 --- a/danish/security/2015/dsa-3183.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="b1aa801c7db9d214b58e5c7cb6d8b2cc7e891ea5" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Movable Type, et bloggingsystem. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2013-2184 - -

    Usikker anvendelse af Storable::thaw i håndteringen af kommentarerer til - blogindlæg, kunne gøre det muligt for fjernangribere at medtage og udføre - vilkårlige lokale Perl-filer eller muligvis fjernudføre vilkårlig - kode.

    • - -
  • CVE-2014-9057 - -

    Netanel Rubin fra Check Point Software Technologies opdagede en - SQL-indsprøjtningssårbarhed i XML-RPC-grænsefladen, hvilket gjorde det - muligt for fjernangribere at udføre vilkårlige SQL-kommandoer.

    • - -
  • CVE-2015-1592 - -

    Perl-funktionen Storable::thaw blev ikke anvendt korrekt, hvilket gjorde - det muligt for fjernangribere at medtage og udføre vilkårlige lokale - Perl-filer samt muligvis fjernudføre vilkårlig kode.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.1.4+dfsg-4+deb7u2.

- -

Vi anbefaler at du opgraderer dine movabletype-opensource-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3183.data" diff --git a/danish/security/2015/dsa-3184.wml b/danish/security/2015/dsa-3184.wml deleted file mode 100644 index f11d56b6e66..00000000000 --- a/danish/security/2015/dsa-3184.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="cbea61be1c9604aa4a2e19e55576fc39870749a3" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget GnuPG, GNU Privacy Guard:

- -
    - -
  • CVE-2014-3591 - -

    Elgamal-dekrypteringsrutinen var sårbar over for et sidekanalsangreb, - opdagede af efterforskere ved Tel Aviv University. Ciphertext-blinding blev - aktiveret for at modstå det. Bemærk at det kan have en ganske mærkbar - indvirkning på Elgamal-dekrypteringerins ydeevne.

    • - -
  • CVE-2015-0837 - -

    Den modulære eksponentieringsrutine mpi_powm() var sårbar over for et - sidekanalsangreb forårsaget af dataafhængig timingsvariationer, når den - tilgår sin interne præberegnede tabel.

    • - -
  • CVE-2015-1606 - -

    Nøgleringsfortolkningskoden afviste ikke på korrekt vis visse pakketyper, - som ikke hører til i en nøglering, hvilket medførte adgang til hukommelse, - som allerede er frigivet. Det kunne gøre det muligt for fjernangribere at - forårsage et lammelsesangreb (nedbrud) gennem fabrikerede - nøgleringsfiler.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.4.12-7+deb7u7.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 1.4.18-7.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.4.18-7.

- -

Vi anbefaler at du opgraderer dine gnupg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3184.data" diff --git a/danish/security/2015/dsa-3185.wml b/danish/security/2015/dsa-3185.wml deleted file mode 100644 index 2c2a5515e2b..00000000000 --- a/danish/security/2015/dsa-3185.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="c7d0195206235882b53b90adc2095fbab29702de" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i libgcrypt:

- -
    - -
  • CVE-2014-3591 - -

    Elgamal-dekrypteringsrutinen var sårbar over for et sidekanalsangreb, - opdagede af efterforskere ved Tel Aviv University. Ciphertext-blinding blev - aktiveret for at modstå det. Bemærk at det kan have en ganske mærkbar - indvirkning på Elgamal-dekrypteringerins ydeevne.

    • - -
  • CVE-2015-0837 - -

    Den modulære eksponentieringsrutine mpi_powm() var sårbar over for et - sidekanalsangreb forårsaget af dataafhængig timingsvariationer, når den - tilgår sin interne præberegnede tabel.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.5.0-5+deb7u3.

- -

Vi anbefaler at du opgraderer dine libgcrypt11-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3185.data" diff --git a/danish/security/2015/dsa-3186.wml b/danish/security/2015/dsa-3186.wml deleted file mode 100644 index f8679e5a6b2..00000000000 --- a/danish/security/2015/dsa-3186.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="1d85a6af2dc9e63df5bf5605b61ae32d9e210ea5" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at biblioteket Mozilla Network Security Service (nss) på -ukorrekt vis håndterede visse ASN.1-længder. En fjernangriber kunne muligvis -udnytte problemet til at udføre et datasmuglingsangreb.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2:3.14.5-1+deb7u4.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 2:3.17.2-1.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:3.17.2-1.1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3186.data" diff --git a/danish/security/2015/dsa-3187.wml b/danish/security/2015/dsa-3187.wml deleted file mode 100644 index 4e711de6cc1..00000000000 --- a/danish/security/2015/dsa-3187.wml +++ /dev/null @@ -1,61 +0,0 @@ -#use wml::debian::translation-check translation="2e7d44668caa7cd866adb7ec88b6d1599c6eb803" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i biblioteket International Components for -Unicode (ICU).

- - - -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.8.1.1-12+deb7u2.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), er disse problemer rettet i version 52.1-7.1.

- -

Vi anbefaler at du opgraderer dine icu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3187.data" diff --git a/danish/security/2015/dsa-3188.wml b/danish/security/2015/dsa-3188.wml deleted file mode 100644 index 2838c8fa983..00000000000 --- a/danish/security/2015/dsa-3188.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="6861d10a3df38a5aca96ff68852b79cbd91bf75d" mindelta="1" -sikkerhedsopdatering - -

Mateusz Jurczyk opdagede adskillige sårbarheder i Freetype. Åbning af -misdannede skrifttyper (fonts) kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.4.9-1.1+deb7u1.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 2.5.2-3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.5.2-3.

- -

Vi anbefaler at du opgraderer dine freetype-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3188.data" diff --git a/danish/security/2015/dsa-3189.wml b/danish/security/2015/dsa-3189.wml deleted file mode 100644 index 35fa64c4279..00000000000 --- a/danish/security/2015/dsa-3189.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="01aa1b88f5f61e0e91e10a816cc0e4fc0fe92bab" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er rettet i adskillige demuxere og dekodere hørende -til multimediebiblioteket libav multimedia. En komplet liste over alle -ændringer er tilgængelig på -

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 6:0.8.17-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 6:11.3-1.

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3189.data" diff --git a/danish/security/2015/dsa-3190.wml b/danish/security/2015/dsa-3190.wml deleted file mode 100644 index 3975983f396..00000000000 --- a/danish/security/2015/dsa-3190.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="3c563adabbf34cee86dbd64e32a2ab07578e0b40" mindelta="1" -sikkerhedsopdatering - -

Patrick Coleman opdagede at SSH-klienten Putty ikke fik slettet ubenyttet -følsom hukommelse.

- -

Desuden opdagede Florent Daigniere at eksponentielle værdier i Diffie -Hellman-udvekslinger var utilstrækkeligt begrænsede.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.62-9+deb7u2.

- -

I den kommende stable distribution (jessie), er dette problem -rettet i version 0.63-10.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.63-10.

- -

Vi anbefaler at du opgraderer dine putty-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3190.data" diff --git a/danish/security/2015/dsa-3191.wml b/danish/security/2015/dsa-3191.wml deleted file mode 100644 index 7ce785868e4..00000000000 --- a/danish/security/2015/dsa-3191.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="48026f0ff2be6a236eed11dd6f408fb4ff8c513d" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i GnuTLS, et bibliotek der implementerer -protokollerne TLS og SSL. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2015-0282 - -

    GnuTLS verificerer ikke RSA PKCS #1-signaturalgoritmen, for at - sammenligne den med certifikatets signaturalgoritme, førende til en - potentiel nedgradering til en ikke-tilladt algoritme uden at der blev - lagt mærke til det.

    • - -
  • CVE-2015-0294 - -

    Man rapporterede at GnuTLS ikke kontrollerer hvorvidt de to - signaturalgoritmer stemmer overens ved certifikatimportering.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.12.20-8+deb7u3.

- -

Vi anbefaler at du opgraderer dine gnutls26-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3191.data" diff --git a/danish/security/2015/dsa-3192.wml b/danish/security/2015/dsa-3192.wml deleted file mode 100644 index 1dccc1be794..00000000000 --- a/danish/security/2015/dsa-3192.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="89255289408a58e12e58f9e3ae14868f6706fad6" mindelta="1" -sikkerhedsopdatering - -

Hiroya Ito fra GMO Pepabo, Inc. rapporterede at checkpw, et program til -autentificering af adgangskoder, var ramt af en fejl i behandlingen af -kontonavne, som indeholder dobbelte bindestreger. En fjernangriber kunne -udnytte fejlen til at forårsage et lammelsesangreb (uendelig løkke).

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.02-1+deb7u1.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 1.02-1.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.02-1.1.

- -

Vi anbefaler at du opgraderer dine checkpw-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3192.data" diff --git a/danish/security/2015/dsa-3193.wml b/danish/security/2015/dsa-3193.wml deleted file mode 100644 index 6197d211231..00000000000 --- a/danish/security/2015/dsa-3193.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="d4f120d6ba36958d00fee5ea7f0abf41dd060abc" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i tcpdump, et kommandolinjeprogram til -analysering af netværkstrafik. Sårbarhederne kunne medføre lammelsesangreb -(applikationsnedbrud) eller potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 4.3.0-1+deb7u2.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 4.6.2-4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.6.2-4.

- -

Vi anbefaler at du opgraderer dine tcpdump-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3193.data" diff --git a/danish/security/2015/dsa-3194.wml b/danish/security/2015/dsa-3194.wml deleted file mode 100644 index d68312aaa23..00000000000 --- a/danish/security/2015/dsa-3194.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="f4ca8fb95ed059776c50a87b17b02043b06f879c" mindelta="1" -sikkerhedsopdatering - -

Ilja van Sprundel, Alan Coopersmith og William Robinet opdagede adskillige -problemer i libxfonts kode til behandling af BDF-skrifttyper, hvilket måske -kunne medføre rettighedsforøgelse.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.4.5-5.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libxfont-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3194.data" diff --git a/danish/security/2015/dsa-3195.wml b/danish/security/2015/dsa-3195.wml deleted file mode 100644 index cc7cdd2e929..00000000000 --- a/danish/security/2015/dsa-3195.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="e710206312cd1d94b93bfa94d5f7278824a85ef5" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i sproget PHP:

- -
    - -
  • CVE-2015-2305 - -

    Guido Vranken opdagede et heapoverløb i ereg-udvidelsen (gælder kun - 32 bit-systemer).

    • - -
  • CVE-2014-9705 - -

    Bufferoverløb i enchant-udvidelsen.

    • - -
  • CVE-2015-0231 - -

    Stefan Esser opdagede en anvendelse-efter-frigivelse i afserialiseringen - af objekter.

    • - -
  • CVE-2015-0232 - -

    Alex Eubanks opdagede hukorrekt hukommelseshåndtering i - exif-udvidelsen.

    • - -
  • CVE-2015-0273 - -

    Anvendelse-efter-frigivelse i afserialiseringen af DateTimeZone.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.4.38-0+deb7u1.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 5.6.6+dfsg-2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.6.6+dfsg-2.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3195.data" diff --git a/danish/security/2015/dsa-3196.wml b/danish/security/2015/dsa-3196.wml deleted file mode 100644 index 43b51c12f6e..00000000000 --- a/danish/security/2015/dsa-3196.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="9e508041da34a5f3de9dd883b72a61d717751296" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck opdagede at files ELF-fortolker var sårbar over for et -lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.11-2+deb7u8.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 1:5.22+15-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:5.22+15-1.

- -

Vi anbefaler at du opgraderer dine file-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3196.data" diff --git a/danish/security/2015/dsa-3197.wml b/danish/security/2015/dsa-3197.wml deleted file mode 100644 index c97fe72163f..00000000000 --- a/danish/security/2015/dsa-3197.wml +++ /dev/null @@ -1,50 +0,0 @@ -#use wml::debian::translation-check translation="96e9fbb597d831fc91d0a3d7c1661351857a6de5" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i OpenSSL, et Secure Sockets -Layer-værktøjssæt. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2015-0286 - -

    Stephen Henson opdagede at funktionen ASN1_TYPE_cmp() kunne bringes til - at gå ned, medførende lammelsesangreb (denial of service).

    • - -
  • CVE-2015-0287 - -

    Emilia Kaesper opdagede en forekomst af hukommelseskorruption i - ASN.1-fortolkningen.

    • - -
  • CVE-2015-0289 - -

    Michal Zalewski opdagede en NULL-pointerdereference i - PKCS#7-fortolkningskoden, medførende lammelsesangreb.

    • - -
  • CVE-2015-0292 - -

    Man opdagede at manglende fornuftighedskontrol af inddata i - base64-dekodningen måske kunne medføre hukommelseskorruption.

    • - -
  • CVE-2015-0209 - -

    Man opdagede at en misdannet privat EC-nøgle måske kunne medføre - hukommelseskorruption.

    • - -
  • CVE-2015-0288 - -

    Man opdagede at manglende fornuftighedskontrol af inddata i funktionen - X509_to_X509_REQ(), måske kunne medføre et lammelsesangreb.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.0.1e-2+deb7u15. I opdateringen er export ciphers fjernet fra -standard-cipherlisten.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3197.data" diff --git a/danish/security/2015/dsa-3198.wml b/danish/security/2015/dsa-3198.wml deleted file mode 100644 index 53b8c9f6d98..00000000000 --- a/danish/security/2015/dsa-3198.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="c8413c51db1599bf596bf9be20abdf566899c5d3" mindelta="1" -sikkerhedsopdatering - -

Adskilligere sårbarheder er opdaget i PHP-sproget:

- -
    - -
  • CVE-2015-2301 - -

    Anvendelse efter frigivelse i phar-udvidelsen.

    • - -
  • CVE-2015-2331 - -

    Emmanuel Law opdagede et heltalsoverløb i behandlingen af ZIP-arkiver, - medførende lammelsesangreb eller potentielt udførelse af vilkårlig - kode.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.4.39-0+deb7u1. Opdateringen retter en regression i curl-understøttelsen, -opstået i DSA 3195.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3198.data" diff --git a/danish/security/2015/dsa-3199.wml b/danish/security/2015/dsa-3199.wml deleted file mode 100644 index d456ce2205d..00000000000 --- a/danish/security/2015/dsa-3199.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="0fcf9a248ef4a2bc56c7f3d1c5a22ce2824264de" mindelta="1" -sikkerhedsopdatering - -

Anton Rager og Jonathan Brossard fra Salesforce.com Product Security Team og -Ben Laurie fra Google, opdagede en lammelsesangrebssårbarhed i xerces-c, et -validerende XML-fortolkningsbibliotek til C++. Fortolkeren fejlhåndterede visse -former for misdannede inddatadokumenter, medførende segmenteringsfejl under -fortolkningshandlingen. En uautentificeret angriber kunne udnytte fejlen til at -få en applikation, som anvender biblioteket xerces-c, til at gå ned.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 3.1.1-3+deb7u1.

- -

Vi anbefaler at du opgraderer dine xerces-c-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3199.data" diff --git a/danish/security/2015/dsa-3200.wml b/danish/security/2015/dsa-3200.wml deleted file mode 100644 index 7c11581d063..00000000000 --- a/danish/security/2015/dsa-3200.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="6166f1852ca7475c6fb0b633f648ee917d947729" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i indholdshåndteringsframeworket Drupal. -Flere oplysninger finder man på -

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 7.14-2+deb7u9.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.32-1+deb8u2.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3200.data" diff --git a/danish/security/2015/dsa-3201.wml b/danish/security/2015/dsa-3201.wml deleted file mode 100644 index 506c8a25fb2..00000000000 --- a/danish/security/2015/dsa-3201.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="a0c0e5eb944afe3f9240c2d67633ec3f61fcd194" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2015-0817 - -

    ilxu1a rapporterede om en fejl i Mozillas implementering af - grænsekontrollerne på typed arrays i JavaScript just-in-time-kompilering - (JIT) samt dens håndtering af grænsekontroller ved heapadgang. Fejlen kunne - anvendes til læsning og skrivning af hukommelse, hvilket gjorde det muligt - at udføre vilkårlig kode på det lokale system.

    • - -
  • CVE-2015-0818 - -

    Mariusz Mlynski opdagede en metode til at køre vilkårlige skripter i en - priviligeret sammenhæng. Det omgik beskyttelsen via samme ophav-reglen, - ved at udnytte en fejl i behandlingen af navigering af indhold i - SVG-formatet.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 31.5.3esr-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.5.3esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3201.data" diff --git a/danish/security/2015/dsa-3202.wml b/danish/security/2015/dsa-3202.wml deleted file mode 100644 index 44a1df6ab2e..00000000000 --- a/danish/security/2015/dsa-3202.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="fe76fb6d9644da9de3e81a2f1765f67746813bb4" mindelta="1" -sikkerhedsopdatering - -

Efterforskere hos INRIA og Xamarin opdagede flere sårbarheder i mono, en -platform til afvikling og udvikling af applikationer baseret på -ECMA-/ISO-standarder. Monos TLS-stak indeholdt flere problemer, som hæmmede -dens muligheder: pproblemerne kunne føre til klientimitation (via SKIP-TLS), -SSLv2-tilbagefald og krypteringssvækkelse (via FREAK).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.10.8.1-8+deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.2.8+dfsg-10.

- -

Vi anbefaler at du opgraderer dine mono-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3202.data" diff --git a/danish/security/2015/dsa-3203.wml b/danish/security/2015/dsa-3203.wml deleted file mode 100644 index c87f5d70fd9..00000000000 --- a/danish/security/2015/dsa-3203.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="b94dcc8ee0fc65608ee6921407d9d0f2707879b0" mindelta="1" -sikkerhedsopdatering - -

Flere lammelsesangrebsproblemer er opdaget i Tor, et forbindelsesbaseret -anonymt kommunikationssystem med lav latenstid.

- -
    - -

  • Jowr opdagede en meget høj DNS-forespørgselsbelastning på et relay, - kunne udløse en assertionfejl.

    • - -

  • Et relay kunne gå ned med en assertionfejl, hvis en buffer med - nøjagtigt det forkerte layout blev leveret til buf_pullup() på præcis det - forkerte tidspunkt.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet -i version 0.2.4.26-1.

- -

I distributionen testing (jessie) og i den ustabile distribution (sid), -er disse problemer rettet i version 0.2.5.11-1.

- -

Yderligere deaktiverer denne opdatering understøttelse af SSLv3 i Tor. Alle -versions af OpenSSL, som anvendes med Tor i dag, understøtter TLS 1.0 eller -senere.

- -

Desuden opdateres med denne udgivelse geoIP-databasen, som anvendes af Tor, -samt listen over directory-myndighedsservere, som Tor-klienter anvender til -bootstrap og som underskriver Tors directory-koncensusdokument.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3203.data" diff --git a/danish/security/2015/dsa-3204.wml b/danish/security/2015/dsa-3204.wml deleted file mode 100644 index dda687c582e..00000000000 --- a/danish/security/2015/dsa-3204.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="77ed33d28e94c8cc1d61415552d1d3d6211fd56a" mindelta="1" -sikkerhedsopdatering - -

Daniel Chatfield opdagede at python-django, et Python-webudviklingsframework -på højt niveau, på ukorrekt vis håndterede brugerleverede -viderestillings-URL'er. En fjernangriber kunne udnytte fejlen til at iværksætte -et angreb i forbindelse med udførelse af skripter på tværs af websteder.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.4.5-1+deb7u11.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.7.7-1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3204.data" diff --git a/danish/security/2015/dsa-3205.wml b/danish/security/2015/dsa-3205.wml deleted file mode 100644 index d4315857f7a..00000000000 --- a/danish/security/2015/dsa-3205.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="93c8c5c487d6ec7abfe1da3fe0e176c9dee690ca" mindelta="1" -sikkerhedsopdatering - -

Nicolas Gregoire og Kevin Schaller opdagede at Batik, et værktøjssæt til -behandling af SVG-billeder, indlæste eksterne XML-entiteter som standard. Hvis -en bruger eller et automatiseret system blev narret til at åbne en særligt -fremstillet SVG-fil, kunne en angriber muligvis få adgang til vilkårlige filer -eller forårsage ressourceforbrug.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1.7+dfsg-3+deb7u1.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), er dette problem rettet i version 1.7+dfsg-5.

- -

Vi anbefaler at du opgraderer dine batik-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3205.data" diff --git a/danish/security/2015/dsa-3206.wml b/danish/security/2015/dsa-3206.wml deleted file mode 100644 index 1246b082e4d..00000000000 --- a/danish/security/2015/dsa-3206.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="5f150b3d77d17d6249f3e95abb9a678a7ad6b7fb" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Dulwich, en Python-implementering af -de filformater og protokoller, som anvendes af versionskontrolsystemet Git. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2014-9706 - -

    Man opdagede at Dulwich tillod skrivning til filer under .git/, når - arbejdstræer blev checket ud. Det kunne føre til udførelse af vilkårlig - kode med rettighederne tilhørende brugeren, der kører en applikation - baseret på Dulwich.

    • - -
  • CVE-2015-0838 - -

    Ivan Fratric fra Google Security Team fandt et bufferoverløb i - C-implementeringen af funktionen apply_delta(), som anvendes når der - tilgås Git-objekter i packfiler. En angriber kunne drage nytte af fejlen - til at forårsage udførelse af vilkårlig kode med rettighederne hørende til - brugeren, der kører en Git-server eller -klient baseret på Dulwich.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.8.5-2+deb7u2.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 0.9.7-3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.10.1-1.

- -

Vi anbefaler at du opgraderer dine dulwich-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3206.data" diff --git a/danish/security/2015/dsa-3207.wml b/danish/security/2015/dsa-3207.wml deleted file mode 100644 index 34382981e10..00000000000 --- a/danish/security/2015/dsa-3207.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="955b80d1fede6de5f1270b132c0b08ba3c9f7435" mindelta="1" -sikkerhedsopdatering - -

En lammelsesangrebssårbarhed (denial of service) er fundet i Shibboleth (et -forbundet identitetsframework) Service Provider. Når der blev behandlet visse -misdannede SAML-meddelelser, genereret af en autentificeret angriber, kunne -dæmonen gå ned.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.4.3+dfsg-5+deb7u1.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 2.5.3+dfsg-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.5.3+dfsg-2.

- -

Vi anbefaler at du opgraderer dine shibboleth-sp2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3207.data" diff --git a/danish/security/2015/dsa-3208.wml b/danish/security/2015/dsa-3208.wml deleted file mode 100644 index 836c51e983a..00000000000 --- a/danish/security/2015/dsa-3208.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="3f1792eead47f3e1af3e5109e7819f029a14f292" mindelta="1" -sikkerhedsopdatering - -

Jodie Cunningham opdagede adskillige sårbarheder i freexl, et bibliotek til -læsning af Microsoft Excel-regneark, hvilket måske kunne medføre lammelsesangreb -(denial of service) eller udførelse af vilkårlig kode, hvis en misdannet -Excel-fil blev åbnet.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.0.0b-1+deb7u1.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 1.0.0g-1+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.0g-1+deb8u1.

- -

Vi anbefaler at du opgraderer dine freexl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3208.data" diff --git a/danish/security/2015/dsa-3209.wml b/danish/security/2015/dsa-3209.wml deleted file mode 100644 index f1929e10b40..00000000000 --- a/danish/security/2015/dsa-3209.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="52391540f4f2a296c860d76d8accb22696dfca2a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i OpenLDAP, en fri implementering af -Lightweight Directory Access Protocol.

- -
    - -
  • CVE-2013-4449 - -

    Michael Vishchers fra Seven Principles AG opdagede en - lammelsesangrebssårbarhed (denial of service) i slapd, implementeringen af - directoryserver. Når en server er opsat til at anvende RWM-overlay'et, - kunne en angriber få den til at gå ned, ved at unbind'e lige efter at have - etableret en forbindelse, på grund af et problem med optælling af - referencer.

    • - -
  • CVE-2014-9713 - -

    Debians standardopsætning af directorydatabasen tillader at enhver bruger - kan redigere sine egne attributter. Når LDAP-directories anvendes til - adgangskontrol, og det sker ved hjælp af brugerattributter, kunne en - autentificeret bruger udnytte det til at få adgang til uautoriserede - ressourcer.

    - -

    Bemærk at det er en Debian-specifik sårbarhed.

    - -

    Den nye pakke anvender ikke den usikre adgangskontrolregel til ved - nye databaser, men eksisterende opsætninger ændres ikke automatisk. - Administratorer opfordres til at læse filen README.Debian, der følger med - den opdaterede pakker, hvis de har behov for at rette - adgangskontrolreglen.

    • - -
  • CVE-2015-1545 - -

    Ryan Tandy opdagede et en lammelsesangrebssårbarhed i slapd. Når der - anvendes deref-overlay'et, kunne overførsel af en tom attributliste i en - forespørgsmål få dæmonen til at gå ned.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.4.31-2.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 2.4.40-4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.4.40-4.

- -

Vi anbefaler at du opgraderer dine openldap-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3209.data" diff --git a/danish/security/2015/dsa-3210.wml b/danish/security/2015/dsa-3210.wml deleted file mode 100644 index fb438589d5c..00000000000 --- a/danish/security/2015/dsa-3210.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e97d154ef8d535650e8b0e8ff8b0ade5410419c3" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i dissektorer/fortolkere af WCP, pcapng og -TNEF, hvilke kunne medføre lammelsesangreb (denial of service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.8.2-5wheezy15.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 1.12.1+g01b65bf-4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.12.1+g01b65bf-4.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3210.data" diff --git a/danish/security/2015/dsa-3211.wml b/danish/security/2015/dsa-3211.wml deleted file mode 100644 index ebb7a6d06e1..00000000000 --- a/danish/security/2015/dsa-3211.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="4d1e97aa7696292ae7a9a3842ec73dd3706bc9f8" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Adskillige hukommelsessikkerhedsfejl, -anvendelser efter frigivelse samt andre implementeringsfejl kunne føre til -udførelse af vilkårlig kode, omgåelse af sikkerhedsbegrænsinger, lammelsesangreb -eller forfalskning af forespørgsler på tværs af websteder.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 31.6.0esr-1~deb7u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.6.0esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3211.data" diff --git a/danish/security/2015/dsa-3212.wml b/danish/security/2015/dsa-3212.wml deleted file mode 100644 index 8044b4b90d6..00000000000 --- a/danish/security/2015/dsa-3212.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="14857acf8a7a864b7c8371399f988f5368564579" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af -mailklienten Mozilla Thunderbird: Adskillige hukommelsessikkerhedsfejl, -anvendelser efter frigivelse samt andre implementeringsfejl kunne føre til -udførelse af vilkårlig kode, omgåelse af sikkerhedsbegrænsinger, lammelsesangreb -eller forfalskning af forespørgsler på tværs af websteder.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 31.6.0-1~deb7u1.

- -

For the upcoming stable distribution (jessie), er disse problemer -rettet i version 31.6.0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 31.6.0-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3212.data" diff --git a/danish/security/2015/dsa-3213.wml b/danish/security/2015/dsa-3213.wml deleted file mode 100644 index a9504987fb6..00000000000 --- a/danish/security/2015/dsa-3213.wml +++ /dev/null @@ -1,48 +0,0 @@ -#use wml::debian::translation-check translation="ff002cb5ab2e566341c7cac5e8d38b4941b6d72f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i arj, en open source-udgave af -arkiveringsprogrammet arj. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2015-0556 - -

    Jakub Wilk opdagede at arj fulgte symlinks oprettet under udpakning af et - arj-arkiv. En fjernangriber kunne udnytte fejlen til at gennemføre et - mappegennemløbsangreb, hvis en bruger eller et automatiseretsystem blev - narre til at behandle et særligt fremstillet arj-arkiv.

    • - -
  • CVE-2015-0557 - -

    Jakub Wilk opdagede at arj ikke på tilstrækkelig vis beskyttede mod - mappegennemløb under udpakning af et arj-arkiv indeholdende filstier med - adskillige foranstillede skråstreger. En fjernangriber kunne udnytte fejlen - til at skrive til vilkårlige filer, hvis en bruger eller et automatiseret - system blev narret til at behandle et særligt fremstillet - arj-arkiv.

    • - -
  • CVE-2015-2782 - -

    Jakub Wilk og Guillem Jover opdagede en bufferoverløbssårbarhed i arj. - En fjernangriber kunne udnytte fejlen til at forårsage et - applikationsnedbrud eller muligvis udførelse af vilkårlig kode med - rettighederne tilhørende den bruger, som kører arj.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 3.10.22-10+deb7u1.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 3.10.22-13.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.10.22-13.

- -

Vi anbefaler at du opgraderer dine arj-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3213.data" diff --git a/danish/security/2015/dsa-3214.wml b/danish/security/2015/dsa-3214.wml deleted file mode 100644 index 2abd83fcea3..00000000000 --- a/danish/security/2015/dsa-3214.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7545ecdb6181c66ccdb92a3a7ca7d0e57dd6ea4c" mindelta="1" -sikkerhedsopdatering - -

En mappegennemløbssårbarhed blev opdaget i Mailman, et program til -håndtering af postlister. Installationer, som anvender et transportskript (så -som postfix-to-mailman.py) som grænseflade til deres MTA i stedet for statiske -aliaser, var sårbare over for et mappegennemløbsangreb. For at udnytte fejlen -med succes, skal en angriber have skriveadgang på det lokale filsystem.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1:2.1.15-1+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:2.1.18-2.

- -

Vi anbefaler at du opgraderer dine mailman-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3214.data" diff --git a/danish/security/2015/dsa-3215.wml b/danish/security/2015/dsa-3215.wml deleted file mode 100644 index 856befde101..00000000000 --- a/danish/security/2015/dsa-3215.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="4fa1c475f7c37e61d13bb950835cba3e0ad3e9b2" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i libgd2, et grafikbibliotek:

- -
    - -
  • CVE-2014-2497 - -

    Funktionen gdImageCreateFromXpm() forsøgte at dereferere en NULL-pointer, - når der blev læst en XPM-fil med en særlig farvetabel. Det kunne gøre det - muligt for fjernangribere at forårsage et lammelsesangreb (nedbrud) gennem - fabrikerede XPM-filer.

    • - -
  • CVE-2014-9709 - -

    Import af en ugyldig GIF-fil ved hjælp af funktionen - gdImageCreateFromGif(), medførte et læsningsbufferoverløb, der kunne gøre - det muligt for at fjernangribere at forårsage et lammelsesangreb (nedbrud) - gennem fabrikerede GIF-filer.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 2.0.36~rc1~dfsg-6.1+deb7u1.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 2.1.0-5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.1.0-5.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3215.data" diff --git a/danish/security/2015/dsa-3216.wml b/danish/security/2015/dsa-3216.wml deleted file mode 100644 index db95a0dd07c..00000000000 --- a/danish/security/2015/dsa-3216.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="672a7ce18cef0951377a4126d1d60f7a0b884178" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Tor, en forbindelsesbaseret anonymt -kommunikationssystem med lav latency:

- -
    - -
  • CVE-2015-2928 - -

    disgleirio opdagede at en ondsindet klient kunne udløse en - assertionfejl i en Tor-instans, som leverer en skjult service, og dermed - medføre at servicen blev utilgængelig.

    • - -
  • CVE-2015-2929 - -

    DonnchaC opdagede at Tor-klienter gik ned med en assertionfejl ved - fortolkning af særligt fremstillede skjulte servicedeskriptorer.

    • - -
- -

Introduction points accepterede adskillige INTRODUCE1-celler på et kredsløb, -hvilket gjorde det billigt for en angriber at overbelaste et skjult service med -introductions. Introduction points tillader nu ikke længere adskillige celler -af den type på det samme kredsløb.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 0.2.4.27-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.2.5.12-1.

- -

I den eksperimentelle distribution, er disse problemer -rettet i version 0.2.6.7-1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3216.data" diff --git a/danish/security/2015/dsa-3217.wml b/danish/security/2015/dsa-3217.wml deleted file mode 100644 index c0e5acd4f4e..00000000000 --- a/danish/security/2015/dsa-3217.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="02a9dbfaccf2799341459bb4efa2343489e642dc" mindelta="1" -sikkerhedsopdatering - -

Jann Horn opdagede at verifikationen af kildekodeintegritet i dpkg-source -kunne omgås gennem en særligt fremstillet Debian-kildekodekontrolfil (.dsc). -Bemærk at fejlen kun påvirker udpakning af lokale Debian-kildekodepakker gennem -dpkg-source, men ikke installeringen af pakker fra Debians arkiv.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1.16.16. Opdateringen indeholder også ikke-sikkerhedsrelevante ændringer, som -oprindelig var planlagt til den næste punktopdatering af wheezy. Se Debians -changelog for flere oplysninger.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.17.25.

- -

Vi anbefaler at du opgraderer dine dpkg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3217.data" diff --git a/danish/security/2015/dsa-3218.wml b/danish/security/2015/dsa-3218.wml deleted file mode 100644 index 3ff9a460e00..00000000000 --- a/danish/security/2015/dsa-3218.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="530ea5aa67445b90b5bc0fea27053b6f5c9b5188" mindelta="1" -sikkerhedsopdatering - -

Ignacio R. Morelle opdagede at manglende stibegræsninger i spillet Battle -of Wesnoth kunne medføre afsløring af vilkårlige filer i en brugers -hjemmemappe, hvis en ondsindet campaigns/maps blev indlæst.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.10.3-3+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.10.7-2 og i version 1:1.12.1-1 af kildekodepakken wesnoth-1.12 -source package.

- -

Vi anbefaler at du opgraderer dine wesnoth-1.10-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3218.data" diff --git a/danish/security/2015/dsa-3219.wml b/danish/security/2015/dsa-3219.wml deleted file mode 100644 index 0a25627bded..00000000000 --- a/danish/security/2015/dsa-3219.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="0582fd3a0ade138088175e76bca4b908e2e0e9ac" mindelta="1" -sikkerhedsopdatering - -

Stefan Roas opdagede en måde at forårsage et bufferoverløb i DBD-FireBird, -en Perl-DBI-driver til Firebird-RDBMS'en, i visse fejltilstande, på grund af -anvendelsen af funktionen sprintf() til skrivning af en hukommelsesbuffer med -en fast størrelse.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.91-2+deb7u1.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 1.18-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.18-2.

- -

Vi anbefaler at du opgraderer dine libdbd-firebird-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3219.data" diff --git a/danish/security/2015/dsa-3220.wml b/danish/security/2015/dsa-3220.wml deleted file mode 100644 index 45a863bdd16..00000000000 --- a/danish/security/2015/dsa-3220.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="63390d2407c4d6324a9f0f8cfa0f392f0ea7322f" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck opdagede et stakbaseret bufferoverløb i funktionen -asn1_der_decoding i Libtasn1, et bibliotek til håndtering af ASN.1-strukturer. -En fjernangriber kunne udnytte fejlen til at få en applikation, der anvender -Libtasn1-biblioteket, til at gå ned eller potentielt udføre vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.13-2+deb7u2.

- -

Vi anbefaler at du opgraderer dine libtasn1-3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3220.data" diff --git a/danish/security/2015/dsa-3221.wml b/danish/security/2015/dsa-3221.wml deleted file mode 100644 index 498ab2cb42b..00000000000 --- a/danish/security/2015/dsa-3221.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="6d12e02afeae8148ff41c0bb5abb60fabccade54" mindelta="1" -sikkerhedsopdatering - -

Adam Sampson opdagede et bufferoverløb i håndteringen af miljøvariablen -XAUTHORITY i das-watchdog, en vagthundsdæmon til sikring af en realtidsproces -ikke får maskinen til at hænge. En lokal bruger kunne udnytte fejlen til at -forsøge sine rettigheder og udføre vilkårlig kode som root.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.9.0-2+deb7u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.9.0-3.1.

- -

Vi anbefaler at du opgraderer dine das-watchdog-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3221.data" diff --git a/danish/security/2015/dsa-3222.wml b/danish/security/2015/dsa-3222.wml deleted file mode 100644 index 0c36aa2af9e..00000000000 --- a/danish/security/2015/dsa-3222.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="2359034800c87f07758376e6fdb6d87b83d841bb" mindelta="1" -sikkerhedsopdatering - -

Miroslav Lichvar fra Red Hat opdagede adskillige sårbarheder i chrony, en -alternativ NTP-klient og -server:

- -
    - -
  • CVE-2015-1821 - -

    Anvendelse af bestemte adresse-/subnet-sæt ved opsætning af en - adgangskontrol, forårsagede en ugyldig hukommelsesskrivning. Dermed kunne - det blive muligt for angribere at forårsage et lammelsesangreb (nedbrud) - eller udføre vilkårlig kode.

    • - -
  • CVE-2015-1822 - -

    Ved allokering af hukommelse til at gemme ikke-anerkendte svar til - uautoriserede forespørgsler, blev en pointer efterladt i uinitialiseret - tilstand, hvilket kunne udløse en ugyldig hukommelsesskrivning. Dermed - kunne det blive muligt for uautoriserede angribere at forårsage et - lammelsesangreb (nedbrud) eller udføre vilkårlig kode.

    • - -
  • CVE-2015-1853 - -

    Ved peering med andre NTP-værter ved hjælp af autentificeret symmetrisk - tilknytning, blev de interne statusvaribler opdateret før MAC'en fra - NTP-meddelelserne var blevet valideret. Dermed kunne det blive muligt for - en fjernangriber at forårsage et lammelsesangreb (denial of service) ved at - hindre synkronisering mellem NTP-peers.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.24-3.1+deb7u3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.30-2.

- -

Vi anbefaler at du opgraderer dine chrony-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3222.data" diff --git a/danish/security/2015/dsa-3223.wml b/danish/security/2015/dsa-3223.wml deleted file mode 100644 index 42389ea5dfd..00000000000 --- a/danish/security/2015/dsa-3223.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="e2b05a289497d7655670161a3b96122c526e4ec7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i ntp, en implementering af Network Time -Protocol:

- -
    - -
  • CVE-2015-1798 - -

    Når opsat til at anvende en symmetrisk nøgle med en NTP-peer, accepterede - ntpd pakker uden MAC, som havde de en gyldig MAC. Dermed kunne det blive - muligt for en fjernangriber at omgå pakkeautentifikationen og sende - ondsindede pakker, uden at skulle kende den symmetriske nøgle.

    • - -
  • CVE-2015-1799 - -

    Ved peering med andre NTP-værter ved hjælp af autentificeret symmetrisk - tilknytning, blev de interne statusvaribler opdateret før MAC'en fra - NTP-meddelelserne var blevet valideret. Dermed kunne det blive muligt for - en fjernangriber at forårsage et lammelsesangreb (denial of service) ved at - hindre synkronisering mellem NTP-peers.

    • - -
- -

Additionally, it was discovered that generating MD5 keys using ntp-keygen -on big endian machines would either trigger an endless loop, or generate -non-random keys.

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1:4.2.6.p5+dfsg-2+deb7u4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:4.2.6.p5+dfsg-7.

- -

Vi anbefaler at du opgraderer dine ntp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3223.data" diff --git a/danish/security/2015/dsa-3224.wml b/danish/security/2015/dsa-3224.wml deleted file mode 100644 index 5b02e3e6352..00000000000 --- a/danish/security/2015/dsa-3224.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="54e411495d9b6ce0bd818f26e467b2ca4fa38717" mindelta="1" -sikkerhedsopdatering - -

Abhishek Arya opdagede et bufferoverløb i makroen MakeBigReq, der leveres med -libx11, hvilket kunne medføre et lammelsesangreb (denial of service) eller -udførelse af vilkårlig kode.

- -

Flere andre xorg-pakker (fx libxrender) bliver genkompileret mod den rettede -pakke, efter udgivelsen af opdateringen. Flere flere oplysninger om statussen på -genkompilerede pakker, se Debian Security Tracker på -\ -https://security-tracker.debian.org/tracker/CVE-2013-7439.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2:1.5.0-1+deb7u2.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 2:1.6.0-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:1.6.0-1.

- -

Vi anbefaler at du opgraderer dine libx11-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3224.data" diff --git a/danish/security/2015/dsa-3225.wml b/danish/security/2015/dsa-3225.wml deleted file mode 100644 index cbb2ae8c50a..00000000000 --- a/danish/security/2015/dsa-3225.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="bc88f0ddefc70e6b18d94e4132a07a9b4cd6952e" mindelta="1" -sikkerhedsopdatering - -

Aki Helin opdagede et bufferoverløb i GStreamer-plugin'en til MP4-afspilning, -hvilket kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 0.10.23-7.1+deb7u2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine gst-plugins-bad0.10-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3225.data" diff --git a/danish/security/2015/dsa-3226.wml b/danish/security/2015/dsa-3226.wml deleted file mode 100644 index 1fde1868c73..00000000000 --- a/danish/security/2015/dsa-3226.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="9f3303af2ae4e6c054d1cd3a9cdd1c0d49e0e7a7" mindelta="1" -sikkerhedsopdatering - -

Adam opdagede flere problemer i inspircd, en IRC-dæmon:

- -
    -

  • En ukomplet patch til - \ - CVE-2012-1836 løste ikke på tilstrækkelig vis problemet, hvor ondsindet - fremstillede DNS-forespørgsler kunne føre til fjernudførelse af kode gennem - et heapbaseret bufferoverløb.

    • - -

  • Ukorrekt behandling af specifikke DNS-pakker, kunne udløse en - uendelig løkke, igen medførende et lammelsesangreb (denial of - service).

    • -
- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.0.5-1+deb7u1.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), er dette problem rettet i version 2.0.16-1.

- -

Vi anbefaler at du opgraderer dine inspircd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3226.data" diff --git a/danish/security/2015/dsa-3227.wml b/danish/security/2015/dsa-3227.wml deleted file mode 100644 index a92367617ca..00000000000 --- a/danish/security/2015/dsa-3227.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="2070ec0de011f9b06a2163491030426e19d2b93c" mindelta="1" -sikkerhedsopdatering - -

John Lightsey opdagede en formatstrengsindsprøjtningssårbarhed i -lokaltilpasningen af skabeloner i Movable Type, et bloggingsystem. En -uautentificeret fjernangriber kunne drage nytte af fejlen til at udførelse af -vilkårlig kode som webserverbrugeren.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 5.1.4+dfsg-4+deb7u3.

- -

Vi anbefaler at du opgraderer dine movabletype-opensource-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3227.data" diff --git a/danish/security/2015/dsa-3228.wml b/danish/security/2015/dsa-3228.wml deleted file mode 100644 index 18e7d58010c..00000000000 --- a/danish/security/2015/dsa-3228.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="585982f9421ea2daae30f47b9626f8bd88a37750" mindelta="1" -sikkerhedsopdatering - -

Emanuele Rocca opdagede at ppp, en dæmon som implementerer Point-to-Point -Protocol, var ramt af et bufferoverløb når der blev kommunikeret med en -RADIUS-server. Dermed kunne uautentificerede brugere forårsage et -lammelsesangreb (denial of service) ved at få dæmonen til at gå ned.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 2.4.5-5.1+deb7u2.

- -

I den kommende stabile distribution (jessie) og i den ustabile distribution -(sid), er dette problem rettet i version 2.4.6-3.1.

- -

Vi anbefaler at du opgraderer dine ppp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3228.data" diff --git a/danish/security/2015/dsa-3229.wml b/danish/security/2015/dsa-3229.wml deleted file mode 100644 index 36f25706fcc..00000000000 --- a/danish/security/2015/dsa-3229.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="f3f910647727e085c3bdcc86c183c7d17c638a6e" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til det nye opstrømsversion 5.5.43. Se MySQL 5.5 Release -Notes og Oracles Critical Patch Update-bulletin for flere oplysninger:

- - - -

I den stabile distribution (wheezy), er disse problemer rettet i -version 5.5.43-0+deb7u1.

- -

I den kommende stabile distribution (jessie), vil disse problemer blive -rettet i version 5.5.43-0+deb8u1. Opdaterede pakker er allerede tilgængelige -gennem jessie-security.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3229.data" diff --git a/danish/security/2015/dsa-3230.wml b/danish/security/2015/dsa-3230.wml deleted file mode 100644 index af16b407384..00000000000 --- a/danish/security/2015/dsa-3230.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="2fa7b10f80941b85d878daf05572f86b45cc80e4" mindelta="1" -sikkerhedsopdatering - -

James P. Turk opdagede at ReST-renderer'en i django-markupfield, et -brugerdefineret Django-felt til let anvendelse af markup i tekstfelter, ikke -deaktiverede ..raw-direktivet, hvilket gjorde det muligt for fjernangribere at -medtage vilkårlige filer.

- -

I den stabile distribution (wheezy), er dette problem rettet i -version 1.0.2-2+deb7u1.

- -

I den kommende stabile distribution (jessie), er dette problem -rettet i version 1.2.1-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3.2-1.

- -

Vi anbefaler at du opgraderer dine django-markupfield-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3230.data" diff --git a/danish/security/2015/dsa-3231.wml b/danish/security/2015/dsa-3231.wml deleted file mode 100644 index 78bed0c6323..00000000000 --- a/danish/security/2015/dsa-3231.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="7a71b0473764ba0619d0f6e1a16eb8074b75fd50" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Subversion, et versionskontrolssytem. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2015-0248 - -

    Subversion mod_dav_svn og svnserve var sårbare over for en fjernudløsbar - assertion-DoS-sårbarhed hvad angår visse forespørgsler med dynamisk - evaluerede revisionsnumre.

    • - -
  • CVE-2015-0251 - -

    Subversion HTTP-servere tillod forfalskning af - svn:author-egenskabsværdier ved nye revisioner via særligt fremstillede - v1-HTTP-protokolforespørgselssekvenser.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 1.6.17dfsg-4+deb7u9.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 1.8.10-6.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.8.10-6.

- -

Vi anbefaler at du opgraderer dine subversion-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3231.data" diff --git a/danish/security/2015/dsa-3232.wml b/danish/security/2015/dsa-3232.wml deleted file mode 100644 index e21bb8536f7..00000000000 --- a/danish/security/2015/dsa-3232.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="8e889f50b9e3707f7703a7c2a0107d4470f33bc3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i cURL, et bibliotek til URL-overførsler:

- -
    - -
  • CVE-2015-3143 - -

    NTLM-autentificerede forbindelser kunne fejlagtigt blive genbrugt til - forespørgsler uden nogen loginoplysninger, førende til at HTTP-forespørgsler - blev sendt over forbindelsen autentificeret af en anden bruger. Det svarer - til problemet rettet i DSA-2849-1.

    • - -
  • CVE-2015-3144 - -

    Ved forfolkning af URL'er med værtsnavne med en længde på nul (så som - http://:80), forsøgte libcurl at læse fra en ugyldig - hukommelsesadresse. Dermed kunne det være muligt for fjernangribere at - forårsage et lammelsesangreb (nedbrud). Problemet påvirker kun den kommende - stabile distribution (jessie) og den ustabile distribution (sid).

    • - -
  • CVE-2015-3145 - -

    Ved fortolkning af HTTP-cookies, hvis den fortolkede cookies - path-element består af et enkelt dobbelt anførselstegn, forsøgte - libcurl at skrive til ugyldig heaphukommelsesadresse. Dermed kunne det være - muligt for fjernangribere at forårsage et lammelsesangreb (nedbrud). - Problemet påvirker kun den kommende stabile distribution (jessie) og den - ustabile distribution (sid).

    • - -
  • CVE-2015-3148 - -

    Ved udførelse af HTTP-forespørgsler ved hjælp af autentifikationsmetoden - Negotiate sammen med NTLM, blev den benyttede forbindelse ikke markeret som - autentificeret, hvilket gjorde det muligt at genbruge den til at sende - forespørgsler til en bruger over en forbindelse autentificeret som en anden - bruger.

    • - -
- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 7.26.0-1+wheezy13.

- -

I den kommende stabile distribution (jessie), er disse problemer -rettet i version 7.38.0-4+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.42.0-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3232.data" diff --git a/danish/security/2015/dsa-3233.wml b/danish/security/2015/dsa-3233.wml deleted file mode 100644 index 0e928c462d3..00000000000 --- a/danish/security/2015/dsa-3233.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="114414efb5f1dc00730a6cd8fbbea8ee8f659f87" mindelta="1" -sikkerhedsopdatering - -

Google Security Team og Smart Hardware Research Group fra Alibaba Security -Team opdagede en fejl i hvordan wpa_supplicant anvendte SSID-oplysninger, når -P2P- peerposter blev oprettet eller opdateret. En fjernangriber kunne udnytte -fejlen til at få wpa_supplicant til at gå ned, blotlægge hukommelsesindhold og -potentielt udføre vilkårlig kode.

- -

I den stabile distribution (wheezy), er dette problem rettet i version -1.0-3+deb7u2. Bemærk at problemet ikke påvirker den binære pakke, som Debian -distribuerer, da CONFIG_P2P ikke er aktiveret i dette build.

- -

I den kommende stabile distribution (jessie), er dette problem rettet i -version 2.3-1+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.3-2.

- -

Vi anbefaler at du opgraderer dine wpa-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3233.data" diff --git a/danish/security/2015/dsa-3234.wml b/danish/security/2015/dsa-3234.wml deleted file mode 100644 index 645f6992d91..00000000000 --- a/danish/security/2015/dsa-3234.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="b71583cc9a95b732f4cd684066659587ce2fb8c4" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udførelse af vilkårlig kode, udbrud fra -Java-sandkassen, informationsafsløring eller lammelsesangreb (denial of -service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 6b35-1.13.7-1~deb7u1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3234.data" diff --git a/danish/security/2015/dsa-3235.wml b/danish/security/2015/dsa-3235.wml deleted file mode 100644 index 04f93e31b6a..00000000000 --- a/danish/security/2015/dsa-3235.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="365faac6e2004292bb98a8c6c5c4753ae65e05b5" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udførelse af vilkårlig kode, udbrud fra -Java-sandkassen, informationsafsløring eller lammelsesangreb (denial of -service).

- -

I den stabile distribution (wheezy), er disse problemer rettet i -version 7u79-2.5.5-1~deb7u1.

- -

I den kommende stabile distribution (jessie), vil disse problemer snart -blive rettet i version 7u79-2.5.5-1~deb8u1 (opdateringen vil være tilgængelig -kort tid efter jessie er blevet endelig udgivet).

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7u79-2.5.5-1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3235.data" diff --git a/danish/security/2015/dsa-3236.wml b/danish/security/2015/dsa-3236.wml deleted file mode 100644 index 0ca7deb15ff..00000000000 --- a/danish/security/2015/dsa-3236.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7cfd7bbc5b26ffa5f9d4b6c95f161f3ac510ba62" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at manglende fornuftighedskontrol af inddata i Libreoffices -filter til HWP-dokumenter, kunne medføre udførelse af vilkårlig kode, hvis et -misdannet dokument blev åbnet.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i -version 1:3.5.4+dfsg2-0+deb7u4.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:4.3.3-2+deb8u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3236.data" diff --git a/danish/security/2015/dsa-3237.wml b/danish/security/2015/dsa-3237.wml deleted file mode 100644 index 8f7e440e610..00000000000 --- a/danish/security/2015/dsa-3237.wml +++ /dev/null @@ -1,115 +0,0 @@ -#use wml::debian::translation-check translation="4cf35fbb701b63086f90422a7190aab7d0c19785" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke måske kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service) eller -informationslækager.

- -
    - -
  • CVE-2014-8159 - -

    Man opdagede at Linux-kernens InfiniBand/RDMA-undersystemet ikke på - korrekt vis fornuftighedskontrollerede inddataparametre, mens der blev - registreret hukommelsesområder fra brugerrummet via (u)verbs-API'et. En - lokal bruger med adgang til en /dev/infiniband/uverbsX-enhed, kunne udnytte - fejlt til at få systemet til at gå ned eller potentielt forøge sine - rettigheder på systemet.

    • - -
  • CVE-2014-9715 - -

    Man opdagede at undersystemet til sporing af netfilter-forbindelser, - anvendte en for lille type som offset inden for hver forbindelses - datastruktur, efter en fejlrettelse i Linux 3.2.33 og 3.6. I nogle - opsætninger kunne det føre til hukommelseskorruption og nedbrud (selv uden - ondsindet trafik). Det kunne potentielt også medføre overtrædelse af - netfilterpolicy eller fjernudførelse af kode.

    - -

    Det kan begrænses ved at deaktivere registrering af - forbindelsessporing:
    - sysctl net.netfilter.nf_conntrack_acct=0

    • - -
  • CVE-2015-2041 - -

    Sasha Levin opdagede at LLC-undersystemet udstillede nogle variabler som - sysctls med den forkerte type. Med en 64 bit-kerne kunne det muligvis - muliggøre rettighedsforøgelse fra en proces med CAP_NET_ADMIN-muligheden; - det medførte også en triviel informationslækage.

    • - -
  • CVE-2015-2042 - -

    Sasha Levin opdagede at RDS-undersystemet udstillede nogle variabler som - sysctls med den forkerte type. Med en 64 bit-kerne medførte det en - triviel informationslækage.

    • - -
  • CVE-2015-2150 - -

    Jan Beulich opdagede at Xen-gæster fik lov til at ændre alle (skrivbare) - bits i PCI-kommandoregistreringen af enheder, som passerer dem. Det tillod - dem i særdeleshed at deaktivere hukommelses og I/O-dekodning på enheden, - med mindre enheden er en virtuel SR-IOV-funktion, hvilket kunne medføre - lammelsesangreb på værtsmaskinen.

    • - -
  • CVE-2015-2830 - -

    Andrew Lutomirski opdagede, at når en 64 bit-opgave i en amd64-kerne - foretog systemkaldene fork(2) eller clone(2) med anvendelse af int $0x80, - blev 32 bit-mulighedsfalget opsat (korrekt), men det blev ikke tømt ved - returneringen. Som følge derfor fejlfortolkede både seccomp og audit - overtrædelsen af sikkerhedspolicy.

    • - -
  • CVE-2015-2922 - -

    Modio AB opdagede at IPv6-undersystemet behandlede en ruteannoncering, - som angiver ingen rute, men kun en hopbegrænsing, hvilket dernæst blev - anvendt på den grænseflade, som modtog den. Det kunne medføre tab af - IPv6-forbindelsen ud over det lokale netværk.

    - -

    Det kan begrænses ved at deaktivere behandling af IPv6-ruteannonceringer, - hvis de ikke er nødvendige:
    - sysctl net.ipv6.conf.default.accept_ra=0
    - sysctl net.ipv6.conf.<interface>.accept_ra=0

    • - -
  • CVE-2015-3331 - -

    Stephan Mueller opdagede at den optimerede implementering af RFC4106 GCM - til x86-processorer som understøtter AESNI, fejlberegnede bufferadresser - under nogle omstændigheder. Hvis en IPsec-tunnel er opsat til at anvende - denne tilstand (også kendt som AES-GCM-ESP), kunne det føre til - hukommelseskorruption og nedbrud (selv uden ondsindet trafik). Det kunne - potentielt også medføre fjernudførelse af kode.

    • - -
  • CVE-2015-3332 - -

    Ben Hutchings opdagede en regression i TCP Fast Open-funktionen i Linux - 3.16.7-ckt9, medførende en kernefejl, når den blev anvendt. Det kunne - udnyttes som et lokalt lammelsesangreb.

    • - -
  • CVE-2015-3339 - -

    Man opdagede at systemkaldet execve(2) kunne havne i kapløbstilstand med - inode-attributændringer foretaget af chown(2). Selv om chown(2) tømmer - setuid/setgid-bitten på en fil, hvis den ændrer den respektive ejerid, kunne - kapløbstilstanden i realiteten medføre, hvis execve(2) blev sat til uid/gid - hørende til den nye ejerid, opsat til en ny setting effective, en - rettighedsforøgelse.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i version -3.2.68-1+deb7u1. linux-pakken i wheezy er ikke påvirket af -CVE-2015-3332.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -3.16.7-ckt9-3~deb8u1 eller tidligere versioner. Desuden retter denne version en -regression i driveren xen-netfront (#782698).

- -

I den ustabile distribution (sid), er disse problemer rettet i version -3.16.7-ckt9-3 eller tidligere versioner. Desuden retter denne version en -regression i driveren xen-netfront (#782698).

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3237.data" diff --git a/danish/security/2015/dsa-3238.wml b/danish/security/2015/dsa-3238.wml deleted file mode 100644 index a4afb3615dd..00000000000 --- a/danish/security/2015/dsa-3238.wml +++ /dev/null @@ -1,103 +0,0 @@ -#use wml::debian::translation-check translation="560e9937d75489873f70380e8fd73b5a8ec7b5b5" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2015-1235 - -

    En problem med omgåelse af Same Origin Policy blev opdaget i - HTML-fortolkeren.

    • - -
  • CVE-2015-1236 - -

    Amitay Dobo opdagede en omgåelse af Same Origin Policy Web - Audio-API'et.

    • - -
  • CVE-2015-1237 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - IPC.

    • - -
  • CVE-2015-1238 - -

    cloudfuzzer opdagede en skrivning uden for grænserne i - skia-biblioteket.

    • - -
  • CVE-2015-1240 - -

    w3bd3vil opdagede en læsning uden for grænserne i - WebGL-implementeringen.

    • - -
  • CVE-2015-1241 - -

    Phillip Moon og Matt Weston opdagede en måde at fjernudløse lokale - handlinger på brugergrænseflader via en fabrikeret hjemmeside.

    • - -
  • CVE-2015-1242 - -

    Et typeforvekslingsproblem blev opdaget i - v8-JavaScript-biblioteket.

    • - -
  • CVE-2015-1244 - -

    Mike Ruddy opdagede en måde at omgå policy'en for HTTP Strict Transport - Security.

    • - -
  • CVE-2015-1245 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - pdfium-biblioteket.

    • - -
  • CVE-2015-1246 - -

    Atte Kettunen opdagede et problem med læsning uden for grænserne i - webkit/blink.

    • - -
  • CVE-2015-1247 - -

    Jann Horn opdagede at file:-URL'er i OpenSearch-dokumenter ikke - blev fornuftighedskontrolleret, hvilket kunne gøre det muligt af fjernlæse - lokale filer, når OpenSearch-funktionen blev anvendt fra en fabrikeret - hjemmeside.

    • - -
  • CVE-2015-1248 - -

    Vittorio Gambaletta opdagede en måde at omgå SafeBrowsing-funktionen på, - hvilket kunne gøre det muligt at fjernudføre en downloadet ekskverbar - fil.

    • - -
  • CVE-2015-1249 - -

    Udviklingsholdet bag chrome 41 fandt forskellige problemer efter intern - fuzzing, audits og andre granskninger.

    • - -
  • CVE-2015-3333 - -

    Adskillige problemer med opdaget og rettet i v8 4.2.7.14.

    • - -
  • CVE-2015-3334 - -

    Man opdagede at fjerne hjemmesider uden tilladelse kunne opsnappe - videodata fra tilsluttede webkameraer.

    • - -
  • CVE-2015-3336 - -

    Man opdagede at fjerne hjemmesider kunne udvirke forstyrrelser i den - lokale brugergrænseflade, så som fuldskærmsvinduer eller læsning af - musemarkøren.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i version -42.0.2311.90-1~deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -disse problemer rettet i version 42.0.2311.90-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3238.data" diff --git a/danish/security/2015/dsa-3239.wml b/danish/security/2015/dsa-3239.wml deleted file mode 100644 index 6e14a29f402..00000000000 --- a/danish/security/2015/dsa-3239.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="65ae0245f9fa89d248126bf6e0a3f51a744163d7" mindelta="1" -sikkerhedsopdatering - -

Juliane Holzt opdagede at Icecast2, en medieserver til streaming, kunne -afreferere en NULL-pointer når URL-autentifikation er opsat og URL'en -stream_auth blev udløst af en klient uden angivelse af loginoplysninger. Dermed -kunne det være muligt for fjernangribere at foråreage et lammelsesangreb -(nedbrud).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.4.0-1.1+deb8u1.

- -

I distributionen testing (stretch), vil dette problem blive rettet i -version 2.4.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.2-1.

- -

Vi anbefaler at du opgraderer dine icecast2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3239.data" diff --git a/danish/security/2015/dsa-3240.wml b/danish/security/2015/dsa-3240.wml deleted file mode 100644 index 8560ebab302..00000000000 --- a/danish/security/2015/dsa-3240.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="7dc93fec69d6a61e9ec019dfa4f1169314940074" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at cURL, et bibliotek til URL-overførsler, når opsat til at -anvende en proxyserver med HTTPS-protokollen, som standard sendte de samme -HTTP-headere, som den sender til målserven, til proxyserveren, og dermed -muligvis medførende en lækage af følsomme oplysninger.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 7.38.0-4+deb8u2.

- -

I distributionen testing (stretch), vil dette problem blive rettet i -version 7.42.1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.42.1-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3240.data" diff --git a/danish/security/2015/dsa-3241.wml b/danish/security/2015/dsa-3241.wml deleted file mode 100644 index 8cad341af3d..00000000000 --- a/danish/security/2015/dsa-3241.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="ab85de57756f35376e41f733bae57e6978316c3b" mindelta="1" -sikkerhedsopdatering - -

John Heasman opdagede at søgemaskinen Elasticsearchs håndtering af -siteplugin var sårbar over for et mappegennemløb.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.0.3+dfsg-5+deb8u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine elasticsearch-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3241.data" diff --git a/danish/security/2015/dsa-3242.wml b/danish/security/2015/dsa-3242.wml deleted file mode 100644 index 8ff94a3ad59..00000000000 --- a/danish/security/2015/dsa-3242.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="15410e353ac2ec6fa2622853f9b21b13b2f3ab1e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i webbrowseren chromium:

- -
    - -
  • CVE-2015-1243 - -

    Saif El-Sherei opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2015-1250 - -

    Chrome 42-holdet fandt og rettede adskillige problemer under intern - auditering.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 42.0.2311.135-1~deb8u1.

- -

I distributionen testing (stretch), vil dette problem snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 42.0.2311.135-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3242.data" diff --git a/danish/security/2015/dsa-3243.wml b/danish/security/2015/dsa-3243.wml deleted file mode 100644 index 627b9f2f9fc..00000000000 --- a/danish/security/2015/dsa-3243.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="e1ea6be86d11213c8e26417a0e24234f8ad3eae1" mindelta="1" -sikkerhedsopdatering - -

Tilmann Haak fra xing.com opdagede at XML::LibXML, en Perl-grænseflade til -biblioteket libxml2, ikke respekterede under nogle omstændigheder ikke -parameteret expand_entities til deaktivering af behandling af eksterne -entiteter. Dermed kunne det være muligt for angribere at få læseadgang til -ellers beskyttede ressourcer, afhængigt af hvordan biblioteket anvendes.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.0001+dfsg-1+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.0116+dfsg-1+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0116+dfsg-2.

- -

Vi anbefaler at du opgraderer dine libxml-libxml-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3243.data" diff --git a/danish/security/2015/dsa-3244.wml b/danish/security/2015/dsa-3244.wml deleted file mode 100644 index 0f664f30394..00000000000 --- a/danish/security/2015/dsa-3244.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="2fc5a17ed79329427689fb4863ab5fdcc1176314" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i ownCloud, en webservice til skystorage -til filer, musik, kontakter, kalendre og meget mere.

- -
    - -
  • CVE-2015-3011 - -

    Hugh Davenport opdagede at contacts-applikationen, som leveres med - ownCloud, var sårbar over for adskillige angreb i forbindelse med udførelse - af opbevarede skripter på tværs af websteder. Sårbarheden kan udnyttes via - enhver browser.

    • - -
  • CVE-2015-3012 - -

    Roy Jansen opdagede at documents-applikationen, som leveres med - ownCloud, var sårbar over for adskillige angreb i forbindelse med udførelse - af opbevarede skripter på tværs af websteder. Sårbarheden er ikke udnytbar - i browsere, der understøtter CSP-standarden.

    • - -
  • CVE-2015-3013 - -

    Lukas Reschke opdagede en sårbarhed i forbindelse med omgåelse af en - sortliste, hvilket gjorde det muligt for autentificerede fjernangribere at - omgå filsortlisten og at uploade filer så som .htaccess-filerne. En - angriber kunne udnytte omgåelsen til at uploade en .htaccess-fil og udføre - vilkårlig PHP-kode, hvis /data/-mappen opbevares inde i webroot og en - webserver, som fortolker .htaccess-filer, anvendes. Som standard i - Debian-installationer er datamappen uden for webroot og dermed kan - sårbarheden ikke udnyttes som standard.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7.0.4+dfsg-4~deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 7.0.4+dfsg-3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.0.4+dfsg-3.

- -

Vi anbefaler at du opgraderer dine owncloud-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3244.data" diff --git a/danish/security/2015/dsa-3245.wml b/danish/security/2015/dsa-3245.wml deleted file mode 100644 index 93793a4e16a..00000000000 --- a/danish/security/2015/dsa-3245.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="98e21fdc82a4e516c8738c2290e050d4f67d15b8" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Rubys OpenSSL-udvidelse, som er en del af fortolkeren af -sproget Ruby, ikke på korrekt vis implementerede hostnamematching, hvilket er en -overtrædelse af RFC 6125. Dermed kunne fjernangribere få mulighed for at udføre -et manden i midten-angreb gennem fabrikerede SSL-certifikater.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.8.7.358-7.1+deb7u3.

- -

Vi anbefaler at du opgraderer dine ruby1.8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3245.data" diff --git a/danish/security/2015/dsa-3246.wml b/danish/security/2015/dsa-3246.wml deleted file mode 100644 index edd375e6dd4..00000000000 --- a/danish/security/2015/dsa-3246.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="0232c2c51c21fb3ca8c36882e054b1a007382df8" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Rubys OpenSSL-udvidelse, som er en del af fortolkeren af -sproget Ruby, ikke på korrekt vis implementerede hostnamematching, hvilket er en -overtrædelse af RFC 6125. Dermed kunne fjernangribere få mulighed for at udføre -et manden i midten-angreb gennem fabrikerede SSL-certifikater.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.9.3.194-8.1+deb7u5.

- -

Vi anbefaler at du opgraderer dine ruby1.9.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3246.data" diff --git a/danish/security/2015/dsa-3247.wml b/danish/security/2015/dsa-3247.wml deleted file mode 100644 index 38889636396..00000000000 --- a/danish/security/2015/dsa-3247.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="baf70e71fb34f81bac778b2a48e9876ffe19f746" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Rubys OpenSSL-udvidelse, som er en del af fortolkeren af -sproget Ruby, ikke på korrekt vis implementerede hostnamematching, hvilket er en -overtrædelse af RFC 6125. Dermed kunne fjernangribere få mulighed for at udføre -et manden i midten-angreb gennem fabrikerede SSL-certifikater.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.1.5-2+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet i -version 2.1.5-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1.5-3.

- -

Vi anbefaler at du opgraderer dine ruby2.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3247.data" diff --git a/danish/security/2015/dsa-3248.wml b/danish/security/2015/dsa-3248.wml deleted file mode 100644 index 1aa5b31bf53..00000000000 --- a/danish/security/2015/dsa-3248.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="874f19b4bc65d0230a727936ed3df09af1eee8b9" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at manglende fornuftighedskontrol af inddata i Snoopy, en -PHP-klasse der simulerer en webbrowser, kunne medføre udførelse af vilkårlige -kommandoer.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.0.0-1~deb7u1.

- -

I den stabile distribution (jessie), this problem was fixed before -the initial release.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.0-1.

- -

Vi anbefaler at du opgraderer dine libphp-snoopy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3248.data" diff --git a/danish/security/2015/dsa-3249.wml b/danish/security/2015/dsa-3249.wml deleted file mode 100644 index 7f798309f1d..00000000000 --- a/danish/security/2015/dsa-3249.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="21474b4db8b5c37557c2f2b2e8cd28034350d764" mindelta="1" -sikkerhedsopdatering - -

Shadowman131 opdagede at jqueryui, et JavaScript UI-bibliotek til dynamiske -webapplikationer, ikkek fik fornuftighedskontrolleret sin -title-valgmulighed. Dermed havde fjernangribere mulighed for at -indsprøjte vilkårlig kode gennem udførelse af skripter på tværs af -websteder.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.8.ooops.21+dfsg-2+deb7u1.

- -

I den stabile distribution (jessie), distributionen testing (stretch) og i -den ustabile distribution (sid), er dette problem rettet i version -1.10.1+dfsg-1.

- -

Vi anbefaler at du opgraderer dine jqueryui-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3249.data" diff --git a/danish/security/2015/dsa-3250.wml b/danish/security/2015/dsa-3250.wml deleted file mode 100644 index cbb622bfce0..00000000000 --- a/danish/security/2015/dsa-3250.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="4ab221dadcce86ad7e78a9fb3b7fb932084e2ecf" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er opdaget i Wordpress, et program til -håndtering af weblogs, hvilke kunne gøre det muligt for fjernangribere at -uploade filer med ugyldige eller usikre navne, igangsætte social -engineering-angreb eller kompromittere et websted via udførelse af skripter på -tværs af websteder, samt indsprøjte SQL-kommandoer.

- -

Flere oplysninger finder man i opstrømsbulletinerne på - og -

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 3.6.1+dfsg-1~deb7u6.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.1+dfsg-1+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet i -version 4.2.1+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.2.1+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3250.data" diff --git a/danish/security/2015/dsa-3251.wml b/danish/security/2015/dsa-3251.wml deleted file mode 100644 index f45b6d50ab3..00000000000 --- a/danish/security/2015/dsa-3251.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="548c9335f8293fda4421ec0311f37590410392cb" mindelta="1" -sikkerhedsopdatering - -

Nick Sampanis opdagede at dnsmasq, en lille cachende DNS-proxy og -DHCP-/TFTP-server, ikke på korrekt vis kontrollerede returværdien fra funktionen -setup_reply(), som kaldes under en TCP-forbindelse, og som dernæst anvendes som -et størrelsesparameter i en funktion, der skriver data på klientens forbindelse. -En fjernangriber kunne udnytte problemet gennem en særligt fremstillet -DNS-forespørgsl, til at få dnsmasq til at gå ned eller potentielt få adgang til -følsomme oplysninger fra proceshukommelsen.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.62-3+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.72-3+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), -vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine dnsmasq-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3251.data" diff --git a/danish/security/2015/dsa-3252.wml b/danish/security/2015/dsa-3252.wml deleted file mode 100644 index 5141e5bf1d9..00000000000 --- a/danish/security/2015/dsa-3252.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c6fffcdc2fb937201208f2d6fa438e360fad4c2d" mindelta="1" -sikkerhedsopdatering - -

Michal Zalewski opdagede adskillige sårbarheder i SQLite, som kunne medføre -lammelsesangreb (denial of service) eller udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.8.7.1-1+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet i -version 3.8.9-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.8.9-1.

- -

Vi anbefaler at du opgraderer dine sqlite3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3252.data" diff --git a/danish/security/2015/dsa-3253.wml b/danish/security/2015/dsa-3253.wml deleted file mode 100644 index a0a8ba07315..00000000000 --- a/danish/security/2015/dsa-3253.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="16dec6472f40a8211c2256fe4bbb4c30f2d855c9" mindelta="1" -sikkerhedsopdatering - -

Pound, en reverse HTTP-proxy og load balancer, indeholdt flere problemer med -forbindelse til sårbarheder i Secure Sockets Layer-protokollen (SSL).

- -

I Debian 7 (wheezy) tilføjer denne opdatering en manglende del, som faktisk -gør det muligt at deaktivere klientinitieret genforhandling og det deaktiveres -som standard -(\ -CVE-2009-3555). TLS-komprimering er deaktiveret -(\ -CVE-2012-4929), selv om det allerede normalt er deaktiveret af -OpenSSL-systembiblioteket. Slutteligt tilføjes muligheden for at deaktivere -SSLv3-protokollen -(\ -CVE-2014-3566) helt gennem opsætningsparameteret DisableSSLv3, selv -om det ikke som standard vil være slået fra i denne opdatering. Yderligere er -et ikke-sikkerhedsfølsomt problem løst i viderestillingskodningen.

- -

I Debian 8 (jessie) blev problemerne rettet før udgivelsen, med undtagelse -af den klientiniterede genforhandling -(\ -CVE-2009-3555), som denne opdatering løser i jessie.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 2.6-2+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.6-6+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.6-6.1.

- -

Vi anbefaler at du opgraderer dine pound-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3253.data" diff --git a/danish/security/2015/dsa-3254.wml b/danish/security/2015/dsa-3254.wml deleted file mode 100644 index 8b18c89bd9c..00000000000 --- a/danish/security/2015/dsa-3254.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="1e7fecbf66a9b8e2089efc33b331289cade4c231" mindelta="1" -sikkerhedsopdatering - -

Kostya Kortchinsky fra Google Security Team opdagede en fejl i -DER-fortolkeren, som anvendes til at dekode SSL-/TLS-certifikater i suricata. -En fjernangriber kunne udnytte fejlen til at få suricata til at gå ned.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.0.7-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.8-1.

- -

Vi anbefaler at du opgraderer dine suricata-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3254.data" diff --git a/danish/security/2015/dsa-3255.wml b/danish/security/2015/dsa-3255.wml deleted file mode 100644 index 64ddbc37232..00000000000 --- a/danish/security/2015/dsa-3255.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="93a9e53759baf929ea2c9d6380b55117190e0547" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libzmq, en letvægtsbeskedkerne, var sårbar over for et -protokolnedgraderingsangreb mod sockets, som anvender ZMTP v3-protokollen. Det -kunne gøre det muligt for fjernangribere at omgå sikkerhedsmekanismer i ZMTP v3, -ved at sende headere ZMTP v2-format eller tidligere.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4.0.5+dfsg-2+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet i -version 4.0.5+dfsg-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.0.5+dfsg-3.

- -

Vi anbefaler at du opgraderer dine zeromq3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3255.data" diff --git a/danish/security/2015/dsa-3256.wml b/danish/security/2015/dsa-3256.wml deleted file mode 100644 index c225fe8e051..00000000000 --- a/danish/security/2015/dsa-3256.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="4c5a41b898935b7b56058e9f9aa1c7fa3f54b764" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck opdagede en heapbaseret bufferoverløbsfejl i den måde Libtasn1, -et bibliotek til håndtering af ASN.1-strukturer, dekodede visse DER-kodede -inddata. Særligt fremstillede DER-kodede inddata kunne få en applikation, der -anvender libtasn1-biblioteket, til at gå ned eller potentielt udføre vilkårlig -kode.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4.2-3+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet i -version 4.4-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.4-3.

- -

Vi anbefaler at du opgraderer dine libtasn1-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3256.data" diff --git a/danish/security/2015/dsa-3257.wml b/danish/security/2015/dsa-3257.wml deleted file mode 100644 index b206375e1d7..00000000000 --- a/danish/security/2015/dsa-3257.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="43282716a946badce7e86317c3cf55122ee5f909" mindelta="1" -sikkerhedsopdatering - -

Jesse Hertz fra Matasano Security opdagede at Mercurial, et distribueret -versionsstyringssystem, var sårbart over for en kommandoindspøjtningssårbarhed -gennem et fabrikeret arkivnavn i clone-kommandoen.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i -version 2.2.2-4+deb7u1. Opdateringen indeholder også en rettelse af -\ -CVE-2014-9390, som tidligere var planlagt til den næste punktopdatering af -wheezy.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.1.2-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.4-1.

- -

Vi anbefaler at du opgraderer dine mercurial-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3257.data" diff --git a/danish/security/2015/dsa-3258.wml b/danish/security/2015/dsa-3258.wml deleted file mode 100644 index c09dea4c1d3..00000000000 --- a/danish/security/2015/dsa-3258.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="8ab30ad739d25af818287a9f87b0070a7dee79f5" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at rettelsen til -\ -CVE-2013-4422 i quassel, en distribueret IRC-klient, var ufuldstændig. -Dermed kunne det være muligt for fjernangribere at indsprøjte SQL-forespørgsler -efter genetablering af en databaseforbindelse (når eksempelvis -backend-PostgreSQL-serveren genstartes).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:0.10.0-2.3+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet i -version 1:0.10.0-2.4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:0.10.0-2.4.

- -

Vi anbefaler at du opgraderer dine quassel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3258.data" diff --git a/danish/security/2015/dsa-3259.wml b/danish/security/2015/dsa-3259.wml deleted file mode 100644 index 0f223a3a884..00000000000 --- a/danish/security/2015/dsa-3259.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="87b71482e36848d8909d558e935711e91e6d01ea" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i virtualiseringsløsningen qemu:

- -
    - -
  • CVE-2014-9718 - -

    Man opdagede at IDE-controlleremuleringen var sårbar over for - lammelsesangreb (denial of service).

    • - -
  • CVE-2015-1779 - -

    Daniel P. Berrange opdagede en lammelsesangrebssårbarhed i - VNC-websocketdekoderen.

    • - -
  • CVE-2015-2756 - -

    Jan Beulich opdagede at et umæglet PCI-kommandoregister kunne medføre - lammelsesangreb.

    • - -
  • CVE-2015-3456 - -

    Jason Geffner opdagede et bufferoverløb i det emulerede diskettedrev, - potentielt medførende udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 1.1.2+dfsg-6a+deb7u7 af kildekodepakken qemu og i version -1.1.2+dfsg-6+deb7u7 af kildekodepakken qemu-kvm. Kun -\ -CVE-2015-3456 påvirker oldstable.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:2.1+dfsg-12.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3259.data" diff --git a/danish/security/2015/dsa-3260.wml b/danish/security/2015/dsa-3260.wml deleted file mode 100644 index ffe19b7eca2..00000000000 --- a/danish/security/2015/dsa-3260.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="d87dc2383682324591e3287dabc8b02f463e9d9d" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er opdaget i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Flere hukommelsessikkerhedsfejl, bufferoverløb og -anvendelse efter frigivelse, kunne føre til udførelse af vilkårlig kode, -rettighedsforøgelse eller lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 31.7.0esr-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 31.7.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 38.0-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3260.data" diff --git a/danish/security/2015/dsa-3261.wml b/danish/security/2015/dsa-3261.wml deleted file mode 100644 index da90f5fb862..00000000000 --- a/danish/security/2015/dsa-3261.wml +++ /dev/null @@ -1,60 +0,0 @@ -#use wml::debian::translation-check translation="f44fb83c961656337a7f29f45fbed84b4135fea7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i libmodule-signature-perl, et Perl-modul -til behandling af CPAN's SIGNATURE-filer. Projektet Common Vulnerabilities and -Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2015-3406 - -

    John Lightsey opdagede at Module::Signature kunne fortolke den usignerede - del af en SIGNATURE-fil, som den signerede del, på grund af ukorrekt - håndtering af grænser for PGP-signaturer.

    • - -
  • CVE-2015-3407 - -

    John Lightsey opdagede at Module::Signature på ukorrekt vis håndterede - filer, som ikke er anført i SIGNATURE-filen. Herunder nogle filer mappen - t/, som blev udført når tests blev kørt.

    • - -
  • CVE-2015-3408 - -

    John Lightsey opdagede at Module::Signature anvendte toparameterkald til - open() for at læse filer, når der blev genereret kontrolsummer ud fra det - signerede manifest. Dermed var det muligt at indlejre vilkårlige - shellkommandoer i SIGNATURE-filen, og disse blev udført under processen med - at verificere signaturer.

    • - -
  • CVE-2015-3409 - -

    John Lightsey opdagede at Module::Signature på ukorrekt vis håndterede - indlæsning af moduler, hvorved det var muligt at indlæse moduler fra - relative stier i @INC. En fjernangriber, som leverer et ondsindet modul, - kunne udnytte fejlen til at udføre vilkårlig kode under - signaturverifikationen.

    • - -
- -

Bemærk at libtest-signature-perl blev kompabilitetsopdateret vedrørende -rettelsen af \ -CVE-2015-3407 i libmodule-signature-perl.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 0.68-1+deb7u2.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.73-1+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 0.78-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.78-1.

- -

Vi anbefaler at du opgraderer dine libmodule-signature-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3261.data" diff --git a/danish/security/2015/dsa-3262.wml b/danish/security/2015/dsa-3262.wml deleted file mode 100644 index 6ade4c7a224..00000000000 --- a/danish/security/2015/dsa-3262.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="58769b896630a544d6d18df15c23c3da6787fae1" mindelta="1" -sikkerhedsopdatering - -

Jason Geffner opdagede et bufferoverløb i det emulerede diskettedrev, hvilket -potentiel kunne medføre udførelse af vilkårlig kode. Det påvirkede kun -HVM-gæster.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 4.1.4-3+deb7u6.

- -

Den stabile distribution (jessie) er allerede rettet via opdateringen af qemu -i DSA-3259-1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3262.data" diff --git a/danish/security/2015/dsa-3263.wml b/danish/security/2015/dsa-3263.wml deleted file mode 100644 index 4287b79c99c..00000000000 --- a/danish/security/2015/dsa-3263.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a7c9a8fdf5d4ebf005a1be61b27ea3faeb4a1666" mindelta="1" -sikkerhedsopdatering - -

Vadim Melihow opdagede at i proftpd-dfsg, en FTP-server, tillod modulet -mod_copy uautentificerede brugere at kopiere filer rundt på serveren, samt -muligvis udføre vilkårlig kode.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i version -1.3.4a-5+deb7u3.

- -

I den stabile distribution (jessie), er dette problem rettet i version -1.3.5-1.1+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 1.3.5-2.

- -

Vi anbefaler at du opgraderer dine proftpd-dfsg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3263.data" diff --git a/danish/security/2015/dsa-3264.wml b/danish/security/2015/dsa-3264.wml deleted file mode 100644 index dd78b9051f0..00000000000 --- a/danish/security/2015/dsa-3264.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="6a9be73f6e4f2642e0c4121247cc91a3f9e7d3d8" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af -mailklienten Mozilla Thunderbird: Flere hukommelsessikkerhedsfejl, -bufferoverløb og anvendelser efter frigivelse kunne føre til udførelse af -vilkårlig kode, rettighedsforøgelse eller lammelsesangreb.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 31.7.0-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 31.7.0-1~deb8u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3264.data" diff --git a/danish/security/2015/dsa-3265.wml b/danish/security/2015/dsa-3265.wml deleted file mode 100644 index 2ec2faf31ca..00000000000 --- a/danish/security/2015/dsa-3265.wml +++ /dev/null @@ -1,88 +0,0 @@ -#use wml::debian::translation-check translation="26c7e4d69798a06f52468b80d3a7b39b37b73406" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Zend Framework, et PHP-framework. -Bortset fra \ -CVE-2015-3154, er alle nedennævnte problemer allerede rettet i den første -version, som blev udsendt med Jessie.

- -
    - -
  • CVE-2014-2681 - -

    Lukas Reschke rapporterede om manglende beskyttelse mod XML External - Entity-indsprøjtningsangreb i nogle funktioner. Rettelsen udvider den - ufuldstændige fra - \ - CVE-2012-5657.

    • - -
  • CVE-2014-2682 - -

    Lukas Reschke rapporterede om, at der ikke blev taget i betragtning, at - indstillingen libxml_disable_entity_loader deles blandt tråde i PHP-FPM's - tilfælde. Rettelsen udvider den ufuldstændige fra - \ - CVE-2012-5657.

    • - -
  • CVE-2014-2683 - -

    Lukas Reschke rapporterede om manglende beskyttelse mod XML Entity - Expansion-angreb i nogle funktioner. Rettelsen udvider den ufuldstændige - fra \ - CVE-2012-6532.

    • - -
  • CVE-2014-2684 - -

    Christian Mainka og Vladislav Mladenov fra Ruhr-University Bochum - rapporterede om en fejl i consumer'erens verifikationsmetode, som kunne - føre til accept af tokens med et forkert ophav.

    • - -
  • CVE-2014-2685 - -

    Christian Mainka og Vladislav Mladenov fra Ruhr-University Bochum - rapporterede om en specifikationsovertrædelse, hvor signering af et enkelt - parameter fejlagtigt blev anset for at være tilstrækkeligt.

    • - -
  • CVE-2014-4914 - -

    Cassiano Dal Pizzol opdagede at implementeringen af ORDER BY - SQL-statementet i Zend_Db_Select, indeholdt en potentiel - SQL-indsprøjtningssårbarhed, når den modtagne querystreng indeholder - parenteser.

    • - -
  • CVE-2014-8088 - -

    Yury Dyachenko fra Positive Research Center opdagede potentielle - XML eXternal Entity-indsprøjtnings-angrebsvinkler på grund af usikker - anvendelse af PHP's DOM-udvidelse.

    • - -
  • CVE-2014-8089 - -

    Jonas Sandström opdagede en SQL-indsprøjtnings-angrebsvinkel, når der - værdier manuelt sættes i anførselstegn til brug i sqlsrv-udvidelsen, med - brug af nullbyte.

    • - -
  • CVE-2015-3154 - -

    Filippo Tessarotto og Maks3w rapporterede om potentielle - CRLF-indsprøjtningsangreb i mail- og HTTP-headere.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.11.13-1.1+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.12.9+dfsg-2+deb8u1.

- -

I distributionen testing (stretch), vil disse problemer blive rettet -i version 1.12.12+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.12.12+dfsg-1.

- -

Vi anbefaler at du opgraderer dine zendframework-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3265.data" diff --git a/danish/security/2015/dsa-3266.wml b/danish/security/2015/dsa-3266.wml deleted file mode 100644 index 2e47511aaae..00000000000 --- a/danish/security/2015/dsa-3266.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="98034b1d605d9eda5283f71ca2b93d33d9e790ea" mindelta="1" -sikkerhedsopdatering - -

Tavis Ormandy opdagede at FUSE, et filsystem i brugerrummet, ikke tømte -miljøet før mount og unmount blev udført med forøgede rettigheder. En lokal -bruger kunne udnytte fejlen til at overskrive vilkårlig filer samt få forøgede -rettigheder, ved at tilgå debuggingfunktionalitet gennem miljøet, som det -normalt ikke er en god ide at give upriviligerede brugere adgang til.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.9.0-2+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.9.3-15+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine fuse-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3266.data" diff --git a/danish/security/2015/dsa-3267.wml b/danish/security/2015/dsa-3267.wml deleted file mode 100644 index b74d95acf74..00000000000 --- a/danish/security/2015/dsa-3267.wml +++ /dev/null @@ -1,98 +0,0 @@ -#use wml::debian::translation-check translation="5f03830d43a291ea931d4a7136cbbb11525b4d16" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2015-1251 - -

    SkyLined opdagede et problem med anvendelse efter frigivelse i - talegenkendelsen.

    • - -
  • CVE-2015-1252 - -

    Der blev opdaget et problem med læsning uden for grænserne, hvilket kunne - anvende til at slippe ud af sandkassen.

    • - -
  • CVE-2015-1253 - -

    Et problem med omgåelse af tværgående ophav blev opdaget i - DOM-fortolkeren.

    • - -
  • CVE-2015-1254 - -

    Et problem med omgåelse af tværgående ophav blev opdaget i - DOM-redigeringsfunktionaliteten.

    • - -
  • CVE-2015-1255 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - WebAudio.

    • - -
  • CVE-2015-1256 - -

    Atte Kettunen opdagede et problem med anvendelse efter frigivelse i - implementeringen af SVG.

    • - -
  • CVE-2015-1257 - -

    miaubiz opdagede et overløbsproblem i implementeringen af SVG.

    • - -
  • CVE-2015-1258 - -

    cloudfuzzer opdagede et ugyldigt størrelsesparameter, som blev anvendt i - libvpx-biblioteket.

    • - -
  • CVE-2015-1259 - -

    Atte Kettunen opdagede et problem med uinitialiseret hukommelse i - pdfium-biblioteket.

    • - -
  • CVE-2015-1260 - -

    Khalil Zhani opdagede adskillige problemer med anvendelse efter - frigivelse i chromiums grænseflade til WebRTC-biblioteket.

    • - -
  • CVE-2015-1261 - -

    Juho Nurminen opdagede problem med forfalskning af URL-bjælken.

    • - -
  • CVE-2015-1262 - -

    miaubiz opdagede anvendelse af et uinitialiseret klassemedlem i - skrifttypehåndteringen.

    • - -
  • CVE-2015-1263 - -

    Mike Ruddy opdagede at download at stavekontrolsordbogen ikke skete over - HTTPS.

    • - -
  • CVE-2015-1264 - -

    K0r3Ph1L opdagede et problem med udførelse af skripter på tværs af - websteder, hvilket kunne udløses ved at gemme et websted som et - bogmærke.

    • - -
  • CVE-2015-1265 - -

    Chrome 43-udviklingsholdet fandt og retter forskellige problemer under - intern gennemgang. Desuden blev adskillige problemer rettet i - libv8-biblioteket, version 4.3.61.21.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 43.0.2357.65-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 43.0.2357.65-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3267.data" diff --git a/danish/security/2015/dsa-3268.wml b/danish/security/2015/dsa-3268.wml deleted file mode 100644 index 1f5e386b9b8..00000000000 --- a/danish/security/2015/dsa-3268.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="4b46026f52c6565ab1b024d27e71292a9f6eec71" mindelta="1" -sikkerhedsopdatering - -

Tavis Ormandy opdagede at NTFS-3G, en NTFS-driver til FUSE som understøtter -læsning og skrivning, ikke tømte miljøet før mount og unmount blev udført med -forøgede rettigheder. En lokal bruger kunne udnytte fejlen til at overskrive -vilkårlig filer samt få forøgede rettigheder, ved at tilgå -debuggingfunktionalitet gennem miljøet, som det normalt ikke er en god ide at -give upriviligerede brugere adgang til.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i -version 1:2012.1.15AR.5-2.1+deb7u1. Bemærk at problemet ikke påvirker de -binære pakker, som distribueres af Debian i wheezy, da ntfs-3g ikke anvender -det indlejrede fuse-lite-bibliotek.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:2014.2.15AR.2-1+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine ntfs-3g-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3268.data" diff --git a/danish/security/2015/dsa-3269.wml b/danish/security/2015/dsa-3269.wml deleted file mode 100644 index 95d1b5d8d01..00000000000 --- a/danish/security/2015/dsa-3269.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="a11149bcc06cc5462ccdbac9052516ee84080e87" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i PostgreSQL-9.1, et SQL-databasesystem.

- -
    - -

  • CVE-2015-3165 - (Fjernnedbrud)

    - -

    SSL-klienter, som afbryder forbindelsen lige før - autentifikationstimeouten udløber, kunne få serveren til at gå ned.

    • - -

  • CVE-2015-3166 - (Informationsblotlæggelse)

    - -

    Erstatningsimplementeringen af snprintf() fik ikke kontrolleret for fejl - rapporteret af de underliggende kald til systembiblioteker; primært er det - ikke mere hukommelse-situationer, der kunne blive overset. I værste fald - kunne det føre til informationsblotlæggelse.

    • - -

  • CVE-2015-3167 - (Mulig blotlæggelse af sidekanal-nøgle)

    - -

    I contrib/pgcrypto kunne nogle tilfælde af dekryptering med en forkert - nøgle føre til andre fejlmeddelelsestekster. Rettet ved at anvende en - en størrelse passer alle-meddelelse.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 9.1.16-0+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -9.1.16-0+deb8u1. (Jessie indeholder en begrænset postgresql-9.1-pakke; kun -\ -CVE-2015-3166 er rettet i den fremstillede binære pakke, -postgresql-plperl-9.1. Vi anbefaler at opgradere til postgresql-9.4 for at få -alle rettelserne. Se udgivelsesbemærkningerne til Jessie for flere -oplysninger.)

- -

Distributionen testing (stretch) og den ustabile distribution (sid) -indeholder ikke pakken postgresql-9.1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3269.data" diff --git a/danish/security/2015/dsa-3270.wml b/danish/security/2015/dsa-3270.wml deleted file mode 100644 index 351602431ed..00000000000 --- a/danish/security/2015/dsa-3270.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="a11149bcc06cc5462ccdbac9052516ee84080e87" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i PostgreSQL-9.4, et SQL-databasesystem.

- -
    - -

  • CVE-2015-3165 - (Fjernnedbrud)

    - -

    SSL-klienter, som afbryder forbindelsen lige før - autentifikationstimeouten udløber, kunne få serveren til at gå ned.

    • - -

  • CVE-2015-3166 - (Informationsblotlæggelse)

    - -

    Erstatningsimplementeringen af snprintf() fik ikke kontrolleret for fejl - rapporteret af de underliggende kald til systembiblioteker; primært er det - ikke mere hukommelse-situationer, der kunne blive overset. I værste fald - kunne det føre til informationsblotlæggelse.

    • - -

  • CVE-2015-3167 - (Mulig blotlæggelse af sidekanal-nøgle)

    - -

    I contrib/pgcrypto kunne nogle tilfælde af dekryptering med en forkert - nøgle føre til andre fejlmeddelelsestekster. Rettet ved at anvende en - en størrelse passer alle-meddelelse.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 9.4.2-0+deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 9.4.2-1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3270.data" diff --git a/danish/security/2015/dsa-3271.wml b/danish/security/2015/dsa-3271.wml deleted file mode 100644 index 041d6405e24..00000000000 --- a/danish/security/2015/dsa-3271.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="2b423339b6af058a43fdb2d33f91d714b23663a2" mindelta="1" -sikkerhedsopdatering - -

Tuomas Räsänen opdagede at usikker signalhåndtering i nbd-server, serveren -til Network Block Device-protokollen, kunne gøre det muligt for fjernangribere -at forårsage et deadlock i serverprocessen, og dermed et lammelsesangreb (denial -of service).

- -

Tuomas Räsänen opdagede også at den moderne forhandlingsstil blev udført i -den primære serverproces, før den egentlige klient håndtering blev forgrenet. -Dermed kunne en fjernangriber forårsage et lammelsesangreb (nedbrud), ved at -spørge efter en ikke-eksisterende eksport. Problemet påvirker kun den gamle -stabile distribution (wheezy).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1:3.2-4~deb7u5.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:3.8-4+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1:3.10-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:3.10-1.

- -

Vi anbefaler at du opgraderer dine nbd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3271.data" diff --git a/danish/security/2015/dsa-3272.wml b/danish/security/2015/dsa-3272.wml deleted file mode 100644 index 4677a190ade..00000000000 --- a/danish/security/2015/dsa-3272.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="a8d969c6b3cbadc96d622fc1ab8b108de0b8040b" mindelta="1" -sikkerhedsopdatering - -

Javantea opdagede en NULL-pointerdereferencefejl i racoon, Internet Key -Exchange-dæmonen i ipsec-tools. En fjernangriber kunne udnytte fejlen til at -forårsage, at IKE-dæmonen gik ned på grund af særligt fremstillede UDP-pakker, -medførende et lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1:0.8.0-14+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:0.8.2+20140711-2+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine ipsec-tools-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3272.data" diff --git a/danish/security/2015/dsa-3273.wml b/danish/security/2015/dsa-3273.wml deleted file mode 100644 index 91cc543d174..00000000000 --- a/danish/security/2015/dsa-3273.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="d28e81b7a4ed61aacfbe403f8a99980a0c15bbf6" mindelta="1" -sikkerhedsopdatering - -

William Robinet og Michal Zalewski opdagede adskillige sårbarheder i -TIFF-biblioteket og dets værktøjer, hvilket kunne medføre lammelsesangreb eller -udførelse af vilkårlig kode, hvis en misdannet TIFF-fil blev behandlet.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 4.0.2-6+deb7u4.

- -

I den stabile distribution (jessie), er disse problemer rettet -before the initial release.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3273.data" diff --git a/danish/security/2015/dsa-3274.wml b/danish/security/2015/dsa-3274.wml deleted file mode 100644 index 356a408f7d2..00000000000 --- a/danish/security/2015/dsa-3274.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1436961903a3e91bd912064f095bfab11d9ea7f5" mindelta="1" -sikkerhedsopdatering - -

Jason Geffner opdagede et bufferoverløb i det emulerede diskettedrev, -potentielt medførende rettighedsforøgelse.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 4.1.18-dfsg-2+deb7u5.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4.3.18-dfsg-3+deb8u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.3.28-dfsg-1.

- -

Vi anbefaler at du opgraderer dine virtualbox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3274.data" diff --git a/danish/security/2015/dsa-3275.wml b/danish/security/2015/dsa-3275.wml deleted file mode 100644 index a1e96e725cb..00000000000 --- a/danish/security/2015/dsa-3275.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e4b93847b0bbf3578c7a11f09de8e3d94a14e156" mindelta="1" -sikkerhedsopdatering - -

Ansgar Burchardt opdagede at Git-plugin'en til FusionForge, et webbaseret -projekthåndterings- og samarbejdsprogram, ikke på tilstrækkelig vis validerede -brugerleverede inddata som parameter til den metode, der opretter sekundære -Git-arkiver. En fjernangriber kunne udnytte fejlen til at udføre vilkårlig -kode som root gennem en særligt fremstillet URL.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.3.2+20141104-3+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine fusionforge-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3275.data" diff --git a/danish/security/2015/dsa-3276.wml b/danish/security/2015/dsa-3276.wml deleted file mode 100644 index 5e335e77541..00000000000 --- a/danish/security/2015/dsa-3276.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="df4146397916cbf5ae6b32431d319890e8238ed1" mindelta="1" -sikkerhedsopdatering - -

Jakub Zalas opdagede at Symfony, et framework til fremstilling af websteder -og webapplikationer, var sårbart over for begrænsingsomgåelse. Det påvirkede -applikationer med aktiveret understøttelse af ESI eller SSI, som anvender -FragmentListener. En ondsindet bruger kunne kalde en controller via stien -/_fragment, ved at levere en ugyldig hash i URL'en (eller fjerne den), som -omgik URL-signering og sikkerhedsregler.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.3.21+dfsg-4+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 2.7.0~beta2+dfsg-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.7.0~beta2+dfsg-2.

- -

Vi anbefaler at du opgraderer dine symfony-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3276.data" diff --git a/danish/security/2015/dsa-3277.wml b/danish/security/2015/dsa-3277.wml deleted file mode 100644 index 269ae0d1f08..00000000000 --- a/danish/security/2015/dsa-3277.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="467c7941e519cf51d92f85b3e7c51007a6a1eeed" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i dissektorerne/fortolkerne af LBMR, -websockets, WCP, X11, IEEE 802.11 og Android Logcat, hvilke kunne medføre -lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.8.2-5wheezy16.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.12.1+g01b65bf-4+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1.12.5+g5819e5b-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.12.5+g5819e5b-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3277.data" diff --git a/danish/security/2015/dsa-3278.wml b/danish/security/2015/dsa-3278.wml deleted file mode 100644 index c70d75dd389..00000000000 --- a/danish/security/2015/dsa-3278.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="7a7202e151d3ad73bcbb539132348bdbd9f8e06e" mindelta="1" -sikkerhedsopdatering - -

En informationsafsløringsfejl på grund af ukorrekt behandling af -JkMount-/JkUnmount-direktiver, blev fundet i Apache 2-modulet mod_jk til -videresendelse fra webserveren Apache til Tomcat. En JkUnmount-regel for et -undertræ hørende til en tidligere JkMount-regel kunne blive ignoreret. Dermed -kunne det være muligt for fjernangribere, potentielt at få adgnag til private -artifakter i et træ, som ellers ikke er tilgængeligt for dem.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1:1.2.37-1+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:1.2.37-4+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1:1.2.40+svn150520-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.2.40+svn150520-1.

- -

Vi anbefaler at du opgraderer dine libapache-mod-jk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3278.data" diff --git a/danish/security/2015/dsa-3279.wml b/danish/security/2015/dsa-3279.wml deleted file mode 100644 index 25905bc22bb..00000000000 --- a/danish/security/2015/dsa-3279.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="f35895f313f0f66487cd8ae4096361558130cae4" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at redis, en database med persistence nøgleværdier, kunne udføre -usikker Lua-bytekode ved hjælp af EVAL-kommandoen. Dermed kunne fjernangribere -få mulighed for at bryde ud af Lua-sandkassen og udføre vilkårlig kode.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2:2.8.17-1+deb8u1.

- -

I distributionen testing (stretch), voæ dette problem blive rettet i -version 2:3.0.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:3.0.2-1.

- -

Vi anbefaler at du opgraderer dine redis-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3279.data" diff --git a/danish/security/2015/dsa-3280.wml b/danish/security/2015/dsa-3280.wml deleted file mode 100644 index f0978833eb5..00000000000 --- a/danish/security/2015/dsa-3280.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="70c6d2a8d626aa8200a9194910cd3d7eb47858cd" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i PHP:

- -
    - -
  • CVE-2015-4025 / - CVE-2015-4026 - -

    Adskillige funktioner kiggede ikke efter NULL-bytes i stinavne.

    • - -
  • CVE-2015-4024 - -

    Lammelsesangreb (denial of service) ved behandling af forespørgsler med - multipart/form-data.

    • - -
  • CVE-2015-4022 - -

    Heltalsoverløb i funktionen ftp_genlist() kunne måske medføre - lammelsesangreb eller potentiel udførelse af vilkårlig kode.

    • - -
  • CVE-2015-4021 - CVE-2015-3329 - CVE-2015-2783 - -

    Adskillige sårbarheder i phar-udvidelsen kunne måske medføre - lammelsesangreb eller potenielt udførelse af vilkårlig kode, når misdannede - arkiver blev behandlet.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 5.4.41-0+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.6.9+dfsg-0+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 5.6.9+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.6.9+dfsg-1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3280.data" diff --git a/danish/security/2015/dsa-3281.wml b/danish/security/2015/dsa-3281.wml deleted file mode 100644 index d371413f89b..00000000000 --- a/danish/security/2015/dsa-3281.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="d3bcae2d503f783a8c84e27731248384185e9660" mindelta="1" -besked om at Debian Security Team har ændret PGP-/GPG-nøgle - -

Hermed oplyser vi, at Debian Security Team har ændret sin -PGP-/GPG-kontaktnøgle som følge af periodisk, almindelig nøgleudskiftning.

- -

Den nye nøgles fingeraftryk er:

- 0D59 D2B1 5144 766A 14D2 41C6 6BAF 400B 05C3 E651 - -

Oprettelsesdatoen er 2015-01-18 og nøglen er signeret med Security Teams -foregående kontaktnøgle samt af flere individuelle holdmedlemmer.

- -

Anvend fra nu den nye nøgle til krypteret kommunikation med Debian Security -Team. Den nye nøgle kan hentes fra en nøgleserver, for eksempel -\ -pgp.surfnet.nl.

- -

Vores websted er opdateret med ændringen.

- -

Bemærk at det kun vedrører nøglen, der anvendes til at kommunikation med -holdet. Nøglerne, der anvendes til at signere APT-arkivet security.debian.org -og nøglerne, der anvendes til at signere sikkerhedsbulletiner, er uændrede.

- -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3281.data" diff --git a/danish/security/2015/dsa-3282.wml b/danish/security/2015/dsa-3282.wml deleted file mode 100644 index e1576a0ac12..00000000000 --- a/danish/security/2015/dsa-3282.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="73d0acfaa105083296c2192c98c8ff5329618ccc" mindelta="1" -sikkerhedsopdatering - -

Alexander E. Patrakov opdagede et problem i strongSwan, en IKE-/IPsec-suite, -som anvendes til at etablere IPsec-beskyttede forbindelser.

- -

Når en IKEv2-klient autentificerede serveren med certifikater og klienten -autentificerede sig selv over for serveren ved hjælp af tidligere delt nøgle -eller EAP, blev begrænsningerne i servercertifikatet kun håndhævet af klienten -efter alle autentifikationstrin var gennemført med succes. En ondsindet server, -der kan autentificere ved hjælp af gyldige certifikater udgivet af ethvert CA, -som klienten har tillid til, kunne narre brugeren til at fortsætte -autentifikationen, og dermed afsløre brugernavnet og adgangskodens digest (til -EAP) eller endda adgangskoden i klartekst (hvis EAP-GTC accepteres).

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 4.5.2-1.5+deb7u7.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.2.1-6+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 5.3.1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.3.1-1.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3282.data" diff --git a/danish/security/2015/dsa-3283.wml b/danish/security/2015/dsa-3283.wml deleted file mode 100644 index dabda030740..00000000000 --- a/danish/security/2015/dsa-3283.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="1b6406b6b1f7effa7e1475e602c3d7065d164e09" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at CUPS, Common UNIX Printing System, var sårbart over for en -fjernudløsbar rettighedsforøgelse ved hjælp af udførelse af skripter på tværs af -websteder samt levering af en dårlig udskriftsopgave, som blev anvendt til at -erstatte cupsd.conf på CUPS-serveren.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.5.3-5+deb7u6.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.7.5-11+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.7.5-12.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3283.data" diff --git a/danish/security/2015/dsa-3284.wml b/danish/security/2015/dsa-3284.wml deleted file mode 100644 index 4189a4d3872..00000000000 --- a/danish/security/2015/dsa-3284.wml +++ /dev/null @@ -1,68 +0,0 @@ -#use wml::debian::translation-check translation="9e0bdc6c500c3c84d2ba80415ba3d7a686a15ced" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu, en hurtig processoremulator.

- -
    - -
  • CVE-2015-3209 - -

    Matt Tait fra Googles Project Zero-sikkerhedshold opdagede en fejl i den - måde, QEMU's AMD PCnet Ethernet-emulering håndterede multi-TMD-pakker med en - længde på mere end 4096 bytes. En priviligeret gæstebruger i en gæst med et - aktiveret AMD PCNet-netværkskort, kunne potentielt udnytte fejlen til at - udføre vilkårlig kode på værten med QEMU-værtsprocessens - rettigheder.

    • - -
  • CVE-2015-4037 - -

    Kurt Seifried fra Red Hat Product Security opdagede at QEMU's - netværksstak i brugertilstand, anvendte forudsigelige midlertidige filnavne, - når valgmuligheden -smb blev anvendt. En upriviligeret bruger kunne udnytte - fejlen til at forårsage et lammelsesangreb (denial of service).

    • - -
  • CVE-2015-4103 - -

    Jan Beulich fra SUSE opdagede at QEMU Xen-koden ikke på korrekt vis - begrænsede skriveadgang til værtens MSI-beskeddatafelt, hvilket gjorde det - muligt for en ondsindet gæst at forårsage et lammelsesangreb.

    • - -
  • CVE-2015-4104 - -

    Jan Beulich fra SUSE opdagede at QEMU Xen-koden ikke på korrekt vis - begrænsede adgangen til PCI MSI-maskebits, hvilket gjorde det muligt for en - ondsindet gæst at forårsage et lammelsesangreb.

    • - -
  • CVE-2015-4105 - -

    Jan Beulich fra SUSE rapporterede at QEMU Xen-koden aktiverede - logning af PCI MSI-X-gennemstillingsfejlmeddelelser, hvilket gjorde det - muligt for en ondsindet gæst at forårsage et lammelsesangreb.

    • - -
  • CVE-2015-4106 - -

    Jan Beulich fra SUSE opdagede at QEMU Xen-koden ikke på korrekt vis - begrænsede skriveadgangen til PCI-opsætningsrummet vedrørende visse - PCI-gennemstillingsenheder, hvilket gjorde det muligt for en ondsindet - gæst at forårsage et lammelsesangreb, få adgang til følsomme oplysninger - eller potentielt udføre vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.1.2+dfsg-6a+deb7u8. Kun -CVE-2015-3209 og -CVE-2015-4037 -påvirker oldstable.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:2.1+dfsg-12+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:2.3+dfsg-6.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3284.data" diff --git a/danish/security/2015/dsa-3285.wml b/danish/security/2015/dsa-3285.wml deleted file mode 100644 index e00f94cd74b..00000000000 --- a/danish/security/2015/dsa-3285.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="f73098b26e8fd5c9aecd23673cf0d2db7efb29f1" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu-kvm, en komplet virtualiseringsløsning -til x86-hardware.

- -
    - -
  • CVE-2015-3209 - -

    Matt Tait fra Googles Project Zero-sikkerhedshold opdagede en fejl i den - måde, QEMU's AMD PCnet Ethernet-emulering håndterede multi-TMD-pakker med en - længde på mere end 4096 bytes. En priviligeret gæstebruger i en gæst med et - aktiveret AMD PCNet-netværkskort, kunne potentielt udnytte fejlen til at - udføre vilkårlig kode på værten med QEMU-værtsprocessens - rettigheder.

    • - -
  • CVE-2015-4037 - -

    Kurt Seifried fra Red Hat Product Security opdagede at QEMU's - netværksstak i brugertilstand, anvendte forudsigelige midlertidige filnavne, - når valgmuligheden -smb blev anvendt. En upriviligeret bruger kunne udnytte - fejlen til at forårsage et lammelsesangreb (denial of service).

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.1.2+dfsg-6+deb7u8.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3285.data" diff --git a/danish/security/2015/dsa-3286.wml b/danish/security/2015/dsa-3286.wml deleted file mode 100644 index 5de11d3084a..00000000000 --- a/danish/security/2015/dsa-3286.wml +++ /dev/null @@ -1,77 +0,0 @@ -#use wml::debian::translation-check translation="eaac0809d38604e7e9ce1fa50e1ab3a2c2a36cd4" mindelta="1" -sikkerhedsopdatering - -

Multiple security issues have been found in the Xen virtualisation -solution:

- -
    - -
  • CVE-2015-3209 - -

    Matt Tait fra Googles Project Zero-sikkerhedshold opdagede en fejl i den - måde, QEMU's AMD PCnet Ethernet-emulering håndterede multi-TMD-pakker med en - længde på mere end 4096 bytes. En priviligeret gæstebruger i en gæst med et - aktiveret AMD PCNet-netværkskort, kunne potentielt udnytte fejlen til at - udføre vilkårlig kode på værten med QEMU-værtsprocessens - rettigheder.

    • - -
  • CVE-2015-4103 - -

    Jan Beulich fra SUSE opdagede at QEMU Xen-koden ikke på korrekt vis - begrænsede skriveadgang til værtens MSI-beskeddatafelt, hvilket gjorde det - muligt for en ondsindet gæst at forårsage et lammelsesangreb.

    • - -
  • CVE-2015-4104 - -

    Jan Beulich fra SUSE opdagede at QEMU Xen-koden ikke på korrekt vis - begrænsede adgangen til PCI MSI-maskebits, hvilket gjorde det muligt for en - ondsindet gæst at forårsage et lammelsesangreb.

    • - -
  • CVE-2015-4105 - -

    Jan Beulich fra SUSE rapporterede at QEMU Xen-koden aktiverede - logning af PCI MSI-X-gennemstillingsfejlmeddelelser, hvilket gjorde det - muligt for en ondsindet gæst at forårsage et lammelsesangreb.

    • - -
  • CVE-2015-4106 - -

    Jan Beulich fra SUSE opdagede at QEMU Xen-koden ikke på korrekt vis - begrænsede skriveadgangen til PCI-opsætningsrummet vedrørende visse - PCI-gennemstillingsenheder, hvilket gjorde det muligt for en ondsindet - gæst at forårsage et lammelsesangreb, få adgang til følsomme oplysninger - eller potentielt udføre vilkårlig kode.

    • - - -
  • CVE-2015-4163 - -

    Jan Beulich opdagede at en manglende versionskontrol i hyperkaldhandleren - GNTTABOP_swap_grant_ref måske kunne medføre lammelsesangreb. Det gælder kun - Debian stable/jessie.

    • - -
  • CVE-2015-4164 - -

    Andrew Cooper opdagede en sårbarhed i hyperkaldhandleren iret, hvilken - måske kunne medføre lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 4.1.4-3+deb7u8.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.4.1-9+deb8u1. -CVE-2015-3209, -CVE-2015-4103, -CVE-2015-4104, -CVE-2015-4105 og -CVE-2015-4106 -påvirker ikke Xen-pakken i stable/jessie, som anvender standard-qemu-pakken og -allerede er rettet i DSA-3284-1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3286.data" diff --git a/danish/security/2015/dsa-3287.wml b/danish/security/2015/dsa-3287.wml deleted file mode 100644 index d992c811c90..00000000000 --- a/danish/security/2015/dsa-3287.wml +++ /dev/null @@ -1,74 +0,0 @@ -#use wml::debian::translation-check translation="7f90a65e206221fc861cb1d91ede6ff87ee2ce2c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget OpenSSL, et Secure Sockets -Layer-værktøjssæt.

- -
    - -
  • CVE-2014-8176 - -

    Praveen Kariyanahalli, Ivan Fratric og Felix Groebert opdagede at en - ugyldig hukommelsesfrigivelse kunne blive udløst når DTLS-data blev - bufferet. Dermed kunne fjernangribere forårsage et lammelsesangreb - (nedbrud) eller potentielt udføre vilkårlig kode. Problemet påvirker kun - den gamle stabile distribution (wheezy).

    • - -
  • CVE-2015-1788 - -

    Joseph Barr-Pixton opdagede at en uendelig løkke kunne blive udløst på - grund af ukorrekt håndtering af misdannede ECParameters-strukturer. Dermed - kunne fjernangribere forårsage et lammelsesangreb.

    • - -
  • CVE-2015-1789 - -

    Robert Swiecki og Hanno Böck opdagede at funktionen X509_cmp_time kunne - læse flere bytes uden for grænserne. Dermed kunne fjernangribere forårsage - et lammelsesangreb (nedbrud) gennem fabrikerede certifikater og - CRL'er.

    • - -
  • CVE-2015-1790 - -

    Michal Zalewski opdagede at fortolkningskoden til PKCS#7 ikke på korrekt - vis håndterende manglende indhold, hvilket kunne føre til en - NULL-pointerdereference. Dermed kunne fjernangribere forårsage et - lemmelsesangreb (nedbrud) gennem fabrikerede ASN.1-kodede - PKCS#7-blob'er.

    • - -
  • CVE-2015-1791 - -

    Emilia Käsper opdagede at en kapløbstilstand kunne opstå på grun af - ukorrekt håndtering af NewSessionTicket i en flertrådet klient, førende til - en dobbelt frigivelse. Dermed kunne fjernangribere forårsage et - lammelsesangreb (nedbrud).

    • - -
  • CVE-2015-1792 - -

    Johannes Bauer opdagede at CMS-koden kunne gå i en uendelig løkke, når - en signedData-besked blev verificeret, hvis den blev præsenteret med en - ukendt HASH-funktion-OID. Dermed kunne fjernangribere forårsage et - lammelsesangreb.

    • - -
- -

Desuden afviser OpenSSL ny håndaftryk ved hjælp af DH-parametre kortere end -768 bits, som en foranstaltning mod Logjam-angrebet -(CVE-2015-4000).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.0.1e-2+deb7u17.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.0.1k-3+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1.0.2b-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.2b-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3287.data" diff --git a/danish/security/2015/dsa-3288.wml b/danish/security/2015/dsa-3288.wml deleted file mode 100644 index 599de6cad1f..00000000000 --- a/danish/security/2015/dsa-3288.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="ae9f1d7975b989b88cd4b7ad7549c6d0ecbba976" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er rettet i adskillige demuxere og dekodere i -multimediebiblioteket libav. En komplet liste over ændringerne er -tilgængelig i \ -https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 6:11.4-1~deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 6:11.4-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 6:11.4-1.

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3288.data" diff --git a/danish/security/2015/dsa-3289.wml b/danish/security/2015/dsa-3289.wml deleted file mode 100644 index 070b9d1132b..00000000000 --- a/danish/security/2015/dsa-3289.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="cfbaed27066056c2cf300eb57e458e3f8227e184" mindelta="1" -sikkerhedsopdatering - -

Alexander Cherepanov opdagede at p7zip var ramt af en -mappegennemløbssårbarhed. Under udpakning af et arkiv, blev symlinks udpakket -og dernæst fulgt, hvis der var referencer til dem i efterfølgende forekomster. -Det kunne udnyttes af et ondsindet arkiv til at skrive filer uden for den -aktuelle mappe.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 9.20.1~dfsg.1-4+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 9.20.1~dfsg.1-4.1+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 9.20.1~dfsg.1-4.2.

- -

Vi anbefaler at du opgraderer dine p7zip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3289.data" diff --git a/danish/security/2015/dsa-3290.wml b/danish/security/2015/dsa-3290.wml deleted file mode 100644 index 717dedb063d..00000000000 --- a/danish/security/2015/dsa-3290.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="4b9bde93c3381d6a9b370f67f6760a91df77d00d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke måske kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service), informationslækager -eller datakorruption.

- -
    - -
  • CVE-2015-1805 - -

    Red Hat opdagede at implementeringerne af pipe iovec-læsning og - -skrivning kunne itererer over iovec'en to gange, men ændre iovec'en på en - sådan måde, at det andet gennemløb tilgik den forkerte hukommelse. En lokal - bruger kunne udnytte fejlen til at få systemet til at gå ned eller muligvis - til rettighedsforøgelse. Det kunne også medføre datakorruption og - informationslækager i pipes mellem ikke-ondsindede processer.

    • - -
  • CVE-2015-3636 - -

    Wen Xu og wushi fra KeenTeam opdagede at brugere med tilladelse til at - oprette ping-sockets, kunne udnytte dem til at få systemet til at gå ned, - samt på 32 bit-arkitekturer, til rettighedsforøgelse. Som standard har dog - ingen brugere på et Debian-system adgang til ping-sockets.

    • - -
  • CVE-2015-4167 - -

    Carl Henrik Lunde opdagede at UDF-implementeringen manglede en nødvendig - længdekontrol. En lokal bruger, som kan mounte enheder, kunne udnytte - fejlen til at få systemet til at gå ned.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 3.2.68-1+deb7u2.

- -

I den stabile distribution (jessie), blev disse problemer rettet i version -3.16.7-ckt11-1 eller tidligere, bortset fra -CVE-2015-4167, -som vil blive rettet senere.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3290.data" diff --git a/danish/security/2015/dsa-3291.wml b/danish/security/2015/dsa-3291.wml deleted file mode 100644 index 18ed2f59946..00000000000 --- a/danish/security/2015/dsa-3291.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="f6fdf613e5e9d7d3ae5c01ad08c426206265b991" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i drupal7, en platform til indholdhåndtering, -som anvendes til at drive websteder.

- -
    - -
  • CVE-2015-3231 - -

    Ukorrekt håndtering af cache, gjorde privat indhold som user 1 - kiggede på, synligt for andre, ikke-priviligerede brugere.

    • - -
  • CVE-2015-3232 - -

    En fejl i modulet Field UI gjorde det muligt for angribere at - viderestille brugere til ondsindede websteder.

    • - -
  • CVE-2015-3233 - -

    På grund af utilstrækkelig URL-validering, kunne Overlay modulet anvendes - til at viderestille brugere til ondsindede websteder.

    • - -
  • CVE-2015-3234 - -

    Modulet OpenID tillod at en angriber kunne logge på som andre brugere, - herunder administratorer.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 7.14-2+deb7u10.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7.32-1+deb8u4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.38.1.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3291.data" diff --git a/danish/security/2015/dsa-3293.wml b/danish/security/2015/dsa-3293.wml deleted file mode 100644 index 621862fe719..00000000000 --- a/danish/security/2015/dsa-3293.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="cb7221a068b4863e1d853c8cc1076bb3b8390e8c" mindelta="1" -sikkerhedsopdatering - -

Tim McLean opdagede at pyjwt, en implementering i Python af JSON Web Token, -forsøgte at verificere en HMAC-signatur ved hjælp af en offentlig RSA- eller -ECDSA-nøgle som hemmelig. Dermed kunne det være muligt for angribere at narre -applikationer, som forventer tokens signeret med asymetriske nøgler, til at -acceptere vilkårlige tokens. For flere oplysninger, se: -\ -https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.2.1-1+deb8u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine pyjwt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3293.data" diff --git a/danish/security/2015/dsa-3294.wml b/danish/security/2015/dsa-3294.wml deleted file mode 100644 index a829c8b5f55..00000000000 --- a/danish/security/2015/dsa-3294.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="82fd402bf7294043a6f95c08b8a2b6a6907ecd05" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i dissektorer til WCCP og and GSM DTAP, -hvilke kunne medføre lammelsesangreb (denial of service).

- -

Den gamle stabile distribution (wheezy) is not affected.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.12.1+g01b65bf-4+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1.12.6+gee1fce6-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.12.6+gee1fce6-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3294.data" diff --git a/danish/security/2015/dsa-3295.wml b/danish/security/2015/dsa-3295.wml deleted file mode 100644 index f3fce0a2e5d..00000000000 --- a/danish/security/2015/dsa-3295.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="4c761cdd50103a71312058eb70cb4266151e6eac" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder (udførelse af skripter på tværs af websteder og -SQL-indsprøjtning) er opdaget i Cacti, en webgrænseflade til grafisk afbildning -af overvågningssystemer.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 0.8.8a+dfsg-5+deb7u5.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.8.8b+dfsg-8+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.8.8d+ds1-1.

- -

Vi anbefaler at du opgraderer dine cacti-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3295.data" diff --git a/danish/security/2015/dsa-3296.wml b/danish/security/2015/dsa-3296.wml deleted file mode 100644 index 88846e6ecd8..00000000000 --- a/danish/security/2015/dsa-3296.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="d67e9d7d982b244af375690d9a93d26128794c52" mindelta="1" -sikkerhedsopdatering - -

Evgeny Sidorov opdagede at libcrypto++, et generelt kryptografisk bibliotek -til C++, ikke på korrekt vis implementerede blænding med det formål at maskere -private nøglehandlinger i Rabin-Williams-algoritmen til digitale signaturer. -Derved kunne fjernangribere få mulighed for at iværksætte et timingangreb samt -få fat i brugerens private nøgle.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 5.6.1-6+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.6.1-6+deb8u1.

- -

I distributionen testing (stretch), vil dette problem blive rettet i -version 5.6.1-7.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.6.1-7.

- -

Vi anbefaler at du opgraderer dine libcrypto++-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3296.data" diff --git a/danish/security/2015/dsa-3297.wml b/danish/security/2015/dsa-3297.wml deleted file mode 100644 index 48d0cc0beeb..00000000000 --- a/danish/security/2015/dsa-3297.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="21f474d96b019f7a7dd12553e8a417b12bae72da" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at unattended-upgrades, et skript til automatisk installering af -sikkerhedsopdateringer, ikke på korrekt vis autentificerede downloadede pakker, -når dkpg-valgmulighederne force-confold eller force-confnew var aktiveret via -apt-opsætningen DPkg::Options::*.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 0.79.5+wheezy2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.83.3.2+deb8u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine unattended-upgrades-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3297.data" diff --git a/danish/security/2015/dsa-3298.wml b/danish/security/2015/dsa-3298.wml deleted file mode 100644 index f76ebaf0147..00000000000 --- a/danish/security/2015/dsa-3298.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="36cd549add6bc51131df25bb4ead07c9853ab643" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Jackrabbit WebDAV-bundle't var sårbart over for et -XXE-/XEE-angreb. Ved behandling af en WebDAV-forespørgselskrop indeholdende -XML, kunne XML-fortolkeren blive instrueret til at læse indhold fra -netværksressourcer tilgængelige for værten, identificeret af URI-skemaer så som -http(s) eller file. Afhængigt af WebDAV-forespørgslen kunne det -ikke blot udnyttes til at udløse interne netværksforespørgsler, men også -anvendes til at indsætte sådant indhold i forespørgslen, potentielt medførende -en blotlæggelse af indholdet til angriberen og andre.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.3.6-1+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.3.6-1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 2.10.1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.10.1-1.

- -

Vi anbefaler at du opgraderer dine jackrabbit-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3298.data" diff --git a/danish/security/2015/dsa-3299.wml b/danish/security/2015/dsa-3299.wml deleted file mode 100644 index ffcee6afe32..00000000000 --- a/danish/security/2015/dsa-3299.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="b1c57566b568efd05e55fdd292e8ef0958a738c8" mindelta="1" -sikkerhedsopdatering - -

Johan Olofsson opdagede en sårbarhed i forbindelse med omgåelse af -autentificering i Stunnel, et program designet til at fungere som en universel -SSL-tunnel for netværksdæmoner. Når Stunnel i servertilstand blev anvendt med -redirect-valgmuligheden og certifikatbaseret autentifikation er aktiveret med -verify = 2 eller højere, blev kun den indlende forbindelse viderestillet -til værterne angivet med redirect. Dermed kunne en fjernangriber omgå -autentifikationen.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3:5.06-2+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 3:5.18-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3:5.18-1.

- -

Vi anbefaler at du opgraderer dine stunnel4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3299.data" diff --git a/danish/security/2015/dsa-3300.wml b/danish/security/2015/dsa-3300.wml deleted file mode 100644 index d6a037e1e9b..00000000000 --- a/danish/security/2015/dsa-3300.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="820f86f42ebebcd058b198bf5ccd9fb996e5acb7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Adskillige hukommelsessikkerhedsfejl, -anvendelser efter frigivelse samt andre implementeringsfejl, kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb (denial of service). -Opdateringen løser også en sårbarhed i behandlingen af DHE-nøgler, kendt som -LogJam-sårbarheden.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 31.8.0esr-1~deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 31.8.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 38.1.0esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3300.data" diff --git a/danish/security/2015/dsa-3301.wml b/danish/security/2015/dsa-3301.wml deleted file mode 100644 index adf01375d39..00000000000 --- a/danish/security/2015/dsa-3301.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="348f1200424e4cf2887e5de7300e7d8de80c7ff2" mindelta="1" -sikkerhedsopdatering - -

Charlie Smurthwaite fra aTech Media opdagede en fejl i HAProxy, en hurtig og -pålidelig load balancing-reverse proxy, når HTTP-pipelining anvendes. En klient -kunne drage nytte af fejlen til at forårsage datakorruption og få adgang til -uinitialiseret hukommelsesindhold, som udstiller data fra en tidligere -forespørgsel eller session.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.5.8-3+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.5.14-1.

- -

Vi anbefaler at du opgraderer dine haproxy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3301.data" diff --git a/danish/security/2015/dsa-3302.wml b/danish/security/2015/dsa-3302.wml deleted file mode 100644 index 31b06e44f2d..00000000000 --- a/danish/security/2015/dsa-3302.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="0cb6787641fb038366aec6e1569b18459a2a274d" mindelta="1" -sikkerhedsopdatering - -

Utilstrækkelig fornuftighedskontrol af inddata i libwmf, et bibliotek til -behandling af Windows-metafildata, kunne medføre lammelsesangreb (denial of -service) eller udførelse af vilkårlig kode, hvis en misdannet WMF-fil blev -åbnet.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 0.2.8.4-10.3+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.2.8.4-10.3+deb8u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libwmf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3302.data" diff --git a/danish/security/2015/dsa-3303.wml b/danish/security/2015/dsa-3303.wml deleted file mode 100644 index 85b2d076965..00000000000 --- a/danish/security/2015/dsa-3303.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="b4c6a7c99560bf6bc031514e0304b047e9c28942" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at værktøjet texttopdf, en del af cups-filters, var sårbart over -for adskillige heapbaserede bufferoverløb på grund af ukorrekt håndtering af -printopgaver med særlig linjelængde. Dermed kunne det være muligt for -fjernangribere at få texttopdf til at gå ned eller muligvis udføre vilkårlig -kode.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.0.18-2.1+deb7u2.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.0.61-5+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.71-1.

- -

Vi anbefaler at du opgraderer dine cups-filters-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3303.data" diff --git a/danish/security/2015/dsa-3304.wml b/danish/security/2015/dsa-3304.wml deleted file mode 100644 index a55a3a8e7fd..00000000000 --- a/danish/security/2015/dsa-3304.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="004d671e34b2fd7e284fa2afff6eb96be733e458" mindelta="1" -sikkerhedsopdatering - -

Breno Silveira Soares fra Servico Federal de Processamento de Dados (SERPRO), -opdagede at BIND DNS-serveren var sårbar over for et lammelsesangreb (denial of -service). En fjernangriber, der kunne få valideringsresolveren til at -forespørge en zone med særligt konstrueret indhold, kunne få resolveren til at -afslutte med en assertion-fejl, medførende et lammelsesangreb mod klienter, der -er afhængige af resolveren.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1:9.8.4.dfsg.P1-6+nmu2+deb7u5.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:9.9.5.dfsg-9+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution -(sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3304.data" diff --git a/danish/security/2015/dsa-3305.wml b/danish/security/2015/dsa-3305.wml deleted file mode 100644 index b8996be582b..00000000000 --- a/danish/security/2015/dsa-3305.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="940fce3275e899be692b72fe9c6f099cba5e4924" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Django, et webudviklingsframework på højt -niveau til Python:

- -
    - -
  • CVE-2015-5143 - -

    Eric Peterson og Lin Hua Cheng opdagede at en ny tom record blev oprettet - sessionslageret hver gang en session blev tilgået og en ukendt sessionsnøgle - blev levereret i forespørgselscookien. Dermed kunne fjernangribere få - mulighed for at fylde sessionslageret eller udvirke at andre brugeres - sessionsrecords blev fjernet.

    • - -
  • CVE-2015-5144 - -

    Sjoerd Job Postmus opdagede at nogle indbyggede validatoerer ikke på - korrekt vis afvise linjeskift i inddataværdier. Dermed kunne fjernangribere - få mulighed for at indsprøjte headere i mails HTTP-svar.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.4.5-1+deb7u12.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.7.7-1+deb8u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3305.data" diff --git a/danish/security/2015/dsa-3306.wml b/danish/security/2015/dsa-3306.wml deleted file mode 100644 index dba56450a24..00000000000 --- a/danish/security/2015/dsa-3306.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="08312bf138465123f9ba6def8d632f7acb5a70dc" mindelta="1" -sikkerhedsopdatering - -

Toshifumi Sakaguchi opdagede at patch'en til pdns, en autoritativ DNS-server, -som rettede -\ -CVE-2015-1868, i nogle tilfælde var utilstrækkelig, hvilket gjorde det -muligt for fjernangribere at forårsage et lammelsesangreb (CPU-spikes som -påvirkede servicen og i nogle tilfælde fik den til at gå ned).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.4.1-4+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet -i version 3.4.5-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.4.5-1.

- -

Vi anbefaler at du opgraderer dine pdns-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3306.data" diff --git a/danish/security/2015/dsa-3307.wml b/danish/security/2015/dsa-3307.wml deleted file mode 100644 index 85416af388c..00000000000 --- a/danish/security/2015/dsa-3307.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="f57dacf8fb816f017712abac86bc0909711b8da0" mindelta="1" -sikkerhedsopdatering - -

Toshifumi Sakaguchi opdagede at patch'en til pdns-recursor, en rekursiv -DNS-server, som rettede -\ -CVE-2015-1868, i nogle tilfælde var utilstrækkelig, hvilket gjorde det -muligt for fjernangribere at forårsage et lammelsesangreb (CPU-spikes som -påvirkede servicen og i nogle tilfælde fik den til at gå ned).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.6.2-2+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet -i version 3.7.3-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.7.3-1.

- -

Vi anbefaler at du opgraderer dine pdns-recursor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3307.data" diff --git a/danish/security/2015/dsa-3308.wml b/danish/security/2015/dsa-3308.wml deleted file mode 100644 index c204dc9c50d..00000000000 --- a/danish/security/2015/dsa-3308.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="a24ba87fe1779b04a0d456e03e776ee157d96cd2" mindelta="1" -sikkerhedsopdatering - -

Flere problemer blev opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion 5.5.44. Se MySQL 5.5 Release -Notes og Oracles Critical Patch Update-bulletin for flere oplysninger:

- - - -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 5.5.44-0+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.5.44-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3308.data" diff --git a/danish/security/2015/dsa-3309.wml b/danish/security/2015/dsa-3309.wml deleted file mode 100644 index 90c8f832ec6..00000000000 --- a/danish/security/2015/dsa-3309.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="f145e8361eab4435ef091098c87725882a52489a" mindelta="1" -sikkerhedsopdatering - -

Fernando Muñoz opdagede at ugyldigt HTML-inddata overført til tidy, et -program til kontrol af HTML-syntaks og omformattering, kunne udløse et -bufferoverløb. Dermed kunne fjernangribere forårsage et lammelsesangreb -(nedbrud) eller potentielt udføre vilkårlig kode.

- -

Geoff McLane opdagede også at et lignende problem kunne udløse et -heltalsoverløb, førende til hukommelsesallokering på 4 gigabyte. Dermed kunne -fjernangribere forårsage et lammelsesangreb (denial of service) ved at opbrug -målets hukommelse.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 20091223cvs-1.2+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 20091223cvs-1.4+deb8u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine tidy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3309.data" diff --git a/danish/security/2015/dsa-3310.wml b/danish/security/2015/dsa-3310.wml deleted file mode 100644 index ed5e4edcbd0..00000000000 --- a/danish/security/2015/dsa-3310.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5b6fb0dc8365bdc3e64cc20f289ea2d3b4a9cdcc" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at et heltalsoverløb i freexl, et bibliotek til fortolkning af -Microsoft Excel-regneark, kunne medføre lammelsesangreb, hvis en misdannet -Excel-fil blev åbnet.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.0.0b-1+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.0.0g-1+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet i -version 1.0.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.0.2-1.

- -

Vi anbefaler at du opgraderer dine freexl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3310.data" diff --git a/danish/security/2015/dsa-3311.wml b/danish/security/2015/dsa-3311.wml deleted file mode 100644 index a21500bf0ad..00000000000 --- a/danish/security/2015/dsa-3311.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="1d73b0f0b7371c10c31e4e21ce3b6146035e1366" mindelta="1" -sikkerhedsopdatering - -

Flere problemer blev opdaget i databaseserveren MariaDB. Sårbarhederne er -løst ved at opgradere MariaDB til den nye opstrømsversion 10.0.20. Se MariaDB -10.0 Release Notes for flere oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i -version 10.0.20-0+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 10.0.20-1 or earlier versions.

- -

Vi anbefaler at du opgraderer dine mariadb-10.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3311.data" diff --git a/danish/security/2015/dsa-3312.wml b/danish/security/2015/dsa-3312.wml deleted file mode 100644 index e06055c7e36..00000000000 --- a/danish/security/2015/dsa-3312.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="b946f4c835028a2dd8e163fd077881503a9560aa" mindelta="1" -sikkerhedsopdatering - -

Adskillige SQL-indsprøjtningssårbarheder blev opdaget i cacti, en -webgrænseflade til graftegning over overvågede systemer.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 0.8.8a+dfsg-5+deb7u6.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.8.8b+dfsg-8+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet -i version 0.8.8e+ds1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.8.8e+ds1-1.

- -

Vi anbefaler at du opgraderer dine cacti-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3312.data" diff --git a/danish/security/2015/dsa-3313.wml b/danish/security/2015/dsa-3313.wml deleted file mode 100644 index a05dc6e012d..00000000000 --- a/danish/security/2015/dsa-3313.wml +++ /dev/null @@ -1,60 +0,0 @@ -#use wml::debian::translation-check translation="af81a870ae3df21772125e0891096a2c188f50ee" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse eller lammelsesangreb (denial of service).

- -
    - -
  • CVE-2015-3290 - -

    Andy Lutomirski opdagede at Linux-kernen ikke på korrekt vis håndterede - indlejrede NMI'er. En lokal, upriviligeret bruger kunne udnytte fejlen til - rettighedsforøgelse.

    • - -
  • CVE-2015-3291 - -

    Andy Lutomirski opdagede at under visse omstændigheder kunne et ondsindet - program i brugerrummet medføre at kernen droppede NMI'er, førende til et - lammelsesangreb.

    • - -
  • CVE-2015-4167 - -

    Carl Henrik Lunde opdagede at UDF-implementeringen manglende en nødvendig - længdekontrol. En lokal bruger, som kan mounte enheder, kunne udnytte - fejlen til at få systemet til at gå ned.

    • - -
  • CVE-2015-5157 - -

    Petr Matousek og Andy Lutomirski opdagede at en NMI, som foretager en - interrupt i brugerrummet og løber ind i en IRET-fejl, blev håndteret - forkert. En lokal, upriviligeret bruger kunne udnytte fejlen til - lammelsesangreb eller muligvis til rettighedsforøgelse.

    • - -
  • CVE-2015-5364 - -

    Man opdagede at Linux-kernen ikke på korrekt vis håndterede udgyldige - UDP-kontrolsummer. En fjernangriber kunne udnytte fejlen til at forårage et - lammelsesangreb ved hjælp af en strøm af UDP-pakker med ugyldige - kontrolsummer.

    • - -
  • CVE-2015-5366 - -

    Man opdagede at Linux-kernen ikke på korrekt vis håndterede ugyldige - UDP-kontrolsummer. En fjernangriber kunne forårsage et lammelsesangreb mod - applikationer, som anvender epoll, ved at indsprøjte en enkelt pakke med en - ugyldig kontrolsum.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.16.7-ckt11-1+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.0.8-2 or earlier versions.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3313.data" diff --git a/danish/security/2015/dsa-3314.wml b/danish/security/2015/dsa-3314.wml deleted file mode 100644 index e4f916029eb..00000000000 --- a/danish/security/2015/dsa-3314.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="99c9266fae57b82da1a40cc59d483ce6d5f302df" mindelta="1" -ophørt livsforløb - -

Sikkerhedsunderstøttelse fra opstrøm af Typo3 4.5.x ophørte for tre måneder -siden, og det samme gælder nu også Debian-pakkerne.

- -

Nyere versioner af Typo3 pakkes ikke længere i Debian, hvorfor det anbefalede -alternativ er at migrere til en skræddersyet installation af Typo3 6.2.x (den -aktuelle forgrening med langtidsunderstøttelse).

- -

Hvis man af en eller anden grund ikke er i stand til at migrere, er -kommerciel understøttelse af 4.5 stadig tilgængelig. Se - -for flere oplysninger.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3314.data" diff --git a/danish/security/2015/dsa-3315.wml b/danish/security/2015/dsa-3315.wml deleted file mode 100644 index 17accf61e51..00000000000 --- a/danish/security/2015/dsa-3315.wml +++ /dev/null @@ -1,141 +0,0 @@ -#use wml::debian::translation-check translation="60ebbfca5eccaa7a989512008d86d170f8af586d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2015-1266 - -

    Tilsigtede adgangsbegrænsinger kunne omgås ved visse URL'er så som - chrome://gpu.

    • - -
  • CVE-2015-1267 - -

    Der blev opdaget en måde at omgå Same Origin Policy på.

    • - -
  • CVE-2015-1268 - -

    Mariusz Mlynski opdagede også en måde at omgå Same Origin - Policy.

    • - -
  • CVE-2015-1269 - -

    Mike Rudy opdagede at værtsnavne ikke på korrekt vis blev sammenlignet i - funktionerne HTTP Strict Transport Policy og HTTP Public Key Pinning, - hvilket kunne gøre det muligt at omgå disse adgangsbegrænsninger.

    • - -
  • CVE-2015-1270 - -

    Atte Kettunen opdagede at læsning i ICU-biblioteket af uinitialiseret - hukommelse.

    • - -
  • CVE-2015-1271 - -

    cloudfuzzer opdagede et bufferoverløb i pdfium-biblioteket.

    • - -
  • CVE-2015-1272 - -

    Chamal de Silva opdagde kapløbstilstande i implementeringen af - GPU-processen.

    • - -
  • CVE-2015-1273 - -

    makosoft opdagede et bufferoverløb i openjpeg, som anvendes af - pdfium-biblioteket, der er indlejret i chromium.

    • - -
  • CVE-2015-1274 - -

    andrewm.bpi opdagede at autoåbningslisten tillod at visse filtyper kunne - udføres med det samme efter download.

    • - -
  • CVE-2015-1276 - -

    Colin Payne opdagede et problem med anvendelse efter frigivelse i - implementeringen af IndexedDB.

    • - -
  • CVE-2015-1277 - -

    SkyLined opdagede et problem med anvendelse efter frigivelse i chromiums - tilgængelighedsimplementering.

    • - -
  • CVE-2015-1278 - -

    Chamal de Silva opdagede en måde at anvende PDF-dokumenter til at - forfalske en URL.

    • - -
  • CVE-2015-1279 - -

    mlafon opdagede et bufferoverløb i pdfium-biblioteket.

    • - -
  • CVE-2015-1280 - -

    cloudfuzzer opdagede hukommelseskorruptionsproblemer i - SKIA-biblioteket.

    • - -
  • CVE-2015-1281 - -

    Masato Knugawa opdagede en måde at omgå Content Security Policy - på.

    • - -
  • CVE-2015-1282 - -

    Chamal de Silva adskillige problemer med anvendelse efter frigivelse i - pdfium-biblioteket.

    • - -
  • CVE-2015-1283 - -

    Huzaifa Sidhpurwala opdagede et bufferoverløb i - expat-biblioteket.

    • - -
  • CVE-2015-1284 - -

    Atte Kettunen opdagede at det maksimale antal sideframes ikke blev - kontrolleret på korrekt vis.

    • - -
  • CVE-2015-1285 - -

    gazheyes opdagede en informationslækage i XSS-auditoren, hvilket normalt - hjælper med til at forhindre visse former for problemer med udførelse af - skripter på tværs af websteder.

    • - -
  • CVE-2015-1286 - -

    Et problem med udførelse af skripter på tværs af websteder blev opdaget i - grænsefladen til v8-javascriptbiblioteket.

    • - -
  • CVE-2015-1287 - -

    filedescriptor opdagede en måde at omgå Same Origin Policy på.

    • - -
  • CVE-2015-1288 - -

    Mike Ruddy opdagede at stavekontrolsordbøgerne stadig kunne downloades - over almindelig HTTP (relateret til - \ - CVE-2015-1263).

    • - -
  • CVE-2015-1289 - -

    Chrome 44-udviklingsholdet fandt og rettede forskellige problemer under - intern kodegennemgang.

    • - -
- -

Ud over de oven for nævnte problemer, har Google som standard deaktiveret -hotword-udvidelsen i denne version, som hvis aktiveret downloader filer uden -brugerens indblanding.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 44.0.2403.89-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 44.0.2403.89-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3315.data" diff --git a/danish/security/2015/dsa-3316.wml b/danish/security/2015/dsa-3316.wml deleted file mode 100644 index 9864973ea1c..00000000000 --- a/danish/security/2015/dsa-3316.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="182ab1491c86f39861de9d78fe78069b3d898828" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementeringen af Oracles -Java-platform, medførende udførelse af vilkårlig kode, udbrud fra -Java-sandkassen, informationsafsløring, lammelsesangreb eller usikker -kryptografi.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 7u79-2.5.6-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7u79-2.5.6-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7u79-2.5.6-1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3316.data" diff --git a/danish/security/2015/dsa-3317.wml b/danish/security/2015/dsa-3317.wml deleted file mode 100644 index f946245d49c..00000000000 --- a/danish/security/2015/dsa-3317.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="50e4bce1a4513d3f2b10b977c1f9b6c16ca5fdda" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i LXC, Linux Containers-brugerrumsværktøjer. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2015-1331 - -

    Roman Fiedler opdagede en mappegennemløbsfejl i LXC, når der oprettes - lock-filer. En lokal angriber kunne udnytte fejlen til at oprette en - vilkårlig fil som root-brugeren.

    • - -
  • CVE-2015-1334 - -

    Roman Fiedler opdagede at LXC på ukorrekt vis stolede på at containerens - proc-filsystem ville opsætte AppArmor-profilændringer og - SELinux-domænetransitioner. En ondsindet container kunne oprette et falsk - proc-filsystem og udnytte fejlen til at køre programmer inde i containeren, - som ikke var begrænset af AppArmor eller SELinux.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:1.0.6-6+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1:1.0.7-4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:1.0.7-4.

- -

Vi anbefaler at du opgraderer dine lxc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3317.data" diff --git a/danish/security/2015/dsa-3318.wml b/danish/security/2015/dsa-3318.wml deleted file mode 100644 index e1c80739da6..00000000000 --- a/danish/security/2015/dsa-3318.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="3701196b24dc5c61e535b8710c64dc4ea56b0d19" mindelta="1" -sikkerhedsopdatering - -

Adskillige heltalsoverløb er opdaget i Expat, et C-bibliotek til fortolkning -af XML, hvilke kunne medføre lammelsesangreb eller udførelse af vilkårlig kode, -hvis en misdannet XML-fil blev behandlet.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.1.0-1+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.1.0-6+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1.0-7.

- -

Vi anbefaler at du opgraderer dine expat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3318.data" diff --git a/danish/security/2015/dsa-3319.wml b/danish/security/2015/dsa-3319.wml deleted file mode 100644 index 3cd7ee8de9c..00000000000 --- a/danish/security/2015/dsa-3319.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="9fcb0932f522538a1be28e7f025b40ab110f6793" mindelta="1" -sikkerhedsopdatering - -

Jonathan Foote opdagede at BIND DNS-serveren ikke på korrekt vis håndterede -TKEY-forespørgsler. En fjernangriber kunne udnytte fejlen til at iværksætte et -lammelsesangreb (denial of service) ved hjælp af en særligt fremstillet -forespørgsel, som udløste en assertionfejl og fik BIND til at afslutte.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:9.9.5.dfsg-9+deb8u2.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3319.data" diff --git a/danish/security/2015/dsa-3320.wml b/danish/security/2015/dsa-3320.wml deleted file mode 100644 index 2087cd1398c..00000000000 --- a/danish/security/2015/dsa-3320.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="3728e470ebec5ab860f3606861c55b54a79eb242" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at OpenAFS, implementeringen af filsystemet AFS, indeholdt flere -fejl, som kunne medføre informationslækage, lammelsesangreb (denial of service) -eller kernepanik.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.6.1-3+deb7u3.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.6.9-2+deb8u3.

- -

Vi anbefaler at du opgraderer dine openafs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3320.data" diff --git a/danish/security/2015/dsa-3321.wml b/danish/security/2015/dsa-3321.wml deleted file mode 100644 index e1b43279010..00000000000 --- a/danish/security/2015/dsa-3321.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="db083afe78125298d8363797d1c5d552ccdcb556" mindelta="1" -sikkerhedsopdatering - -

InCommon Shibboleth Training-holdet opdagede at XMLTooling, et C++-bibliotek -til XML-fortolkning, ikke på korrekt vis håndterede en exception, når veldannet -men schema-ugyldigt XML blev fortolket. Det kunne gøre det muligt for -fjernangribere at forårsage et lammelsesangreb (nedbrud) gennem fabrikerede -XML-data.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.4.2-5+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.5.3-2+deb8u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xmltooling-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3321.data" diff --git a/danish/security/2015/dsa-3322.wml b/danish/security/2015/dsa-3322.wml deleted file mode 100644 index 5a554425c3c..00000000000 --- a/danish/security/2015/dsa-3322.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="11e11fca230cf8ec00dbc973ffceef6883caffef" mindelta="1" -sikkerhedsopdatering - -

Tomek Rabczak fra NCC Group opdagede en fejl i metoden normalize_params() i -Rack, en modulær Ruby-webservergrænseflade. En fjernangriber kunne udnytte -fejlen ved hjælp af særligt fremstillede forespørgsler, at forårsage en -SystemStackError og potentielt forårsage en lammelsesangrebstilstand i -servicen.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.4.1-2.1+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.5.2-3+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.5.2-4.

- -

Vi anbefaler at du opgraderer dine ruby-rack-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3322.data" diff --git a/danish/security/2015/dsa-3323.wml b/danish/security/2015/dsa-3323.wml deleted file mode 100644 index 694d0d4b81e..00000000000 --- a/danish/security/2015/dsa-3323.wml +++ /dev/null @@ -1,56 +0,0 @@ -#use wml::debian::translation-check translation="a7af36cfe3bf37bd28913c0d17593f0684c22c42" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i biblioteket International Components for -Unicode (ICU).

- -
    - -
  • CVE-2014-8146 - -

    Implementeringen af Unicode Bidirectional Algorithm sporede ikke på - korrekt vis isolerede, retningsbestemte tekststykker, hvilket gjorde det - muligt for fjernangribere at forårsage et lammelsesangreb (heapbaseret - bufferoverløb) eller muligvis udførelse af vilkårlig kode ved hjælp af - fabrikeret tekst.

    • - -
  • CVE-2014-8147 - -

    Implementeringen af Unicode Bidirectional Algorithm anvendte en - heltalsdatatype, som ikke er i overensstemmelse med en headerfil, hvilket - gjorde det muligt for fjernangribere at forårsage et lammelsesangreb - (ukorrekt malloc efterfulgt af ugyldig frigivelse) eller muligvis udførelse - af vilkårlig kode ved hjælp af fabrikeret tekst.

    • - -
  • CVE-2015-4760 - -

    Layout Engine manglede adskillige grænsekontroller. Det kunne føre til - bufferoverløb og hukommelseskorruption. En særligt fremstillet fil kunne - udvirke, at en applikation, som anvender ICU til at fortolke fontfiler, der - ikke er tillid til, kunne gå ned eller muligvis udføre vilkårlig kode.

    • - -
- -

Desuden opdagede man, at patch'en anvendt på ICU i DSA-3187-1 til -\ -CVE-2014-6585, var ufuldstændig, muligvis førende til en ugyldig -hukommelsestilgang. Dermed kunne fjernangribere afsløre dele af privat -hukommelse ved hjælp af fabrikerede fontfiler.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 4.8.1.1-12+deb7u3.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 52.1-8+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 52.1-10.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 52.1-10.

- -

Vi anbefaler at du opgraderer dine icu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3323.data" diff --git a/danish/security/2015/dsa-3324.wml b/danish/security/2015/dsa-3324.wml deleted file mode 100644 index fe7f85fc571..00000000000 --- a/danish/security/2015/dsa-3324.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="d586d870f6d0d2c95e7dc1d6d6cea0fdac3eac7d" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af -mailklienten Mozilla Thunderbird: Adskillige hukommelsessikkerhedsfejl, -anvendelser efter frigivelser samt andre implementeringsfejl, kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb (denial of service). Denne -opdatering løser også en sårbarhed i DHE-nøglebehandlingen, bedre kendt som -LogJam-sårbarheden.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 31.8.0-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 31.8.0-1~deb8u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive løst.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3324.data" diff --git a/danish/security/2015/dsa-3325.wml b/danish/security/2015/dsa-3325.wml deleted file mode 100644 index 8dd183c04b1..00000000000 --- a/danish/security/2015/dsa-3325.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="84f679a999515ec6ae9ed61e1b5a18f4528746cc" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i Apache HTTPD-serveren.

- -
    - -
  • CVE-2015-3183 - -

    Et HTTP-forespørgselssmuglingsangreb var muligt på grund af en fejl i - fortolkningen af chunked forespørgsler. En ondsindet klient kunne tvinge - serveren til at misfortolke forespørgselslængden, hvilket muliggjorde - cacheforgiftning eller kapring af loginoplysninger, hvis en mellemliggende - proxy er i brug.

    • - -
  • CVE-2015-3185 - -

    En designfejl i funktionen ap_some_auth_required, gjorde API'et - ubrugeligt i apache2 2.4.x. Det kunne føre til at moduler, som anvender - API'et, til at tillade adgang, selv om de ikke ellers skulle gøre det. - Rettelsen tilbagefører det nye ap_some_authn_required-API fra 2.4.16. - Problemet påvirker ikke den gamle stabile distribution (wheezy).

    • - -
- -

Desuden fjerner de opdaterede pakker i den gamle stabile distribution -(wheezy) en begrænsning i Diffie-Hellman-parametrene (DH) til 1024 bit. -Begrænsningen kunne potentielt gøre det muligt for en angriber med meget -store databehandlingsressourcer, så som en nationalstat, at bryde -DH-nøgleudveksling ved forudgående udregning. Den opdaterede apache2-pakke -tillader også at opsætte skræddersyede DH-parametre. Flere oplysninger er -indeholdt i filen changelog.Debian.gz. Disse forbedringer er allerede til -stede i distributionerne stable, testing og unstable.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 2.2.22-13+deb7u5.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.4.10-10+deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3325.data" diff --git a/danish/security/2015/dsa-3326.wml b/danish/security/2015/dsa-3326.wml deleted file mode 100644 index d73d9c56d62..00000000000 --- a/danish/security/2015/dsa-3326.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="871eabf3133a7c66ca51155e4c44267a64f8363f" mindelta="1" -sikkerhedsopdatering - -

William Robinet og Stefan Cornelius opdagede et heltalsoverløb i Ghostscript, -GPL-fortolkeren af PostScript/PDF, hvilket måske kunne medføre lammelsesangreb -(denial of service) eller potentielt udførelse af vilkårlig kode, hvis en -særligt fremstillet fil blev åbnet.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 9.05~dfsg-6.3+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 9.06~dfsg-2+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 9.15~dfsg-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 9.15~dfsg-1.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3326.data" diff --git a/danish/security/2015/dsa-3327.wml b/danish/security/2015/dsa-3327.wml deleted file mode 100644 index f0254790705..00000000000 --- a/danish/security/2015/dsa-3327.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="bb1aad2d90a180c967f3cb68301aa7049419e029" mindelta="1" -sikkerhedsopdatering - -

Alex Rousskov fra The Measurement Factory opdagede at Squid3, en komplet -webproxycache, ikke på korrekt vis håndterede CONNECT-metodens peersvar, når -opsat med cachepeer og reagerende på eksplicit proxytrafik. Dermed kunne det -være muligt for fjerne klienter at opnå ubegrænset adgang gennem en -gatewayproxy, til dens backendproxy.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 3.1.20-2.2+deb7u3.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.4.8-6+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.5.6-1.

- -

Vi anbefaler at du opgraderer dine squid3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3327.data" diff --git a/danish/security/2015/dsa-3328.wml b/danish/security/2015/dsa-3328.wml deleted file mode 100644 index d5c15a66e2e..00000000000 --- a/danish/security/2015/dsa-3328.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="550f9dd42cfb1811806cad2ea83bf43c15be68f3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i Wordpress, den populære bloggingmotor.

- -
    - -
  • CVE-2015-3429 - -

    Filen example.html i iconfontpakken Genericicons og Wordpress-temaet - twentyfifteen, gjorde det muligt at udføre skripter på tværs af - websteder.

    • - -
  • CVE-2015-5622 - -

    HTML-tagfilteret shortcodes robusthed er blevet forbedret. Fortolkningen - er lidt mere restriktiv, hvilket kan påvirke ens installation.

    • - -
  • CVE-2015-5623 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder, gjorde det muligt for brugere med rollen Contributor eller - Author, at forøge deres rettigheder.

    • - -
- -

Den gamle stabile distribution (wheezy) er kun påvirket af -\ -CVE-2015-5622. Dette ikke så kritiske problem, vil blive rettet på et -senere tidspunkt.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.1+dfsg-1+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.2.3+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3328.data" diff --git a/danish/security/2015/dsa-3329.wml b/danish/security/2015/dsa-3329.wml deleted file mode 100644 index 57a16c42ef4..00000000000 --- a/danish/security/2015/dsa-3329.wml +++ /dev/null @@ -1,89 +0,0 @@ -#use wml::debian::translation-check translation="373897b277acdc4e68be71922663a7cd8c52ea17" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke måske kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service) eller -informationslækage.

- -
    - -
  • CVE-2015-1333 - -

    Colin Ian King opdagede en fejl i funktionen add_key i Linux-kernens - keyring-undersystem. En lokal bruger kunne udnytte fejlen til at forårsage - et lammelsesangreb på grund af hukommelsesudmattelse.

    • - -
  • CVE-2015-3212 - -

    Ji Jianwen fra Red Hat Engineering opdagede en fejl i håndteringen af - SCTP's automatiske håndtering af dynamiske multi-homed forbindelser. En - lokal angriber kunne udnytte fejlen til at forårsage et nedbrud eller - potentielt til rettighedsforøgelse.

    • - -
  • CVE-2015-4692 - -

    En NULL-pointerdereferencefejl blev fundet i funktionen - kvm_apic_has_events i KVM-undersystemet. En upriviligeret lokal bruger - kunne udnytte fejlen til at få systemkernen til at gå ned, medførende et - lammelsesangreb.

    • - -
  • CVE-2015-4700 - -

    Daniel Borkmann opdagede en fejl i Linux-kernens implementering af - Berkeley Packet Filter, hvilket kunne anvendes af en lokal brugre til at få - systemet til at gå ned.

    • - -
  • CVE-2015-5364 - -

    Man opdagede at Linux-kernen ikke på korrekt vis håndterede ugyldige - UDP-tjeksummer. En lokal angriber kunne udnytte fejlen til at forårsage et - lammelsesangreb med en oversvømmelse af UDP-pakker med ugyldige - tjeksummer.

    • - -
  • CVE-2015-5366 - -

    Man opdagede at Linux-kernen ikke på korrekt vis håndterede ugyldige - UDP-tjeksummer. En fjernangriber kunne forårsage et lammelsesangreb mod - applikationer, som anvender epoll, ved at indsprøjte en enkelt pakke med en - ugyldig tjeksum.

    • - -
  • CVE-2015-5697 - -

    En fejl blev opdaget i md-driveren i Linux-kernen, førende til en - informationslækage.

    • - -
  • CVE-2015-5706 - -

    En brugerudløsbar sårbarhed i forbindelse med anvendelse efter frigivelse - i stiopslag i Linux-kernen, kunne potentielt føre til - rettighedsforøgelse.

    • - -
  • CVE-2015-5707 - -

    Et heltalsoverløb i den generiske SCSI-driver i Linux-kernen, blev - opdaget. En lokal bruger med skriveadgang til en generisk SCSI-enhed, kunne - potentielt udnytte fejlen til rettighedsforøgelse.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 3.2.68-1+deb7u3. -CVE-2015-1333, -CVE-2015-4692 og -CVE-2015-5706 -påvirker ikke distributionen wheezy.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -3.16.7-ckt11-1+deb8u3, bortset fra -CVE-2015-5364 og -CVE-2015-5366, -som allerede blev rettet i DSA-3313-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.1.3-1 eller tidligere versioner.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3329.data" diff --git a/danish/security/2015/dsa-3330.wml b/danish/security/2015/dsa-3330.wml deleted file mode 100644 index cb67ec6eef3..00000000000 --- a/danish/security/2015/dsa-3330.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="ab6070de2180b983ddb33d6d6a308a32eb706f72" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Apaches ActiveMQ message broker var sårbar over for -lammelsesangreb gennem en udokumenteret kommende til fjernudført nedlukning.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i version -5.6.0+dfsg-1+deb7u1. Denne opdatering retter også -CVE-2014-3612 og -CVE-2014-3600.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.6.0+dfsg1-4+deb8u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine activemq-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3330.data" diff --git a/danish/security/2015/dsa-3331.wml b/danish/security/2015/dsa-3331.wml deleted file mode 100644 index 2fc693bd371..00000000000 --- a/danish/security/2015/dsa-3331.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="0bb85636e7860173888eff8a2b5b46d2bbadf1db" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i serverkomponenterne hørende til -versionstyringssystemet subversion.

- -
    - -
  • CVE-2015-3184 - -

    Subversions mod_authz_svn håndterede ikke på korrekt vis begrænselse af - anonym adgang i nogle blandede anonym-/autentificeret-miljøer, når Apache - httpd 2.4 blev anvendt. Udfaldet var at anonym adgang kunne være mulig til - filer, til hvilke kun autentificeret adgang skulle være mulig. Problemet - påvirker ikke den gamle stabile distribution (wheezy), fordi den kun - indeholder Apache httpd 2.2.

    - -
    • - -
  • CVE-2015-3187 - -

    Subversion-servere, både httpd og svnserve, afslørede nogle stier, som - skulle være skjulte gennem stibaseret authz. Når en node blev kopieret fra - en ulæsbar placering til læsbar placering, kunne den ulæsbare sti måske - blive afsløret. Sårbarheden afslører kun stien, den afslører ikke - indeholdet i stien.

    • - -
- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.6.17dfsg-4+deb7u10.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.8.10-6+deb8u1.

- -

I distributionen testing (stretch), vil disse problemer blive rettet i -version 1.9.0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.0-1.

- -

Vi anbefaler at du opgraderer dine subversion-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3331.data" diff --git a/danish/security/2015/dsa-3332.wml b/danish/security/2015/dsa-3332.wml deleted file mode 100644 index 68a9520acb0..00000000000 --- a/danish/security/2015/dsa-3332.wml +++ /dev/null @@ -1,54 +0,0 @@ -#use wml::debian::translation-check translation="4454b6d155aa1886bc7f4e03f10ec212120daa1f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er rettet i Wordpress, den populære bloggingmotor.

- -
    - -
  • CVE-2015-2213 - -

    SQL-indsprøjning gjorde det muligt for en fjernangriber at kompromittere - webstedet.

    • - -
  • CVE-2015-5622 - -

    HTML-tagfilteret shortcodes robusthed er blevet forbedret. Fortolkningen - er lidt mere restriktiv, hvilket kan påvirke ens installation. Dette er en - korrigeret version af patch'en, som var nødvendig at rulle tilbage i - DSA 3328-2.

    • - -
  • CVE-2015-5730 - -

    Et potentielt timing-sidekanalsangreb i widgets.

    • - -
  • CVE-2015-5731 - -

    En angriber kunne læse et indlæg, som var ved at blive - redigeret.

    • - -
  • CVE-2015-5732 - -

    Udførelse af skripter på tværs af websteder i en widgettitel, gjorde det - muligt for en angriber at stjæle følsommme oplysninger.

    • - -
  • CVE-2015-5734 - -

    Retter nogle defekte links i forhåndsvisningen af legacy-temaet.

    • - -
- -

Problemerne blev opdaget af Marc-Alexandre Montpas fra Sucuri, Helen -Hou-Sandí fra WordPress' sikkerhedshold, Netanel Rubin fra Check Point, Ivan -Grigorov, Johannes Schmitt fra Scrutinizer og Mohamed A. Baset.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.1+dfsg-1+deb8u4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.2.4+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3332.data" diff --git a/danish/security/2015/dsa-3333.wml b/danish/security/2015/dsa-3333.wml deleted file mode 100644 index 716b707401a..00000000000 --- a/danish/security/2015/dsa-3333.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="d727913def83312f98ff168041059adeba8aa2c7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Adskillige hukommelsessikkerhedsfejl, -heltalsoverløb, bufferoverløb, anvendelser efter frigivelser samt andre -implementeringsfejl, kunne føre til udførelse af vilkårlig kode, omgåelse af -samme ophav-reglen eller lammelsesangreb (denial of service).

- -

Debian følger Firefox' udvidet support-udgivelser (extended support -releases, ESR). Support af 31.x-serien er ophørt, hvorfor vi fra og med denne -opdatering nu følger 38.x-udgivelserne.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 38.2.0esr-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 38.2.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 38.2.0esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3333.data" diff --git a/danish/security/2015/dsa-3334.wml b/danish/security/2015/dsa-3334.wml deleted file mode 100644 index 97c096e3dc2..00000000000 --- a/danish/security/2015/dsa-3334.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="2e716b74de27031af9b18e24940c3f29263352cc" mindelta="1" -sikkerhedsopdatering - -

Kurt Roeckx opdagede at dekodning af speficikke certifikater med meget lange -DistinguishedName-poster (DN), kunne føre til dobbelt frigivelse. En -fjernangriber kunne udnytte fejlen ved at fabrikere et certifikat, som ved -behandling af en applikation, kompilet mod GnuTLS, kunne få applikationen til at -gå nedm, medførende et lammelsesangreb.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.3.8-6+deb8u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.3.17-1.

- -

Vi anbefaler at du opgraderer dine gnutls28-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3334.data" diff --git a/danish/security/2015/dsa-3335.wml b/danish/security/2015/dsa-3335.wml deleted file mode 100644 index cc7e50ad3ac..00000000000 --- a/danish/security/2015/dsa-3335.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="fd5ff16e26b1eace49da6ac206219514dddd3b12" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Request Tracker, et udvidbart fejlsporingssystem, var sårbart -over for et angreb i forbindelse med udførelse af skripter på tværs af websteder -gennem siderne til håndtering af brugere og rettigheder -(\ -CVE-2015-5475) og gennem den kryptografiske grænseflade, hvilket gjorde det -muligt for en angriber med en omhyggeligt fremstillet nøgle, at sprøjte -JavaScript ind i RT's brugergrænseflade. Installationer, som hverken anvender -GnuPG eller S/MIME, er ikke påvirket ved det anden sårbarhed i forbindelse med -udførelse af skripter på tværs af websteder.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 4.0.7-5+deb7u4. Den gamle stabile distribution (wheezy) er kun påvirket -af \ -CVE-2015-5475.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.2.8-3+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.2.11-2.

- -

Vi anbefaler at du opgraderer dine request-tracker4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3335.data" diff --git a/danish/security/2015/dsa-3336.wml b/danish/security/2015/dsa-3336.wml deleted file mode 100644 index 2f537a9280b..00000000000 --- a/danish/security/2015/dsa-3336.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="b1c68e75b59d082b44ba4042397f26294a3d2e80" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i nss, biblioteket Mozilla Network Security -Service. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2015-2721 - -

    Karthikeyan Bhargavan opdagede at NSS på ukorrekt vis håndterede - state-transitioner i den nye TLS-statemaskine. En manden i - midten-angriber kunne udnytte fejlen til at springe over - ServerKeyExchange-meddelelsen og fjerne - forward-secrecy-egenskaben.

    • - -
  • CVE-2015-2730 - -

    Watson Ladd opdagede at NSS ikke på korrekt vis udførte - Elliptical Curve Cryptography-multiplikation (ECC), hvilket gjorde det - muligt for en fjernangriber, potentielt at forfalske - ECDSA-signaturer.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 2:3.14.5-1+deb7u5.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2:3.17.2-1.1+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 2:3.19.1-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2:3.19.1-1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3336.data" diff --git a/danish/security/2015/dsa-3337.wml b/danish/security/2015/dsa-3337.wml deleted file mode 100644 index bb35f73bd86..00000000000 --- a/danish/security/2015/dsa-3337.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="1bc145e6b264b0e844b5e11568facc8eff576c34" mindelta="1" -sikkerhedsopdatering - -

Gustavo Grieco opdagede et heapoverløb i behandlingen af BMP-billeder, -hvilken kunne medføre udførelse af vilkårlig kode, hvis et misdannet billede -blev åbnet.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.26.1-1+deb7u3.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.31.1-2+deb8u4.

- -

I distributionen testing (stretch), er dette problem rettet -i version 2.31.7-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.31.7-1.

- -

Vi anbefaler at du opgraderer dine gdk-pixbuf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3337.data" diff --git a/danish/security/2015/dsa-3338.wml b/danish/security/2015/dsa-3338.wml deleted file mode 100644 index 0994405e8d4..00000000000 --- a/danish/security/2015/dsa-3338.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="f8cf58e80954c19d30f266c0af7f20e7bdc7e11e" mindelta="1" -sikkerhedsopdatering - -

Lin Hua Cheng opdagede at en session kunne blive oprettet, når view'et -django.contrib.auth.views.logout blev tilgået anonymt. Dermed kunne det være -muligt for fjernangribere at opbruge sessionslageret eller forårsage, at andre -brugeres sessionsposter blev smidt væk.

- -

Desuden er metoderne contrib.sessions.backends.base.SessionBase.flush() og -cache_db.SessionStore.flush() blevet ændret til også at undgå, at oprette en ny, -tom session.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.4.5-1+deb7u13.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.7.7-1+deb8u2.

- -

I den ustabile distribution (sid), these problems will be fixed -shortly.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3338.data" diff --git a/danish/security/2015/dsa-3339.wml b/danish/security/2015/dsa-3339.wml deleted file mode 100644 index e1ced93995d..00000000000 --- a/danish/security/2015/dsa-3339.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="270470415cc4671c3b8850a9ce4083e2225aa30e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udførelse af vilkårlig kode, udbrud fra -Java-sandkassen, informationsafsløring, lammelsesangreb eller usikker -kryptografi.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 6b36-1.13.8-1~deb7u1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3339.data" diff --git a/danish/security/2015/dsa-3340.wml b/danish/security/2015/dsa-3340.wml deleted file mode 100644 index 7c32b3389f7..00000000000 --- a/danish/security/2015/dsa-3340.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="8ec40606ef1e00493faf47c8147a984ad2e0b69a" mindelta="1" -sikkerhedsopdatering - -

Dawid Golunski opdagede at når der blev afviklet under PHP-FPM i et -trådmiljø, håndterede Zend Framework, et PHP-framework, ikke på korrekt vis -XML-data med multibytekoding. Det kunne anvendes af fjernangribere til at -udføre et XML External Entity-angreb gennem fabrikerede XML-data.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.11.13-1.1+deb7u3.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.12.9+dfsg-2+deb8u3.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1.12.14+dfsg-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.12.14+dfsg-1.

- -

Vi anbefaler at du opgraderer dine zendframework-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3340.data" diff --git a/danish/security/2015/dsa-3341.wml b/danish/security/2015/dsa-3341.wml deleted file mode 100644 index a9ba1ea7bcf..00000000000 --- a/danish/security/2015/dsa-3341.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="82835b6f5362b7bdc6261f3fc9709f3764fb556f" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at i visse opsætninger, hvis det relevante conntrack-kernemodul -ikke var indlæst, så gik conntrackd ned når der blev håndteret DCCP-, SCTP- eller -ICMPv6-pakker.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1:1.2.1-1+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:1.4.2-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.4.2-3.

- -

Vi anbefaler at du opgraderer dine conntrack-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3341.data" diff --git a/danish/security/2015/dsa-3342.wml b/danish/security/2015/dsa-3342.wml deleted file mode 100644 index e0246f85008..00000000000 --- a/danish/security/2015/dsa-3342.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="351953904ff7bbb2ca8dc322544fee5d1e2f62ed" mindelta="1" -sikkerhedsopdatering - -

Loren Maggiore fra Trail of Bits opdagede at 3GP-fortolkeren i VLC, en -multimedieafspiller og -streamer, dereferede en vilkårlig pointer på grund af -utilstrækkelige begrænsninger på en skrivbar buffer. Dermed kunne -fjernangribere få mulighed for at udføre vilkårlig kode gennem fabrikerede -3GP-filer.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.2.0~rc2-2+deb8u1.

- -

I den ustabile distribution (sid), vil dette problem snartest blive løst.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3342.data" diff --git a/danish/security/2015/dsa-3343.wml b/danish/security/2015/dsa-3343.wml deleted file mode 100644 index af8f0903485..00000000000 --- a/danish/security/2015/dsa-3343.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="d9354ed4b8d6489f28d3d8e2b1759284b4e97e8b" mindelta="1" -sikkerhedsopdatering - -

James Kettle, Alain Tiemblo, Christophe Coevoet og Fabien Potencier opdagede -at twig, en skabelonmotor til PHP, ikke på korrekt vis behandlede sine inddata. -Slutbrugere med tilladelse til at indsende twig-skabeloner, kunne anvende -særligt fremstillet kode til at fjernudløse udførelse af kode, selv for -skabeloner i sandkassen.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.16.2-1+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distributions (sid), er -dette problem rettet i version 1.20.0-1.

- -

Vi anbefaler at du opgraderer dine twig-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3343.data" diff --git a/danish/security/2015/dsa-3344.wml b/danish/security/2015/dsa-3344.wml deleted file mode 100644 index b0232258eb0..00000000000 --- a/danish/security/2015/dsa-3344.wml +++ /dev/null @@ -1,65 +0,0 @@ -#use wml::debian::translation-check translation="ba09ada96683be1d713106ad87108f29fc54ff4b" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i programmeringssproget PHP:

- -
    - -
  • CVE-2015-4598 - -

    thoger at redhat dot com opdagede at stier indeholdende et NUL-tegn blev - håndteret forkert, hvilket gjorde det muligt for en angriber at tilgå - uventede filer på serveren.

    • - -
  • CVE-2015-4643 - -

    Max Spelsberg opdagede en heltalsoverløbsfejl førende til et heapbaseret - bufferoverløb i PHP's FTP-udvidelse, når lister fra FTP-svar blev behandlet. - Det kunne føre til et nedbrud eller udførelse af vilkårlig kode.

    • - -
  • CVE-2015-4644 - -

    Et lammelsesangreb (denial of service) gennem et nedbrud kunne forårsages - af en segfault i funktionen php_pgsql_meta_data.

    • - -
  • CVE-2015-5589 - -

    kwrnel at hotmail dot com opdagede at PHP kunne gå ned når der blev - behandlet en ugyldig phar-fil, dermed førende til et - lammelsesangreb.

    • - -
  • CVE-2015-5590 - -

    jared at enhancesoft dot com opdagede et bufferoverløb i funktionen - phar_fix_filepath, som kunne forårsage et nedbrud eller udførelse af - vilkårlig kode.

    • - -

  • Desuden blev flere andre sårbarheder rettet:

    - -

    sean dot heelan at gmail dot com opdagede et problem i afserialiseringen - af nogle enheder, hvilket kunne føre til udførelse af vilkårlig kode.

    - -

    stewie at mail dot ru opdagede at phar-udvidelsen på ukorrekt vis - håndterede zip-arkiver med relative stier, hvilket gjorde det muligt for en - angriber at overskriver filer uden for destinationsmappen.

    - -

    taoguangchen at icloud dot com opdagede flere sårbarheder i forbindelse - med anvendelse efter frigivelse, der kunne føre til udførelse af vilkårlig - kode.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 5.4.44-0+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.6.12+dfsg-0+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.6.12+dfsg-1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3344.data" diff --git a/danish/security/2015/dsa-3345.wml b/danish/security/2015/dsa-3345.wml deleted file mode 100644 index 98b19571622..00000000000 --- a/danish/security/2015/dsa-3345.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b19d0290c12b14d747994c6d112857d6af0e6c69" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er rettet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2015-4497 - -

    Jean-Max Reymond og Ucha Gobejishvili opdagede en sårbarhed i forbindelse - med anvendelse efter frigivelse, hvilken opstod når størrelsen på et - canvaselement blev udløst i sammenhæng med stilændringer. En webside - indeholdende ondsindet indhold kunne få Iceweasel til at gå ned eller - potentielt udføre vilkårlig kode med rettighederne hørende til brugeren, - der anvender Iceweasel.

    • - -
  • CVE-2015-4498 - -

    Bas Venis rapporterede om en fejl i håndteringen af installering af - add-ons. En fjernangriber kunne drage nytte af fejlen til at omgå - add-on-installeringsprompten, og narre brugeren til at installere en - add-on fra en ondsindet kilde.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 38.2.1esr-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 38.2.1esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 38.2.1esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3345.data" diff --git a/danish/security/2015/dsa-3346.wml b/danish/security/2015/dsa-3346.wml deleted file mode 100644 index 38112f291d3..00000000000 --- a/danish/security/2015/dsa-3346.wml +++ /dev/null @@ -1,59 +0,0 @@ -#use wml::debian::translation-check translation="beba619bbb4374d5ab07e1eb6aae649313654550" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Drupal, et framework til -indholdshåndtering:

- -
    - -
  • CVE-2015-6658 - -

    Funktionaliteten til autofuldførelse af formularer, - fornuftighedskontrollerede ikke på korrekt vis den forespurgte URL, hvilket - gjorde det muligt for fjernangribere at iværksætte et angreb i forbindelse - med udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2015-6659 - -

    Systemet til SQL-kommentarfiltreringen kunne gøre det muligt for en - bruger med forøgede rettigheder, at indsprøjte ondsindet kode i - SQL-kommentarer.

    • - -
  • CVE-2015-6660 - -

    Formular-API'et udførte ikke formulartokenvalidering tidligt nok, hvilket - gjorde det muligt for filuploadcallback'ene at blive kørt med inddata, der - ikke er tillid til. Dermed kunne fjernangribere uploade filer til webstedet - gennem en anden bruges konto.

    • - -
  • CVE-2015-6661 - -

    Brugere uden rettigheden access content kunne se titlerne på - noder, som de ikke har adgang til, hvis noderne blev føjet til menuen på - webstedet, som brugerne har adgang til.

    • - -
  • CVE-2015-6665 - -

    Fjernangribere kunne iværksætte et angreb i forbindelse med udførelse af - skripter på tværs af websteder ved at kalde Drupal.ajax() på et hvidlistet - HTML-element.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 7.14-2+deb7u11.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7.32-1+deb8u5.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 7.39-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.39-1.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3346.data" diff --git a/danish/security/2015/dsa-3347.wml b/danish/security/2015/dsa-3347.wml deleted file mode 100644 index bfe9fca6335..00000000000 --- a/danish/security/2015/dsa-3347.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="7d8a9291335406452d2f3fa95fb345f2676f7fc5" mindelta="1" -sikkerhedsopdatering - -

Pyry Hakulinen og Ashish Shakla fra Automattic opdagede at pdns, en -autoritativ DNS-server, på ukorrekt vis behandlede nogle DNS-pakker; det kunne -gøre det muligt for en fjernangriber, at udløse et lammelsesangreb (DoS) ved at -sende særligt fremstillede pakker, medførende at serveren gik ned.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.4.1-4+deb8u3.

- -

I distributionen testing (stretch) og i den ustabile distribution -(sid), er dette problem rettet i version 3.4.6-1.

- -

Vi anbefaler at du opgraderer dine pdns-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3347.data" diff --git a/danish/security/2015/dsa-3348.wml b/danish/security/2015/dsa-3348.wml deleted file mode 100644 index d8781924ef2..00000000000 --- a/danish/security/2015/dsa-3348.wml +++ /dev/null @@ -1,63 +0,0 @@ -#use wml::debian::translation-check translation="9a9b61ba1f0fe428c9d21a977acf0f785b3da5aa" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu, en hurtig processoremulator.

- -
    - -
  • CVE-2015-3214 - -

    Matt Tait fra Googles Project Zero-sikkerhedshold, opdagede en fejl i - QEMU's emulering af i8254 PIT. En priviligeret gæstebruger i en gæst med - aktiveret QEMU PIT-emulering, kunne potentielt udnytte fejlen til at udføre - vilkårlig kode på værten, med rettighederne hørende til QEMU's - værtsproces.

    • - -
  • CVE-2015-5154 - -

    Kevin Wolf fra Red Hat opdagede en heapbufferoverløbsfejl i - IDE-undersystemet i QEMU, mens visse ATAPI-kommandoer behandles. En - priviligeret gæstebruger i en gæst med aktiveret CDROM-drev, kunne - potentielt udnytte fejlen til at udføre vilkårlig kode på værten, med - rettighederne hørende til QEMU's værtsproces.

    • - -
  • CVE-2015-5165 - -

    Donghai Zhu opdagede at QEMU-modellen af RTL8139-netværkskortet, ikke på - tilstrækelig vis validerede inddata i emulering af C+-tilstandsoffload, - hvilket gjorde det muligt for en ondsindet gæst, at læse uinitialiseret - hukommelse fra QEMU-processens heap.

    • - -
  • CVE-2015-5225 - -

    Mr Qinghao Tang fra QIHU 360 Inc. og Mr Zuozhi fra Alibaba Inc, opdagede - en bufferoverløbsfejl i VNC-displaydriveren, førende til korruption af - heaphukommelse. En priviligeret gæst kunne anvende fejlen til at iværksætte - et lammelsesangreb (nedbrud af QEMU-processen) eller potentielt udføre - vilkårlig kode på værten, med rettighederne hørende til QEMU's - værtsproces.

    • - -
  • CVE-2015-5745 - -

    En bufferoverløbsårbarhed blev opdaget i den måde, QEMU håndterede - virtio-serial-enehden. En ondsindet gæst kunne anvende fejlen til at - iværksætte et lammelsesangreb (nedbrud af QEMU-processen).

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 1.1.2+dfsg-6a+deb7u9. Den gamle stabile distribution er kun påvirket af -CVE-2015-5165 og -CVE-2015-5745.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:2.1+dfsg-12+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:2.4+dfsg-1a.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3348.data" diff --git a/danish/security/2015/dsa-3349.wml b/danish/security/2015/dsa-3349.wml deleted file mode 100644 index 8fd98187a8c..00000000000 --- a/danish/security/2015/dsa-3349.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="489b91647a732e7d70b565eba4c3be90aea8e8ff" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu-kvm, en komplet virtualiseringsløsning -på x86-hardware.

- -
    - -
  • CVE-2015-5165 - -

    Donghai Zhu opdagede at QEMU-modellen af RTL8139-netværkskortet, ikke på - tilstrækelig vis validerede inddata i emulering af C+-tilstandsoffload, - hvilket gjorde det muligt for en ondsindet gæst, at læse uinitialiseret - hukommelse fra QEMU-processens heap.

    • - -
  • CVE-2015-5745 - -

    En bufferoverløbsårbarhed blev opdaget i den måde, QEMU håndterede - virtio-serial-enehden. En ondsindet gæst kunne anvende fejlen til at - iværksætte et lammelsesangreb (nedbrud af QEMU-processen).

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.1.2+dfsg-6+deb7u9.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3349.data" diff --git a/danish/security/2015/dsa-3350.wml b/danish/security/2015/dsa-3350.wml deleted file mode 100644 index 69b8a8be149..00000000000 --- a/danish/security/2015/dsa-3350.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="f15b6fd4e5753834c6e292748505c556032ca1bf" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck opdagede at ukorrekt validering af DNSSEC-signerede poster i -Bind DNS-serveren, kunne medføre lammelsesangreb (denial of service).

- -

Opdateringer til den gamle stabile distribution (wheezy) vil blive frigivet -om kort tid.

- -

I den stabile distribution (jessie), er dette problem rettet i version -9.9.5.dfsg-9+deb8u3.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3350.data" diff --git a/danish/security/2015/dsa-3351.wml b/danish/security/2015/dsa-3351.wml deleted file mode 100644 index 9323e32b85e..00000000000 --- a/danish/security/2015/dsa-3351.wml +++ /dev/null @@ -1,77 +0,0 @@ -#use wml::debian::translation-check translation="8b07bab0c3d8eb840f92bfdb5b4ca069a67350f0" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2015-1291 - -

    Et problem med omgåelse af samme ophav blev opdaget i - DOM.

    • - -
  • CVE-2015-1292 - -

    Mariusz Mlynski opdagede et problem med omgåelse af forskelligt ophav i - ServiceWorker.

    • - -
  • CVE-2015-1293 - -

    Mariusz Mlynski opdagede et problem med omgåelse af forskelligt ophav i - DOM.

    • - -
  • CVE-2015-1294 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - grafikbiblioteket Skia.

    • - -
  • CVE-2015-1295 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - udskriftskomponenten.

    • - -
  • CVE-2015-1296 - -

    zcorpan opdagede et problem med tegnforfalskning.

    • - -
  • CVE-2015-1297 - -

    Alexander Kashev opdagede en fejl i forbindelse med permission - scoping.

    • - -
  • CVE-2015-1298 - -

    Rob Wu opdagede en fejl ved validering af udvidelsers URL'er.

    • - -
  • CVE-2015-1299 - -

    taro.suzuki.dev opdagede et problem med anvendelse efter frigivelse i - biblioteket Blink/WebKit.

    • - -
  • CVE-2015-1300 - -

    cgvwzq opdagede en et problem med informationsafsløring i biblioteket - Blink/WebKit.

    • - -
  • CVE-2015-1301 - -

    Chrome 45-udviklingsholdet fandt og rettede forskellige problemer under - intern audit. Desuden blev adskillige problemer rettet i biblioteket libv8, - version 4.5.103.29.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 45.0.2454.85-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer blive rettet når -overgangen til gcc-5 er gennemført.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 45.0.2454.85-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3351.data" diff --git a/danish/security/2015/dsa-3352.wml b/danish/security/2015/dsa-3352.wml deleted file mode 100644 index 3be1732a19d..00000000000 --- a/danish/security/2015/dsa-3352.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="4e651935e73a083dfe53f33116698e1c64f88455" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev fundet i screen, hvilket forårsagede stakoverløb, der kunne -medføre nedbrud i screens serverproces, som igen medførte lammelsesangreb -(denial of service).

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i version -4.1.0~20120320gitdb59704-7+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i version -4.2.1-3+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 4.3.1-2.

- -

Vi anbefaler at du opgraderer dine screen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3352.data" diff --git a/danish/security/2015/dsa-3353.wml b/danish/security/2015/dsa-3353.wml deleted file mode 100644 index 9f7962d7676..00000000000 --- a/danish/security/2015/dsa-3353.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="5c54d159a764d7a21d6f67b62bf82e187d6b2259" mindelta="1" -sikkerhedsopdatering - -

Qinghao Tang fra QIHU 360 opdagede en fejl i forbindelse med dobbelt -frigivelse i OpenSLP, en implementering af IETF Service Location Protocol. -Dermed kunne det være muligt for fjernangribere at forårsage et lammelsesangreb -(nedbrud).

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.2.1-9+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.2.1-10+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2.1-11.

- -

Vi anbefaler at du opgraderer dine openslp-dfsg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3353.data" diff --git a/danish/security/2015/dsa-3354.wml b/danish/security/2015/dsa-3354.wml deleted file mode 100644 index 6d2d99cb77b..00000000000 --- a/danish/security/2015/dsa-3354.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="1116634c44b2efe53d365f76e654c5fc90fce6be" mindelta="1" -sikkerhedsopdatering - -

Frediano Ziglio fra Red Hat opdagede en kapløbstilstandsfejl i spices -funktion worker_update_monitors_config(), førende til korruption af -heaphukommelsen. En ondsindet bruger i en gæst kunne udnytte fejlen til at -iværksætte et lammelsesangreb (nedbrud af QEMU-processen) eller potentielt -udføre vilkårlig kode på værten, med rettighederne hørende til QEMU's -værtsproces.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.12.5-1+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.12.5-1.2.

- -

Vi anbefaler at du opgraderer dine spice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3354.data" diff --git a/danish/security/2015/dsa-3355.wml b/danish/security/2015/dsa-3355.wml deleted file mode 100644 index 9ebaca7cf3e..00000000000 --- a/danish/security/2015/dsa-3355.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="35b31be86422e6d1619eb5d48022c533e4a400cd" mindelta="1" -sikkerhedsopdatering - -

Florian Weimer fra Red Hat Product Security opdagede at libvdpau, -VDPAU-wrapperbiblioteket, ikke på korrekt vis validerede miljøvariabler, -hvilket gjorde det muligt for lokale angribere at opnå forøgede rettigheder.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 0.4.1-7+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.8-3+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1.1.1-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.1.1-1.

- -

Vi anbefaler at du opgraderer dine libvdpau-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3355.data" diff --git a/danish/security/2015/dsa-3356.wml b/danish/security/2015/dsa-3356.wml deleted file mode 100644 index 096e258692a..00000000000 --- a/danish/security/2015/dsa-3356.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="c9a85a749d3eab5cb0487cebaa5ebb105bd6115d" mindelta="1" -sikkerhedsopdatering - -

Denis Andzakovic opdagede at OpenLDAP, en fri implementering af Lightweight -Directory Access Protocol, ikke på korrekt vis håndterede BER-data. En -uautentificeret fjernangriber kunne udnytte fejlen til at forårsage et -lammelsesangreb (nedbrud i slapd-dæmonen) gennem en særligt fremstillet -pakke.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.4.31-2+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.4.40+dfsg-1+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.42+dfsg-2.

- -

Vi anbefaler at du opgraderer dine openldap-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3356.data" diff --git a/danish/security/2015/dsa-3357.wml b/danish/security/2015/dsa-3357.wml deleted file mode 100644 index 7d87481c1e1..00000000000 --- a/danish/security/2015/dsa-3357.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="0b34b87a0f2a9eaf7c0a1397be873e9591012561" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at vzctl, et sæt kontrolværktøjer til -servervirtualiseringsløsningen OpenVZ, afgjorde storagelayoutet af containere -baseret på tilstedeværelsen af en XML-fil inde i en container. En angriber med -lokale rootrettigheder i en simfs-baseret container, kunne få kontrol over -ploop-baserede containere. Yderligere oplysninger vedrørende forudsætningerne -for et sådant angreb, finder man på -\ -src.openvz.org.

- -

Den gamle stabile distribution (wheezy) is not affected.

- -

I den stabile distribution (jessie), er dette problem rettet i version -4.8-1+deb8u2. Under opdateringen opdateres eksisterende opsætninger -automatisk.

- -

I distributionen testing (stretch), er dette problem rettet -i version 4.9.4-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.9.4-2.

- -

Vi anbefaler at du opgraderer dine vzctl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3357.data" diff --git a/danish/security/2015/dsa-3358.wml b/danish/security/2015/dsa-3358.wml deleted file mode 100644 index 24ec1a5fc15..00000000000 --- a/danish/security/2015/dsa-3358.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="660cab779235dbdbd58f9aa1c67c237f45ca27e6" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et generelt anvendeligt skriptsprog, som -hyppigt anvendes til udvikling af webapplikationer.

- -

Sårbarhederne er løst ved at opgradere PHP til nye opstrømsversioner (5.4.45 -og 5.6.13), der indeholder yderligere fejlrettelser. Se opstrøms changelog for -flere oplysninger:

- - - -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 5.4.45-0+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.6.13+dfsg-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3358.data" diff --git a/danish/security/2015/dsa-3359.wml b/danish/security/2015/dsa-3359.wml deleted file mode 100644 index 4c7d8cf3878..00000000000 --- a/danish/security/2015/dsa-3359.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="7dbc9f44843bf6b878f0cfe306cd2a076a59db41" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter et ikke yderligere beskrevet sikkerhedsproblem i -VirtualBox med relation til gæster, som anvender bridged networking via wifi. -Oracle leverer ikke længere oplysninger om specifikke sikkerhedssårbarheder i -VirtualBox. For stadig at understøtte brugere af allerede udgivne -Debian-udgaver, har vi besluttet at opdatere disse til fejlopdateringsudgaverne -4.1.40 hhv. 4.3.30.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 4.1.40-dfsg-1+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4.3.30-dfsg-1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 4.3.30-dfsg-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.3.30-dfsg-1.

- -

Vi anbefaler at du opgraderer dine virtualbox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3359.data" diff --git a/danish/security/2015/dsa-3360.wml b/danish/security/2015/dsa-3360.wml deleted file mode 100644 index 1bf34d3283c..00000000000 --- a/danish/security/2015/dsa-3360.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="d4ef34c28181a0bcbfa8b9e3c04bcbc0de096b62" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at biblioteket International Components for Unicode (ICU) -fejlbehandlede converternavne, som begynder med x-, hvilket gjorde -det muligt for fjernangribere at forårsage et lammelsesangreb (læsning af -uinitialiseret hukommelse) eller muligvis anden ikke-angivet virkning gennem en -fabrikeret fil.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 52.1-8+deb8u3.

- -

I distributionen testing (stretch), er dette problem rettet -i version 55.1-5.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 55.1-5.

- -

Vi anbefaler at du opgraderer dine icu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3360.data" diff --git a/danish/security/2015/dsa-3361.wml b/danish/security/2015/dsa-3361.wml deleted file mode 100644 index 21fd65dc93d..00000000000 --- a/danish/security/2015/dsa-3361.wml +++ /dev/null @@ -1,56 +0,0 @@ -#use wml::debian::translation-check translation="ea5e8d33bfc1eb06700f1490868cda2bccc8036f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu, en hurtig processoremulator.

- -
    - -
  • CVE-2015-5278 - -

    Qinghao Tang fra QIHU 360 Inc. opdagede et problemmed en uendelig løkke - i emuleringen af NE2000 NIC. En priviligeret gæstebruger kunne udnytte - fejlen til at iværksætte et lammelsesangreb (nedbrud af - QEMU-processen).

    • - -
  • CVE-2015-5279 - -

    Qinghao Tang fra QIHU 360 Inc. opdagede en heapbufferoverløbsfejl i - emuleringen af NE2000 NIC. En priviligeret gæstebruger kunne udnytte - fejlen til at iværksætte et lammelsesangreb (nedbrud af QEMU-processen) - eller potentielt udføre vilkårlig kode på værten, med rettighederne hørende - til værts-QEMU-processen.

    • - -
  • CVE-2015-6815 - -

    Qinghao Tang fra QIHU 360 Inc. opdagede et problem med en uendelig løkke - i emuleringen af e1000 NIC. En priviligeret gøstebruger kunne udnytte - fejlen til at iværksætte et lammelsesangreb (nedbrud af - QEMU-processen).

    • - -
  • CVE-2015-6855 - -

    Qinghao Tang fra QIHU 360 Inc. opdagede en fejl i IDE-undersystemet i - QEMU, der optrådte når IDE'ens WIN_READ_NATIVE_MAX-kommando blev udført for - at finde den maksimale størrelse på et drev. En priviligeret gæstebruger - kunne udnytte fejlen til at iværksætte et lammelsesangreb (nedbrud i - QEMU-processen).

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.1.2+dfsg-6a+deb7u11.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:2.1+dfsg-12+deb8u4.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1:2.4+dfsg-3 or earlier.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:2.4+dfsg-3 or earlier.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3361.data" diff --git a/danish/security/2015/dsa-3362.wml b/danish/security/2015/dsa-3362.wml deleted file mode 100644 index 73785757840..00000000000 --- a/danish/security/2015/dsa-3362.wml +++ /dev/null @@ -1,48 +0,0 @@ -#use wml::debian::translation-check translation="a487c73fc2632233a1bc5dd36672c9c1a51ffe86" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu-kvm, en komplet virtualiseringsløsning -på x86-hardware.

- -
    - -
  • CVE-2015-5278 - -

    Qinghao Tang fra QIHU 360 Inc. opdagede et problemmed en uendelig løkke - i emuleringen af NE2000 NIC. En priviligeret gæstebruger kunne udnytte - fejlen til at iværksætte et lammelsesangreb (nedbrud af - QEMU-processen).

    • - -
  • CVE-2015-5279 - -

    Qinghao Tang fra QIHU 360 Inc. opdagede en heapbufferoverløbsfejl i - emuleringen af NE2000 NIC. En priviligeret gæstebruger kunne udnytte - fejlen til at iværksætte et lammelsesangreb (nedbrud af QEMU-processen) - eller potentielt udføre vilkårlig kode på værten, med rettighederne hørende - til værts-QEMU-processen.

    • - -
  • CVE-2015-6815 - -

    Qinghao Tang fra QIHU 360 Inc. opdagede et problem med en uendelig løkke - i emuleringen af e1000 NIC. En priviligeret gøstebruger kunne udnytte - fejlen til at iværksætte et lammelsesangreb (nedbrud af - QEMU-processen).

    • - -
  • CVE-2015-6855 - -

    Qinghao Tang fra QIHU 360 Inc. opdagede en fejl i IDE-undersystemet i - QEMU, der optrådte når IDE'ens WIN_READ_NATIVE_MAX-kommando blev udført for - at finde den maksimale størrelse på et drev. En priviligeret gæstebruger - kunne udnytte fejlen til at iværksætte et lammelsesangreb (nedbrud i - QEMU-processen).

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.1.2+dfsg-6+deb7u11.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3362.data" diff --git a/danish/security/2015/dsa-3363.wml b/danish/security/2015/dsa-3363.wml deleted file mode 100644 index 8fca2ff79d7..00000000000 --- a/danish/security/2015/dsa-3363.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="795159b4bbd13f764dd8e8628690d7c9f514bbc4" mindelta="1" -sikkerhedsopdatering - -

Johannes Kliemann opdagede en sårbarhed i ownCloud Desktop Client, -klientsiden af fildelingstjenesten ownCloud. Sårbarheden muliggjorde manden i -midten-angreb i situationer hvor serveren anvender self-signerede certifikater -og forbindelsen allerede er etableret. Hvis brugeren på klientsiden manuelt -har registreret mistro til det nye certifikat, vil filsynkroniseringen -fortsætte med at anvende den ondsindede server som gyldig.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.7.0~beta1+really1.6.4+dfsg-1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1.8.4+dfsg-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.8.4+dfsg-1.

- -

Vi anbefaler at du opgraderer dine owncloud-client-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3363.data" diff --git a/danish/security/2015/dsa-3364.wml b/danish/security/2015/dsa-3364.wml deleted file mode 100644 index 0d0a23e47a7..00000000000 --- a/danish/security/2015/dsa-3364.wml +++ /dev/null @@ -1,75 +0,0 @@ -#use wml::debian::translation-check translation="63f841d6fe4b31605f3520c2effe00dd9d592f31" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne før til en -rettighedsforøgelse eller lammelsesangreb (denial of service).

- -
    - -
  • CVE-2015-8215 - -

    Man opdagede at NetworkManager opsatte IPv6-MTU'er baseret på værdier - modtaget i IPv6-RA'er (Router Advertisements), uden tilstrækkelig validering - af disse værdier. En fjernangriber kunne udnytte dette til at deaktivere - forbindelser via IPv6. Det er løst ved at tilføje validering i - kernen.

    • - -
  • CVE-2015-2925 - -

    Jann Horn opdagede, at når en undermappe i et filsystem filsystem er - bindmountet ind i en container, som har sin egne bruger- og mountnavnerum, - kunne en proces med CAP_SYS_ADMIN-funktionaliteten i brugernavnerummet, - tilgå filer uden for undermappen. Debian standardopsætning afhjælper det, - da den ikke tillader at upriviligerede brugere kan oprette nye - brugernavnerum.

    • - -
  • CVE-2015-5156 - -

    Jason Wang opdagede, at når en virtio_net-enhed forbindelse til en - bro i den samme VM, kunne en række TCP-pakker videresendt gennem broen - medføre et lammelsesangreb (nedbrud) eller muligvis - rettighedsforøgelse.

    • - -
  • CVE-2015-6252 - -

    Michael S. Tsirkin fra Red Hat Engineering opdagede at vhost-driveren - lækkede fildeskriptorer overført til den med ioctl-kommandoen - VHOST_SET_LOG_FD. En priviligeret lokal bruger med adgang til filen - /dev/vhost-net, kunne enten direkte eller via libvirt, anvende dette til at - forårsage et lammelsesangreb (hængning eller nedbrud).

    • - -
  • CVE-2015-6937 - -

    Man opdagede at implementeringen af protokollen Reliable Datagram Sockets - (RDS) ikke kontrollerede at en underliggende transport fandtes, når en - forbindelse blev oprettet. Afhængigt af hvordan en lokal RDS-applikation - initialiserer sine socket, kunne en fjernangriber måske være i stand til at - forårsage et lammelsesangreb (nedbrud) ved at sende en fabrikeret - pakke.

    • - -
  • CVE-2015-7312 - -

    Xavier Chantry opdagede at en patch leveret af aufs-projektet til at - korrigere hvordan hukommelsesmappede filer fra en aufs-mount opfører sig, - indførte en kapløbstilstand i systemkaldet msync(). Ben Hutchings opdagede - at det også indførte en lignende fejl i funktionen madvise_remove(). En - lokal angriber kunne udnytte dette til at forårsage et lammelsesangreb eller - muligvis rettighedsforøgelse.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 3.2.68-1+deb7u4. -\ -CVE-2015-2925 og -\ -CVE-2015-7312 påvirker ikke distributionen wheezy.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -3.16.7-ckt11-1+deb8u4.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3364.data" diff --git a/danish/security/2015/dsa-3365.wml b/danish/security/2015/dsa-3365.wml deleted file mode 100644 index 37670b3c579..00000000000 --- a/danish/security/2015/dsa-3365.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="02f781df03abe017e1a1863c06c2f492e3a7d46c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Adskillige hukommelsessikkerhedsfejl, -heltalsoverløb, bufferoverløb, anvendelser efter frigivelser og andre -implementeringsfejl kunne føre til udførelse af vilkårlig kode, -informationsafsløring eller lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 38.3.0esr-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 38.3.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 38.3.0esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3365.data" diff --git a/danish/security/2015/dsa-3366.wml b/danish/security/2015/dsa-3366.wml deleted file mode 100644 index ed1a790c7f2..00000000000 --- a/danish/security/2015/dsa-3366.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="5ddc67bc483df1fdc51faa78411d6bedbae93701" mindelta="1" -sikkerhedsopdatering - -

En fjernudløsbar sårbarhed i forbindelse med anvendelse efter frigivelse, -blev fundet i rpcbind, en server som konverterer RPC-programnumre til -universelle adresser. En fjernangriber kunne udnytte fejlen til at iværksætte -et lammelsesangreb (nedbrud af rpcbind).

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 0.2.0-8+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.2.1-6+deb8u1.

- -

Vi anbefaler at du opgraderer dine rpcbind-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3366.data" diff --git a/danish/security/2015/dsa-3367.wml b/danish/security/2015/dsa-3367.wml deleted file mode 100644 index 07a3b64e35a..00000000000 --- a/danish/security/2015/dsa-3367.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="7debd8ad0a448200722c13ee85c23a420a036a34" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i dissektorerne/fortolkerne af ZigBee, GSM -RLC/MAC, WaveAgent, ptvcursor, OpenFlow og WCCP samt i interne funktioner, -hvilke kunne medføre lammelsesangreb (denial of service).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.12.1+g01b65bf-4+deb8u3.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1.12.7+g7fc8978-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.12.7+g7fc8978-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3367.data" diff --git a/danish/security/2015/dsa-3368.wml b/danish/security/2015/dsa-3368.wml deleted file mode 100644 index 04012a88a1c..00000000000 --- a/danish/security/2015/dsa-3368.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="5ab560dec29a91e525e5cd5680b2169591e65bff" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at cyrus-sasl2, et bibliotek som implementerer Simple -Authentication and Security Layer, ikke på korrekt vis håndterede visse ugyldige -adgangskode-salts. En fjernangriber kunne udnytte fejlen til at forårsage et -lammelsesangreb (denial of service).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.1.26.dfsg1-13+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1.26.dfsg1-14.

- -

Vi anbefaler at du opgraderer dine cyrus-sasl2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3368.data" diff --git a/danish/security/2015/dsa-3369.wml b/danish/security/2015/dsa-3369.wml deleted file mode 100644 index 6d1e8a09f25..00000000000 --- a/danish/security/2015/dsa-3369.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="357546d7b2be316b77fc54ddee5f5bb659ec6a00" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Zend Framework, et PHP-framework:

- -
    - -
  • CVE-2015-5723 - -

    Man opdagede at på grund af ukorrekte rettighedsmasker ved oprettelse af - mapper, kunne lokale angribere potentielt udføre vilkårlig kode eller forøge - rettigheder.

    • - -
  • ZF2015-08 (intet CVE tildelt) - -

    Chris Kings-Lynne opdagede en angrebsvektor vedrørende SQL-indsprøjtning, - forårsaget af manglende null-byte-filtrering i MS SQL PDO-backend'en, og et - lignende problem blev også fundet i SQLite-backend'en.

    • - -
- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.11.13-1.1+deb7u4.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.12.9+dfsg-2+deb8u4.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1.12.16+dfsg-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.12.16+dfsg-1.

- -

Vi anbefaler at du opgraderer dine zendframework-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3369.data" diff --git a/danish/security/2015/dsa-3370.wml b/danish/security/2015/dsa-3370.wml deleted file mode 100644 index 6f001144a96..00000000000 --- a/danish/security/2015/dsa-3370.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="cc2f2abe2eafd95bdc3aeabc078fe70f7424f93b" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at FreeType ikke på korrekt vis håndterede visse misdannede -inddata. Dermed kunne fjernangribere forårsage et lammelsesangreb (nedbrud) -ved hjælp af fabrikerede skrifttypefiler.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 2.4.9-1.1+deb7u2.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.5.2-3+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 2.6-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.6-1.

- -

Vi anbefaler at du opgraderer dine freetype-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3370.data" diff --git a/danish/security/2015/dsa-3371.wml b/danish/security/2015/dsa-3371.wml deleted file mode 100644 index 10820c8e774..00000000000 --- a/danish/security/2015/dsa-3371.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="74d9ddddb4dae2bf6ff6b7b470ebf92b3a55f808" mindelta="1" -sikkerhedsopdatering - -

Frediano Ziglio fra Red Hat opdagede flere sårbarheder i spice, en klient og -serverbibliotek til SPICE-protokollen. En ondsindet gæst kunne udnytte fejlene -til at forårsage et lammelsesangreb (nedbrud i QEMU-processen), udføre vilkårlig -kode på værten med rettighederne tilhørende QEMU-værtsprocessen, eller læse og -skrive vilkårlige hukommelsesadresser på værten.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 0.11.0-1+deb7u2.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.12.5-1+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.12.5-1.3.

- -

Vi anbefaler at du opgraderer dine spice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3371.data" diff --git a/danish/security/2015/dsa-3372.wml b/danish/security/2015/dsa-3372.wml deleted file mode 100644 index 06e126f3ec4..00000000000 --- a/danish/security/2015/dsa-3372.wml +++ /dev/null @@ -1,59 +0,0 @@ -#use wml::debian::translation-check translation="1f03f46efe0056967ec6d9056f6b56e851261091" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service), uautoriseret -informationsafsløring eller uautoriseret informationsændring.

- -
    - -
  • CVE-2015-2925 - -

    Jann Horn opdagede, at når en undermappe i et filsystem blev - bind-mountet ind i en chroot eller mount-navnerum, kunne en bruger, der - skulle være begrænset til den chroot eller navnerum, tilgå hele filsystemet, - hvis vedkommende havde skriveadgang til et ophav hørende til den undermappe. - Det er ikke en almindelig opsætning i wheezy, og problemet er tidligere - løst i jessie.

    • - -
  • CVE-2015-5257 - -

    Moein Ghasemzadeh fra Istuary Innovation Labs rapporterede at en - USB-enhed kunne medføre et lammelsesangreb (nedbrud), ved at imitere en - seriel Whiteheat USB-enhed, men præsentere færre endpoints.

    • - -
  • CVE-2015-5283 - -

    Marcelo Ricardo Leitner opdagede at oprettelse af flere SCTP-sockets på - samme tid, kunne medføre et lammelsesangreb (nedbrud), hvis sftp-modulet - ikke tidligere havde været indlæst. Problemet påvirker kun jessie.

    • - -
  • CVE-2015-7613 - -

    Dmitry Vyukov opdagede at System V IPC-objekter (meddelelseskøer og delte - hukommelsessegmenter) blev gjort tilgængelige før deres ejerskab og andre - attributter var helt initialiseret. Hvis en lokal bruger kunne indgå i et - kapløb med en anden bruger eller tjeneste, ved at oprette et nyt IPC-objekt, - kunne det medføre uautoriseret informationsafsløring, uautoriseret - informationsændring, lammelsesangreb og/eller rettighedsforøgelse.

    - -

    Et lignende problem fandtes i forbindelse med System V-semaphorearrays, - men var mindre alvorligt, fordi de altid tømmes før de er helt - initialiseret.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 3.2.68-1+deb7u5.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.16.7-ckt11-1+deb8u5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.2.3-1 or earlier versions.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3372.data" diff --git a/danish/security/2015/dsa-3373.wml b/danish/security/2015/dsa-3373.wml deleted file mode 100644 index f2e371ec3a2..00000000000 --- a/danish/security/2015/dsa-3373.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="22f9667473db89dfa9ce6bbbf0a5090ed5651965" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i ownCloud, en webservice til opbevaring af -filer, musik, kontakter, kalendre og meget mere i skyen. Fejlene kunne føre til -udførelse af vilkårlig kode, omgåelse af autorisation, informationsafsløring, -udførelse af skripter på tværs af websteder eller lammelsesangreb (denial of -service).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7.0.4+dfsg-4~deb8u3.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 7.0.10~dfsg-2 eller tidligere versioner.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.0.10~dfsg-2 eller tidligere versioner.

- -

Vi anbefaler at du opgraderer dine owncloud-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3373.data" diff --git a/danish/security/2015/dsa-3374.wml b/danish/security/2015/dsa-3374.wml deleted file mode 100644 index 5fa2015153e..00000000000 --- a/danish/security/2015/dsa-3374.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="7fe277c59997efc85e169b49999260e1e7cf51b0" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i PostgreSQL-9.4, et SQL-databasesystem.

- -
    - -
  • CVE-2015-5288 - -

    Josh Kupershmidt opdagede en sårbarhed i funktionen crypt() i udvidelsen - pgCrypto. Visse ugyldige salt-parametre kunne medføre at serveren gik ned - eller at der blev afsløret nogle få bytes fra serverhukommelsen.

    • - -
  • CVE-2015-5289 - -

    Oskari Saarenmaa opdagede at json- eller jsonb-inddataværdier konstrueret - fra vilkårlige brugerinddata, kunne få PostgreSQL-serveren til at gå ned og - dermed forårsage et lammelsesangreb (denial of service).

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 9.4.5-0+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 9.4.5-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 9.4.5-1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3374.data" diff --git a/danish/security/2015/dsa-3375.wml b/danish/security/2015/dsa-3375.wml deleted file mode 100644 index c326efc09c5..00000000000 --- a/danish/security/2015/dsa-3375.wml +++ /dev/null @@ -1,50 +0,0 @@ -#use wml::debian::translation-check translation="4709de0964464c8a8e4cc781e8310201d99b255c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er rettet i Wordpress, den populære bloggingmotor.

- -
    - -
  • CVE-2015-5714 - -

    Man opdagede en sårbarhed i forbindelse med udførelse af skripter på - tværs af websteder, når shortcode-tags blev behandlet.

    - -

    Problemet er rettet ved ikke at tillade HTML-elementer, som ikke er - lukkede i attributter.

    • - -
  • CVE-2015-5715 - -

    En sårbarhed er opdaget, som tillod brugere uden de korrekte rettigheder, - at udgive private indlæg og gøre dem sticky.

    - -

    Problemer er rettet i Wordpress' XMLRPC-koden, ved ikke at tillade at - private indlæg gøres sticky.

    • - -
  • CVE-2015-7989 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder i brugerlistetabeller, er opdaget.

    - -

    Problemet er rettet ved at URL-indkaplse mailadresser i disse - brugerlister.

    • - -
- -

I den gamle stabile distribution (wheezy), vil disse problemer blive rettet i -en senere opdatering.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.1+dfsg-1+deb8u5.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 4.3.1+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.3.1+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3375.data" diff --git a/danish/security/2015/dsa-3376.wml b/danish/security/2015/dsa-3376.wml deleted file mode 100644 index a8c816266f8..00000000000 --- a/danish/security/2015/dsa-3376.wml +++ /dev/null @@ -1,74 +0,0 @@ -#use wml::debian::translation-check translation="197986a6417ac6650ca043f62a789e402b21314c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2015-1303 - -

    Mariusz Mlynski opdagede en måde at omgå Same Origin Policy på i - implementeringen af DOM.

    • - -
  • CVE-2015-1304 - -

    Mariusz Mlynski opdagede en måde at omgå Same Origin Policy i - JavaScript-biblioteket v8.

    • - -
  • CVE-2015-6755 - -

    Mariusz Mlynski opdagede en måde at omgå Same Origin Policy i - blink/webkit.

    • - -
  • CVE-2015-6756 - -

    Et problem med anvendelse efter frigivelse blev fundet i biblioteket - pdfium.

    • - -
  • CVE-2015-6757 - -

    Collin Payne fandt et problem med anvendelse efter frigivelse i - implementeringen af ServiceWorker.

    • - -
  • CVE-2015-6758 - -

    Atte Kettunen fandt et problem i biblioteket pdfium.

    • - -
  • CVE-2015-6759 - -

    Muneaki Nishimura opdagede en informationslækage.

    • - -
  • CVE-2015-6760 - -

    Ronald Crane opdagede en logisk fejl i biblioteket ANGLE, som involverede - mistede enhedsevents.

    • - -
  • CVE-2015-6761 - -

    Aki Helin og Khalil Zhani opdagede et problem med hukommelseskorruption i - biblioteket ffmpeg.

    • - -
  • CVE-2015-6762 - -

    Muneaki Nishimura opdagede en måde at omgå Same Origin Policy i - implementeringen af CSS.

    • - -
  • CVE-2015-6763 - -

    Chrome 46-udviklingsholdet fandt og rettede forskellige problemer under - intern kodegennemgang. Desuden blev adskillige problemer rettet i - JavaScript-biblioteket v8 i version 4.6.85.23.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 46.0.2490.71-1~deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -disse problemer rettet i version 46.0.2490.71-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3376.data" diff --git a/danish/security/2015/dsa-3377.wml b/danish/security/2015/dsa-3377.wml deleted file mode 100644 index fc5c7cafcec..00000000000 --- a/danish/security/2015/dsa-3377.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="98a7d6072d3994a6f6c587435ddc13e1e11a2af1" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion version 5.5.46. Se MySQL 5.5 -Release Notes og Oracles Critical Patch Update-bulletin for flere -oplysninger:

- - - -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 5.5.46-0+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.5.46-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3377.data" diff --git a/danish/security/2015/dsa-3378.wml b/danish/security/2015/dsa-3378.wml deleted file mode 100644 index 08e65af7e91..00000000000 --- a/danish/security/2015/dsa-3378.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="c805b6cf1e7fd8b7520aeef7f5f3b06ca004a15c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i gdk-pixbuf, et sæt værktøjer til -billedindlæsning og pixelbuffermanipulering. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2015-7673 - -

    Gustavo Grieco opdagede en heapoverløbsfejl i behandlingen af - TGA-billeder, hvilket måske kunne medføre udførelse af vilkårlig kode eller - lammelsesangreb (procesnedbrud), hvis et misdannet billede blev - åbnet.

    • - -
  • CVE-2015-7674 - -

    Gustavo Grieco opdagede en heltalsoverløbsfejl i behandlingen af - GIF-billeder, hvilket måske kunne medføre udførelse af vilkårlig kode eller - lammelsesangreb (procesnedbrud), hvis et misdannet billede blev - åbnet.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 2.26.1-1+deb7u2.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.31.1-2+deb8u3.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 2.32.1-1 or earlier.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.32.1-1 or earlier.

- -

Vi anbefaler at du opgraderer dine gdk-pixbuf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3378.data" diff --git a/danish/security/2015/dsa-3379.wml b/danish/security/2015/dsa-3379.wml deleted file mode 100644 index cb8857b6a60..00000000000 --- a/danish/security/2015/dsa-3379.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="dae1645004c6610e44373a9443f892a4954e39fb" mindelta="1" -sikkerhedsopdatering - -

Aleksandar Nikolic fra Cisco Talos opdagede en bufferoverløbssårbarhed i -XML-fortolkerfunktionaliteten i miniupnpc, et letvægtsbibliotek til UPnP -IGD-klienter. En fjernangriber kunne udnytte fejlen til at forårsage, at en -applikation, som anvender miniupnpc-biblioteket gik ned eller potentielt udføre -vilkårlig kode med rettighederne hørende til brugeren, som kører -applikationen.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i version -1.5-2+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i version -1.9.20140610-2+deb8u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine miniupnpc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3379.data" diff --git a/danish/security/2015/dsa-3380.wml b/danish/security/2015/dsa-3380.wml deleted file mode 100644 index 497b66b95c0..00000000000 --- a/danish/security/2015/dsa-3380.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="bb331cebada118d3c29f021b9de520be6adadf5e" mindelta="1" -sikkerhedsopdatering - - -

To sårbarheder blev fundet i PHP, et generelt anvendeligt skriptsprog, som -hyppigt anvendes til udvikling af webapplikationer.

- -
    - -
  • CVE-2015-7803 - -

    Udvidelsen phar kunne gå ned med en NULL-pointerdereference, når der blev - behandlet tar-arkiver indeholdende links med reference til ikke-eksisterende - filer. Det kunne føre til et lammelsesangreb (denial of service).

    • - -
  • CVE-2015-7804 - -

    Udvidelsen phar behandlende ikke på korrekt vis mappeforekomster fundet i - arkivfiler med navnet "/", førende til et lammelsesangreb og potentielt - informationsafsløring.

    • - -
- -

Opdateringen til Debian stable (jessie) indeholder yderligere fejlrettelser -fra PHP-opstrømsversion 5.6.14, som beskrevet i opstrøms changelog:

- -
    - -
    • - -
- -

Bemærkning til brugere af den gamle stabile distribution (wheezy): PHP 5.4's -livforløb ophørte den 14. september 2015. Som følge deraf kommer der ikke flere -opstrømsudgaver. Sikkerhedsunderstøttelsen af PHP 5.4 i Debians gamle stabile -distribution (oldstable/wheezy) vil kun blive ydet efter bedste evne, og man -opfordres kraftigt til at opgradere til Debians seneste stabile udgave (jessie), -som indeholder PHP 5.6.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 5.4.45-0+deb7u2.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -5.6.14+dfsg-0+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -disse problemer rettet i version 5.6.14+dfsg-1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3380.data" diff --git a/danish/security/2015/dsa-3381.wml b/danish/security/2015/dsa-3381.wml deleted file mode 100644 index 0080f7002ef..00000000000 --- a/danish/security/2015/dsa-3381.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="367f2b9dda3711ae38ca0731c7df082bf70f2024" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udførelse af vilkårlig kode, udbrud fra -Java-sandkassen, informationsafsløring eller lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 7u85-2.6.1-6~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7u85-2.6.1-5~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7u85-2.6.1-6.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3381.data" diff --git a/danish/security/2015/dsa-3382.wml b/danish/security/2015/dsa-3382.wml deleted file mode 100644 index 60775e5ad46..00000000000 --- a/danish/security/2015/dsa-3382.wml +++ /dev/null @@ -1,61 +0,0 @@ -#use wml::debian::translation-check translation="c426ece51e299892a7cba62e21d973244351ad78" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er løst i phpMyAdmin, webadministrationstværktøjet til -MySQL.

- -
    - -
  • CVE-2014-8958 - (kun Wheezy) - -

    Adskillige sårbarheder i forbindelse med udførelse af skripter på tværs - af websteder (XSS).

    • - -
  • CVE-2014-9218 - (kun Wheezy) - -

    Lammelsesangreb (ressourceforbrug) ved hjælp af en lang - adgangskode.

    • - -
  • CVE-2015-2206 - -

    Risiko for BREACH-angreb på grund af reflekteret parameter.

    • - -
  • CVE-2015-3902 - -

    XSRF-/CSRF-sårbarhed i opsætningen af phpMyAdmin.

    • - -
  • CVE-2015-3903 - (kun Jessie) - -

    Sårbarhed muliggjorde manden i midten-angreb ved API-kald til - GitHub.

    • - -
  • CVE-2015-6830 - (kun Jessie) - -

    Sårbarhed som tillod omgåelse af reCaptcha-testen.

    • - -
  • CVE-2015-7873 - (kun Jessie) - -

    Sårbarhed i forbindelse med indholdforfalskning, når en bruger blev - viderstillet til et eksternt websted.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 4:3.4.11.1-2+deb7u2.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4:4.2.12-2+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4:4.5.1-1.

- -

Vi anbefaler at du opgraderer dine phpmyadmin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3382.data" diff --git a/danish/security/2015/dsa-3383.wml b/danish/security/2015/dsa-3383.wml deleted file mode 100644 index 0dc8ce96050..00000000000 --- a/danish/security/2015/dsa-3383.wml +++ /dev/null @@ -1,69 +0,0 @@ -#use wml::debian::translation-check translation="c70322b61c5b4696aaa510fc59909ecf18a3a0a3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Wordpress, et værktøj til webblogging. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2015-2213 - -

    En SQL-indsprøjtning gjorde det muligt for fjernangribere at - kompromittere webstedet.

    • - -
  • CVE-2015-5622 - -

    Robustheden i HTML-tagfilteret til shortcodes, er forbedret. - Fortolkningen er lidt mere striks, hvilket kan påvirke ens - installation.

    • - -
  • CVE-2015-5714 - -

    Sårbarhed i forbindelse med udførelse af skripter på tværs af websteder, - når shortcodetags blev behandlet.

    • - -
  • CVE-2015-5715 - -

    En sårbarhed er opdaget, som gjorde det muligt for brugere uden de - korrekte rettigheder, at udgive private indlæg og gøre dem - sticky.

    • - -
  • CVE-2015-5731 - -

    En angriber kunne låse et indlæg, som var ved at blive - redigeret.

    • - -
  • CVE-2015-5732 - -

    Udførelse af skripter på tværs af websteder i en widgettitel, gjorde det - muligt for en angriber at stjæle følsommme oplysninger.

    • - -
  • CVE-2015-5734 - -

    Retter nogle defekte links i forhåndsvisningen af legacy-temaet.

    • - -
  • CVE-2015-7989 - -

    Sårbarhed i forbindelse med udførelse af skripter på tværs af websteder - i brugerlistetabeller.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 3.6.1+dfsg-1~deb7u8.

- -

I den stabile distribution (jessie), er disse problemer rettet -i version 4.1+dfsg-1+deb8u5 eller tidligere i DSA-3332-1 og DSA-3375-1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 4.3.1+dfsg-1 or earlier versions.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.3.1+dfsg-1 or earlier versions.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3383.data" diff --git a/danish/security/2015/dsa-3384.wml b/danish/security/2015/dsa-3384.wml deleted file mode 100644 index 5d286840bcb..00000000000 --- a/danish/security/2015/dsa-3384.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="11403fad6affe7e60d271dca5b937149d8280af7" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i VirtualBox, en x86-virtualiseringsløsning.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 4.1.42-dfsg-1+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.3.32-dfsg-1+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 5.0.8-dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.0.8-dfsg-1.

- -

Vi anbefaler at du opgraderer dine virtualbox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3384.data" diff --git a/danish/security/2015/dsa-3385.wml b/danish/security/2015/dsa-3385.wml deleted file mode 100644 index d260cbfc42c..00000000000 --- a/danish/security/2015/dsa-3385.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="7e860016b9e163b6daff4790a132e59bd0a8b34e" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MariaDB. Sårbarhederne er løst -ved at opgradere MariaDB til den nye opstrømsversion 10.0.22. Se MariaDB 10.0's -Release Notes for flere oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i -version 10.0.22-0+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 10.0.22-1 or earlier.

- -

Vi anbefaler at du opgraderer dine mariadb-10.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3385.data" diff --git a/danish/security/2015/dsa-3386.wml b/danish/security/2015/dsa-3386.wml deleted file mode 100644 index a3800397eb8..00000000000 --- a/danish/security/2015/dsa-3386.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="aceea3f462698d5ee17186ab0fa0efd168914db1" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er fundet i unzip, et arkivudpakningsprogram til .zip-filer. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2015-7696 - -

    Gustavo Grieco opdagede at unzip håndterede visse adgangskodebeskyttede - arkiver på ukorrekt vis. Hvis en bruger eller automatisk system blev narret - til at behandle et særligt fremstillet zip-arkiv, kunne en angriber muligvis - udføre vilkårlig kode.

    • - -
  • CVE-2015-7697 - -

    Gustavo Grieco opdagede at unzip behandlede visse misdannede arkiver på - ukorrekt vis. Hvis en bruger eller automatisk system blev narret til at - behandle et særligt fremstillet zip-arkiv, kunne en angriber muligvis få - unzip til at hænge, medførende et lammelsesangreb (denial of - service).

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 6.0-8+deb7u4.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 6.0-16+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet i -version 6.0-19.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 6.0-19.

- -

Vi anbefaler at du opgraderer dine unzip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3386.data" diff --git a/danish/security/2015/dsa-3387.wml b/danish/security/2015/dsa-3387.wml deleted file mode 100644 index d8a1320d943..00000000000 --- a/danish/security/2015/dsa-3387.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="eff28793b8c0b99f033b2a7a36d3f822cef6185c" mindelta="1" -sikkerhedsopdatering - -

John Stumpo opdagede at OpenAFS, et distribueret filsystem, ikke -initialiserede visse netværkspakker fuldstændigt, før de blev overført. Det -kunne føre til afsløring af tidligere behandlede pakker i klar tekst.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.6.1-3+deb7u5.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.6.9-2+deb8u4.

- -

I distributionen testing (stretch) og i den ustabile distribution -(sid), er disse problemer rettet i version 1.6.15-1.

- -

Vi anbefaler at du opgraderer dine openafs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3387.data" diff --git a/danish/security/2015/dsa-3388.wml b/danish/security/2015/dsa-3388.wml deleted file mode 100644 index 894ee0fa83c..00000000000 --- a/danish/security/2015/dsa-3388.wml +++ /dev/null @@ -1,159 +0,0 @@ -#use wml::debian::translation-check translation="97cf8f0441bcff7f586a68fe97b70397b823a0c8" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i dæmon og værktøjsprogrammerne til -Network Time Protocol:

- -
    - -
  • CVE-2015-5146 - -

    Der blev fundet en fejl i den måde, ntpd behandlede visse - fjernopsatte pakker. En angriber kunne anvende en særligt fremstillet pakke - til at få ntpd til at gå ned, hvis:

    - -
      -
    • fjernopsætning er aktiveret i ntpd
      • -
    • angriberen kender opsætningsadgangskoden
      • -
    • angriberen har adgang til en computer, med tilladelse til at udføre - fjernopsætning
      • -
    - -

    Bemærk at fjernopsætning som standard er deaktiveret i NTP.

    • - -
  • CVE-2015-5194 - -

    Man opdagede at ntpd kunne gå ned på grund af en uinitialiseret variabel - ved behandling af misdannede logconfig-opsætningskommandoer.

    • - -
  • CVE-2015-5195 - -

    Man opdagede at ntpd afsluttede med en segmenteringsfejl, når en - statistiktype, som ikke var aktiveret under kompileringen (fx timingstats) - blev refereret af opsætningskommandoerne statistics eller filegen.

    • - -
  • CVE-2015-5219 - -

    Man opdagede at sntp-programmet kom til at hænge i en uendelig løkke, når - en fabrikeret NTP-pakke blev modtaget, relateret til konvertering af pakkens - nøjagtighedsværdi til double.

    • - -
  • CVE-2015-5300 - -

    Man opdagede at ntpd ikke på korrekt vis implementerede indstillingen - -g:

    - -

    Normalt afslutter ntpd med en meddelelse til systemloggen, hvis offset'et - overskrider paniktærsklen, hvilket som standard er 1000 sekunder. - Indstillingen gør det muligt at opsætte tiden til en vilkårlig værdi uden - begrænsninger; men, det kan kun ske en gang. Hvis en tærskel derefter blev - overskredet, ville ntpd afslutte med en meddelelse til systemloggen. - Indstillingen kan anvendes sammen med indstillingerne -q og -x.

    - -

    ntpd kunne stille uret flere gange med mere en paniktærsklen, hvis dets - urdisciplin ikke havde tilstrækkelig tid til at nå synkroniseringstilstanden - og forblive der under mindst en opdatering. Hvis en manden i midten-angriber - kunne kontrollere NTP-trafikken siden ntpd havde været startet (eller måske - op til 20-30 minutter derefter), kunne vedkommende forhindre klienten i at - opnå synkroniseringstilstanden og tvinge den til at stille uret med en - vilkårlig værdi et antal gange, hvilket kunne anvendes af angribere til at - få certifikater til at udløbe, osv.

    - -

    Det er i modstrid med hvad dokumentationen siger. Normalt er - forudsætningen, at en MITM-angriber kun kan stille uret mere end - paniktærsklen en gang, når ntpd starter, og for at foretage en større - ændring, skal angriberen opdele det i flere mindre indstillinger, hver på - 15 minutter, hvilket er langsomt.

    • - -
  • CVE-2015-7691, - CVE-2015-7692, - CVE-2015-7702 - -

    Man opdagede at rettelsen af - CVE-2014-9750 - var ufuldstændig: tre problemer blev fundet i kontrollen af værdilængderne - i ntp_crypto.c, hvor en pakke med særlig autokey-handlinger, som indeholdt - ondsindede data, ikke altid blev valideret fuldstændigt. Modtagelse af - sådanne pakker, kunne få ntpd til at gå ned.

    • - -
  • CVE-2015-7701 - -

    En hukommelseslækagefejl blev fundet i ntpd's CRYPTO_ASSOC. Hvis ntpd er - opsat til at anvende autokey-autentifikation, kunne en angriber sende pakker - ntpd, som efter flere dage med igangværende angreb, kunne medføre at den løb - tør for hukommelse.

    • - -
  • CVE-2015-7703 - -

    Miroslav Lichvar fra Red Hat opdagede at kommandoen :config kunne - anvendes til at opsætte pidfile- og driftfile-stierne uden begrænsinger. En - fjernangriber kunne udnytte fejlen til at overskrive en fil på filsystemet - med en fil indeholdende pid'en hørende til ntpd-processen (med det samme) - eller systemurets aktuelle, anslåede unøjagtighedsværdi (i timeintervaller). - Eksempelvis:

    - -

    ntpq -c ':config pidfile /tmp/ntp.pid' - ntpq -c ':config driftfile /tmp/ntp.drift'

    - -

    I Debian er ntpd opsat til at smide root-rettighederne væk, hvilket - begrænsninger dette problems indvirkning.

    • - -
  • CVE-2015-7704 - -

    Hvis ntpd som en NTP-klient modtager en Kiss-of-Death-pakke (KoD, - dødskys) fra serveren til at nedsætte sin forespørgselshastighed, - kontrollede den ikke hvorvidt oprindelsestidsstemplingen svarede til den - overførselstidsstemplingen fra dens forespørgsel. En off-path-angriber - kunne sende en fabrikeret KoD-pakke til klienten, hvilket forøgede klientens - forespørgselsinterval til en høj værdi og dermed deaktiverede - synkroniseringen med serveren.

    • - -
  • CVE-2015-7850 - -

    Der var en udnytbar lammelsesangrebssårbarhed i funktionaliteten til - fjernopsætning i Network Time Protocol. En særligt fremstillet opsætningsfil - kunne medføre et lammelsesangreb. En angriber kunne levere en ondsindet - opsætningsfil til at udløse sårbarheden.

    • - -
  • CVE-2015-7852 - -

    En potentiel forskudt med en-sårbarhed fandtes i funktionaliteten - cookedprint i ntpq. En særligt fremstillet buffer kunne udløse et - bufferoverløb, potentielt medførende at null-byte blev skrevet ud over - grænserne.

    • - -
  • CVE-2015-7855 - -

    Man opdagede at NTP's decodenetnum() afsluttede med en assertionfejl, når - der blev behandlet en tilstand 6- eller tilstand 7-pakke indeholdende en - usædvanligt stor værdi, hvor en netværksadresse blev forventet. Dermed - kunne en autentificeret angriber få ntpd til at gå ned.

    • - -
  • CVE-2015-7871 - -

    En logisk fejl i fejlhåndteringen blev fundet i ntpd, hvilket vise sig på - grund af ukorrekt fejlhåndtering i forbindelse med visse crypto-NAK-pakker. - En uautentificeret off-path-angriber kunne tvinge ntpd-processer på udvalgte - servere til at peer'e med tidskilder valgt af angriberen, ved at overføre - symmetrisk aktive crypto-NAK-pakker til ntpd. Angribet omgik - autentifikatioenen, typisk gørende det muligt at ændre systemtiden.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1:4.2.6.p5+dfsg-2+deb7u6.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:4.2.6.p5+dfsg-7+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1:4.2.8p4+dfsg-3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:4.2.8p4+dfsg-3.

- -

Vi anbefaler at du opgraderer dine ntp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3388.data" diff --git a/danish/security/2015/dsa-3389.wml b/danish/security/2015/dsa-3389.wml deleted file mode 100644 index d02ef0865a2..00000000000 --- a/danish/security/2015/dsa-3389.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="e401fddafb1eda4d1e6757d80243260e8e5721a9" mindelta="1" -ophør af livsforløb - -

Sikkerhedsunderstøttelse af elasticsearch i jessie ophører hermed. Projektet -frigiver ikke længere oplysninger om rettede sikkerhedsproblemer, hvormed det -ikke er muligt at tilbagefører ændringerne til udgivne versioner i Debian, -hvilket desuden aktivt frarådes.

- -

elasticsearch vil også blive fjernet fra Debian stretch (den næste stabile -Debian-udgave), men vil forblive i unstable.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3389.data" diff --git a/danish/security/2015/dsa-3391.wml b/danish/security/2015/dsa-3391.wml deleted file mode 100644 index 9c231ccc402..00000000000 --- a/danish/security/2015/dsa-3391.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="eaea8a0e41a31b2b718fc06d5cb7fff6f356a4fb" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at den webbaserede administrative grænseflade Horde Application -Framework, ikke var beskyttet mod Cross-Site Request Forgery-angreb (CSRF). -Derfor kunne andre ondsindede websider medføre, at Horde-applikationer udførte -handlinger, som Horde-brugeren.

- -

Den gamle stabile distribution (wheezy) indeholder ikke php-horde-pakker.

- -

I den stabile distribution (jessie), er dette problem rettet i version -5.2.1+debian0-2+deb8u2.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 5.2.8+debian0-1.

- -

Vi anbefaler at du opgraderer dine php-horde-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3391.data" diff --git a/danish/security/2015/dsa-3392.wml b/danish/security/2015/dsa-3392.wml deleted file mode 100644 index 42db442a468..00000000000 --- a/danish/security/2015/dsa-3392.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="5ba4dd58fe33da99e6fa012f7af3d531f53ea76e" mindelta="1" -sikkerhedsopdatering - -

Pengsu Cheng opdagede at FreeImage, et bibliotek til grafiske billedformater, -indeholdt flere heltalsunderløb, som kunne føre til et lammelsesangreb (denial -of service): fjernangribere havde mulighed for at udløse et nedbrud ved at -levere et særligt fremstillet billede.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i version -3.15.1-1.1.

- -

I den stabile distribution (jessie), er dette problem rettet i version -3.15.4-4.2.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 3.15.4-6.

- -

Vi anbefaler at du opgraderer dine freeimage-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3392.data" diff --git a/danish/security/2015/dsa-3393.wml b/danish/security/2015/dsa-3393.wml deleted file mode 100644 index eafd5357e97..00000000000 --- a/danish/security/2015/dsa-3393.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="28c6925250633ac34d9775d060553125074e6ac8" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Flere hukommelsessikkerhedsfejl, heltalsoverløb, -bufferoverløb og andre implementeringsfejl kunne føre til udførelse af vilkårlig -kode, informationsafsløring eller lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 38.4.0esr-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 38.4.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 38.4.0esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3393.data" diff --git a/danish/security/2015/dsa-3394.wml b/danish/security/2015/dsa-3394.wml deleted file mode 100644 index 9462d3363be..00000000000 --- a/danish/security/2015/dsa-3394.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="9abadd91c091b3eccf5d8a4e8eece04d77cd662f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i LibreOffice, et komplet kontorpakke:

- -
    - -
  • CVE-2015-4551 - -

    Federico Scrinzi opdagede en informationslækage i håndteringen af - ODF-dokumenter. Citat fra - : - LinkUpdateMode-funktionen kontrollerer hvorvidt dokumenter indsat i Writer - eller Calc gennem links, enten ikke bliver opdateret, beder om at blive - opdateret eller automatisk opdateret, når et ophavsdokument indlæses. - Opsætningen af valgmuligheden blev gemt i dokumentet. Denne fejlbehæftede - metode, gjorde det muligt at fabrikere dokumenter med links til plausible - mål på offerets værtscomputeret. Indholdet af disse automatisk indsatte - links efter indlæsning, kunne være tilsløret i skjulte afsnit, og hentes af - angriberen, hvis dokumentet blev gemt og sendt tilbage til afsenderen, eller - gennem http-forespørgsler, hvis brugeren havde valgt lavere - sikkerhedsindstillinger for dokumentet.

    • - -
  • CVE-2015-5212 - -

    Et bufferoverløb i fortolkningen af printeropsætningsoplysninger i - ODF-dokumenter, kunne medføre udførelse af vilkårlig kode.

    • - -
  • CVE-2015-5213 / - CVE-2015-5214 - -

    Et bufferoverløb og heltalsoverløb i fortolkningen af Microsoft - Word-dokumenter, kunne medføre udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1:3.5.4+dfsg2-0+deb7u5.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:4.3.3-2+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1:5.0.2-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:5.0.2-1.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3394.data" diff --git a/danish/security/2015/dsa-3395.wml b/danish/security/2015/dsa-3395.wml deleted file mode 100644 index 84da1a8a69e..00000000000 --- a/danish/security/2015/dsa-3395.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="9d7895019440892189bf58feea76d05a30185768" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i krb5, MIT's implementering af Kerberos. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2015-2695 - -

    Man opdagede at applikationer, som kalder gss_inquire_context() i en - delvist etableret SPNEGO-kontekst, kunne medføre at GSS-API-biblioteket - læste fra en pointer med brug af den forkerte type, førende til nedbrud af - en proces.

    • - -
  • CVE-2015-2696 - -

    Man opdagede at applikationer, som klader gss_inquire_context() i en - delvist etableret IAKERB-kontektst, kunne medføre at GSS-API-biblioteket - læste fra en pointer med brug af den forkerte type, førende til nedbrud af - en proces.

    • - -
  • CVE-2015-2697 - -

    Man opdagede at funktionen build_principal_va() håndterede inddatastrenge - på ukorrekt vis. En uautentificeret angriber kunne drage nytte af fejlen - til at forårsage, at en KDC gik ned under en TGS-forespørgsel med et stort - realm-felt, begyndende med en nullbyte.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.10.1+dfsg-5+deb7u4.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.12.1+dfsg-19+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1.13.2+dfsg-3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.13.2+dfsg-3.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3395.data" diff --git a/danish/security/2015/dsa-3396.wml b/danish/security/2015/dsa-3396.wml deleted file mode 100644 index 351d9477eba..00000000000 --- a/danish/security/2015/dsa-3396.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="0074ba966e2b4ef9e217d541801b519929660a04" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til et -lammelsesangreb (denial of service).

- -
    - -
  • CVE-2015-5307 - -

    Ben Serebrin fra Google opdagede en fejl i forbindelse med gæst til vært- - lammelsesangreb, som påvirkede KVM-hypervisoren. En ondsindet gæst kunne - udløse en uendelig løkke bestående af alignment check-undtagelser - (#AC), hvilket medførte at processorens mikrokode kom i en undelig løkke, - hvor core'n aldrig modtog et nyt interrupt. Det førte til en panik i - værtskernen.

    • - -
  • CVE-2015-7833 - -

    Sergej Schumilo, Hendrik Schwartke og Ralf Spenneberg opdagede en fejl i - behandlingen af visse USB-enhedsdescriptorer i usbvision-driveren. En - angriber med fysisk adgang til systemet, kunne udnytte fejlen til at få det - til at gå ned.

    • - -
  • CVE-2015-7872 - -

    Dmitry Vyukov opdagede en sårbarhed i keyring'ens garbagecollector, - hvilket gjorde det muligt for en lokal bruger, at udløse en - kernepanik.

    • - -
  • CVE-2015-7990 - -

    Man opdagede at rettelsen af - \ - CVE-2015-6937 var ufuldstændig. En kapløbstilstand ved afsendelse af en - meddelelse på en unbound socket, kunne stadig medføre en - NULL-pointerdereference. En fjernangriber kunne være i stand til at - forårsage et lammelsesangreb (nedbrud), ved at sende en fabrikeret - pakke.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 3.2.68-1+deb7u6.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.16.7-ckt11-1+deb8u6.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3396.data" diff --git a/danish/security/2015/dsa-3397.wml b/danish/security/2015/dsa-3397.wml deleted file mode 100644 index 1521888e51c..00000000000 --- a/danish/security/2015/dsa-3397.wml +++ /dev/null @@ -1,70 +0,0 @@ -#use wml::debian::translation-check translation="9eb3bd666df817faaa728fddbf2e1fed83e81d77" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i wpa_supplicant og hostapd. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2015-4141 - -

    Kostya Kortchinsky fra Google Security Team opdagede en sårbarhed i - WPS UPnP-funktionene, med HTTP chunked transfer-encoding, hvilket kunne - medføre et lammelsesangreb (denial of service).

    • - -
  • CVE-2015-4142 - -

    Kostya Kortchinsky fra Google Security Team opdagede en sårbarhed i - behandlingen af WMM Action-frame, hvilket kunne medføre et - lammelsesangreb.

    • - -
  • CVE-2015-4143 - CVE-2015-4144 - CVE-2015-4145 - CVE-2015-4146 - -

    Kostya Kortchinsky fra Google Security Team opdagede at EAP-pwd-payload - ikke blev korrekt valideret, hvilket kunne medføre et - lammelsesangreb.

    • - -
  • CVE-2015-5310 - -

    Jouni Malinen opdagede en fejl i behandlingen af WMM Sleep Mode - Response-frame. En fjernangriber kunne drage nytte af fejlen til at - iværksætte et lammelsesangreb.

    • - -
  • CVE-2015-5314 - CVE-2015-5315 - -

    Jouni Malinen opdagede en fejl i håndteringen af EAP-pwd-meddelelser, - hvilket kunne medføre et lammelsesangreb.

    • - -
  • CVE-2015-5316 - -

    Jouni Malinen opdagede en fejl i håndteringen af - EAP-pwd-Confirm-meddelelser, hvilket kunne medføre et - lammelsesangreb.

    • - -
  • CVE-2015-8041 - -

    Ufuldstændig validering af postlængde på WPS og P2P NFC NDEF, kunne - medføre et lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 1.0-3+deb7u3. Den gamle stabile distribution (wheezy) er kun påvirket -af -CVE-2015-4141, -CVE-2015-4142, -CVE-2015-4143 og -CVE-2015-8041.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -2.3-1+deb8u3.

- -

Vi anbefaler at du opgraderer dine wpa-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3397.data" diff --git a/danish/security/2015/dsa-3398.wml b/danish/security/2015/dsa-3398.wml deleted file mode 100644 index 8b808580357..00000000000 --- a/danish/security/2015/dsa-3398.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="3e7852e739f95d7a12ef7c66307df78d8450138a" mindelta="1" -sikkerhedsopdatering - -

Tobias Brunner fandt en sårbarhed i forbindelse med omgåelse af -autentifikation i strongSwan, en IKE-/IPsec-programsamling.

- -

På grund af utilstrækkelig validering af dets lokale status, kunne -serverimplementeringen af EAP-MSCHAPv2-protokollen i plugin'en eap-mschapv2 -narres til at afslutte autentifikationen med succes, uden at levere gyldige -loginoplysninger.

- -

Det er muligt at genkende sådanne angreb, ved at kigge i serverlogfilerne. -Følgende fejlmeddelelse blev sendt under klientautentifikationen:

- -

EAP method EAP_MSCHAPV2 succeeded, no MSK established

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 4.5.2-1.5+deb7u8.

- -

I den stabile distribution (jessie), er dette problem rettet i version -5.2.1-6+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet i version -5.3.3-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -5.3.3-3.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3398.data" diff --git a/danish/security/2015/dsa-3399.wml b/danish/security/2015/dsa-3399.wml deleted file mode 100644 index efd54389dff..00000000000 --- a/danish/security/2015/dsa-3399.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="4f72e392d6cc9431b78f0439713813f11e49f87b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i PNG-biblioteket libpng. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2015-7981 - -

    Qixue Xiao opdagede en sårbarhed i forbindelse med læsningen uden for - grænserne i funktionen png_convert_to_rfc1123. En fjernangriber kunne - potentielt drage nytte af fejlen til at forårsage informationsafsløring fra - proceshukommelsen.

    • - -
  • CVE-2015-8126 - -

    Adskillige bufferoverløb blev opdaget i funktionerne png_set_PLTE og - png_get_PLTE. En fjernangriber kunne drage nytte af fejlen til at forårsage - et lammelsesangreb (applikationsnedbrud) via en lille bitdybdeværdi i en - IHDR-chunk (imageheader) i et PNG-billede.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 1.2.49-1+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -1.2.50-2+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.2.54-1.

- -

Vi anbefaler at du opgraderer dine libpng-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3399.data" diff --git a/danish/security/2015/dsa-3400.wml b/danish/security/2015/dsa-3400.wml deleted file mode 100644 index 08f3a6dc9a6..00000000000 --- a/danish/security/2015/dsa-3400.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="582e1831f6868e52ced75eea421fb71c1b5bd78a" mindelta="1" -sikkerhedsopdatering - -

Roman Fiedler opdagede en mappegennemløbsfejl i LXC, brugerrumsværktøjerne -Linux Containers. En lokal angriber med adgang til en LXC-container, kunne -udnytte fejlen til at køre programmer inde i containeren, som ikke er -indespærret af AppArmor eller blotlægge utilsigtede filer på værten til -containeren.

- -

I den stabile distribution (jessie), er dette problem rettet i version -1:1.0.6-6+deb8u2.

- -

Vi anbefaler at du opgraderer dine lxc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3400.data" diff --git a/danish/security/2015/dsa-3401.wml b/danish/security/2015/dsa-3401.wml deleted file mode 100644 index 886f231953c..00000000000 --- a/danish/security/2015/dsa-3401.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="5e6d084ff5c3206e24de50a396b9cdc7c2ac9283" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at rebinding af en modtager af en direkte metode-handle, kunne -gøre det muligt at tilgå en beskyttet metode.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 7u91-2.6.3-1~deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 7u91-2.6.3-1~deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7u91-2.6.3-1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3401.data" diff --git a/danish/security/2015/dsa-3402.wml b/danish/security/2015/dsa-3402.wml deleted file mode 100644 index b678714b838..00000000000 --- a/danish/security/2015/dsa-3402.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="747c204b71c06a81e6cd84f04e819d0672adb5a4" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i symfony, et framework til oprettelse af -websteder og webapplikationer. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2015-8124 - -

    RedTeam Pentesting GmbH-holdet opdagede en sessionsfikseringssårbarhed i - Remember Me-loginfunktionen, hvilket gjorde det muligt for en - angriber, at udgive sig for at være offeret over for webapplikationen, hvis - sessions id-værdi tidligere havde været kendt af angriberen.

    • - -
  • CVE-2015-8125 - -

    Flere potentielle fjernudnytbare sårbarheder i forbindelse med - timingangreb, blev opdaget i klasse fra Symfony Security-komponenten og i - legacy-implementeringen af CSRF fra Symfony Form-komponenten.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.3.21+dfsg-4+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.7.7+dfsg-1.

- -

Vi anbefaler at du opgraderer dine symfony-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3402.data" diff --git a/danish/security/2015/dsa-3403.wml b/danish/security/2015/dsa-3403.wml deleted file mode 100644 index be47e63a2c0..00000000000 --- a/danish/security/2015/dsa-3403.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="4299a0b80a8d1d392351f92f98573c6fb62227cc" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering tilbagefører ændringer fra commons-collections -3.2.2-udgaven, hvilket deaktiverer deserialisering af functors-klassen, med -mindre systemegenskaben org.apache.commons.collections.enableUnsafeSerialization -er sat til true. Dermed rettes en sårbarhed i usikre applikationer, som -deserialiserer objekter fra kilder, der ikke er tillid til, uden at -fornuftighedskontrollere deres inddata. Klasser, der betragtes som usikre, er: -CloneTransformer, ForClosure, InstantiateFactory, InstantiateTransformer, -InvokerTransformer, PrototypeCloneFactory, PrototypeSerializationFactory og -WhileClosure.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 3.2.1-5+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.2.1-7+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 3.2.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.2.2-1.

- -

Vi anbefaler at du opgraderer dine libcommons-collections3-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3403.data" diff --git a/danish/security/2015/dsa-3405.wml b/danish/security/2015/dsa-3405.wml deleted file mode 100644 index 9dcf8ecfb2b..00000000000 --- a/danish/security/2015/dsa-3405.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="b8c7dbfd38dfea8dc1b2617b93d96904469b1acc" mindelta="1" -sikkerhedsopdatering - -

Tero Marttila opdagede at Debians pakning af smokeping, installerede det på -en sådan måde, at CGI-implementeringen af Apaches httpd (mod_cgi), overførte -ekstra parametre til programmet smokeping_cgi, hvilket potentielt kunne føre til -udførelse af vilkårlig kode som svar på fabrikerede HTTP-forespørgsler.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.6.8-2+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.6.9-1+deb8u1.

- -

Vi anbefaler at du opgraderer dine smokeping-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3405.data" diff --git a/danish/security/2015/dsa-3406.wml b/danish/security/2015/dsa-3406.wml deleted file mode 100644 index 88d1f0ebd2d..00000000000 --- a/danish/security/2015/dsa-3406.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="01167fc3413b6e197c38db22da2e321fdb445e72" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ukorrekt hukommelsesallokering i biblioteket NetScape -Portable Runtime, kunne føre til lammelsesangreb (denial of service) eller -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2:4.9.2-1+deb7u3.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2:4.10.7-1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 2:4.10.10-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:4.10.10-1.

- -

Vi anbefaler at du opgraderer dine nspr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3406.data" diff --git a/danish/security/2015/dsa-3407.wml b/danish/security/2015/dsa-3407.wml deleted file mode 100644 index 4b4407d3baa..00000000000 --- a/danish/security/2015/dsa-3407.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="ab38149a90771a2cc30255c6a75d0a51a488e383" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck opdagede et stakbaseret bufferoverløb i komponenten dpkg-deb i -dpkg, Debians pakkehåndteringssystem. Fejlen kunne potentielt føre til -udførelse af vilkårlig kode, hvis en bruger eller et automatiseret system blev -narret til at behandle en særligt fremstillet binær Debian-pakke (.deb) i -Debians gamle binær pakke-format.

- -

Opdateringen indeholder også opdaterede oversættelser og yderligere -fejlrettelser.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.16.17.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.17.26.

- -

Vi anbefaler at du opgraderer dine dpkg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3407.data" diff --git a/danish/security/2015/dsa-3408.wml b/danish/security/2015/dsa-3408.wml deleted file mode 100644 index 91dfd8810c1..00000000000 --- a/danish/security/2015/dsa-3408.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="ec47265cd17acc9862e1fa2b7ccdc28efb8ddb04" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at GnuTLS, et bibliotek som implementerer protokollerne TLS og -SSL, på ukorrekt vis validerede den første paddingbyte i CBC-tilstande. En -fjernangriber kunne muligvis udnytte fejlen til at iværksætte et padding -oracle-angreb.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.12.20-8+deb7u4.

- -

Vi anbefaler at du opgraderer dine gnutls26-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3408.data" diff --git a/danish/security/2015/dsa-3409.wml b/danish/security/2015/dsa-3409.wml deleted file mode 100644 index 5b6054196e6..00000000000 --- a/danish/security/2015/dsa-3409.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="0a9be5a2026211f1bbee2f35d88ca16357780bc0" mindelta="1" -sikkerhedsopdatering - -

En hukommelsesødelæggende heltalsoverløb i håndteringen af kontrolsekvensen -ECH (erase-tegn), blev opdaget i PuTTY's terminalemulator. En fjernangriber -kunne udnytte fejlen til at iværksætte et lammelsesangreb (denial of service) -eller potentielt udføre vilkårlig kode.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 0.62-9+deb7u3.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.63-10+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 0.66-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.66-1.

- -

Vi anbefaler at du opgraderer dine putty-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3409.data" diff --git a/danish/security/2015/dsa-3410.wml b/danish/security/2015/dsa-3410.wml deleted file mode 100644 index b7577ce442d..00000000000 --- a/danish/security/2015/dsa-3410.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="d64994d06c4086985c37713f074573a8ba98f150" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af -mailklienten Mozilla Thunderbird: Adskillige hukommelsessikkerhedsfejl, -heltalsoverløb, bufferoverløb og andre implementeringsfejl kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 38.4.0-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -38.4.0-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -38.4.0-1.

- -

Desuden er enigmail opdateret til en udgivelse, der er kompatibel med den nye -ESR38-serie.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3410.data" diff --git a/danish/security/2015/dsa-3411.wml b/danish/security/2015/dsa-3411.wml deleted file mode 100644 index ce633a9de2d..00000000000 --- a/danish/security/2015/dsa-3411.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="2b172160dd0bc862fc258e09ba704c44298b2d50" mindelta="1" -sikkerhedsopdatering - -

Michal Kowalczyk opdagede at manglende fornuftighedskontrol af inddata i -printfilteret foomatic-rip, kunne medføre udførelse af vilkårlige -kommandoer.

- -

Den gamle stabile distribution (wheezy) er ikke påvirket.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.0.61-5+deb8u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2.0-1.

- -

Vi anbefaler at du opgraderer dine cups-filters-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3411.data" diff --git a/danish/security/2015/dsa-3412.wml b/danish/security/2015/dsa-3412.wml deleted file mode 100644 index 13144d7a9a3..00000000000 --- a/danish/security/2015/dsa-3412.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="88a9a0f0a0eb93512ee84dc320d5b389db94d541" mindelta="1" -sikkerhedsopdatering - -

Luca Bruno opdagede en heltalsoverløbsfejl førende til et stakbaseret -bufferoverløb i redis, en persistent key-value-database. En fjernangriber kunne -udnytte fejlen til at forårsage et lammelsesangreb (applikationsnedbrud).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2:2.8.17-1+deb8u3.

- -

I distributionen testing (stretch), er dette problem rettet -i version 2:3.0.5-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:3.0.5-4.

- -

Vi anbefaler at du opgraderer dine redis-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3412.data" diff --git a/danish/security/2015/dsa-3413.wml b/danish/security/2015/dsa-3413.wml deleted file mode 100644 index 2535fa4c74f..00000000000 --- a/danish/security/2015/dsa-3413.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="5061958a47d80d6893df03f587402203a4b88746" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenSSL, et Secure Sockets Layer-værktøjssæt. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2015-3194 - -

    Loic Jonas Etienne fra Qnective AG opdagede at rutiner til verifikation - af signaturer, gik ned med en NULL-pointerdereference, hvis de blev - præsenteret for en ASN.1-signatur, som anvender RSA PSS-algoritmen og ikke - har funktionsparameteret til maskgenerering. En fjernangriber kunne udnytte - fejlen til at få ethver certifikatverifikationshandling til at gå ned, og - iværksætte et lammelsesangreb (denial of service).

    • - -
  • CVE-2015-3195 - -

    Adam Langley fra Google/BoringSSL opdagede at OpenSSL lækkede hukommelse - når den blev præsenteret for en misdannet X509_ATTRIBUTE-struktur.

    • - -
  • CVE-2015-3196 - -

    En kapløbstilstandsfejl i håndteringen af PSK-identify hints blev - opdaget; den kunne potentielt føre til en dobbelt frigivelse af identify - hint-data.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.0.1e-2+deb7u18.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.0.1k-3+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.2e-1 or earlier.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3413.data" diff --git a/danish/security/2015/dsa-3414.wml b/danish/security/2015/dsa-3414.wml deleted file mode 100644 index 4d89e13307c..00000000000 --- a/danish/security/2015/dsa-3414.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="64b0f50d576cb277f8370a909a179f24239cd347" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i virtualiseringsløsningen Xen, -hvilke kan medføre lammelsesangreb (denial of service) eller -informationsafsløring.

- -

I den gamle stabile distribution (wheezy), vil en opdatering senere blive -stillet til rådighed.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.4.1-9+deb8u3.

- -

I den ustabile distribution (sid), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3414.data" diff --git a/danish/security/2015/dsa-3415.wml b/danish/security/2015/dsa-3415.wml deleted file mode 100644 index ebc42f4b48b..00000000000 --- a/danish/security/2015/dsa-3415.wml +++ /dev/null @@ -1,129 +0,0 @@ -#use wml::debian::translation-check translation="1ae442e260d25ed2d30675255d80c006fe7de003" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2015-1302 - -

    Rub Wu opdagede en informationslækage i biblioteket pdfium.

    • - -
  • CVE-2015-6764 - -

    Guang Gong opdagede et problem med læsning uden for grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2015-6765 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - AppCache.

    • - -
  • CVE-2015-6766 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - AppCache.

    • - -
  • CVE-2015-6767 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - AppCache.

    • - -
  • CVE-2015-6768 - -

    Mariusz Mlynski opdagede en måde at omgå Same Origin Policy.

    • - -
  • CVE-2015-6769 - -

    Mariusz Mlynski opdagede en måde at omgå Same Origin Policy.

    • - -
  • CVE-2015-6770 - -

    Mariusz Mlynski opdagede en måde at omgå Same Origin Policy.

    • - -
  • CVE-2015-6771 - -

    Et problem med læsning uden for grænserne blev opdaget i - JavaScript-biblioteket v8.

    • - -
  • CVE-2015-6772 - -

    Mariusz Mlynski opdagede en måde at omgå Same Origin Policy på.

    • - -
  • CVE-2015-6773 - -

    cloudfuzzer opdagede et problem med læsning uden for grænserne i - biblioteket skia.

    • - -
  • CVE-2015-6774 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - extensions-bindingen.

    • - -
  • CVE-2015-6775 - -

    Atte Kettunen opdagede et typeforvekslingsproblem i biblioteket - pdfium.

    • - -
  • CVE-2015-6776 - -

    Hanno Böck opdagede et problem med tilgang uden for grænserne i - biblioteket openjpeg, som anvendes af pdfium.

    • - -
  • CVE-2015-6777 - -

    Long Liu fandt et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2015-6778 - -

    Karl Skomski fandt et problem med læsningn uden for grænserne i - biblioteket pdfium.

    • - -
  • CVE-2015-6779 - -

    Til Jasper Ullrich opdagede at biblioteket pdfium ikke - fornuftighedskontrollerede chrome:-URL'er.

    • - -
  • CVE-2015-6780 - -

    Khalil Zhani opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2015-6781 - -

    miaubiz opdagede et heltalsoverløbsproblem i biblioteket sfntly.

    • - -
  • CVE-2015-6782 - -

    Luan Herrera opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2015-6784 - -

    Inti De Ceukelaire opdagede en måde at sprøjte HTML ind i serialiserede - websider.

    • - -
  • CVE-2015-6785 - -

    Michael Ficarra opdagede en måde at Content Security Policy.

    • - -
  • CVE-2015-6786 - -

    Michael Ficarra opdagede en anden måde at omgå Content Security - Policy.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i version -47.0.2526.73-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -47.0.2526.73-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3415.data" diff --git a/danish/security/2015/dsa-3416.wml b/danish/security/2015/dsa-3416.wml deleted file mode 100644 index f18ef82c9de..00000000000 --- a/danish/security/2015/dsa-3416.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="da92ae594a5343f5177264fa4481c5e21f8362cb" mindelta="1" -sikkerhedsopdatering - -

Takeshi Terada opdagede en sårbarhed i PHPMailer, et PHP-bibliotek til -mailoverførsel, som anvendes af mange CMS'er. Biblioteket accepterede -mailadresser og SMTP-kommandoer indeholdende linjeskift, hvilket kunne misbruges -af en angriber til at indsprøjte meddelelser.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i -version 5.1-1.1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.2.9+dfsg-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.2.14+dfsg-1.

- -

Vi anbefaler at du opgraderer dine libphp-phpmailer-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3416.data" diff --git a/danish/security/2015/dsa-3417.wml b/danish/security/2015/dsa-3417.wml deleted file mode 100644 index bbb89506295..00000000000 --- a/danish/security/2015/dsa-3417.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="5e5cde5f1d7897295b54d526fe07c41028cc4af2" mindelta="1" -sikkerhedsopdatering - -

Tibor Jager, Jörg Schwenk og Juraj Somorovsky fra Horst Görtz Institute for -IT Security, udgav et afhandling under ESORICS 2015, hvor de beskriver et -ugyldig kurve-angreb i Bouncy Castle Crypto, et Java-bibliotek til kryptografi. -En angriber havde mulighed for at gendanne private Elliptic Curve-nøgler fra -forskellige applikationer, eksempelvis TLS-servere.

- -

Flere oplysninger: -\ -http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html -
-Practical Invalid Curve Attacks på TLS-ECDH: -\ -http://euklid.org/pdf/ECC_Invalid_Curve.pdf

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.44+dfsg-3.1+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.49+dfsg-3+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.51-2.

- -

Vi anbefaler at du opgraderer dine bouncycastle-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3417.data" diff --git a/danish/security/2015/dsa-3418.wml b/danish/security/2015/dsa-3418.wml deleted file mode 100644 index f359df863a7..00000000000 --- a/danish/security/2015/dsa-3418.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="fcf97940fe18c5b2a5803f470f5ba47e66a92f04" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2015-6788 - -

    Et problem med typeforveksling blev opdaget i håndteringen af - udvidelser.

    • - -
  • CVE-2015-6789 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2015-6790 - -

    Inti De Ceukelaire opdagede en måde at sprøjte HTML ind i serialiserede - websider.

    • - -
  • CVE-2015-6791 - -

    Udviklingsholdet bag chrome 47 fandt og rettede forskellige problemer - under intern kodegennemgang. Desuden blev adskillige problemer rettet i - JavaScript-biblioteket v8, version 4.7.80.23.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i version -47.0.2526.80-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -47.0.2526.80-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3418.data" diff --git a/danish/security/2015/dsa-3419.wml b/danish/security/2015/dsa-3419.wml deleted file mode 100644 index 328f44c5850..00000000000 --- a/danish/security/2015/dsa-3419.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="c17a2aa2f8938924e6d8fe4bdc15df54dace3362" mindelta="1" -sikkerhedsopdatering - -

Adam Chester opdagede at manglende fornuftighedskontrol af inddata i -udskriftsfilteret foomatic-rip, kunne medføre udførelse af vilkårlige -kommandoer.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.0.61-5+deb8u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.0-1.

- -

Vi anbefaler at du opgraderer dine cups-filters-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3419.data" diff --git a/danish/security/2015/dsa-3420.wml b/danish/security/2015/dsa-3420.wml deleted file mode 100644 index 58014762a5a..00000000000 --- a/danish/security/2015/dsa-3420.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="f3325bbf80c4e2bf9e88e2b091f4fb9b7ddc7395" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at DNS-serveren BIND ikke på korrekt vis håndterede fortolkning -af indgående svar, hvilket medførte at nogle records med en ukorrekt klasse, -blev accepteret af BIND, i stedet for at de blev afvist som misdannede. Det -kan udløse en REQUIRE-assertionfejl, når sådanne records efterfølgende bliver -cachet. En fjernangriber kan udnytte fejlen til at forårsage et -lammelsesangreb (denial of service) mod servere, som foretager rekursive -forespørgsler.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1:9.8.4.dfsg.P1-6+nmu2+deb7u8.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:9.9.5.dfsg-9+deb8u4.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3420.data" diff --git a/danish/security/2015/dsa-3421.wml b/danish/security/2015/dsa-3421.wml deleted file mode 100644 index 1ea89a72f83..00000000000 --- a/danish/security/2015/dsa-3421.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="0d4adef4db7afedd1c51b4d075709db2be3eb132" mindelta="1" -sikkerhedsopdatering - -

Hector Marco og Ismael Ripoll, fra Cybersecurity UPV Research Group, fandt -en heltalsunderløbssårbarhed i Grub2, en populær bootloader. En lokal angriber -kunne omgå Grub2's autentifikation ved at indsætte fabrikeret inddata som -brugernavn eller adgangskode.

- -

Flere oplysninger: -\ -http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
-CVE-2015-8370

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.99-27+deb7u3.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.02~beta2-22+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.02~beta2-33.

- -

Vi anbefaler at du opgraderer dine grub2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3421.data" diff --git a/danish/security/2015/dsa-3422.wml b/danish/security/2015/dsa-3422.wml deleted file mode 100644 index f4b478094e1..00000000000 --- a/danish/security/2015/dsa-3422.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="63496b6a8847ca08faef231b578bd057d368ab98" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Adskillige hukommelsesikkerhedsfejl, -heltalsoverløb, anvendelser efter frigivelse og andre implementeringsfejl, -kunne føre til udførelse af vilkårlig kode, omgåelse af samme ophav-policy -eller lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 38.5.0esr-1~deb7u2.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 38.5.0esr-1~deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 38.5.0esr-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3422.data" diff --git a/danish/security/2015/dsa-3423.wml b/danish/security/2015/dsa-3423.wml deleted file mode 100644 index a4fd9ddbf67..00000000000 --- a/danish/security/2015/dsa-3423.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="3b5bbb81f585bd9346e4c8078aeb8248efa8abec" mindelta="1" -sikkerhedsopdatering - -

Flere SQL-indsprøjtningssårbarheder er opdaget i Cacti, en frontend til -RRDTool skrevet i PHP. Særligt fremstillede inddata kunne anvendes af en -angriber i rra_id-værdien i skriptet graph.php, til at udføre vilkårlige -SQL-kommandoer i databasen.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 0.8.8a+dfsg-5+deb7u7.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.8.8b+dfsg-8+deb8u3.

- -

I distributionen testing (stretch), er dette problem rettet -i version 0.8.8f+ds1-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.8.8f+ds1-3.

- -

Vi anbefaler at du opgraderer dine cacti-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3423.data" diff --git a/danish/security/2015/dsa-3424.wml b/danish/security/2015/dsa-3424.wml deleted file mode 100644 index 283fd717e41..00000000000 --- a/danish/security/2015/dsa-3424.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="a75593f4b49c73f166d6ea652d390e60f15232c0" mindelta="1" -sikkerhedsopdatering - -

Ivan Zhakov opdagede et heltalsoverløb i mod_dav_svn, hvilket gjorde det -muligt for en angriber med skriveadgang til serveren, at udføre vilkårlig kode -eller forårsage et lammelsesangreb (denial of service).

- -

Den gamle stabile distribution (wheezy) er ikke påvirket.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.8.10-6+deb8u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.9.3-1.

- -

Vi anbefaler at du opgraderer dine subversion-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3424.data" diff --git a/danish/security/2015/dsa-3425.wml b/danish/security/2015/dsa-3425.wml deleted file mode 100644 index 8622791e804..00000000000 --- a/danish/security/2015/dsa-3425.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="114b0082202d634f5273ec8169133f8a4c883281" mindelta="1" -sikkerhedsopdatering - -

Cédric Krier opdagede en sårbarhed i serversiden af Tryton, et -applikationsframework skrevet i Python. En autentificeret, ondsindet bruger -kunne skrive vilkårlige værdier i recordfelter, på grund af manglende kontrol af -adgangsrettigheder, når flere records blev skrevet.

- -

Den gamle stabile distribution (wheezy) er ikke påvirket.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.4.0-3+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.8.1-1.

- -

Vi anbefaler at du opgraderer dine tryton-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3425.data" diff --git a/danish/security/2015/dsa-3426.wml b/danish/security/2015/dsa-3426.wml deleted file mode 100644 index f6f66447a0e..00000000000 --- a/danish/security/2015/dsa-3426.wml +++ /dev/null @@ -1,70 +0,0 @@ -#use wml::debian::translation-check translation="c9ca7d2aececd0a08197bc423e918ea35a802ee9" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service), informationslækage -eller datatab.

- -
    - -
  • CVE-2013-7446 - -

    Dmitry Vyukov opdagede at en bestemt sekvens af gyldige handlinger på - lokale (AF_UNIX) sockets, kunne medføre anvendelse efter frigivelse. Det - kunne anvendes til at forårsage et lammelsesangreb (nedbrud) eller muligvis - rettighedsforøgelse.

    • - -
  • CVE-2015-7799 - -

    Man opdagede at en bruger med adgang til /dev/ppp, kunne forårsage et - lammelsesangreb (nedbrud), ved at overføre ugyldige parametre til ioctl'en - PPPIOCSMAXCID. Det gælder også ISDN PPP-enhedsnoder.

    • - -
  • CVE-2015-7833 - -

    Sergej Schumilo, Hendrik Schwartke og Ralf Spenneberg opdagede en fejl i - behandlingen af visse USB-enhedsdeskriptorer i usbvision-driveren. En - angriber med fysisk adgang til systemet, kunne udnytte fejlen til at få - systemet til at gå ned. Det blev delvist rettet i forbindelse med - ændringerne anført i DSA 3396-1.

    • - -
  • CVE-2015-8104 - -

    Jan Beulich rapporterede om en lammelsesangrebsfejl vedrørende gæst til - vært, som påvirkede KVM-hypervisor'en, der kører på AMD-processorer. En - ondsindet gæst kunne udløse en uendelig strøm af debug-exceptions - (#DB), som fik processormikrokoden til at gå i en uendelig lække, hvor - kernen aldrig modtog et andet interrupt. Det førte til panik i værtens - kerne.

    • - -
  • CVE-2015-8374 - -

    Man opdagede at Btrfs ikke på korrekt vis implementerede trunkering af - komprimerede inline-extents. Det kunne føre til en informationslækage, hvis - en fil blev trunkeret og senere gjort læsbar af andre brugere. Desuden - kunne det medføre datatab. Det er kun rettet i den stabile distribution - (jessie).

    • - -
  • CVE-2015-8543 - -

    Man opdagede at en lokal bruger, med tilladelse til at oprette rå - sockets, kunne forårsage et lammelsesangreb ved at angive et ugyldit - protokolnnummer for socket'en. Angriberen skal have muligheden - CAP_NET_RAW i sit brugernavnerum. Det er kun rettet i den stabile - distribution (jessie).

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 3.2.73-2+deb7u1. Desuden indeholder denne opdatering flere ændringer, -som oprindelig var planlagt til den kommende punktopdatering af Wheezy.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -3.16.7-ckt20-1+deb8u1. Desuden indeholder denne opdatering flere ændringer, -som oprindelig var planlagt til den kommende punktopdatering af Jessie.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3426.data" diff --git a/danish/security/2015/dsa-3427.wml b/danish/security/2015/dsa-3427.wml deleted file mode 100644 index fa3daf5f80f..00000000000 --- a/danish/security/2015/dsa-3427.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="c96376dcfc00bf2c3a3acf24336e0f0b3905bf2b" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at plugin'en Mechanism i Blueman, en grafisk Bluetooth-manager, -muliggjorde lokal rettighedsforøgelse.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i version -1.23-1+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i version -1.99~alpha1-1+deb8u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine blueman-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3427.data" diff --git a/danish/security/2015/dsa-3428.wml b/danish/security/2015/dsa-3428.wml deleted file mode 100644 index 80e1215aab1..00000000000 --- a/danish/security/2015/dsa-3428.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="19fefde2b0b76ff533ce8b9e0181d251bbf422d6" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ondsindede webapplikationer kunne anvende Expression Language -til at omgå en Security Managers beskyttelse, da udtryk blev evalueret inden for -en sektion med priviligeret kode.

- -

I den stabile distribution (jessie), er dette problem rettet i version -8.0.14-1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet i version -8.0.21-2.

- -

I den ustabile distribution (sid), er dette problem rettet i version -8.0.21-2.

- -

Vi anbefaler at du opgraderer dine tomcat8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3428.data" diff --git a/danish/security/2015/dsa-3429.wml b/danish/security/2015/dsa-3429.wml deleted file mode 100644 index 0fdac5fdeb1..00000000000 --- a/danish/security/2015/dsa-3429.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="19c96ce1202ef80dc6cfe6f7b9f296dfb48042cb" mindelta="1" -sikkerhedsopdatering - -

Michal Kowalczyk og Adam Chester opdagede at manglende fornuftighedskontrol -af inddata i printfilteret foomatic-rip, kunne medføre udførelse af vilkårlige -kommandoer.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 4.0.17-1+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.0.17-5+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.0.17-7.

- -

Vi anbefaler at du opgraderer dine foomatic-filters-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3429.data" diff --git a/danish/security/2015/dsa-3430.wml b/danish/security/2015/dsa-3430.wml deleted file mode 100644 index df961a3c96c..00000000000 --- a/danish/security/2015/dsa-3430.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="2d8f6d485ccbe8762a0708861ce090e01f21d0a6" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libxml2, et bibliotek som tilbyder -understøttelse af læsning, ændring og skrivning af XML- og HTML-filer. En -Fjernangriber kunne levere en særligt fremstillet XML- eller HTML-fil, der ved -behandling af en applikation, som anvender libxml2, ville få den applikation til -at anvende alt for megen CPU-kraft, lække potentielt følsomme oplysninger eller -få applikationen til at gå ned.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 2.8.0+dfsg1-7+wheezy5.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.9.1+dfsg1-5+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 2.9.3+dfsg1-1 or earlier versions.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.9.3+dfsg1-1 or earlier versions.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2015/dsa-3430.data" diff --git a/danish/security/2015/index.wml b/danish/security/2015/index.wml deleted file mode 100644 index 90e6bb40c89..00000000000 --- a/danish/security/2015/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2015 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security -#use wml::debian::translation-check translation="ed54eda7d637b53fe29a2c72db3fc396fd5cd983" - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/security/2015' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2016/Makefile b/danish/security/2016/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2016/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2016/dsa-3426.wml b/danish/security/2016/dsa-3426.wml deleted file mode 100644 index 152dafe7c40..00000000000 --- a/danish/security/2016/dsa-3426.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="bcba0c918dd76e8782bf5e69d0d7f14dcc902b73" mindelta="1" -sikkerhedsopdatering - -

Opdateringen til linux udgivet som -DSA-3426-1 og -DSA-3434-1 for at løse -\ -CVE-2015-8543, blotlagde en fejl i ctdb, en clusterdatabase til opbevaring -af midlertidige data, førende til ikke-fungerende clusters. Opdaterede pakker -er nu tilgængelige til løsningen af problemet.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i version -1.12+git20120201-5.

- -

I den stabile distribution (jessie), er dette problem rettet i version -2.5.4+debian0-4+deb8u1.

- -

Vi anbefaler at du opgraderer dine ctdb-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3426.data" -# $Id$ diff --git a/danish/security/2016/dsa-3431.wml b/danish/security/2016/dsa-3431.wml deleted file mode 100644 index bcc17d06b10..00000000000 --- a/danish/security/2016/dsa-3431.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="77f6072e6a762604fbe1e2a3195dad804a743ca4" mindelta="1" -sikkerhedsopdatering - -

Pierre Kim opdagede to sårbarheder i restful API'et hørende til Ganeti, et -værktøj til håndtering af virtuelle serverklynger. SSL-parameterforhandling -kunne medføre lammelsesangreb (denial of service) og den hemmelige DRBD kunne -lækkes.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 2.5.2-1+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.12.4-1+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.15.2-1.

- -

Vi anbefaler at du opgraderer dine ganeti-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3431.data" diff --git a/danish/security/2016/dsa-3432.wml b/danish/security/2016/dsa-3432.wml deleted file mode 100644 index 1b4e5c1d26a..00000000000 --- a/danish/security/2016/dsa-3432.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="7e76c712f7c9f550222b7f0a7060219d5eac5aae" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af -mailklienten Mozilla Thunderbird: Flere hukommelsessikkerhedsfejl, -heltalsoverløb, bufferoverløb og andre implementeringsfejl kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 38.5.0-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 38.5.0-1~deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 38.5.0esr-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 38.5.0esr-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3432.data" diff --git a/danish/security/2016/dsa-3433.wml b/danish/security/2016/dsa-3433.wml deleted file mode 100644 index bd6c32c9782..00000000000 --- a/danish/security/2016/dsa-3433.wml +++ /dev/null @@ -1,85 +0,0 @@ -#use wml::debian::translation-check translation="1c71a3f95c45cafea5383e01ef72293ff91edd6c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Samba, en SMB/CIFS-fil-, print- og loginserver -til Unix. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2015-3223 - -

    Thilo Uttendorfer fra Linux Information Systems AG opdagede at en - ondsindet forespørgsel kunne medføre at Samba LDAP-serveren hang, og dermed - forbrugte CPU-ressourcer. En fjernangriber kunne udnytte fejlen til at - iværksætte et lammelsesangreb (denial of service).

    • - -
  • CVE-2015-5252 - -

    Jan Yenya Kasprzak og Computer Systems Unit-holdet ved Faculty of - Informatics, Masaryk University, opdagede at utilstrækkelig symlink-kontrol - kunne gøre det muligt at tilgå data uden for en eksporteret - share-sti.

    • - -
  • CVE-2015-5296 - -

    Stefan Metzmacher fra SerNet opdagede at Samba ikke sikrer at signering - forhandles, når der oprettes en krytperet klientforbindelse til en server. - Dermed havde en manden i midten-angriber mulighed for at nedgradere - forbindelsen og forbinde sig ved hjælp af de leverede loginoplysninger, som - en ikke-signeret, ukrypteret forbindelse.

    • - -
  • CVE-2015-5299 - -

    Man opdagede at en manglende adgangskontrol i VFS-modulet shadow_copy2, - kunne tillade at uautoriserede brugere fik adgang til snapshots.

    • - -
  • CVE-2015-5330 - -

    Douglas Bagnall fra Catalyst opdagede at Samba LDAP-serveren var sårbar - over for et fjernudført hukommelseslæsningsangreb. En fjernangriber kunne - få adgang til følsomme oplysninger fra dæmonens heaphukommelse, ved at sende - fabrikerede pakker og dernæst enten læse en fejlmeddelelse eller en - databaseværdi.

    • - -
  • CVE-2015-7540 - -

    Man opdagede at en ondsindet klient kunne sende pakker, som fik - LDAP-serveren leveret af AD DC'en i sambadæmonens proces, til at forbruge - ubegrænsede mængder hukommelse og blive afbrudt.

    • - -
  • CVE-2015-8467 - -

    Andrew Bartlett fra Samba-holdet og Catalyst opdagede at en Samba-server - udrullet som en AD DC, kunne blotlægge Windows DC'er i det samme domæne til - brug i et lammelsesangreb gennem oprettelse af adskillige maskinkonti. - Problemet har relation til et sikkerhedsproblem i Windows, MS15-096 / - \ - CVE-2015-2535.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 2:3.6.6-6+deb7u6. Den gamle stabile distribution (wheezy) er kun -påvirket af -CVE-2015-5252, -CVE-2015-5296 og -CVE-2015-5299.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -2:4.1.17+dfsg-2+deb8u1. Rettelserne af -CVE-2015-3223 og -CVE-2015-5330 -kræver en opdatering til ldb 2:1.1.17-2+deb8u1, for at løse fejlene.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2:4.1.22+dfsg-1. Rettelserne af -CVE-2015-3223 og -CVE-2015-5330 -kræver en opdatering til ldb 2:1.1.24-1, for at løse fejlene.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3433.data" diff --git a/danish/security/2016/dsa-3434.wml b/danish/security/2016/dsa-3434.wml deleted file mode 100644 index 90f37f8c752..00000000000 --- a/danish/security/2016/dsa-3434.wml +++ /dev/null @@ -1,106 +0,0 @@ -#use wml::debian::translation-check translation="d7e3e2a99132c149f90debdbb0f0773e7a74b018" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service) eller -informationslækage.

- -
    - -
  • CVE-2015-7513 - -

    Man opdagede at en lokal bruger med rettigheder til at anvende x86 - KVM-undersystemet, kunne opsætte PIT-emuleringen til at forårsage et - lammelsesangreb (nedbrud).

    • - -
  • CVE-2015-7550 - -

    Dmitry Vyukov opdagede en kapløbstilstand i keyring-undersystemet, - hvilket gjorde det muligt for en lokal bruger at forårsage et - lammelsesangreb (nedbrud).

    • - -
  • CVE-2015-8543 - -

    Man opdagede at en lokal bruger med rettigheder til at oprette raw - sockets, kunne forårsage et lammelsesangreb ved at angive et ugyldigt - protokolnummer for socket'en. Angriberen skulle have - CAP_NET_RAW-muligheden.

    • - -
  • CVE-2015-8550 - -

    Felix Wilhelm fra ERNW opdagede at Xen PV-backenddriverne kunne læse - kritiske data fra delt hukommelse flere gange. Fejlen kunne anvendes af en - gæstekerne til at forårsage et lammelsesangreb (nedbrud) på værten, eller - muligvis til rettighedsforøgelse.

    • - -
  • CVE-2015-8551 / - CVE-2015-8552 - -

    Konrad Rzeszutek Wilk fra Oracle opdagede at Xen PCI-backenddriveren ikke - på tilstrækkelig vis validerede enhedstilstanden, når en gæst opsætter - MSI'er. Fejlen kunne anvendes af en gæstekerne til at forårsage et - lammelsesangreb (nedbrud eller forbrug af al diskplads) på værten.

    • - -
  • CVE-2015-8569 - -

    Dmitry Vyukov opdagede en fejl i implementeringen af PPTP-sockets, som - førte til en informationslækage til lokale brugere.

    • - -
  • CVE-2015-8575 - -

    David Miller opdagede en fejl i implementeringen af Bluetooth - SCO-sockets, som førte til en informationslækage til lokale - brugere.

    • - -
  • CVE-2015-8709 - -

    Jann Horn opdagede en fejl i rettighedskontrollerne til anvendelse af - ptrace-funktionaliteten. En lokal bruger, som har CAP_SYS_PTRACE-muligheden - inden for deres eget brugernavnerum, kunne anvende fejlen til - rettighedsforøgelse, hvis en mere priviligeret proces nogen sinde kom ind i - det brugernavnerum. Det påvirker i hvert fald LXC-systemet.

    • - -
- -

Desuden retter denne opdatering nogle regressioner fra den foregående -opdatering:

- -
    - -
  • #808293 - -

    En regression i implementeringen af UDP, forhindrede freeradius og nogle - andre applikationer i at modtage data.

    • - -
  • #808602 / - #808953 - -

    En regression i USB XHCI-driveren, forhindrede anvendelse af nogle - enheder på USB 3 SuperSpeed-porte.

    • - -
  • #808973 - -

    En rettelse af radeon-driveren var sammen med en eksisterende fejl årsag - til et nedbrud ved boot, når nogle AMD/ATI-grafikkort blev anvendt. - Problemet påvirker kun wheezy.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 3.2.73-2+deb7u2. Den gamle stabile distribution (wheezy) er ikke -påvirket af \ -CVE-2015-8709.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -3.16.7-ckt20-1+deb8u2. -CVE-2015-8543 -var allerede rettet i version 3.16.7-ckt20-1+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -4.3.3-3 eller tidligere.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3434.data" diff --git a/danish/security/2016/dsa-3435.wml b/danish/security/2016/dsa-3435.wml deleted file mode 100644 index beb355087f7..00000000000 --- a/danish/security/2016/dsa-3435.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="e4c2e8116544c6f848e5240f8e84de0ad1a9c836" mindelta="1" -sikkerhedsopdatering - -

Blake Burkhart opdagede at Gits helper git-remote-ext på ukorrekt vis -håndterede rekursive kloner af git-arkiver. En fjernangriber kunne muligvis -anvende problemet til at udføre vilkårlig kode, ved at indsprøjte kommandoer -gennem fabrikerede URL'er.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1:1.7.10.4-1+wheezy2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:2.1.4-2.1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1:2.6.1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:2.6.1-1.

- -

Vi anbefaler at du opgraderer dine git-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3435.data" diff --git a/danish/security/2016/dsa-3436.wml b/danish/security/2016/dsa-3436.wml deleted file mode 100644 index 809b94458bc..00000000000 --- a/danish/security/2016/dsa-3436.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="db6b440c2a9650e7faa720ee59239f93f9d7b6d5" mindelta="1" -sikkerhedsopdatering - -

Karthikeyan Bhargavan og Gaetan Leurent ved INRIA opdagede en fejl i -protokollen TLS 1.2, hvilket kunne muliggøre at MD5-hashfunktionen blev anvendt -til signering af ServerKeyExchange- og Client Authentication-pakker under et -TLS-handshake. En manden i midten-angriber kunne udnytte fejlen til at -gennemføre kollisionsangreb med det formål at udgive sig for at være en -TLS-server eller en autentificeret TLS-klient.

- -

Flere oplysninger findes i -\ -https://www.mitls.org/pages/attacks/SLOTH

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.0.1e-2+deb7u19.

- -

I den stabile distribution (jessie), i distributionen testing (stretch) og i -den ustabile distribution (sid), blev problemet allerede løst i version -1.0.1f-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3436.data" diff --git a/danish/security/2016/dsa-3437.wml b/danish/security/2016/dsa-3437.wml deleted file mode 100644 index 27546a6a5f2..00000000000 --- a/danish/security/2016/dsa-3437.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e3f46bfc4e821e7ca484f51c50189f3cd29bc100" mindelta="1" -sikkerhedsopdatering - -

Karthikeyan Bhargavan og Gaetan Leurent ved INRIA opdagede en fejl i -protokollen TLS 1.2, hvilket kunne muliggøre at MD5-hashfunktionen blev anvendt -til signering af ServerKeyExchange- og Client Authentication-pakker under et -TLS-handshake. En manden i midten-angriber kunne udnytte fejlen til at -gennemføre kollisionsangreb med det formål at udgive sig for at være en -TLS-server eller en autentificeret TLS-klient.

- -

Flere oplysninger findes i -\ -https://www.mitls.org/pages/attacks/SLOTH

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.12.20-8+deb7u5.

- -

Vi anbefaler at du opgraderer dine gnutls26-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3437.data" diff --git a/danish/security/2016/dsa-3438.wml b/danish/security/2016/dsa-3438.wml deleted file mode 100644 index b57f96a0889..00000000000 --- a/danish/security/2016/dsa-3438.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="8421150b1b0fea8f80b946491d64ecaf4e6ef2e5" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at hvis man trak stikket ud til en af skærmene i en -flerskærmsopsætning, kunne det få xscreensaver til at gå ned. Nogen med fysisk -adgang til en maskine, kunne udnytte problemet til at omgå en låst session.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 5.15-3+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.30-1+deb8u1.

- -

I distributionen testing (stretch) og i den unstable distribution (sid), er -dette problem rettet i version 5.34-1.

- -

Vi anbefaler at du opgraderer dine xscreensaver-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3438.data" diff --git a/danish/security/2016/dsa-3439.wml b/danish/security/2016/dsa-3439.wml deleted file mode 100644 index 9cf181dca3f..00000000000 --- a/danish/security/2016/dsa-3439.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="d89aeb721f92d86022c037df077f41a5a7ae5cc7" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Prosody, en letvægts-Jabber-/XMPP-server. -Projektet Common Vulnerabilities and Exposures har registeret følgende -problemer:

- -
    - -
  • CVE-2016-1231 - -

    Kim Alvefur opdagede en fejl i Prosodys HTTP-filserveringsmodul, hvilket - medførte at det håndterede forespørgsler uden for den opsatte, offentlige - rodmappe. En fjernangriber kunne udnytte fejlen til at tilgå private filer, - herunder følsomme data. Standardopsætningen aktiverer ikke modulet - mod_http_files module og er dermed ikke sårbar.

    • - -
  • CVE-2016-1232 - -

    Thijs Alkemade opdagede at Prosodys generering af det hemmelige token til - server til server-tilbagekaldsautentifikation, anvendte en svag generator af - tilfældige tal, som ikke var kryptografisk sikker. En fjernangriber kunne - udnytte fejlen til at gætte på sandsynlige værdier for den hemmelige nøgle, - og over for andre servere i netværket, udgive sig for at være det påvirkede - domæne.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 0.8.2-4+deb7u3.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.9.7-2+deb8u2.

- -

Vi anbefaler at du opgraderer dine prosody-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3439.data" diff --git a/danish/security/2016/dsa-3440.wml b/danish/security/2016/dsa-3440.wml deleted file mode 100644 index fa2ea2db8a6..00000000000 --- a/danish/security/2016/dsa-3440.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="8a2c015aadbc69422240ee5040cb6979a50b2a06" mindelta="1" -sikkerhedsopdatering - -

Når sudo er opsat til at tillade, at en bruger redigerer filer i en mappe, -som vedkommende allerede kan skrive til uden sudo, kan vedkommende i -virkeligheden redigere (læse og skrive) vilkårlige kode. Daniel Svartman -rapporterede at en opsætning af den art, kunne opstå utilsigtet hvis redigerbare -filer angives ved hjælp af wildcards, eksempelvis:

- -
operator ALL=(root) sudoedit /home/*/*/test.txt
- -

Sudos standardvirkemåde er ændret, således at den ikke tillader redigering af -en fil i en mappe, som en bruger kan skrive til, eller tilgås ved at følge et -symlink i en mappe, som en bruger kan skrive til. Begrænsningerne kan -deaktiveres, men det frarådes på det kraftigste.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.8.5p2-1+nmu3+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.8.10p3-1+deb8u3.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1.8.15-1.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.8.15-1.1.

- -

Vi anbefaler at du opgraderer dine sudo-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3440.data" diff --git a/danish/security/2016/dsa-3441.wml b/danish/security/2016/dsa-3441.wml deleted file mode 100644 index bf126f23649..00000000000 --- a/danish/security/2016/dsa-3441.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7a3d53ba8812791b64ce731cc21042042d9404c9" mindelta="1" -sikkerhedsopdatering - -

David Golden fra MongoDB opdagede at File::Spec::canonpath() i Perl, -returnerede uforurenede strenge, selv hvis der blev modtaget forurenet (tainted) -inddata. Fejlen underminerer forureningsspredning, hvilket nogle gange anvendes -til at sikre, at uvaliderede brugerinddata ikke når frem til følsom kode.

- -

Den gamle stabile distribution (wheezy) er ikke påvirket af dette problem.

- -

I den stabile distribution (jessie), er dette problem rettet i version -5.20.2-3+deb8u2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3441.data" diff --git a/danish/security/2016/dsa-3442.wml b/danish/security/2016/dsa-3442.wml deleted file mode 100644 index c3748a7061e..00000000000 --- a/danish/security/2016/dsa-3442.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="cda00f16cdd0b495d94c040832f1de66c125bd8c" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ondsindet fremstillede pakker, kunne få enhver -isc-dhcp-applikation til at gå ned. Herunder DHCP-klienten, relay- og -serverapplikationer. Kun IPv4-opsætninger er påvirket.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i version -4.2.2.dfsg.1-5+deb70u8.

- -

I den stabile distribution (jessie), er dette problem rettet i version -4.3.1-6+deb8u2.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), vil -dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine isc-dhcp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3442.data" diff --git a/danish/security/2016/dsa-3443.wml b/danish/security/2016/dsa-3443.wml deleted file mode 100644 index 514926e7592..00000000000 --- a/danish/security/2016/dsa-3443.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="b28d1e46690df07364c50394909f3122ce42eead" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i PNG-biblioteket libpng. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2015-8472 - -

    Man opdagede at den oprindelige rettelse af - \ - CVE-2015-8126 var ufuldstændig og ikke opdagede et potentielt overløb i - applikationer, som anvender png_set_PLTE direkte. En fjernangriber kunne - udnytte fejlen til at forårsage et lammelsesangreb - (applikationsnedbrud).

    • - -
  • CVE-2015-8540 - -

    Xiao Qixue og Chen Yu opdagede en fejl i funktionen png_check_keyword. - En fjernangriber kunne potentielt udnytte fejlen til at forårsage et - lammeslesangreb (applikationsnedbrud).

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.2.49-1+deb7u2.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.2.50-2+deb8u2.

- -

Vi anbefaler at du opgraderer dine libpng-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3443.data" diff --git a/danish/security/2016/dsa-3444.wml b/danish/security/2016/dsa-3444.wml deleted file mode 100644 index e2f06e6c4ee..00000000000 --- a/danish/security/2016/dsa-3444.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="759024e13f5ea49bfbf38f9cb770702c12b4c4b6" mindelta="1" -sikkerhedsopdatering - -

Crtc4L opdagede en sårbarhed i forbindelse med udførelse af skripter på tværs -af websteder i wordpress, et webbloggingværktøj, som tillod at en -fjernautentificeret administrator kunne kompromittere webstedet.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 3.6.1+dfsg-1~deb7u9.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4.1+dfsg-1+deb8u7.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.4.1+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3444.data" diff --git a/danish/security/2016/dsa-3445.wml b/danish/security/2016/dsa-3445.wml deleted file mode 100644 index bc9c2aa3b84..00000000000 --- a/danish/security/2016/dsa-3445.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="c7c3136608828fcd1fc96d31451eaaf3b5dd4ee7" mindelta="1" -sikkerhedsopdatering - -

Javantea opdagede at pygments, en generisk syntaks-highlighter, var sårbar -over for en shellindsprøjtningssårbarhed, som gjorde det muligt for en -fjernangriber at udføre vilkårlig kode via shellmetategn i et -skrifttypenavn.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.5+dfsg-1+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.0.1+dfsg-1.1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 2.0.1+dfsg-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.1+dfsg-2.

- -

Vi anbefaler at du opgraderer dine pygments-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3445.data" diff --git a/danish/security/2016/dsa-3446.wml b/danish/security/2016/dsa-3446.wml deleted file mode 100644 index b322fca6613..00000000000 --- a/danish/security/2016/dsa-3446.wml +++ /dev/null @@ -1,61 +0,0 @@ -#use wml::debian::translation-check translation="02539375cf4e79fedbabd127ef30c14bb4541366" mindelta="1" -sikkerhedsopdatering - -

Qualys Security-holdet opdagede to sårbarheder i roamingkoden i -OpenSSH-klienten (en implementering af SSH-protokolsuiten).

- -

SSH-roaming gør det muligt for en klient, i tilfælde af at SSH-forbindelsen -afbrydes uventet, at genoptage den senere, forudsat at serveren også -understøtter det.

- -

OpenSSH-serveren understøtter ikke roaming, men OpenSSH-klienten understøtter -det (selv om det ikke er dokumenteret) og det er aktiveret som standard.

- -
    - -
  • CVE-2016-0777 - -

    En informationslækage (hukommelseafsløring) kunne udnyttes af en - skrupelløs SSH-server til at narre klienten til at lække følsomme data fra - klienthukommelsen, herunder eksempelvis private nøgler.

    • - -
  • CVE-2016-0778 - -

    Et bufferoverløb (førende til fildeskriptorlækage), kunne også udnyttes - af en skrupelløs SSH-server, men på grund af en anden fejl i koden, er det - muligvis ikke udnytbart, og kun under visse omstændigheder (ikke i - standardopsætningen), når man anvender ProxyCommand, ForwardAgent eller - ForwardX11.

    • - -
- -

Denne sikkerhedsopdatering deaktiverer roamingkoden fuldstændig i -OpenSSH-klienten.

- -

Det er også muligt at deaktivere roaming ved at tilføje valgmuligheden -(udokumenteret) UseRoaming no til den globale fil /etc/ssh/ssh_config, -eller til brugeropsætningen i ~/.ssh/config, eller ved at angive -oUseRoaming=no -på kommandolinjen.

- -

For brugere med private nøgler uden en passphrase, særligt i ikke-interaktive -opsætninger (automatisk job som anvender ssh, scp, rsync+ssh, osv.) anbefales -det at opdatere deres nøgler, hvis de er forbundet til en SSH-server, som de -ikke har tillid til.

- -

Flere oplysninger om identificering af et angreb og hvordan man dæmper -virkningen, vil blive gjort tilgængelige i Qualys Securitys bulletin.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1:6.0p1-4+deb7u3.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:6.7p1-5+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), vil -disse problemer blive rettet i en senere version.

- -

Vi anbefaler at du opgraderer dine openssh-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3446.data" diff --git a/danish/security/2016/dsa-3447.wml b/danish/security/2016/dsa-3447.wml deleted file mode 100644 index 03efd4c3849..00000000000 --- a/danish/security/2016/dsa-3447.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="36c46f52e44713717b89c9766eaf321807733b54" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ondsindede webapplikationer kunne udnytte Expression Language -til at omgå en Security Managers beskyttelser, da udtryk blev evalueret inden -for et afsnit med priviligeret kode.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i version -7.0.28-4+deb7u3. Med denne opdatering følger også rettelser af -CVE-2013-4444, -CVE-2014-0075, -CVE-2014-0099, -CVE-2014-0227 og -CVE-2014-0230, -som allerede er rettet i den stabile distribution (jessie).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 7.0.56-3+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 7.0.61-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.0.61-1.

- -

Vi anbefaler at du opgraderer dine tomcat7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3447.data" diff --git a/danish/security/2016/dsa-3448.wml b/danish/security/2016/dsa-3448.wml deleted file mode 100644 index eaf5ec3bddd..00000000000 --- a/danish/security/2016/dsa-3448.wml +++ /dev/null @@ -1,48 +0,0 @@ -#use wml::debian::translation-check translation="1447a4ecff9945743b65efc24be4b932b6f21a66" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse eller lammelsesangreb (denial of service).

- -
    - -
  • CVE-2013-4312 - -

    Tetsuo Handa opdagede at det var muligt for en proces at åbne langt flere - filer, end processens begrænsning, førende til - lammelsesangrebstilstande.

    • - -
  • CVE-2015-7566 - -

    Ralf Spenneberg fra OpenSource Security rapporterede at visordriveren gik - ned når en særligt fremstillet USB-enhed uden bulk-out-endpoint - opdages.

    • - -
  • CVE-2015-8767 - -

    Et lammelsesangreb i SCTP blev opdaget, hvilket kunne udløses af en lokal - angriber under en heartbeat-timeoutevent, efter - firevejshåndtrykket.

    • - -
  • CVE-2016-0723 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse, blev opdaget - i ioctl'en TIOCGETD. En lokal angriber kunne udnytte fejlen til et - lammelsesangreb.

    • - -
  • CVE-2016-0728 - -

    Perception Point-forskerholdet opdagede en sårbarhed i forbindelse med - anvendelse efter frigivelse i nøgleringsfaciliteten, muligvis førende til - lokal rettighedsforøgelse.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.16.7-ckt20-1+deb8u3.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3448.data" diff --git a/danish/security/2016/dsa-3449.wml b/danish/security/2016/dsa-3449.wml deleted file mode 100644 index 5e82f540647..00000000000 --- a/danish/security/2016/dsa-3449.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="b0aa4eea357692d2fcff9d8a5f37d3d58462ebb6" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at specifikke APL RR-data kunne udløse en i INSIST-fejl i -apl_42.c samt forårsage at BIND DNS-serveren afsluttede, førende til et -lammelsesangreb.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1:9.8.4.dfsg.P1-6+nmu2+deb7u9.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:9.9.5.dfsg-9+deb8u5.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3449.data" diff --git a/danish/security/2016/dsa-3450.wml b/danish/security/2016/dsa-3450.wml deleted file mode 100644 index 89d0879bf10..00000000000 --- a/danish/security/2016/dsa-3450.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="9d1defa1fad13565dea8b60c524b719b6a5ccaa6" mindelta="1" -sikkerhedsopdatering - -

Jann Horn opdagede at setuid-root mount.ecryptfs_private-helper'en i -ecryptfs-utils, var i stand til at mounte enhver målmappe, som brugeren ejer, -herunder en mappe i procfs. En lokal angriber kunne udnytte fejlen til at -forsøge sine rettigheder.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 99-1+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 103-5+deb8u1.

- -

Vi anbefaler at du opgraderer dine ecryptfs-utils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3450.data" diff --git a/danish/security/2016/dsa-3451.wml b/danish/security/2016/dsa-3451.wml deleted file mode 100644 index 12a62bc44cb..00000000000 --- a/danish/security/2016/dsa-3451.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="27563cc517de752c27477c839d503452bd655183" mindelta="1" -sikkerhedsopdatering - -

Jann Horn opdagede en sårbarhed i pakken fuse (Filesystem in Userspace) i -Debian. Pakken fuse leveres med en udev-regel, der tilpasser rettighederne på -de relaterede /dev/cuse-tegnenheder, hvilket gør dem skrivbare for alle.

- -

Dermed har en lokal, upriviligeret angriber mulighed for at oprette en -vilkårligt navngivet tegnenhed i /dev samt ændre på hukommelsen hørende til -enhver proces, som åbner enheden og udfører en ioctl på den.

- -

Herefter giver det en lokal, upriviligeret angriber mulighed for at få -root-rettigheder.

- -

I den gamle stabile distribution (wheezy), er fuse-pakken ikke påvirket.

- -

I den stabile distribution (jessie), er dette problem rettet i version -2.9.3-15+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet i version -2.9.5-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.9.5-1.

- -

Vi anbefaler at du opgraderer dine fuse-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3451.data" diff --git a/danish/security/2016/dsa-3452.wml b/danish/security/2016/dsa-3452.wml deleted file mode 100644 index f41441533be..00000000000 --- a/danish/security/2016/dsa-3452.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="ef57671ec0b2ec4093d7d4998f84bc0f36af187e" mindelta="1" -sikkerhedsopdatering - -

DrWhax fra Tails-projektet, rapporterede at Claws Mail manglede -grænsekontroller i nogle funktioner til tekstkonvertering. En fjernangriber -kunne udnytte dette til at køre vilkårlig kode under kontoen tilhørende den -bruger, som modtager en besked fra vedkommende ved hjælp af Claws Mail.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 3.8.1-2+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.11.1-3+deb8u1.

- -

Vi anbefaler at du opgraderer dine claws-mail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3452.data" diff --git a/danish/security/2016/dsa-3453.wml b/danish/security/2016/dsa-3453.wml deleted file mode 100644 index eff2525ea65..00000000000 --- a/danish/security/2016/dsa-3453.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="45589513b339a57dd2d6fb6badd1271c75598ae5" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MariaDB. Sårbarhederne er løst -ved at opgradere MariaDB til den nye opstrømsversion 10.0.23. Se -udgivelsesbemærkningerne til MariaDB 10.0 for yderligere oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i -version 10.0.23-0+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet i -version 10.0.23-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 10.0.23-1.

- -

Vi anbefaler at du opgraderer dine mariadb-10.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3453.data" diff --git a/danish/security/2016/dsa-3454.wml b/danish/security/2016/dsa-3454.wml deleted file mode 100644 index b9cee81bf59..00000000000 --- a/danish/security/2016/dsa-3454.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="1b0c5b94e9762bf4cd1bcf310defd5bb8b1d5246" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i VirtualBox, en -x86-virtualiseringsløsning.

- -

Opstrømsunderstøttelse af 4.1-udgaverne er ophørt, og da der ikke er -oplysninger tilgængelige, som gør det muligt at tilbageføre isolerede -sikkerhedsrettelser, er det også nødvendigt at lade sikkerhedsunderstøttelsen af -virtualbox i wheezy/oldstable ophøre. Hvis man anvender virtualbox sammen med -eksternt fremskaffede VM'er (eksempelvis gennem vagrant), opfordrer vi til at -man opgraderer til Debian jessie.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.3.36-dfsg-1+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet i -version 5.0.14-dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.0.14-dfsg-1.

- -

Vi anbefaler at du opgraderer dine virtualbox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3454.data" diff --git a/danish/security/2016/dsa-3455.wml b/danish/security/2016/dsa-3455.wml deleted file mode 100644 index db0b0a2e66a..00000000000 --- a/danish/security/2016/dsa-3455.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="a6e0ac6e9ab858d820943bf1d42eb71dc030a6de" mindelta="1" -sikkerhedsopdatering - -

Isaac Boukris opdagede at cURL, et bibliotek til URL-overførsel, genbrugte -NTLM-autentificerede proxyforbindelsen uden på korrekt vis at sikre sig, at -forbindelsen var autentificeret med de samme loginoplysninger, som opsat for -den nye overførsel. Det kunne føre til at HTTP-forespørgsler blev sendt gennem -forbindelsen, autentificeret som en anden bruger.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 7.38.0-4+deb8u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.47.0-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3455.data" diff --git a/danish/security/2016/dsa-3456.wml b/danish/security/2016/dsa-3456.wml deleted file mode 100644 index d571cbe5a87..00000000000 --- a/danish/security/2016/dsa-3456.wml +++ /dev/null @@ -1,70 +0,0 @@ -#use wml::debian::translation-check translation="c023f74f6464ab8955183abb7af5113829b3590a" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2015-6792 - -

    Et problem blev fundet i håndteringen af MIDI-filer.

    • - -
  • CVE-2016-1612 - -

    cloudfuzzer opdagede en logisk fejl i forbindelse med - modtagerfunktionaliteten i v8-javascriptbiblioteket.

    • - -
  • CVE-2016-1613 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - pdfium-biblioteket.

    • - -
  • CVE-2016-1614 - -

    Christoph Diehl opdagede en informationslækage i Webkit/Blink.

    • - -
  • CVE-2016-1615 - -

    Ron Masas opdagede en måde at forfalske URL'er på.

    • - -
  • CVE-2016-1616 - -

    Luan Herrera opdagede en måde at forfalske URL'er på.

    • - -
  • CVE-2016-1617 - -

    jenuis opdagede en måde at finde ud af hvorvidt et HSTS-websted havde - været besøgt.

    • - -
  • CVE-2016-1618 - -

    Aaron Toponce opdagede anvendelse af en svag generator af tilfælde - tal.

    • - -
  • CVE-2016-1619 - -

    Keve Nagy opdagede et problem med læsning uden for grænserne i - pdfium-bibliotket.

    • - -
  • CVE-2016-1620 - -

    Udviklingsholdet bag chrome 48 fandt og rettede forskellige problemer - under intern gennemgang. Desuden blev adskillige problemer rettet i - v8-javascriptbiblioteket, version 4.7.271.17.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i version -48.0.2564.82-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -48.0.2564.82-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3456.data" diff --git a/danish/security/2016/dsa-3457.wml b/danish/security/2016/dsa-3457.wml deleted file mode 100644 index 0db03f610c0..00000000000 --- a/danish/security/2016/dsa-3457.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="17c52aa414aabd74bdda33c4dd3a39e02e62c09b" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Adskillige hukommelsessikkerhedsfejl og et -bufferoverløb kunne føre til udførelse af vilkårlig kode. Desuden løser det -medfølgende NSS-cryptobibliotek SLOTH-angrebet på TLS 1.2.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 38.6.0esr-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 38.6.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 44.0-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3457.data" diff --git a/danish/security/2016/dsa-3458.wml b/danish/security/2016/dsa-3458.wml deleted file mode 100644 index b9b7f98c092..00000000000 --- a/danish/security/2016/dsa-3458.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="5ec52109a110215c48040983833d7d3a3087c124" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udbrud fra Java-sandkassen, informationsafsløring, -lammelsesangreb (denial of service) og usikker krypografi.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 7u95-2.6.4-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7u95-2.6.4-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7u95-2.6.4-1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3458.data" diff --git a/danish/security/2016/dsa-3459.wml b/danish/security/2016/dsa-3459.wml deleted file mode 100644 index faeec933a01..00000000000 --- a/danish/security/2016/dsa-3459.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="ae604bbb3256911a44a546f06cb40076f002fb3f" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion 5.5.47. Se -udgivelsesbemærkningerne til MySQL 5.5 og Oracles Critical Patch Update-bulletin -for flere oplysninger:

- - - -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 5.5.47-0+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.5.47-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3459.data" diff --git a/danish/security/2016/dsa-3460.wml b/danish/security/2016/dsa-3460.wml deleted file mode 100644 index db052cad1ab..00000000000 --- a/danish/security/2016/dsa-3460.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="f9632d5f19d9f06697816f036cd2ce1ac8696f2d" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at privoxy, en webproxy med avancerede filtreringsmuligheder, -indeholdt ugyldige læsninger, som kunne gøre det muligt for en fjernangriber at -få applikationen til at gå ned, dermed forårsagende et lammelsesangreb (denial -of service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 3.0.19-2+deb7u3.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.0.21-7+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -disse problemer rettet i version 3.0.24-1.

- -

Vi anbefaler at du opgraderer dine privoxy-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3460.data" diff --git a/danish/security/2016/dsa-3461.wml b/danish/security/2016/dsa-3461.wml deleted file mode 100644 index d33153b1240..00000000000 --- a/danish/security/2016/dsa-3461.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="c0ef80d0f106e2f9c7377aadc204157e0d073e6e" mindelta="1" -sikkerhedsopdatering - -

Mateusz Jurczyk opdagede adskillige sårbarheder i Freetype. Åbning af -misdannede skrifttyper kunne medføre lammelsesangreb (denial of service) eller -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.4.9-1.1+deb7u3.

- -

Vi anbefaler at du opgraderer dine freetype-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3461.data" diff --git a/danish/security/2016/dsa-3462.wml b/danish/security/2016/dsa-3462.wml deleted file mode 100644 index 1847bae7454..00000000000 --- a/danish/security/2016/dsa-3462.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="79ab8099eb3a5fb0150d0b6045405270f421fab3" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev rettet i radicale, en CardDAV-/CalDAV-server.

- -
    - -
  • CVE-2015-8747 - -

    Flerfilsystem-storage-backend'en (der ikke er opsat som standard og ikke - er tilgængelig i Wheezy), tillod læsnings- og skrivningsadgang til - vilkårlige filer (dog underlagt DAC-rettighederne tildelt den bruger, som - radicale-serveren kører som).

    • - -
  • CVE-2015-8748 - -

    Hvis en angriber var i stand til at autentificere sit med et brugernavn - så som .*, kunne vedkommende omgå læse-/skrivebegrænsninger pålagt af - regex-baserede regler, herunder de indbyggede regler owner_write - (alle kan læse, kalenderejen kan skrive) og owner_only (kun - kalenderejen kan læse og skrive).

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 0.7-1.1+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -0.9-1+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet i version -1.1.1-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.1.1-1.

- -

Vi anbefaler at du opgraderer dine radicale-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3462.data" diff --git a/danish/security/2016/dsa-3463.wml b/danish/security/2016/dsa-3463.wml deleted file mode 100644 index 55b853f45b8..00000000000 --- a/danish/security/2016/dsa-3463.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="972acdaf76c3a447652637f0ef34b100b9c9be7f" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at usikker håndtering af dialback-nøgler kunne tillade en -ondsindet XMPP-server at udgive sig for at være en anden server.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 0.8.2-4+deb7u4.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.9.7-2+deb8u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.9.10-1.

- -

Vi anbefaler at du opgraderer dine prosody-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3463.data" diff --git a/danish/security/2016/dsa-3464.wml b/danish/security/2016/dsa-3464.wml deleted file mode 100644 index 6ac4bbb6785..00000000000 --- a/danish/security/2016/dsa-3464.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="1c0435747eeb278d81c64ad161fd29f96a9b2a07" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i frameworket til -webapplikationsudvikling Ruby on Rails, hvilket kunne medføre lammelsesangreb -(denial of service), udførelse af skripter på tværs af websteder, -informationsafsløring eller omgåelse af inddatavalidering.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2:4.1.8-1+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2:4.2.5.1-1.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3464.data" diff --git a/danish/security/2016/dsa-3465.wml b/danish/security/2016/dsa-3465.wml deleted file mode 100644 index bf93e41061b..00000000000 --- a/danish/security/2016/dsa-3465.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="56fde873c9045075c90bc431d0a93e692628a11d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udbrud fra Java-sandkassen, informationsafsløring, -lammelsesangreb (denial of service) og usikker kryptografi.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 6b38-1.13.10-1~deb7u1.

- -

Vi anbefaler at du opgraderer dine openjdk-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3465.data" diff --git a/danish/security/2016/dsa-3466.wml b/danish/security/2016/dsa-3466.wml deleted file mode 100644 index aed878b5dc2..00000000000 --- a/danish/security/2016/dsa-3466.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="02512d5701e81e9f4e09d74c4db05ab61cc4524e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i krb5, MIT's implementering af Kerberos. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2015-8629 - -

    Man opdagede at en autentificeret angriber kunne få kadmind til at læse - ud over slutningen af allokeret hukommelse, ved at sende en streng uden en - afsluttende nulbyte. Informationslækage kan være mulig for en angriber med - rettigheder til at ændre databasen.

    • - -
  • CVE-2015-8630 - -

    Man opdagede at en autentificeret angriber med rettigheder til at ændre - en principal-post, kunne udvirke at kadmind derefererede en nullpointer ved - at levere en nullpolicyværdi, men indeholdende KADM5_POLICY i - masken.

    • - -
  • CVE-2015-8631 - -

    Man opdagede at en autentificeret angriber kunne få kadmind til at lække - hukommelse, ved at levere et null-principalnavn i en forespørgsel, som - anvender en sådan. Gentagelse af disse forespørgsler vil med tiden føre til - at kadmind har opbrugt al tilgængelig hukommelse.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 1.10.1+dfsg-5+deb7u7. Den gamle stabile distribution (wheezy) er ikke -påvirket af \ -CVE-2015-8630.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -1.12.1+dfsg-19+deb8u2.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3466.data" diff --git a/danish/security/2016/dsa-3467.wml b/danish/security/2016/dsa-3467.wml deleted file mode 100644 index 12a437ce44a..00000000000 --- a/danish/security/2016/dsa-3467.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="058d0191724c9d365cc2cf625bdc89068dd00df5" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i tiff, et Tag Image File Format-bibliotek. -Adskillige fejl i forbindelse med læsning og skrivning uden for grænserne, kunne -medføre at en applikation, der anvender tiff-biblioteket, gik ned.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 4.0.2-6+deb7u5.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.0.3-12.3+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 4.0.6-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.0.6-1.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3467.data" diff --git a/danish/security/2016/dsa-3468.wml b/danish/security/2016/dsa-3468.wml deleted file mode 100644 index ca5cec34f17..00000000000 --- a/danish/security/2016/dsa-3468.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="ea1b5f78116f0980e0fbfd85e51a532a204906ad" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at polarssl, et bibliotek som stiller understøtelse af SSL og -TLS til rådighed, indeholdt to heapbaserede bufferoverløb, der kunne gøre det -muligt for en fjernangriber at udløse et lammelsesangreb (gennem -applikationsnedbrud) eller udføre vilkårlig kode.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.2.9-1~deb7u6.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.3.9-2.1+deb8u1.

- -

Vi anbefaler at du opgraderer dine polarssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3468.data" diff --git a/danish/security/2016/dsa-3469.wml b/danish/security/2016/dsa-3469.wml deleted file mode 100644 index 90fe0989fe0..00000000000 --- a/danish/security/2016/dsa-3469.wml +++ /dev/null @@ -1,86 +0,0 @@ -#use wml::debian::translation-check translation="2743a44c0f1b97187da9c4526b294bff5388a491" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu, en komplet virtualiseringsløsning på -x86-hardware.

- -
    - -
  • CVE-2015-7295 - -

    Jason Wang fra Red Hat Inc. opdagede at understøttelsen af Virtual - Network Device var sårbar over for lammelsesangreb (gennem - ressourceudmattelse), hvilket kunne opstå ved modtagelse af store - pakker.

    • - -
  • CVE-2015-7504 - -

    Qinghao Tang fra Qihoo 360 Inc. og Ling Liu fra Qihoo 360 Inc. opdagede - at ethernetcontrolleren PC-Net II var sårbar over for et heapbaseret - bufferoverløb, som kunne medføre lammelsesangreb (gennem - applikationsnedbrud) eller udførelse af vilkårlig kode.

    • - -
  • CVE-2015-7512 - -

    Ling Liu fra Qihoo 360 Inc. og Jason Wang fra Red Hat Inc. opdagede at - ethernetcontrolleren PC-Net II var sårbar over for et bufferoverløb, der - kunne medføre lammelsesangreb (gennem applikationsnedbrud) eller udførelse - af vilkårlig kode.

    • - -
  • CVE-2015-8345 - -

    Qinghao Tang fra Qihoo 360 Inc. opdagede at eepro100-emulatoren - indeholdt en fejl, der kunne føre til en uendelig løkke, når Command Blocks - blev behandlet, med tiden førende til lammelsesangreb (gennem - applikationsnedbrud).

    • - -
  • CVE-2015-8504 - -

    Lian Yihan fra Qihoo 360 Inc. opdagede at understøttelsen af - VNC-grafikdriveren var sårbar over for en aritmetisk exceptionfejl, som - kunne føre til lammelsesangreb (gennem applikationsnedbrud).

    • - -
  • CVE-2015-8558 - -

    Qinghao Tang fra Qihoo 360 Inc. opdagede at emuleringsunderstøttelsen af - USB EHCI indeholdt en fejl, der kunne føre til en uendelig løkke under - kommunikation mellem værtscontrolleren og en enhedsdriver. Det kunne føre - til lammelsesangreb (gennem ressourceudmattelse).

    • - -
  • CVE-2015-8743 - -

    Ling Liu fra Qihoo 360 Inc. opdagede at NE2000-emulatoren var sårbar over - for et problem med læsning/skrivning uden for grænserne, potentielt førende - til informationslækage eller hukommelseskorruption.

    • - -
  • CVE-2016-1568 - -

    Qinghao Tang fra Qihoo 360 Inc. opdagede at emuleringsunderstøttelsen af - IDE AHCI var sårbar over for et problem med anvendelse efter frigivelse, - hvilket kunne føre til lammelsesangreb (gennem applikationsnedbrud) eller - udførelse af vilkårlig kode.

    • - -
  • CVE-2016-1714 - -

    Donghai Zhu fra Alibaba opdagede at emuleringsunderstøttelsen af Firmware - Configuration var sårbar over for et problem med læsning/skrivning uden for - grænserne, der kunne føre til lammelsesangreb (gennem applikationsnedbrud) - eller udførelse af vilkårlig kode.

    • - -
  • CVE-2016-1922 - -

    Ling Liu fra Qihoo 360 Inc. opdagede at understøttelsen af 32 - bits-Windows-gæster, var sårbar over for et problem med en - nullpointerdereference, som kunne føre til et lammelsesangreb (gennem - applikationsnedbrud).

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.1.2+dfsg-6a+deb7u12.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3469.data" diff --git a/danish/security/2016/dsa-3470.wml b/danish/security/2016/dsa-3470.wml deleted file mode 100644 index aabd6eb5b7b..00000000000 --- a/danish/security/2016/dsa-3470.wml +++ /dev/null @@ -1,86 +0,0 @@ -#use wml::debian::translation-check translation="b1e5724df7aa0b70c873c3e9d11795ca29caf016" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu-kvm, en komplet virtualiseringsløsning -på x86-hardware.

- -
    - -
  • CVE-2015-7295 - -

    Jason Wang fra Red Hat Inc. opdagede at understøttelsen af Virtual - Network Device var sårbar over for lammelsesangreb (gennem - ressourceudmattelse), hvilket kunne opstå ved modtagelse af store - pakker.

    • - -
  • CVE-2015-7504 - -

    Qinghao Tang fra Qihoo 360 Inc. og Ling Liu fra Qihoo 360 Inc. opdagede - at ethernetcontrolleren PC-Net II var sårbar over for et heapbaseret - bufferoverløb, som kunne medføre lammelsesangreb (gennem - applikationsnedbrud) eller udførelse af vilkårlig kode.

    • - -
  • CVE-2015-7512 - -

    Ling Liu fra Qihoo 360 Inc. og Jason Wang fra Red Hat Inc. opdagede at - ethernetcontrolleren PC-Net II var sårbar over for et bufferoverløb, der - kunne medføre lammelsesangreb (gennem applikationsnedbrud) eller udførelse - af vilkårlig kode.

    • - -
  • CVE-2015-8345 - -

    Qinghao Tang fra Qihoo 360 Inc. opdagede at eepro100-emulatoren - indeholdt en fejl, der kunne føre til en uendelig løkke, når Command Blocks - blev behandlet, med tiden førende til lammelsesangreb (gennem - applikationsnedbrud).

    • - -
  • CVE-2015-8504 - -

    Lian Yihan fra Qihoo 360 Inc. opdagede at understøttelsen af - VNC-grafikdriveren var sårbar over for en aritmetisk exceptionfejl, som - kunne føre til lammelsesangreb (gennem applikationsnedbrud).

    • - -
  • CVE-2015-8558 - -

    Qinghao Tang fra Qihoo 360 Inc. opdagede at emuleringsunderstøttelsen af - USB EHCI indeholdt en fejl, der kunne føre til en uendelig løkke under - kommunikation mellem værtscontrolleren og en enhedsdriver. Det kunne føre - til lammelsesangreb (gennem ressourceudmattelse).

    • - -
  • CVE-2015-8743 - -

    Ling Liu fra Qihoo 360 Inc. opdagede at NE2000-emulatoren var sårbar over - for et problem med læsning/skrivning uden for grænserne, potentielt førende - til informationslækage eller hukommelseskorruption.

    • - -
  • CVE-2016-1568 - -

    Qinghao Tang fra Qihoo 360 Inc. opdagede at emuleringsunderstøttelsen af - IDE AHCI var sårbar over for et problem med anvendelse efter frigivelse, - hvilket kunne føre til lammelsesangreb (gennem applikationsnedbrud) eller - udførelse af vilkårlig kode.

    • - -
  • CVE-2016-1714 - -

    Donghai Zhu fra Alibaba opdagede at emuleringsunderstøttelsen af Firmware - Configuration var sårbar over for et problem med læsning/skrivning uden for - grænserne, der kunne føre til lammelsesangreb (gennem applikationsnedbrud) - eller udførelse af vilkårlig kode.

    • - -
  • CVE-2016-1922 - -

    Ling Liu fra Qihoo 360 Inc. opdagede at understøttelsen af 32 - bits-Windows-gæster, var sårbar over for et problem med en - nullpointerdereference, som kunne føre til et lammelsesangreb (gennem - applikationsnedbrud).

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.1.2+dfsg-6+deb7u12.

- -

Vi anbefaler at du opgraderer dine qemu-kvm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3470.data" diff --git a/danish/security/2016/dsa-3471.wml b/danish/security/2016/dsa-3471.wml deleted file mode 100644 index a5f2fe84650..00000000000 --- a/danish/security/2016/dsa-3471.wml +++ /dev/null @@ -1,140 +0,0 @@ -#use wml::debian::translation-check translation="f9ceb693d2b2307652b909871bf81ef7d713e8ee" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu, en komplet virtualiseringsløsning på -x86-hardware.

- -
    - -
  • CVE-2015-7295 - -

    Jason Wang fra Red Hat Inc. opdagede at understøttelsen af Virtual - Network Device var sårbar over for lammelsesangreb (gennem - ressourceudmattelse), hvilket kunne opstå ved modtagelse af store - pakker.

    • - -
  • CVE-2015-7504 - -

    Qinghao Tang fra Qihoo 360 Inc. og Ling Liu fra Qihoo 360 Inc. opdagede - at ethernetcontrolleren PC-Net II var sårbar over for et heapbaseret - bufferoverløb, som kunne medføre lammelsesangreb (gennem - applikationsnedbrud) eller udførelse af vilkårlig kode.

    • - -
  • CVE-2015-7512 - -

    Ling Liu fra Qihoo 360 Inc. og Jason Wang fra Red Hat Inc. opdagede at - ethernetcontrolleren PC-Net II var sårbar over for et bufferoverløb, der - kunne medføre lammelsesangreb (gennem applikationsnedbrud) eller udførelse - af vilkårlig kode.

    • - -
  • CVE-2015-7549 - -

    Qinghao Tang fra Qihoo 360 Inc. og Ling Liu fra Qihoo 360 Inc. opdagede - at PCI MSI-X-emulatoren var sårbar over for et problem med en - nullpointerdereference, der kunne føre til lammelsesangreb (gennem - applikationsnedbrud).

    • - -
  • CVE-2015-8345 - -

    Qinghao Tang fra Qihoo 360 Inc. opdagede at eepro100-emulatoren - indeholdt en fejl, der kunne føre til en uendelig løkke, når Command Blocks - blev behandlet, med tiden førende til lammelsesangreb (gennem - applikationsnedbrud).

    • - -
  • CVE-2015-8504 - -

    Lian Yihan fra Qihoo 360 Inc. opdagede at understøttelsen af - VNC-grafikdriveren var sårbar over for en aritmetisk exceptionfejl, som - kunne føre til lammelsesangreb (gennem applikationsnedbrud).

    • - -
  • CVE-2015-8550 - -

    Felix Wilhelm fra ERNW Research opdagede at PV-backenddriverne var - sårbare over for en dobbelt hent-sårbarhed, muligvis medførende udførelse af - vilkårlig kode.

    • - -
  • CVE-2015-8558 - -

    Qinghao Tang fra Qihoo 360 Inc. opdagede at emuleringsunderstøttelsen af - USB EHCI indeholdt en fejl, der kunne føre til en uendelig løkke under - kommunikation mellem værtscontrolleren og en enhedsdriver. Det kunne føre - til lammelsesangreb (gennem ressourceudmattelse).

    • - -
  • CVE-2015-8743 - -

    Ling Liu fra Qihoo 360 Inc. opdagede at NE2000-emulatoren var sårbar over - for et problem med læsning/skrivning uden for grænserne, potentielt førende - til informationslækage eller hukommelseskorruption.

    • - -
  • CVE-2015-8567 - CVE-2015-8568 - -

    Qinghao Tang fra Qihoo 360 Inc. opdagede at vmxnet3-enhedsemulatoren - kunne anvendes til bevidst at lække værtshukommelse, dermed medførende - lammelsesangreb.

    • - -
  • CVE-2015-8613 - -

    Qinghao Tang fra Qihoo 360 Inc. opdagede at emuleringsunderstøttelsen af - SCSI MegaRAID SAS HBA var sårbar over for et problem med et stakbaseret - bufferoverløb, der kunne føre til lammelsesangreb (gennem - applikationsnedbrud).

    • - -
  • CVE-2015-8619 - -

    Ling Liu fra Qihoo 360 Inc. opdagede at understøttelsen af Human Monitor - Interface var sårbar over for et problem med læseadgang uden for grænserne, - hvilket kunne føre til lammelsesangreb (gennem applikationsnedbrud).

    • - -
  • CVE-2015-8743 - -

    Ling Liu fra Qihoo 360 Inc. opdagede at NE2000-emulatoren var sårbar over - for et problem med læsning/skrivning uden for grænserne, potentielt førende - til informationslækage eller hukommelsekorruption.

    • - -
  • CVE-2015-8744 - -

    vmxnet3-driveren behandlede på ukorrekt vis små pakker, hvilket kune - medføre lammelsesangreb (gennem applikationsnedbrud).

    • - -
  • CVE-2015-8745 - -

    vmxnet3-driveren behandlede på ukorrekt vis Interrupt Mask Registers, - hvilket kunne medføre lammelsesangreb (gennem applikationsnedbrud).

    • - -
  • CVE-2016-1568 - -

    Qinghao Tang fra Qihoo 360 Inc. opdagede at emuleringsunderstøttelsen af - IDE AHCI var sårbar over for et problem med anvendelse efter frigivelse, - hvilket kunne føre til lammelsesangreb (gennem applikationsnedbrud) eller - udførelse af vilkårlig kode.

    • - -
  • CVE-2016-1714 - -

    Donghai Zhu fra Alibaba opdagede at emuleringsunderstøttelsen af Firmware - Configuration var sårbar over for et problem med læsning/skrivning uden for - grænserne, der kunne føre til lammelsesangreb (gennem applikationsnedbrud) - eller udførelse af vilkårlig kode.

    • - -
  • CVE-2016-1922 - -

    Ling Liu fra Qihoo 360 Inc. opdagede at understøttelsen af 32 - bits-Windows-gæster, var sårbar over for et problem med en - nullpointerdereference, som kunne føre til et lammelsesangreb (gennem - applikationsnedbrud).

    • - -
  • CVE-2016-1981 - -

    e1000-driver var sårbar over for et problem med en uendelig løkke, der - kunne føre til lammelsesangreb (gennem applikationsnedbrud).

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:2.1+dfsg-12+deb8u5a.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3471.data" diff --git a/danish/security/2016/dsa-3472.wml b/danish/security/2016/dsa-3472.wml deleted file mode 100644 index 67f6b004286..00000000000 --- a/danish/security/2016/dsa-3472.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="1ee93ddac3379986a8c30e6e6d3de5f3516f50dc" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i wordpress, et værktøj til webblogging. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2016-2221 - -

    Shailesh Suthar opdagede en sårbarhed i forbindelse med åben - omdirigering.

    • - -
  • CVE-2016-2222 - -

    Ronni Skansing opdagede en sårbarhed i forbindelse med forfalskning af - serversideforespørgsler (SSRF).

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 3.6.1+dfsg-1~deb7u10.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.1+dfsg-1+deb8u8.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.4.2+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3472.data" diff --git a/danish/security/2016/dsa-3473.wml b/danish/security/2016/dsa-3473.wml deleted file mode 100644 index dffe6d43075..00000000000 --- a/danish/security/2016/dsa-3473.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="e852018a40ded8ebb2b54e2b55fd6a74825f8e20" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i nginx' resolver, en lille, ydedygtig, -skalerbar web-/proxyserver, førende til lammelsesangreb (denial of service) -eller potentielt udførelse af vilkårlig kode. De påvirker kun nginx hvis -resolver-direktivet anvendes i opsætningsfilen.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.2.1-2.2+wheezy4.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.6.2-5+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet i -version 1.9.10-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.10-1.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3473.data" diff --git a/danish/security/2016/dsa-3474.wml b/danish/security/2016/dsa-3474.wml deleted file mode 100644 index a74f2b468b6..00000000000 --- a/danish/security/2016/dsa-3474.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="342083a00186569cf711a1d520c363f9f7e2c731" mindelta="1" -sikkerhedsopdatering - -

Daniel Genkin, Lev Pachmanov, Itamar Pipman og Eran Tromer opdagede at de -hemmelige ECDH-dekrypteringsnøgler i applikationer, som anvender biblioteket -libgcrypt20, kunne lækkes via et sidekanalsangreb.

- -

Se \ -https://www.cs.tau.ac.IL/~tromer/ecdh/ for flere oplysninger.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.6.3-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.6.5-2.

- -

Vi anbefaler at du opgraderer dine libgcrypt20-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3474.data" diff --git a/danish/security/2016/dsa-3475.wml b/danish/security/2016/dsa-3475.wml deleted file mode 100644 index 76be3143e16..00000000000 --- a/danish/security/2016/dsa-3475.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="3e67409a50b9ffc6fe3acb5788cb6a645751a76c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i PostgreSQL-9.1, et SQL-databasesystem.

- -
    - -
  • CVE-2015-5288 - -

    Josh Kupershmidt opdagede en sårbarhed i funktionen crypt() i udvidelsen - pgCrypto. Visse ugyldige salt-parametre kunne medføre at serveren gik ned - eller afsløring af nogle få bytes fra serverhukommelsen.

    • - -
  • CVE-2016-0766 - -

    Der blev opdaget en rettighedsforøgelsessårbarhed for brugere af PL/Java. - Visse skræddersyede opsætningsindstillinger (GUC'er) af PL/Java, kan nu kan - ændres af en databasesuperbruger, for at begrænse omfanget af dette - problem.

    • - -
  • CVE-2016-0773 - -

    Tom Lane og Greg Stark opdagede en fejl i den måde, PostgreSQL behandlede - særligt fremstillede regulære udtryk. Meget store tegnspænd i - parentesudtryk, kunne medføre uendelige løkker eller - hukommelsesoverskrivelser. En fjernangriber kunne udnytte fejlen til at - forårsage et lammelsesangreb (denial of service) eller potentielt udføre - vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 9.1.20-0+deb7u1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3475.data" diff --git a/danish/security/2016/dsa-3476.wml b/danish/security/2016/dsa-3476.wml deleted file mode 100644 index a26699e9ce6..00000000000 --- a/danish/security/2016/dsa-3476.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="df4055b0de2a3835317c60c676a6cc62271f3e49" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i PostgreSQL-9.4, et SQL-databasesystem.

- -
    - -
  • CVE-2016-0766 - -

    Der blev opdaget en rettighedsforøgelsessårbarhed for brugere af PL/Java. - Visse skræddersyede opsætningsindstillinger (GUC'er) af PL/Java, kan nu kan - ændres af en databasesuperbruger, for at begrænse omfanget af dette - problem.

    • - -
  • CVE-2016-0773 - -

    Tom Lane og Greg Stark opdagede en fejl i den måde, PostgreSQL behandlede - særligt fremstillede regulære udtryk. Meget store tegnspænd i - parentesudtryk, kunne medføre uendelige løkker eller - hukommelsesoverskrivelser. En fjernangriber kunne udnytte fejlen til at - forårsage et lammelsesangreb (denial of service) eller potentielt udføre - vilkårlig kode.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 9.4.6-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3476.data" diff --git a/danish/security/2016/dsa-3477.wml b/danish/security/2016/dsa-3477.wml deleted file mode 100644 index d9319b4381e..00000000000 --- a/danish/security/2016/dsa-3477.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="525e48e6334c05c93a5606827b8789221f822b10" mindelta="1" -sikkerhedsopdatering - -

Holger Fuhrmannek opdagede at manglende fornuftighedskontrol af inddata, i -fontrenderingmotoren Graphite, kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 38.6.1esr-1~deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 38.6.1esr-1~deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 44.0-1.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3477.data" diff --git a/danish/security/2016/dsa-3478.wml b/danish/security/2016/dsa-3478.wml deleted file mode 100644 index be951082df1..00000000000 --- a/danish/security/2016/dsa-3478.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="32856a5cedf68bfa3ec7267e14e4b416863fb8b1" mindelta="1" -sikkerhedsopdatering - -

Daniel Genkin, Lev Pachmanov, Itamar Pipman og Eran Tromer opdagede at de -hemmelige ECDH-dekrypteringsnøgler i applikationer, som anvender biblioteket -libgcrypt11, kunne lækkes via et sidekanalsangreb.

- -

Se \ -https://www.cs.tau.ac.IL/~tromer/ecdh/ for flere oplysninger.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.5.0-5+deb7u4.

- -

Vi anbefaler at du opgraderer dine libgcrypt11-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3478.data" diff --git a/danish/security/2016/dsa-3479.wml b/danish/security/2016/dsa-3479.wml deleted file mode 100644 index deca01e9f97..00000000000 --- a/danish/security/2016/dsa-3479.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="664e1dd7ef2aaf1617395bb411185922d7b096d8" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i fontrenderingmotoren Graphite, hvilke -kunne medføre lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode, hvis en misdannet fontfil blev behandlet.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 1.3.5-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -1.3.5-1~deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet i version -1.3.5-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.3.5-1.

- -

Vi anbefaler at du opgraderer dine graphite2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3479.data" diff --git a/danish/security/2016/dsa-3480.wml b/danish/security/2016/dsa-3480.wml deleted file mode 100644 index 1a4c2d0485e..00000000000 --- a/danish/security/2016/dsa-3480.wml +++ /dev/null @@ -1,106 +0,0 @@ -#use wml::debian::translation-check translation="618b8b6e1c6183af91f6da884e6ed7f0f1cd7bfb" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er rettet i GNU C Library, eglibc.

- -

Sårbarheden \ -CVE-2015-7547, anført herunder, anses for at være kritisk.

- -
    - -
  • CVE-2014-8121 - -

    Robin Hack opdagede at nss_files-databasen ikke på korrekt vis - implementerede enumerering interleavet med navnebaserede eller - ID-baserede opslag. Det kunne medføre at enumereringen gik i en uendelig - løkke, førende til et lammelsesangreb (denial of service).

    • - -
  • CVE-2015-1781 - -

    Arjun Shankar opdagede at _r-varienterne af funktionerne til - værtsnavneopløsning (så som gethostbyname_r), ved udførelse af - DNS-navneopløsning, var ramt af et bufferoverløb hvis en fejljusteret - buffer blev leveret af applikationerne, førende til et nedbrud eller - potentielt udførelse af vilkårlig kode. De fleste applikationer er ikke - påvirket af sårbarheden, fordi de anvender justerede buffere.

    • - -
  • CVE-2015-7547 - -

    Google Security Team og Red Hat opdagede at funktionen til - værtsnavnresolving i eglibc, getaddrinfo, ved behandling af - AF_UNSPEC-forespørgsler (til dobbelte A-/AAAA-opslag), kunne fejlhåndtere - sine interne buffere, førende til et stakbaseret bufferoverløb og udførelse - af vilkårlig kode. Sårbarheden påvirker de fleste applikationer, som - udfører værtsnavneoplysning ved hjælp af getaddrinfo, herunder - systemtjenester.

    • - -
  • CVE-2015-8776 - -

    Adam Nielsen opdagede at, hvis en ugyldigt separeret tidsværdi blev - overført til strftime, kunne strftime-funktionen gå ned eller lække - oplysninger. Applikationer overfører normalt kun gyldige tidsoplysninger - til strftime; der er ikke kendskab til påvirkede applikationer.

    • - -
  • CVE-2015-8777 - -

    Hector Marco-Gisbert rapporterede at LD_POINTER_GUARD ikke blev ignoreret - hvad angår SUID-programmer, hvilket muliggjorde utilsigtet omgåelse af en - sikkerhedsfunktion. Opdateringen medfører at eglibc altid ignorerer - miljøvariablen LD_POINTER_GUARD.

    • - -
  • CVE-2015-8778 - -

    Szabolcs Nagy rapporterede at de sjældent anvendte funktioner hcreate og - hcreate_r, ikke kontrollerede størrelsesparameteret på korrekt vis, førende - til et nedbrud (lammelsesangreb) ved visse parametre. Der er i øjeblikket - ikke kendskab til påvirkede applikationer.

    • - -
  • CVE-2015-8779 - -

    Funktionen catopen indeholdt flere ikke-bundne stakallokeringer - (stakoverløb), forårsagende at processen gik ned (lammelsesangreb). Der er - i øjeblikket kunne kendskab til påvirkede applikationer hvad angår - sikkerhed.

    • - -
- -

Følgende rettede sårbarheder mangler pt. CVE-tildeling:

- -
    - -

  • Joseph Myers rapporterede at et heltalsoverløb i strxfrm kunne føre - til heapbaseret bufferoverløb, muligvis gørende det muligt at udføre - vilkårlig kode. Desuden anvender en fallback-sti i strxfrm en - ikke-bundet stakallokering (stakoverløb), førende til et nedbrud eller - applikationer der opfører sig forkert.

    • - -

  • Kostya Serebryany rapporterede at funktionen fnmatch kunne springe - over det afsluttende NUL-tegn i et misdannet mønster, medførende at en - applikation, der kalder fnmatch, gik ned (lammelsesangreb).

    • - -

  • Joseph Myers rapporterede at funktionen IO_wstr_overflow, som - anvendes internt af bredt orienterede tegnstrømme, var ramt af et - heltalsoverløb, førende til et heapbaseret bufferoverløb. På - GNU/Linux-systemer anvendes bredt orienterede tegnstrømme sjældent, og der - er ikke kendskab til påvirkede applikationer.

    • - -

  • Andreas Schwab rapporterede om en hukommelseslækage - (hukommelsesallokering uden en tilhørende afallokering), mens der behandles - visse DNS-svar i getaddrinfo, relateret til funktionen - _nss_dns_gethostbyname4_r. Sårbarheden kunne føre til et - lammelsesangreb.

    • - -
- -

Om end det kun er nødvendigt at sikre sig, at alle processer ikke længere -anvender det gamle eglibc, anbefales det at genstarte maskinen efter at have -installeret sikkerhedsopdateringen.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 2.13-38+deb7u10.

- -

Vi anbefaler at du opgraderer dine eglibc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3480.data" diff --git a/danish/security/2016/dsa-3481.wml b/danish/security/2016/dsa-3481.wml deleted file mode 100644 index 4c583711792..00000000000 --- a/danish/security/2016/dsa-3481.wml +++ /dev/null @@ -1,57 +0,0 @@ -#use wml::debian::translation-check translation="618b8b6e1c6183af91f6da884e6ed7f0f1cd7bfb" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er rettet i GNU C Library, glibc.

- -

Den første sårbarhed herunder anses for at være kritisk.

- -
    - -
  • CVE-2015-7547 - -

    Google Security Team og Red Hat opdagede at funktionen til - værtsnavnresolving i eglibc, getaddrinfo, ved behandling af - AF_UNSPEC-forespørgsler (til dobbelte A-/AAAA-opslag), kunne fejlhåndtere - sine interne buffere, førende til et stakbaseret bufferoverløb og udførelse - af vilkårlig kode. Sårbarheden påvirker de fleste applikationer, som - udfører værtsnavneoplysning ved hjælp af getaddrinfo, herunder - systemtjenester.

    • - -
  • CVE-2015-8776 - -

    Adam Nielsen opdagede at, hvis en ugyldigt separeret tidsværdi blev - overført til strftime, kunne strftime-funktionen gå ned eller lække - oplysninger. Applikationer overfører normalt kun gyldige tidsoplysninger - til strftime; der er ikke kendskab til påvirkede applikationer.

    • - -
  • CVE-2015-8778 - -

    Szabolcs Nagy rapporterede at de sjældent anvendte funktioner hcreate og - hcreate_r, ikke kontrollerede størrelsesparameteret på korrekt vis, førende - til et nedbrud (lammelsesangreb) ved visse parametre. Der er i øjeblikket - ikke kendskab til påvirkede applikationer.

    • - -
  • CVE-2015-8779 - -

    Funktionen catopen indeholdt flere ikke-bundne stakallokeringer - (stakoverløb), forårsagende at processen gik ned (lammelsesangreb). Der er - i øjeblikket kunne kendskab til påvirkede applikationer hvad angår - sikkerhed.

    • - -
- -

Om end det kun er nødvendigt at sikre sig, at alle processer ikke længere -anvender det gamle eglibc, anbefales det at genstarte maskinen efter at have -installeret sikkerhedsopdateringen.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -2.19-18+deb8u3.

- -

I den ustabile distribution (sid), vil disse problemer blive rettet i -version 2.21-8.

- -

Vi anbefaler at du opgraderer dine glibc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3481.data" diff --git a/danish/security/2016/dsa-3482.wml b/danish/security/2016/dsa-3482.wml deleted file mode 100644 index fd2d97528d8..00000000000 --- a/danish/security/2016/dsa-3482.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="cbf9797c91bcd2ceb92ac99be7f6c9d657e1503d" mindelta="1" -sikkerhedsopdatering - -

En anonym bidragyder, som arbejder hos VeriSign iDefense Labs, opdagede at -libreoffice, en komplet kontorpakke, ikke på korrekt vis håndterede Lotus -WordPro-filer. Dermed var det muligt for en angriber at få programmet til at gå -ned, eller udføre vilkårlig kode, ved at levere en særligt fremstillet -LWP-fil.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 1:3.5.4+dfsg2-0+deb7u6.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -1:4.3.3-2+deb8u3.

- -

I distributionen testing (stretch) og i den ustabile distributions (sid), er -disse problemer rettet i version 1:5.0.5~rc1-1.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3482.data" diff --git a/danish/security/2016/dsa-3483.wml b/danish/security/2016/dsa-3483.wml deleted file mode 100644 index f5938fa8166..00000000000 --- a/danish/security/2016/dsa-3483.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="90700f64172c1693729db9edbe77d49fa4d0854e" mindelta="1" -sikkerhedsopdatering - -

Gustavo Grieco opdagede en sårbarhed i forbindelse med skrivning uden for -grænserne i cpio, et værktøj til oprettelse og udpakning af cpio-arkivfiler, -førende til et lammelsesangreb (applikationsnedbrud).

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i -version 2.11+dfsg-0.1+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i version -2.11+dfsg-4.1+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -2.11+dfsg-5.

- -

Vi anbefaler at du opgraderer dine cpio-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3483.data" diff --git a/danish/security/2016/dsa-3484.wml b/danish/security/2016/dsa-3484.wml deleted file mode 100644 index a47bd48907d..00000000000 --- a/danish/security/2016/dsa-3484.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="fc3a952c5e3724d94148d2a6999a97f6c48498ff" mindelta="1" -sikkerhedsopdatering - -

Stepan Golosunov opdagede at xdelta3, et diff-værktøj der arbejder med binære -filer, var påvirket af en bufferoverløbssårbarhed i funktionen -main_get_appheader, hvilket kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 3.0.0.dfsg-1+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.0.8-dfsg-1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet i -version 3.0.8-dfsg-1.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.0.8-dfsg-1.1.

- -

Vi anbefaler at du opgraderer dine xdelta3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3484.data" diff --git a/danish/security/2016/dsa-3485.wml b/danish/security/2016/dsa-3485.wml deleted file mode 100644 index afa91bd3fa8..00000000000 --- a/danish/security/2016/dsa-3485.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b49183bc5f071847b27ee5b360df9157639576a7" mindelta="1" -sikkerhedsopdatering - -

Alexander Izmailov opdagede at didiwiki, et wikiimplementering, ikke -validerede brugerleverede inddata på korrekt vis, dermed gørende det muligt for -en ondsindet bruger, at tilgå et hvilket som helst sted på filsystemet.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i version -0.5-11+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i version -0.5-11+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distributions (sid), er -dette problem rettet i version 0.5-12.

- -

Vi anbefaler at du opgraderer dine didiwiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3485.data" diff --git a/danish/security/2016/dsa-3486.wml b/danish/security/2016/dsa-3486.wml deleted file mode 100644 index 830bfc06447..00000000000 --- a/danish/security/2016/dsa-3486.wml +++ /dev/null @@ -1,59 +0,0 @@ -#use wml::debian::translation-check translation="0299c506c0289411f96e0e07d20fe6774b0fd179" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2016-1622 - -

    Man opdagede at en ondsindet fabrikeret udvidelse kunne omgå Same Origin - Policy.

    • - -
  • CVE-2016-1623 - -

    Mariusz Mlynski opdagede en måde at omgå Same Origin Policy.

    • - -
  • CVE-2016-1624 - -

    lukezli opdagede et bufferoverløbsproblem i Brotli-biblioteket.

    • - -
  • CVE-2016-1625 - -

    Jann Horn opdagede en måde at få funktionen Chrome Instant til at - navigere hen til utilsigtede destinationer.

    • - -
  • CVE-2016-1626 - -

    Et problem med læsning uden for grænserne blev opdaget i - openjpeg-biblioteket.

    • - -
  • CVE-2016-1627 - -

    Man opdagede at Developer Tools ikke validerede URL'er.

    • - -
  • CVE-2016-1628 - -

    En problem med læsning uden for grænserne blev opdaget i - pdfium-biblioteket.

    • - -
  • CVE-2016-1629 - -

    En måde at omgå Same Origin Policy blev opdaget i Blink/WebKit, sammen - med en måde at slippe ud af chromiums sandkasse på.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i version -48.0.2564.116-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -48.0.2564.116-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3486.data" diff --git a/danish/security/2016/dsa-3487.wml b/danish/security/2016/dsa-3487.wml deleted file mode 100644 index 1500515e694..00000000000 --- a/danish/security/2016/dsa-3487.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="bba7ed9d6b0f1d96ba874f6ed9cfe7cfab23df97" mindelta="1" -sikkerhedsopdatering - -

Andreas Schneider rapporterede at libssh2, et SSH2-klientsidebibliotek, -overfører antallet af bytes til en funktion, som forventer antallet af bits, -under SSHv2-handshake når libssh2 skal have en passende værdi for group -order i Diffie-Hellman-forhandlingen. Det svækker i betydelig grad -handshakesikkerheden, og gør det potentielt muligt at smuglytte, hvis man har -tilstrækkelige ressourcer til at dekryptere eller opsnappe SSH-sessioner.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.4.2-1.1+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.4.3-4.1+deb8u1.

- -

Vi anbefaler at du opgraderer dine libssh2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3487.data" diff --git a/danish/security/2016/dsa-3488.wml b/danish/security/2016/dsa-3488.wml deleted file mode 100644 index 9d58f1548ce..00000000000 --- a/danish/security/2016/dsa-3488.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="f98bba41554c15cbbf09fbbf27879642c2425344" mindelta="1" -sikkerhedsopdatering - -

Aris Adamantiadis opdagede at libssh, et lille C-SSH-bibliotek, på ukorrekt -vis genererede en kort, flygtig hemmelig til nøgleudvekslingsmetoderne -diffie-hellman-group1 og diffie-hellman-group14. Den pågældende hemmelighed er -128 bit lang, i stedet for de anbefalede størrelser på 1024 hhv. 2048 bit. -Fejl kunne gøre det muligt at smuglytte, hvis man har tilstrækkeligt med -ressourcer til at dekryptere eller opsnappe SSH-sessioner.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i version -0.5.4-1+deb7u3. Opdateringen indeholder også rettelser af -CVE-2014-8132 og -CVE-2015-3146, -som oprindelig var planlagt til medtagelse i den næste punktopdatering af wheezy.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.6.3-4+deb8u2.

- -

Vi anbefaler at du opgraderer dine libssh-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3488.data" diff --git a/danish/security/2016/dsa-3489.wml b/danish/security/2016/dsa-3489.wml deleted file mode 100644 index 14fd13a4f46..00000000000 --- a/danish/security/2016/dsa-3489.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="4651234a5900c49bd4d0a45780872e1c05162526" mindelta="1" -sikkerhedsopdatering - -

lighttpd, en lille webserver, var sårbar over for et POODLE-angreb gennem -anvendelsen af SSLv3. Protokollen er nu som standard slået fra.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.4.31-4+deb7u4.

- -

Vi anbefaler at du opgraderer dine lighttpd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3489.data" diff --git a/danish/security/2016/dsa-3490.wml b/danish/security/2016/dsa-3490.wml deleted file mode 100644 index 7afb89dc40a..00000000000 --- a/danish/security/2016/dsa-3490.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="d013d10cd6397b31bbadc8043916c2df646d1032" mindelta="1" -sikkerhedsopdatering - -

Jakub Palaczynski opdagede at websvn, en webfremviser til Subversion-arkiver, -ikke på korrekt vis fornuftighedskontrollede brugerleverede inddata, hvilket -gjorde det muligt for en fjernbruger, at foretage reflekterede angreb med -udførelse af skripter på tværs af websteder.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.3.3-1.1+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.3.3-1.2+deb8u1.

- -

Vi anbefaler at du opgraderer dine websvn-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3490.data" diff --git a/danish/security/2016/dsa-3491.wml b/danish/security/2016/dsa-3491.wml deleted file mode 100644 index dfafb333f7f..00000000000 --- a/danish/security/2016/dsa-3491.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="ca8b4054f19acae369643f0948db2088ea4a0b27" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af -mailklienten Mozilla Thunderbird: Adskillige hukommelsessikkerhedsfejl, -heltalsoverløb, bufferoverløb og andre implementeringsfejl kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 38.6.0-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 38.6.0-1~deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 38.6.0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 38.6.0-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3491.data" diff --git a/danish/security/2016/dsa-3492.wml b/danish/security/2016/dsa-3492.wml deleted file mode 100644 index c76d14dd830..00000000000 --- a/danish/security/2016/dsa-3492.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="8d473bdc0f77e032f600aed6d2b5edacaae839c3" mindelta="1" -sikkerhedsopdatering - -

wheezy-delen af den foregående opdatering af gajim, DSA-3492-1, blev opbygget -forkert, hvilket medførte en afhængighed, der ikke kunne opfyldes. Denne -opdatering løser det problem. Til reference følger er den oprindelige tekst -herunder.

- -

Daniel Gultsch opdaged en sårbarhed i Gajim, en XMPP-/jabber-klient. Gajim -kontrollerede ikke rosteropdateringers ophav, hvilket gjorde det muligt for en -angriber at forfalske dem og potentielt give vedkommende mulighed for at -opsnappe meddelelser.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 0.15.1-4.1+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.16-1+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet -i version 0.16.5-0.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.16.5-0.1.

- -

Vi anbefaler at du opgraderer dine gajim-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3492.data" diff --git a/danish/security/2016/dsa-3493.wml b/danish/security/2016/dsa-3493.wml deleted file mode 100644 index 16792f61ba9..00000000000 --- a/danish/security/2016/dsa-3493.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="6b2c12b0005ce2e18afc3dbbc31c9a2ed23d62dc" mindelta="1" -sikkerhedsopdatering - -

Gustavo Grieco opdagede at xerces-c, et validerings-XML-fortolkningsbibliotek -til C++, fejlbehandlede visse former for misdannede inddatadokumenter, -medførende bufferoverløb under behandlingen samt fejlrapportering. Fejlene -kunne føre til et lammelsesangreb (denial of service) i applikationer, der -anvender biblioteket xerces-c, eller potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 3.1.1-3+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.1.1-5.1+deb8u1.

- -

Vi anbefaler at du opgraderer dine xerces-c-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3493.data" diff --git a/danish/security/2016/dsa-3494.wml b/danish/security/2016/dsa-3494.wml deleted file mode 100644 index e47c28b8b70..00000000000 --- a/danish/security/2016/dsa-3494.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="a0b76c814f917aa66bd36d8aea8060b91b901dfb" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder i forbindelse med SQL-indsprøjtning, blev fundet i cacti, en -webgrænseflade til graftegning af overvågningssystemer. Særligt fremstillede -inddata kunne anvendes af en angriber i parametrene til skriptet graphs_new.php, -til at udføre vilkårlige SQL-kommandoer i databasen.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 0.8.8a+dfsg-5+deb7u8.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.8.8b+dfsg-8+deb8u4.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 0.8.8f+ds1-4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.8.8f+ds1-4.

- -

Vi anbefaler at du opgraderer dine cacti-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3494.data" diff --git a/danish/security/2016/dsa-3495.wml b/danish/security/2016/dsa-3495.wml deleted file mode 100644 index ac5cfb92600..00000000000 --- a/danish/security/2016/dsa-3495.wml +++ /dev/null @@ -1,50 +0,0 @@ -#use wml::debian::translation-check translation="296d547750e38fe12aa28b66e34436be05d07f2a" mindelta="1" -sikkerhedsopdatering - -

Markus Krell opdagede at xymon, et system til overvågning af netværk og -applikationer, var sårbart over for følgende sikkerhedsproblemer:

- -
    - -
  • CVE-2016-2054 - -

    Ukorrekt håndtering af brugerleverede inddata til kommandoen - config, kunne udløse et stakbaseret bufferoverløb, medførende - lammelsesangreb (gennem applikationsnedbrud) eller fjernudførelse af - kode.

    • - -
  • CVE-2016-2055 - -

    Ukorrekt håndtering af brugerleverede inddata til kommandoen - config, kunne føre til en informationslækage, ved at levere - følsomme opsætningsfiler til en fjernbruger.

    • - -
  • CVE-2016-2056 - -

    Kommandoerne, der håndterer adgangskoder, validerede ikke på korrekt vis - brugerleverede inddata, og var dermed sårbare over for en fjernbrugeres - indsprøjtning af shell-kommandoer.

    • - -
  • CVE-2016-2057 - -

    Ukorrekte rettigheder på et internt køsystem, gjorde det muligt for en - bruger med en lokal konto på xymon-masterserveren, at omgå alle - netværksbaserede kontrollister, og dermed sprøjte meddelelser direkte ind i - xymon.

    • - -
  • CVE-2016-2058 - -

    Ukorrekt escaping af brugerleverede inddata i statuswebsider, kunne - anvendes til at udløse reflekterede angreb i forbindelse med udførelse af - skripter på tværs af websteder.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.3.17-6+deb8u1.

- -

Vi anbefaler at du opgraderer dine xymon-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3495.data" diff --git a/danish/security/2016/dsa-3496.wml b/danish/security/2016/dsa-3496.wml deleted file mode 100644 index 3e3437627d1..00000000000 --- a/danish/security/2016/dsa-3496.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="f8fdbcfb28de60811affec0aee1ff00ac493ee72" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at php-horde-core, et sæt klasser som indeholder -kernefunktionaliteten i Horde Application Framework, var sårbare over for en -sårbarhed i forbindelse med udførelse af skripter på tværs af websteder.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.15.0+debian0-1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 2.22.4+debian0-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.22.4+debian0-1.

- -

Vi anbefaler at du opgraderer dine php-horde-core-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3496.data" diff --git a/danish/security/2016/dsa-3497.wml b/danish/security/2016/dsa-3497.wml deleted file mode 100644 index e0c034a5475..00000000000 --- a/danish/security/2016/dsa-3497.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b49d77c0ae76286842883251cc3742cc0612dfef" mindelta="1" -sikkerhedsopdatering - -

Man opdagede php-horde, et fleksibelt, modulært, generelt anvendeligt -webapplikationsframework skrevet i PHP, var sårbart over for en sårbarhed i -forbindelse med udførelse af skripter på tværs af websteder.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.2.1+debian0-2+deb8u3.

- -

I distributionen testing (stretch), er dette problem rettet -i version 5.2.9+debian0-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.2.9+debian0-1.

- -

Vi anbefaler at du opgraderer dine php-horde-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3497.data" diff --git a/danish/security/2016/dsa-3498.wml b/danish/security/2016/dsa-3498.wml deleted file mode 100644 index 6047f99ccc8..00000000000 --- a/danish/security/2016/dsa-3498.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="d32708a9640d360a0689a4e036846b103161c2fa" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsårbarheder er fundet i indholdshåndteringssystemet -Drupal. For yderligere oplysninger, se opstrømsbulletinen på -

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 7.14-2+deb7u12.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 7.32-1+deb8u6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.43-1.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3498.data" diff --git a/danish/security/2016/dsa-3499.wml b/danish/security/2016/dsa-3499.wml deleted file mode 100644 index 117bf3dc883..00000000000 --- a/danish/security/2016/dsa-3499.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="7e58a90c995e3fb9afc7bc9b674a7a0da87a4bd1" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder er fundet i Pillow, et -Python-billedbibliotek, hvilke kunne medføre lammelsesangreb (denial of service) -eller udførelse af vilkårlig kode, hvis misdannede FLI-, PCD- eller Tiff-filer -blev behandlet.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.1.7-4+deb7u2 af kildekodepakken python-imaging.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.6.1-2+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet -i version 3.1.1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.1.1-1.

- -

Vi anbefaler at du opgraderer dine pillow-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3499.data" diff --git a/danish/security/2016/dsa-3500.wml b/danish/security/2016/dsa-3500.wml deleted file mode 100644 index 58510bddd6c..00000000000 --- a/danish/security/2016/dsa-3500.wml +++ /dev/null @@ -1,78 +0,0 @@ -#use wml::debian::translation-check translation="04fb23e401d47c5cddcf4efecbd1d1e4b983adea" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i OpenSSL, et Secure Socket -Layer-værktøjssæt.

- -
    - -
  • CVE-2016-0702 - -

    Yuval Yarom fra University of Adelaide og NICTA, Daniel Genkin fra - Technion og Tel Aviv University, samt Nadia Heninger fra University of - Pennsylvania opdagede et sidekanalsangreb, der gør brug af - cachebankkonflikter på mikroarkitekturen Intel Sandy-Bridge. Dermed kunne - lokale angribere få adgang til private RSA-nøgler.

    • - -
  • CVE-2016-0705 - -

    Adam Langley fra Google opdagede en dobbelt frigivelse-fejl ved - behandling af misdannede private DSA-nøgler. Dermed kunne fjernangribere - forårsage et lammelsesangreb (denial of service) eller hukommelseskorruption - i applikationer, som fortolker private DSA-nøgler, modtaget fra kilder, der - ikke er tillid til.

    • - -
  • CVE-2016-0797 - -

    Guido Vranken opdagede et heltalsoverløb i funktionerne BN_hex2bn og - BN_dec2bn, hvilket kunne føre til en NULL-pointerdereference og - heapkorruption. Dermed kunne fjernangribere forårsage et lammelsesangreb - eller hukommelseskorruption i applikationer, som behandler hex- eller - dec-data modtaget fra kilder, der ikke er tillid til.

    • - -
  • CVE-2016-0798 - -

    Emilia Käsper fra OpenSSL-udviklingsholdet, opdagede en - hukommelseslæaage i koden til opslag i SRP-databasen. For at imødegå - hukommelseslækagen, er seed-håndteringen i SRP_VBASE_get_by_user nu - deaktiveret, selv om brugeren har opsat en seed. Applikationer bør - migreres til funktionen SRP_VBASE_get1_by_user.

    • - -
  • CVE-2016-0799, - CVE-2016-2842 - -

    Guido Vranken opdagede et heltalsoverløb i funktionerne BIO_*printf, - hvilke kunne føre til en OOB-læsning, når meget store strenge blev - udskrevet. Desuden kunne den interne funktion doapr_outch forsøge at - skrive til en vilkårlig hukommelsesplacering, i tilfælde af en - hukommelsesallokeringsfejl. Disse problemer optræder kun på platforme, - hvor sizeof(size_t) > sizeof(int), dvs. mange 64 bit-systemer. Dermed - kunne fjernangribere forårsage et lammelsesangreb eller - hukommelseskorruption i applikationer, som overfører store mængder data, - der ikke er tillid til, il funktionerne BIO_*printf.

    • - -
- -

Desuden er cipherne EXPORT og LOW blev deaktiveret, da de kunne anvendes som -en del af DROWN- -(CVE-2016-0800) -og SLOTH- -(CVE-2015-7575) -angrebene, men bemærk at den gamle stabile distribution (wheezy) og den stabile -distribution (jessie), ikke er påvirket af disse angreb, da SSLv2-protokollen -allerede er droppet i openssl-pakkens version 1.0.0c-2.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 1.0.1e-2+deb7u20.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -1.0.1k-3+deb8u4.

- -

I den ustabile distribution (sid), vil disse problemer blive rettet om kort -tid.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3500.data" diff --git a/danish/security/2016/dsa-3501.wml b/danish/security/2016/dsa-3501.wml deleted file mode 100644 index 356013214a7..00000000000 --- a/danish/security/2016/dsa-3501.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="93edfcc64d609953398b3c5d4655e763f621eb68" mindelta="1" -sikkerhedsopdatering - -

Stephane Chazelas opdagede en fejl i miljøhåndteringen i Perl. Perl stiller -i Perl-rummet hashvariablen %ENV til rådighed, for at kunne slå miljøvariabler -op. Hvis en variabel optræder to gange i envp, vises kun den sidste værdi i -%ENV, mens getenv returnerer den første. Perls taint-sikkerhedsmekanisme -udføres på værdien i %ENV, men ikke til anden del af miljøet. Det kunne medføre -et tvetydigt miljø, som forårsagede at miljøvariabler blev sendt videre til -underprocesser, på trods af beskyttelserne, der burde stilles til rådighed af -taint-kontrollen.

- -

Med denne opdatering ændres Perls virkemåde til det følgende:

- -
    -
  1. %ENV udfyldes med den første miljøvariabel, den samme som getenv - returnerer.
    2. -
  2. Gentagne forekomster i miljøet fjernes.
    3. -
- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 5.14.2-21+deb7u3.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.20.2-3+deb8u4.

- -

I den ustabile distribution (sid), vil dette problem blive løst i -version 5.22.1-8.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3501.data" diff --git a/danish/security/2016/dsa-3502.wml b/danish/security/2016/dsa-3502.wml deleted file mode 100644 index 148125a4985..00000000000 --- a/danish/security/2016/dsa-3502.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="a6c798962f43746a4767ae766f78699525541612" mindelta="1" -sikkerhedsopdatering - -

Ralf Schlatterbeck opdagede en informationslækage i roundup, et webbaseret -problemhåndteringssystem. En autentificeret angriber kunne anvende det til at -se følsomme oplysninger om nogle brugere, herunder deres hashede -adgangskode.

- -

Efter at have taget denne opdatering i brug, hvilket retter de medfølgende -skabeloner, skal webstedsadministratoren sikre sig, at instansversioner (normalt -i /var/lib/roundup) også opdateres, enten ved at patche dem manuelt eller ved at -gendanne dem.

- -

Flere oplysninger finder man i opstrømsdokumentationen på -\ -http://www.roundup-tracker.org/docs/upgrading.html#user-data-visibility

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.4.20-1.1+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.4.20-1.1+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem endnu ikke rettet.

- -

Vi anbefaler at du opgraderer dine roundup-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3502.data" diff --git a/danish/security/2016/dsa-3503.wml b/danish/security/2016/dsa-3503.wml deleted file mode 100644 index dd8ab334f03..00000000000 --- a/danish/security/2016/dsa-3503.wml +++ /dev/null @@ -1,151 +0,0 @@ -#use wml::debian::translation-check translation="f64182a1f336ea69c7c3d3d6530a348aeeaf2ff0" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Linux-kerne, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service), informationslækage -eller datatab.

- -
    - -
  • CVE-2013-4312, - CVE-2016-2847 - -

    Tetsuo Handa opdagede at brugere kunne anvende pipes i kø på lokale - (Unix-)sockets til at allokere en urimelig andel af kernehukommelsen, - førende til lammelsesangreb (ressourceudmattelse).

    - -

    Problemet blev tidligere løst i den stabile distribution ved at begrænse - det totale antal af filer, hver bruger kan sætte i kø på lokale sockets. - Den nye kernelversion i begge distributioner, løser det samt begrænser den - totale størrelse på pipebuffere allokeret til hver brug.

    • - -
  • CVE-2015-7566 - -

    Ralf Spenneberg fra OpenSource Security rapporterede at visordriveren gik - ned, når en særligt fremstillet USB-enhed uden bulk-out-endpoint blev - fundet.

    • - -
  • CVE-2015-8767 - -

    Et lammelsesangreb via SCTP blev opdaget, hvilket kunne udløses af en - lokal angriber under et heartbeattimeoutevent, efter det firesidede - håndtryk.

    • - -
  • CVE-2015-8785 - -

    Man opdagede at lokale brugere med rettigheder til at skrive til en fil - på et FUSE-filsystem, kunne forårsage et lammelsesangreb (udødelig løkke i - kernen).

    • - -
  • CVE-2015-8812 - -

    En fejl blev fundet i iw_cxgb3-Infiniband-driveren. I alle situationer - hvor den ikke kunne sende en pakke på grund af trafikprop i netværket, - frigav den pakkebufferen, men forsøgte senere at sende pakke igen. Denne - anvendelse efter frigivelse kunne medføre et lammelsesangreb (nedbrud eller - hængende proces), datatab eller rettighedsforøgelse.

    • - -
  • CVE-2015-8816 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse, blev opdaget - i USB-hubdriveren. Det kunne måske anvendes af en bruger, der er fysisk til - stede, til at forøge sine rettigheder.

    • - -
  • CVE-2015-8830 - -

    Ben Hawkes fra Googles Project Zero rapporterede at AIO-grænsefladen - tillod læsning eller skrivning af 2 GiB data eller mere i en enkelt chunk, - hvilket kunne føre til et heltalsoverløb når udført på visse filsystemer, - socket eller enhedstyper. Hvor stor sikkerhedspåvirkningen er, har man - ikke vurderet.

    • - -
  • CVE-2016-0723 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse, blev opdaget - i ioctl'en TIOCGETD. En lokal angriber kunne udnytte fejlen til et - lammelsesangreb.

    • - -
  • CVE-2016-0774 - -

    Man opdagede at rettelsen af - CVE-2015-1805 - i kernelversioner ældre end Linux 3.16, ikke på korrekt vis håndterede - situationer med en delvist fejlet atomisk læsning. En lokal, upriviligeret - bruger kunne udnytte fejlen til at få system til at gå ned eller lække - kernehukommelse til brugerrummet.

    • - -
  • CVE-2016-2069 - -

    Andy Lutomirski opdagede en kapløbstilstand i tømningen af TLB, når der - skiftes opgave på et x86-system. På et SMP-system kunne det muligvis føre - til et nedbrud, informationslækage eller rettighedsforøgelse.

    • - -
  • CVE-2016-2384 - -

    Andrey Konovalov opdagede at en fabrikeret USB MIDI-enhed med en ugyldig - USB-descriptor kunne udløse en dobbelt frigivelse. Det kunne anvendes af en - fysisk tilstedeværende bruger til rettighedsforøgelse.

    • - -
  • CVE-2016-2543 - -

    Dmitry Vyukov opdagede at den grundlæggede lydsekvenseringsdriver - (snd-seq) manglede en nødvendig kontrol af en nullpointer, hvilket gjorde - det muligt for en bruger med adgang til en lydsekvenseringsenhed, at - forårsage et lammelsesanreb (nedbrud).

    • - -
  • CVE-2016-2544, - CVE-2016-2546, - CVE-2016-2547, - CVE-2016-2548 - -

    Dmitry Vyukov opdagede forskellige kapløbstilstande i lydundersystemets - (ALSAs) timerhåndtering. En bruger med adgang til lydenheder kunne muligvis - få rettighedsforøgelse.

    • - -
  • CVE-2016-2545 - -

    Dmitry Vyukov fandt en fejl i listemanipuleringen i lydundersystemets (ALSAs) - timerhåndtering. En bruger med adgang til lydenheder, kunne udnytte det til at - forårsage et lammelsesangreb (nedbrud eller hængende proces) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2016-2549 - -

    Dmitry Vyukov fandt en potentiel deadlock i lydundersystemets (ALSAs) - anvendelse af højtopløselige timere. En bruger med adgang til lydenheder, - kunne udnytte det til at forårsage et lammelsesangreb (hængende - proces).

    • - -
  • CVE-2016-2550 - -

    Den oprindelige løsning af - CVE-2013-4312, - der begrænsede det totale antal filer, en bruger kan sætte i kø på lokale - sockets, var fejlbehæftet. En bruger med adgang til en lokal socket åbnet - af en anden bruger, eksempelvis gennem systemds mekanisme til aktivering af - sockets, kunne benytte den anden brugers kvote, som igen kunne føre til et - lammelsesangreb (ressourceudmattelse). Det er rettet ved at optælle filer i - kø i senderen, frem for i socketåbneren.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 3.2.73-2+deb7u3. Den gamle stabile distribution (wheezy) er ikke -påvirket af -CVE-2015-8830.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -3.16.7-ckt20-1+deb8u4. -CVE-2013-4312, -CVE-2015-7566, -CVE-2015-8767 og -CVE-2016-0723 -blev rettet allerede i DSA-3448-1. -CVE-2016-0774 -påvirker ikke den stabile distribution.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3503.data" diff --git a/danish/security/2016/dsa-3504.wml b/danish/security/2016/dsa-3504.wml deleted file mode 100644 index 1293e65a694..00000000000 --- a/danish/security/2016/dsa-3504.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="fd6b7b964981744877466d8ef7f149ccfa113d51" mindelta="1" -sikkerhedsopdatering - -

Alvaro Muñoz og Christian Schneider opdagede at BeanShell, en indlejret -fortolker af Java-kildekode, kunne bringes til at udføre vilkårlige kommandoer: -applikationer som medtager BeanShell i deres classpath, var sårbare over for -denne fejl, hvis de deserialiserer data fra en kilde, der ikke er tillid -til.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i version -2.0b4-12+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i version -2.0b4-15+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 2.0b4-16.

- -

Vi anbefaler at du opgraderer dine bsh-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3504.data" diff --git a/danish/security/2016/dsa-3505.wml b/danish/security/2016/dsa-3505.wml deleted file mode 100644 index fa0c5ceb66d..00000000000 --- a/danish/security/2016/dsa-3505.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="885b50d6d6d40534eb1234ed6e64f7aaad414171" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i dissektorer/fortolkere af Pcapng, NBAP, -UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP, 802.11, DIAMETER, -VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee ZCL og Sniffer, hvilke kunne -medføre lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 1.8.2-5wheezy17.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -1.12.1+g01b65bf-4+deb8u4.

- -

I distributionen testing (stretch), er disse problemer rettet i version -2.0.2+ga16e22e-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2.0.2+ga16e22e-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3505.data" diff --git a/danish/security/2016/dsa-3506.wml b/danish/security/2016/dsa-3506.wml deleted file mode 100644 index 13d46614c26..00000000000 --- a/danish/security/2016/dsa-3506.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="3671a465529a0eb98b77629430e2113d2dde4ca9" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er rettet i adskillige demuxere og dekodere i -multimediebiblioteket libav.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 6:0.8.17-2.

- -

I den stabile distribution (jessie), libav er opdateret til 6:11.6-1~deb8u1, -der indeholder yderligere fejlrettelser beskrevet i opstrøms changelog: -\ -https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.6

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3506.data" diff --git a/danish/security/2016/dsa-3507.wml b/danish/security/2016/dsa-3507.wml deleted file mode 100644 index 78ea42cb1a6..00000000000 --- a/danish/security/2016/dsa-3507.wml +++ /dev/null @@ -1,91 +0,0 @@ -#use wml::debian::translation-check translation="4b3495d62b701d15107c0e05e54ae1dda2ffc4e3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2015-8126 - -

    Joerg Bornemann opdagede flere bufferoverløbsproblemer i biblioteket - libpng.

    • - -
  • CVE-2016-1630 - -

    Mariusz Mlynski opdagede en måde at omgå Same Origin Policy på i - Blink/Webkit.

    • - -
  • CVE-2016-1631 - -

    Mariusz Mlynski opdagede en måde at omgå Same Origin Policy i API'et til - Pepper Plugin.

    • - -
  • CVE-2016-1632 - -

    En forkert cast blev opdaget.

    • - -
  • CVE-2016-1633 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - Blink/Webkit.

    • - -
  • CVE-2016-1634 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - Blink/Webkit.

    • - -
  • CVE-2016-1635 - -

    Rob Wu opdagede et problem med anvendelse efter frigivelse - Blink/Webkit.

    • - -
  • CVE-2016-1636 - -

    En måde at omgå SubResource Integrity-validering på blev - opdaget.

    • - -
  • CVE-2016-1637 - -

    Keve Nagy opdagede en informationslækage i biblioteket skia.

    • - -
  • CVE-2016-1638 - -

    Rob Wu opdagede et problem med omgåelse af WebAPI.

    • - -
  • CVE-2016-1639 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - implementeringen af WebRTC.

    • - -
  • CVE-2016-1640 - -

    Luan Herrera opdagede et problem med brugergrænsefladen til - Extensions.

    • - -
  • CVE-2016-1641 - -

    Atte Kettunen opdagede et problem med anvendelse efter frigivelse i - håndteringen af favoritikoner.

    • - -
  • CVE-2016-1642 - -

    Udviklingsholdet bag chrome 49 fandt og rettede forskellige problemer - under intern gennemgang. Desuden blev adskillige problemer rettet i - javascriptbibioteket v8, version 4.9.385.26.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i version -49.0.2623.75-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -49.0.2623.75-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3507.data" diff --git a/danish/security/2016/dsa-3508.wml b/danish/security/2016/dsa-3508.wml deleted file mode 100644 index 12c193da8c2..00000000000 --- a/danish/security/2016/dsa-3508.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="7719c5bf7dbd89f6fdc4a43d8c26b7fc197b35ba" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i JasPer, et bibliotek til manipulering af -JPEG-2000-filer. Projektet Common Vulnerabilities and Exposures har -identificeret følgende problemer:

- -
    - -
  • CVE-2016-1577 - -

    Jacob Baines opdagede en dobbelt frigivelse-fejl i funktionen - jas_iccattrval_destroy. En fjernangriber kunne udnytte fejlen til at - forårsage at en applikation, der anvender biblioteket JasPer, gik ned, - eller potentielt udføre vilkårlig kode med rettighederne hørende til den - bruger, som kører applikationen.

    • - -
  • CVE-2016-2089 - -

    Qihoo 360 Codesafe Team opdagede en NULL-pointerdereferencefejl i - funktionen jas_matrix_clip. En fjernangriber kunne udnytte fejlen til at - forårsage at en appplikation, der anvender biblioteket JasPer, gik ned, - medførende et lammelsesangreb (denial of service).

    • - -
  • CVE-2016-2116 - -

    Tyler Hicks opdagede en hukommelseslækagefejl i funktionen - jas_iccprof_createfrombuf. En fjernangriber kunne udnytte fejlen til at - forårsage at biblioteket JasPer forbruger hukommelse, medførende et - lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.900.1-13+deb7u4.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.900.1-debian1-2.4+deb8u1.

- -

Vi anbefaler at du opgraderer dine jasper-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3508.data" diff --git a/danish/security/2016/dsa-3509.wml b/danish/security/2016/dsa-3509.wml deleted file mode 100644 index 4d012659d77..00000000000 --- a/danish/security/2016/dsa-3509.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="d1193bb3940b73f2efc7ea479df6f7857bae6792" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i Rails, et webapplikationsframework skrevet i -Ruby. Begge sårbarheder påvirker Action Pack, som håndterer webforespørgsler i -Rails.

- -
    - -
  • CVE-2016-2097 - -

    Fabrikerede forespørgsler til Action View, en komponent i Action Pack, - kunne medføre rendering af filer fra vilkårlige placeringer, herunder filer - uden for applikationens view-mappe. Sårbarheden skyldes en ufuldstændig - rettelse af \ - CVE-2016-0752. Fejl blev fundet af Jyoti Singh og Tobias Kraze fra - Makandra.

    • - -
  • CVE-2016-2098 - -

    Hvis en webapplikation ikke på korrekt vis fornuftighedskontrollerer - inddata fra brugeren, kunne en angriber kontrollere parametrene til - render-metoden i en controller eller view, hvilket kunne give mulighed for - udførelse af vilkårlig ruby-kode. Fejlen blevet fundet af Tobias Kraze fra - Makandra og joernchen fra Phenoelit.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2:4.1.8-1+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 2:4.2.5.2-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2:4.2.5.2-1.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3509.data" diff --git a/danish/security/2016/dsa-3510.wml b/danish/security/2016/dsa-3510.wml deleted file mode 100644 index 95082753159..00000000000 --- a/danish/security/2016/dsa-3510.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5cf0627e9883a5dc9a67967b68c79844e0b7b18f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Adskillige hukommelsessikkerhedsfejl, -bufferoverløb, anvendelser efter frigivelser og andre implementeringsfejl kunne -føre til udførelse af vilkårlig kode, lammelsesangreb (denial of service), -forfalskning af adressebjælken og overskrivelse af lokale filer.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 38.7.0esr-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 38.7.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er Debian i færd med at gå tilbage til at -bruge navnet Firefox. Problemerne vil snart blive rettet i kildekodepakken -firefox-esr.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3510.data" diff --git a/danish/security/2016/dsa-3511.wml b/danish/security/2016/dsa-3511.wml deleted file mode 100644 index 06face156c3..00000000000 --- a/danish/security/2016/dsa-3511.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="5e8718a8df545a90617136381dd92ea18c422588" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i ISC's BIND DNS-server.

- -
    - -
  • CVE-2016-1285 - -

    En ondsindet fremstillet rdnc-handling, en måde at fjernadministrere en - BIND-server på, kunne medføre at named gik ned, som igen medførte et - lammelsesangreb (denial of service).

    • - -
  • CVE-2016-1286 - -

    En fejl ved fortolkning af DNAME-ressourceposter, kunne medføre at named - gik med, som igen medførte et lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1:9.8.4.dfsg.P1-6+nmu2+deb7u10.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:9.9.5.dfsg-9+deb8u6.

- -

I distributionen testing (stretch) og i den ustabile distributions (sid), vil -disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3511.data" diff --git a/danish/security/2016/dsa-3512.wml b/danish/security/2016/dsa-3512.wml deleted file mode 100644 index 73556ce7b79..00000000000 --- a/danish/security/2016/dsa-3512.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="5d6c2554f37e973bf5dc62f5857efa30c4d5b324" mindelta="1" -sikkerhedsopdatering - -

Markus Vervier fra X41 D-Sec GmbH opdagede en heltalsoverløbssårbarhed i -libotr, en off-the-record-beskedbibliotek (OTR), i den måde hvorpå størrelserne -på dele af indgående beskeder blev opbevaret. En fjernangriber kunne udnytte -fejlen ved at sende fabrikerede beskeder til en applikation, som anvender libotr, -til at iværksætte lammelsesangreb (applikationsnedbrud) eller potentielt udføre -vilkårlig kode med rettighederne hørende til brugeren, der kører -applikationen.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 3.2.1-1+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4.1.0-2+deb8u1.

- -

Vi anbefaler at du opgraderer dine libotr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3512.data" diff --git a/danish/security/2016/dsa-3513.wml b/danish/security/2016/dsa-3513.wml deleted file mode 100644 index 25f02626e8a..00000000000 --- a/danish/security/2016/dsa-3513.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="b7f0d2aad91f6ef2c91dadfa8e2631a78b500a2e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2016-1643 - -

    cloudfuzzer et typeforvirringsproblem i Blink/Webkit.

    • - -
  • CVE-2016-1644 - -

    Atte Kettunen opdagede et problem med anvendelse efter frigivelse i - Blink/Webkit.

    • - -
  • CVE-2016-1645 - -

    Et problem med læsning uden for grænserne blev opdaget i biblioteket - pdfium.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 49.0.2623.87-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 49.0.2623.87-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3513.data" diff --git a/danish/security/2016/dsa-3514.wml b/danish/security/2016/dsa-3514.wml deleted file mode 100644 index d38f18425b8..00000000000 --- a/danish/security/2016/dsa-3514.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="af64218a06bcd1df44bcdf03c74c24ab53952ab8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Samba, en SMB/CIFS-fil-, print- og loginserver -til Unix. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2015-7560 - -

    Jeremy Allison fra Google, Inc. og Samba Team opdagede at Samba på - ukorrekt vis håndterede hentning og gemning af ACL'er på en symlinksti. - En autentificeret ondsindet klient kunne benytte SMB1 UNIX-udvidelser til at - oprette et symlink til en fil eller mappe, og dernæst anvende - ikke-UNIX-SMB1-kald til at overskrive indholdet af ACL'en på filen eller - mappen, der linkes til.

    • - -
  • CVE-2016-0771 - -

    Garming Sam og Douglas Bagnall fra Catalyst IT opdagede at Samba var - sårbar over for et problem med læsning uden for grænserne under håndtering - af DNS TXT-poster, hvis Samba er udrullet som en AD DC og valgt til at køre - den interne DNS-server. En fjernangriber kunne udnytte fejlen til at lække - hukommelse fra serveren, i form af et DNS TXT-svar.

    • - -
- -

Desuden indeholder denne opdatering en rettelse af en regression opstået på -grund af opstrømsrettelsen af -CVE-2015-5252 -i DSA-3433-1, i opsætninger hvor sharestien er '/'.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 2:3.6.6-6+deb7u7. Den gamle stabile distribution (wheezy) er ikke -påvirket af -CVE-2016-0771.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -2:4.1.17+dfsg-2+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2:4.3.6+dfsg-1.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3514.data" diff --git a/danish/security/2016/dsa-3515.wml b/danish/security/2016/dsa-3515.wml deleted file mode 100644 index 0d8cd40f659..00000000000 --- a/danish/security/2016/dsa-3515.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="cf19d1546e5a6041ac439aeace61e2eef99abd61" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarhed er fundet i fontrenderingmotoren Graphite, hvilke kunne -medføre lammelsesangreb (denial of service) eller udførelse af vilkårlig kode, -hvis en misdannet fontfil blev behandlet.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.3.6-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.3.6-1~deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1.3.6-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.3.6-1.

- -

Vi anbefaler at du opgraderer dine graphite2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3515.data" diff --git a/danish/security/2016/dsa-3516.wml b/danish/security/2016/dsa-3516.wml deleted file mode 100644 index e17558754d7..00000000000 --- a/danish/security/2016/dsa-3516.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="7bbe2776f332edb7a3d881910c990796f15d2da7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i dissektorerne/fortolkerne af DNP, RSL, -LLRP, GSM A-bis OML, ASN 1 BER, hvilket kunne medføre lammelseangreb (denial of -service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.8.2-5wheezy18.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.12.1+g01b65bf-4+deb8u5.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 2.0.2+ga16e22e-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.0.2+ga16e22e-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3516.data" diff --git a/danish/security/2016/dsa-3517.wml b/danish/security/2016/dsa-3517.wml deleted file mode 100644 index 34fb1d16537..00000000000 --- a/danish/security/2016/dsa-3517.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="39036c41484b4173cf0be15988e58643a5851320" mindelta="1" -sikkerhedsopdatering - -

En lokal rootrettighedsforøgelsessårbarhed blev fundet i Exim, Debians -standardmailoverførselsagent, i opsætninger som anvender valgmuligehden -perl_startup (kun i Exim gennem exim4-daemon-heavy er understøttelse af -Perl aktiveret).

- -

For at løse sårbarheden, renser opdaterede Exim-versioner som standard det -komplette udførelsesmiljø, hvilket påvirker Exim og undeprocesser så som -transports, der kalder andre programmer, og dermed kan eksisterende -installationer holde op med at virke. Nye opsætningsvalgmuligheder -(keep_environment, add_environment) er indført til at justere på -virkemåden.

- -

Flere oplysninger finder man i opstrøms bulletin på -\ -https://www.exim.org/static/doc/CVE-2016-1531.txt

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 4.80-7+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4.84.2-1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 4.86.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.86.2-1.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3517.data" diff --git a/danish/security/2016/dsa-3518.wml b/danish/security/2016/dsa-3518.wml deleted file mode 100644 index 6c2779761d8..00000000000 --- a/danish/security/2016/dsa-3518.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="adbecfdd1c91fdc4713619cf52c8370f7ea14552" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i SPIP, et webstedsmotor til udgivelse, -medførende kodeindsprøjtning.

- -
    - -
  • CVE-2016-3153 - -

    g0uZ et sambecks, fra team root-me, opdagede at vilkårlig PHP-kode kunne - indsprøjtes, når der blev tilføjet indhold.

    • - -
  • CVE-2016-3154 - -

    Gilles Vincent opdagede at deserialisering af indhold, der ikke er tillid - til, kunne medføre indsprøjtning af vilkårlige objekter.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 2.1.17-1+deb7u5.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.0.17-2+deb8u2.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -disse problemer rettet i version 3.0.22-1.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3518.data" diff --git a/danish/security/2016/dsa-3519.wml b/danish/security/2016/dsa-3519.wml deleted file mode 100644 index 2620bc0a8c6..00000000000 --- a/danish/security/2016/dsa-3519.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1811450d2638b7ffce62d0f162edc1983a276115" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i virtualiseringsløsningen Xen, -hvilke kunne medføre lammelsesangreb (denial of service) eller -informationslækage.

- -

Den gamle stabile distribution (wheezy) vil blive opdateret gennem en separat -DSA.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.4.1-9+deb8u4.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3519.data" diff --git a/danish/security/2016/dsa-3520.wml b/danish/security/2016/dsa-3520.wml deleted file mode 100644 index be8c977a726..00000000000 --- a/danish/security/2016/dsa-3520.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="739e88d4a6dc19805b20647d07a73fce08505969" mindelta="1" -sikkerhedsopdatering - -

Adskilige sikkerhedsproblemer er fundet i Icedove, Debians udgave af -mailklienten Mozilla Thunderbird: Adskillige hukommelsessikkerhedsfejl, -heltalsoverløb, bufferoverløb og andre implementeringsfejl kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 38.7.0-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 38.7.0-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 38.7.0-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3520.data" diff --git a/danish/security/2016/dsa-3521.wml b/danish/security/2016/dsa-3521.wml deleted file mode 100644 index 3cb48763317..00000000000 --- a/danish/security/2016/dsa-3521.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="04ccf54e686c878d04e13650f00eff1d7d4ceecc" mindelta="1" -sikkerhedsopdatering - -

Lael Cellier opdagede to bufferoverløbssårbarheder i git, et hurtigt, -skalerbart, distribueret versionsstyringssystem, hvilke kunne udnyttes til -fjernudførelse af vilkårlig kode.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1:1.7.10.4-1+wheezy3.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:2.1.4-2.1+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:2.8.0~rc3-1. -CVE-2016-2315 -blev allerede rettet i version 1:2.7.0-1.

- -

Vi anbefaler at du opgraderer dine git-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3521.data" diff --git a/danish/security/2016/dsa-3522.wml b/danish/security/2016/dsa-3522.wml deleted file mode 100644 index 0600e5c6062..00000000000 --- a/danish/security/2016/dsa-3522.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="2188819dfdd7422591ad1f6d24fdf7ee56624d63" mindelta="1" -sikkerhedsopdatering - -

Alex Rousskov fra The Measurement Factory opdagede at Squid3, en komplet -webproxycache, ikke på korrekt vis håndterede fejl ved visse misdannede -HTTP-svar. En fjern HTTP-server kunne udnytte fejlen til at forårsage et -lammelsesangreb (assertionfejl og dæmonafslutning).

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 3.1.20-2.2+deb7u4.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.4.8-6+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet -i version 3.5.15-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.5.15-1.

- -

Vi anbefaler at du opgraderer dine squid3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3522.data" diff --git a/danish/security/2016/dsa-3523.wml b/danish/security/2016/dsa-3523.wml deleted file mode 100644 index 269c394c917..00000000000 --- a/danish/security/2016/dsa-3523.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="77fa036416471154b3a8de4b5b47e14b54b8652e" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering deaktiverer Graphite fontshapingbiblioteket i Iceweasel, -Debians udgave af webbrowseren Mozilla Firefox.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 38.7.1esr-1~deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 38.7.1esr-1~deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 45.0.1esr-1 af kildekodepakken firefox-esr.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3523.data" diff --git a/danish/security/2016/dsa-3524.wml b/danish/security/2016/dsa-3524.wml deleted file mode 100644 index 0053e1ed1bc..00000000000 --- a/danish/security/2016/dsa-3524.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="70e57ac8571d90d234a174115669f10bd52f58de" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Java-messagebrokeren ActiveMQ udførte utilstrækkelig -deserilisering. For yderligere oplysninger, se opstrømsbulletinen -\ -http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 5.6.0+dfsg-1+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.6.0+dfsg1-4+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet -i version 5.13.2+dfsg-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.13.2+dfsg-1.

- -

Vi anbefaler at du opgraderer dine activemq-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3524.data" diff --git a/danish/security/2016/dsa-3525.wml b/danish/security/2016/dsa-3525.wml deleted file mode 100644 index c0a3f2bf8c2..00000000000 --- a/danish/security/2016/dsa-3525.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="2f090c0aed43adf8e68cd2dd2a5c8b2cd2b4f779" mindelta="1" -sikkerhedsopdatering - -

Vincent LE GARREC opdagede et heltalsoverløb i pixman, et -pixelmanipuleringsbibliotek til X og cairo. En fjernangriber kunne udnytte -fejlen til at få en applikaiton, der anvender pixman-biblioteket, til at gå ned -eller potentielt udføre vilkårlig kode under rettighederne hørende til brugeren, -der kører applikationen.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 0.26.0-4+deb7u2.

- -

I den stabile distribution (jessie), i distributionen testing (stretch) og i -den ustabile distribution (sid), blev dette problem allerede rettet i version -0.32.6-1.

- -

Vi anbefaler at du opgraderer dine pixman-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3525.data" diff --git a/danish/security/2016/dsa-3526.wml b/danish/security/2016/dsa-3526.wml deleted file mode 100644 index 67197d9dbb9..00000000000 --- a/danish/security/2016/dsa-3526.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="eaae0c0746a91e524469f97c841b3070b8dd4a7c" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libmatroska, et udvidelsebart åben standard-containerformat -til lyd og video, på ukorrekt vis behandlede EBML-lacing. Ved at levere -ondsindet fremstillet inddata, kunne en angriber udnytte fejlen til at -gennemtvinge en eller anden form for lækage af oplysninger, opbevaret i -procesheaphukommelsen.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.3.0-2+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.4.1-2+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 1.4.4-1.

- -

Vi anbefaler at du opgraderer dine libmatroska-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3526.data" diff --git a/danish/security/2016/dsa-3527.wml b/danish/security/2016/dsa-3527.wml deleted file mode 100644 index 39f92e918e6..00000000000 --- a/danish/security/2016/dsa-3527.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="6d564d99a4c9b765bf1c554cbce33843bd196b83" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at inspircd, en IRC-dæmon, på ukorrekt vis håndterede PTR-opslag -hørende til brugere der logger på. Fejlen muliggjorde at en fjernangriber kunne -få applikationen til at gå ned, ved at opsætte misdannede DNS-registreringer, -dermed forårsagende et lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.0.5-1+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.0.17-1+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 2.0.20-1.

- -

Vi anbefaler at du opgraderer dine inspircd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3527.data" diff --git a/danish/security/2016/dsa-3528.wml b/danish/security/2016/dsa-3528.wml deleted file mode 100644 index fc2ecb9ebc3..00000000000 --- a/danish/security/2016/dsa-3528.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e2bd0950f0d0529228a60e4225e75057d0928e52" mindelta="1" -sikkerhedsopdatering - -

Stefan Sperling opdagede at pidgin-otr, en plugin til Pidgin, som -implementerer Off-The-Record-beskeder, indeholdt en fejl i forbindelse med -anvendelse efter frigivelse. Det kunne udnyttes af en ondsindet fjern bruger -til bevidst at få applikationen til at gå ned, og dermed forårsage et -lammelsesangreb (denial of service).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4.0.1-1+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 4.0.2-1.

- -

Vi anbefaler at du opgraderer dine pidgin-otr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3528.data" diff --git a/danish/security/2016/dsa-3529.wml b/danish/security/2016/dsa-3529.wml deleted file mode 100644 index e0fc7045442..00000000000 --- a/danish/security/2016/dsa-3529.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="9e032f6489681daaf4164745ef334a0b6aadb751" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i Redmine, en webapplikation til -projekthåndtering, hvilke kunne føre til informationsafsløring.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.0~20140825-8~deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 3.2.0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.2.0-1.

- -

Vi anbefaler at du opgraderer dine redmine-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3529.data" diff --git a/danish/security/2016/dsa-3530.wml b/danish/security/2016/dsa-3530.wml deleted file mode 100644 index 32a1ccaa2e2..00000000000 --- a/danish/security/2016/dsa-3530.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="427ac4405b4ec18b6726327fe6bc8e4cd33a4760" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder er rettet i Tomcat-servlet'en og -JSP-motoren, hvilke kunne medføre omgående af restriktioner i security -manager, informationsafsløring, lammelsesangreb (denial of service) eller -sessionsfiksering.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 6.0.45+dfsg-1~deb7u1.

- -

Vi anbefaler at du opgraderer dine tomcat6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3530.data" diff --git a/danish/security/2016/dsa-3531.wml b/danish/security/2016/dsa-3531.wml deleted file mode 100644 index b53e1887c9c..00000000000 --- a/danish/security/2016/dsa-3531.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="6977df7d5ebe04d12eec2c8c17a577eba8e310e7" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2016-1646 - -

    Wen Xu opdagede et problem med læsning uden for grænserne i - v8-biblioteket.

    • - -
  • CVE-2016-1647 - -

    Et problem med anvendelse efter frigivelse blev opdaget.

    • - -
  • CVE-2016-1648 - -

    Et problem med anvendelse efter frigivelse blev opdaget i håndteringen af - udvidelser.

    • - -
  • CVE-2016-1649 - -

    lokihardt opdagede et bufferoverløbsproblem i biblioteket Almost Native - Graphics Layer Engine (ANGLE).

    • - -
  • CVE-2016-1650 - -

    Chrome-udviklingsholdet fandt og rettede forskellige problemer under - intern auditering. Desuden blev adskillige problemer rettet i - JavaScript-biblioteket v8, version 4.9.385.33.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 49.0.2623.108-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 49.0.2623.108-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3531.data" diff --git a/danish/security/2016/dsa-3532.wml b/danish/security/2016/dsa-3532.wml deleted file mode 100644 index 542a164cfbe..00000000000 --- a/danish/security/2016/dsa-3532.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f0c3ab552e49d4a8e3cd7af62469ae633b566b4b" mindelta="1" -sikkerhedsopdatering - -

Kostya Kortchinsky opdagede en stakbaseret bufferoverløbssårbarhed i -VPNv4 NLRI-fortolkeren i bgpd i quagga, en routingdæmon til BGP/OSPF/RIP. En -fjernangriber kunne udnytte fejlen til at forårsage et lammelsesangreb -(dæmonnedbrud) eller potentielt udførelse af vilkårlig kode, hvis bgpd er opsat -med BGP-peers aktiveret for VPNv4.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 0.99.22.4-1+wheezy2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.99.23.1-1+deb8u1.

- -

Vi anbefaler at du opgraderer dine quagga-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3532.data" diff --git a/danish/security/2016/dsa-3533.wml b/danish/security/2016/dsa-3533.wml deleted file mode 100644 index 4b2080f4b0b..00000000000 --- a/danish/security/2016/dsa-3533.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="c7003d187d2b40d56a19686797312bf4dcd8d350" mindelta="1" -sikkerhedsopdatering - -

Kashyap Thimmaraju og Bhargava Shastry opdagede en fjernudløsbar -bufferoverløbssårbarhed i openvswitch, en kvalitets-, multilayer virtuel -switch-implementering. Særligt fremstillede MPLS-pakke kunne få bufferen -reserveret til MPLS-labels i en OVS-intern datastruktur til at løbe over. En -fjernangriber kunne udnytte fejlen til at forårsage et lammelsesangreb (denial -of service) eller potentielt udføre vilkårlig kode.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.3.0+git20140819-3+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.3.0+git20140819-4.

- -

Vi anbefaler at du opgraderer dine openvswitch-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3533.data" diff --git a/danish/security/2016/dsa-3534.wml b/danish/security/2016/dsa-3534.wml deleted file mode 100644 index c6f73b248a5..00000000000 --- a/danish/security/2016/dsa-3534.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="eef6471b586d9aaa5a2a980e0553c059343923f6" mindelta="1" -sikkerhedsopdatering - -

Guido Vranken opdagede flere sårbarheder i dhcpcd, en DHCP-klient, hvilke -kunne medføre lammelsesangreb (denial of service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1:3.2.3-11+deb7u1.

- -

Vi anbefaler at du opgraderer dine dhcpcd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3534.data" diff --git a/danish/security/2016/dsa-3535.wml b/danish/security/2016/dsa-3535.wml deleted file mode 100644 index db7eea7abcd..00000000000 --- a/danish/security/2016/dsa-3535.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="3d01a2137129c816da7c713bc9d1e9e5e7a128cf" mindelta="1" -sikkerhedsopdatering - -

Stelios Tsampas opdagede et bufferoverløb i Kamailio SIP-proxy'en, hvilket -kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4.2.0-2+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 4.3.4-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.3.4-2.

- -

Vi anbefaler at du opgraderer dine kamailio-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3535.data" diff --git a/danish/security/2016/dsa-3536.wml b/danish/security/2016/dsa-3536.wml deleted file mode 100644 index 06c6b679055..00000000000 --- a/danish/security/2016/dsa-3536.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="dc1ba19ac04da98199318f84769c444c9bc0b3be" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libstruts1.2-java, et Java-framework til MVC-applikationer, -indeholdt en fejl i sin flersidevalideringskode. Dermed var det muligt at omgå -inddatavalidering, selv hvis MPF ikke anvendes direkte.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.2.9-5+deb7u2.

- -

Vi anbefaler at du opgraderer dine libstruts1.2-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3536.data" diff --git a/danish/security/2016/dsa-3537.wml b/danish/security/2016/dsa-3537.wml deleted file mode 100644 index aa1b3c03124..00000000000 --- a/danish/security/2016/dsa-3537.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="7c1335771695bf0e145573aa445f096eaf6bfe91" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i imlib2, et billedbehandlingsbibliotek.

- -
    - -
  • CVE-2014-9762 - -

    En segmenteringsfejl kunne opstå ved åbning af GIF'er uden et - colormap.

    • - -
  • CVE-2014-9763 - -

    Flere tilfælde af division med nul, medførende et programnedbrud, kunne - opstå når PNM-filer blev håndteret.

    • - -
  • CVE-2014-9764 - -

    En segmenteringsfejl kunne opstå ved åbning af GIF'er med feh.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.4.5-1+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.4.6-2+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distributions (sid), er -disse problemer rettet i version 1.4.7-1.

- -

Vi anbefaler at du opgraderer dine imlib2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3537.data" diff --git a/danish/security/2016/dsa-3538.wml b/danish/security/2016/dsa-3538.wml deleted file mode 100644 index 698e3512005..00000000000 --- a/danish/security/2016/dsa-3538.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="8514ff1f0db87a0e77ab4e8719fd82cece1a8b1d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libebml, et bibliotek til behandling af -Extensible Binary Meta Language-filer.

- -
    - -
  • CVE-2015-8789 - -

    Kontekstafhængige angribere kunne udløse en anvendelse efter - frigivelse-sårbarhed, ved at levere et ondsindet fabrikeret - EBML-dokument.

    • - -
  • CVE-2015-8790 - -

    Kontekstafhængige angribere kunne få adgang til følsomme oplysninger fra - processens heaphukommelse, ved at anvende en ondsindet fremstillet - UTF-8-streng.

    • - -
  • CVE-2015-8791 - -

    Kontekstafhængige angribere kunne få adgang til følsomme oplysninger fra - processens heaphukommelse ved at anvende en ondsindet fremstillet - længdeværdi i en EBML-id.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.2.2-2+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.3.0-2+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distributions (sid), er -disse problem rettet i version 1.3.3-1.

- -

Vi anbefaler at du opgraderer dine libebml-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3538.data" diff --git a/danish/security/2016/dsa-3539.wml b/danish/security/2016/dsa-3539.wml deleted file mode 100644 index 3f36ec0b463..00000000000 --- a/danish/security/2016/dsa-3539.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="9f03869d9b99f2255c463d07286d25bd6ef414d4" mindelta="1" -sikkerhedsopdatering - -

Randell Jesup og Firefox-holdet opdagede, at srtp, Ciscos -referenceimplementering af Secure Real-time Transport Protocol (SRTP), ikke på -korrekt vis håndterede RTP-headerens CSRC-tæller og udvidelsesheaderlængde. En -fjernangriber kunne udnytte sårbarheden til at få en applikation, der er linket -mod libsrtp, til at gå ned, medførende et lammelsesangreb (denial of -service).

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 1.4.4+20100615~dfsg-2+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.4.5~20130609~dfsg-1.1+deb8u1.

- -

Vi anbefaler at du opgraderer dine srtp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3539.data" diff --git a/danish/security/2016/dsa-3540.wml b/danish/security/2016/dsa-3540.wml deleted file mode 100644 index 3d964da1cfb..00000000000 --- a/danish/security/2016/dsa-3540.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="fcfaffb3575cef67da923323c10ca01a74bd2732" mindelta="1" -sikkerhedsopdatering - -

Marcin Noga opdagede et heltalsunderløb i Lhasa, et dekomprimeringsprogram -til lzh-arkiver, hvilket kunne medføre udførelse af vilkårlig kode, hvis et -misdannet arkiv blev behandlet.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 0.0.7-2+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.2.0+git3fe46-1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 0.3.1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.3.1-1.

- -

Vi anbefaler at du opgraderer dine lhasa-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3540.data" diff --git a/danish/security/2016/dsa-3541.wml b/danish/security/2016/dsa-3541.wml deleted file mode 100644 index 374394ee2f8..00000000000 --- a/danish/security/2016/dsa-3541.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="eb358b5c104a2d1f7d243bc6e4c3bf1c2bae262a" mindelta="1" -sikkerhedsopdatering - -

High-Tech Bridge Security Research Lab opdagede at Roundcube, en -webmailklient, indeholdt en mappegennemløbssårbarhed. Fejlen kunne udnyttes af -en angriber til at tilgå følsomme filer på serveren, eller endda udføre -vilkårlig kode.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 0.7.2-9+deb7u2.

- -

I distributionen testing (stretch) og i den stabile distributions (sid), er -dette problem i version 1.1.4+dfsg.1-1.

- -

Vi anbefaler at du opgraderer dine roundcube-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3541.data" diff --git a/danish/security/2016/dsa-3542.wml b/danish/security/2016/dsa-3542.wml deleted file mode 100644 index 50b1d197a31..00000000000 --- a/danish/security/2016/dsa-3542.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="45d1d76aee3326eacd544b03f6bec0922cf422c5" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Mercurial, et distributeret -versionsstyringssystem. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2016-3068 - -

    Blake Burkhart opdagede at Mercurial tillod URL'er til - Git-subrepositories, der kunne medføre udførelse af vilkårlig kode på - klonen.

    • - -
  • CVE-2016-3069 - -

    Blake Burkhart opdagede at Mercurial tillod udførelse af vilkårlig kode - ved konvertering af Git-repositories med særligt fremstillede - navne.

    • - -
  • CVE-2016-3630 - -

    Man opdagede at Mercurial ikke på korrekt vis håndterer grænsekontroller - i sin binære deltadekoder, hvilket kunne være udnytbart til fjernudførelse - af kode via clone, push eller pull.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 2.2.2-4+deb7u2.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.1.2-2+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.7.3-1.

- -

Vi anbefaler at du opgraderer dine mercurial-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3542.data" diff --git a/danish/security/2016/dsa-3543.wml b/danish/security/2016/dsa-3543.wml deleted file mode 100644 index 05c01836906..00000000000 --- a/danish/security/2016/dsa-3543.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b95c64eb749661d4fced9c6dbfa899c799978272" mindelta="1" -sikkerhedsopdatering - -

Emmanuel Thome opdagede at manglende fornuftighedskontrol af inddata i -oarsh-kommandoen i OAR, et program til håndtering af jobs og ressourcer hørende -til HPC-klynger, kunne medføre rettighedsforøgelse.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.5.2-3+deb7u1.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.5.4-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.5.7-1.

- -

Vi anbefaler at du opgraderer dine oar-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3543.data" diff --git a/danish/security/2016/dsa-3544.wml b/danish/security/2016/dsa-3544.wml deleted file mode 100644 index 041441948a8..00000000000 --- a/danish/security/2016/dsa-3544.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="5ea37e76167be82a5a30376b95596f59b92cdddd" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Django, et webudviklingsframework på højt -niveau til Python. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2016-2512 - -

    Mark Striemer opdagede at nogle brugerleverede viderestillings-URL'er - indeholdende grundlæggende autentificeringsoplysninger, på håndteret på - ukorrekt vis, potentielt gørende det muligt for en fjernangriber at - iværksætte en ondsindet viderestilling eller udførelse af skripter på tværs - af websteder.

    • - -
  • CVE-2016-2513 - -

    Sjoerd Job Postmus opdagede at Django tillod brugerenumeration gennem - timingforskelle på password hasher work factor-opgraderinger.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.4.5-1+deb7u16.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.7.7-1+deb8u4.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1.9.4-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.4-1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3544.data" diff --git a/danish/security/2016/dsa-3545.wml b/danish/security/2016/dsa-3545.wml deleted file mode 100644 index 5e0e61a1583..00000000000 --- a/danish/security/2016/dsa-3545.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="21c54711eea51b6484612f25d68f7892056d7309" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i cgit, en hurtig webfrontend skrevet i C til -git-repositories. En fjernangriber kunne drage nytte af disse fejl til at -iværksætte udførelse af skripter på tværs af websteder, headerindsprøjtning -eller lammelsesangreb (denial of service).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.10.2.git2.0.1-3+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 0.12.0.git2.7.0-1 or earlier.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.12.0.git2.7.0-1 or earlier.

- -

Vi anbefaler at du opgraderer dine cgit-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3545.data" diff --git a/danish/security/2016/dsa-3546.wml b/danish/security/2016/dsa-3546.wml deleted file mode 100644 index 4e6497246f6..00000000000 --- a/danish/security/2016/dsa-3546.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="a584c411815c45e885d4fc09f8527c2f9fbc2448" mindelta="1" -sikkerhedsopdatering - -

Hans Jerry Illikainen opdagede at manglende fornuftighedskontrol af inddata i -koden til BMP-behandling i optipng PNG-optimiseren, kunne medføre lammelsesangreb -(denial of service) eller udførelse af vilkårlig kode, hvis en misdannet fil blev -behandlet.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet i version -0.6.4-1+deb7u2. Opdateringen retter også -CVE-2015-7801, -som oprindelig var tiltænkt en punktopdatering af wheezy.

- -

I den stabile distribution (jessie), er dette problem rettet i version -0.7.5-1+deb8u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine optipng-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3546.data" diff --git a/danish/security/2016/dsa-3547.wml b/danish/security/2016/dsa-3547.wml deleted file mode 100644 index 0f0104e45d7..00000000000 --- a/danish/security/2016/dsa-3547.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="d3a5b1e7dc5645d48c385cb7badb973b28c4c51f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Imagemagick, et programsamling til -billedbehandling. Opdateringen retter et stort antal potentielle -sikkerhedsproblemer, så som nullpointeradgang og bufferoverløb, som kunne føre -til hukommelseslækager eller lammelsesangreb (denial of service). Ingen af -sikkerhedsproblemerne har fået tildelt et CVE-nummer.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 8:6.7.7.10-5+deb7u4.

- -

I den stabile distribution (jessie), er dette problem allerede rettet i -version 8:6.8.9.9-5+deb8u1, i den seneste punktopdatering.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3547.data" diff --git a/danish/security/2016/dsa-3548.wml b/danish/security/2016/dsa-3548.wml deleted file mode 100644 index 868f512ce75..00000000000 --- a/danish/security/2016/dsa-3548.wml +++ /dev/null @@ -1,99 +0,0 @@ -#use wml::debian::translation-check translation="702cd9718f2b9fb092c06275611105844fa8d4d3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Samba, en SMB/CIFS-server til filer, print- og -login til Unix. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2015-5370 - -

    Jouni Knuutinen fra Synopsys opdagede fejl i koden til Samba DCE-RPC, - hvilke kunne føre til lammelsesangreb (nedbrud og højt CPU-forbrug) og - manden i midten-angreb.

    • - -
  • CVE-2016-2110 - -

    Stefan Metzmacher fra SerNet og Samba Team opdagede at - funktionsforhandlingen i NTLMSSP ikke beskyttede mod - nedgraderingsangreb.

    • - -
  • CVE-2016-2111 - -

    Når Samba er opsat som domænecontroller, tillod den at fjernangribere - kunne forfalske computernavnet hørende til en sikker kanals endpoint, og få - adgang til følsomme sessionsoplysninger. Fejlen svarer til sårbarheden - CVE-2015-0005 - vedrørende Windows, opdaget af Alberto Solino fra Core Security.

    • - -
  • CVE-2016-2112 - -

    Stefan Metzmacher fra SerNet og Samba Team opdagede at en manden i - midten-angriber kunne nedgradere LDAP-forbindelser til at undgå - integritetsbeskyttelse.

    • - -
  • CVE-2016-2113 - -

    Stefan Metzmacher fra SerNet og Samba Team opdagede at manden i - midten-angreb var mulige ved klientudløse LDAP-forbindelser og - ncacn_http-forbindelser.

    • - -
  • CVE-2016-2114 - -

    Stefan Metzmacher fra SerNet og Samba Team opdagede at Samba ikke - håndhævede krævet smb-signering, selv om det eksplicit er opsat.

    • - -
  • CVE-2016-2115 - -

    Stefan Metzmacher fra SerNet og Samba Team opdagede at SMB-forbindelser - til IPC-trafik ikke var integritetsbeskyttede.

    • - -
  • CVE-2016-2118 - -

    Stefan Metzmacher fra SerNet og Samba Team opdagede at en manden i - midten-angriber kunne opsnappe enhver DCERPC-trafik mellem en klient og en - server, med det formål at udgive sig for at være klienten, og dermed få - adgang til de samme rettigheder, som den autentificerede - brugerkonto.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 2:3.6.6-6+deb7u9. Den gamle stabile distribution er ikke påvirket af -CVE-2016-2113 og -CVE-2016-2114.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -2:4.2.10+dfsg-0+deb8u1. Problemerne blev løst ved at opgradere til den nye -opstrømsversion 4.2.10, som indeholder yderligere ændringer og fejlrettelser. -De afhængige biblioteker ldb, talloc, tdb og tevent var det også nødvendigt at -opgradere til nye opstrømsversioner i forbindelse med denne opdatering.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2:4.3.7+dfsg-1.

- -

For flere oplysninger (særligt vedrørende nye indstillingsmuligheder og -standardværdier), se:

- - - -

Tak til Andreas Schneider og Guenther Deschner (Red Hat), Stefan Metzmacher -og Ralph Boehme (SerNet) samt Aurelien Aptel (SUSE) for det store -tilbageførelsesarbejde, der var krævet for at understøtte Samba 3.6 og Samba -4.2, samt Andrew Bartlett (Catalyst), Jelmer Vernooij og Mathieu Parent for -deres hjælp med at forberede opdateringer af Samba og de underliggende -infrastrukturbiblioteker.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3548.data" diff --git a/danish/security/2016/dsa-3549.wml b/danish/security/2016/dsa-3549.wml deleted file mode 100644 index 1e2574bfb04..00000000000 --- a/danish/security/2016/dsa-3549.wml +++ /dev/null @@ -1,61 +0,0 @@ -#use wml::debian::translation-check translation="98c8fe2f1f89ff14eb9387428687dc74f887ebc3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2016-1651 - -

    Et problem med læsning uden for grænserne blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2016-1652 - -

    Et problem med udførelse af skripter på tværs af websteder blev opdaget i - bindingsudvidelser.

    • - -
  • CVE-2016-1653 - -

    Choongwoo Han opdagede et problem med læsning uden for grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2016-1654 - -

    Atte Kettunen opdatede en læsning af uinitialiseret - hukommelse-tilstand.

    • - -
  • CVE-2016-1655 - -

    Rob Wu opdagede et problem med anvendelse efter frigivelse med relation - til udvidelser.

    • - -
  • CVE-2016-1657 - -

    Luan Herrera opdagede en måde at forfalske URL'er på.

    • - -
  • CVE-2016-1658 - -

    Antonio Sanso opdagede en informationslækage med relation til - udvidelser.

    • - -
  • CVE-2016-1659 - -

    Chrome-udviklingsholdet fandt og rettede forskellige problemer under - intern kodegennemgang.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 50.0.2661.75-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 50.0.2661.75-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3549.data" diff --git a/danish/security/2016/dsa-3550.wml b/danish/security/2016/dsa-3550.wml deleted file mode 100644 index 76b5b6fc8eb..00000000000 --- a/danish/security/2016/dsa-3550.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="b1307afe8edb4c3ecfdf3f411ac29bd1b5c4ae2d" mindelta="1" -sikkerhedsopdatering - -

Shayan Sadigh opdagede en sårbarhed i OpenSSH: Hvis PAM-understøttelse er -aktiveret og sshd's PAM-opsætning er indstillet til at læse brugerleverede -miljøvariabler og valgmuligheden UseLogin er aktiveret, kunne en lokal -bruger måske forøge sine rettigheder til root.

- -

I Debian UseLogin som standard deaktiveret.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 6.0p1-4+deb7u4.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 6.7p1-5+deb8u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:7.2p2-3.

- -

Vi anbefaler at du opgraderer dine openssh-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3550.data" diff --git a/danish/security/2016/dsa-3551.wml b/danish/security/2016/dsa-3551.wml deleted file mode 100644 index e7400f85ca5..00000000000 --- a/danish/security/2016/dsa-3551.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="b637fb755deb2cefe360aa24702daf90e48f8f07" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at fuseiso, en brugerrumsimplementering af ISO -9660-filsystemet baseret på FUSE, indeholdt flere sårbarheder.

- -
    - -
  • CVE-2015-8836 - -

    Et stakbaseret bufferoverløb kunne gøre det muligt for angribere, der kan - narre en bruger til at mounte et fabikeret ISO 9660-filsystem til at - medføre lammelsesangreb (nedbrud) eller potentielt udføre vilkårlig - kode.

    • - -
  • CVE-2015-8837 - -

    Et heltalsoverløb førte til et heapbaseret bufferoverløb, hvilket gjorde - det muligt for en angriber (der kan narre en bruger til at mounte et - fabrikeret ISO 9660-filsystem) at medføre et lammelsessystem (nedbrud) eller - potentielt udføre vilkårlige kode.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 20070708-3+deb7u1.

- -

Den stabile distribution (jessie) indeholder ikke fuseiso-pakker.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 20070708-3.2.

- -

Vi anbefaler at du opgraderer dine fuseiso-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3551.data" diff --git a/danish/security/2016/dsa-3552.wml b/danish/security/2016/dsa-3552.wml deleted file mode 100644 index 9daa9a9fe7a..00000000000 --- a/danish/security/2016/dsa-3552.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="cf563d8590928ccf558528061286813de2a09f96" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder er opdaget i Tomcat-servlet og JSP-motoren, -hvilke kunne medføre informationsafsløring, omgåelse af CSRF-beskyttelser og -omgåelse af SecurityManager.

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 7.0.28-4+deb7u4. Opdateringen retter også -CVE-2014-0119 og -CVE-2014-0096.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7.0.56-3+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 7.0.68-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.0.68-1.

- -

Vi anbefaler at du opgraderer dine tomcat7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3552.data" diff --git a/danish/security/2016/dsa-3553.wml b/danish/security/2016/dsa-3553.wml deleted file mode 100644 index 1f3d1ee8f4d..00000000000 --- a/danish/security/2016/dsa-3553.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="fbbe62d1d39feb217406213f84318d52b5fe7245" mindelta="1" -sikkerhedsopdatering - -

Régis Leroy fra Makina Corpus opdagede at varnish, et omvendt cachende -HTTP-proxy, var sårbar over for HTTP-smuglingsproblemer, potentielt førende til -cacheforgiftning eller omgåelse af adgangskontrolregler.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 3.0.2-2+deb7u2.

- -

Vi anbefaler at du opgraderer dine varnish-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3553.data" diff --git a/danish/security/2016/dsa-3554.wml b/danish/security/2016/dsa-3554.wml deleted file mode 100644 index a1bf40ded59..00000000000 --- a/danish/security/2016/dsa-3554.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="7f44833fd5082628b01ffc8e8d3e52507eab9385" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i hypervisoren Xen. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2016-3158, - CVE-2016-3159 - (XSA-172) - -

    Jan Beulich fra SUSE opdagede at Xen ikke på korrekt vis håndterede - skrivninger til hardwarebitten FSW.ES, når der køres på AMD64-processorer. - Et ondsindet domæne kunne drage nytte af fejlen til at få adgang til - oplysninger om benyttelse af adresserum og timing, om andre domæner, med en - forholdsvis lav hastighed.

    • - -
  • CVE-2016-3960 - (XSA-173) - -

    Ling Liu og Yihan Lian fra Cloud Security Team, Qihoo 360 opdagede at - heltalsoverløb i koden til x86-shadowpagetable. En HVM-gæst som benytter - shadowpagetables kunne få værten til at gå ned. En PV-gæst som benytter - shadowpagetables (dvs. er blevet migreret) med PV-superpages aktiveret - (hvilket ikke er standard) kunne få værten til at gå ned eller gøre - hypervisorhukommelse korrekt, potentielt førende til - rettighedsforøgelse.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.4.1-9+deb8u5.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3554.data" diff --git a/danish/security/2016/dsa-3555.wml b/danish/security/2016/dsa-3555.wml deleted file mode 100644 index f955b1c619f..00000000000 --- a/danish/security/2016/dsa-3555.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="cc5e93c0fc91c195f643c2ccd809e6fae7212244" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i imlib2, et bibliotek til -billedbehandling.

- -
    - -
  • CVE-2011-5326 - -

    Kevin Ryde opdagede at forsøg på at tegne en 2x1 radiellipse, medførte - en flydende komma-exception.

    • - -
  • CVE-2014-9771 - -

    Man opdagede at et heltalsoverløb kunne føre til ugyldige - hukommelseslæsninger og urimeligt store hukommelsesallokeringer.

    • - -
  • CVE-2016-3993 - -

    Yuriy M. Kaminskiy opdagede at tegning ved hjælp af koordinater fra en - kilde, der ikke er tillid til, kunne føre til hukommelseslæsning uden for - grænserne, hvilket kunne ende med at applikationen gik ned.

    • - -
  • CVE-2016-3994 - -

    Jakub Wilk opdagede at et misdannet billede kunne føre til en læsning - uden for grænserne i GIF-loaderen, hvilket kunne ende med at applikationen - gik ned eller der blev lækket oplysninger.

    • - -
  • CVE-2016-4024 - -

    Yuriy M. Kaminskiy opdagede et heltalsoverløb, som kunne føre til - utilstrækkelig heapallokering og hukommelseslæsning uden for - grænserne.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 1.4.5-1+deb7u2.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.4.6-2+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.4.8-1.

- -

Vi anbefaler at du opgraderer dine imlib2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3555.data" diff --git a/danish/security/2016/dsa-3556.wml b/danish/security/2016/dsa-3556.wml deleted file mode 100644 index 70f8b5cafdd..00000000000 --- a/danish/security/2016/dsa-3556.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="d4ea8efe37362262fff077374cf82b6d1caef74f" mindelta="1" -sikkerhedsopdatering - -

Hans Jerry Illikainen opdagede at libgd2, et bibliotek til programmatisk -oprettelse og behandling af grafer, var ramt af en fejltegnssårbarhed, hvilket -kunne føre til et heapoverløb når der blev behandlet særligt fremstillede -komprimerede gd2-data. En fjernangriber kunne udnytte fejlen til at få en -applikation, som anvender biblioteket libgd2, til at gå ned eller potentielt -udføre vilkårlig kode med rettighederne tilhørende den bruger, som anvender -applikationen.

- -

I den gamle stabile distribution (wheezy), er dette problem rettet -i version 2.0.36~rc1~dfsg-6.1+deb7u2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.1.0-5+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1.1-4.1.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3556.data" diff --git a/danish/security/2016/dsa-3557.wml b/danish/security/2016/dsa-3557.wml deleted file mode 100644 index 300979727ef..00000000000 --- a/danish/security/2016/dsa-3557.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="8e8092b04a137686f141221b6d0ff1cd52ae8d7d" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion version 5.5.49. Se MySQL 5.5 -Release Notes og Oracles Critical Patch Update-bulletin for flere -oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i version -5.5.49-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3557.data" diff --git a/danish/security/2016/dsa-3558.wml b/danish/security/2016/dsa-3558.wml deleted file mode 100644 index 146ead25920..00000000000 --- a/danish/security/2016/dsa-3558.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="428c3ab48834ecadab7dc706672cd596ead82d2f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udbrud af Java-sandkassen, lammelsesangreb (denial of -service) eller informationsafsløring.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7u101-2.6.6-1~deb8u1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3558.data" diff --git a/danish/security/2016/dsa-3559.wml b/danish/security/2016/dsa-3559.wml deleted file mode 100644 index 72b293ac0fb..00000000000 --- a/danish/security/2016/dsa-3559.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="333ea6a97eb131e9472d768b6932a62414c8ef1a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Iceweasel, Debians udgave af -webbrowseren Mozilla Firefox: Flere hukommelsessikkerhedsfejl og bufferoverløb -kunne føre til udførelse af vilkårlig kode eller lammelsesangreb (denial -of service).

- -

I den gamle stabile distribution (wheezy), er disse problemer rettet i -version 38.8.0esr-1~deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -38.8.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -45.1.0esr-1 af kildekodepakken firefox-esr og i version 46.0-1 af -kildekodepakken firefox.

- -

Vi anbefaler at du opgraderer dine iceweasel-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3559.data" diff --git a/danish/security/2016/dsa-3560.wml b/danish/security/2016/dsa-3560.wml deleted file mode 100644 index 29f7b1cc1a6..00000000000 --- a/danish/security/2016/dsa-3560.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="610eb288f94282c84cab760799031903b45b4a18" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et generelt anvendeligt skriptsprog, som -hyppigt anvendes til udvikling af webapplikationer.

- -

Sårbarhederne er løst ved at opgradere PHP til den nye opstrømsversion -5.6.20, som indeholder yderligere fejlrettelser. Se opstrøms changelog for flere -oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i version -5.6.20+dfsg-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3560.data" diff --git a/danish/security/2016/dsa-3561.wml b/danish/security/2016/dsa-3561.wml deleted file mode 100644 index 228e1ffe3c6..00000000000 --- a/danish/security/2016/dsa-3561.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="862a222c68848e8af13a9723735e266a2ce83d55" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Subversion, et versionsstyringssystem. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2016-2167 - -

    Daniel Shahaf og James McCoy opdagede at en implementeringsfejl i - autentificeringen mod biblioteket Cyrus SASL tillod at en fjernangriber - kunne angive en realm-streng, som et præfiks hørende til den forventede - realm-streng, og potentielt gjorde det muligt for en bruger at - autentificere ved hjælp af et forkert realm.

    • - -
  • CVE-2016-2168 - -

    Ivan Zhakov fra VisualSVN opdagede en fjernudløsbar - lammelsesangrebssårbarhed i modulet mod_authz_svn, under COPY- eller - MOVE-autorisationskontroller. En autentificeret fjernangriber kunne drage - nytte af fejlen til at forårsage et lammelsesangreb (nedbrud af - Subversion-serveren) gennem COPY- eller MOVE-forespørgsler med en særligt - fremstillet header.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.8.10-6+deb8u4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9.4-1.

- -

Vi anbefaler at du opgraderer dine subversion-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3561.data" diff --git a/danish/security/2016/dsa-3562.wml b/danish/security/2016/dsa-3562.wml deleted file mode 100644 index 4f276939458..00000000000 --- a/danish/security/2016/dsa-3562.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="3080d172fff8579499bf8f2b6a81804234974609" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i tardiff, et værktøj til sammenligning af -tarballs. Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2015-0857 - -

    Rainer Mueller og Florian Weimer opdagede at tardiff var sårbar over for - indsprøjtning af shell-kommandoer via shell-metategn i filnavne i tarfiler - eller via shell-metategn i tarfilnavnene selv.

    • - -
  • CVE-2015-0858 - -

    Florian Weimer opdagede at tardiff anvender forudsigelige midlertidige - mapper til udpakning af tarballs. En ondsindet bruger kunne udnytte fejlen - til at overskrive filer med rettighederne hørende til brugeren, der kører - kommandolinjeværktøjet tardiff.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i version -0.1-2+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i version 0.1-5 -og delvist i tidligere versioner.

- -

Vi anbefaler at du opgraderer dine tardiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3562.data" diff --git a/danish/security/2016/dsa-3563.wml b/danish/security/2016/dsa-3563.wml deleted file mode 100644 index d70c3c8ca91..00000000000 --- a/danish/security/2016/dsa-3563.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="d22d7dc515c77adfb802d9258a5772e685a3df18" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at et heapoverløb i biblioteket Poppler PDF kunne medføre -lammelsesangreb (denial of service) og potentielt udførelse af vilkårlig -kode, hvis en misdannet PDF-fil blev åbnet.

- -

I den stabile distribution (jessie), er dette problem rettet i version -0.26.5-2+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet i version -0.38.0-3.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.38.0-3.

- -

Vi anbefaler at du opgraderer dine poppler-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3563.data" diff --git a/danish/security/2016/dsa-3564.wml b/danish/security/2016/dsa-3564.wml deleted file mode 100644 index 905ed15a0a7..00000000000 --- a/danish/security/2016/dsa-3564.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="c34d3c575f07a64192f2100f09b7bdd38ca29b5e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2016-1660 - -

    Atte Kettunen opdagede et problem med skrivning uden for - grænserne.

    • - -
  • CVE-2016-1661 - -

    Wadih Matar opdagede et problem med hukommelseskorruption.

    • - -
  • CVE-2016-1662 - -

    Rob Wu opdagede et problem med anvendelse efter frigivelse i forbindelse - med udvidelser.

    • - -
  • CVE-2016-1663 - -

    Et problem med anvendelse efter frigivelse blev opdaget i Blinks - bindinger til V8.

    • - -
  • CVE-2016-1664 - -

    Wadih Matar opdagede en måde at forfalske URL'er på.

    • - -
  • CVE-2016-1665 - -

    gksgudtjr456 opdagede en informationslækage i JavaScript-biblioteket - v8.

    • - -
  • CVE-2016-1666 - -

    Chrome-udviklingsholdet fandt og rettede forskellige problemer under - intern kodegennemgang.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i version -50.0.2661.94-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -50.0.2661.94-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3564.data" diff --git a/danish/security/2016/dsa-3565.wml b/danish/security/2016/dsa-3565.wml deleted file mode 100644 index 3704331ed6b..00000000000 --- a/danish/security/2016/dsa-3565.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="53a80c9fc252ed5446be0db6cd4e1c0319a20e79" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedssårbarheder blev fundet i botan1.10, et C++-bibliotek, som -leverer understøttelse af mange almindelige kryptografiske handlinger, herunder -kryptering, autentifikation, X.509v3-certifikater og CRL'er.

- -
    - -
  • CVE-2015-5726 - -

    BER-dekoderen gik ned på grund af læsning fra en tom vektors offset 0, - hvis den stødte på en BIT STRING, som ikke indeholder nogen data - overhovedet. Det kunne anvendes til let at få applikationer, som anvender - ASN.1-data, der ikke er tillid til, til at gå ned, men lader ikke til at - kunne udnyttes til udførelse af kode.

    • - -
  • CVE-2015-5727 - -

    BER-dekoderen allokerede en forholdsvis vilkårlig hukommelsesmængde i et - længdefelt, selv om der ikke var nogen chance for at læsningsforespørgslen - ville lykkes. Det kunne medføre, at processen løb tør for hukommelse eller - at OOM-dræberne blev iværksat.

    • - -
  • CVE-2015-7827 - -

    Anvendelse af konstant tid-PKCS #1 til unpadding, for at undgå muligt - sidekanalsangreb mod RSA-dekryptering.

    • - -
  • CVE-2016-2194 - -

    Uendelig løkke i algoritme til modulær kvadratrod. Funktionen ressol, - som implementerer algoritmen Tonelli-Shanks til at finde kvadratrødder, - kunne blive sendt ind i en næsten uendelig løkke på grund af et - fejlplaceret betingelsestjek. Det kunne opstå hvis en sammensat modulus - blev leveret, da algoritmen kun er defineret for primtal. Funktionen blev - udsat for angriberkontrollerede inddata gennem funktionen OS2ECP under - ECC-punktdekomprimering.

    • - -
  • CVE-2016-2195 - -

    Retter heapoverløb ved ugyldigt ECC-punkt.

    • - -
  • CVE-2016-2849 - -

    Anvender algoritmen constant time modular inverse for at undgå - muligt sidekanalsangreb mod ECDSA.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.10.8-2+deb8u1.

- -

Vi anbefaler at du opgraderer dine botan1.10-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3565.data" diff --git a/danish/security/2016/dsa-3566.wml b/danish/security/2016/dsa-3566.wml deleted file mode 100644 index d35c2683099..00000000000 --- a/danish/security/2016/dsa-3566.wml +++ /dev/null @@ -1,57 +0,0 @@ -#use wml::debian::translation-check translation="b5a23803d4b28661ad65be0b7b309e6380b16eef" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i OpenSSL, et Secure Socket -Layer-værktøjssæt.

- -
    - -
  • CVE-2016-2105 - -

    Guido Vranken opdagede at et overløb kunne opstå i funktionen - EVP_EncodeUpdate(), som anvendes til Base64-encoding, hvis en angriber kunne - levere en stor mængde data. Det kunne føre til heapkorruption.

    • - -
  • CVE-2016-2106 - -

    Guido Vranken opdagede at et overløb kunne opstå i funktionen - EVP_EncryptUpdate(), hvis en angriber kunne levere en stor mængde data. Det - kunne føre til heapkorruption.

    • - -
  • CVE-2016-2107 - -

    Juraj Somorovsky opdagede et padding-orakel i implementeringen af AES - CBC-cipher, baseret på instruktionssæsttet AES-NI. Dermed kunne en angriber - dekryptere TLS-trafik, krypteret med one af ciphersuiterne baseret på AES - CBC.

    • - -
  • CVE-2016-2108 - -

    David Benjamin fra Google opdagede at to separate fejl i ASN.1-enkoderen, - med relation til håndtering af negative nul-heltalsværdier og store - universelle tags, kunne føre til en skrivning uden for grænserne.

    • - -
  • CVE-2016-2109 - -

    Brian Carpenter opdagede at når ASN.1-data læses fra en BIO ved hjælp af - funktioner så som d2i_CMS_bio(), kunne en kort ugyldig enkodning medføre - allokering af store mængder hukommelse, potentielt forbrugende alt for mange - ressourcer eller udtømmende hukommelsen.

    • - -
- -

Yderligere oplysninger om problemerne finder man i sikkerhedsbulletinen om -OpenSSL i \ -https://www.openssl.org/news/secadv/20160503.txt

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.0.1k-3+deb8u5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.2h-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3566.data" diff --git a/danish/security/2016/dsa-3567.wml b/danish/security/2016/dsa-3567.wml deleted file mode 100644 index 59542926a02..00000000000 --- a/danish/security/2016/dsa-3567.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="a8e2f0ee92d46a87391450f1e620cdc4c59416e5" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libpam-sshauth, et PAM-modul til autentificering ved hjælp af -en SSH-server, ikke på korrekt vis håndterede systembrugere. I visse -opsætninger kunne en angriber drage nytte af fejlen til at få -rootrettigheder.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.3.1-1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 0.4.1-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.4.1-2.

- -

Vi anbefaler at du opgraderer dine libpam-sshauth-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3567.data" diff --git a/danish/security/2016/dsa-3568.wml b/danish/security/2016/dsa-3568.wml deleted file mode 100644 index 6f68a252881..00000000000 --- a/danish/security/2016/dsa-3568.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="61013abc38e10f6833208999c1564b92c30133b1" mindelta="1" -sikkerhedsopdatering - -

Pascal Cuoq og Miod Vallat opdagede at Libtasn1, et bibliotek til håndtering -af ASN.1-strukturer, ikke på korrekt vis håndterede visse misdannede -DER-certifikater. En fjernangriber kunne drage nytte af fejlen til at forårsage -at en applikation, som anvender biblioteket Libtasn1, kom til at hænge, -medførende et lammelsesangreb (denial of service).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4.2-3+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet -i version 4.8-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.8-1.

- -

Vi anbefaler at du opgraderer dine libtasn1-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3568.data" diff --git a/danish/security/2016/dsa-3569.wml b/danish/security/2016/dsa-3569.wml deleted file mode 100644 index 9cab13ba6a0..00000000000 --- a/danish/security/2016/dsa-3569.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="dafed5546dd3193b0e78441feca3cda141011856" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i openafs, en implementering af det distribuerede -filsystem AFS. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2015-8312 - -

    Potentielt lammelsesangreb (denial of service) forårsaget af en fejl i - pioctl-logikken, gjorde det muligt for en lokal bruger, at få en kernebuffer - til at løbe over, ved hjælp af en enkelt NUL-byte.

    • - -
  • CVE-2016-2860 - -

    Peter Iannucci opdagede at brugere fra fremmede Kerberos-realms, kunne - oprette grupper, hvis de var administratorer.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.6.9-2+deb8u5.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1.6.17-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.6.17-1.

- -

Vi anbefaler at du opgraderer dine openafs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3569.data" diff --git a/danish/security/2016/dsa-3570.wml b/danish/security/2016/dsa-3570.wml deleted file mode 100644 index fd1ff3694b1..00000000000 --- a/danish/security/2016/dsa-3570.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="195e138bca88b419d3b59cb7899c2b884a45cd98" mindelta="1" -sikkerhedsopdatering - -

Blake Burkhart opdagede en fejl i forbindelse med udførelse af vilkårlig kode -i Mercurial, et distribueret versionsstyringssystem, når convert-udvidelsen blev -benyttet på Git-repositories med særligt fremstillede navne. Fejlen påvirker i -særdeleshed automaticerede kodekonverteringstjenester, som tillader vilkårlige -repositorynavne.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.1.2-2+deb8u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.8.1-1.

- -

Vi anbefaler at du opgraderer dine mercurial-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3570.data" diff --git a/danish/security/2016/dsa-3571.wml b/danish/security/2016/dsa-3571.wml deleted file mode 100644 index 7a3ea871f2f..00000000000 --- a/danish/security/2016/dsa-3571.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="e37a01afc1a0ab4aa1472d070207873af2c024bb" mindelta="1" -sikkerhedsopdatering - -

Simon McVittie opdagede en sårbarhed i forbindelse med udførelse af skripter -på tværs af websteder, i fejlrapporteringen i Ikiwiki, en wikicompiler. -Opdateringen hærder også ikiwikis brug af imagemagick i plugin'en img.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.20141016.3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.20160506.

- -

Vi anbefaler at du opgraderer dine ikiwiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3571.data" diff --git a/danish/security/2016/dsa-3572.wml b/danish/security/2016/dsa-3572.wml deleted file mode 100644 index 6bb8756c5b2..00000000000 --- a/danish/security/2016/dsa-3572.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="d46566b6bf0d4629418e9552c6568597efe9718c" mindelta="1" -sikkerhedsopdatering - -

Nitin Venkatesh opdagede at websvn, en webfremviser til -Subversion-repositories, var sårbar over for angreb i forbindelse med udførelse -af skripter på tværs af websteder, gennem særligt fremstillede fil- og -mappenavne i repositories.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.3.3-1.2+deb8u2.

- -

Vi anbefaler at du opgraderer dine websvn-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3572.data" diff --git a/danish/security/2016/dsa-3573.wml b/danish/security/2016/dsa-3573.wml deleted file mode 100644 index f03a4944ee2..00000000000 --- a/danish/security/2016/dsa-3573.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="41643e1d4ac4bb1324be147ef7231056281b5a6b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu, en hurtig processoremulator.

- -
    - -
  • CVE-2016-3710 - -

    Wei Xiao og Qinghao Tang fra 360.cn Inc opdagede en fejl i forbindelse - med læsning og skrivning uden for grænserne i QEMU VGA-modulet. En - priviligeret gæstebruger kunne udnytte fejlen til at udføre vilkårlig kode - på værten, med rettighederne hørende til QEMU-værtsprocessen.

    • - -
  • CVE-2016-3712 - -

    Zuozhi Fzz fra Alibaba Inc opdagede potentielle problemer med - heltalsoverløb eller læseadgang uden for grænserne, i QEMU VGA-modulet. En - priviligeret gæstebruger kunne udnytte fejlen til at iværksætte et - lammelsesangreb (nedbrud af QEMU-processen).

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:2.1+dfsg-12+deb8u6.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3573.data" diff --git a/danish/security/2016/dsa-3574.wml b/danish/security/2016/dsa-3574.wml deleted file mode 100644 index 4577dc16df4..00000000000 --- a/danish/security/2016/dsa-3574.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="a023a3b5c20931409f57a99217e823a4103431d4" mindelta="1" -sikkerhedsopdatering - -

Rock Stevens, Andrew Ruef og Marcin Icewall Noga opdagede en -heapbaseret bufferoverløbssårbarhed i funktionen zip_read_mac_metadata i -libarchive, et flerformatsarkiverings- og komprimeringsbibliotek, hvilket kunne -føre til udførelse af vilkårlig kode, hvis en bruger eller automatiseret system -blev narret til at behandle en særligt fremstillede ZIP-fil.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.1.2-11+deb8u1.

- -

Vi anbefaler at du opgraderer dine libarchive-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3574.data" diff --git a/danish/security/2016/dsa-3575.wml b/danish/security/2016/dsa-3575.wml deleted file mode 100644 index 11ddeb8ac04..00000000000 --- a/danish/security/2016/dsa-3575.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="d9f3c6f6a9939d4fc21034f6b90a83d7eff79b13" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at XStream, et Java-bibliotek til serialisering af objekter til -XML og tilbage igen, var sårbar over for XML External Entity-angreb.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.4.7-2+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1.4.9-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.9-1.

- -

Vi anbefaler at du opgraderer dine libxstream-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3575.data" diff --git a/danish/security/2016/dsa-3576.wml b/danish/security/2016/dsa-3576.wml deleted file mode 100644 index 165607a57fc..00000000000 --- a/danish/security/2016/dsa-3576.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="e15df41b91d870c5889e58bc3f64bb7d4209eff4" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af -mailklienten Mozilla Thunderbird: Adskillige hukommelsessikkerhedsfejl kunne -føre til udførelse af vilkårlig kode eller lammelsesangreb (denial of -service).

- -

I den stabile distribution (jessie), er disse problemer rettet i version -38.8.0-1~deb8u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3576.data" diff --git a/danish/security/2016/dsa-3577.wml b/danish/security/2016/dsa-3577.wml deleted file mode 100644 index a6f99d5607d..00000000000 --- a/danish/security/2016/dsa-3577.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="069e096589629560f5f7387d4c07f2dd17b64c75" mindelta="1" -sikkerhedsopdatering - -

Gustavo Grieco opdagede at jansson, et C-bibliotek til enkodning, dekodning -og håndtering af JSON-data, ikke begrænsede rekursionsdybden, når der blev -behandlet JSON-arrays og -objekter. Dermed kunne det være muligt for -fjernangribere at forårsage et lammelsesangreb (nedbrud) gennem stakudmattelse -ved hjælp af fabrikerede JSON-data.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.7-1+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.7-5.

- -

Vi anbefaler at du opgraderer dine jansson-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3577.data" diff --git a/danish/security/2016/dsa-3578.wml b/danish/security/2016/dsa-3578.wml deleted file mode 100644 index 65e27c99e2e..00000000000 --- a/danish/security/2016/dsa-3578.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="81d972d5791a957a90bdc3fa709953226c0f6228" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libidn, GNU-biblioteket til Internationalized Domain Names -(IDN'er), ikke på korrekt vis håndterede ugyldige UTF-8-inddata, forårsagende -en læsning uden for grænserne. Dermed kunne fjernangribere afsløre følsomme -oplysninger fra en applikation, som anvender biblioteket libidn.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.29-1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1.31-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.31-1.

- -

Vi anbefaler at du opgraderer dine libidn-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3578.data" diff --git a/danish/security/2016/dsa-3579.wml b/danish/security/2016/dsa-3579.wml deleted file mode 100644 index 3070c9c07b2..00000000000 --- a/danish/security/2016/dsa-3579.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="f041d85204cbc2bc95ab3ecb471f98ade2d7e72c" mindelta="1" -sikkerhedsopdatering - -

Gustavo Grieco opdagede en sårbarhed i forbindelse med anvendelse efter -frigivelse i xerces-c, en validerende XML-fortolkningsbibliotek til C++, på -grund af forkert håndtering af ugyldige tegn i XML-inddatadokumenter i -DTDScanner.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.1.1-5.1+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet -i version 3.1.3+debian-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.1.3+debian-2.

- -

Vi anbefaler at du opgraderer dine xerces-c-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3579.data" diff --git a/danish/security/2016/dsa-3580.wml b/danish/security/2016/dsa-3580.wml deleted file mode 100644 index a8c70fc7e38..00000000000 --- a/danish/security/2016/dsa-3580.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="93f9ec29a9d79391f858712be49e7f64f2d395a3" mindelta="1" -sikkerhedsopdatering - -

Nikolay Ermishkin fra Mail.Ru Security Team og Stewie opdagede flere -sårbarheder i ImageMagick, en programsamling til billedbehandling. -Sårbarhederne, kollektivt kendt som ImageTragick, er konsekvensen af manglende -fornuftighedskontrol inddata, der ikke er tillid til. En angriber med kontrol -over billedinddata kunne, med rettighederne hørende til brugeren, som anvender -applikationen, udføre kode -(CVE-2016-3714), -foretage HTTP GET- eller FTP-forespørgsler -(CVE-2016-3718), -eller slette -(CVE-2016-3715), -flytte -(CVE-2016-3716) -eller læse -(CVE-2016-3717) -lokale filer.

- -

Sårbarhederne er særligt kritiske hvis Imagemagick behandler billeder fra -fjerne steder så som en del af en webservice.

- -

Opdateringen deaktiverer de sårbare kodere (EPHEMERAL, URL, MVG, MSL og PLT) -samt indirekte læsninger gennem filen /etc/ImageMagick-6/policy.xml. Desuden -indfører vi ekstra forebyggelse, herunder nogen fornuftighedskontrol af -inddatafilnavne i http-/https-delegater, komplet remotion af -PLT/Gnuplot-dekoderne og behov for eksplicit reference i filnavnet hørende til -usikre kodere.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 8:6.8.9.9-5+deb8u2.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3580.data" diff --git a/danish/security/2016/dsa-3581.wml b/danish/security/2016/dsa-3581.wml deleted file mode 100644 index 98d0af5ce4a..00000000000 --- a/danish/security/2016/dsa-3581.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="ff94253b524a95650781a07780fc4f45e24a4ff6" mindelta="1" -sikkerhedsopdatering - -

Julien Bernard opdagede at libndp, et bibliotek til IPv6 Neighbor Discovery -Protocol, udførte ikke tilstrækkelig fornuftighedskontrol af inddata og -ophavskontroller under modtagelsen af en NDP-meddelelse. En angriber i et -ikke-lokalt netværk kunne udnytte fejlen til at udstille en node som en router, -og forårsage et lammelsesangreb (denial of service) eller fungere som manden i -midten.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.4-2+deb8u1.

- -

Vi anbefaler at du opgraderer dine libndp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3581.data" diff --git a/danish/security/2016/dsa-3582.wml b/danish/security/2016/dsa-3582.wml deleted file mode 100644 index 00d4ff8c299..00000000000 --- a/danish/security/2016/dsa-3582.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="62ff9020f842c4c35cd7d2ca62f14e6ec4e9ccfd" mindelta="1" -sikkerhedsopdatering - -

Gustavo Grieco opdagede at Expat, et XML-fortolkende C-bibliotek, ikke på -korrekt vis håndterede visse former for misdannede inddatadokumenter, medførende -bufferoverløb under behandling og fejlrapportering. En fjernangriber kunne -drage nytte af fejlen til at forårsage, at en applikation, der anvender -Expat-biblioteket, gik ned eller potentielt udførte vilkårlig kode med -rettighederne hørende til brugeren, der kører applikationen.

- -

I den stabile distribution (jessie), er dette problem rettet i version -2.1.0-6+deb8u2. Desuden opfrister denne opdatering rettelsen af -\ -CVE-2015-1283 for at undgå at være afhængig af udefineret virkemåde.

- -

Vi anbefaler at du opgraderer dine expat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3582.data" diff --git a/danish/security/2016/dsa-3583.wml b/danish/security/2016/dsa-3583.wml deleted file mode 100644 index 3cd3534360c..00000000000 --- a/danish/security/2016/dsa-3583.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="5344bcbae623f67d7451583dcbce33bd51c809a5" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at middelware-plugin'en swift3 (S3-kompatibilitet) til Swift -udførte utilstrækkelig validering af dataheadere, hvilket måske kunne medføre -replay-angreb.

- -

I den stabile distribution (jessie), er dette problem rettet i version -1.7-5+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet i version -1.9-1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.9-1.

- -

Vi anbefaler at du opgraderer dine swift-plugin-s3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3583.data" diff --git a/danish/security/2016/dsa-3584.wml b/danish/security/2016/dsa-3584.wml deleted file mode 100644 index 67860b294a2..00000000000 --- a/danish/security/2016/dsa-3584.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c5afb0f6198f0b3acb8b06ed7eb8013098bdaade" mindelta="1" -sikkerhedsopdatering - -

Gustavo Grieco opdagede flere fejl i den måde librsvg, et SAX-baseret -renderingbibliotek til SVG-filer, fortolkede SVG-filer med cirkulære -definitioner på. En fjernangriber kunne drage nytte af fejlene til at forårsage -at en applikation, som anvender librsvg-biblioteket, gik ned.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.40.5-1+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 2.40.12-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.40.12-1.

- -

Vi anbefaler at du opgraderer dine librsvg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3584.data" diff --git a/danish/security/2016/dsa-3585.wml b/danish/security/2016/dsa-3585.wml deleted file mode 100644 index 32f10f757a3..00000000000 --- a/danish/security/2016/dsa-3585.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="bf7641e96da9d7ad64403fd8f8d582d67d3a9eb6" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i dissektorer/fortolkere af PKTC, IAX2, -GSM CBCH og NCP, hvilke kunne medføre lammelsesangreb (denial of service).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.12.1+g01b65bf-4+deb8u6.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 2.0.3+geed34f0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.0.3+geed34f0-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3585.data" diff --git a/danish/security/2016/dsa-3586.wml b/danish/security/2016/dsa-3586.wml deleted file mode 100644 index 4632499614b..00000000000 --- a/danish/security/2016/dsa-3586.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="35a1b12daaaa91e020f225b58b19bf8488498c74" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at et bufferoverløb i koden til XMLRPC-svarenkodning af Atheme -IRC-tjenesterne kunne medføre lammelsesangreb (denial of service).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 6.0.11-2+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 7.0.7-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.0.7-2.

- -

Vi anbefaler at du opgraderer dine atheme-services-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3586.data" diff --git a/danish/security/2016/dsa-3587.wml b/danish/security/2016/dsa-3587.wml deleted file mode 100644 index cdde43dc800..00000000000 --- a/danish/security/2016/dsa-3587.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="17b89de7bbb7f0dd768a4b977e3b6834a106e599" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libgd2, et bibliotek til programmatisk -fremstilling og behandling af grafik. En fjernangriber kunne udnytte fejlene -til at forårsage et lammelsesangreb (denial of service) mod en applikation, som -anvender biblioteket libgd2.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.1.0-5+deb8u3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.2.1-1 or earlier.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3587.data" diff --git a/danish/security/2016/dsa-3588.wml b/danish/security/2016/dsa-3588.wml deleted file mode 100644 index 1b176cbb64d..00000000000 --- a/danish/security/2016/dsa-3588.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="a9ba950fddc27ddf7f60a031f86c9983b8bd8560" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Symfony, et PHP-framework.

- -
    - -
  • CVE-2016-1902 - -

    Lander Brandt opdagede at klassen SecureRandom måske kunne generere svage - tilfældige tal til kryptografisk brug ved visse indstillinger. Hvis - funktionerne random_bytes() eller openssl_random_pseudo_bytes() ikke er - tilgængelige, skal uddata fra SecureRandom ikke betragtes som - sikkert.

    • - -
  • CVE-2016-4423 - -

    Marek Alaksa fra Citadelo opdagede at det var muligt at fylde - sessionslageret op, ved at indsende ikke-eksisterende lange - brugernavne.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.3.21+dfsg-4+deb8u3.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 2.8.6+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.8.6+dfsg-1.

- -

Vi anbefaler at du opgraderer dine symfony-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3588.data" diff --git a/danish/security/2016/dsa-3589.wml b/danish/security/2016/dsa-3589.wml deleted file mode 100644 index 2f34ff1906c..00000000000 --- a/danish/security/2016/dsa-3589.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="2767732ae2510463cc3a2efcb5f9471c02a2bc7f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i gdk-pixbuf, et værktøjssæt til indlæsning af -billeder og behandling af pixelbuffere. En fjernangriber kunne udnytte fejlene -til at forårsage et lammelsesangreb (denial of service) mod en applikation, som -anvender gdk-pixbuf (applikationsnedbrud) eller potentielt udføre vilkårlig kode -med rettighederne hørende til den bruger, der kører applikationen, hvis et -misdannet billede åbnes.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.31.1-2+deb8u5.

- -

Vi anbefaler at du opgraderer dine gdk-pixbuf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3589.data" diff --git a/danish/security/2016/dsa-3590.wml b/danish/security/2016/dsa-3590.wml deleted file mode 100644 index 8d34a5619ef..00000000000 --- a/danish/security/2016/dsa-3590.wml +++ /dev/null @@ -1,160 +0,0 @@ -#use wml::debian::translation-check translation="fcc61c7c4bed03d01168fdbe0cb273c861c76dd7" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2016-1667 - -

    Mariusz Mylinski opdagede et tilfælde af omgåelse af - cross-origin.

    • - -
  • CVE-2016-1668 - -

    Mariusz Mylinski opdagede et tilfælde af omgåelse af cross-origin i - bindinger til v8.

    • - -
  • CVE-2016-1669 - -

    Choongwoo Han opdagede et bufferoverløb i JavaScript-biblioteket - v8.

    • - -
  • CVE-2016-1670 - -

    En kapløbstilstand blev fundet, hvilken kunne medføre at - rendererprocessen genbrugte id'er, som skulle have været unikke.

    • - -
  • CVE-2016-1672 - -

    Mariusz Mylinski opdagede et tilfælde af omgåelse af cross-origin i - udvidelsesbindingerne.

    • - -
  • CVE-2016-1673 - -

    Mariusz Mylinski opdagede et tilfælde af omgåelse af cross-origin i - Blink/Webkit.

    • - -
  • CVE-2016-1674 - -

    Mariusz Mylinski opdagede endnu et tilfælde af omgåelse af cross-origin i - udvidelsesbindingerne.

    • - -
  • CVE-2016-1675 - -

    Mariusz Mylinski opdagede endnu et tilfælde af omgåelse af cross-origin i - Blink/Webkit.

    • - -
  • CVE-2016-1676 - -

    Rob Wu opdagede et tilfælde af omgåelse af cross-origin i - udvidelsesbindingerne.

    • - -
  • CVE-2016-1677 - -

    Guang Gong opdagede en typeforvekslingsproblem i JavaScript-biblioteket - v8.

    • - -
  • CVE-2016-1678 - -

    Christian Holler opdagede et overløbsproblem i JavaScript-biblioteket - v8.

    • - -
  • CVE-2016-1679 - -

    Rob Wu opdagede et problem med anvendelse efter frigivelse i bindingerne - til v8.

    • - -
  • CVE-2016-1680 - -

    Atte Kettunen opdagede et problem med anvendelse efter frigivelse i - biblioteket skia.

    • - -
  • CVE-2016-1681 - -

    Aleksandar Nikolic opdagede et overløbsproblem i biblioteket - pdfium.

    • - -
  • CVE-2016-1682 - -

    KingstonTime opdagede en måde at omgå Content Security Policy - på.

    • - -
  • CVE-2016-1683 - -

    Nicolas Gregoire opdagede et problem med skrivning uden for grænserne i - biblioteket libxslt.

    • - -
  • CVE-2016-1684 - -

    Nicolas Gregoire opdagede et heltalsoverløbsproblem i biblitoket - libxslt.

    • - -
  • CVE-2016-1685 - -

    Ke Liu opdagede et problem med læsning uden for grænserne i bibliteket - pdfium.

    • - -
  • CVE-2016-1686 - -

    Ke Liu opdagede endnu et problem med læsning uden for grænserne i - biblioteket pdfium.

    • - -
  • CVE-2016-1687 - -

    Rob Wu opdagede en informationslækage i håndteringen af - udvidelser.

    • - -
  • CVE-2016-1688 - -

    Max Korenko opdagede et problem med læsning uden for grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2016-1689 - -

    Rob Wu opdagede et bufferoverløbsproblem.

    • - -
  • CVE-2016-1690 - -

    Rob Wu opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2016-1691 - -

    Atte Kettunen opdagede et bufferoverløbsproblem i biblioteket - skia.

    • - -
  • CVE-2016-1692 - -

    Til Jasper Ullrich opdagede et problem med omgåelse af - cross-origin.

    • - -
  • CVE-2016-1693 - -

    Khalil Zhani opdagede at hentningen af Software Removal Tool blev udført - over en HTTP-forbindelse.

    • - -
  • CVE-2016-1694 - -

    Ryan Lester og Bryant Zadegan opdagede at fastgjorte offentlige nøgler - blev fjernet, når man tømte browserens cache.

    • - -
  • CVE-2016-1695 - -

    Udviklingsholdet bag chrome fandt og rettede forskellige problemer under - intern kodegennemgang.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 51.0.2704.63-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 51.0.2704.63-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3590.data" diff --git a/danish/security/2016/dsa-3591.wml b/danish/security/2016/dsa-3591.wml deleted file mode 100644 index 1522a794dcb..00000000000 --- a/danish/security/2016/dsa-3591.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="2131ffcd4b0efa58cad20da8ee397421adec396b" mindelta="1" -sikkerhedsopdatering - -

Bob Friesenhahn fra GraphicsMagick-projektet, opdagede en -kommandoindsprøjtningssårbarhed i ImageMagick, en programsamling til -billedbehandling. En angriber med kontrol over inddatabillede eller -inddatafilnavnet, kunne udføre vilkårlig kommandoer med rettighederne hørende -til brugeren, der kører applikationen.

- -

Opdateringen fjerner muligheden for at anvende pipe (|) i filnavne til at -interagere med imagemagick.

- -

Det er vigtigt at man opgraderer libmagickcore-6.q16-2 og ikke kun -imagemagick-pakken. Applikationer, som anvender libmagickcore-6.q16-2, kan også -være påvirkede, og skal genstartes efter opgraderingen.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 8:6.8.9.9-5+deb8u3.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3591.data" diff --git a/danish/security/2016/dsa-3592.wml b/danish/security/2016/dsa-3592.wml deleted file mode 100644 index 62756ea4ac3..00000000000 --- a/danish/security/2016/dsa-3592.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="586ba635c6b1d7bc4a7c0883e3d32cd76e3fb65a" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at en NULL-pointerdereference i Nginx' kode, der er ansvarlig -for at gemme klientforespørgselskroppe i en midlertidig fil, kunne medføre -lammelsesangreb (denial of service): Misdannede forespørgsler kunne få -arbejdsprocesser til at gå ned.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.6.2-5+deb8u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.10.1-1.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3592.data" diff --git a/danish/security/2016/dsa-3593.wml b/danish/security/2016/dsa-3593.wml deleted file mode 100644 index 631f2a259cf..00000000000 --- a/danish/security/2016/dsa-3593.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="12f26ac63180936bdeb7aaffe5c1a3eccfd92c88" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libxml2, et bibliotek som leverer -understøttelse af læsning, redigering og skrivning af XML- og HTML-filer. En -fjernangriber kunne med en særligt fremstillet XML- eller HTML-fil, som ved -behandling af en appliaktion, der anvender libxml2, medførte et lammelsesangreb -mod applikationen eller potentielt udførelse af vilkårlig kode med rettighederne -hørende til den bruger, som kører applikationen.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.9.1+dfsg1-5+deb8u2.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3593.data" diff --git a/danish/security/2016/dsa-3594.wml b/danish/security/2016/dsa-3594.wml deleted file mode 100644 index 50b7efe583a..00000000000 --- a/danish/security/2016/dsa-3594.wml +++ /dev/null @@ -1,56 +0,0 @@ -#use wml::debian::translation-check translation="0121e454d4aeabaa6d562230850cae8243dd1449" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2016-1696 - -

    En omgåelse af cross-origin blev fundet i bindingerne til - udvidelser.

    • - -
  • CVE-2016-1697 - -

    Mariusz Mlynski opdagede en omgåelse af cross-origin i - Blink/Webkit.

    • - -
  • CVE-2016-1698 - -

    Rob Wu opdagede en informationslækage.

    • - -
  • CVE-2016-1699 - -

    Gregory Panakkal opdagede et problem i funktionen Developer - Tools.

    • - -
  • CVE-2016-1700 - -

    Rob Wu opdagede et problem med anvendelse efter frigivelse i - udvidelser.

    • - -
  • CVE-2016-1701 - -

    Rob Wu opdagede et problem med anvendelse efter frigivelse i - autofill-funktionen.

    • - -
  • CVE-2016-1702 - -

    cloudfuzzer opdagede et problem med læsning uden for grænserne i - biblioteket skia.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 51.0.2704.79-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 51.0.2704.79-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3594.data" diff --git a/danish/security/2016/dsa-3595.wml b/danish/security/2016/dsa-3595.wml deleted file mode 100644 index 0170f4296d6..00000000000 --- a/danish/security/2016/dsa-3595.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="4dd2fc9ef601c4750ed739bc2774a475e6d1e41e" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MariaDB. Sårbarhederne er løst -ved at opgradere MariaDB til den nye opstrømsversion 10.0.25. Se MariaDB 10.0 -Release Notes for flere oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i -version 10.0.25-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mariadb-10.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3595.data" diff --git a/danish/security/2016/dsa-3596.wml b/danish/security/2016/dsa-3596.wml deleted file mode 100644 index 6735ff4074b..00000000000 --- a/danish/security/2016/dsa-3596.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="982153d28bf12f1a52bf3595efa725fb6b31e55d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i spice, en klient- og serverbibliotek som -understøtter SPICE-protokollen. Projektet Common Vulnerabilities and Exposures -har registreret følgende problemer:

- -
    - -
  • CVE-2016-0749 - -

    Jing Zhao fra Red Hat opdagede en hukommelsesallokeringsfejl, førende til - et heapbaseret bufferoverløb i spices smartcard-interaktion. En bruger, der - forbinder sig til en gæste-VM via spice, kunne drage nytte af fejlen til at - udføre vilkårlig kode på værten, med rettighederne hørende til værtens - QEMU-proces.

    • - -
  • CVE-2016-2150 - -

    Frediano Ziglio fra Red Hat opdagede at en ondsindet gæste ind i en - virtuel maskine, kunne drage nytte af den tilsvarende QEMU-proces i værten, - ved hjælp af fabrikerede surface-parametre.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.12.5-1+deb8u3.

- -

Vi anbefaler at du opgraderer dine spice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3596.data" diff --git a/danish/security/2016/dsa-3597.wml b/danish/security/2016/dsa-3597.wml deleted file mode 100644 index e4d86528e03..00000000000 --- a/danish/security/2016/dsa-3597.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="008aa65c7e0c796c1765c91ce28ce910fac30294" mindelta="1" -sikkerhedsopdatering - -

To beslægtede problemer blev opdaget i Expat, et C-bibliotek til fortolkning -af XML.

- -
    - -
  • CVE-2012-6702 - -

    Opstod da - CVE-2012-0876 - blev løst. Stefan Sørensen opdagede at anvendelsen af funktionen - XML_Parse() spirede tilfældigt tal-generatoren, så der blev genereret - gentagne uddata for rand()-kaldene.

    • - -
  • CVE-2016-5300 - -

    Var en følge af en ufuldstændig løsning af - CVE-2012-0876. - Fortolkeren spirede på dårlig vis tilfæligt tal-generatoren, hvilket gjorde - det muligt for en angriber, at forårsage et lammelsesangreb (CPU-forbrug) - gennem en XML-fil med fabrikerede identifikatorer.

    • - -
- -

Du vil måske være nødt til manuelt at genstarte programmer og tjenester, som -anvender expat-biblioteker.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.1.0-6+deb8u3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.1.1-3.

- -

Vi anbefaler at du opgraderer dine expat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3597.data" diff --git a/danish/security/2016/dsa-3598.wml b/danish/security/2016/dsa-3598.wml deleted file mode 100644 index ab3bd751187..00000000000 --- a/danish/security/2016/dsa-3598.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="6035859306f1c9e96e9a85503a3335dbf41fa2b6" mindelta="1" -sikkerhedsopdatering - -

Patrick Coleman opdagede at manglende fornuftighedskontrol af inddata i -ADPCM-dekoderen i medieafspilleren VLC, kunne medføre udførelse af vilkårlig -kode, hvis en misdannet mediefil blev åbnet.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.2.4-1~deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.2.4-1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3598.data" diff --git a/danish/security/2016/dsa-3599.wml b/danish/security/2016/dsa-3599.wml deleted file mode 100644 index 839aa6f8aea..00000000000 --- a/danish/security/2016/dsa-3599.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="b1f5f960e320ff998c00dd9998ef51fbdc6c445f" mindelta="1" -sikkerhedsopdatering - -

Marcin Icewall Noga fra Cisco Talos opdagede en læsning uden for -grænserne-sårbarhed i metoden CInArchive::ReadFileItem i p7zip, et -7zr-filarkiveringsprogram med et højt komprimeringsniveau. En fjernangriber -kunne udnytte fejlen til at forårsage et lammeslesangreb (denial of service) -eller potentielt udførelse af vilkårlig kode med rettighederne hørende til -brugeren, der kører p7zip, hvis en særligt fremstillet UDF-fil blev -behandlet.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 9.20.1~dfsg.1-4.1+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet -i version 15.14.1+dfsg-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 15.14.1+dfsg-2.

- -

Vi anbefaler at du opgraderer dine p7zip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3599.data" diff --git a/danish/security/2016/dsa-3600.wml b/danish/security/2016/dsa-3600.wml deleted file mode 100644 index 4a4e309b52c..00000000000 --- a/danish/security/2016/dsa-3600.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="0621eee42a33586cde7977ef4da0984c3413af72" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Flere hukommelsessikkerhedsfejl, bufferoverløb og andre implementeringsfejl, -kunne føre til udførelse af vilkårlig kode eller spoofing.

- -

Vent, Firefox? Ikke flere referencer til Iceweasel? Rigtigt, Debian -anvender ikke sin egen skræddersyede branding. Se disse links for flere -oplysninger: \ -https://glandium.org/blog/?p=3622, - -https://en.wikipedia.org/wiki/Mozilla_software_rebranded_by_Debian

- -

Debian følger Firefox' udvidet support-udgivelser (ESR). Support af -38.x-serien er ophørt, hvorfor vi fra denne opdatering følger 45.x-udgivelserne, -og på grund af denne opdatering til den næste ESR, anvender vi nu den originale -branding.

- -

Der leveres overgangspakker fra iceweasel-pakkerne, som automatisk opgraderer -til den nye version. Da der skal installeres nye binære pakker, skal du sikre -dig at din opgraderingsmetode tillader det (eksempelvis ved at bruge -apt-get dist-upgrade i stedet for apt-get upgrade).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 45.2.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 45.2.0esr-1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3600.data" diff --git a/danish/security/2016/dsa-3601.wml b/danish/security/2016/dsa-3601.wml deleted file mode 100644 index 34ca7135b58..00000000000 --- a/danish/security/2016/dsa-3601.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="7568704a4526ae8cfe23b86f5b7c39622d2bf6ad" mindelta="1" -sikkerhedsopdatering - -

Adskillige hukommelsessikkerhedsproblemer er fundet i Icedove, Debians udgave -af mail- og newsklienten Mozilla Thunderbird: Adskillige -hukommelsessikkerhedsfejl kunne føre til udførelse af vilkårlig kode eller -lammelsesangreb (denial of service).

- -

Debian følger Thunderbirds udvidet support-udgivelser (ESR). Support af -38.x-serien er ophørt, hvorfor vi fra denne opdatering følger -45.x-udgivelserne.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:45.1.0-1~deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1:45.1.0-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:45.1.0-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3601.data" diff --git a/danish/security/2016/dsa-3602.wml b/danish/security/2016/dsa-3602.wml deleted file mode 100644 index 47355fd4c3d..00000000000 --- a/danish/security/2016/dsa-3602.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="1874829f3421cafebc59623c4718b3ee834d77d8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et skriptsprog til generel anvendelse, -som hyppigt benyttes til udvikling af webappplikationer.

- -

Sårbarhederne er løst ved at opgradere PHP til den nye opstrømsversion -5.6.22, som indeholder yderligere fejlrettelser. Se opstrøms changelog for -flere oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.6.22+dfsg-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3602.data" diff --git a/danish/security/2016/dsa-3603.wml b/danish/security/2016/dsa-3603.wml deleted file mode 100644 index c34a647b2af..00000000000 --- a/danish/security/2016/dsa-3603.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="67ba9caa1d661fba4f9cccaa7bc33a0db704fa02" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er rettet i adskillige demuxere og dekodere hørende -til multimediabiblioteket libav. En komplet liste over ændringerne er -tilgængelig i -\ -https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.7

- -

I den stabile distribution (jessie), er dette problem rettet i -version 6:11.7-1~deb8u1.

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3603.data" diff --git a/danish/security/2016/dsa-3604.wml b/danish/security/2016/dsa-3604.wml deleted file mode 100644 index 76ce9d9b660..00000000000 --- a/danish/security/2016/dsa-3604.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="616b9b70dde0941ba153de8b300a241747d1b964" mindelta="1" -sikkerhedsopdatering - -

En rettighedsforøgelsessårbarhed er fundet i User-modulet i -indholdshåndteringsframeworket Drupal. For yderligere oplysninger, se opstrøms -bulletin på \ -https://www.drupal.org/SA-CORE-2016-002.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 7.32-1+deb8u7.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.44-1.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3604.data" diff --git a/danish/security/2016/dsa-3605.wml b/danish/security/2016/dsa-3605.wml deleted file mode 100644 index c2d32244890..00000000000 --- a/danish/security/2016/dsa-3605.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="4be65f2669b99592257610832c6818b38d10e2e9" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libxslt, et runtimebibliotek til -behandling af XSLT, hvilke kunne føre til informationsafsløring eller -lammelsesangreb (applikationsnedbrud) mod en applikation, som anvender -biblioteket libxslt.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.1.28-2+deb8u1.

- -

Vi anbefaler at du opgraderer dine libxslt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3605.data" diff --git a/danish/security/2016/dsa-3606.wml b/danish/security/2016/dsa-3606.wml deleted file mode 100644 index 0fb2d5b2ed8..00000000000 --- a/danish/security/2016/dsa-3606.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="4ac34c339bc5a23c5a3b29539123226521e2cc15" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at pdfbox, et PDF-bibliotek til Java, var sårbart over for -XML External Entity-angreb.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:1.8.7+dfsg-1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1:1.8.12-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.8.12-1.

- -

Vi anbefaler at du opgraderer dine libpdfbox-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3606.data" diff --git a/danish/security/2016/dsa-3607.wml b/danish/security/2016/dsa-3607.wml deleted file mode 100644 index 1be7c7749c0..00000000000 --- a/danish/security/2016/dsa-3607.wml +++ /dev/null @@ -1,193 +0,0 @@ -#use wml::debian::translation-check translation="c31bc6444c62ba78da659194711cbe157d613dd0" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service) eller -informationslækager.

- -
    - -
  • CVE-2015-7515, - CVE-2016-2184, - CVE-2016-2185, - CVE-2016-2186, - CVE-2016-2187, - CVE-2016-3136, - CVE-2016-3137, - CVE-2016-3138, - CVE-2016-3140 - -

    Ralf Spenneberg fra OpenSource Security rapporterede at forskellige - USB-drivere ikke på tilstrækkelig vis validerede USB-descriptorer. Dermed - var det muligt for en fysisk tilstedeværende bruger, med en særligt designet - USB-enhed, at forårsage et lammelsesangreb (nedbrud).

    • - -
  • CVE-2016-0821 - -

    Solar Designer bemærkede at funktionaliteten poisoning, der har - til formål at dæmpe virkningerne af fejl i listehåndtering i kernen, - anvendte forgiftede værdier inden for intervallet af virtuelle adresser, der - kan allokeres af brugerprocesser.

    • - -
  • CVE-2016-1237 - -

    David Sinquin opdagede at nfsd ikke kontrollerede tilladelser, når ACL'er - blev opsat, hvilket gjorde det muligt for brugere, at give sig selv - tilladelser til en fil, ved at opsætte ACL'en.

    • - -
  • CVE-2016-1583 - -

    Jann Horn fra Google Project Zero rapporterede at filsystemet eCryptfs, - kunne anvendes sammen med proc-filsystemet til at forårsage et - kernestakoverløb. Hvis pakken ecryptfs-utils package er installeret, kunne - lokale brugere udnytte det, gennem programmet mount.ecryptfs_private, til - lammelsesangreb (nedbrud) eller muligvis rettighedsforøgelse.

    • - -
  • CVE-2016-2117 - -

    Justin Yackoski fra Cryptonite opdagede at Atheros L2-ethernetdriveren på - ukorrekt vis aktiverede scatter/gather-I/O. En fjernangriber kunne drage - nytte af fejlen til at få adgang til potentielt følsomme oplysninger fra - kernehukommelsen.

    • - -
  • CVE-2016-2143 - -

    Marcin Koscielnicki opdagede at fork-implementeringen i Linux-kernen på - s390-platforme fejlbehandlede tilfældet med fire sidetabelniveauer, hvilket - gjorde det muligt for lokale brugere at forårsage et lammelsesangreb - (systemnedbrud).

    • - -
  • CVE-2016-3070 - -

    Jan Stancek fra Red Hat opdagede en lokal lammelsesangrebssårbarhed i - AIO-håndteringen.

    • - -
  • CVE-2016-3134 - -

    Google Project Zero-holdet opdagede at netfilter-undersystemet ikke på - tilstrækkelig vis validerede filertabelposter. En bruger med muligheden - CAP_NET_ADMIN kunne udnytte det til lammelsesangreb (nedbrud) eller - muligvis rettighedsforøgelse. Debian deaktiverer som standard navnerum til - upriviligerede brugere; hvis det lokalt er aktiveret med sysctl'en - kernel.unprivileged_userns_clone, giver det mulighed for - rettighedsforøgelse.

    • - -
  • CVE-2016-3156 - -

    Solar Designer opdagede at IPv4-implementeringen i Linux-kernen ikke - udførte destruktionen af inet-enhedsobjekter på korrekt vis. En angriber i - et gæstestyresystem, kunne udnytte fejlen til at forårsage et - lammelsesangreb (netværksudfald) på værtsstyresystemet.

    • - -
  • CVE-2016-3157 / - XSA-171 - -

    Andy Lutomirski opdagede at implementeringen af taskskiftning i x86_64 - (amd64), ikke på korrekt vis opdaterede I/O-rettighedsniveauet, når der - køres som en paravirtuel (PV) Xen-gæst. I nogle opsætninger gav det lokale - brugere mulighed for at forårsage et lammelsesangreb (nedbrud) eller til at - forøge deres rettigheder i gæsten.

    • - -
  • CVE-2016-3672 - -

    Hector Marco og Ismael Ripoll bemærkede at det var muligt at deaktivere - Address Space Layout Randomisation (ASLR) ved x86_32-programmer (i386), ved - at fjerne stakressourcebegrænsningen. Dermed blev det lettere for lokale - brugere at udnytte sikkerhedsfejl i programmer, der har et opsat setuid- - eller setgid-flag.

    • - -
  • CVE-2016-3951 - -

    Man opdagede at cdc_ncm-driveren frigav hukommelse for tidligt, hvis - visse fejl opstod under dens initialisering. Dermed var det muligt for en - fysisk tilstedeværende bruger med en særligt designet USB-enhed, at - forårsage et lammelsesangreb (nedbrud) eller muligvis forøge sine - rettigheder.

    • - -
  • CVE-2016-3955 - -

    Ignat Korchagin rapporterede at usbip-undersystemet ikke kontrollerede - længden på data modtaget til en USB-buffer. Dermed var lammelsesangreb - (nedbrud) eller rettighedsforøgelse muligt på et system opsat som en - usbip-klient, af usbip-serveren eller af en angriber med mulighed for at - udgive sig for den over netværket. Et system opsat som en usbip-server - kunne være sårbar på tilsvarende vis over for fysisk tilstedeværende - brugere.

    • - -
  • CVE-2016-3961 / - XSA-174 - -

    Vitaly Kuznetsov fra Red Hat opdagede at Linux tillod anvendelse af - hugetlbfs på x86-systemer (i386 og amd64), selv når der blev kørt som en - paravirtualiseret (PV) Xen-gæst, dog understøtter Xen ikke enorme sider. - Dermed kunne brugere med adgang til /dev/hugepages forårsage et - lammelsesangreb (nedbrud) i gæsten.

    • - -
  • CVE-2016-4470 - -

    David Howells fra Red Hat opdagede at en lokal bruger kunne udløse en - fejl i Linux-kernens håndtering af nøgleopslag i keychain-undersystemet, - førende til et lammelsesangreb (nedbrud) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2016-4482, - CVE-2016-4485, - CVE-2016-4486, - CVE-2016-4569, - CVE-2016-4578, - CVE-2016-4580, - CVE-2016-5243, - CVE-2016-5244 - -

    Kangjie Lu rapporterede at faciliteterne USB-devio, llc, rtnetlink, - ALSA-timer, x25, tipc og rds lækkede oplysninger fra kernestakken.

    • - -
  • CVE-2016-4565 - -

    Jann Horn fra Google Project Zero rapporterede at forskellige komponenter - i InfiniBand-stak implementerede usædvanlig semantik for write()-handling. - På et system med indlæste InfiniBand-drivere, kunne lokale brugere udnytte - dette til lammelsesangreb eller rettighedsforøgelse.

    • - -
  • CVE-2016-4581 - -

    Tycho Andersen opdagede at under nogle omstændigheder, håndterede - Linux-kernen ikke videreførte mounts på korrekt vis. En lokal bruger kunne - drage nytte af fejlen til at forårsage et lammelsesangreb - (systemnedbrud).

    • - -
  • CVE-2016-4805 - -

    Baozeng Ding opdagede et tilfælde af anvendelse efter frigivelse i det - generiske PPP-lag i Linux-kernen. En lokal bruger kunne drage nytte af - fejlen til at forårsage et lammelsesangreb (systemnedbrud) eller potentielt - forøge sine rettigheder.

    • - -
  • CVE-2016-4913 - -

    Al Viro opdagede at implementeringen af ISO9660-filsystemet ikke på - korrekt vis optalte længden af visse ugyldige navneposter. Læsning af en - mappe indeholdende sådanne navneposter, kunne lække oplysninger fra - kernehukommelsen. Brugere med tilladelse til at mounte diske eller - diskaftryk, kunne udnytte fejlen til at få adgang til følsomme - oplysninger.

    • - -
  • CVE-2016-4997 / - CVE-2016-4998 - -

    Jesse Hertz og Tim Newsham opdagede at manglende fornuftighedskontrol af - inddata i håndteringen af Netfilter-socket, kunne medføre lammelsesangreb. - Debian deaktiverer som standard navnerum til upriviligerede brugere; hvis - det lokalt er aktiveret med sysctl'en kernel.unprivileged_userns_clone, - giver det også mulighed for rettighedsforøgelse.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.16.7-ckt25-2+deb8u2.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3607.data" diff --git a/danish/security/2016/dsa-3608.wml b/danish/security/2016/dsa-3608.wml deleted file mode 100644 index 4604e391a0e..00000000000 --- a/danish/security/2016/dsa-3608.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="2e36ed9befc5a6e0765f0437e22d53912068247c" mindelta="1" -sikkerhedsopdatering - -

Aleksandar Nikolic opdagede at manglende fornuftighedskontrol af inddata i -RTF-fortolkeren i Libreoffice, kunne medføre udførelse af vilkårlig kode, hvis -et misdannet dokument blev åbnet.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:4.3.3-2+deb8u5.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1:5.1.4~rc1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:5.1.4~rc1-1.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3608.data" diff --git a/danish/security/2016/dsa-3609.wml b/danish/security/2016/dsa-3609.wml deleted file mode 100644 index 114c0c52b0b..00000000000 --- a/danish/security/2016/dsa-3609.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="4f1f95d225a725d6b29a8750973d2dd25a20f125" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder blev opdaget i Tomcat-servlet'en og -JSP-motoren, hvilke kunne medføre informationsafsløring, omgåelse af -CSRF-beskyttelser, omgåelse af SecurityManager eller lammelsesangreb (denial of -service).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 8.0.14-1+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 8.0.36-1.

- -

Vi anbefaler at du opgraderer dine tomcat8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3609.data" diff --git a/danish/security/2016/dsa-3610.wml b/danish/security/2016/dsa-3610.wml deleted file mode 100644 index 825300c2ef6..00000000000 --- a/danish/security/2016/dsa-3610.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="7a716b9ab0c82b7f83a72f21910992197af35966" mindelta="1" -sikkerhedsopdatering - -

Brandon Perry opdagede at xerces-c, et validerende XML-fortolkningsbibliotek -til C++, ikke kunne fortolke en DTD med succes, hvis den er dybt forgrenet, -forårsagende et stakoverløb. En uautoriseret fjernangriber kunne drage nytte -af fejlen til at forårsage et lammelsesangreb (denial of service) mod -applikationer, som anvender biblioteket xerces-c.

- -

Desuden indeholder denne opdatering en udvidelse, som gør det muligt for -apllikationer fuldstændigt at deaktivere DTD-behandling, ved brug af en -miljøvariabel (XERCES_DISABLE_DTD).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.1.1-5.1+deb8u3.

- -

Vi anbefaler at du opgraderer dine xerces-c-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3610.data" diff --git a/danish/security/2016/dsa-3611.wml b/danish/security/2016/dsa-3611.wml deleted file mode 100644 index 7b688ee52f9..00000000000 --- a/danish/security/2016/dsa-3611.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="db64faa366f6d0c5e744a353df6e49b4f1ca6062" mindelta="1" -sikkerhedsopdatering - -

TERASOLUNA Framework Development Team opdagede en lammelsesangrebsårbarhed -(denial of service) i Apache Commons FileUpload, en pakke der gør det let at -tilføje en robust og højtydende filuploadmulighed til servlets og -webapplikationer. En fjernangriber kunne drage nytte af fejlen ved at sende -filuploadforespørgsler, som medførte at HTTP-serveren, som anvender Apache -Commons Fileupload-biblioteket, holdt op med at svare, hvilket forhindrede -serveren i at betjene andre forespørgsler.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.3.1-1+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet i -version 1.3.2-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3.2-1.

- -

Vi anbefaler at du opgraderer dine libcommons-fileupload-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3611.data" diff --git a/danish/security/2016/dsa-3612.wml b/danish/security/2016/dsa-3612.wml deleted file mode 100644 index 5d1bb79e493..00000000000 --- a/danish/security/2016/dsa-3612.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="2684c27fe4b209c4c423f4f2b1207e56256ec8b9" mindelta="1" -sikkerhedsopdatering - -

Shmuel H opdagede at GIMP, GNU Image Manipulation Program, var ramt af en -sårbarhed i forbindelse med anvendelse efter frigivelse i processen der -fortolker egenskaberne channel og layer når en XCF-fil indlæses. En angriber -kunne drage nytte af fejlen til at potentielt at udføre vilkårlig kode med -rettighederne hørende til den bruger, der kører GIMP, hvis en særligt -fremstillet XCF-fil blev behandlet.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.8.14-1+deb8u1.

- -

Vi anbefaler at du opgraderer dine gimp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3612.data" diff --git a/danish/security/2016/dsa-3613.wml b/danish/security/2016/dsa-3613.wml deleted file mode 100644 index c2a0d0b06a6..00000000000 --- a/danish/security/2016/dsa-3613.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="754f785153be5c3f4eb72eea0e44982e9247b8a4" mindelta="1" -sikkerhedsopdatering - -

Vivian Zhang og Christoph Anton Mitterer opdagede at opsætning af en tom -VNC-adgangskode ikke fungerer som dokumenteret i Libvirt, et -virtualiserings-abstraktionsbibliotek. Når adgangskoden på en VNC-server er -opsat til en tom streng, blev autentificering på VNC-serveren deaktiveret, -hvilket gjorde det muligt for enhver bruger at forbide sig, på trods af at -dokumentationen erklærer at opsætning af en tom adgangskode til VNC-serveren -forhindrer alle klienter i at forbinde sig. Med denne opdatering håndhæves -den nævnte virkemåde, ved at sætte adgangskodens udløb til now.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.2.9-9+deb8u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.0-1.

- -

Vi anbefaler at du opgraderer dine libvirt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3613.data" diff --git a/danish/security/2016/dsa-3614.wml b/danish/security/2016/dsa-3614.wml deleted file mode 100644 index 0ad4a6069ce..00000000000 --- a/danish/security/2016/dsa-3614.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="f005b5e6651b4e9b1b52e4069a0b639bd28b764b" mindelta="1" -sikkerhedsopdatering - -

TERASOLUNA Framework Development Team opdagede en lammelsesangrebsårbarhed -(denial of service) i Apache Commons FileUpload, en pakke der gør det let at -tilføje en robust og højtydende filuploadmulighed til servlets og -webapplikationer. En fjernangriber kunne drage nytte af fejlen ved at sende -filuploadforespørgsler, som medførte at HTTP-serveren, som anvender Apache -Commons Fileupload-biblioteket, holdt op med at svare, hvilket forhindrede -serveren i at betjene andre forespørgsler.

- -

Apache Tomcat anvender en i pakken omdøbt kopi af Apache Commons FileUpload -til implementering af filuploadkravene i Servlet-specifikationen, og er derfor -også sårbar over for lammelsesangrebssårbarheden.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 7.0.56-3+deb8u3.

- -

I distributionen testing (stretch), er dette problem rettet i -version 7.0.70-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.0.70-1.

- -

Vi anbefaler at du opgraderer dine tomcat7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3614.data" diff --git a/danish/security/2016/dsa-3615.wml b/danish/security/2016/dsa-3615.wml deleted file mode 100644 index 9a2d9d7c151..00000000000 --- a/danish/security/2016/dsa-3615.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="8f2f87ee290d399d74d222530c56082ec0bffe61" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i dissektorerne/fortolkerne af PKTC, -IAX2, GSM CBCH og NCP, SPOOLS, IEEE 802.11, UMTS FP, USB, Toshiba, CoSine, -NetScreen og WBXML, hvilke kunne medføre lammelsesangreb (denial of service) -eller potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.12.1+g01b65bf-4+deb8u7.

- -

I distributionen testing (stretch), er disse problemer rettet i -version 2.0.4+gdd7746e-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.0.4+gdd7746e-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3615.data" diff --git a/danish/security/2016/dsa-3616.wml b/danish/security/2016/dsa-3616.wml deleted file mode 100644 index 31eb2945ea7..00000000000 --- a/danish/security/2016/dsa-3616.wml +++ /dev/null @@ -1,54 +0,0 @@ -#use wml::debian::translation-check translation="753fa5ffd1f55a94a83f990ee5198c5555a040ef" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service) eller -informationsafsløring.

- -
    - -
  • CVE-2014-9904 - -

    Man opdagede at funktionen snd_compress_check_input, der anvendes i - ALSA-undersystemet, ikke på korrekt vis kontrollerede for et heltalsoverløb, - hvilket gjorde det muligt for en lokal bruger at forårsage et - lammelsesangreb.

    • - -
  • CVE-2016-5728 - -

    Pengfei Wang opdagede en kapløbstilstand i MIC VOP-driveren, hvilken - kunne gøre det muligt for en lokal bruger at få adgang til følsomme - oplysninger fra kernehukommelse eller forårsage et lammelsesangreb.

    • - -
  • CVE-2016-5828 - -

    Cyril Bur og Michael Ellerman opdagede en fejl i håndteringen af - Transactional Memory på powerpc-systemer, hvilket gjorde det muligt for en - lokal bruger, at forårsage et lammelsesangreb (kernenedbrud) eller muligvis - have anden ikke-angivet virkning, ved at starte en transaktion, suspendere - den og dernæst kalde et vilkårligt systemkald af klassen exec().

    • - -
  • CVE-2016-5829 - -

    En heapbaseret bufferoverløbssårbarhed blev fundet i hiddev-driveren, - hvilken gjorde det muligt for en lokal bruger at forårsage et - lammelsesangreb eller potentielt forsøge sine rettigheder.

    • - -
  • CVE-2016-6130 - -

    Pengfei Wang opdagede en fejl i S/390's drivere til tegnenheder, - potentielt førende til informationslækage med /dev/sclp.

    • - -
- -

Desuden retter denne opdatering en regression i ebtables-faciliteten -(#828914), som opstod i forbindelse med DSA-3607-1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.16.7-ckt25-2+deb8u3.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3616.data" diff --git a/danish/security/2016/dsa-3617.wml b/danish/security/2016/dsa-3617.wml deleted file mode 100644 index b64acd265b3..00000000000 --- a/danish/security/2016/dsa-3617.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="bf18829a8856da537bfcceddead90693d2933488" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder i forbindelse med udførelse af skripter på tværs af websteder -er fundet i Horizon, en webapplikation til kontrollering af en -OpenStack-sky.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -2014.1.3-7+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet i version -3:9.0.1-2.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -3:9.0.1-2.

- -

Vi anbefaler at du opgraderer dine horizon-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3617.data" diff --git a/danish/security/2016/dsa-3618.wml b/danish/security/2016/dsa-3618.wml deleted file mode 100644 index 3470868c408..00000000000 --- a/danish/security/2016/dsa-3618.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="5d1908bd33e7a4acfcc37804a955efc8590dae05" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et generelt anvendeligt skriptsprog, som -hyppigt anvendes til udvikling af webapplikationer.

- -

Sårbarhederne er løst ved at opgradere PHP til den nye opstrømsversion -5.6.23, som indeholder yderligere fejlrettelser. Se opstrøms changelog for -flere oplysninger:

- -

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.6.23+dfsg-0+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.0.8-1 af kildekodepakken php7.0.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3618.data" diff --git a/danish/security/2016/dsa-3619.wml b/danish/security/2016/dsa-3619.wml deleted file mode 100644 index d0d4a94717a..00000000000 --- a/danish/security/2016/dsa-3619.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="fcae5f7dc68624506181a46cc365114aa2354240" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libgd2, et bibliotek til programmatisk -oprettelse og behandling af grafik. En fjernangriber kunne udnytte fejlene til -at forårsage et lammelsesangreb (denial of service) mod en applikation, der -anvender biblioteket libgd2 library (applikationsnedbrud) eller potentielt -udføre vilkårlig kode med rettighederne hørende til den bruger, der kører -applikationen.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.1.0-5+deb8u4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.2.2-29-g3c2b605-1 eller tidligere.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3619.data" diff --git a/danish/security/2016/dsa-3620.wml b/danish/security/2016/dsa-3620.wml deleted file mode 100644 index 00a66d122a4..00000000000 --- a/danish/security/2016/dsa-3620.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="571176afeaeecd5cfd996e1bf7554cf533639b72" mindelta="1" -sikkerhedsopdatering - -

Yves Younan fra Cisco Talos opdagede flere sårbarheder i understøttelsen af -MXit-protokollen i pidgin, en chatklient som understøtter flere protokoller. En -fjernangriber kunne drage nytte af fejlene til at forårsage et lammelsesangreb -(applikationsnedbrud), overskrive filer, informationsafsløring eller potentielt -udføre vilkårlig kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.11.0-0+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 2.11.0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.11.0-1.

- -

Vi anbefaler at du opgraderer dine pidgin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3620.data" diff --git a/danish/security/2016/dsa-3621.wml b/danish/security/2016/dsa-3621.wml deleted file mode 100644 index 2fb0f3774b3..00000000000 --- a/danish/security/2016/dsa-3621.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="a1c93513e93d9273b6cf26374d864a61d767ea80" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i mysql-connector-java, en Java-databasedriver -(JDBC) til MySQL, der kunne medføre uautoriseret adgang til update, insert eller -delete i nogle MySQL Connectors' tilgængelige data såvel som læseadgang til en -delmængde af MySQL Connectors' tilgængelige data. Sårbarheden er løst ved at -opgradere mysql-connector-java til den nye opstrømsversion 5.1.39, som -indeholder yderligere ændringer, så som fejlrettelser, ny funktionalitet og -muligvis inkompatible ændringer. Se MySQL Connector/J Release Notes og Oracles -Critical Patch Update-bulletin for flere oplysninger:

- - - -

I den stabile distribution (jessie), er dette problem rettet i -version 5.1.39-1~deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-connector-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3621.data" diff --git a/danish/security/2016/dsa-3622.wml b/danish/security/2016/dsa-3622.wml deleted file mode 100644 index b1657b6cac7..00000000000 --- a/danish/security/2016/dsa-3622.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="583dd6a97bf2727e6e8d8bf4bbceb70e3c271a14" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Django, et Python-webudviklingsmiljø på højt niveau, var -sårbart over for en sårbarhed i forbindelse med udførelse af skripter på tværs -af websteder i admin'ens popup med relation til tilføjelse/ændring.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.7.7-1+deb8u5.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3622.data" diff --git a/danish/security/2016/dsa-3623.wml b/danish/security/2016/dsa-3623.wml deleted file mode 100644 index a4ea510d26f..00000000000 --- a/danish/security/2016/dsa-3623.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="6e8fd4c3a33ed592e540949922cefbc0c1c9fcd7" mindelta="1" -sikkerhedsopdatering - -

Scott Geary fra VendHQ opdagede at Apache HTTPD-serveren anvendte værdien fra -Proxy-headeren fra HTTP-forespørgler, til at initialisere miljøvariablen -HTTP_PROXY til CGI-skripter, hvilket dernæst blev anvendt ukorrekt af visse -HTTP-klientimplementeringer til opsætning af proxyen til udgående -HTTP-forespørgsler. En fjernangriber kunne muligvis udnytte fejlen til at -viderestille HTTP-forespørgsler udført at et CGI-skript gennem en ondsindet -HTTP-forespørgsel til en proxy, der er kontrolleret af en angriber.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.4.10-10+deb8u5.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3623.data" diff --git a/danish/security/2016/dsa-3624.wml b/danish/security/2016/dsa-3624.wml deleted file mode 100644 index 8adf98f5d7c..00000000000 --- a/danish/security/2016/dsa-3624.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="091ae6de00b1cfc9f55f2a537ff7801188188da0" mindelta="1" -sikkerhedsopdatering - -

Flere problemer blev opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion 5.5.50. Se MySQL 5.5 Release -Notes og Oracles Critical Patch Update-bulletin for flere oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.5.50-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3624.data" diff --git a/danish/security/2016/dsa-3625.wml b/danish/security/2016/dsa-3625.wml deleted file mode 100644 index 93b422c6da2..00000000000 --- a/danish/security/2016/dsa-3625.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="b2c14ebf52604f87699d19381e989a0df1706c12" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer blev opdaget i caching-proxy'en Squid.

- -
    - -
  • CVE-2016-4051: - -

    CESG og Yuriy M. Kaminskiy opdagede at Squids cachemgr.cgi var sårbar - over for et bufferoverløb, når der blev behandlet fjernleverede inddata - gennem Squid.

    • - -
  • CVE-2016-4052: - -

    CESG opdagede at et bufferoverløb gjorde Squid sårbar over for et - lammelsesangreb (denial of Service, DoS), når der blev behandlet - ESI-svar.

    • - -
  • CVE-2016-4053: - -

    CESG opdagede at Squid var sårbar over for offentliggørelse af - serverstaklayoutet, når der blev behandlet ESI-svar.

    • - -
  • CVE-2016-4054: - -

    CESG opdagede at Squid var sårbar over for fjernudførelse af kode, når - der blev behandlet ESI-svar.

    • - -
  • CVE-2016-4554: - -

    Jianjun Chen opdagede at Squid var sårbar over for et - headersmuglingsangreb, som kunne føre til cacheforgiftning og til omgåelse - af samme ophav-sikkerhedspolicy i Squid og nogle klientbrowsere.

    • - -
  • CVE-2016-4555, - CVE-2016-4556: - -

    bfek-18 og @vftable opdagede at Squid var sårbar over for - et lammelsesangreb (DoS), når der blev behandlet ESI-svar, på grund af - ukorrekt pointerhåndtering og referenceoptælling.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.4.8-6+deb8u3.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -disse problemer rettte i version 3.5.19-1.

- -

Vi anbefaler at du opgraderer dine squid3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3625.data" diff --git a/danish/security/2016/dsa-3626.wml b/danish/security/2016/dsa-3626.wml deleted file mode 100644 index 87f9ff5ec75..00000000000 --- a/danish/security/2016/dsa-3626.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="867f67e53befc8a6ea3564bd2a3e435de1a0085b" mindelta="1" -sikkerhedsopdatering - -

Eddie Harari rapporterede at OpenSSH's SSH-dæmon tillod brugeroptælling -gennem timingforskelle, når der blev prøvet at autentificere brugere. Når sshd -prøver at autentificere en ikke-eksisterende bruger, opsamlede den en falsk -adgangskodestruktur med en hash baseret på Blowfish-algoritmen. Hvis rigtige -brugeradgangskoder er hash'et ved hjælp af SHA256/SHA512, kunne en fjernangriber -drage nytte af fejlen til at sende store adgangskoder og modtage svar på kortere -tid fra serveren ved ikke-eksisterende brugere.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:6.7p1-5+deb8u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:7.2p2-6.

- -

Vi anbefaler at du opgraderer dine openssh-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3626.data" diff --git a/danish/security/2016/dsa-3627.wml b/danish/security/2016/dsa-3627.wml deleted file mode 100644 index 52eb2ffd535..00000000000 --- a/danish/security/2016/dsa-3627.wml +++ /dev/null @@ -1,98 +0,0 @@ -#use wml::debian::translation-check translation="d16e13f13ca767e91ca33798629e23ebcc86d83d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er rettet i phpMyAdmin, den webbaserede administrative -grænseflade til MySQL.

- -
    - -
  • CVE-2016-1927 - -

    Funktionen suggestPassword var afhængig af en tilfældigt tal-generator, - som var usikker, hvilket gjorde det lettere for fjernangribere at gætte - genererede adgangskoder gennem en råstyrkeindgangsvinkel.

    • - -
  • CVE-2016-2039 - -

    CSRF-tokenværdier blev genereret af en usikker tilfældigt tal-generator, - hvilket gjorde det muligt for fjernangirbere at omgå tilsigtede - adgangsbegrænsninger ved at forudsige en værdi.

    • - -
  • CVE-2016-2040 - -

    Adskillige sårbarheder i forbindelse med udførelse af skripter på tværs - af websteder (XSS), gjorde det muligt for fjernautentificerede brugere at - indsprøjte webskript eller HTML.

    • - -
  • CVE-2016-2041 - -

    phpMyAdmin anvendte ikke en kontant tid-algoritme til sammenligning af - CSRF-tokens, hvilket gjorde det lettere for fjernangribere at omgå - tilsigtede adgangsbegrænsninger ved at måle tidsforskelle.

    • - -
  • CVE-2016-2560 - -

    Adskillige sårbarheder i forbindelse med udførelse af skripter på tværs - af websteder (XSS), tillod at fjernangribere kunne indsprøjte vilkårligt - webskript eller HTML.

    • - -
  • CVE-2016-2561 - -

    Adskillige sårbarheder i forbindelse med udførelse af skripter på tværs - af websteder (XSS), tillod at fjernangribere kunne indsprøjte vilkårligt - webskript eller HTML.

    • - -
  • CVE-2016-5099 - -

    Adskillige sårbarheder i forbindelse med udførelse af skripter på tværs - af websteder (XSS), tillod at fjernangribere kunne indsprøjte vilkårligt - webskript eller HTML.

    • - -
  • CVE-2016-5701 - -

    I installationer hvor der anvendes almindelig HTTP, tillod phpMyAdmin at - fjernangribere kunne foretage BBCode-indsprøjtningsangreb mod HTTP-sessioner - gennem en fabrikeret URI.

    • - -
  • CVE-2016-5705 - -

    Adskillige sårbarheder i forbindelse med udførelse af skripter på tværs - af websteder (XSS), tillod at fjernangribere kunne indsprøjte vilkårligt - webskript eller HTML.

    • - -
  • CVE-2016-5706 - -

    phpMyAdmin tillod af fjernangribere kunne forårsage et lammelsesangreb - (ressourceforbrug) gennem et stort array in scripts-parameteret.

    • - -
  • CVE-2016-5731 - -

    En sårbarhed i forbindelse med udførelse af skripter på tværs af - websteder (XSS), tillod at fjernangribere kunne indsprøjte vilkårlig - webskript eller HTML.

    • - -
  • CVE-2016-5733 - -

    Adskillige sårbarheder i forbindelse med udførelse af skripter på tværs - af websteder (XSS), tillod at fjernangribere kunne indsprøjte vilkårligt - webskript eller HTML.

    • - -
  • CVE-2016-5739 - -

    En særligt fremstillet Transformation kunne føre til informationslækage, - hvilket en fjernangriber kunne anvende til at udføre - forspørgselsforfalskninger på tværs af servere.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4:4.2.12-2+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4:4.6.3-1.

- -

Vi anbefaler at du opgraderer dine phpmyadmin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3627.data" diff --git a/danish/security/2016/dsa-3628.wml b/danish/security/2016/dsa-3628.wml deleted file mode 100644 index cf7f105aeaa..00000000000 --- a/danish/security/2016/dsa-3628.wml +++ /dev/null @@ -1,78 +0,0 @@ -#use wml::debian::translation-check translation="8a7e345236fb211e9084fad1e2dc638bf2afe8b0" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i implementeringen af -programmeringssproget Perl. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2016-1238 - -

    John Lightsey og Todd Rinaldo rapporterede at den opportunistiske - indlæsning af valgfrie moduler, kunne få mange program til at utilsigtet at - indlæse kode fra en aktuelle arbejdsmappe (som kan ændres til en anden mappe - uden at brugeren er opmærksom på det) og potentielt føre til - rettighedsforøgelse, som demonstreret i Debian med visse kombinationer af - installerede pakker.

    - -

    Problemet er relateret til Perls indlæsning af moduler fra - includes-mappearrayet ("@INC"), hvor det sidste element er den aktuelle - mappe (.). Det betyder at når perl ønsker at indlæse et modul - (under firste kompilering eller under doven indlæsning af et modul på - kørselstidspunktet), kigger perl til sidst efter modulet i den aktuelle - mappe, da . er den sidst medtagne mappe i dens array bestående af - indclude-mapper, som skal gennemsøges. Problemet drejer sig om at kræve - biblioteker i ., men som ellers ikke er installeret.

    - -

    Med denne opdatering opdateres flere moduler, hvor det er kendt at de er - sårbare, til ikke at indlæse moduler fra den aktuelle mappe.

    - -

    Desuden tillader denne opdatering, at man via opsætningen kan fjerne - . fra @INC i /etc/perl/sitecustomize.pl i en overgangsperiode. Det - anbefales at aktivere indstilling, hvis man har vurderet hvorvidt det vil - påvirke kørende sites. Problemer i pakkerne som leveres via Debian, som - følge af indstillingen til at fjerne . fra @INC, skal rapporteres til - Perl-vedligeholderne på perl@packages.debian.org .

    - -

    Det er planlagt at skifte tli som standard at fjerne . i @INC i en - efterfølgende opdatering af perl gennem en punktopdatering, om muligt, og i - hvert fald i den kommende stabile udgave, Debian 9 (stretch).

    • - -
  • CVE-2016-6185 - -

    Man opdagede at XSLoader, et kernemodul i Perl til dynamisk indlæsning af - C-biblioteker i Perl-kode, kunne indlæse delte biblioteker fra ukorrekte - placeringer. XSLoader anvender caller()-oplysninger til at finde .so-filen, - der skal indlæses. Det kan være forkert, hvis XSLoader::load() kaldes i en - streng-eval. En angriber kunne drage nytte af fejlen til at udføre - vilkårlig kode.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i version -5.20.2-3+deb8u6. Desuden indeholder denne opdatering følgende opdaterede pakker -til løsning af valgfri modulindlæsningssårbarhederne med relation til -\ -CVE-2016-1238, eller til løsning af opbygningsfejl, der opstår når . -fjernes fra @INC:

- -
    -
  • cdbs 0.4.130+deb8u1
    • -
  • debhelper 9.20150101+deb8u2
    • -
  • devscripts 2.15.3+deb8u12
    • -
  • exim4 4.84.2-2+deb8u12
    • -
  • libintl-perl 1.23-1+deb8u12
    • -
  • libmime-charset-perl 1.011.1-1+deb8u22
    • -
  • libmime-encwords-perl 1.014.3-1+deb8u12
    • -
  • libmodule-build-perl 0.421000-2+deb8u12
    • -
  • libnet-dns-perl 0.81-2+deb8u12
    • -
  • libsys-syslog-perl 0.33-1+deb8u12
    • -
  • libunicode-linebreak-perl 0.0.20140601-2+deb8u22
    • -
- -

Vi anbefaler at du opgraderer dine perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3628.data" diff --git a/danish/security/2016/dsa-3629.wml b/danish/security/2016/dsa-3629.wml deleted file mode 100644 index ad7eda6eda7..00000000000 --- a/danish/security/2016/dsa-3629.wml +++ /dev/null @@ -1,80 +0,0 @@ -#use wml::debian::translation-check translation="b34685cf85074cebb072c828dadcfc9b147e052b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i dæmon- og utilityprogrammerne til Network -Time Protocol:

- -
    - -
  • CVE-2015-7974 - -

    Matt Street opdagede at utilstrækkelig nøglevalidering tillod - imitationsangreb mellem autentificerede peers.

    • - -
  • CVE-2015-7977 - CVE-2015-7978 - -

    Stephen Gray opdagede at en NULL-pointerdereference og et bufferoverløb i - håndteringen af ntpdc reslist-kommandoer kunne medføre - lammelsesangreb (denial of service).

    • - -
  • CVE-2015-7979 - -

    Aanchal Malhotra opdagede at hvis NTP er opsat til broadcast-tilstand, - kunne en angriber sende misdannede autentifikationspakker, hvilket ødelagde - associationer med serveren, for andre broadcast-klienter.

    • - -
  • CVE-2015-8138 - -

    Matthew van Gundy og Jonathan Gardner opdagede at manglende validering af - ophavstidsstemplinger i ntpd-klienter kunne medføre - lammelsesangreb.

    • - -
  • CVE-2015-8158 - -

    Jonathan Gardner opdagede at manglende fornuftighedskontrol af inddata i - ntpq kunne medføre lammelsesangreb.

    • - -
  • CVE-2016-1547 - -

    Stephen Gray og Matthew van Gundy opdagede at ukorrekt håndtering af - crypto-NAK-pakker kunne medføre lammelsesangreb.

    • - -
  • CVE-2016-1548 - -

    Jonathan Gardner og Miroslav Lichvar opdagede at ntpd-klienter kunne - tvinges til at skifte fra basal klient-/servertilstand til interleaved, - symmetrisk tilstand, hvilket forhindrede tidssynkronisering.

    • - -
  • CVE-2016-1550 - -

    Matthew van Gundy, Stephen Gray og Loganaden Velvindron opdagede at - timinglækager i pakkeautentifikationskode, kunne medføre gendannelse af en - meddelelsesdigest.

    • - -
  • CVE-2016-2516 - -

    Yihan Lian opdagede at duplikerede IP'er på unconfig-direktiver, - udløste en assert.

    • - -
  • CVE-2016-2518 - -

    Yihan Lian opdagede at en OOB-hukommelsestilgang potentielt kunne få - ntpd til at gå ned.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:4.2.6.p5+dfsg-7+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1:4.2.8p7+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:4.2.8p7+dfsg-1.

- -

Vi anbefaler at du opgraderer dine ntp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3629.data" diff --git a/danish/security/2016/dsa-3630.wml b/danish/security/2016/dsa-3630.wml deleted file mode 100644 index 6aed97f3fd8..00000000000 --- a/danish/security/2016/dsa-3630.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="a63b51df905df9f190c847d2974b0b55df8b2c91" mindelta="1" -sikkerhedsopdatering - -

Secunia Research ved Flexera Software opdagede en heltalsoverløbssårbarhed i -funktionen _gdContributionsAlloc() i libgd2, et bibliotek til programmatisk -oprettelse og behandling af grafik. En fjernangriber kunne drage nytte af -fejlen til at forårsage et lammelsesangreb (denial of service) mod en -applikation, som anvender biblioteket libgd2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.1.0-5+deb8u6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.2.2-43-g22cba39-1.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3630.data" diff --git a/danish/security/2016/dsa-3631.wml b/danish/security/2016/dsa-3631.wml deleted file mode 100644 index ff016d56632..00000000000 --- a/danish/security/2016/dsa-3631.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="c06d4634d8bcf87f1e447bd62382305be457e1de" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et generelt anvendelse skriptsprog, der -normalt anvendes til udvikling af webapplikationer.

- -

Sårbarhederne er løst ved at opgradere PHP til den nye opstrømsversion -5.6.24, der indeholder yderligere fejlrettelser. Se opstrøms changelog for -flere oplysninger:

- -

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.6.24+dfsg-0+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.0.9-1 af kildekodepakken php7.0.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3631.data" diff --git a/danish/security/2016/dsa-3632.wml b/danish/security/2016/dsa-3632.wml deleted file mode 100644 index 635c1217c41..00000000000 --- a/danish/security/2016/dsa-3632.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="0ecbc31b11c68b8e80ca633ca75b17e1327d8ba0" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MariaDB. Sårbarhederne er løst -ved at opgradere MariaDB til den nye opstrømsversion 10.0.26. Se MariaDB 10.0 -Release Notes for flere oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i -version 10.0.26-0+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 10.0.26-1.

- -

Vi anbefaler at du opgraderer dine mariadb-10.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3632.data" diff --git a/danish/security/2016/dsa-3633.wml b/danish/security/2016/dsa-3633.wml deleted file mode 100644 index aea9f3f3393..00000000000 --- a/danish/security/2016/dsa-3633.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="9ea4c8575158a05eacae4edd0df9326fd06d935d" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisoren Xen. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2015-8338 - -

    Julien Grall opdagede at Xen på ARM var sårbar over for lammelsesangreb - (denial of service) gennem længekørende hukommelseshandlinger.

    • - -
  • CVE-2016-4480 - -

    Jan Beulich opdagede at ukorrekt pagetable-håndtering, kunne medføre - rettighedsforøgelse inde i en Xen-gæsteinstans.

    • - -
  • CVE-2016-4962 - -

    Wei Liu opdagede adskillige tilfælde af manglende fornuftighedskontrol af - inddata i libxl, hvilke kunne medføre lammelsesangreb.

    • - -
  • CVE-2016-5242 - -

    Aaron Cornelius opdagede at ukorrekt ressourcehåndtering på ARM-systemer, - kunne medføre lammelsesangreb.

    • - -
  • CVE-2016-6258 - -

    Jeremie Boutoille opdagede at ukorrekt pagetable-håndtering i - PV-instanser, kunne medføre i gæst til vært-rettighedsforøgelse.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.4.1-9+deb8u6.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3633.data" diff --git a/danish/security/2016/dsa-3634.wml b/danish/security/2016/dsa-3634.wml deleted file mode 100644 index d0e0f4a458e..00000000000 --- a/danish/security/2016/dsa-3634.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="89526e08249000715306a05d91f9114c5ed21b05" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at redis, en persistent key-value-database, ikke på korrekt vis -beskyttede redis-cli-historikfiler: de blev som stanrdard oprettet med -verdensskrivbare rettigheder.

- -

Brugere og systemadministratorer kan overveje, proaktivt at ændre -rettighederne på eksisterende ~/rediscli_history-filer, i stedet for at vente -på at den opdaterede redis-cli gør det næste gang den kører.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2:2.8.17-1+deb8u5.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 2:3.2.1-4.

- -

Vi anbefaler at du opgraderer dine redis-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3634.data" diff --git a/danish/security/2016/dsa-3635.wml b/danish/security/2016/dsa-3635.wml deleted file mode 100644 index bc786d36377..00000000000 --- a/danish/security/2016/dsa-3635.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="db5ac4d1c42493930fdb30d7b97a667c3b4e73dd" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder i forbindelse med anvendelse efter frigivelse, blev opdaget i -DBD::mysql, en Perl-DBI-driver til databaseserveren MySQL. En fjernangriber -kunne drage nytte af fejlene til at forårsage et lammelsesangreb (denial of -service) mod en applikation, der anvender DBD::mysql (applikationsnedbrud)) -eller potenitielt til at udføre vilkårlig kode med rettighederne hørende til den -bruger, der kører applikationen.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.028-2+deb8u1.

- -

Vi anbefaler at du opgraderer dine libdbd-mysql-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3635.data" diff --git a/danish/security/2016/dsa-3636.wml b/danish/security/2016/dsa-3636.wml deleted file mode 100644 index 9fe4dc786d6..00000000000 --- a/danish/security/2016/dsa-3636.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="2d9e99166ee2dccf1e88363126a524dc080fe523" mindelta="1" -sikkerhedsopdatering - -

Emilien Gaspar opdagede at collectd, en dæmon til opsamling og overvågning af -statistik, på ukorrekt vis behandlede indgående netværkspakker. Det medførte et -heapoverløb, hvilket gjorde det muligt for en fjernangriber at enten forårsage -et lammelsesangreb (DoS) gennem applikationsnedbrud eller potentielt udførelse -af vilkårlig kode.

- -

Desuden opdagede sikkerhedsefterforskere ved Columbia University og -University of Virginia, at collectd ikke kontrollerede en returværdi under -initialisering. Det betød, at dæmonen nogle kunne blive startet uden de -ønskede sikkerhedsindstillinger.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.4.1-6+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 5.5.2-1.

- -

Vi anbefaler at du opgraderer dine collectd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3636.data" diff --git a/danish/security/2016/dsa-3637.wml b/danish/security/2016/dsa-3637.wml deleted file mode 100644 index 9276f02d1fa..00000000000 --- a/danish/security/2016/dsa-3637.wml +++ /dev/null @@ -1,104 +0,0 @@ -#use wml::debian::translation-check translation="8522bc93ca56c89a42d292f132fcf12417c6b1a9" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2016-1704 - -

    Chrome-udviklingsholdet fandt og rettede forskellige problemer under - intern kodegennemgang.

    • - -
  • CVE-2016-1705 - -

    Chrome-udviklingsholdet fandt og rettede forskellige problemer under - intern kodegennemgang.

    • - -
  • CVE-2016-1706 - -

    Pinkie Pie opdagede en måde at undslippe Pepper Plugin API-sandkassen - på.

    • - -
  • CVE-2016-1707 - -

    xisigr opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2016-1708 - -

    Adam Varsan opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2016-1709 - -

    ChenQin opdagede et bufferoverløbsproblem i biblioteket sfntly.

    • - -
  • CVE-2016-1710 - -

    Mariusz Mlynski opdagede en omgåelse af samme ophav.

    • - -
  • CVE-2016-1711 - -

    Mariusz Mlynski opdagede en anden omgåelse af samme ophav.

    • - -
  • CVE-2016-5127 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2016-5128 - -

    Et problem med omgåelse af samme ophav blev opdaget i - v8-javascriptbiblioteket.

    • - -
  • CVE-2016-5129 - -

    Jeonghoon Shin opdagede et problem med hukommelseskorruption i - v8-javascriptbiblioteket.

    • - -
  • CVE-2016-5130 - -

    Widih Matar opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2016-5131 - -

    Nick Wellnhofer opdagede et problem med anvendelse efter frigivelse i - biblioteket libxml2.

    • - -
  • CVE-2016-5132 - -

    Ben Kelly opdagede en omgåelse af samme ophav.

    • - -
  • CVE-2016-5133 - -

    Patch Eudor opdagede et problem i proxyautentifikation.

    • - -
  • CVE-2016-5134 - -

    Paul Stone opdagede en informationslækage i funktionaliteten Proxy - Auto-Config.

    • - -
  • CVE-2016-5135 - -

    ShenYeYinJiu opdagede en måde at omgå Content Security Policy.

    • - -
  • CVE-2016-5136 - -

    Rob Wu opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2016-5137 - -

    Xiaoyin Liu opdagede en måde at opdage hvorvidt et HSTS-websted har været - besøgt.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 52.0.2743.82-1~deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -disse problemer rettet i version 52.0.2743.82-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3637.data" diff --git a/danish/security/2016/dsa-3638.wml b/danish/security/2016/dsa-3638.wml deleted file mode 100644 index 7dace779231..00000000000 --- a/danish/security/2016/dsa-3638.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="b657404151470d759bf154b583acd7b2f9416d10" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i cURL, et bibliotek til URL-overførsel:

- -
    - -
  • CVE-2016-5419 - -

    Bru Rom opdagede at libcurl forsøgte at genoptage en TLS-session, selv - hvis klientcertifikatet var ændret.

    • - -
  • CVE-2016-5420 - -

    Man opdagede at libcurl ikke tag klientcertifikater i betragtning ved - genanvendelse af TLS-forbindelser.

    • - -
  • CVE-2016-5421 - -

    Marcelo Echeverria og Fernando Muñoz opdagede at libcurl var sårbar over - for en fejl i forbindelse med anvendelse efter frigivelse.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7.38.0-4+deb8u4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.50.1-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3638.data" diff --git a/danish/security/2016/dsa-3639.wml b/danish/security/2016/dsa-3639.wml deleted file mode 100644 index 058b8cf199b..00000000000 --- a/danish/security/2016/dsa-3639.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="54570d7c2f40ea60a3a3b43536599d804b836930" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i wordpress, et webbloggingværktøj, hvilke -kunne gøre det muligt for fjernangribere at kompromittere et websted gennem -udførelse af skripter på tværs af websteder, omgå restriktioner, få adgang til -følsomme revisionshistiorikoplysninger eller iværksætte et lammelsesangreb -(denial of service).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.1+dfsg-1+deb8u9.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3639.data" diff --git a/danish/security/2016/dsa-3640.wml b/danish/security/2016/dsa-3640.wml deleted file mode 100644 index 103a6318a46..00000000000 --- a/danish/security/2016/dsa-3640.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="b657404151470d759bf154b583acd7b2f9416d10" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl, bufferoverløb og andre implementeringsfejl -kunne føre til udførelse af vilkårlig kode, udførelse af skripter på tværs af -websteder, informationsafsløring og omgåelse af samme ophav-policy.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -45.3.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -45.3.0esr-1 af firefox-esr og 48.0-1 af firefox.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3640.data" diff --git a/danish/security/2016/dsa-3641.wml b/danish/security/2016/dsa-3641.wml deleted file mode 100644 index 7790e677058..00000000000 --- a/danish/security/2016/dsa-3641.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="e0d1a2d74ffc61be4e85685346f63fc43f2dbc17" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udbrud fra Java-sandkassen eller lammelsesangreb -(denial of service).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7u111-2.6.7-1~deb8u1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3641.data" diff --git a/danish/security/2016/dsa-3642.wml b/danish/security/2016/dsa-3642.wml deleted file mode 100644 index 5cbfa82f0c1..00000000000 --- a/danish/security/2016/dsa-3642.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="7879d32974b525ad74482086ef21eca42110f536" mindelta="1" -sikkerhedsopdatering - -

Dominic Scheirlinck og Scott Geary fra Vend rapporterede om usikker -virkemåde i webserveren lighttpd. Lighttpd tildelte Proxy-headerværdier fra -klientforespørgsler til interne HTTP_PROXY-miljøvariabler, hvilket gjorde det -muligt for fjernangribere at iværksætte manden i midten-angreb (MITM) eller -starte forbindelser til vilkårlige værter.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.4.35-4+deb8u1.

- -

Vi anbefaler at du opgraderer dine lighttpd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3642.data" diff --git a/danish/security/2016/dsa-3643.wml b/danish/security/2016/dsa-3643.wml deleted file mode 100644 index 11dc212e91d..00000000000 --- a/danish/security/2016/dsa-3643.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="53ce55fe7649bc108711c1dfe147562b1ecc613f" mindelta="1" -sikkerhedsopdatering - -

Andreas Cord-Landwehr opdagede at kde4libs, core-bibliotekerne til alle -KDE 4-applikationer, ikke på korrekt vis hånterede udpakning af arkiver med -../ i filstier. En fjernangriber kunne drage nytte af fejlen til at -overskrive filer uden for udpakningsmappen, hvis en bruger blev narret til at -udpakke et særligt fremstillet arkiv.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4:4.14.2-5+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4:4.14.22-2.

- -

Vi anbefaler at du opgraderer dine kde4libs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3643.data" diff --git a/danish/security/2016/dsa-3644.wml b/danish/security/2016/dsa-3644.wml deleted file mode 100644 index 2ef7c14869b..00000000000 --- a/danish/security/2016/dsa-3644.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="de56cc37343d6fe156f7be468483ee5852e76ed7" mindelta="1" -sikkerhedsopdatering - -

Tobias Stoeckmann opdagede at cachefiler blev utilstrækkeligt valideret i -fontconfig, et generisk bibliotek til opsætning af skrifttyper (fonte). En -angriber kunne udløse vilkårlige free()-kald, som dernæst muliggjorde dobbelt -frigivelse-angreb, og derfor udførelse af vilkårlig kode. I kombination med -binære setuid-filer som anvender fabrikerede cachefiler, kunne det muliggøre -rettighedsforøgelse.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.11.0-6.3+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.11.0-6.5.

- -

Vi anbefaler at du opgraderer dine fontconfig-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3644.data" diff --git a/danish/security/2016/dsa-3645.wml b/danish/security/2016/dsa-3645.wml deleted file mode 100644 index 3d15e8cbc45..00000000000 --- a/danish/security/2016/dsa-3645.wml +++ /dev/null @@ -1,54 +0,0 @@ -#use wml::debian::translation-check translation="3b4b216a54577e436221f8843518dcd73916fde0" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2016-5139 - -

    GiWan Go opdagede et problem med anvendelse efter frigivelse i - biblioteket pdfium.

    • - -
  • CVE-2016-5140 - -

    Ke Liu opdagede et problem med anvendelse efter frigivelse i biblioteket - pdfium.

    • - -
  • CVE-2016-5141 - -

    Sergey Glazunov opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2016-5142 - -

    Sergey Glazunov opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2016-5143 - -

    Gregory Panakkal opdagede et problem i developer tools.

    • - -
  • CVE-2016-5144 - -

    Gregory Panakkal opdagede et andet problem i developer tools.

    • - -
  • CVE-2016-5146 - -

    Chrome-udviklingsholdet fandt og rettede forskellige problemer under - intern kodegennemgang.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 52.0.2743.116-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 52.0.2743.116-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3645.data" diff --git a/danish/security/2016/dsa-3646.wml b/danish/security/2016/dsa-3646.wml deleted file mode 100644 index d8f7e895a9a..00000000000 --- a/danish/security/2016/dsa-3646.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="960415f62d7c247786a8c0cb1521225c93803888" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i PostgreSQL-9.4, et SQL-databasesystem.

- -
    - -
  • CVE-2016-5423 - -

    Karthikeyan Jambu Rajaraman opdagede at indlejrede CASE-WHEN-udtryk ikke - blev evalueret korrekt, hvilket potentielt kunne føre til et nedbrud eller - tillade afsløring af dele af serverhukommelsen.

    • - -
  • CVE-2016-5424 - -

    Nathan Bossart opdagede at specialtegn i database- og rollenavne ikke - blev håndteret korrekt, hvilket potentielt kunne føretil udførelse af - kommandoer med superbrugerrettigheder, når en superbruger udfører - executes pg_dumpall eller andre rutinemæssige - vedligeholdelseshandlinger.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 9.4.9-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3646.data" diff --git a/danish/security/2016/dsa-3647.wml b/danish/security/2016/dsa-3647.wml deleted file mode 100644 index e4bdb500312..00000000000 --- a/danish/security/2016/dsa-3647.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="184d4f6ad29ce72c36a578c22a5b99c203494927" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af -mailklienten Mozilla Thunderbird: Adskillige hukommelsessikkerhedsfejl kunne -føre til udførelse af vilkårlig kode eller lammelsesangreb (denial of -service).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:45.2.0-1~deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1:45.2.0-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:45.2.0-2.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3647.data" diff --git a/danish/security/2016/dsa-3648.wml b/danish/security/2016/dsa-3648.wml deleted file mode 100644 index e641e178966..00000000000 --- a/danish/security/2016/dsa-3648.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="74c2420d25d8469a4d4471f3c02b10d84683c8cd" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i dissektorerne til NDS, PacketBB, WSP, -MMSE, RLC, LDSS, RLC og OpenFlow, hvilke kunne medføre lammelsesangreb (denial -of service) eller udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.12.1+g01b65bf-4+deb8u8.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 2.0.5+ga3be9c6-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.0.5+ga3be9c6-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3648.data" diff --git a/danish/security/2016/dsa-3649.wml b/danish/security/2016/dsa-3649.wml deleted file mode 100644 index dd1c060dd46..00000000000 --- a/danish/security/2016/dsa-3649.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="3878f46832ca1929f2a7411af40c18d6ff0af5a1" mindelta="1" -sikkerhedsopdatering - -

Felix Doerre og Vladimir Klebanov fra Karlsruhe Institute of Technology -opdagede en fejl i blandingsfunktionerne i GnuPG's tilfældigt tal-generator. En -angribet, som får fat i 4640 bit fra RNG'en, kunne på triviel vis forudsige de -næste 160 uddatabit.

- -

En første analyse af fejlens følgevirkninger for GnuPG, viser at eksisterende -RSA-nøgler ikke er svækkede. Hvad angår DSA- og Elgamal-nøgler, er det også -usandsynligt at den private nøgle kan forudsigtes ud fra andre offentlige -oplysninger.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.4.18-7+deb8u2.

- -

Vi anbefaler at du opgraderer dine gnupg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3649.data" diff --git a/danish/security/2016/dsa-3650.wml b/danish/security/2016/dsa-3650.wml deleted file mode 100644 index cff47a55683..00000000000 --- a/danish/security/2016/dsa-3650.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="36bb2d3d23a35abc7ef7993165e77cedf2f0ce5b" mindelta="1" -sikkerhedsopdatering - -

Felix Doerre og Vladimir Klebanov fra Karlsruhe Institute of Technology -opdagede en fejl i blandingsfunktionerne i Libgcrypts tilfældigt tal-generator. -En angriber, som får fat i 4640 bit fra RNG'en, kunne på triviel vis forudsige -de næste 160 uddatabit.

- -

En første analyse af fejlens følgevirkninger for GnuPG, viser at eksisterende -RSA-nøgler ikke er svækkede. Hvad angår DSA- og Elgamal-nøgler, er det også -usandsynligt at den private nøgle kan forudsigtes ud fra andre offentlige -oplysninger.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.6.3-2+deb8u2.

- -

Vi anbefaler at du opgraderer dine libgcrypt20-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3650.data" diff --git a/danish/security/2016/dsa-3651.wml b/danish/security/2016/dsa-3651.wml deleted file mode 100644 index 4d579de7611..00000000000 --- a/danish/security/2016/dsa-3651.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="97a784255c1487084e5b0ecac5e417d86c172e65" mindelta="1" -sikkerhedsopdatering - -

Andrew Carpenter fra Critical Juncture opdagede en sårbarhed i forbindelse -med udførelse af skripter på tværs af websteder, som påvirkede Action View i -rails, et webapplikationsframework skrevet i Ruby. Tekst erklæret som -HTML safe var ikke indkapslet af anførselstegn, når den blev benyttet -som attributværdier i tag-hjælpere.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2:4.1.8-1+deb8u4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:4.2.7.1-1.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3651.data" diff --git a/danish/security/2016/dsa-3652.wml b/danish/security/2016/dsa-3652.wml deleted file mode 100644 index e933c2c9a16..00000000000 --- a/danish/security/2016/dsa-3652.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="64398a6b47e4b52b68772a904d46c326fdc39097" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter mange sårbarheder i imagemagick: Forskellige -problemer med hukommelseshåndtering og tilfælde af manglende eller ufuldstændig -fornuftighedskontrol af inddata, kunne medføre lammelsesangreb (denial of -service) eller udførelse af vilkårlig kode, hvis misdannede filer af typerne -TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum, PDB, DDS, DCM, -EXIF, RGF eller BMP blev indlæst.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 8:6.8.9.9-5+deb8u4.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3652.data" diff --git a/danish/security/2016/dsa-3653.wml b/danish/security/2016/dsa-3653.wml deleted file mode 100644 index 40220acd07c..00000000000 --- a/danish/security/2016/dsa-3653.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="3514889c0b086772e4bb0b611a326229ea268dc5" mindelta="1" -sikkerhedsopdatering - -

Alexander Sulfrian opdagede et bufferoverløb i funktionen -yy_get_next_buffer(), som genereres af Flex, hvilket kunne medføre -lammelsesangreb (denial of service) og potentielt udførelse af vilkårlig kode, -hvis der blev bearbejdet data fra kilder, der ikke er tillid til.

- -

Påvirkede applikationer skal genopbygges. bogofilter vil blive genopbygget -mod den opdaterede flex i en efterfølgende opdatering. Yderligere påvirkede -appliaktioner, skal rapporteres i fejlen der henvises til herover.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.5.39-8+deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 2.6.1-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.6.1-1.

- -

Vi anbefaler at du opgraderer dine flex-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3653.data" diff --git a/danish/security/2016/dsa-3654.wml b/danish/security/2016/dsa-3654.wml deleted file mode 100644 index 1db6f37888b..00000000000 --- a/danish/security/2016/dsa-3654.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="f480635ff88d0c07a5c2066b34ec3c624afcc8dd" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i quagga, en BGP-/OSPF-/RIP-routingdæmon.

- -
    - -
  • CVE-2016-4036 - -

    Tamás Németh opdagede at følsomme opsætningsfiler i /etc/quagga var - læsbare for alle, på trods af at de indeholdt følsomme oplysninger.

    • - -
  • CVE-2016-4049 - -

    Evgeny Uskov opdagede at en bgpd-instans, som håndterer mange peers, - kunne bringes til at gå ned af en ondsindet bruger, når der blev forespurgt - om et route-dump.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.99.23.1-1+deb8u2.

- -

Vi anbefaler at du opgraderer dine quagga-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3654.data" diff --git a/danish/security/2016/dsa-3655.wml b/danish/security/2016/dsa-3655.wml deleted file mode 100644 index 496de31502c..00000000000 --- a/danish/security/2016/dsa-3655.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="2fdbc2c9a7e022c3ceb1a7017de8e885b02bd0ba" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i MuPDF, et letvægts-PDF-fremviser. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2016-6265 - -

    Marco Grassi opdagede en sårbarhed i forbindelse med anvendelse efter - frigivelse i MuPDF. En angriber kunne drage nytte af fejlen til at - forårsage et applikationsnedbrud (lammelsesangreb / denial of service) eller - potentielt at udføre vilkårlig kode med rettighederne hørende til brugeren, - der kører MuPDF, hvis en særligt fremstillet PDF-fil blev - behandlet.

    • - -
  • CVE-2016-6525 - -

    Yu Hong og Zheng Jihong opdagede en heapoverløbssårbarhed i funktionen - pdf_load_mesh_params, hvilket gjorde det muligt for en angriber at - forårsage et applikationsnedbrud (lammelsesangreb / denial of service) eller - potentielt at udføre vilkårlig kode med rettighederne hørende til brugeren, - der kører MuPDF, hvis en særligt fremstillet PDF-fil blev - behandlet.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.5-1+deb8u1.

- -

Vi anbefaler at du opgraderer dine mupdf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3655.data" diff --git a/danish/security/2016/dsa-3656.wml b/danish/security/2016/dsa-3656.wml deleted file mode 100644 index e115e4fef56..00000000000 --- a/danish/security/2016/dsa-3656.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="2f03e32a642c305bb8d94e850015489f2b0845e9" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i serveren til applikationsplatformen Tryton, -hvilke kunne medføre informationsafsløring af adgangskodehashes eller -filindhold.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.4.0-3+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.0.4-1.

- -

Vi anbefaler at du opgraderer dine tryton-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3656.data" diff --git a/danish/security/2016/dsa-3657.wml b/danish/security/2016/dsa-3657.wml deleted file mode 100644 index 2c214a95e89..00000000000 --- a/danish/security/2016/dsa-3657.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="5bb49bea821a14324309d962cf7be536d0194d78" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck og Marcin Noga opdagede adskillige sårbarheder i libarchive; -behandling af misdannede arkiver kunne medføre lammelsesangreb (denial of -service) eller udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.1.2-11+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 3.2.1-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.2.1-1.

- -

Vi anbefaler at du opgraderer dine libarchive-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3657.data" diff --git a/danish/security/2016/dsa-3658.wml b/danish/security/2016/dsa-3658.wml deleted file mode 100644 index 270baad06cf..00000000000 --- a/danish/security/2016/dsa-3658.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="15050f0402bc36b0280198d89fea50d0a886c2e3" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck opdagede adskillige sårbarheder i libidn, GNU-biblioteket til -Internationalized Domain Names (IDNs), hvilket gjorde det muligt for -fjernangribere at forårsage et lammelsesangreb (denial of service) mod en -applikation, som anvender biblioteket libidn (applikationsnedbrud).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.29-1+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1.33-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.33-1.

- -

Vi anbefaler at du opgraderer dine libidn-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3658.data" diff --git a/danish/security/2016/dsa-3659.wml b/danish/security/2016/dsa-3659.wml deleted file mode 100644 index 4d7495a0112..00000000000 --- a/danish/security/2016/dsa-3659.wml +++ /dev/null @@ -1,64 +0,0 @@ -#use wml::debian::translation-check translation="df7fb54415b5b261981fc27608b8431d52a71e38" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service) eller have anden -indvirkning.

- -
    - -
  • CVE-2016-5696 - -

    Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao og Srikanth V. - Krishnamurthy fra University of California, Riverside; samt Lisa M. Marvel - fra United States Army Research Laboratory, opdagede at Linux' - implementering af TCP Challenge ACK-funktionaliteten, medførte en - sidekanal, der kunne anvendes til at finde TCP-forbindelser mellem - specifikke IP-adresser, og til at indsprøjte meddelelser ind i disse - forbindelser.

    - -

    Hvor en service gøres tilgængelig gennem TCP, kunne det blive muligt for - fjernangribere at udgive sig for at være en anden bruger tilsluttet serveren - eller over for en anden tilsluttet bruger, at udgive sig for at være - serveren. Hvis servicen anvender en protokol med meddelelsesautentifikation - (fx TLS eller SSH), muliggør sårbarheden kun lammelsesangreb - (forbindelsesfejl). Et angreb tager over ti sekunder, så kortlivede - TCP-forbindelser er næppe sårbare.

    - -

    Dette kan løses ved at forøge rate limit for TCP Challenge ACK'er, - så den aldrig overskrides: sysctl - net.ipv4.tcp_challenge_ack_limit=1000000000

    • - -
  • CVE-2016-6136 - -

    Pengfei Wang opdagede at audit-undersystemet havde en dobbelthentnings- - eller TOCTTOU-fejl i sin håndtering af særlige tegn i navnet på en - eksekvérbar fil. Hvor auditlogning af execve() er aktiveret, var det - dermed muligt for en lokal bruger at genere misvisende logbeskeder.

    • - -
  • CVE-2016-6480 - -

    Pengfei Wang opdagede at aacraid-driveren til Adaptec RAID-controllere - havde en dobbelthentnings- eller TOCTTOU-fejl i sin validering af - FIB-meddelelser, der overføres gennem ioctl()-systemkaldet. Der er - ingen praktisk sikkerhedsindvirkning i de aktuelle - Debian-udgivelser.

    • - -
  • CVE-2016-6828 - -

    Marco Grassi rapporterede om en fejl i forbindelse med anvendelse efter - frigivelse i TCP-implementeringen, hvilket kunne udløses af lokale brugere. - Sikkerhedsindvirkningen er uklar, men kan blandt andet omfatte - lammelsesangreb eller rettighedsforøgelse.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.16.36-1+deb8u1. Desuden indeholder denne opdatering flere ændringer, -som oprindelig var tiltænkt den kommende punktopdatering af jessie.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3659.data" diff --git a/danish/security/2016/dsa-3660.wml b/danish/security/2016/dsa-3660.wml deleted file mode 100644 index 2c0d3d773cb..00000000000 --- a/danish/security/2016/dsa-3660.wml +++ /dev/null @@ -1,117 +0,0 @@ -#use wml::debian::translation-check translation="85015f394e5cd174a6d7638062f08d8e53e91e7b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2016-5147 - -

    Et problem med udførelse af skripter på tværs af websteder blev - opdaget.

    • - -
  • CVE-2016-5148 - -

    Et andet problem med udførelse af skripter på tværs af websteder blev - opdaget.

    • - -
  • CVE-2016-5149 - -

    Max Justicz opdagede et problem med skriptindsprøjtning i håndteringen af - udvidelser.

    • - -
  • CVE-2016-5150 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - Blink/Webkit.

    • - -
  • CVE-2016-5151 - -

    Et problem med anvendelse efter frigivelse blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2016-5152 - -

    GiWan Go opdagede et heapoverløbsproblem i biblioteket pdfium.

    • - -
  • CVE-2016-5153 - -

    Atte Kettunen opdagede et problem anvendelse efter destruktion.

    • - -
  • CVE-2016-5154 - -

    Et heapoverløbsproblem blev opdaget i biblioteket pdfium.

    • - -
  • CVE-2016-5155 - -

    Et problem med forfalskning af adressebjælken blev opdaget.

    • - -
  • CVE-2016-5156 - -

    jinmo123 opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2016-5157 - -

    Et heapoverløbsproblem blev opdaget i biblioteket pdfium.

    • - -
  • CVE-2016-5158 - -

    GiWan Go opdagede et heapoverløbsproblem i biblioteket pdfium.

    • - -
  • CVE-2016-5159 - -

    GiWan Go opdagede et andet heapoverløbsproblem i biblioteket - pdfium.

    • - -
  • CVE-2016-5160 - -

    @l33terally opdagede en omgåelse af udvidelsesressourcer.

    • - -
  • CVE-2016-5161 - -

    Et problem med typeforvirring blev opdaget.

    • - -
  • CVE-2016-5162 - -

    Nicolas Golubovic opdagede en omgåelse af udvidelsesressourcer.

    • - -
  • CVE-2016-5163 - -

    Rafay Baloch opdagede et problem med forfalskning af - adressebjælken.

    • - -
  • CVE-2016-5164 - -

    Et problem med udførelse af skripter på tværs af websteder blev opdaget i - developer tools.

    • - -
  • CVE-2016-5165 - -

    Gregory Panakkal opdagede et problem med skriptindspøjtning i developer - tools.

    • - -
  • CVE-2016-5166 - -

    Gregory Panakkal opdagede et problem med Save Page - As-funktionen.

    • - -
  • CVE-2016-5167 - -

    Udviklingsholdet bag chrome fandt og rettede forskellige problemer under - intern kodegennemgang.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 53.0.2785.89-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 53.0.2785.89-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3660.data" diff --git a/danish/security/2016/dsa-3661.wml b/danish/security/2016/dsa-3661.wml deleted file mode 100644 index 8b2c37bc872..00000000000 --- a/danish/security/2016/dsa-3661.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="3154d83113a8b9c39a24f56d8664753b29304c3c" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ukorrekt SASL-autentifikation i IRC-serveren Charybdis, kunne -føre til at brugere kunne udgive sig for at være andre brugere.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.4.2-5+deb8u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.5.3-1.

- -

Vi anbefaler at du opgraderer dine charybdis-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3661.data" diff --git a/danish/security/2016/dsa-3662.wml b/danish/security/2016/dsa-3662.wml deleted file mode 100644 index 2f0d51baaae..00000000000 --- a/danish/security/2016/dsa-3662.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="9225aad6c0cecd9c87f7a81e0491731c641765e1" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ukorrekt SASL-autentifikation i IRC-serveren Inspircd, kunne -føre til at brugere kunne udgive sig for at være andre brugere.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.0.17-1+deb8u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.23-1.

- -

Vi anbefaler at du opgraderer dine inspircd-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3662.data" diff --git a/danish/security/2016/dsa-3663.wml b/danish/security/2016/dsa-3663.wml deleted file mode 100644 index abe7e914031..00000000000 --- a/danish/security/2016/dsa-3663.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="8861000e5ce61d74cf7abb6c12ecd3897526852a" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Xen-hypervisoren. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2016-7092 (XSA-185) - -

    Jeremie Boutoille fra Quarkslab og Shangcong Luan fra Alibaba, opdagede - at en fejl i håndteringen af L3-pagetableforekomster, gjorde det muligt for - en ondsindet 32 bit-PTV-gæstadministrator, at forøge sine rettigheder til - dem på værtsmaskinen.

    • - -
  • CVE-2016-7094 (XSA-187) - -

    x86 HVM-gæster, som kører med shadow-paging, anvender en delmængde af - x86-emulatoren til håndtering af gæstens skrivning til sine egne pagetables. - Andrew Cooper fra Citrix opdagede at der var situationer, som en gæst kunne - fremprovokere, som medførte overskridelse af den plads, der er allokeret til - intern tilstand. En ondsindet HVM-gæstdministrator kunne få Xen til at - fejle en fejlkontrol, medførende et lammelsesangreb (denial of service) på - værten.

    • - -
  • CVE-2016-7154 (XSA-188) - -

    Mikhail Gorobets fra Advanced Threat Research, Intel Security, opdagede - at en fejl i forbindelse med anvendelse efter frigivelse i - FIFO-eventkanalkoden. En ondsindet gæstadministrator kunne få værten til - at gå ned, førende til et lammelsesangreb. Udførelse af vilkårlig kode (og - derfor rettighedsforøgelse), samt informationslækager, kan ikke - udelukkes.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.4.1-9+deb8u7.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3663.data" diff --git a/danish/security/2016/dsa-3664.wml b/danish/security/2016/dsa-3664.wml deleted file mode 100644 index 25820f52bbe..00000000000 --- a/danish/security/2016/dsa-3664.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="ab05aaf3901c6a21967ce5b3aae4453817eb2094" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i pdns, en autoritativ DNS-server. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2016-5426 / - CVE-2016-5427 - -

    Florian Heinz og Martin Kluge rapporterede at PowerDNS Authoritative - Server accepterede forespørgsler med en qnames-længde større end 255 bytes - og ikke på korrekt vis håndterede punktummer i labels. En uautentificeret - fjernangriber kunne drage nytte af fejlene til at forårsage en unormal - belastning på PowerDNS' backend ved at sende særligt fremstillede - DNS-forespørgsler, potentielt førende til et lammelsesangreb (denial of - service).

    • - -
  • CVE-2016-6172 - -

    Der blev rapporteret at en ondsindet primær DNS-server kunne få en - sekundær PowerDNS-server til at gå ned på grund af ukorrekt begrænsning af - zonestørrelsesgrænser. Denne opdatering tilføjer funktionalitet til at - begrænse AXFR-størrelser som følge af fejlen.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.4.1-4+deb8u6.

- -

Vi anbefaler at du opgraderer dine pdns-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3664.data" diff --git a/danish/security/2016/dsa-3665.wml b/danish/security/2016/dsa-3665.wml deleted file mode 100644 index 5c54ee021b9..00000000000 --- a/danish/security/2016/dsa-3665.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="7faeede538166c62dcbbd8ae66e933af0a613be9" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder i OpenJPEG, et JPEG 2000-billedkomprimerings- og -dekomprimeringsbibliotek, kunne medføre lammelsesangreb (denial of service) -eller udførelse af vilkårlig kode, hvis en misdannet JPEG 2000-fil blev -behandlet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.1.0-2+deb8u1.

- -

Vi anbefaler at du opgraderer dine openjpeg2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3665.data" diff --git a/danish/security/2016/dsa-3666.wml b/danish/security/2016/dsa-3666.wml deleted file mode 100644 index e1538cc3956..00000000000 --- a/danish/security/2016/dsa-3666.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="dedb024363047e5e688a166967671d14747ff2ad" mindelta="1" -sikkerhedsopdatering - -

Dawid Golunski opdagede at wrapper'en mysqld_safe som medfølger -databaseserveren MySQL, på utilstrækkelig vis begrænsede indlæsningsstien for -skræddersydede mallac-implementeringer, hvilket kunne medføre -rettighedsforøgelse.

- -

Sårbarheden blev løst ved at opgradere MySQL til den nye opstrømsversion -5.5.52, der indeholder yderligere ændringer, så som forbedret ydeevne, -fejlrettelser, ny funktionalitet samt muligvis inkompatible ændringer. Se MySQL -5.5 Release Notes for flere oplysninger:

- - - -

I den stabile distribution (jessie), er dette problem rettet i -version 5.5.52-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3666.data" diff --git a/danish/security/2016/dsa-3667.wml b/danish/security/2016/dsa-3667.wml deleted file mode 100644 index 80d72f3d183..00000000000 --- a/danish/security/2016/dsa-3667.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="34e8952bddda27638cb72c735e94d7af8d595d6a" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2016-5170 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - Blink/Webkit.

    • - -
  • CVE-2016-5171 - -

    Et andet problem med anvendelse efter frigivelse blev opdaget i - Blink/Webkit.

    • - -
  • CVE-2016-5172 - -

    Choongwoo Han opdagede en informationslækage i JavaScript-biblioteket - v8.

    • - -
  • CVE-2016-5173 - -

    Et problem med ressourceomgåelse blev opdaget i udvidelserne.

    • - -
  • CVE-2016-5174 - -

    Andrey Kovalev opdagede en måde at omgå popupblokeringen på.

    • - -
  • CVE-2016-5175 - -

    Chrome-udviklingsholdet fandt og rettede forskellige problemer under - intern kodegennemgang.

    • - -
  • CVE-2016-7395 - -

    Et problem med læsning af uinitialiseret hukommelse blev opdaget i - skia-biblioteket.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i version -53.0.2785.113-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -53.0.2785.113-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3667.data" diff --git a/danish/security/2016/dsa-3668.wml b/danish/security/2016/dsa-3668.wml deleted file mode 100644 index edd6be5814a..00000000000 --- a/danish/security/2016/dsa-3668.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="bbb1007fb3d69fa6e5cefb26f200b597e48b1f07" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at der var en CSRF-sårbarhed i mailman, et webbaseret program -til håndtering af postlister, hvilken kunne gøre det muligt for en angriber, at -få adgang til en brugers adgangskode.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:2.1.18-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:2.1.23-1.

- -

Vi anbefaler at du opgraderer dine mailman-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3668.data" diff --git a/danish/security/2016/dsa-3669.wml b/danish/security/2016/dsa-3669.wml deleted file mode 100644 index 9e49b747753..00000000000 --- a/danish/security/2016/dsa-3669.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="7e18bab88fc3ab8b3ae8920282017e10e4509878" mindelta="1" -sikkerhedsopdatering - -

Dawid Golunski fra LegalHackers opdagede at Tomcats initskript udførte -usikker filhåndtering, hvilket kunne føre til en lokal rettighedsforøgelse.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 7.0.56-3+deb8u4.

- -

Vi anbefaler at du opgraderer dine tomcat7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3669.data" diff --git a/danish/security/2016/dsa-3670.wml b/danish/security/2016/dsa-3670.wml deleted file mode 100644 index ddd9ff91535..00000000000 --- a/danish/security/2016/dsa-3670.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="19d1e5e08c93c5d16b4818747d43306e6f806e4b" mindelta="1" -sikkerhedsopdatering - -

Dawid Golunski fra LegalHackers opdagede Tomcats initskript udførte -usikker filhåndtering, hvilket kunne føre til en lokal rettighedsforøgelse.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 8.0.14-1+deb8u3.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine tomcat8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3670.data" diff --git a/danish/security/2016/dsa-3671.wml b/danish/security/2016/dsa-3671.wml deleted file mode 100644 index 433e72c51bf..00000000000 --- a/danish/security/2016/dsa-3671.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="0df994dae71b0feb84cb109b23002570d9612a52" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i dissektorerne for H.225, Catapult -DCT2000, UMTS FP og IPMI, hvilke kunne medføre lammelsesangreb (denial of -service) eller udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.12.1+g01b65bf-4+deb8u9.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 2.2.0+g5368c50-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.2.0+g5368c50-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3671.data" diff --git a/danish/security/2016/dsa-3672.wml b/danish/security/2016/dsa-3672.wml deleted file mode 100644 index 45e95b50d6a..00000000000 --- a/danish/security/2016/dsa-3672.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="a8ca889ea2ccadd70119f1dda4e4c1c8885ccd90" mindelta="1" -sikkerhedsopdatering - -

Gabriel Campana og Adrien Guinet fra Quarkslab opdagede to fjernudbytbare -nedbrud og heapkorruptionssårbarheder i koden til formatfortolkning i Irssi, en -terminalbaseret IRC-klient.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.8.17-1+deb8u1.

- -

Vi anbefaler at du opgraderer dine irssi-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3672.data" diff --git a/danish/security/2016/dsa-3673.wml b/danish/security/2016/dsa-3673.wml deleted file mode 100644 index 73fb16f2397..00000000000 --- a/danish/security/2016/dsa-3673.wml +++ /dev/null @@ -1,65 +0,0 @@ -#use wml::debian::translation-check translation="b86aba2dd6eaf121f49bf2015b04930d61c77450" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i OpenSSL:

- -
    - -
  • CVE-2016-2177 - -

    Guido Vranken opdagede at OpenSSL anvendte ikke-defineret - pointeraritmetik. Yderligere oplysninger finder man i - \ - https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/

    • - -
  • CVE-2016-2178 - -

    Cesar Pereida, Billy Brumley og Yuval Yarom opdagede en timinglækage i - DSA-koden.

    • - -
  • CVE-2016-2179 / - CVE-2016-2181 - -

    Quan Luo og OCAP-auditholdet opdagede lammelsesangrebssårbarheder - (denial of service) i DTLS.

    • - -
  • CVE-2016-2180 / - CVE-2016-2182 / - CVE-2016-6303 - -

    Shi Lei opdagede en hukommelseslæsning uden for grænserne i - TS_OBJ_print_bio() og en skrivning uden for grænserne i BN_bn2dec() og - MDC2_Update().

    • - -
  • CVE-2016-2183 - -

    DES-baserede-ciphersuiter degraderes fra HIGH-gruppen til MEDIUM, som en - dæmning af SWEET32-angrebet.

    • - -
  • CVE-2016-6302 - -

    Shi Lei opdagede at anvendelsen af SHA512 i TLS-sessiontickets var sårbar - over for lammelsesangreb.

    • - -
  • CVE-2016-6304 - -

    Shi Lei opdagede at alt for store OCSP-statusforespørgsler kunne medføre - lammelsesangreb gennem hukommelsesudmattelse.

    • - -
  • CVE-2016-6306 - -

    Shi Lei opdagede at manglende validering af meddelelseslængden når der - fortolkes certifikater, potentielt kunne medføre lammelsesangreb.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.0.1t-1+deb8u4.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3673.data" diff --git a/danish/security/2016/dsa-3674.wml b/danish/security/2016/dsa-3674.wml deleted file mode 100644 index 71810b148de..00000000000 --- a/danish/security/2016/dsa-3674.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="4a79ea617828eec1e559ab07b4f7485937139183" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl, bufferoverløb og andre implementeringsfejl -kunne føre til udførelse af vilkårlig kode eller informationsafsløring.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 45.4.0esr-1~deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 45.4.0esr-1 af firefox-esr og i version 49.0-1 af firefox.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3674.data" diff --git a/danish/security/2016/dsa-3675.wml b/danish/security/2016/dsa-3675.wml deleted file mode 100644 index bf7373c1583..00000000000 --- a/danish/security/2016/dsa-3675.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="759fe2e1d1f9202d50f82497ae4520e1b9185411" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter flere sårbarheder i imagemagick: Forskellige -med hukommelseshåndtering og tilfælde af manglende eller ufuldstændig -fornuftighedskontrol af inddata, kunne medføre lammelsesangreb (denial of -service) eller udførelse af vilkårlig kode, hvis misdannede SIXEL-, PDB-, MAP-, -SGI-, TIFF- og CALS-filer blev behandlet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 8:6.8.9.9-5+deb8u5.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3675.data" diff --git a/danish/security/2016/dsa-3676.wml b/danish/security/2016/dsa-3676.wml deleted file mode 100644 index eee4d26b404..00000000000 --- a/danish/security/2016/dsa-3676.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="cc1686b8eeb634f7b1ca4b55daebf0bd49444a62" mindelta="1" -sikkerhedsopdatering - -

Tuomas Räsänen opdagede to sårbarheder i unADF, et værktøj til udtrækning af -filer fra Amiga Disk File-dump (.adf):

- -
    - -
  • CVE-2016-1243 - -

    Et stakbufferoverløb i funktionen extractTree(), kunne gøre det muligt - for en angriber, med kontrol over indholdet af ADF-filen, at udføre - vilkårlig kode med rettighederne hørende til det udførte program.

    • - -
  • CVE-2016-1244 - -

    unADF-udtrækkeren opretter målstien ved hjælp af mkdir i et - system()-kald. Da der ikke var nogen fornuftighedskontrol af - inddatafilnavnene, kunne en angriber indsprøjte kode direkte ind i - arkiverede mappers stinavne i en ADF-fil.

    • - -
- -

I den gamle stabile distribution (wheezy), er disse problemer rettet -i version 0.7.11a-3+deb7u1.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.7.11a-3+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.7.11a-4.

- -

Vi anbefaler at du opgraderer dine unadf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3676.data" diff --git a/danish/security/2016/dsa-3677.wml b/danish/security/2016/dsa-3677.wml deleted file mode 100644 index 2ac0621dd94..00000000000 --- a/danish/security/2016/dsa-3677.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="b5940a4db42a36e304cba0ef6cc73735c7620473" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libarchive, et arkiverings- og -komprimeringsbibliotek som understøtter flere formater, hvilke kunne føre til -lammelsesangreb (denial of service: hukommelseskorruption og -applikationsnedbrud), omgåelse af sandkassebegrænsninger og overskrivelse af -vilkårlige filer med vilkårlige data fra et arkiv, eller udførelse af vilkårlig -kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.1.2-11+deb8u3.

- -

Vi anbefaler at du opgraderer dine libarchive-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3677.data" diff --git a/danish/security/2016/dsa-3678.wml b/danish/security/2016/dsa-3678.wml deleted file mode 100644 index 8de01414e96..00000000000 --- a/danish/security/2016/dsa-3678.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="79472e8a7b149ba84f4bda680ab9791ebd1fb348" mindelta="1" -sikkerhedsopdatering - -

Sergey Bobrov opdagede at cookiefortolkning i Django og Google Analytics -interagerede på en sådan måde, at en angriber kunne opsætte vilkårlige cookies. -Dermed var det muligt for andre ondsindede websteder, at omgå Cross-Site -Request Forgery-beskyttelserne (CSRF) indbygget i Django.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.7.11-1+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:1.10-1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3678.data" diff --git a/danish/security/2016/dsa-3679.wml b/danish/security/2016/dsa-3679.wml deleted file mode 100644 index bf0c1772c24..00000000000 --- a/danish/security/2016/dsa-3679.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a3016833e761cd38170a53d1ebf91b3178249f2d" mindelta="1" -sikkerhedsopdatering - -

Lukas Reschke opdagede at Apache Jackrabbit, en implementering af Content -Repository for Java Technology API, ikke på korrekt vis kontrollerede -Content-Type-headeren ved HTTP POST-forespørgsler, hvilket muliggjorde -Cross-Site Request Forgery-angreb (CSRF) gennem ondsindede websteder.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.3.6-1+deb8u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.12.4-1.

- -

Vi anbefaler at du opgraderer dine jackrabbit-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3679.data" diff --git a/danish/security/2016/dsa-3680.wml b/danish/security/2016/dsa-3680.wml deleted file mode 100644 index bb4af169961..00000000000 --- a/danish/security/2016/dsa-3680.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="2ea86ba0d0c163a091971dd1df582ee5430727df" mindelta="1" -sikkerhedsopdatering - -

Der blev rapporteret om to sårbarheder i BIND, en DNS-server.

- -
    - -
  • CVE-2016-2775 - -

    Komponenten lwresd i BIND (ikke aktiveret som standard), kunne gå ned - mens der blev behandlet et alt for langt forespørgselsnavn. Det kunne føre - til et lammelsesangreb (denial of service).

    • - -
  • CVE-2016-2776 - -

    En fabrikeret forespørgsel kunne få BIND's navneserverdæmon til at gå ned, - førende til et lammelsesangreb. Alle serverroller (authoritative, recursive - og forwarding) i standardopsætninger er påvirket.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:9.9.5.dfsg-9+deb8u7.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3680.data" diff --git a/danish/security/2016/dsa-3681.wml b/danish/security/2016/dsa-3681.wml deleted file mode 100644 index 97a714814e3..00000000000 --- a/danish/security/2016/dsa-3681.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="129b1d4b65a52748828e67ce7bd603cadd7d95e3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i wordpress, et værktøjt til webblogging, -hvilke kunne gøre det muligt for fjernangribere at kompromittere et websted -gennem udførelse af skripter på tværs af websteder, forespørgselsforfalskninger -på tværs af webteder eller omgåelse af restriktioner.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.1+dfsg-1+deb8u10.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3681.data" diff --git a/danish/security/2016/dsa-3682.wml b/danish/security/2016/dsa-3682.wml deleted file mode 100644 index 524e25386e1..00000000000 --- a/danish/security/2016/dsa-3682.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="fc36066f05c077d53a43a24ee864f8d774aa7333" mindelta="1" -sikkerhedsopdatering - -

Gzob Qq opdagede at funktionerne til opbygning af forespørgsler i c-ares, et -bibliotek til asynkrone DNS-forespørgsler, ikke på korrekt vis behandlede -fabrikerede forespørgselsnavne, medførende et heapbufferoverløb og potentielt -førende til udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.10.0-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.12.0-1.

- -

Vi anbefaler at du opgraderer dine c-ares-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3682.data" diff --git a/danish/security/2016/dsa-3683.wml b/danish/security/2016/dsa-3683.wml deleted file mode 100644 index 493b4cc16bf..00000000000 --- a/danish/security/2016/dsa-3683.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="c49b9bf6d59f812cf77abdf31f5caa2b024e8c75" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2016-5177 - -

    Et problem med anvendelse efter frigivelse, blev opdaget i - JavaScript-biblioteket v8.

    • - -
  • CVE-2016-5178 - -

    Udviklingsholdet bag chrome fandt og rettede forskellige problemer under - intern kodegennemgang.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 53.0.2785.143-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive -rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 53.0.2785.143-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3683.data" diff --git a/danish/security/2016/dsa-3684.wml b/danish/security/2016/dsa-3684.wml deleted file mode 100644 index 4bc62aec70d..00000000000 --- a/danish/security/2016/dsa-3684.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="511449358990d64100b8cf6c2ac85f964eb84c59" mindelta="1" -sikkerhedsopdatering - -

Pali Rohar opdagede at libdbd-mysql-perl, Perls DBI-databasedriver til MySQL -og MariaDB, fremstillede en fejlmeddelelse i en buffer med en fast længde, -førende til et nedbrud (_FORTIFY_SOURCE-fejl) og potentielt lammelsesangreb -(denial of service).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4.028-2+deb8u2.

- -

Vi anbefaler at du opgraderer dine libdbd-mysql-perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3684.data" diff --git a/danish/security/2016/dsa-3685.wml b/danish/security/2016/dsa-3685.wml deleted file mode 100644 index 2a6860230cd..00000000000 --- a/danish/security/2016/dsa-3685.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="585b92880ed46906ea56c322fe33d0f8e299d395" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er rettet i adskillige demuxere og dekodere i -multimediebiblioteket libav. En komplet liste over ændringerne er tilgængelig -på \ -https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.8.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 6:11.8-1~deb8u1.

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3685.data" diff --git a/danish/security/2016/dsa-3686.wml b/danish/security/2016/dsa-3686.wml deleted file mode 100644 index 46141a1e1e0..00000000000 --- a/danish/security/2016/dsa-3686.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="e4f9cdc40c7491c3569eb4ef3384dc19ea91b367" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af -mailklienten Mozilla Thunderbird: Adskillige hukommelsessikkerhedsfejl kunne -føre til udførelse af vilkårlig kode eller lammelsesangreb (denial of -service).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:45.3.0-1~deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:45.3.0-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3686.data" diff --git a/danish/security/2016/dsa-3687.wml b/danish/security/2016/dsa-3687.wml deleted file mode 100644 index 95794d061a3..00000000000 --- a/danish/security/2016/dsa-3687.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="3d0143eabe28e77bd6cdb3d93b154ac35c4fd34a" mindelta="1" -sikkerhedsopdatering - -

Der blev rapporteret om to sårbarheder i NSPR, et bibliotek til abstraktion -over styresystemsgrænseflader, udviklet af Mozilla-projektet.

- -
    - -
  • CVE-2016-1951 - -

    q1 rapporterede at NSPR-implementeringen af strengformateringsfunktionen - sprintf-style fejlbegregnede hukommelsesallokeringsstørrelser, potentielt - førende til et heapbaseret bufferoverløb

    • - -
- -

Det andet problem vedrører behandlingen af miljøvariabler i NSPR. -Biblioteket ignorerede ikke miljøvariabler, som anvendes til opsætning af -logning og tracing i processer, som undergår en SUID/SGID/AT_SECURE-transition -ved processtart. I visse systemopsætninger var det dermed muligt for lokale -brugere at forøge deres rettigheder.

- -

Desuden indeholder denne nspr-opdatering yderligere rettelser vedrørende -stabilitet og korrekthed, og indeholder kode til understøttelse af en -kommende nss-opdatering.

- -

I den stabile distribution (jessie), er disse problemer rettet -i version 2:4.12-1+debu8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2:4.12-1.

- -

Vi anbefaler at du opgraderer dine nspr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3687.data" diff --git a/danish/security/2016/dsa-3688.wml b/danish/security/2016/dsa-3688.wml deleted file mode 100644 index 15854c1ae2f..00000000000 --- a/danish/security/2016/dsa-3688.wml +++ /dev/null @@ -1,76 +0,0 @@ -#use wml::debian::translation-check translation="d32293c77a10c98be801333f75776edcf7cfad64" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i NSS, det kryptografiske bibliotek udviklet -af Mozilla-projektet.

- -
    - -
  • CVE-2015-4000 - -

    David Adrian m.fl. rapporterede at det måske kunne betale sig at angribe - Diffie-Hellman-baserede ciphersuiter under visse omstændigheder, hvilket - kompromitterede fortroligheden og integriteten ved data krypteret med - Transport Layer Security (TLS).

    • - -
  • CVE-2015-7181 - CVE-2015-7182 - CVE-2016-1950 - -

    Tyson Smith, David Keeler og Francis Gabriel opdagede et heapbaseret - bufferoverløb i ASN.1 DER-fortolkeren, potentielt førende til udførelse af - vilkårlig kode.

    • - -
  • CVE-2015-7575 - -

    Karthikeyan Bhargavan opdagede at TLS-klientimplementeringen accepterede - MD5-baserede signaturer for TLS 1.2-forbindelser med fremadrettet - hemmeligholdelse, hvilket svækkede den tilsigtede sikkerhedstyrke ved - TLS-forbindelser.

    • - -
  • CVE-2016-1938 - -

    Hanno Boeck opdagede at NSS fejlberegnede resultatet af en - heltalsdivision ved visse former for inddata. Det kunne svække de - kryptografiske beskyttelser, som NSS stiller til rådighed. Dog - implementerer NSS RSA-CRT-lækagehardening, hvorfor private RSA-nøgler ikke - direkte afsløres direkte på grund af dette problem.

    • - -
  • CVE-2016-1978 - -

    Eric Rescorla opdagede en sårbarhed i forbindelse med anvendelse efter - frigivelse i implementeringen af ECDH-baserede TLS-håndtryk, med ukendte - konsekvenser.

    • - -
  • CVE-2016-1979 - -

    Tim Taubert opdagede en sårbarhed i forbindelse med anvendelse efter - frigivelse i ASN.1 DER-behandling, med applikationsspecifik - indvirkning.

    • - -
  • CVE-2016-2834 - -

    Tyson Smith og Jed Davis opdagede ikke-angivne hukommelsessikkerhedsfejl - i NSS.

    • - -
- -

Desuden ignorerede NSS-biblioteket ikke miljøvariabler i processer, som -undergår en SUID/SGID/AT_SECURE-transition ved processtart. I visse -systemopsætninger var det dermed muligt for lokale brugere at forøge deres -rettigheder.

- -

Denne opdatering indeholder yderligere rettelser vedrørende korrekthed og -stabilitet, uden umiddelbar sikkerhedsindvirkning.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2:3.26-1+debu8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2:3.23-1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3688.data" diff --git a/danish/security/2016/dsa-3689.wml b/danish/security/2016/dsa-3689.wml deleted file mode 100644 index bca0585fcb5..00000000000 --- a/danish/security/2016/dsa-3689.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="8b42e3603a8b0539e635de06acc9e546a9cc4d95" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et scriptsprog til generel anvendelse, -der almindeligvis anvendes til webapplikationsudvikling.

- -

Sårbarhederne er løst ved at opgradere PHP til den nye opstrømsversion -5.6.26, der indeholder yderligere fejlrettelser. Se opstrøms changelog for -flere oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.6.26+dfsg-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3689.data" diff --git a/danish/security/2016/dsa-3690.wml b/danish/security/2016/dsa-3690.wml deleted file mode 100644 index f6b26c979b9..00000000000 --- a/danish/security/2016/dsa-3690.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b1944c93aa4bb7c9af7b2c29631411e708a33ee1" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af -mailklienten Mozilla Thunderbird: Adskillige hukommelsessikkerhedsfejl kunne -føre til udførelse af vilkårlig kode eller lammelsesangreb (denial of -service).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:45.4.0-1~deb8u1.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1:45.4.0-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:45.4.0-1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3690.data" diff --git a/danish/security/2016/dsa-3691.wml b/danish/security/2016/dsa-3691.wml deleted file mode 100644 index cdd88779b3f..00000000000 --- a/danish/security/2016/dsa-3691.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="6e95d369d78068f1e26d2f62c1c44da65fa7eba4" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Ghostscript, GPL PostScript/PDF-fortolkeren, -hvilke kunne føre til udførelse af vilkårlig kode eller informationsafsløring, -hvis en særligt fremstillet PostScript-fil blev behandlet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 9.06~dfsg-2+deb8u3.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3691.data" diff --git a/danish/security/2016/dsa-3692.wml b/danish/security/2016/dsa-3692.wml deleted file mode 100644 index 1be75362b58..00000000000 --- a/danish/security/2016/dsa-3692.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="f92356644a579f236631512cfc26ebc0aac5d2f1" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i multimediebiblioteket FreeImage, hvilke -kunne medføre lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode, hvis et misdannet XMP- eller RAW-billede blev behandlet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.15.4-4.2+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 3.17.0+ds1-3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.17.0+ds1-3.

- -

Vi anbefaler at du opgraderer dine freeimage-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3692.data" diff --git a/danish/security/2016/dsa-3693.wml b/danish/security/2016/dsa-3693.wml deleted file mode 100644 index e104f6d9e08..00000000000 --- a/danish/security/2016/dsa-3693.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="6f8d9ab9a01ee8a60fca661c089fb7fb4b12f8cd" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i GD Graphics Library, hvilke kunne -medføre lammelsesangreb (denial of service) eller potentielt udførelse af -vilkårlig kode, hvis en misdannet fil blev behandlet.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.1.0-5+deb8u7.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3693.data" diff --git a/danish/security/2016/dsa-3694.wml b/danish/security/2016/dsa-3694.wml deleted file mode 100644 index 9e241c6e43e..00000000000 --- a/danish/security/2016/dsa-3694.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="178411794b563031a24044ffdd043b6b7747e717" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Tor behandlede indholdet af nogle bufferchunks, som om de er -en NUL-afsluttet streng. Problemet kunne gøre det muligt for en fjernangriber -at få Tor-klienten, skjult service, relay eller authority til at gå ned.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.2.5.12-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.2.8.9-1.

- -

I den eksperimentelle distribution, er dette problem rettet i -version 0.2.9.4-alpha-1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3694.data" diff --git a/danish/security/2016/dsa-3695.wml b/danish/security/2016/dsa-3695.wml deleted file mode 100644 index 206bed6fd2e..00000000000 --- a/danish/security/2016/dsa-3695.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="3918c0d145dfdd7d39dd14b4732c135a2980c14f" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at zebra-dæmonen i routingsuiten Quagga, var ramt af et -stakbaseret bufferoverløb, når der blev behandlet IPv6 Neighbor -Discovery-meddelelser.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.99.23.1-1+deb8u3.

- -

Vi anbefaler at du opgraderer dine quagga-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3695.data" diff --git a/danish/security/2016/dsa-3696.wml b/danish/security/2016/dsa-3696.wml deleted file mode 100644 index 25254bb7a14..00000000000 --- a/danish/security/2016/dsa-3696.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="79c5e36e8534224285ee27a679209f7767c56573" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service) eller -informationslækager.

- -
    - -
  • CVE-2015-8956 - -

    Man opdagede at manglende fornuftighedskontrol af inddata i RFCOMM - Bluetooth-sockethåndteringen kunne medføre lammelsesangreb eller - informationslækage.

    • - -
  • CVE-2016-5195 - -

    Man opdagede at en kapløbstilstand i hukommelseshåndteringskoden, kunne - anvendes til lokal rettighedsforøgelse.

    • - -
  • CVE-2016-7042 - -

    Ondrej Kozina opdagede at ukorrekt bufferallokering i funktionen - proc_keys_show(), kunne medføre lokalt lammelsesangreb.

    • - -
  • CVE-2016-7425 - -

    Marco Grassi opdagede et bufferoverløb i arcmsr SCSI-driveren, som kunne - medføre lokalt lammelsesangreb eller potentielt udførelse af vilkårlig - kode.

    • - -
- -

Desuden retter denne opdatering en regression opstået i DSA-3616-1, som -medførte ydeevneproblemer i iptables (se Debian-fejl nummer 831014).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.16.36-1+deb8u2.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3696.data" diff --git a/danish/security/2016/dsa-3697.wml b/danish/security/2016/dsa-3697.wml deleted file mode 100644 index 728f467a72e..00000000000 --- a/danish/security/2016/dsa-3697.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="dd209b8486b48134f43113e89a2aba1cfb211c6c" mindelta="1" -sikkerhedsopdatering - -

Roland Tapken opdagede at utilstrækkelig fornuftighedskontrol af inddata i -KMails fremvisning af ren tekst, muliggjorde indsprøjtning af HTML-kode.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4:4.14.2-2+deb8u2.

- -

Vi anbefaler at du opgraderer dine kdepimlibs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3697.data" diff --git a/danish/security/2016/dsa-3698.wml b/danish/security/2016/dsa-3698.wml deleted file mode 100644 index 1ee84419b92..00000000000 --- a/danish/security/2016/dsa-3698.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="df057e6a53ec932afdd98c85207e4383de33fd13" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et scriptsprog til generel anvendelse, -der almindeligvis anvendes til webapplikationsudvikling.

- -

Sårbarhederne er løst ved at opgradere PHP til den nye opstrømsversion -version 5.6.27, der indeholder yderligere fejlrettelser. Se opstrøms changelog -for flere oplysninger:

- -

https://php.net/ChangeLog-5.php#5.6.27

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.6.27+dfsg-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3698.data" diff --git a/danish/security/2016/dsa-3699.wml b/danish/security/2016/dsa-3699.wml deleted file mode 100644 index 6c290f4ec00..00000000000 --- a/danish/security/2016/dsa-3699.wml +++ /dev/null @@ -1,11 +0,0 @@ -#use wml::debian::translation-check translation="a50ae30168c0da5dafe1dcb6468742a9cde97e84" mindelta="1" -ophør af livsforløb - -

Opstrømsunderstøttelse af 4.3-udgivelsesserien er ophørt, og da der ikke er -tilgængelige oplysninger, som gør det muligt at tilbageføre enkeltestående -sikkerhedsrettelser, er det også nødvendigt at lade sikkerhedsunderstøttelse af -virtualbox i jessie høre.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3699.data" diff --git a/danish/security/2016/dsa-3700.wml b/danish/security/2016/dsa-3700.wml deleted file mode 100644 index f3c9c8dcc7e..00000000000 --- a/danish/security/2016/dsa-3700.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="b4de07d941fbcbcbdb78a70fc5263d924fbbf318" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Asterisk, et open source-PBX- og -telefoniværktøjssæt, hvilke kunne medføre lammelsesangreb (denial of service) -eller ukorrekt certifikatvalidering.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:11.13.1~dfsg-2+deb8u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3700.data" diff --git a/danish/security/2016/dsa-3701.wml b/danish/security/2016/dsa-3701.wml deleted file mode 100644 index bf1abd9ff6a..00000000000 --- a/danish/security/2016/dsa-3701.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="595a7359afb00d7f8df8dbf322099e80113f8912" mindelta="1" -sikkerhedsopdatering - -

Dawid Golunski rapporterede at nginx-webserverpakkerne i Debian, var ramt af -en rettighedsforøgelsessårbarhed (www-data til root), på grund af den måde -logfiler håndteres på. Desuden er /var/log/nginx tilgængelige for lokale -brugere, og lokale brugere kan være i stand til at læse logfilerne, som selv er -lokale indtil det næste kald af logrotate.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.6.2-5+deb8u3.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3701.data" diff --git a/danish/security/2016/dsa-3702.wml b/danish/security/2016/dsa-3702.wml deleted file mode 100644 index d45ed32a55e..00000000000 --- a/danish/security/2016/dsa-3702.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="268448b0fd376bf430681012a06414801ef14a32" mindelta="1" -sikkerhedsopdatering - -

Harry Sintonen opdagede at GNU tar ikke på korrekt vis håndterede membernavne -indeholdende .., hvilket dermed gjorde det muligt for en angriber at omgå -stinavnene angivet på kommandolinjen, samt erstatte filer og mapper i -målmappen.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.27.1-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.29b-1.1.

- -

Vi anbefaler at du opgraderer dine tar-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3702.data" diff --git a/danish/security/2016/dsa-3703.wml b/danish/security/2016/dsa-3703.wml deleted file mode 100644 index 7ce7fa6a8e9..00000000000 --- a/danish/security/2016/dsa-3703.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="237333b0388e99727cbdaa26344856cab38d47ee" mindelta="1" -sikkerhedsopdatering - -

Tony Finch og Marco Davids rapporterede om en assertionfejl i BIND, en -DNS-serverimplementering, hvilken fik serverprocessen til at afslutte. Denne -lammelsesangrebssårbarhed (denial of service) er beslægtet med en fejl i -behandlingen af svar med DNAME-poster, fra autoritative servere, og påvirker -primært rekursive resolvere.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:9.9.5.dfsg-9+deb8u8.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3703.data" diff --git a/danish/security/2016/dsa-3704.wml b/danish/security/2016/dsa-3704.wml deleted file mode 100644 index 639bc5b1fbe..00000000000 --- a/danish/security/2016/dsa-3704.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="c02c2cf7428ce6b8a84248732701af03e74fd8d5" mindelta="1" -sikkerhedsopdatering - -

Aleksandar Nikolic fra Cisco Talos opdagede flere heltalsoverløbssårbarheder -i memcached, et højtydende system til caching af objekter i hukommelsen. En -fjernangriber kunne drage nytte af fejlene til at forårsage et lammelsesangreb -(dæmonnedbrud) eller potentialelt udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.4.21-1.1+deb8u1.

- -

Vi anbefaler at du opgraderer dine memcached-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3704.data" diff --git a/danish/security/2016/dsa-3705.wml b/danish/security/2016/dsa-3705.wml deleted file mode 100644 index 3b4f1592b12..00000000000 --- a/danish/security/2016/dsa-3705.wml +++ /dev/null @@ -1,81 +0,0 @@ -#use wml::debian::translation-check translation="2d9e123293aac6f6dc100c2b2ac951c04ffd6d73" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i cURL, et URL-overførselsbibliotek:

- -
    - -
  • CVE-2016-8615 - -

    Man opdagede at en ondsindet HTTP-server kunne sprøjte rå cookies til - vilkårlige domæner indi i kagedåsen.

    • - -
  • CVE-2016-8616 - -

    Man opdagede at når der blev genbrugt en forbindelse, foretog curl - sammenligninger uden forskel på små og store bogstaver i brugernavne og - adgangskoder, mod den eksisterende forbindelse.

    • - -
  • CVE-2016-8617 - -

    Man opdagede at på systemer med 32 bit-addresser i brugerrummet (fx x86, - ARM, x32), løb værdien for uddatabufferstørrelsen beregnet i - base64-encode-funktionen over, hvis inddatastørrelsen var mindst 1GB data, - forårsagende at der blev allokeret en for lille uddatabuffer.

    • - -
  • CVE-2016-8618 - -

    Man opdagede funktionen curl_maprintf() kunne narres til at foretage en - dobbelt frigivelse på grund af en usikker size_t-multiplikation på systemer, - anvender 32 bit-size_t-variabler.

    • - -
  • CVE-2016-8619 - -

    Man opdagede at Kerberos-implementeringen kunne narres til at foretage - en dobbelt frigivelse, når et af længdefelterne blev læst fra en - socket.

    • - -
  • CVE-2016-8620 - -

    Man opdagede at curl tools globbing-funktionalitet kunne skrive - til ugyldige hukommelsesområder, når der blev behandlet ugyldige - intervaller.

    • - -
  • CVE-2016-8621 - -

    Man opdagede at funktionen curl_getdate kunne læse uden for grænserne, - når der blev fortolket ugyldige datostrenge.

    • - -
  • CVE-2016-8622 - -

    Man opdagede at dekodningsfunktionen til URL percent-encoding returnerede - en signeret 32 bit-heltalsvariabel som længde, selv om den allokerede en - destinationsbuffer større end 2GB, hvilket førte til en skrivning uden for - grænserne.

    • - -
  • CVE-2016-8623 - -

    Man opdagede at libcurl kunne tilgå et allerede frigivet - hukommelsesområde, på grund af samtidig adgang til delte cookies. Det kunne - føre til et lammelsesangreb eller blotlæggelse af følsomme - oplysninger.

    • - -
  • CVE-2016-8624 - -

    Man opdagede at curl ikke fortolkede autoritetskomponenten i en URL på - korrekt vis, når værtsnavnsdelen sluttede med et #-tegn, og kunne - narres til at forbinde sig med en anden værrt.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7.38.0-4+deb8u5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 7.51.0-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3705.data" diff --git a/danish/security/2016/dsa-3706.wml b/danish/security/2016/dsa-3706.wml deleted file mode 100644 index 9053ae6096b..00000000000 --- a/danish/security/2016/dsa-3706.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="1db8e6d0b65aee2a3da4408ac48656ca7515441a" mindelta="1" -sikkerhedsopdatering - -

Adskillige problemer er opdaget i databaseserveren MySQL. Sårbarhederne er -løst ved at opgradere MySQL til den nye opstrømsversion 5.5.53, der indeholder -yderligere ændring, så som performanceforbedringer, fejlrettelser og ny -funktionalitet, samt muligvis inkompatible ændringer. Se MySQL 5.5 Release -Notes og Oracles Critical Patch Update-bulletin for flere oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.5.53-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3706.data" diff --git a/danish/security/2016/dsa-3707.wml b/danish/security/2016/dsa-3707.wml deleted file mode 100644 index 352bbb53e24..00000000000 --- a/danish/security/2016/dsa-3707.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="3fa13614583ca7917377e47a292908b70c50f66a" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende udbrud fra Java-sandkassen eller lammelsesangreb -(denial of service).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 7u111-2.6.7-2~deb8u1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3707.data" diff --git a/danish/security/2016/dsa-3708.wml b/danish/security/2016/dsa-3708.wml deleted file mode 100644 index 54e6be8e134..00000000000 --- a/danish/security/2016/dsa-3708.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="63b88a24795c921f1f53c0f679cab90b207cf406" mindelta="1" -sikkerhedsopdatering - -

Hartmut Goebel opdagede at MAT, et værktøjssæt til anynomisering/fjernelse af -metadata fra filer, ikke fjernede metadata fra billeder indlejret i -PDF-dokumenter.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.5.2-3+deb8u1. Denne opdatering deaktiverer fuldstændig -PDF-understøttelsen i MAT.

- -

Vi anbefaler at du opgraderer dine mat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3708.data" diff --git a/danish/security/2016/dsa-3709.wml b/danish/security/2016/dsa-3709.wml deleted file mode 100644 index 6022c68fd86..00000000000 --- a/danish/security/2016/dsa-3709.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="18d5f46cf939eb6e73e520e85db0a333f08d64ea" mindelta="1" -sikkerhedsopdatering - -

Nick Wellnhofer opdagede at funktionen xsltFormatNumberConversion i libxslt, -et runtimebibliotek til behandling af XSLT, ikke på korrekt vis kiggede efter om -en nulbyte afsluttede mønsterstrengen. Fejlen kunne udnyttes til at lække et -par bytes efter bufferen, der indeholder mønsterstrengen.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.1.28-2+deb8u2.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1.1.29-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.29-2.

- -

Vi anbefaler at du opgraderer dine libxslt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3709.data" diff --git a/danish/security/2016/dsa-3710.wml b/danish/security/2016/dsa-3710.wml deleted file mode 100644 index d3b8558d1e3..00000000000 --- a/danish/security/2016/dsa-3710.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="cdbbfa1c320d9d6477df800ce0e97440d612a1f8" mindelta="1" -sikkerhedsopdatering - -

Cris Neckar opdagede adskillige sårbarheder i Pillow, et billedbibliotek til -Python, hvilke kunne medføre udførelse af vilkårlig kode eller -informationsafsløring, hvis en misdannet billedfil blev behandlet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.6.1-2+deb8u3.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 3.4.2-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.4.2-1.

- -

Vi anbefaler at du opgraderer dine pillow-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3710.data" diff --git a/danish/security/2016/dsa-3711.wml b/danish/security/2016/dsa-3711.wml deleted file mode 100644 index b22c83ea457..00000000000 --- a/danish/security/2016/dsa-3711.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="a1943f6a71fccb4745b07ae79c5f042c2eed46a3" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MariaDB. Sårbarhederne er løst -ved at opgradere MariaDB til den nye opstrømsversion 10.0.28. Se MariaDB 10.0 -Release Notes for flere oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i -version 10.0.28-0+deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 10.0.28-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 10.0.28-1.

- -

Vi anbefaler at du opgraderer dine mariadb-10.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3711.data" diff --git a/danish/security/2016/dsa-3712.wml b/danish/security/2016/dsa-3712.wml deleted file mode 100644 index 722e16c96b2..00000000000 --- a/danish/security/2016/dsa-3712.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="8501c30ff4055e4aaad5c69c058103e4095cfd09" mindelta="1" -sikkerhedsopdatering - -

Nicolas Braud-Santoni opdagede at ukorrekt fornuftighedskontrol af tegns -escapesekvencer i terminalemulatoren Terminology, kunne medføre udførelse af -vilkårlige komandoer.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.7.0-1+deb8u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine terminology-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3712.data" diff --git a/danish/security/2016/dsa-3713.wml b/danish/security/2016/dsa-3713.wml deleted file mode 100644 index e38d91dcd70..00000000000 --- a/danish/security/2016/dsa-3713.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="fabc19d49f7fe3bbd9e168e4b4fe6ad713df97e5" mindelta="1" -sikkerhedsopdatering - -

Chris Evans opdagede at GStreamer 0.10-plugin'en til dekodning af NES Sound -Format-filer, muliggjorde udførelse af vilkårlig kode. Yderligere oplysninger -finder man i hans bulletin på -\ -http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.10.23-7.4+deb8u1.

- -

Den ustabile distribution (sid) indeholder ikke længere Gstreamer 0.10.

- -

Vi anbefaler at du opgraderer dine gst-plugins-bad0.10-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3713.data" diff --git a/danish/security/2016/dsa-3714.wml b/danish/security/2016/dsa-3714.wml deleted file mode 100644 index 36543f66576..00000000000 --- a/danish/security/2016/dsa-3714.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="4ec762ed5977824653898145f669b6a7fa29f10e" mindelta="1" -sikkerhedsopdatering - -

I nogle opsætninger var MySQL- storagebackend'en til Akonadi, en udvidbar -Personal Information Management-storagetjeneste (PIM) der fungerer på tværs af -skrivebordsmiljøer, ikke i stand til at starte efter installeringen af -sikkerhedsopdateringen MySQL 5.5.53.

- -

Med denne opdatering genindføres der kompabilitet i opsætningsfilen -/etc/akonadi/mysql-global.conf (version 1.13.0-2+deb8u2).

- -

Vi anbefaler at du opgraderer dine akonadi-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3714.data" diff --git a/danish/security/2016/dsa-3715.wml b/danish/security/2016/dsa-3715.wml deleted file mode 100644 index 4287eec2b1a..00000000000 --- a/danish/security/2016/dsa-3715.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b8ee77acd70375b27f7838c171cdbb5fdd74a044" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder i forbindelse med udførelse af skripter på tværs af -websteder, blev opdaget i moin, en Python-klon af WikiWiki. En fjernangriber -kunne iværksætte angreb på tværs af websteder gennem GUI-editorens -vedhæftelsesdialog -(\ -CVE-2016-7146), AttachFile-viewet -(\ -CVE-2016-7148) og GUI-editorens linkdialog -(\ -CVE-2016-9119).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.9.8-1+deb8u1.

- -

Vi anbefaler at du opgraderer dine moin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3715.data" diff --git a/danish/security/2016/dsa-3716.wml b/danish/security/2016/dsa-3716.wml deleted file mode 100644 index 3a2b841daab..00000000000 --- a/danish/security/2016/dsa-3716.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="41b34f407de1f973d5bf92178dfb033a48cd3040" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl, bufferoverløb og andre implementeringsfejl -kunne føre til udførelse af vilkårlig kode eller omgåelse af samme ophav-reglen. -Der er også rettet et manden i midten-angreb i mekanismen til opdatering af -addons.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 45.5.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 45.5.0esr-1 og version 50.0-1 af firefox' kildekodepakke.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3716.data" diff --git a/danish/security/2016/dsa-3717.wml b/danish/security/2016/dsa-3717.wml deleted file mode 100644 index 286d928e7ce..00000000000 --- a/danish/security/2016/dsa-3717.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="a6e86ace0a17d6db21288f87a049a09a355768f1" mindelta="1" -sikkerhedsopdatering - -

Chris Evans opdagede at GStreamer-plugin'en til dekodning af VMwares screen -capture-filer muliggjorde udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er dette problem rettet i version -1.4.4-2.1+deb8u1 af gst-plugins-bad1.0 og version 0.10.23-7.4+deb8u2 af -gst-plugins-bad0.10.

- -

I den ustabile distribution (sid), er dette problem rettet i version -1.10.1-1 af gst-plugins-bad1.0.

- -

Vi anbefaler at du opgraderer dine gst-plugins-bad1.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3717.data" diff --git a/danish/security/2016/dsa-3718.wml b/danish/security/2016/dsa-3718.wml deleted file mode 100644 index 13001ff8e01..00000000000 --- a/danish/security/2016/dsa-3718.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="65577359f09bec8f263cbfeff428fb902c909ebb" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i indholdshåndteringsframeworket Drupal. -For yderligere oplysninger, se opstrøms bulletin på -\ -https://www.drupal.org/SA-CORE-2016-005.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 7.32-1+deb8u8.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.52-1.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3718.data" diff --git a/danish/security/2016/dsa-3719.wml b/danish/security/2016/dsa-3719.wml deleted file mode 100644 index 747757e662e..00000000000 --- a/danish/security/2016/dsa-3719.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="b1671ff0e2e24acadb1a1562f0e19073e3477fc9" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at wireshark, et program til analysering af netværksprotokoller, -indeholdt flere sårbarheder i dissektorerne til DCERPC, AllJoyn, DTN og -OpenFlow, hvilke kunne føre til forskellige nedbrud, lammelsesangreb (denial of -service) eller udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.12.1+g01b65bf-4+deb8u10.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.2.2+g9c5aae3-1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3719.data" diff --git a/danish/security/2016/dsa-3720.wml b/danish/security/2016/dsa-3720.wml deleted file mode 100644 index 534d727e08f..00000000000 --- a/danish/security/2016/dsa-3720.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="5ee08093c6036f5103068a8f0d48de521a8abdc9" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsårbarheder er opdaget i Tomcat-servlet'en og -JSP-motoren, hvilke muligvis kunne medføre timingangreb til at afgøre gyldige -brugernavne, omgå SecurityManager, afsløre systemegenskaber, ubegrænset adgang -til globale ressourcer, overskrivning af vilkårlige filer samt potentielt -rettighedsforøgelse.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 8.0.14-1+deb8u4.

- -

Vi anbefaler at du opgraderer dine tomcat8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3720.data" diff --git a/danish/security/2016/dsa-3721.wml b/danish/security/2016/dsa-3721.wml deleted file mode 100644 index 6ed990c4823..00000000000 --- a/danish/security/2016/dsa-3721.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="16f4fbb28431ebc342654588603bfa9315fb477c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsårbarheder er opdaget i Tomcat-servlet'en og -JSP-motoren, hvilke muligvis kunne medføre timingangreb til at afgøre gyldige -brugernavne, omgå SecurityManager, afsløre systemegenskaber, ubegrænset adgang -til globale ressourcer, overskrivning af vilkårlige filer samt potentielt -rettighedsforøgelse.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7.0.56-3+deb8u5.

- -

Vi anbefaler at du opgraderer dine tomcat7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3721.data" diff --git a/danish/security/2016/dsa-3722.wml b/danish/security/2016/dsa-3722.wml deleted file mode 100644 index 17eff14b256..00000000000 --- a/danish/security/2016/dsa-3722.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="7675dfb269759bc76e70b4549593e4134ce5e927" mindelta="1" -sikkerhedsopdatering - -

Florian Larysch og Bram Moolenaar opdagede at vim, en forbedret vi-editor, -ikke på korrekt vis validerede værdier til valgmulighederne filetype, -syntax og keymap, hvilket kunne føre til udførelse af vilkårlig -kode, hvis en fil med en særligt fremstillet modeline blev åbnet.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2:7.4.488-7+deb8u1.

- -

Vi anbefaler at du opgraderer dine vim-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3722.data" diff --git a/danish/security/2016/dsa-3723.wml b/danish/security/2016/dsa-3723.wml deleted file mode 100644 index 0a727f0a118..00000000000 --- a/danish/security/2016/dsa-3723.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="a9a5f6f7acf365876e148163c1421cc4d457a098" mindelta="1" -sikkerhedsopdatering - -

Chris Evans opdagede at GStreamer 1.0-plugin'en, som anvendes til at dekode -filer i FLIC-format, tillod udførelse af vilkårlig kode. Yderligere oplysninger -finder man i hans bulletin på -\ -https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.4.4-2+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.10.1-2.

- -

Vi anbefaler at du opgraderer dine gst-plugins-good1.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3723.data" diff --git a/danish/security/2016/dsa-3724.wml b/danish/security/2016/dsa-3724.wml deleted file mode 100644 index a8bfa597a38..00000000000 --- a/danish/security/2016/dsa-3724.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="4d4d06225d021f70dfda04482e6fbe0d531916bf" mindelta="1" -sikkerhedsopdatering - -

Chris Evans opdagede at GStreamer 0.10-plugin'en, som anvendes til at dekode -filer i FLIC-format, tillod udførelse af vilkårlig kode. Yderligere oplysninger -finder man i hans bulletin på -\ -https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html.

- -

Denne opdatering fjerner den usikre plugin til FLIC-filformatet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.10.31-3+nmu4+deb8u2.

- -

Vi anbefaler at du opgraderer dine gst-plugins-good0.10-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3724.data" diff --git a/danish/security/2016/dsa-3725.wml b/danish/security/2016/dsa-3725.wml deleted file mode 100644 index 26297f92f9a..00000000000 --- a/danish/security/2016/dsa-3725.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="5aacb602c6008e2a2361f365e290f11900a63074" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i biblioteket International Components for -Unicode (ICU).

- -
    - -
  • CVE-2014-9911 - -

    Michele Spagnuolo opdagede en bufferoverløbssårbarhed, der måske kunne - gøre det muligt for fjernangribere at forårsage et lammelsesangreb (denial - of service) eller muligvis udførelse af vilkårlig kode gennem fabrikeret - tekst.

    • - -
  • CVE-2015-2632 - -

    En heltalsoverløbsårbarhed kunne måske føre til et lammelsesangreb eller - afsløring af en del af applikationshukommelsen, hvis en angriber har kontrol - over inddatafilen.

    • - -
  • CVE-2015-4844 - -

    Bufferoverløbssårbarheder kunne måske gøre det muligt for en angriber med - kontrol over skrifttypefilene, at iværksætte et lammelsesangreb eller - muligvis udførelse af vilkårlig kode.

    • - -
  • CVE-2016-0494 - -

    Problemer med heltalsforegn opstod som en del af rettelsen af - \ - CVE-2015-4844.

    • - -
  • CVE-2016-6293 - -

    Et bufferoverløb kunne måske gøre det muligt for en angriber, at - iværksætte et lammelsesangreb eller afsløre dele af - applikationshukommelsen.

    • - -
  • CVE-2016-7415 - -

    Et stakbaseret bufferoverløb kunne gør det muligt for en angriber med - kontrol over locale-strengen, at iværksætte et lammelsesangreb og muligvis - udføre vilkårlig kode.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 52.1-8+deb8u4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 57.1-5.

- -

Vi anbefaler at du opgraderer dine icu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3725.data" diff --git a/danish/security/2016/dsa-3726.wml b/danish/security/2016/dsa-3726.wml deleted file mode 100644 index d18a0298075..00000000000 --- a/danish/security/2016/dsa-3726.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b4364899ce61ef83a0a4336a8530e5deb71daf76" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i ImageMagick, et populært sæt programmer og -biblioteker til billedbehandling. Der er blandt andre tale om flere problemer -i hukommelseshåndtering, der kunne medføre et lammelsesangreb (denial of -service) eller udførelse af vilkårlig kode af en angriber med kontrol over -billedinddataene.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 8:6.8.9.9-5+deb8u6.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 8:6.9.6.5+dfsg-1.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3726.data" diff --git a/danish/security/2016/dsa-3727.wml b/danish/security/2016/dsa-3727.wml deleted file mode 100644 index c86e8fd637d..00000000000 --- a/danish/security/2016/dsa-3727.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="3e9fd1151e4af1ded5ba9e79a4d78f91997a61a0" mindelta="1" -sikkerhedsopdatering - -

Cisco Talos opdagede at hdf5, et filformat og bibliotek til opbevaring af -videnskabelige data, indeholdt flere sårbarheder, som kunne føre til udførelse -af vilkårlig kode, når der blev behandlet data, der ikke er tillid til.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.8.13+docs-15+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution -(sid), er disse problemer rettet i version 1.10.0-patch1+docs-1.

- -

Vi anbefaler at du opgraderer dine hdf5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3727.data" diff --git a/danish/security/2016/dsa-3728.wml b/danish/security/2016/dsa-3728.wml deleted file mode 100644 index aafd15a8f76..00000000000 --- a/danish/security/2016/dsa-3728.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="ec0a03e2e08f599985ff6f4e27b949934f538216" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med anvendelse efter frigivelse i SVG Animation -blev opdaget i webbrowseren Mozilla Firefox, hvilket gjorde det muligt for en -fjernangriber at forårsage et lammelsesangreb (applikationsnedbrud) eller udføre -vilkårlig kode, hvis en bruger blev narret til at åbne et særligt fremstillet -websted.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 45.5.1esr-1~deb8u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3728.data" diff --git a/danish/security/2016/dsa-3729.wml b/danish/security/2016/dsa-3729.wml deleted file mode 100644 index 319bbcd2df0..00000000000 --- a/danish/security/2016/dsa-3729.wml +++ /dev/null @@ -1,70 +0,0 @@ -#use wml::debian::translation-check translation="c5b08a86124eeec7a69bfbfc233a72ef2d8cfb66" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisor'en Xen. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2016-7777 - (XSA-190) - -

    Jan Beulich fra SUSE opdagede at Xen ikke på korrekt vis efterkom CR0.TS - og CR0.EM for x86 HVM-gæster, hvilket potentielt gjorde det muligt for - gæstebrugere at læse eller ændre registertilstandsoplysninger vedrørende - FPU, MMX eller XMM hørende til vilkårlige tasks på gæsten, ved at ændre en - instruktion mens hypervisor'en gjorde klar til at emulere den.

    • - -
  • CVE-2016-9379, - CVE-2016-9380 (XSA-198) - -

    Daniel Richman og Gabor Szarka fra Cambridge University Student-Run - Computing Facility opdagede at pygrub, bootloaderemulatoren, ikke fik sat - sine resultater i anførselstegn (eller fornuftighedskontrolleret dem), når - de blev rapporteret til dens kaldende funktion. En ondsindet - gæsteadministrator kunne drage nytte af fejlen til at forårsage en - informationslækage eller lammelsesangreb (denial of service).

    • - -
  • CVE-2016-9382 - (XSA-192) - -

    Jan Beulich fra SUSE opdagede at Xen ikke på korrekt vis håndterede - x86-taskskift til VM86-tilstand. En upriviligeret gæsteproce kunne drage - nytte af fejlen til at få gæsten til at gå ned eller forøge sine rettigheder - til dem gæstestyresystemet har.

    • - -
  • CVE-2016-9383 - (XSA-195) - -

    George Dunlap fra Citrix opdagede at Xens x86 64 - bit-bittestinstruktionsemulering var defekt. En ondsindet gæst kunne drage - nytte af fejlen til at ændre vilkårlig hukommelse, hvilket muliggjorde - udførelse af vilkårlig kode, lammelsesangreb (værtsnedbrud) eller - informationslækager.

    • - -
  • CVE-2016-9385 - (XSA-193) - -

    Andrew Cooper fra Citrix opdagede at Xens - x86-segmentbase-skrivningsemulering manglende kanoniske adressekontroller. - En ondsindet gæsteadministrator kunne drage nytte af fejlen til at få værten - til at gå ned, førende til et lammelsesangreb.

    • - -
  • CVE-2016-9386 - (XSA-191) - -

    Andrew Cooper fra Citrix opdagede at x86 null-segmenter ikke altid blev - behandlet som ubrugelige. Et upriviligeret gæstebrugerprogram kunne måske - være i stand til at forsøge sine rettigheder til dem gæstestyresystemet - har.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.4.1-9+deb8u8.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3729.data" diff --git a/danish/security/2016/dsa-3730.wml b/danish/security/2016/dsa-3730.wml deleted file mode 100644 index 0f11902b719..00000000000 --- a/danish/security/2016/dsa-3730.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e9591ab055a854d4f6bfe3d11539815c4c60aa7e" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af -mailklienten Mozilla Thunderbird: Adskillige hukommelsessikkerhedsfejl, -problemer med omgåelse af samme ophav-reglen, heltalsoverløb, bufferoverløb og -anvendelse efter frigivelse, kunne føre til udførelse af vilkårlig kode eller -lammelsesangreb (denial of service).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:45.5.1-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:45.5.1-1 or earlier.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3730.data" diff --git a/danish/security/2016/dsa-3731.wml b/danish/security/2016/dsa-3731.wml deleted file mode 100644 index 50721c00aeb..00000000000 --- a/danish/security/2016/dsa-3731.wml +++ /dev/null @@ -1,239 +0,0 @@ -#use wml::debian::translation-check translation="c322bcefa14b5724d454180610e8434c7dab2bcd" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2016-5181 - -

    Et problem med udførelse af skripter på tværs af websteder, blev - opdaget.

    • - -
  • CVE-2016-5182 - -

    Giwan Go opdagede et heapoverløbsproblem.

    • - -
  • CVE-2016-5183 - -

    Et problem med anvendelse efter frigivelse blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2016-5184 - -

    Et andet problem med anvendelse efter frigivelse blev opdaget i - biblioteket pdfium.

    • - -
  • CVE-2016-5185 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - Blink/Webkit.

    • - -
  • CVE-2016-5186 - -

    Abdulrahman Alqabandi opdagede et problem med læsning uden for grænserne - i udviklerværktøjerne.

    • - -
  • CVE-2016-5187 - -

    Luan Herrera opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2016-5188 - -

    Luan Herrera opdagede at nogle dropdownmenuer kunne anvendes til at - skjule dele af brugergrænsefladen.

    • - -
  • CVE-2016-5189 - -

    xisigr opdagedet et problem med URL-forfalskning.

    • - -
  • CVE-2016-5190 - -

    Atte Kettunen opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2016-5191 - -

    Gareth Hughes opdagede et problem med udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2016-5192 - -

    haojunhou@gmail.com opdagede et problem med omgåelse af samme - ophav-reglen.

    • - -
  • CVE-2016-5193 - -

    Yuyang Zhou opdagede en måde at åbne et nyt vindue som en popup.

    • - -
  • CVE-2016-5194 - -

    Udviklingsholdet bag chrome fandt og rettede forskellige problemer under - intern kodegennemgang.

    • - -
  • CVE-2016-5198 - -

    Tencent Keen Security Lab opdagede et problem med hukommelsestilgang uden - for grænserne i JavaScript-biblioteket v8.

    • - -
  • CVE-2016-5199 - -

    Et problem med heapkorruption blev opdaget i biblioteket ffmpeg.

    • - -
  • CVE-2016-5200 - -

    Choongwoo Han opdagede et problem med hukommelsestilgang uden for - grænserne i JavaScript-biblioteket v8.

    • - -
  • CVE-2016-5201 - -

    Rob Wu opdagede en informationslækage.

    • - -
  • CVE-2016-5202 - -

    Udviklingsholdet bag chrome fandt og rettede forskellige problemer under - intern kodegennemgang.

    • - -
  • CVE-2016-5203 - -

    Et problem med anvendelse efter frigivelse blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2016-5204 - -

    Mariusz Mlynski opdagede et problem med udførelse af skripter på tværs af - websteder i håndteringen af SVG-billeder.

    • - -
  • CVE-2016-5205 - -

    Et problem med udførelse af skripter på tværs af websteder.

    • - -
  • CVE-2016-5206 - -

    Rob Wu opdagede en omgåelse af samme ophav-reglen i biblioteket - pdfium.

    • - -
  • CVE-2016-5207 - -

    Mariusz Mlynski opdagede et problem med udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2016-5208 - -

    Mariusz Mlynski opdagede et andet problem med udførelse af skripter på - tværs af websteder.

    • - -
  • CVE-2016-5209 - -

    Giwan Go opdagede et problem med skrivning uden for grænserne i - Blink/Webkit.

    • - -
  • CVE-2016-5210 - -

    Ke Liu opdagede en skrivning uden for grænserne i biblioteket - pdfium.

    • - -
  • CVE-2016-5211 - -

    Et problem med anvendelse efter frigivelse blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2016-5212 - -

    Khalil Zhani opdagede et problem med informationsafsløring i - udviklerværktøjerne.

    • - -
  • CVE-2016-5213 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - JavaScript-biblioteket v8.

    • - -
  • CVE-2016-5214 - -

    Jonathan Birch opdagede en omgåelse af fildownloadbeskyttelsen.

    • - -
  • CVE-2016-5215 - -

    Looben Yang opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2016-5216 - -

    Et problem med anvendelse efter frigivelse blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2016-5217 - -

    Rob Wu opdagede en tilstand, hvor data ikke blev valideret af biblioteket - pdfium.

    • - -
  • CVE-2016-5218 - -

    Abdulrahman Alqabandi opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2016-5219 - -

    Rob Wu opdagede et problem med anvendelse efter frigivelse i - JavaScript-biblioteket v8.

    • - -
  • CVE-2016-5220 - -

    Rob Wu opdagede en måde at tilgå filer på det lokale system.

    • - -
  • CVE-2016-5221 - -

    Tim Becker opdagede et heltalsoverløbsproblem i bibliotek - angle.

    • - -
  • CVE-2016-5222 - -

    xisigr opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2016-5223 - -

    Hwiwon Lee opdagede et heltalsoverløbsproblem i biblioteket - pdfium.

    • - -
  • CVE-2016-5224 - -

    Roeland Krak opdagede en omgåelse af samme ophav-reglen i håndteringen af - SVG-billeder.

    • - -
  • CVE-2016-5225 - -

    Scott Helme opdagede en omgåelse af Content Security Protection.

    • - -
  • CVE-2016-5226 - -

    Jun Kokatsu opdagede et problem med udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2016-9650 - -

    Jakub Å»oczek opdagede en informationsafslæøring gennem Content Security - Protection.

    • - -
  • CVE-2016-9651 - -

    Guang Gong opdagede en måde at tilgå private data på i - JavaScript-biblioteket v8.

    • - -
  • CVE-2016-9652 - -

    Udviklingsholdet bag chrome fandt og rettede forskellige problemer under - intern kodegennemgang.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 55.0.2883.75-1~deb8u1.

- -

I distributionen testing (stretch), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 55.0.2883.75-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3731.data" diff --git a/danish/security/2016/dsa-3732.wml b/danish/security/2016/dsa-3732.wml deleted file mode 100644 index 218e8840d78..00000000000 --- a/danish/security/2016/dsa-3732.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="f6f51b757266c66497b13fdda34b4a7385b23f7b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et generelt anvendeligt scriptsprog der -hyppigt benyttes til udvikling af webapplikationer.

- -

Sårbarhederne er løst ved at opgradere PHP til den nye opstrømsversion -5.6.28, som indeholder yderligere fejlrettelser. Se opstrøms changelog for -flere oplysninger:

- -

-https://secure.php.net/ChangeLog-5.php#5.6.28

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.6.28+dfsg-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3732.data" diff --git a/danish/security/2016/dsa-3733.wml b/danish/security/2016/dsa-3733.wml deleted file mode 100644 index 7a9eb2c0e8b..00000000000 --- a/danish/security/2016/dsa-3733.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="6393b6d14c8f9a3369d3cf3d4b0b8d7a1c861194" mindelta="1" -sikkerhedsopdatering - -

Jann Horn fra Google Project Zero opdagede at APT, pakkehåndteringsprogrammet -på højt niveau, ikke på korrekt vis håndterede fejl, når der blev valideret -signaturer i InRelease-filer. En angriber, der er i stand til at agere som -manden i midten ved HTTP-forespørgsler til et apt-arkiv, der anvender -InRelease-filer, kunne drage nytte af fejlen til at omgå signaturen på -InRelease-filen, førende til udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.0.9.8.4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4~beta2.

- -

Vi anbefaler at du opgraderer dine apt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3733.data" diff --git a/danish/security/2016/dsa-3734.wml b/danish/security/2016/dsa-3734.wml deleted file mode 100644 index 03a7be6fd3b..00000000000 --- a/danish/security/2016/dsa-3734.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="0f47bd6608152dc71a0b0a2a41911e92de3c6b19" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl, bufferoverløb og andre implementeringsfejl -kunne føre til udførelse af vilkårlig kode eller informationslækager.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -45.6.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -45.6.0esr-1 af firefox-esr og version 50.1.0-1 af firefox.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3734.data" diff --git a/danish/security/2016/dsa-3735.wml b/danish/security/2016/dsa-3735.wml deleted file mode 100644 index 908a736d069..00000000000 --- a/danish/security/2016/dsa-3735.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7e838678831995700b456a68dbf4c4c338fb035b" mindelta="1" -sikkerhedsopdatering - -

Chris Evans opdagede at ukorrekt emulering af lyd-co-processoren SPC700 i et -Super Nintendo Entertainment System, gjorde det muligt at udføre vilkårlig kode, -hvis en misdannet SPC-musikfil blev åbnet. Yderligere oplysninger fander man på - -http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.5.5-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.6.0-4.

- -

Vi anbefaler at du opgraderer dine game-music-emu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3735.data" diff --git a/danish/security/2016/dsa-3736.wml b/danish/security/2016/dsa-3736.wml deleted file mode 100644 index dc905534888..00000000000 --- a/danish/security/2016/dsa-3736.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="294a3b8453502e5e5be78c5baa665afb9b561ad3" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i libupnp, et portabelt SDK til UPnP-enheder.

- -
    - -
  • CVE-2016-6255 - -

    Matthew Garret opdagede at libupnp som standard tillod at enhver bruger - kunne skrive til filsystemet på værter, der kører en libupnp-baseret - serverapplikation.

    • - -
  • CVE-2016-8863 - -

    Scott Tenaglia opdagede en heapbufferoverløbssårbarhed, der kunne føre - til lammelsesangreb (denial of service) eller fjernudførelse af - kode.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:1.6.19+git20141001-1+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distributions (sid), er -disse problemer rettet i version 1:1.6.19+git20160116-1.2.

- -

Vi anbefaler at du opgraderer dine libupnp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3736.data" diff --git a/danish/security/2016/dsa-3737.wml b/danish/security/2016/dsa-3737.wml deleted file mode 100644 index 85bd6defa9e..00000000000 --- a/danish/security/2016/dsa-3737.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="ef5be5e5e821e8c196c34241df74ff6c935abf5c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet PHP, et generelt anvendeligt skriptsprog, som -hyppigt benyttes til udvikling af webapplikationer.

- -

Sårbarhederne er løst ved at opgradere PHP til den nye opstrømsversion -5.6.29, der indeholder yderligere fejlrettelser. Se opstrøms changelog for -flere oplysninger:

- -

-https://php.net/ChangeLog-5.php#5.6.29

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.6.29+dfsg-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3737.data" diff --git a/danish/security/2016/dsa-3738.wml b/danish/security/2016/dsa-3738.wml deleted file mode 100644 index 6789bd161b5..00000000000 --- a/danish/security/2016/dsa-3738.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="0b49876de3d823f2d0af02d3d6a3c3d5fb788a21" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder blev opdaget servlet'en og JSP-motoren -Tomcat, samt i dens Debian-specifikke vedligeholderskripter. Fejlene -muliggjorde rettighedsforøgelse, informationsafsløring og fjernudførelse af -kode.

- -

Som en del af denne opdatering, er flere regressioner stammende fra -ufuldstændige rettelser af tidligere sårbarheder også rettet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7.0.56-3+deb8u6.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -disse problemer rettet i version 7.0.72-3.

- -

Vi anbefaler at du opgraderer dine tomcat7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3738.data" diff --git a/danish/security/2016/dsa-3739.wml b/danish/security/2016/dsa-3739.wml deleted file mode 100644 index 4b32eb96722..00000000000 --- a/danish/security/2016/dsa-3739.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="118008f767e140de53463e0b8f0320c830eaa8ca" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder blev opdaget servlet'en og JSP-motoren -Tomcat, samt i dens Debian-specifikke vedligeholderskripter. Fejlene -muliggjorde rettighedsforøgelse, informationsafsløring og fjernudførelse af -kode.

- -

Som en del af denne opdatering, er flere regressioner stammende fra -ufuldstændige rettelser af tidligere sårbarheder også rettet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 8.0.14-1+deb8u5.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -disse problemer rettet i version 8.5.8-2.

- -

Vi anbefaler at du opgraderer dine tomcat8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3739.data" diff --git a/danish/security/2016/dsa-3740.wml b/danish/security/2016/dsa-3740.wml deleted file mode 100644 index a425f97af7a..00000000000 --- a/danish/security/2016/dsa-3740.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="1eb3ce10e0b124ea3176ddddf90ef525c08e2f0a" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Samba, en SMB-/CIFS-fil-, print- og -login-server til Unix. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2016-2119 - -

    Stefan Metzmacher opdagede at klientside SMB2/3 krævede at signering - kunne nedgradere, hvilket gjorde det muligt for en manden i midten-angriber - at udgive sig for at være en server, som er forbundet til Samba, og - returnere ondsindede svar.

    • - -
  • CVE-2016-2123 - -

    Trend Micros Zero Day Initiative og Frederic Besler opdagede at rutinen - ndr_pull_dnsp_name, som anvendes til at fortolke data fra Samba Active - Directorys ldb-database, indeholdt en heltalsoverløbsfejl, førende til en - angriber-kontrolleret hukommelsesoverskrivelse. En autentificeret bruger - kunne drage nytte af fejlen til fjern rettighedsforøgelse.

    • - -
  • CVE-2016-2125 - -

    Simo Sorce fra Red Hat opdagede at Samba-klientkoden altid bad om en - ticket, der kan sendes videre, når Kerberos-autentifikation anvendes. En - målserver, der skal være i det aktuelle eller et domæne/realm, der er - tillid til, fik en gyldig, generelt anvendelig Kerberos-Ticket Granting - Ticket (TGT), der kan anvendes til fuldstændig at udgive sig for at være - den autentificerede bruger eller server.

    • - -
  • CVE-2016-2126 - -

    Volker Lendecke opdagede flere fejl i Kerberos' PAC-validering. En - fjern, autentificeret angriber kunne få winbindd-processen til at gå ned - ved hjælp af en legitim Kerberos-ticket, på grund af ukorrekt håndtering af - PAC-kontrolsummen. En lokal service med adgang til winbindd's priviligerede - pipe, kunne få winbindd til at cache forøget adgangsrettigheder.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i version -2:4.2.14+dfsg-0+deb8u2. Desuden indeholder denne opdatering flere ændringer, -som oprindelig var planlagt til den kommende punktopdatering af jessie.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3740.data" diff --git a/danish/security/2016/dsa-3741.wml b/danish/security/2016/dsa-3741.wml deleted file mode 100644 index 3b5dddc8ed7..00000000000 --- a/danish/security/2016/dsa-3741.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="518efc650ac312164d0e514a6ddc84bdb1718fde" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Tor, et forbindelsesbaseret anonymt kommunikationssystem med -lav latency, kunne læse en byte forbi slutningen af en buffer, når der blev -fortolket skjulte servicedeskriptorer. Problemet kunne gøre det muligt for en -fjendtligsindet skjult service at få Tor-klienter til at gå ned, afhængigt af -hardening-indstillinger og malloc-implementering.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.2.5.12-4.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem has rettet i version 0.2.9.8-2.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3741.data" diff --git a/danish/security/2016/dsa-3742.wml b/danish/security/2016/dsa-3742.wml deleted file mode 100644 index a2102af542c..00000000000 --- a/danish/security/2016/dsa-3742.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="96283b0b4d089f9217602638d3c3f715d8115b48" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at flysimulatoren Flight Gear udførte utilstrækkelig -fornuftighedskontrol af Nasal-skripter, hvilket gjorde det muligt for et -ondsindet skript at overskrive vilkårlige filer med brug af rettighederne -hørende til den bruger, der kører Flight Gear.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.0.0-5+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:2016.4.3+dfsg-1.

- -

Vi anbefaler at du opgraderer dine flightgear-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3742.data" diff --git a/danish/security/2016/dsa-3743.wml b/danish/security/2016/dsa-3743.wml deleted file mode 100644 index fdd7f98e7ef..00000000000 --- a/danish/security/2016/dsa-3743.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="f34af5d552f2754bfe530c15945bf87814076fd0" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at bottle, et WSGI-framework til programmeringssproget Python, -ikke på korrekt vis filtrerede \r\n-sekvencer når viderestillinger blev -behandlet. Dermed var det muligt for en angriber at iværksætte CRLF-angreb så -som HTTP-headerindsprøjtning.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.12.7-1+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem has rettet i version 0.12.11-1.

- -

Vi anbefaler at du opgraderer dine python-bottle-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3743.data" diff --git a/danish/security/2016/dsa-3744.wml b/danish/security/2016/dsa-3744.wml deleted file mode 100644 index 3d46e5b739b..00000000000 --- a/danish/security/2016/dsa-3744.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="6b4a3c04fda45cf086a64f7218dcc43c5029ae53" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libxml2, et bibliotek der leverer -understøttelse af læsning, ændring og skrivning af XML- og HTML-filer. En -fjernangriber kunne levere en særligt fremstillet XML- eller HTML-fil, som når -den blev behandlet af en applikation, der anvender libxml2, medførte et -lammelsesangreb (denial of service) mod applikationen, eller potentielt -udførelse af vilkårlig kode med rettighederne hørende til brugeren, der kører -applikationen.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.9.1+dfsg1-5+deb8u4.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 2.9.4+dfsg1-2.1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.9.4+dfsg1-2.1.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3744.data" diff --git a/danish/security/2016/dsa-3745.wml b/danish/security/2016/dsa-3745.wml deleted file mode 100644 index 69fa1a4acbc..00000000000 --- a/danish/security/2016/dsa-3745.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="1d4c9e71daddabac2ae852ff2d1acbb12539dd24" mindelta="1" -sikkerhedsopdatering - -

Saulius Lapinskas fra Lithuanian State Social Insurance Fund Board opdagede -at Squid3, en komplet webproxycache, ikke på korrekt vis behandlede svar til -betingede If-None-Modified-HTTP-forespørgsler, førende til at klientspecifikke -cookiedata blev lækket til andre klienter. En fjernangriber kunne drage nytte -af fejlen til at opdage private og følsomme oplysninger om andre klienters -browsingsessioner.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.4.8-6+deb8u4. Desuden indeholder opdateringen en rettelse af -\#819563.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.5.23-1.

- -

Vi anbefaler at du opgraderer dine squid3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3745.data" diff --git a/danish/security/2016/dsa-3746.wml b/danish/security/2016/dsa-3746.wml deleted file mode 100644 index 99e526bf6ce..00000000000 --- a/danish/security/2016/dsa-3746.wml +++ /dev/null @@ -1,105 +0,0 @@ -#use wml::debian::translation-check translation="6f58313fb9f886ef2d43cf7f77c0b99a9b9224e4" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i GraphicsMagick, en samling af værktøjer til -billedbehandling, hvilke kunne forårsage lammelsesangreb (denial of service), -fjernsletning af filer og fjernudførelse af kommandoer.

- -

Denne sikkerhedsopdatering fjerner den komplette understøttelse af -PLT/Gnuplot-dekoderen, for at forhindre Gnuplot-shell-baserede shellsårbarheder -for at rette sårbarheden -\ -CVE-2016-3714.

- -

Det udokumenterede magiske præfiks TMP fjerner ikke længere -parameterfilen efter den er blevet læst, for at rette sårbarheden -\ -CVE-2016-3715. Da TMP-funktionaliteten oprindelig blev -implementeret, tilføjede GraphicsMagick et undersystem til håndtering af -midlertidige filer, hvilket sikrede at midlertidige filer blev fjernet, så denne -funktionalitet er ikke nødvendig.

- -

Fjerner understøttelse af læsning af inddata fra en shellkommando, eller -skrivning af uddata til en shellkommando, ved at det specificerede filnavn -(indeholdende kommandoen) får en | præfiks, for at rette sårbarheden -\ -CVE-2016-5118.

- -
    - -
  • CVE-2015-8808 - -

    Gustavo Grieco opdagede en læsning uden for grænserne i fortolkningen af - GIF-filer, hvilket kunne medføre lammelsesangreb.

    • - -
  • CVE-2016-2317 - -

    Gustavo Grieco opdagede et stakbufferoverløb og to heapbufferoverløb ved - behandling af SVG-billeder, hvilket kunne medføre lammelsesangreb.

    • - -
  • CVE-2016-2318 - -

    Gustavo Grieco opdagede flere segmenteringsfejl ved behandling af - SVG-billeder, hvilket kunne medføre lammelsesangreb.

    • - -
  • CVE-2016-5240 - -

    Gustavo Grieco opdagede et problem med en uendelig løkke, forårsaget af - negative stroke-dasharray-parametre ved behandling af SVG-filer, hvilket - kunne medføre lammelsesangreb.

    • - -
  • CVE-2016-7800 - -

    Marco Grassi opdagede et underløb uden fortegn førende til heapoverløb - ved behandling af 8BIM-chunk ofte hæftet på JPG-filer, hvilket kunne medføre - lammelsesangreb.

    • - -
  • CVE-2016-7996 - -

    Moshe Kaplan opdagede at der ikke var nogen kontrol af om det leverede - colormap ikke er større end 256 forekomster i WPG-læseren, hvilket kunne - medføre lammelsesangreb.

    • - -
  • CVE-2016-7997 - -

    Moshe Kaplan opdagede at en assertion blev kastet for nogle filer i - WPG-læseren på grund af en logisk fejl, hvilket kunne medføre - lammelsesangreb.

    • - -
  • CVE-2016-8682 - -

    Agostino Sarubbo fra Gentoo opdagede et stakbufferlæsningsoverløb ved - læsning af SCT-headeren, hvilket kunne medføre lammelsesangreb.

    • - -
  • CVE-2016-8683 - -

    Agostino Sarubbo fra Gentoo opdagede en hukommelsesallokeringsfejl i - PCX-koderen, hvilket kunne medføre lammelsesangreb.

    • - -
  • CVE-2016-8684 - -

    Agostino Sarubbo fra Gentoo opdagede en hukommelsesallokeringsfejl i - SGI-koderen, hvilket kunne medføre lammelsesangreb.

    • - -
  • CVE-2016-9830 - -

    Agostino Sarubbo fra Gentoo opdagede en hukommelsesallokeringsfejl i - funktionen MagickRealloc(), hvilket kunne medføre lammelsesangreb.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i version -1.3.20-3+deb8u2.

- -

I distributionen testing (stretch), er disse problemer (med undtagelse af -\ -CVE-2016-9830) rettet i version 1.3.25-5.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.3.25-6.

- -

Vi anbefaler at du opgraderer dine graphicsmagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3746.data" diff --git a/danish/security/2016/dsa-3747.wml b/danish/security/2016/dsa-3747.wml deleted file mode 100644 index e7856f203e3..00000000000 --- a/danish/security/2016/dsa-3747.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="22fc4f209b1fb4f6b159f19f8fcc094b4a378753" mindelta="1" -sikkerhedsopdatering - -

Bjoern Jacke opdagede at Exim, Debians standard mailoverførselsprogram, kunne -lække den private DKIM-signeringsnøgle til logfilerne, hvis specifikke -opsætningsindstillinger var sat.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4.84.2-2+deb8u2.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3747.data" diff --git a/danish/security/2016/dsa-3748.wml b/danish/security/2016/dsa-3748.wml deleted file mode 100644 index 63745f6dbc1..00000000000 --- a/danish/security/2016/dsa-3748.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="2a0f25696671e93b488564034d0f06cd65547ae6" mindelta="1" -sikkerhedsopdatering - -

Gergely Gábor Nagy fra Tresorit opdagede at libcrypto++, et kryptografisk -C++-bibliotek, indeholdt en fejl i flere ASN.1-fortolkningsrutiner. Dermed var -det muligt for en fjernangriber at forårsage et lammelsesangreb (denial of -service).

- -

I den stabile distribution (jessie), er dette problem rettet i version -5.6.1-6+deb8u3.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 5.6.4-5.

- -

Vi anbefaler at du opgraderer dine libcrypto++-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3748.data" diff --git a/danish/security/2016/dsa-3749.wml b/danish/security/2016/dsa-3749.wml deleted file mode 100644 index 23ddacbba3b..00000000000 --- a/danish/security/2016/dsa-3749.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="e16de36699e0bbb38f9d1cb42cf82d61011ebd3b" mindelta="1" -sikkerhedsopdatering - -

Gjoko Krstic fra Zero Science Labs opdagede at dcmtk, en samling biblioteker -som implementerer DICOM-standarden, ikke på korrekt vis håndterede størrelsen på -data modtaget fra netværket. Det kunne føre til lammelsesangreb (denial of -service gennem applikationsnedbrud) eller udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.6.0-15+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 3.6.1~20160216-2.

- -

Vi anbefaler at du opgraderer dine dcmtk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3749.data" diff --git a/danish/security/2016/dsa-3750.wml b/danish/security/2016/dsa-3750.wml deleted file mode 100644 index 9b19ef2df48..00000000000 --- a/danish/security/2016/dsa-3750.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="7f804717ab5f7d3bb52e0a12620807f0a5ce854f" mindelta="1" -sikkerhedsopdatering - -

Dawid Golunski opdagede at PHPMailer, et populært bibliotek til afsendelse af -mail fra PHP-applikationer, gjorde det muligt for fjernangribere at udføre kode, -hvis de var i stand til at levere en fabrikeret Sender-adresse.

- -

Bemærk at dette problem også er blevet tildelt -\ -CVE-2016-10045, hvilket er en regression i den originale patch foreslået til -\ -CVE-2016-10033. Da den origiale patch ikke blev anvendt i Debian, var -Debian ikke sårbar over for -\ -CVE-2016-10045.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.2.9+dfsg-2+deb8u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.2.14+dfsg-2.1.

- -

Vi anbefaler at du opgraderer dine libphp-phpmailer-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2016/dsa-3750.data" diff --git a/danish/security/2016/index.wml b/danish/security/2016/index.wml deleted file mode 100644 index c77d3c786ba..00000000000 --- a/danish/security/2016/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2016 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security -#use wml::debian::translation-check translation="ed54eda7d637b53fe29a2c72db3fc396fd5cd983" - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/security/2016' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2017/Makefile b/danish/security/2017/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2017/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2017/dsa-3751.wml b/danish/security/2017/dsa-3751.wml deleted file mode 100644 index 79a1c0ddb01..00000000000 --- a/danish/security/2017/dsa-3751.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="39f1d46ea5f3ba2ce8f2602bb0975ef8f7108898" mindelta="1" -sikkerhedsopdatering - -

En stakoverløbssårbarhed blev opdaget inde i funktionen gdImageFillToBorder i -libgd2, et bibliotek til programmatisk oprettelse og behandling af grafik, -udløst når ugyldige farver anvendes med truecolor-billeder. En fjernangriber -kunne drage nytte af fejlen til at forårsage et lammelsesangreb (denial of -service) mod en applikation, som anvender biblioteket libgd2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.1.0-5+deb8u8.

- -

I distributionen testing (stretch), er dette problem rettet i -version 2.2.2-29-g3c2b605-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.2.2-29-g3c2b605-1.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3751.data" diff --git a/danish/security/2017/dsa-3752.wml b/danish/security/2017/dsa-3752.wml deleted file mode 100644 index 1806d6f3758..00000000000 --- a/danish/security/2017/dsa-3752.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="73d592eaaac4ab403090953427ed08ec4efcbf8a" mindelta="1" -sikkerhedsopdatering - -

Peter Wu opdagede at en anvendelse efter frigivelse i pscd PC/SC-dæmonen i -PCSC-Lite, kunne medføre lammelsesangreb (denial of service) eller -rettighedsforøgelse.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.8.13-1+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.8.20-1.

- -

Vi anbefaler at du opgraderer dine pcsc-lite-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3752.data" diff --git a/danish/security/2017/dsa-3753.wml b/danish/security/2017/dsa-3753.wml deleted file mode 100644 index 08c5c206ff1..00000000000 --- a/danish/security/2017/dsa-3753.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="686152e2f19c7a2f8b70382571b017929e44166c" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libvncserver, en samling biblioteker som anvendes til at -implementere VNC/RFB-klienter og -servere, på ukorrekt vis behandlede indgående -netværkspakker. Det medførte flere heapbaserede bufferoverløb, hvilke gjorde -det muligt for en ondsindet server, enten at forårsage et lammelsesangreb (DoS) -ved at få klienten til at gå ned, eller potentielt at udføre vilkårlig kode på -klientsiden.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.9.9+dfsg2-6.1+deb8u2.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -disse problemer rettet i version 0.9.11+dfsg-1.

- -

Vi anbefaler at du opgraderer dine libvncserver-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3753.data" diff --git a/danish/security/2017/dsa-3754.wml b/danish/security/2017/dsa-3754.wml deleted file mode 100644 index 8e87bdd1b32..00000000000 --- a/danish/security/2017/dsa-3754.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="e87596fac177e83cf29cc9e1e14370168da51e67" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ukorrekt fejlhåndtering i NIO HTTP-connector'en i Tomcat -servlet'en og JSP-motoren, kunne medføre informationsafsløring.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 7.0.56-3+deb8u7.

- -

Vi anbefaler at du opgraderer dine tomcat7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3754.data" diff --git a/danish/security/2017/dsa-3755.wml b/danish/security/2017/dsa-3755.wml deleted file mode 100644 index 45c5dbd5225..00000000000 --- a/danish/security/2017/dsa-3755.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="707ef285b4f742cafe975a41f3c43195d4ea0a43" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ukorrekt fejlhåndtering i NIO HTTP-connector'en i Tomcat -servlet'en og JSP-motoren kunne medføre informationsafsløring.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 8.0.14-1+deb8u6.

- -

I distributionen testing (stretch), er dette problem rettet -i version 8.5.9-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 8.5.9-1.

- -

Vi anbefaler at du opgraderer dine tomcat8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3755.data" diff --git a/danish/security/2017/dsa-3756.wml b/danish/security/2017/dsa-3756.wml deleted file mode 100644 index f561863214a..00000000000 --- a/danish/security/2017/dsa-3756.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="a1382ef6dd20a6a4258f1e46710e79a01a13890f" mindelta="1" -sikkerhedsopdatering - -

Choongwoo Han opdagede at en programmeringsfejl i værktøjet wrestool fra -suiten icoutils, muliggjorde lammelsesangreb (denial of service) eller udførelse -af vilkårlig kode, hvis en misdannet binær fil blev fortolket.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.31.0-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.31.0-4.

- -

Vi anbefaler at du opgraderer dine icoutils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3756.data" diff --git a/danish/security/2017/dsa-3757.wml b/danish/security/2017/dsa-3757.wml deleted file mode 100644 index eb8d140fb47..00000000000 --- a/danish/security/2017/dsa-3757.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="95c6a0fef6031a4317613ca33cb6e94467af201c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Icedove, Debians udgave af -mailklienten Mozilla Thunderbird: Adskillige sårbarheder kunne føre til -udførelse af vilkårlig kode, datalækage eller omgåelse af regler for -indholdssikkerhed.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:45.6.0-1~deb8u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3757.data" diff --git a/danish/security/2017/dsa-3758.wml b/danish/security/2017/dsa-3758.wml deleted file mode 100644 index 4141e2d91a2..00000000000 --- a/danish/security/2017/dsa-3758.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="e903c121068164d357267c5de99c1ea401060d55" mindelta="1" -sikkerhedsopdatering - -

Flere lammelsesangrebssårbarheder (assertionfejl) blev opdaget i BIND, en -DNS-serverimplementering.

- -
    - -
  • CVE-2016-9131 - -

    Et fabrikeret opstrømssvar til en ANY-forespørgsel kunne medføre en - assertionfejl.

    • - -
  • CVE-2016-9147 - -

    Et fabrikeret opstrømssvar med selvmodsigende DNSSEC-data kunne medføre - en assertionfejl.

    • - -
  • CVE-2016-9444 - -

    Særligt fremstillede opstrømssvar med en DS-post kunne medføre en - assertionfejl.

    • - -
- -

Disse sårbarheder påvirker primært DNS-servere, som leverer rekursiv service. -Klientforespørgsler til kun-autoritative servere kan ikke udløse disse -assertionfejl. Sårbarhederne er til stede uanset om DNSEC-validering er slået -til i serveropsætningen eller ej.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:9.9.5.dfsg-9+deb8u9.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3758.data" diff --git a/danish/security/2017/dsa-3759.wml b/danish/security/2017/dsa-3759.wml deleted file mode 100644 index 5cd4f6ccb73..00000000000 --- a/danish/security/2017/dsa-3759.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b8f1170b2840253d598cfb1fd275d134a3788019" mindelta="1" -sikkerhedsopdatering - -

Matias P. Brutti opdagede at python-pysaml2, en Python-implementering af -Security Assertion Markup Language 2.0, ikke på korrekt vis -fornuftighedskontrollerede de XML-meddelelser, som den håndterer. Dermed var -det muligt for en fjernangriber at udføre XML External Entity-angreb, førende -til en lang række udnytbare sårbarheder.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.0.0-1+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 3.0.0-5.

- -

Vi anbefaler at du opgraderer dine python-pysaml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3759.data" diff --git a/danish/security/2017/dsa-3760.wml b/danish/security/2017/dsa-3760.wml deleted file mode 100644 index 7dd37cea356..00000000000 --- a/danish/security/2017/dsa-3760.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="0563ebfb5cad00b5d5e614d45912dbb7748ac32c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i wikikompileren Ikiwiki:

- -
    - -
  • CVE-2016-9646 - -

    Metadataforfalskning gennem kontektstafhængige - CGI::FormBuilder-API'er.

    • - -
  • CVE-2016-10026 - -

    Omgåelse af redigeringsbegrænsning for git revert.

    • - -
  • CVE-2017-0356 - -

    Omgåelse af autentifikation gennem gentagne parametre.

    • - -
- -

Yderligere oplysninger om sårbarhederne, finder man på -https://ikiwiki.info/security/

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.20141016.4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 3.20170111.

- -

Vi anbefaler at du opgraderer dine ikiwiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3760.data" diff --git a/danish/security/2017/dsa-3761.wml b/danish/security/2017/dsa-3761.wml deleted file mode 100644 index a6a813f5623..00000000000 --- a/danish/security/2017/dsa-3761.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="ba8bde0fdcd412efb6d20c36ff3ac8fc030c247f" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at RabbitMQ, en implementering af AMQP-protokollen, ikke på -korrekt vis validerede MQTT-forbindelsesautentifkation (MQ Telemetry Transport). -Dermed var det muligt for alle, at logge på en eksisterende brugerkonto, uden at -angive en adgangskode.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.3.5-1.1+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distributions (sid), er -dette problem rettet i version 3.6.6-1.

- -

Vi anbefaler at du opgraderer dine rabbitmq-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3761.data" diff --git a/danish/security/2017/dsa-3762.wml b/danish/security/2017/dsa-3762.wml deleted file mode 100644 index 81dc9da3253..00000000000 --- a/danish/security/2017/dsa-3762.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="9fe9ec9b96e886350f43bb2ba54a4cd1e961475c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i biblioteket libtiff og de medfølgende -værktøjer tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf og tiffsplit, hvilke -kunne medføre lammelsesangreb (denial of service), hukommelsesblotlægning eller -udførelse af vilkårlig kode.

- -

Der var yderligere sårbarheder i værktøjerne bmp2tiff, gif2tiff, thumbnail og -ras2tiff, men da disse blev løst af libtiff-udviklerne ved at fjerne værktøjerne -helt, er der ingen tilgængelige patches og værktøjerne er derfor også fjerner -fra tiff-pakken i Debian stable. Ændringen var allerede foretaget tidligere i -Debian stretch, og ingen applikationer indeholdt i Debian, er kendt for at være -afhængelige af skripterne. Hvis du anvender værktøjerne i skræddersyede -opsætninger, så overvej at benytte et andet værktøj til konvertering og -fremstilling af miniaturebilleder (thumbnails).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.0.3-12.3+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 4.0.7-4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.0.7-4.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3762.data" diff --git a/danish/security/2017/dsa-3763.wml b/danish/security/2017/dsa-3763.wml deleted file mode 100644 index fec2fe400a2..00000000000 --- a/danish/security/2017/dsa-3763.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="d4445888547e60c221477a264a82d8ce965f8232" mindelta="1" -sikkerhedsopdatering - -

Florian Heinz og Martin Kluge rapporterede at pdns-recursor, en rekursiv -DNS-server, fortolkede alle poster, som er til stede i et forespørgsel, uanset -om de er nødvendige eller endda legitime, hvilket gjorde det muligt for -fjern, uautentificeret angriber, at forårsage en abnorm CPU-forbrugsbelasning på -pdns-serveren, medførende et delvist lammelsesangreb (denial of service) hvis -systemet blev overbelastet.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.6.2-2+deb8u3.

- -

Vi anbefaler at du opgraderer dine pdns-recursor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3763.data" diff --git a/danish/security/2017/dsa-3764.wml b/danish/security/2017/dsa-3764.wml deleted file mode 100644 index 08f049775c9..00000000000 --- a/danish/security/2017/dsa-3764.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="e522ffee3bb276b3b74f580cfe480bc04982c13e" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i pdns, en autoritativ DNS-server. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2016-2120 - -

    Mathieu Lafon opdagede at pdns ikke på korrekt vis validerede poster i - zoner. En autoriseret bruger kunne drage nytte af fejlen til at få serveren - til at gå ned, ved at indsætte særligt fremstillede poster i en zone under - deres kontrol og dernæst sende en DNS-forespørgsel vedrørende den - post.

    • - -
  • CVE-2016-7068 - -

    Florian Heinz og Martin Kluge rapporterede at pdns fortolkede alle - poster, som er til stede i et forespørgsel, uanset om de er nødvendige - eller endda legitime, hvilket gjorde det muligt for fjern, uautentificeret - angriber, at forårsage en abnorm CPU-forbrugsbelasning på pdns-serveren, - medførende et delvist lammelsesangreb (denial of service) hvis systemet - blev overbelastet.

    • - -
  • CVE-2016-7072 - -

    Mongo opdagede at webserveren i pdns var sårbar over for en - lammelsesangrebssårbarhed. En fjern, uautentificeret angriber kunne - forårsage et lammelsesangreb ved atåbne et stort antal TCP-forbindelser til - webserveren

    • - -
  • CVE-2016-7073 / - CVE-2016-7074 - -

    Mongo opdagede at pdns ikke på tilstrækkelig vis validerede - TSIG-signaturer, hvilket gjorde det muligt for en angriber, placeret som - manden i midten, at ændre indholdet af en AXFR.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.4.1-4+deb8u7.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.0.2-1.

- -

Vi anbefaler at du opgraderer dine pdns-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3764.data" diff --git a/danish/security/2017/dsa-3765.wml b/danish/security/2017/dsa-3765.wml deleted file mode 100644 index 55c141d83ed..00000000000 --- a/danish/security/2017/dsa-3765.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="1b042929a26897bb89a15f6bf4e369b7568770f4" mindelta="1" -sikkerhedsopdatering - -

Flere programmeringsfejl i værktøjet wrestool i icoutils, en suite af -værktøjer til fremstilling og udtrækning af MS Windows-ikoner og -cursorer, -hvilket muliggjorde lammelsesangreb (denial of service) eller udførelse af -vilkårlig kode, hvis en misdannet binær fil blev fortolket.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.31.0-2+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 0.31.1-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.31.1-1.

- -

Vi anbefaler at du opgraderer dine icoutils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3765.data" diff --git a/danish/security/2017/dsa-3766.wml b/danish/security/2017/dsa-3766.wml deleted file mode 100644 index 0014d6901ed..00000000000 --- a/danish/security/2017/dsa-3766.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a5ee93be6f3f6dffdb4afe4e606eba7a61c792ca" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at mapserver, et CGI-baseret framework til korttjenester på -internettet, var sårbar over for et stakbaseret overløb. Problemet gjorde det -muligt for en fjernbruger, at få servicen til at gå ned eller potentielt udføre -vilkårlig kode.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 6.4.1-5+deb8u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.0.4-1.

- -

Vi anbefaler at du opgraderer dine mapserver-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3766.data" diff --git a/danish/security/2017/dsa-3767.wml b/danish/security/2017/dsa-3767.wml deleted file mode 100644 index 120ceb604fe..00000000000 --- a/danish/security/2017/dsa-3767.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="44c6dd93d7de79dc6948628c07dd34910fa7db97" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion 5.5.54, som indeholder -yderligere ændringer, så som forbedringer af ydeevnen, fejlrettelser, ny -funktionalitet og muligvis inkompatible ændringer. Se MySQL 5.5 Release Notes -og Oracle's Critical Patch Update-bulletin for flere oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.5.54-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3767.data" diff --git a/danish/security/2017/dsa-3768.wml b/danish/security/2017/dsa-3768.wml deleted file mode 100644 index 7d8c0e7eb95..00000000000 --- a/danish/security/2017/dsa-3768.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="e610b5bdfe1c703d298d81003a69a505a33c976c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder i OpenJPEG, et bibliotek til -komprimering/dekomprimering af JPEG 2000-billeder, kunne medføre lammelsesangreb -(denial of service) eller udførelse af vilkårlig kode, hvis en misdannet JPEG -2000-fil blev behandlet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.1.0-2+deb8u2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine openjpeg2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3768.data" diff --git a/danish/security/2017/dsa-3769.wml b/danish/security/2017/dsa-3769.wml deleted file mode 100644 index 6a4c366c51e..00000000000 --- a/danish/security/2017/dsa-3769.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a381f27f1df3a4b45c05c0f32b44fe2d5b69e4c2" mindelta="1" -sikkerhedsopdatering - -

Dawid Golunski fra LegalHackers opdagede at PHP Swift Mailer, en mailløsning -til PHP, ikke på korrekt vis validerede brugerinddata. Dermed var det muligt -for en fjernangriber at udføre vilkårlig kode, ved at overføre særligt -formatterede mailadresser i specifikke mailheadere.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.2.2-1+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 5.4.2-1.1.

- -

Vi anbefaler at du opgraderer dine libphp-swiftmailer-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3769.data" diff --git a/danish/security/2017/dsa-3770.wml b/danish/security/2017/dsa-3770.wml deleted file mode 100644 index 4a737badd90..00000000000 --- a/danish/security/2017/dsa-3770.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="bfcc262c4218fb247e15119c04a3f58d58883745" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MariaDB. Sårbarhederne er løst -ved at opgradere MariaDB til den nye opstrømsversion 10.0.29. Se MariaDB 10.0 -Release Notes for flere oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i -version 10.0.29-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mariadb-10.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3770.data" diff --git a/danish/security/2017/dsa-3771.wml b/danish/security/2017/dsa-3771.wml deleted file mode 100644 index d813fd81234..00000000000 --- a/danish/security/2017/dsa-3771.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="9098d3bd1e4a5eb7609637466943538e34b310f7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Hukommelsessikkerhedsfejl, anvendelser efter frigivelser og andre -implementeringsfejl, kunne føre til udførelse af vilkårlig kode, -informationsafsløring eller rettighedsforøgelse.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -45.7.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -45.7.0esr-1 af firefox-esr og i version 51.0-1 af firefox.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3771.data" diff --git a/danish/security/2017/dsa-3772.wml b/danish/security/2017/dsa-3772.wml deleted file mode 100644 index 54abb400702..00000000000 --- a/danish/security/2017/dsa-3772.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="72910e42058b8cf9eaa15be3a2aee7e6bf491d62" mindelta="1" -sikkerhedsopdatering - -

Tobias Stoeckmann opdagede at biblioteket libXpm indeholdt to -heltalsoverløbsfejl, førende til en skrivning uden for heap'ens grænser, mens -XPM-udvidelser i en fil blev fortolket. En angriber kunne levere en særligt -fremstillet XPM-fil, som ved behandling af en applikation, der anvender -biblioteket libXpm, ville medføre et lammelsesangreb (denial of service) mod -applikationen, eller potentielt udførelse af vilkårlig kode med rettighederne -hørende til den bruger, der kører applikationen.

- -

I den stabile distribution (jessie), er dette problem rettet i version -1:3.5.12-0+deb8u1. Opdateringen er baseret på en ny opstrømsversion of libxpm, -der indeholder yderligere fejlrettelser.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 1:3.5.12-1.

- -

Vi anbefaler at du opgraderer dine libxpm-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3772.data" diff --git a/danish/security/2017/dsa-3773.wml b/danish/security/2017/dsa-3773.wml deleted file mode 100644 index f3fbc55ec2d..00000000000 --- a/danish/security/2017/dsa-3773.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="c91c4d9f70661f4c4ae76ea07c1577acc2670565" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i OpenSSL:

- -
    - -
  • CVE-2016-7056 - -

    Et lokalt timingangreb blev opdaget mod ECDSA P-256.

    • - -
  • CVE-2016-8610 - -

    Man opdagede at der ikke blev håndhævet nogen begrænsninger på - alertpakker under et SSL-handshake.

    • - -
  • CVE-2017-3731 - -

    Robert Swiecki opdagede at RC4-MD5-cipher'en, når der køres på 32 - bit-systemer, kunne tvinges til en læsning uden for grænserne, førende til - lammelsesangreb (denial of service).

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.0.1t-1+deb8u6.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -1.1.0d-1 af kildekodepakken openssl og i version 1.0.2k-1 af kildekodepakken -openssl1.0.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3773.data" diff --git a/danish/security/2017/dsa-3774.wml b/danish/security/2017/dsa-3774.wml deleted file mode 100644 index 068feaea532..00000000000 --- a/danish/security/2017/dsa-3774.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="8733e4c31227804891b9eeb5f838058aa621f5c3" mindelta="1" -sikkerhedsopdatering - -

Ibrahim M. El-Sayed opdagede en sårbarhed i forbindelse med læsningn af heap -uden for grænserne i funktionen Type_MLU_Read i lcms2, -farvehåndteringsbiblioteket Little CMS 2, der kunne udløses af et billede med en -særligt fremstillet ICC-profil, førende til en heaphukommelseslækage eller -lammelsesangreb (denial of service) for applikationer, der anvender biblioteket -lcms2.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.6-3+deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -dette problem rettet i version 2.8-4.

- -

Vi anbefaler at du opgraderer dine lcms2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3774.data" diff --git a/danish/security/2017/dsa-3775.wml b/danish/security/2017/dsa-3775.wml deleted file mode 100644 index 75dced455f6..00000000000 --- a/danish/security/2017/dsa-3775.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="f8a5cd9087974a07fa4ded166d3dc95e520508cf" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i tcpdump, et kommandolinjeprogram til -analysering af netværkstrafik. Sårbarhederne kunne medføre lammelsesangreb -(denial of service) eller udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.9.0-1~deb8u1.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 4.9.0-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.9.0-1.

- -

Vi anbefaler at du opgraderer dine tcpdump-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3775.data" diff --git a/danish/security/2017/dsa-3776.wml b/danish/security/2017/dsa-3776.wml deleted file mode 100644 index 3a4b9741944..00000000000 --- a/danish/security/2017/dsa-3776.wml +++ /dev/null @@ -1,118 +0,0 @@ -#use wml::debian::translation-check translation="8805397f0d0ac91dc9953f83eff45b093ac79319" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2017-5006 - -

    Mariusz Mlynski opdagede et problem med udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2017-5007 - -

    Mariusz Mlynski opdagede et andet problem med udførelse af skripter på - tværs af websteder.

    • - -
  • CVE-2017-5008 - -

    Mariusz Mlynski opdagede et tredje problem med udførelse af skripter på - tværs af websteder.

    • - -
  • CVE-2017-5009 - -

    Sean Stanek og Chip Bradford opdagede et uden for - grænserne-hukommelsesproblem i biblioteket webrtc.

    • - -
  • CVE-2017-5010 - -

    Mariusz Mlynski opdagede et fjerde problem med udførelse skripter på - tværs af websteder.

    • - -
  • CVE-2017-5011 - -

    Khalil Zhani opdagede en måde at tilgå uautoriserede filer på i developer - tools.

    • - -
  • CVE-2017-5012 - -

    Gergely Nagy opdagede et heapoverløbsproblem i JavaScript-biblioteket - v8.

    • - -
  • CVE-2017-5013 - -

    Haosheng Wang opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2017-5014 - -

    sweetchip opdagede et heapoverløbsproblem i biblioteket skia.

    • - -
  • CVE-2017-5015 - -

    Armin Razmdjou opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2017-5016 - -

    Haosheng Wang opdagede et andet problem med URL-forfalskning.

    • - -
  • CVE-2017-5017 - -

    danberm opdagede et problem med uinitialiseret hukommelse i - understøttelsen af webm-videofiler.

    • - -
  • CVE-2017-5018 - -

    Rob Wu opdagede et problem med udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2017-5019 - -

    Wadih Matar opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2017-5020 - -

    Rob Wu opdagede et andet problem med udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2017-5021 - -

    Rob Wu opdagede et problem i udvidelserne med anvendelse efter - frigivelse.

    • - -
  • CVE-2017-5022 - -

    PKAV Team opdagede en måde at omgå Content Security Policy på.

    • - -
  • CVE-2017-5023 - -

    UK's National Cyber Security Centre (NCSC) opdagede et problem med - typeforvirring.

    • - -
  • CVE-2017-5024 - -

    Paul Mehta opdagede et heapoverløbsproblem i biblioteket ffmpeg.

    • - -
  • CVE-2017-5025 - -

    Paul Mehta opdagede et andet heapoverløbsproblem i biblioteket - ffmpeg.

    • - -
  • CVE-2017-5026 - -

    Ronni Skansing opdagede et problem med forfalskning af - brugergrænsefladen.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 56.0.2924.76-1~deb8u1.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), vil -disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3776.data" diff --git a/danish/security/2017/dsa-3777.wml b/danish/security/2017/dsa-3777.wml deleted file mode 100644 index 12f5435b454..00000000000 --- a/danish/security/2017/dsa-3777.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="f7b15a647cdf2c44845428236976bc26a99a2410" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i libgd2, et bibliotek til programmatisk -oprettelse og behandling af grafik, hvilke kunne medføre lammelsesangreb (denial -of service) eller potentielt udførelse af vilkårlig kode, hvis en misdannet fil -blev behandlet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.1.0-5+deb8u9.

- -

I distributionen testing (stretch) og i den ustabile distribution -(sid), er disse problemer rettet i version 2.2.4-1.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3777.data" diff --git a/danish/security/2017/dsa-3778.wml b/danish/security/2017/dsa-3778.wml deleted file mode 100644 index b1af9686451..00000000000 --- a/danish/security/2017/dsa-3778.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="298288e3ea6445681fee7fa3ba935b13aebb35de" mindelta="1" -sikkerhedsopdatering - -

Michal Marek opdagede at ruby-archive-tar-minitar, et Ruby-bibliotek som -giver mulighed for at håndtere POSIX-tararkivfiler, var sårbar over for en -mappegennemløbssårbarhed. En angriber kunne drage nytte af fejlen til at -overskrive vilkårlige filer under arkivudpaning, gennem et .. -(punktum-punktum) i et udpakket filnavn.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.5.2-2+deb8u1.

- -

Vi anbefaler at du opgraderer dine ruby-archive-tar-minitar-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3778.data" diff --git a/danish/security/2017/dsa-3779.wml b/danish/security/2017/dsa-3779.wml deleted file mode 100644 index 579b304956f..00000000000 --- a/danish/security/2017/dsa-3779.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="95e62df7bdc1cbcf8952e0a223c8e8eaabea5983" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i wordpress, et webbloggingværktøj. De kunen -gøre det muligt for fjernangribere at kapre ofres loginoplysninger, tilgå -følsomme oplysninger, udføre vilkårlige kommandoer, omgå begrænsninger på -læsning og skrivning, eller iværksætte lammelsesangreb (denial of service).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.1+dfsg-1+deb8u12.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -disse problemer rettet i version 4.7.1+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3779.data" diff --git a/danish/security/2017/dsa-3780.wml b/danish/security/2017/dsa-3780.wml deleted file mode 100644 index eaf4e1d3ed5..00000000000 --- a/danish/security/2017/dsa-3780.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="516dd2082a97b7a822b5a9e1d17d4d4912529741" mindelta="1" -sikkerhedsopdatering - -

Jann Horn fra Google Project Zero opdagede at NTFS-3G, en NTFS-driver til -FUSE der kan læse- og skrive, ikke skrubbede miljøet før modprobe blev udført -med forøgede rettigheder. En lokal bruger kunne drage nytte af fejlen til lokal -root-rettighedsforøgelse.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:2014.2.15AR.2-1+deb8u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:2016.2.22AR.1-4.

- -

Vi anbefaler at du opgraderer dine ntfs-3g-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3780.data" diff --git a/danish/security/2017/dsa-3781.wml b/danish/security/2017/dsa-3781.wml deleted file mode 100644 index 665d788aebb..00000000000 --- a/danish/security/2017/dsa-3781.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="12f77221986f631cd57de76c3db3ee05d3323335" mindelta="1" -sikkerhedsopdatering - -

Luc Lynx opdagede at SVG Salamander, en SVG-motor til Java, var sårbar over -for forespørgselsforfalskning på serversiden.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0~svn95-1+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.1+dfsg-2.

- -

Vi anbefaler at du opgraderer dine svgsalamander-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3781.data" diff --git a/danish/security/2017/dsa-3782.wml b/danish/security/2017/dsa-3782.wml deleted file mode 100644 index b793fc8ce7a..00000000000 --- a/danish/security/2017/dsa-3782.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="5b517753378f2c3e6c9cb55772fa0bc9bb255e8b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende omgåelse af restriktioner i Java-sandkassen, -lammelsesangreb (denial of service), udførelse af vilkårlig kde, ukorrekt -fortolkning af URL'er/LDAP-DN'er eller kryptografisk -timing-sidekanalangreb.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7u121-2.6.8-2~deb8u1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3782.data" diff --git a/danish/security/2017/dsa-3783.wml b/danish/security/2017/dsa-3783.wml deleted file mode 100644 index 3ffbbdb1a92..00000000000 --- a/danish/security/2017/dsa-3783.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="110b32360284e8fe79c9a34487c0d57f4324d88a" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i PHP, et meget anvendt, generelt anvendelige open -source-skriptsprog.

- -
    - -
  • CVE-2016-10158 - -

    Indlæsning af ondsindede TIFF- eller JPEG-filer kunne føre til et - lammelsesangreb (denial of service), når EXIF-headeren blev - behandlet.

    • - -
  • CVE-2016-10159 - -

    Indlæsning af et ondsindet phar-arkiv kunne medføre stor - hukommelsesallokering, førende til et lammelsesangreb på 32 - bit-computere.

    • - -
  • CVE-2016-10160 - -

    En angriber kunne fjernudføre vilkårlig kode ved hjælp af et ondsindet - phar-arkiv. Det er en konsekvens af en forskudt med - én-hukommelseskorruption.

    • - -
  • CVE-2016-10161 - -

    En angriber med kontrol over funktionsparameteret unserialize() kunne - forårsage en læsning uden for grænserne. Det kunne føre til et - lammelsesangreb eller fjernudførelse af kode.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.6.30+dfsg-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3783.data" diff --git a/danish/security/2017/dsa-3784.wml b/danish/security/2017/dsa-3784.wml deleted file mode 100644 index f3d1c4118ac..00000000000 --- a/danish/security/2017/dsa-3784.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="c12438d6ecdf640f20d92fb6713eb43115b0cf1b" mindelta="1" -sikkerhedsopdatering - -

Thomas Gerbet opdagede at viewvc, en webgrænseflade til CVS- og -Subversion-arkiver, ikke på korrekt vis fornuftighedskontrollerede inddata fra -brugerne. Problemet medførte en potentiel sårbarhed i forbindelse med udførelse -af skripter på tværs af websteder.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.1.22-1+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.1.26-1.

- -

Vi anbefaler at du opgraderer dine viewvc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3784.data" diff --git a/danish/security/2017/dsa-3785.wml b/danish/security/2017/dsa-3785.wml deleted file mode 100644 index 191f7db569d..00000000000 --- a/danish/security/2017/dsa-3785.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="ae94efdd6252e46671c6348802673646f253aa86" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i biblioteket JasPer til behandling af -JPEG-2000-billeder, hvilket kunne medføre lammelsesangreb (denial of service) -eller udførelse af vilkårlig kode, hvis et misdannet billede blev behandlet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.900.1-debian1-2.4+deb8u2.

- -

Vi anbefaler at du opgraderer dine jasper-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3785.data" diff --git a/danish/security/2017/dsa-3786.wml b/danish/security/2017/dsa-3786.wml deleted file mode 100644 index a5822f6f91a..00000000000 --- a/danish/security/2017/dsa-3786.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a03c2a3307e19f8da31beb0bba02407ed6ed1836" mindelta="1" -sikkerhedsopdatering - -

Editor-stavekontrolfiler overført til vim-editoren (Vi IMproved), kunne -medføre et heltalsoverløb i hukommelsesallokering og et deraf følgende -bufferoverløb, som potentielt kunne medføre udførelse af vilkårlig kode eller -lammelsesangreb (denial of service).

- -

I den stabile distribution (jessie), er dette problem -rettet i version 2:7.4.488-7+deb8u2.

- -

I den ustabile distribution (sid), er dette problem -rettet i version 2:8.0.0197-2.

- -

Vi anbefaler at du opgraderer dine vim-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3786.data" diff --git a/danish/security/2017/dsa-3787.wml b/danish/security/2017/dsa-3787.wml deleted file mode 100644 index 77d0890cfdb..00000000000 --- a/danish/security/2017/dsa-3787.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="87db6ddeae285bb37adaa1876af77516aa8dc730" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at en programmeringsfejl i behandlingen af HTTPS-forespørgsler i -Apaches Tomcat-servlet og JSP-motor, kunne medføre lammelsesangreb (denial of -service) gennem en uendelig løkke.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 7.0.56-3+deb8u8.

- -

Vi anbefaler at du opgraderer dine tomcat7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3787.data" diff --git a/danish/security/2017/dsa-3788.wml b/danish/security/2017/dsa-3788.wml deleted file mode 100644 index 53a4cfe21aa..00000000000 --- a/danish/security/2017/dsa-3788.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="53f418c437d155772d275efec784c6624cc92e40" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at en programmeringsfejl i behandlingen af HTTPS-forespørgsler i -Apaches Tomcat-servlet og JSP-motor, kunne medføre lammelsesangreb (denial of -service) gennem en uendelig løkke.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 8.0.14-1+deb8u7.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine tomcat8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3788.data" diff --git a/danish/security/2017/dsa-3789.wml b/danish/security/2017/dsa-3789.wml deleted file mode 100644 index 885801f12ac..00000000000 --- a/danish/security/2017/dsa-3789.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="2b77ba011c108ef0b188f83994441b81813096a7" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libevent, et bibliotek til asynkrone -eventnotifikationer. De førte til lammelsesangreb (denial of service) gennem -applikationsnedbrud eller fjernudførelse af kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.0.21-stable-2+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.0.21-stable-3.

- -

Vi anbefaler at du opgraderer dine libevent-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3789.data" diff --git a/danish/security/2017/dsa-3790.wml b/danish/security/2017/dsa-3790.wml deleted file mode 100644 index a4858cdc12b..00000000000 --- a/danish/security/2017/dsa-3790.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="5a2a53c3ed1ff591aac660dc87fc70e1ad25279b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i spice, en klient og serverbibliotekt til -SPICE-protokollen. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2016-9577 - -

    Frediano Ziglio fra Red Hat opdagede en bufferoverløbssårbarhed i - funktionen main_channel_alloc_msg_rcv_buf. En autentificeret angriber kunne - drage nytte af fejlen til at at forårsage et lammelsesangreb (denial of - service: nedbrud i spice-serveren) eller muligvis udførelse af vilkårlig - kode.

    • - -
  • CVE-2016-9578 - -

    Frediano Ziglio fra Red Hat opdagede at spice ikke på korrekt vis - validerede indgående meddelelser. En angriber med mulighed for at forbinde - sig til spice-serveren, kunne sende fabrikerede meddelelser, der fik - processen til at gå ned.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.12.5-1+deb8u4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.12.8-2.1.

- -

Vi anbefaler at du opgraderer dine spice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3790.data" diff --git a/danish/security/2017/dsa-3791.wml b/danish/security/2017/dsa-3791.wml deleted file mode 100644 index 05633031c0d..00000000000 --- a/danish/security/2017/dsa-3791.wml +++ /dev/null @@ -1,111 +0,0 @@ -#use wml::debian::translation-check translation="261102b3c07efa177004b72e076e78046e4153d0" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder have been discovered in the Linux kernel that -may lead to a rettighedsforøgelse, denial of service or have other -impacts.

- -
    - -
  • CVE-2016-6786 / - CVE-2016-6787 - -

    Man opdagede at performance events-undersystemet ikke på korrekt vis - håndterede låsning under visse migreringer, hvilket gjorde det muligt for en - lokal angriber at forsøge rettigheder. Det kan løses ved at deaktivere - upriviligeret anvendelse af performance events: - sysctl kernel.perf_event_paranoid=3

    • - -
  • CVE-2016-8405 - -

    Peter Pi fra Trend Micro opdagede at frame buffer video-undersystemet - ikke på korrekt vis kontrollerede grænser, mens color maps blev kopieret til - brugerrummet, hvilket forårsagede en læsning uden for heapbufferens grænser, - førende til informationsafsløring.

    • - -
  • CVE-2016-9191 - -

    CAI Qian opdagede at referenceoptælling ikke blev behandlet korrekt i - proc_sys_readdir i implementeringen af sysctl, hvilket muliggjorde et lokalt - lammelsesangreb (denial of service: hængende system) eller muligvis - rettighedsforøgelse.

    • - -
  • CVE-2017-2583 - -

    Xiaohan Zhang rapporterede at KVM til amd64 ikke på korrekt vis - emulerede indlæsning af en null stack-selector. Det kunne anvendes af en - bruger i en gæste-VM til lammelsesangreb (på en Intel-CPU) eller til at - forøge rettigheder inde i VM'en (på en AMD-CPU).

    • - -
  • CVE-2017-2584 - -

    Dmitry Vyukov rapporterede at KVM til x86 ikke på korrekt vis - emulerede hukommelsestilgæng i instruktionerne SGDT og SIDT, hvilket kunne - medføre anvendelse efter frigivelse og informationslækage.

    • - -
  • CVE-2017-2596 - -

    Dmitry Vyukov rapporterede at KVM lækkede sidereferencer når der blev - emuleret en VMON for en nested hypervisor. Det kunne anvendes af en - priviligeret bruger i en gæste-VM, til lammelsesangreb eller muligvis til - at få rettigheder på værten.

    • - -
  • CVE-2017-2618 - -

    Man opdagede at en forskydelse med én i håndteringen af - SELinux-attributer i /proc/pid/attr, kunne medføre lokalt - lammelsesangreb.

    • - -
  • CVE-2017-5549 - -

    Man opdagede at den serielle USB-enhedsdriver KLSI KL5KUSB105, kunne - logge indholdet af uinitialiseret kernehukommelse, medførelse en - informationslækage.

    • - -
  • CVE-2017-5551 - -

    Jan Kara opdagede at ændring af en fils POSIX-ACL på tmpfs, aldrig - tømte dens set-group-ID-flag, hvilket skal gøres hvis brugeren, der ændrer - det, ikke er medlem af gruppe-ejeren. I nogle tilfælde kunne det dermed - blive muligt for bruger-ejeren af en ekskverbar fil, at få tildelt - rettighederne hørende til gruppe-ejeren.

    • - -
  • CVE-2017-5897 - -

    Andrey Konovalov opdagede en fejl i forbindelse med læsning uden for - grænserne i funktionen ip6gre_err, i IPv6-netværkskoden.

    • - -
  • CVE-2017-5970 - -

    Andrey Konovalov opdagede en lammelsesangrebsfejl i - IPv4-netværkskoden. Den kunne udløses af en lokal eller fjern angriber, - hvis indstillingen IP_RETOPTS er aktiveret på en lokal UDP eller raw - socket.

    • - -
  • CVE-2017-6001 - -

    Di Shen opdagede en kapløbstilstand mellem samtidige kald til performance - events-undersystemet, hvilket gjorde det muligt for en lokal angriber at - forøge rettigheder. Fejlen fandt på grund af en ufuldstændig rettelse af - CVE-2016-6786. - Det kan løses ved at deaktivere upriviligeret anvendelse af performance - events: sysctl kernel.perf_event_paranoid=3

    • - -
  • CVE-2017-6074 - -

    Andrey Konovalov opdagede en sårbarhed i forbindelse med anvendelse efter - frigivelse i DCCP-netværkskoden, hvilket kunne medføre lammelsesangreb eller - lokal rettighedsforøgelse. På systemer, hvor dccp-modulet ikke allerede er - indlæst, kan det løses ved at deaktivere det: - echo >> /etc/modprobe.d/disable-dccp.conf install dccp false

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.16.39-1+deb8u1.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3791.data" diff --git a/danish/security/2017/dsa-3792.wml b/danish/security/2017/dsa-3792.wml deleted file mode 100644 index d0cb7575fb1..00000000000 --- a/danish/security/2017/dsa-3792.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="c571d0478d54bbe3bbaa59dfaa05dead54815a5d" mindelta="1" -sikkerhedsopdatering - -

Ben Hayak opdagede at objekter indlejret i Writer- og Calc-dokumenter, kunne -medføre informationsafsløring. Se -\ -https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ for -yderligere oplysninger.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:4.3.3-2+deb8u6.

- -

I distributionen testing (stretch), er dette problem rettet -i version 1:5.2.3-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:5.2.3-1.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3792.data" diff --git a/danish/security/2017/dsa-3793.wml b/danish/security/2017/dsa-3793.wml deleted file mode 100644 index 951a83e53da..00000000000 --- a/danish/security/2017/dsa-3793.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="5b2f196ef0039708d3987859ca586d399bdd1f5c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i shadow-suiten. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2016-6252 - -

    En heltalsoverløbssårbarhed blev opdaget, som potentielt gjorde det - muligt for en lokal bruger for forøge rettigheder gennem fabrikeret - inddata til værktøjet newuidmap.

    • - -
  • CVE-2017-2616 - -

    Tobias Stoeckmann opdagede at su ikke på korrekt vis håndterede tømning - af en child-PID. En lokal angriber kunne drage nytte af det, førende til - lammelsesangreb (denial of service).

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:4.2-3+deb8u3.

- -

Vi anbefaler at du opgraderer dine shadow-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3793.data" diff --git a/danish/security/2017/dsa-3794.wml b/danish/security/2017/dsa-3794.wml deleted file mode 100644 index 2b4f4e45cf5..00000000000 --- a/danish/security/2017/dsa-3794.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="3721e0f22a0325a34e13a0269a10f0e7e89242c0" mindelta="1" -sikkerhedsopdatering - -

Stevie Trujillo opdagede en lokal filskrivningssårbarhed i munin, et -framework til graffremstilling af et helt netværk, når CGI-grafer var -aktiveret. GET-parametre blev ikke håndteret korrekt, hvilket gjorde det -muligt at indsprøjte valgmuligheder til munin-cgi-graph samt overskrive enhver -fil, som er tilgængelig for brugeren, der kører cgi-processen.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.0.25-1+deb8u1.

- -

Vi anbefaler at du opgraderer dine munin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3794.data" diff --git a/danish/security/2017/dsa-3795.wml b/danish/security/2017/dsa-3795.wml deleted file mode 100644 index acd7303c295..00000000000 --- a/danish/security/2017/dsa-3795.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="c7219e61108004269194ae44e1c1cf8e67ec49a7" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at en ondsindet fabrikeret forespørgsel kunne medføre at ISC's -BIND DNS-server (named) gik ned, hvis både Response Policy Zones (RPZ) og DNS64 -(en bro mellem IPv4- og IPv6-netværk) var aktiveret. Det er ualmindeligt at -begge disse valgmuligheder anvendes kombineret, så i praksis vil kun ganske få -systemer være påvirket af problemet..

- -

Opdaterer retter også yderligere en regression, forårsaget af rettelsen af -\ -CVE-2016-8864, som blev indført i en tidligere sikkerhedsopdatering.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:9.9.5.dfsg-9+deb8u10.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -disse problemer rettet i version 1:9.10.3.dfsg.P4-12.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3795.data" diff --git a/danish/security/2017/dsa-3796.wml b/danish/security/2017/dsa-3796.wml deleted file mode 100644 index 0dae49d1c8b..00000000000 --- a/danish/security/2017/dsa-3796.wml +++ /dev/null @@ -1,48 +0,0 @@ -#use wml::debian::translation-check translation="96f61389f9e7f6b07563c658d37146f79e770243" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Apache2 HTTP-serveren.

- -
    - -
  • CVE-2016-0736 - -

    RedTeam Pentesting GmbH opdagede at mod_session_crypto var sårbar over - for padding oracle-angreb, hvilke kunne gøre det muligt for en angriber at - gætte sessioncookien.

    • - -
  • CVE-2016-2161 - -

    Maksim Malyutin opdagede at ondsindet inddata til mod_auth_digest kunne - medføre at serveren gik ned, førende til et lammelsesangreb (denial of - service).

    • - -
  • CVE-2016-8743 - -

    David Dennerline fra IBM Security's X-Force Researchers, og Régis Leroy, - opdagede problemer i den måde Apache håndterede et bredt mønster af - usædvanlige whitespacemønstre i HTTP-forespørgsler. I nogle opsætninger - kunne det føre til sårbarheder i forbindelse med opsplitning af svar eller - cacheforurening. For at rette problemerne, gør opdateringen Apache httpd - mere striks i forhold til hvilke HTTP-forespørgsler, der accepteres.

    - -

    Hvis det giver problemer med ikke-tilpassede klienter, kan nogle - kontroller slækkes ved at tilføje det nye direktiv HttpProtocolOptions - unsafe til opsætningen.

    • - -
- -

Opdateringen retter også problemet, hvor mod_reqtimeout ikke var aktiveret -som standard på nye installationer.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -2.4.10-10+deb8u8.

- -

I distributionen testing (stretch) og i den ustabile distribution (sid), er -disse problemer rettet i version 2.4.25-1.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3796.data" diff --git a/danish/security/2017/dsa-3797.wml b/danish/security/2017/dsa-3797.wml deleted file mode 100644 index 8f5922e42c9..00000000000 --- a/danish/security/2017/dsa-3797.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="c8e7006389ed8d322438976ef4ef0da8712cb7ad" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i PDF-fremviseren MuPDF, hvilke kunn -e medføre lammelsesangreb eller udførelse af vilkårlig kode, hvis en -misdannet PDF-fil blev åbnet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.5-1+deb8u2.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 1.9a+ds1-4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.9a+ds1-4.

- -

Vi anbefaler at du opgraderer dine mupdf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3797.data" diff --git a/danish/security/2017/dsa-3798.wml b/danish/security/2017/dsa-3798.wml deleted file mode 100644 index e29975b4eeb..00000000000 --- a/danish/security/2017/dsa-3798.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="6156aa176edad034a419e2e55141da73d52e95ff" mindelta="1" -sikkerhedsopdatering - -

Eric Sesterhenn fra X41 D-Sec GmbH, opdagede flere sårbarheder i tnef, et -værktøj der anvendes til at udpakke MIME-vedhæftelser af typen -application/ms-tnef. Adskillige heapoverløb, typeforvekslinger og -læsninger og skrivninger uden for grænserne, kunne udnyttes ved at narre en -bruger til at åbne en ondsindet vedhæftelse. Det medførte lammelsesangreb -(denial of service) gennem applikationsnedbrud eller potentielt udførelse af -vilkårlig kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.4.9-1+deb8u1.

- -

Vi anbefaler at du opgraderer dine tnef-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3798.data" diff --git a/danish/security/2017/dsa-3799.wml b/danish/security/2017/dsa-3799.wml deleted file mode 100644 index 52710c31176..00000000000 --- a/danish/security/2017/dsa-3799.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="ace8be20ebb14971a70bb33b2a1657ad9bb666e8" mindelta="1" -sikkerhedsopdatering - -

Opdateringen retter flere sårbarheder i imagemagick: Forskellige -hukommelseshåndteringsproblemer og tilfælde af manglende eller ufuldstændig -fornuftighedskontrol af inddata, kunne medføre lammelsesangreb (denial of -service) eller udførelse af vilkårlig kode, hvis misdannede TIFF-, WPG-, IPL-, -MPC- eller PSB-filer blev behandlet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 8:6.8.9.9-5+deb8u7.

- -

I distributionen testing (stretch), er disse problemer rettet -i version 8:6.9.7.4+dfsg-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 8:6.9.7.4+dfsg-1.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3799.data" diff --git a/danish/security/2017/dsa-3800.wml b/danish/security/2017/dsa-3800.wml deleted file mode 100644 index b19002da504..00000000000 --- a/danish/security/2017/dsa-3800.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="0e79e151cdf7ae8eb1e7dd3d5fbba2b03d6f4c29" mindelta="1" -sikkerhedsopdatering - -

Marco Romano opdagede at libquicktime, et bibliotek til læsning og skrivning -af QuickTime-filer, var sårbart over for et heltalsoverløbsangreb. Når åbnet, -kunne en særligt fremstillet MP4-filer medføre et lammelsesangreb (denial of -service) ved at få applikationen til at gå ned.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2:1.2.4-7+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:1.2.4-10.

- -

Vi anbefaler at du opgraderer dine libquicktime-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3800.data" diff --git a/danish/security/2017/dsa-3801.wml b/danish/security/2017/dsa-3801.wml deleted file mode 100644 index 650d768b267..00000000000 --- a/danish/security/2017/dsa-3801.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="ff87aebd25dd072f80e8fb4215fcfd0ab9001e52" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ruby-zip, et Ruby-model til læsning og skrivning af -zip-filer, var ramt af en mappegennemløbssårbarhed. En angriber kunne drage -nytte af fejlen til at overskrive vilkårlige filer under arkivudpakningen -gennem et .. (punktum-punktum) i et udpakket filnavn.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.1.6-1+deb8u1.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 1.2.0-1.1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.2.0-1.1.

- -

Vi anbefaler at du opgraderer dine ruby-zip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3801.data" diff --git a/danish/security/2017/dsa-3802.wml b/danish/security/2017/dsa-3802.wml deleted file mode 100644 index 18b9715bcbf..00000000000 --- a/danish/security/2017/dsa-3802.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="91ec125d5b119b9143f3fb307ac483315a85d311" mindelta="1" -sikkerhedsopdatering - -

En SQL-indsprøjtningssårbarhed er opdaget i siden Latest data i -webfrontenden i netværksovervågningssystemet Zabbix.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:2.2.7+dfsg-2+deb8u2.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 1:3.0.7+dfsg-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:3.0.7+dfsg-1.

- -

Vi anbefaler at du opgraderer dine zabbix-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3802.data" diff --git a/danish/security/2017/dsa-3803.wml b/danish/security/2017/dsa-3803.wml deleted file mode 100644 index a5dc4acb5ca..00000000000 --- a/danish/security/2017/dsa-3803.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="999ca277a17dd370f10f485ac3e43ed45c3441d7" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at texlive-base, TeX Live-pakken der indeholder de essentielle -TeX-programmer og -filer, hvidlister mpost som et eksternt program, der skal -køres indefra TeX-kildekoden (kaldet \write18). Da mpost gør det muligt at -angive andre programmer, der skal køres, kunne en angriber drage nytte af fejlen -til at udføre vilkårlig kode, når et TeX-dokument bliver kompileret.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2014.20141024-2+deb8u1.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 2016.20161130-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2016.20161130-1.

- -

Vi anbefaler at du opgraderer dine texlive-base-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3803.data" diff --git a/danish/security/2017/dsa-3804.wml b/danish/security/2017/dsa-3804.wml deleted file mode 100644 index a05590d3540..00000000000 --- a/danish/security/2017/dsa-3804.wml +++ /dev/null @@ -1,83 +0,0 @@ -#use wml::debian::translation-check translation="ec35bec8beab755ae3b9e98c366f0f49f6bb58a6" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernenen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb (denial of service) eller have andre -følger.

- -
    - -
  • CVE-2016-9588 - -

    Jim Mattson opdagede at KVM-implementeringen af Intel x86-processorer - ikke på korrekt vis håndterede #BP- og #OF-exceptions i en (nestet) virtuel - L2-maskine. En lokal angriber på en L2-gæste-VM, kunne drage nytte af - fejlen til at forårsage et lammelsesangreb mod L1-gæste-VM'en.

    • - -
  • CVE-2017-2636 - -

    Alexander Popov opdagede en kapløbstilstandsfejl i linjedisciplinen - n_hdlc, som kunne føre til en dobbelt frigivelse. En lokal upriviligeret - bruger kunne drage nytte af fejlen til rettighedsforøgelse. På systemer, - der ikke allerede har indlæst modulet n_hdlc, kan det løses ved at - deaktivere det: - echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false

    • - -
  • CVE-2017-5669 - -

    Gareth Evans rapporterede at priviligerede brugere kunne mappe - hukommelse i adresse 0 gennem systemkaldet shmat(). Dermed kunne det være - lettere at udnytte andre kernesikkerhedssårbarheder gennem et - set-UID-program.

    • - -
  • CVE-2017-5986 - -

    Alexander Popov rapporterede om en kapløbstilstand i - SCTP-implementeringen, som kunne udnyttes af lokale brugere til at - forårsage et lammelsesangreb (nedbrud). Den oprindelige rettelse heraf var - ukorrekt og indførte yderligere sikkerhedsproblemer - (\ - CVE-2017-6353). Opdateringen indeholder en senere rettelse, som undgår - disse. På systemer, som ikke allerede har indlæst modulet sctp, kan det - løses ved at deaktivere det: - echo >> /etc/modprobe.d/disable-sctp.conf install sctp false

    • - -
  • CVE-2017-6214 - -

    Dmitry Vyukov rapporterede om en fejl i TCP-implementeringens - håndtering af hastende data i systemkaldet splice(). Det kunne udnyttes af en - fjernangriber til lammelsesangreb (hænging), mod applikationer, der læser fra - TCP-sockets med splice().

    • - -
  • CVE-2017-6345 - -

    Andrey Konovalov rapporterede at LLC type 2-implementeringen på ukorrekt - vis tildelte socketbufferejerskab. Det kunne udnyttes af en lokal bruger - til at forårsage et lammelsesangreb (nedbrud). På systemer hvor modulet llc2 - ikke allerede er indlæst, kan det løses ved at deaktivere det: - echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false

    • - -
  • CVE-2017-6346 - -

    Dmitry Vyukov rapporterede om en kapløbstilstand i raw packets - (af_packet) fanout-funktionalitet. Lokale brugere med muligheden - CAP_NET_RAW (i et vilkårlig navnerum), kunne udnytte det til lammelsesangreb - og muligvis til rettighedsforøgelse.

    • - -
  • CVE-2017-6348 - -

    Dmitry Vyukov rapporterede at implementeringen af den generelle kø i - undersystemet IrDA, ikke på korrekt vis håndterede flere låse, muligvis - gørende det muligt for lokale brugere at forårsage et lammelsesangreb - (deadlock) gennem fabrikerede handlinger på IrDA-enheder.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.16.39-1+deb8u2.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3804.data" diff --git a/danish/security/2017/dsa-3805.wml b/danish/security/2017/dsa-3805.wml deleted file mode 100644 index 84928fd9b63..00000000000 --- a/danish/security/2017/dsa-3805.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="5d765d0ac3f4a3f4102d8eaab55c22195161d945" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl, anvendelser efter frigivelser og andre -implementeringsfejl kunne føre til udførelse af vilkårlig kode, ASLR-omgåelse, -informationsafsløring eller lammelsesangreb (denial of service).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 45.8.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 45.8.0esr-1 af firefox-esr og i version 52.0-1 af firefox.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3805.data" diff --git a/danish/security/2017/dsa-3806.wml b/danish/security/2017/dsa-3806.wml deleted file mode 100644 index 942587d3a4d..00000000000 --- a/danish/security/2017/dsa-3806.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e8a080dfa22f4d648fd3f104663ea8eb691976e0" mindelta="1" -sikkerhedsopdatering - -

Man opdagede en sårbarhed i Pidgin, et chatprogram der understøtter flere -protokoller. En server kontrolleret af en angriber, kunne sende en ugyldig XML, -der kunne udløse en hukommelsestilgang uden for grænserne. Det kunne føre til -et nedbrud, eller i nogle ekstreme tilfælde, fjernudførelse af kode på -klientsiden.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.11.0-0+deb8u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.12.0-1.

- -

Vi anbefaler at du opgraderer dine pidgin-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3806.data" diff --git a/danish/security/2017/dsa-3807.wml b/danish/security/2017/dsa-3807.wml deleted file mode 100644 index 610986c58ad..00000000000 --- a/danish/security/2017/dsa-3807.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b23554b0bf55d2a6e7012fb27f484e8f510cd1a7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i værktøjerne icotool og wrestool i -Icoutils, et sæt programmer der håndterer MS Windows-ikoner og -markører, hvilke -kunne medføre lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode, hvis en misdannet .ico- eller .exe-fil blev behandlet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.31.0-2+deb8u3.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 0.31.2-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.31.2-1.

- -

Vi anbefaler at du opgraderer dine icoutils-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3807.data" diff --git a/danish/security/2017/dsa-3808.wml b/danish/security/2017/dsa-3808.wml deleted file mode 100644 index 05423ea2abb..00000000000 --- a/danish/security/2017/dsa-3808.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="ea0a2f44e809796383c1ab1145b311f114abd341" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter flere sårbarheder i imagemagick: Forskellige -hukommelseshåndteringsproblemer og tilfælde af manglende eller ufuldstændig -fornuftighedskontrol af inddata, kunne medføre lammelsesangreb (denial of -service) eller udførelse af vilkårlig kode, hvis en misdannet TGA-, Sun- eller -PSD-fil blev behandlet.

- -

Opdateringen retter også visuelle artefakter, når der køres -sharpen på -CMYK-billeder (ingen sikkerhedsindvirkning, men udsendes sammen med -sikkerhedsopdateringen efter aftale med Debians ansvarlige for den stabile -udgave, da det er en regression i jessie sammenlignet med wheezy).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 8:6.8.9.9-5+deb8u8.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 8:6.9.7.4+dfsg-2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 8:6.9.7.4+dfsg-2.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3808.data" diff --git a/danish/security/2017/dsa-3809.wml b/danish/security/2017/dsa-3809.wml deleted file mode 100644 index 2479c10e0fc..00000000000 --- a/danish/security/2017/dsa-3809.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="366c61695a27ffb3c5a14c35f4458b6d8617feff" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MariaDB. Sårbarhederne er løst -ved at opgradere MariaDB til den nye opstrømsversion 10.0.30. Se MariaDB 10.0 -Release Notes for flere oplysninger:

- -

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 10.0.30-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mariadb-10.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3809.data" diff --git a/danish/security/2017/dsa-3810.wml b/danish/security/2017/dsa-3810.wml deleted file mode 100644 index 3270c221a8e..00000000000 --- a/danish/security/2017/dsa-3810.wml +++ /dev/null @@ -1,105 +0,0 @@ -#use wml::debian::translation-check translation="467e64cd1e376dd13ad8d511045bbcd9b85ca3e2" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2017-5029 - -

    Holger Fuhrmannek opdagede et heltalsoverløbsproblem i biblioteket - libxslt.

    • - -
  • CVE-2017-5030 - -

    Brendon Tiszka opdagede et hukommelseskorruptionsproblem i - JavaScript-biblioteket v8.

    • - -
  • CVE-2017-5031 - -

    Looben Yang opdagede et problem med anvendelse efter frigivelse i - biblioteket ANGLE.

    • - -
  • CVE-2017-5032 - -

    Ashfaq Ansari opdagede en skrivning uden for grænserne i biblioteket - pdfium.

    • - -
  • CVE-2017-5033 - -

    Nicolai Grødum opdagede en måde at omgå Content Security Policy - på.

    • - -
  • CVE-2017-5034 - -

    Ke Liu opdagede et heltalsoverløbsproblem i biblioteket - pdfium.

    • - -
  • CVE-2017-5035 - -

    Enzo Aguado opdagede et problem med omnibox'en.

    • - -
  • CVE-2017-5036 - -

    Et problem med anvendelse efter frigivelse blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2017-5037 - -

    Yongke Wang opdagede adskillige problemer med skrivninger uden for - grænserne.

    • - -
  • CVE-2017-5038 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - gæstevisningen.

    • - -
  • CVE-2017-5039 - -

    jinmo123 opdagede et problem med anvendelse efter frigivelse i - biblioteket pdfium.

    • - -
  • CVE-2017-5040 - -

    Choongwoo Han opdagede et problem med informationsafsløring i - JavaScript-biblioteket v8.

    • - -
  • CVE-2017-5041 - -

    Jordi Chancel opdagede et problem med adresseforfalskning.

    • - -
  • CVE-2017-5042 - -

    Mike Ruddy opdagede ukorrekt håndtering af cookies.

    • - -
  • CVE-2017-5043 - -

    Et andet problem med anvendelse efter frigivelse blev opdaget i - gæstevisningen.

    • - -
  • CVE-2017-5044 - -

    Kushal Arvind Shah opdagede et heapoverløbsproblem i biblioteket - skia.

    • - -
  • CVE-2017-5045 - -

    Dhaval Kapil opdagede et informationsafsløringsproblem.

    • - -
  • CVE-2017-5046 - -

    Masato Kinugawa opdagede et informationafsløringsproblem.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 57.0.2987.98-1~deb8u1.

- -

I den kommende stabile stable distribution (stretch) og i den ustabile -distribution (sid), er disse problemer rettet i version 57.0.2987.98-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3810.data" diff --git a/danish/security/2017/dsa-3811.wml b/danish/security/2017/dsa-3811.wml deleted file mode 100644 index 59db0734002..00000000000 --- a/danish/security/2017/dsa-3811.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="72089d57acbc3bf60c01a11ae6270316af0c6d3b" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at wireshark, et program til analysering af netværksprotokoller, -indeholdt flere sårbarheder i dissektorerne til ASTERIX, DHCPv6, NetScaler, -LDSS, IAX2, WSP, K12 og STANAG 4607, hvilke kunne føre til forskellige nedbrud, -lammelsesangreb (denial of service) eller udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.12.1+g01b65bf-4+deb8u11.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.2.5+g440fd4d-2.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3811.data" diff --git a/danish/security/2017/dsa-3812.wml b/danish/security/2017/dsa-3812.wml deleted file mode 100644 index d07694c334d..00000000000 --- a/danish/security/2017/dsa-3812.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="cc2d55e7ed75272c54c04d052b277129e0b55e79" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ioquake3, en ændret udgave af spilmotoren ioQuake3, udførte -utilstrækkelige restriktioner på automatisk downloadet indhold (pk3-filer eller -spilkode), hvilket gjorde det muligt for ondsindede spilservere, at ændre -opsætningsindstillinger, herinder driverindstillinger.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.36+u20140802+gca9eebb-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.36+u20161101+dfsg1-2.

- -

Vi anbefaler at du opgraderer dine ioquake3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3812.data" diff --git a/danish/security/2017/dsa-3813.wml b/danish/security/2017/dsa-3813.wml deleted file mode 100644 index a658bdaef8a..00000000000 --- a/danish/security/2017/dsa-3813.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="495692747d0d79bf24e1d8480b29ce5b4d198cbb" mindelta="1" -sikkerhedsopdatering - -

Cory Duplantis opdagede et bufferoverløb i programmeringssproget R. En -misdannet encoding-fil kunne føre til udførelse af vilkårlig kode under -PDF-generering.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.1.1-1+deb8u1.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 3.3.3-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.3.3-1.

- -

Vi anbefaler at du opgraderer dine r-base-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3813.data" diff --git a/danish/security/2017/dsa-3814.wml b/danish/security/2017/dsa-3814.wml deleted file mode 100644 index 9ba954b5f79..00000000000 --- a/danish/security/2017/dsa-3814.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e88ccd072d93adab8095dbf142e770638cc6b55e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i biblioteket audiofile, hvilke kunne medføre -lammelsesangreb (denial of service) eller udførelse af vilkårlig kode, hvis en -misdannet lydfil blev behandlet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.3.6-2+deb8u2.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 0.3.6-4.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.3.6-4.

- -

Vi anbefaler at du opgraderer dine audiofile-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3814.data" diff --git a/danish/security/2017/dsa-3815.wml b/danish/security/2017/dsa-3815.wml deleted file mode 100644 index 4dac2268556..00000000000 --- a/danish/security/2017/dsa-3815.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="22a4bd01e6f43da4d28777d281b4c3086236214d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i wordpress, et værktøj til webblogging. De -kunne gøre det muligt for fjernangribere at slette utilsigtede filer, iværksætte -angreb i forbindelse med udførelse af skripter på tværs af websteder eller -omgå URL-valideringsmekanismer.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.1+dfsg-1+deb8u13.

- -

I den kommende stabile distribution (stretch) og i den ustabile distribution -(sid), er disse problemer rettet i version 4.7.3+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3815.data" diff --git a/danish/security/2017/dsa-3816.wml b/danish/security/2017/dsa-3816.wml deleted file mode 100644 index 980aa3fa240..00000000000 --- a/danish/security/2017/dsa-3816.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="57babdceb4f1665773aa4a2dff7f536c252a9a3c" mindelta="1" -sikkerhedsopdatering - -

Jann Horn fra Google opdagede en time-of-check-, -time-of-use-kapløbstilstand i Samba, en SMB/CIFS-fil-, print- og -loginserver til Unix. En ondsindet klient kunne drage nytte af fejlen til at -udnytte et symlinkkapløb til at tilgå områder på serverfilsystemet, som ikke -eksporteres under en share-definition.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2:4.2.14+dfsg-0+deb8u4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:4.5.6+dfsg-2.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3816.data" diff --git a/danish/security/2017/dsa-3817.wml b/danish/security/2017/dsa-3817.wml deleted file mode 100644 index 0024f9d6d07..00000000000 --- a/danish/security/2017/dsa-3817.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="8f7af0df62cf91df5ac71beba3040f788eea9c09" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i dekodningsbiblioteket til JBIG2, -hvilke kunne føre til lammelsesangreb (denial of service) eller udførelse af -vilkårlig kode, hvis en misdannet billedfil (normalt i et indlejret -PDF-dokument) blev åbnet.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.13-4~deb8u1.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 0.13-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.13-4.

- -

Vi anbefaler at du opgraderer dine jbig2dec-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3817.data" diff --git a/danish/security/2017/dsa-3818.wml b/danish/security/2017/dsa-3818.wml deleted file mode 100644 index 98fa98cefa4..00000000000 --- a/danish/security/2017/dsa-3818.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="51f3259fdeb32f341cd287297af0d1211f3c6fa4" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck opdagede adskillige sårbarheder i medieframeworket GStreamer og -dets codecs og demuxere, hvilke kunne medføre lammelsesangre (denial of service) -eller udførelse af vilkårlig kode, hvis en misdannet mediefil blev åbnet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.4.4-2.1+deb8u2.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 1.10.4-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.10.4-1.

- -

Vi anbefaler at du opgraderer dine gst-plugins-bad1.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3818.data" diff --git a/danish/security/2017/dsa-3819.wml b/danish/security/2017/dsa-3819.wml deleted file mode 100644 index 7e25a14616d..00000000000 --- a/danish/security/2017/dsa-3819.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="98058df8e50962351853666d33e9a780b4e2404b" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck opdagede adskillige sårbarheder i medieframeworket GStreamer og -dets codecs og demuxere, hvilke kunne medføre lammelsesangre (denial of service) -eller udførelse af vilkårlig kode, hvis en misdannet mediefil blev åbnet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.4.4-2+deb8u1.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 1.10.4-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.10.4-1.

- -

Vi anbefaler at du opgraderer dine gst-plugins-base1.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3819.data" diff --git a/danish/security/2017/dsa-3820.wml b/danish/security/2017/dsa-3820.wml deleted file mode 100644 index 286e9b3803f..00000000000 --- a/danish/security/2017/dsa-3820.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="46a55f480ca4ab80cfdc5f9a018ae024fbd086bc" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck opdagede adskillige sårbarheder i medieframeworket GStreamer og -dets codecs og demuxere, hvilke kunne medføre lammelsesangre (denial of service) -eller udførelse af vilkårlig kode, hvis en misdannet mediefil blev åbnet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.4.4-2+deb8u3.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 1.10.3-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.10.3-1.

- -

Vi anbefaler at du opgraderer dine gst-plugins-good1.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3820.data" diff --git a/danish/security/2017/dsa-3821.wml b/danish/security/2017/dsa-3821.wml deleted file mode 100644 index 533835ff361..00000000000 --- a/danish/security/2017/dsa-3821.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="abcae9b5085e3911cadfb391755ede976e39d9f8" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck opdagede adskillige sårbarheder i medieframeworket GStreamer og -dets codecs og demuxere, hvilke kunne medføre lammelsesangre (denial of service) -eller udførelse af vilkårlig kode, hvis en misdannet mediefil blev åbnet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.4.4-2+deb8u1.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 1.10.4-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.10.4-1.

- -

Vi anbefaler at du opgraderer dine gst-plugins-ugly1.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3821.data" diff --git a/danish/security/2017/dsa-3822.wml b/danish/security/2017/dsa-3822.wml deleted file mode 100644 index 5ce01041429..00000000000 --- a/danish/security/2017/dsa-3822.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a51fe18d6f0c788bc60cd05560a1ed21d0f755a2" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck opdagede adskillige sårbarheder i medieframeworket GStreamer og -dets codecs og demuxere, hvilke kunne medføre lammelsesangre (denial of service) -eller udførelse af vilkårlig kode, hvis en misdannet mediefil blev åbnet.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.4.4-2+deb8u1.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 1.10.3-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version version 1.10.3-1.

- -

Vi anbefaler at du opgraderer dine gstreamer1.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3822.data" diff --git a/danish/security/2017/dsa-3823.wml b/danish/security/2017/dsa-3823.wml deleted file mode 100644 index e4f1372d38e..00000000000 --- a/danish/security/2017/dsa-3823.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="f6d71275fbd8fb862a47615a8f06345783bb0c71" mindelta="1" -sikkerhedsopdatering - -

Ilja Van Sprundel opdagede at hjælperen dmcrypt-get-device, der anvendes til -at kontrollere hvorvidt en given enhed er en krypteret enhed, som håndteres af -devmapper, og benyttes i eject, ikke kontrollerede returværdier fra setuid() og -setgid(), når rettigheder smides væk.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.1.5+deb1+cvs20081104-13.1+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.1.5+deb1+cvs20081104-13.2.

- -

Vi anbefaler at du opgraderer dine eject-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3823.data" diff --git a/danish/security/2017/dsa-3824.wml b/danish/security/2017/dsa-3824.wml deleted file mode 100644 index c35588e7744..00000000000 --- a/danish/security/2017/dsa-3824.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="3f701b0fbcf99956539723ea44414e2fde27290e" mindelta="1" -sikkerhedsopdatering - -

George Noseevich opdagede at firebird2.5, et relationsdatabasesystem, ikke på -korrekt vis kontrollerede User-Defined Functions (UDF), hvilket dermed gjorde -det muligt for fjernautentificerede brugere at udføre vilkårlig kode på -firebirdserveren.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.5.3.26778.ds4-5+deb8u1.

- -

Vi anbefaler at du opgraderer dine firebird2.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3824.data" diff --git a/danish/security/2017/dsa-3825.wml b/danish/security/2017/dsa-3825.wml deleted file mode 100644 index 35e2a0c637c..00000000000 --- a/danish/security/2017/dsa-3825.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="eb41f8632dc601c9df45a70bd0ed393768f20133" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at jhead, et værktøj til håndtering af ikke-billed-delen af -EXIF-kompatible JPEG-filer, var ramt af en sårbarhed i forbindelse med tilgang -uden for grænserne, hvilket kunne medføre lammelsesangreb (denial of service) e -ller potentielt udførelse af vilkårlig kode, hvis et billede med særligt -fremstillede EXIF-data blev behandlet.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:2.97-1+deb8u1.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 1:3.00-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:3.00-4.

- -

Vi anbefaler at du opgraderer dine jhead-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3825.data" diff --git a/danish/security/2017/dsa-3826.wml b/danish/security/2017/dsa-3826.wml deleted file mode 100644 index 9598a023343..00000000000 --- a/danish/security/2017/dsa-3826.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a09bd10ebb5ef7a93c79b9de764c3333222bf5ec" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at den oprindelige patch til løsning af -CVE-2016-1242 -ikke dækkede alle situationer, hvilket kunne medføre informationsafsløring af -filindhold.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.4.0-3+deb8u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.2.1-2.

- -

Vi anbefaler at du opgraderer dine tryton-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3826.data" diff --git a/danish/security/2017/dsa-3827.wml b/danish/security/2017/dsa-3827.wml deleted file mode 100644 index 69689bdd653..00000000000 --- a/danish/security/2017/dsa-3827.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="fe1419d5e590c0f86f7505bbe7501db0498ed459" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i biblioteket JasPer til behandling af -JPEG-2000-billeder, hvilket kunne medføre lammelsesangreb (denial of service) -eller udførelse af vilkårlig kode, hvis et misdannet billede blev behandlet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.900.1-debian1-2.4+deb8u3.

- -

Vi anbefaler at du opgraderer dine jasper-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3827.data" diff --git a/danish/security/2017/dsa-3828.wml b/danish/security/2017/dsa-3828.wml deleted file mode 100644 index 0d9f916807e..00000000000 --- a/danish/security/2017/dsa-3828.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="515b74f93b680c2de7ade36818ef4c5713579f65" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at mailserveren Dovecot var sårbar over for et lammelsesangreb -(denial of service). Når dict'en passdb og userdb anvendes til -brugerautentifikation, blev brugernavnet fra IMAP-/POP3-klienten sendt gennem -var_expand() for at udføre %variable-udvidelse. Afsendelse af særligt -fremstillede %variable-felter, kunne medføre alt for stort hukommelsesforbrug, -medførende at processen gik ned (og genstartede).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:2.2.13-12~deb8u2.

- -

Vi anbefaler at du opgraderer dine dovecot-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3828.data" diff --git a/danish/security/2017/dsa-3829.wml b/danish/security/2017/dsa-3829.wml deleted file mode 100644 index dd0b0d278ba..00000000000 --- a/danish/security/2017/dsa-3829.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="6aa54e4ecd05cfc8365fd856de87665349fa562e" mindelta="1" -sikkerhedsopdatering - -

Quan Nguyen opdagede at manglende grænsekontroller i implementeringen af -Galois/Counter-tilstand i Bouncy Castle (en Java-implementering af -kryptografiske algoritmer), kunne medføre informationsafsløring.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.49+dfsg-3+deb8u2.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 1.54-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.54-1.

- -

Vi anbefaler at du opgraderer dine bouncycastle-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3829.data" diff --git a/danish/security/2017/dsa-3830.wml b/danish/security/2017/dsa-3830.wml deleted file mode 100644 index bbefa86c428..00000000000 --- a/danish/security/2017/dsa-3830.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="47142cf1586379c8887bb74bd0658dd89fbdbafd" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at icu, biblioteket International Components for Unicode, ikke -på korrekt vis validerede sine inddata. En angriber kunne udnytte problemet til -at udløse en skrivning uden for grænserne gennem et heapbaseret bufferoverløb, -dermed forårsagende et lammelsesangreb (denial of service) gennem -applikationsnedbrud eller potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 52.1-8+deb8u5.

- -

I den kommende stabile distribution (stretch) og i den ustabile distribution -(sid), er disse problemer rettet i version 57.1-6.

- -

Vi anbefaler at du opgraderer dine icu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3830.data" diff --git a/danish/security/2017/dsa-3831.wml b/danish/security/2017/dsa-3831.wml deleted file mode 100644 index fc164461d72..00000000000 --- a/danish/security/2017/dsa-3831.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="784b4db214b6f8491bf1e8cb296dece7f7c684ac" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl, anvendelser efter frigivelser, -bufferoverløb og andre implementeringsfejl kunne føre til udførelse af -vilkårlig kode, informationsafsløring eller lammelsesangreb (denial of -service).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 45.9.0esr-1~deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 45.9.0esr-1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3831.data" diff --git a/danish/security/2017/dsa-3832.wml b/danish/security/2017/dsa-3832.wml deleted file mode 100644 index b06408f197b..00000000000 --- a/danish/security/2017/dsa-3832.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="1f2a5ecbfa4aefb955a07607f41aa48b2bf921fe" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode eller informationslækager.

- -

Med denne opdatering får Icedove-pakken igen sit officielle navn fra Mozilla. -Med fjernelse af Debians navn, er pakkerne også blevet omdøbt tilbage til det -officielle navn, som anvendes af Mozilla.

- -

Pakken Thunderbird anvender en anden standardmappe til profiler; den er nu -'\$(HOME)/.thunderbird'. Users-profilmappen vil blive migreret til -den nye profilmappe, ved første start af programmet, hvilket kan tage lidt -længere tid.

- -

Læs README.Debian for flere oplysninger om ændringerne.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:45.8.0-3~deb8u1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3832.data" diff --git a/danish/security/2017/dsa-3833.wml b/danish/security/2017/dsa-3833.wml deleted file mode 100644 index 3f40012f0cf..00000000000 --- a/danish/security/2017/dsa-3833.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="a4ef2d3ef7fa2d8a57471c2514b3918a3f10df91" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er rettet i adskillige demuxere og dekodere hørende -til multimediebiblioket libav. En komplet liste over ændringerne er tilgængelig -på \ -https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.9

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 6:11.9-1~deb8u1.

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3833.data" diff --git a/danish/security/2017/dsa-3834.wml b/danish/security/2017/dsa-3834.wml deleted file mode 100644 index 259b4f59039..00000000000 --- a/danish/security/2017/dsa-3834.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5e42e25e04d95c6f15069e2c0144e72c0b67dbdd" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion 5.5.55, der indeholder -yderligere ændringer, så som forbedringer af ydeevnen, fejlrettelser og ny -funktionalitet, samt muligvis inkompatibile ændringer. Se MySQL 5.5 Release -Notes og Oracles Critical Patch Update-bulletin for flere oplysninger:

- - - -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.5.55-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3834.data" diff --git a/danish/security/2017/dsa-3835.wml b/danish/security/2017/dsa-3835.wml deleted file mode 100644 index 944285621fd..00000000000 --- a/danish/security/2017/dsa-3835.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="312ad41583daad4f13fe2be21845e5e89a8c3c8d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Django, et webudviklingsframework til Python -på højt niveau. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2016-9013 - -

    Marti Raudsepp rapporterede at en bruger med en hårdkodet adgangskode, - blev oprettet når der blev afviklet tests med en Oracle-database.

    • - -
  • CVE-2016-9014 - -

    Aymeric Augustin opdagede at Django ikke på korrekt vis validerede - Host-headeren mod settings.ALLOWED_HOSTS, når debugindstillingen er - aktiveret. En fjernangriber kunne drage nytte af fejlen til at iværksætte - DNS-rebinding-angreb.

    • - -
  • CVE-2017-7233 - -

    Man opdagede at is_safe_url() ikke på korrekt vis håndterede visse - numeriske URL'er som sikre. En fjernangriber kunne drage nytte af fejlen - til at iværksætte XSS-angreb eller til at anvende en Django-server som en - åben viderestilling.

    • - -
  • CVE-2017-7234 - -

    Phithon fra Chaitin Tech opdagede en åben viderestilling-sårbarhed i - view'et django.views.static.serve(). Bemærk at dette view ikke er beregnet - til anvendelse i produktion.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.7.11-1+deb8u2.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3835.data" diff --git a/danish/security/2017/dsa-3836.wml b/danish/security/2017/dsa-3836.wml deleted file mode 100644 index 676f9c82cfe..00000000000 --- a/danish/security/2017/dsa-3836.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a23d07d2c63fb1d21297d45f18013439117cfd2c" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at weechat, en hurtigt og let chatklient, var sårbar over for en -bufferoverløbssårbarhed i IRC-plugin'en, hvilket gjorde det muligt for en -fjernangriber at forårsage et lammelsesangreb (denial of service), ved at sende -et særligt fremstillet filnavn via DCC.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.0.1-1+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.7-3.

- -

Vi anbefaler at du opgraderer dine weechat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3836.data" diff --git a/danish/security/2017/dsa-3837.wml b/danish/security/2017/dsa-3837.wml deleted file mode 100644 index cde1c007889..00000000000 --- a/danish/security/2017/dsa-3837.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="dfde740e3d03e0237c66abdf45980f97622e4ac9" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at et bufferoverløb i behandlingen af Windows Metafiles kunne -medføre lammelsesangreb (denial of service) eller udførelse af vilkårlig kode, -hvis et misdannet dokument blev åbnet.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:4.3.3-2+deb8u7.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 1:5.2.5-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:5.2.5-1.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3837.data" diff --git a/danish/security/2017/dsa-3838.wml b/danish/security/2017/dsa-3838.wml deleted file mode 100644 index 3d1bab75477..00000000000 --- a/danish/security/2017/dsa-3838.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="95b27c05059dd6a3ee048425f0c46d3977c69fcd" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Ghostscript, GPL PostScript/PDF-fortolkeren, -hvilke kunne føre til udførelse af vilkårlig kode eller lammelsesangreb (denial -of service), hvis en særligt fremstillet Postscript-fil behandles.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 9.06~dfsg-2+deb8u5.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 9.20~dfsg-3.1 eller tidligere versioner.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3838.data" diff --git a/danish/security/2017/dsa-3839.wml b/danish/security/2017/dsa-3839.wml deleted file mode 100644 index c74fe07757e..00000000000 --- a/danish/security/2017/dsa-3839.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="223ae1c0c7add3308404ab7a269a0272c2c8f5ef" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Freetype. Åbning af misdannede fonts kunne -medføre lammelsesangreb (denial of service) eller udførelse af vilkårlig -kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.5.2-3+deb8u2.

- -

Vi anbefaler at du opgraderer dine freetype-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3839.data" diff --git a/danish/security/2017/dsa-3840.wml b/danish/security/2017/dsa-3840.wml deleted file mode 100644 index 43b6ad40fcf..00000000000 --- a/danish/security/2017/dsa-3840.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="0475afaea40d2a4116e5e7d1b03115cdfd657700" mindelta="1" -sikkerhedsopdatering - -

Thijs Alkemade opdagede at uventet automatisk deserialisering af -Java-objekter i MySQL Connector/J JDBC-driveren kunne føre til udførelse af -vilkårlig kode. For yderligere oplysninger, se bulltinen -\ -https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.1.41-1~deb8u1.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 5.1.41-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.1.41-1.

- -

Vi anbefaler at du opgraderer dine mysql-connector-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3840.data" diff --git a/danish/security/2017/dsa-3841.wml b/danish/security/2017/dsa-3841.wml deleted file mode 100644 index 2a611b2f8de..00000000000 --- a/danish/security/2017/dsa-3841.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a2a454f31181d1e02fa54fcefa994ca9d33ea691" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at XStream, et Java-bibliotek til serialisering af objekter til -XML og tilbage igen, var ramt af et lammelssangreb (denial of service) under -unmarshalling.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.4.7-2+deb8u2.

- -

I den kommende stabile distribution (stretch), vil dette problem snart blive -rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.9-2.

- -

Vi anbefaler at du opgraderer dine libxstream-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3841.data" diff --git a/danish/security/2017/dsa-3842.wml b/danish/security/2017/dsa-3842.wml deleted file mode 100644 index 70af7404fd4..00000000000 --- a/danish/security/2017/dsa-3842.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="490ca505f90577b0623d6c1166729c095b05c3b9" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i tomcat7, en servlet- og JSP-motor.

- -
    - -
  • CVE-2017-5647 - -

    Pipelinede forespørgsler blev behandlet på forkert vis, hvilket kunne - medføre, at nogle svar lod til at blive sendt til den forkerte - forespørgsel.

    • - -
  • CVE-2017-5648 - -

    Nogle applikations-listeners-kald blev udstedt mod de forkerte objekter, - hvilket gjorde det muligt for applikationer, der ikke er tillid til, at køre - under en SecurityManager for at omgå den beskyttelsesmekanisme og tilgå - eller ændre oplysninger knyttet til andre webapplikationer.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7.0.56-3+deb8u10.

- -

I den kommende stabile distribution (stretch) og i den ustabile distribution -(sid), er disse problemer rettet i version 7.0.72-3.

- -

Vi anbefaler at du opgraderer dine tomcat7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3842.data" diff --git a/danish/security/2017/dsa-3843.wml b/danish/security/2017/dsa-3843.wml deleted file mode 100644 index ba95b4f885f..00000000000 --- a/danish/security/2017/dsa-3843.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="d8625ed48e19c7534139950640bd8e9bede7ba60" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i tomcat8, en servlet- og JSP-motor.

- -
    - -
  • CVE-2017-5647 - -

    Pipelinede forespørgsler blev behandlet på forkert vis, hvilket kunne - medføre, at nogle svar lod til at blive sendt til den forkerte - forespørgsel.

    • - -
  • CVE-2017-5648 - -

    Nogle applikations-listeners-kald blev udstedt mod de forkerte objekter, - hvilket gjorde det muligt for applikationer, der ikke er tillid til, at køre - under en SecurityManager for at omgå den beskyttelsesmekanisme og tilgå - eller ændre oplysninger knyttet til andre webapplikationer.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 8.0.14-1+deb8u9.

- -

I den kommende stabile distribution (stretch) og i den ustabile distribution -(sid), er disse problemer rettet i version 8.5.11-2.

- -

Vi anbefaler at du opgraderer dine tomcat8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3843.data" diff --git a/danish/security/2017/dsa-3844.wml b/danish/security/2017/dsa-3844.wml deleted file mode 100644 index db80104db51..00000000000 --- a/danish/security/2017/dsa-3844.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="bdc37926fc4dcd0b2ab46c700ea361b000b4cb9e" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i biblioteket libtiff og de medfølgende -værktøjer, hvilket kunne medføre lammelsesangreb (denial of service), -hukommelsesblotlæggelse eller udførelse af vilkårlig kode.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.0.3-12.3+deb8u3.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 4.0.7-6.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.0.7-6.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3844.data" diff --git a/danish/security/2017/dsa-3845.wml b/danish/security/2017/dsa-3845.wml deleted file mode 100644 index ec9f37537c3..00000000000 --- a/danish/security/2017/dsa-3845.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="80da9320a8b0ed15ce47d4bcaa76bcc122fd748b" mindelta="1" -sikkerhedsopdatering - -

Guido Vranken opdagede at ukorrekt hukommelseshåndtering i libtirpc, et -transportuafhængigt RPC-bibliotek som anvendes af rpcbind og andre programmer, -kunne medføre lammelsesangreb (denial of service) gennem hukommelsesudmattelse -(afhængigt af hvordan hukommelseshåndteringen er opsat).

- -

I den stabile distribution (jessie), er dette problem rettet i version -0.2.5-1+deb8u1 af libtirpc og i version 0.2.1-6+deb8u2 af rpcbind.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 0.2.5-1.2 og i version 0.2.3-0.6 af rpcbind.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.2.5-1.2 og i version 0.2.3-0.6 af rpcbind.

- -

Vi anbefaler at du opgraderer dine libtirpc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3845.data" diff --git a/danish/security/2017/dsa-3846.wml b/danish/security/2017/dsa-3846.wml deleted file mode 100644 index 35599f44421..00000000000 --- a/danish/security/2017/dsa-3846.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="18688e839438dad87da9f5e4f4a25d23f19a9954" mindelta="1" -sikkerhedsopdatering - -

Flere problemer blev opdaget i libytnef, et bibliotek der anvendes til at -dekode mailvedhæftelser af typen application/ms-tnef. Adskillige heapoverløb, -læsninger og skrivninger uden for grænserne, NULL-pointerdereferences og -uendelige løkke, kunne udnyttes ved at narre en bruger til at åbne en -ondsindet fremstillet winmail.dat-fil.

- -

I den stabile distribution (jessie), er disse problemer rettet i version -1.5-6+deb8u1.

- -

I den kommende stabile distribution (stretch) og i den ustabile distribution -(sid), er disse problemer rettet i version 1.9.2-1.

- -

Vi anbefaler at du opgraderer dine libytnef-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3846.data" diff --git a/danish/security/2017/dsa-3847.wml b/danish/security/2017/dsa-3847.wml deleted file mode 100644 index 7b2eebf20cb..00000000000 --- a/danish/security/2017/dsa-3847.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="1d375be05504b040735ebff31defefe5ec0be33b" mindelta="1" -sikkerhedsopdatering - -

Jan Beulich og Jann Horn opdagede adskillige sårbarheder i hypervisor'en Xen, -hvike kunne føre til rettighedsforøgelse, gæst til vært-udbrud, lammelsesangreb -eller informationslækage.

- -

Ud over de anførte CVE'er, løser denne opdatering også sårbarhederne -offentliggjort som XSA-213, XSA-214 og XSA-215.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.4.1-9+deb8u9.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 4.8.1-1+deb9u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.8.1-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3847.data" diff --git a/danish/security/2017/dsa-3848.wml b/danish/security/2017/dsa-3848.wml deleted file mode 100644 index 65663298aad..00000000000 --- a/danish/security/2017/dsa-3848.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="8fbe0ea78a9a6efe989b0eb76e247426718f39c1" mindelta="1" -sikkerhedsopdatering - -

Timo Schmid fra ERNW GmbH opdagede at Git git-shell, en indskrænket -loginshell til SSH-adgang kun til Git, gjorde det muligt for en bruger at køre -en interaktiv pager, ved at få den til at afføde git upload-pack ---help.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:2.1.4-2.1+deb8u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:2.11.0-3.

- -

Vi anbefaler at du opgraderer dine git-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3848.data" diff --git a/danish/security/2017/dsa-3849.wml b/danish/security/2017/dsa-3849.wml deleted file mode 100644 index c40d7a7c926..00000000000 --- a/danish/security/2017/dsa-3849.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="60e4f0aaa7024a9ae56580af7650d852780c19ec" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i kde4libs, kernebibliotekerne til alle KDE -4-applikationer. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2017-6410 - -

    Itzik Kotler, Yonatan Fridburg og Amit Klein fra Safebreach Labs - rapporterede, at URL'er ikke fornuftighedskontrolleredes før de overføres - til FindProxyForURL, hvilket potentielt gjorde det muligt for en - fjernangriber at få adgang til følsomme oplysninger gennem en fabrikeret - PAC-fil.

    • - -
  • CVE-2017-8422 - -

    Sebastian Krahmer fra SUSE, opdagede at frameworket KAuth indeholdt en - logisk fejl i hvilken tjenesten der kalder dbus ikke kontrolleres på - korrekt vis. Fejlen tillod identitetsforfalskning af kalderen, samt - opnåelse af root-rettigheder fra en upriviligeret konto.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4:4.14.2-5+deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4:4.14.26-2.

- -

Vi anbefaler at du opgraderer dine kde4libs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3849.data" diff --git a/danish/security/2017/dsa-3850.wml b/danish/security/2017/dsa-3850.wml deleted file mode 100644 index 5dc926c1b00..00000000000 --- a/danish/security/2017/dsa-3850.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="0a9ea844072aaed10325467699f49b99fc9c2342" mindelta="1" -sikkerhedsopdatering - -

Dave McDaniel opdagede adskillige sårbarheder i rtmpdump, et lille -dumper/bibliotek til RTMP-mediestreams, hvilke kunne medføre lammelsesangreb -eller udførelse af vilkårlig kode, hvis en misdannet stream blev dumpet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2.4+20150115.gita107cef-1+deb8u1.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 2.4+20151223.gitfa8646d.1-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.4+20151223.gitfa8646d.1-1.

- -

Vi anbefaler at du opgraderer dine rtmpdump-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3850.data" diff --git a/danish/security/2017/dsa-3851.wml b/danish/security/2017/dsa-3851.wml deleted file mode 100644 index 6178ef778a6..00000000000 --- a/danish/security/2017/dsa-3851.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="d79725c1020362b8dc5380e3742c9a0d58ddb0c4" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i databasesystemet PostgreSQL:

- -
    - -
  • CVE-2017-7484 - -

    Robert Haas opdagede at nogle selektive estimatorer ikke validerede - brugerrettigheder, hvilket kunne medføre informationsafsløring.

    • - -
  • CVE-2017-7485 - -

    Daniel Gustafsson opdagede at miljøvariablen PGREQUIRESSL, ikke længere - gennemtvang en TLS-forbindelse.

    • - -
  • CVE-2017-7486 - -

    Andrew Wheelwright opdagede at brugermapninger blev begrænset på - utilstrækkelig vis.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 9.4.12-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3851.data" diff --git a/danish/security/2017/dsa-3852.wml b/danish/security/2017/dsa-3852.wml deleted file mode 100644 index e74b6b9ba57..00000000000 --- a/danish/security/2017/dsa-3852.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="1b34ebcb4abd858338f9851b95efa5dbbf31104c" mindelta="1" -sikkerhedsopdatering - -

Dawid Golunski og Filippo Cavallarin opdagede at squirrelmail, en -webmailapplikation, på ukorrekt vis håndterede en brugerleveret værdi. Dermed -var det muligt for en indlogget bruger, at køre vilkårlige kommandoer på -serveren.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2:1.4.23~svn20120406-2+deb8u1.

- -

Vi anbefaler at du opgraderer dine squirrelmail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3852.data" diff --git a/danish/security/2017/dsa-3853.wml b/danish/security/2017/dsa-3853.wml deleted file mode 100644 index 20351f254cc..00000000000 --- a/danish/security/2017/dsa-3853.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="c103bb3a204622fbcabc774d57f82719c6e4bf9d" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at bitlbee, en gateway mellem IRC og andre chatnetværk, -indeholdt problemer, som gjorde det muligt for en fjernangriber at forårsage et -lammelsesangreb (gennem applikationsnedbrud) eller potentielt udføre vilkårlige -kommandoer.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 3.2.2-2+deb8u1.

- -

I den kommende stabile distribution (stretch) og i den ustabile distribution -(sid), er disse problemer rettet i version 3.5-1.

- -

Vi anbefaler at du opgraderer dine bitlbee-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3853.data" diff --git a/danish/security/2017/dsa-3854.wml b/danish/security/2017/dsa-3854.wml deleted file mode 100644 index 38537c2e7a0..00000000000 --- a/danish/security/2017/dsa-3854.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="bb4632633c0e49015e719cbe3b1a796ad1b0f4f1" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i BIND, en DNS-serverimplementering. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2017-3136 - -

    Oleg Gorokhov fra Yandex opdagede at BIND ikke på korrekt vis håndterede - visse forespørgsler, når DNS64 blev anvendt med valgmuligheden - break-dnssec yes;, hvilket gjordet muligt for en fjernangriber at - forårsage et lammelsesangreb.

    • - -
  • CVE-2017-3137 - -

    Man opdagede at BIND havde ukorrekte antagelser om rækkefølgen af - records i svarafsnittet af et svar indeholdende CNAME- eller - DNAME-ressourcerecords, førende til situationer hvor BIND afbryder med en - assertionfejl. En angriber kunne drage nyttet af tilstanden til at - forårsage et lammelsesangreb.

    • - -
  • CVE-2017-3138 - -

    Mike Lalumiere fra Dyn, Inc. opdagede at BIND kunne afbryde med en - REQUIRE-assertionfejl, hvis den modtag en null-kommandostreng i sin - kontrolkanal. Bemærk at rettelsen i Debian kun er udført som en - hærdende foranstaltning. Flere oplysninger om problemet finder man i - \ - https://kb.isc.org/article/AA-01471.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:9.9.5.dfsg-9+deb8u11.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1:9.10.3.dfsg.P4-12.3.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3854.data" diff --git a/danish/security/2017/dsa-3855.wml b/danish/security/2017/dsa-3855.wml deleted file mode 100644 index e24e15cb24d..00000000000 --- a/danish/security/2017/dsa-3855.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="1e7a234ecb9743656d05948caa9e1b99ea4de701" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i dekodningsbiblioteket JBIG2, -hvilke kunne føre til lammelsesangreb, afsløring af følsomme oplysninger fra -proceshukommelse eller udførelse af vilkårlig kode, hvis en misdannet -billedfil (normalt indlejret i et PDF-dokument) blev åbnet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.13-4~deb8u2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.13-4.1.

- -

Vi anbefaler at du opgraderer dine jbig2dec-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3855.data" diff --git a/danish/security/2017/dsa-3856.wml b/danish/security/2017/dsa-3856.wml deleted file mode 100644 index e4cee8cdab0..00000000000 --- a/danish/security/2017/dsa-3856.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="27af2f7df93128c1363e07e3b4f94eaa5e076b98" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i webgrænsefladen hørende til Deluge -BitTorrent-klienten (mappegennemløb og forespørgselsforfalskning på tværs af -websteder).

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1.3.10-3+deb8u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.3.13+git20161130.48cedf63-3.

- -

Vi anbefaler at du opgraderer dine deluge-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3856.data" diff --git a/danish/security/2017/dsa-3857.wml b/danish/security/2017/dsa-3857.wml deleted file mode 100644 index c832c25522a..00000000000 --- a/danish/security/2017/dsa-3857.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="bd3160ec61091391267c7cdc3700ffa015a4d0d3" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er fundet i MySQL Connector/J JDBC-driveren.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.1.42-1~deb8u1.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 5.1.42-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.1.42-1.

- -

Vi anbefaler at du opgraderer dine mysql-connector-java-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3857.data" diff --git a/danish/security/2017/dsa-3858.wml b/danish/security/2017/dsa-3858.wml deleted file mode 100644 index 3370ce50940..00000000000 --- a/danish/security/2017/dsa-3858.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="46e7326c81f0ce67df5d47b16290dd4b0bd37715" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende rettighedsforøgelse, lammelsesangreb, -ny linje-indsprøjtning i SMTP eller anvendelse af usikker kryptografi.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 7u131-2.6.9-2~deb8u1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3858.data" diff --git a/danish/security/2017/dsa-3859.wml b/danish/security/2017/dsa-3859.wml deleted file mode 100644 index 6b060c59f86..00000000000 --- a/danish/security/2017/dsa-3859.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="9a68bcfd3ce1fc6f2570123545f14e339bd21518" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev fundet i Dropbear, en letvægts-SSH2-server og --klient:

- -
    - -
  • CVE-2017-9078 - -

    Mark Shepard opdagede en dobbelt frigivelse i TCP-listener-oprydningen, - hvilket kunne medføre lammelsesangreb foretaget af en autentificeret bruger, - hvis Dropbear kører med valgmuligheden -a.

    • - -
  • CVE-2017-9079 - -

    Jann Horn opdagede en lokal informationslækage i fortolkningen af filen - .authorized_keys.

    • - -
- -

I den stabile distribution (jessie), er disse problemer rettet i version -2014.65-1+deb8u2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine dropbear-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3859.data" diff --git a/danish/security/2017/dsa-3860.wml b/danish/security/2017/dsa-3860.wml deleted file mode 100644 index 1d110ac88c6..00000000000 --- a/danish/security/2017/dsa-3860.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="c25d6a41f1c722e4e401032bc11713d66a457a37" mindelta="1" -sikkerhedsopdatering - -

steelo opdagede en sårbarhed i forbindelse med fjernudførelse af kode i -Samba, en SMB/CIFS fil-, print- og loginserver til Unix. En ondsindet klient -med adgang til en skrivbar share, kunne drage nytte af fejlen ved at uploade et -delt bibliotek og dermed få serveren til at indlæse og udføre det.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2:4.2.14+dfsg-0+deb8u6.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3860.data" diff --git a/danish/security/2017/dsa-3861.wml b/danish/security/2017/dsa-3861.wml deleted file mode 100644 index 49747df4063..00000000000 --- a/danish/security/2017/dsa-3861.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="8014987642657013b9cd463a1973b5ceab5fb782" mindelta="1" -sikkerhedsopdatering - -

Jakub Jirasek fra Secunia Research opdagede at libtasn1, et bibliotek til -håndtering af Abstract Syntax Notation One-strukturer, ikke på korrekt vis -validerede sine inddata. Dermed kunne en angriber få mulighed for at forårsage -et nedbrud gennem lammelsesangreb eller potenielt udførelse af vilkårlig kode, -ved at narre en bruger til at behandle en ondsindet fremstillet -assignments-fil.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 4.2-3+deb8u3.

- -

Vi anbefaler at du opgraderer dine libtasn1-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3861.data" diff --git a/danish/security/2017/dsa-3862.wml b/danish/security/2017/dsa-3862.wml deleted file mode 100644 index ccc204ce85f..00000000000 --- a/danish/security/2017/dsa-3862.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="bb1ca6c0fbadbb91005569b508ba0cfe52750ebb" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ubegrænset YAML-deserialisering af data sendt fra agenter til -serveren i opsætningshåndteringssystemet Puppet, kunne medføre udførelse af -vilkårlig kode.

- -

Bemærk at rettelsen bryder bagudkompatibiliteten med Puppet-agenter ældre end -3.2.2, og at der ikke er nogen sikker måde at genskabe den på. Det påvirker -puppet-agenter, som kører på Debian wheezy; vi anbefaler at du opdaterer til den -version af puppet, som leveres via wheezy-backports.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.7.2-4+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 4.8.2-5.

- -

Vi anbefaler at du opgraderer dine puppet-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3862.data" diff --git a/danish/security/2017/dsa-3863.wml b/danish/security/2017/dsa-3863.wml deleted file mode 100644 index 91d675e1011..00000000000 --- a/danish/security/2017/dsa-3863.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="723e86d5c5bc3edc841db0c22e4cbd6d8d8210c1" mindelta="1" -sikkerhedsopdatering - -

Denne opdateringer retter flere sårbarheder i imagemagick: Forskellige -hukommelseshåndteringsproblemer og tilfælde af manglende eller ufuldstændig -fornuftighedskontrol af inddata, kunne medføre lammelsesangreb, -hukommelsesafsløring eller udførelse af vilkårlig kode, hvis midannede filer -af følgende typer behandles: RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV, -PICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX eller SVG.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 8:6.8.9.9-5+deb8u9.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 8:6.9.7.4+dfsg-8.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 8:6.9.7.4+dfsg-8.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3863.data" diff --git a/danish/security/2017/dsa-3864.wml b/danish/security/2017/dsa-3864.wml deleted file mode 100644 index a7eb85db3c6..00000000000 --- a/danish/security/2017/dsa-3864.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f069cd6d7f5fe46668ca0f4b7891b4ff64427acb" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at en XML-sårbarhed i forbindelse med eksterne entiteter i -Apache FOP XML-formatering, kunne medføre informationsafsløring.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1:1.1.dfsg2-1+deb8u1.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 1:2.1-6.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:2.1-6.

- -

Vi anbefaler at du opgraderer dine fop-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3864.data" diff --git a/danish/security/2017/dsa-3865.wml b/danish/security/2017/dsa-3865.wml deleted file mode 100644 index 45be79c3ea0..00000000000 --- a/danish/security/2017/dsa-3865.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="8f44dade4fb2a0c9e4c8df56c1338451575b0d27" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at mønsterbaserede ACL'er i Mosquitto MQTT-broker'en kunne -omgås.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.3.4-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.10-3.

- -

Vi anbefaler at du opgraderer dine mosquitto-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3865.data" diff --git a/danish/security/2017/dsa-3866.wml b/danish/security/2017/dsa-3866.wml deleted file mode 100644 index 0dddd6ff616..00000000000 --- a/danish/security/2017/dsa-3866.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="a374785693337ad2b565f7a2e376903696b0261e" mindelta="1" -sikkerhedsopdatering - -

To lammelsesangrebssårbarheder blev opdaget i strongSwan, en -IKE-/IPsec-suite, som anvender Googles OSS-Fuzz-fuzzingprojekt.

- -
    - -
  • CVE-2017-9022 - -

    Offentlige RSA-nøgler overført til gmp-plugin'en blev ikke valideret - tilstrækkeligt, før signaturvalidering, således kunne ugyldige inddata måske - føre til en flydende komma-undtagelse og procesnedbrud. Et certifikat med - en passende forberedt offentlig nøgle sender af en peer, kunne anvendes til - et lammelsesangreb.

    • - -
  • CVE-2017-9023 - -

    ASN.1 CHOICE-typer blev ikke håndteret på korrekt vis af - ASN.1-fortolkeren, når der blev fortolket X.509-certifikater med udvidelser, - der anvender sådanne typer. Det kunne føre til en uendelig løkke i tråden, - der fortolker et særligt fremstillet certifikat.

    • - -
- -

En rettelse af en opbygningsfejl blev yderligere medtaget i revisionen -5.2.1-6+deb8u4 af pakken strongSwan.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 5.2.1-6+deb8u3.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 5.5.1-4

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.5.1-4.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3866.data" diff --git a/danish/security/2017/dsa-3867.wml b/danish/security/2017/dsa-3867.wml deleted file mode 100644 index a46c1b0776c..00000000000 --- a/danish/security/2017/dsa-3867.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="daffea13ee581fc40fadeaebc8bb33e212b0d223" mindelta="1" -sikkerhedsopdatering - -

Qualys Security-holdet opdagede at sudo, et program designet til at stille -begrænsede superbrugerrettigheder til rådighed for specifikke brugere, ikke på -tilstrækkelig vis fortolkende /proc/[pid]/stat til at læse enhedsnummeret -på tty'en fra felt 7 (tty_nr). En sudoers-bruger kunne drage nytte af fejlen -på et system med aktiveret SELinux, til at få de komplette rootrettigheder.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.8.10p3-1+deb8u4.

- -

Vi anbefaler at du opgraderer dine sudo-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3867.data" diff --git a/danish/security/2017/dsa-3868.wml b/danish/security/2017/dsa-3868.wml deleted file mode 100644 index 9c3049fa806..00000000000 --- a/danish/security/2017/dsa-3868.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="461993a0c578b7526c478d31b70246ac54792a36" mindelta="1" -sikkerhedsopdatering - -

Karsten Heymann opdagede at OpenLDAP-directoryserveren kunne bringes til at -gå ned ved at udføre en paged-søgning med en sidestørrelse på 0, medførende -lammelsesangreb. Sårbarheden er begrænset til MDB-storagebackend'en.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 2.4.40+dfsg-1+deb8u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.44+dfsg-5.

- -

Vi anbefaler at du opgraderer dine openldap-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3868.data" diff --git a/danish/security/2017/dsa-3869.wml b/danish/security/2017/dsa-3869.wml deleted file mode 100644 index 871c43dfc0f..00000000000 --- a/danish/security/2017/dsa-3869.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="9189f94856f3c0cc364c5b71d00ace437364a87f" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at tnef, et værktøj der anvendes til at udpakke -MIME-vedhæftelser af typen application/ms-tnef, ikke på korrekt vis -validerede dets inddata. An angriber kunne udnytte fejlen til at narre en -bruger til at åbne ondsindet vedhæftelse, hvilket medførte et lammelsesangreb -gennem applikationsnedbrud.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.4.9-1+deb8u3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.4.12-1.2.

- -

Vi anbefaler at du opgraderer dine tnef-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3869.data" diff --git a/danish/security/2017/dsa-3870.wml b/danish/security/2017/dsa-3870.wml deleted file mode 100644 index 69334c0d9a0..00000000000 --- a/danish/security/2017/dsa-3870.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="1866ad96addace2382912fda8622efa208481e47" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i wordpress, et værktøj til webbloggingl. -De gjorde det muligt for fjernangribere at gennemtvinge nulstilling af -adgangskoder samt udføre forskellige skript- og -forespørgselsforfalskningsangreb på tværs af websteder.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.1+dfsg-1+deb8u14.

- -

I den kommende stabile distribution (stretch) og i den ustabile distribution -(sid), er disse problemer rettet i version 4.7.5+dfsg-1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3870.data" diff --git a/danish/security/2017/dsa-3871.wml b/danish/security/2017/dsa-3871.wml deleted file mode 100644 index 686f864e629..00000000000 --- a/danish/security/2017/dsa-3871.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="7339870472a4c6fa6d272f122f50b8a092428535" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Zookeeper, en tjeneste til vedligeholdelse af -opsætningsoplysninger, ikke begrænsede adgang til de beregningsmæssigt dyre -wchp-/wchc-kommander, hvilket kunne medføre lammelsesangreb gennem forøget -CPU-forbrug.

- -

Denne opdatering deaktiverer som standard disse to kommandoer. Den nye -opsætningsvalgmulighed 4lw.commands.whitelist kan anvendes til at -hvidliste kommander selektivt (og det komplette sæt af kommandoer kan -genskabes med '*').

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.4.5+dfsg-2+deb8u2.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine zookeeper-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3871.data" diff --git a/danish/security/2017/dsa-3872.wml b/danish/security/2017/dsa-3872.wml deleted file mode 100644 index 5e804ad7df2..00000000000 --- a/danish/security/2017/dsa-3872.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="5b3bbd5b89be8e0cc166cc63e6fb93d255395095" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i NSS, et sæt kryptografiske biblioteker, -hvilke kunne medføre lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 2:3.26-1+debu8u2.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3872.data" diff --git a/danish/security/2017/dsa-3873.wml b/danish/security/2017/dsa-3873.wml deleted file mode 100644 index 8f20bb6d1d6..00000000000 --- a/danish/security/2017/dsa-3873.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="3b6b8984c8fb174c83c31ebb592afc3e38d3a9a5" mindelta="1" -sikkerhedsopdatering - -

cPanel Security Team rapporterede om en time of check to time of -use-kapløbstilstandsfejl (TOCTTOU, tjektidspunkt til brugstidspunkt) i -File::Path, et kernemodul fra Perl til oprettelse eller fjernelse af -mappetræer. En angriber kunne drage nytte af fejlen til at opsætte tilstanden -på en angriber-valgt fil en angriber-valgt værdi.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 5.20.2-3+deb8u7.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 5.24.1-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.24.1-3.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3873.data" diff --git a/danish/security/2017/dsa-3874.wml b/danish/security/2017/dsa-3874.wml deleted file mode 100644 index b1627d0a7aa..00000000000 --- a/danish/security/2017/dsa-3874.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="5219b29d9a6379557fe3c9d40294cc91ddb0c350" mindelta="1" -sikkerhedsopdatering - -

Agostino Sarubbo og AromalUllas opdagede at ettercap, et -netværkssikkerhedsværktøj til opsnapning af trafik, indeholdt sårbarheder som -gjorde det muligt for en angriber, i stand til at levere ondsindet fremstillede -filtre, at forårsage et lammelsesangreb gennem applikationsnedbrud.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 1:0.8.1-3+deb8u1.

- -

I den kommende stabile distribution (stretch) og i den ustabile distribution -(sid), er disse problemer rettet i version 1:0.8.2-4.

- -

Vi anbefaler at du opgraderer dine ettercap-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3874.data" diff --git a/danish/security/2017/dsa-3875.wml b/danish/security/2017/dsa-3875.wml deleted file mode 100644 index 13450ff3e40..00000000000 --- a/danish/security/2017/dsa-3875.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="12ac5f502baf096e2d6f11f7ee401fb2afc5610a" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at et bufferoverløb i libmwaw, et bibliotek til åbning af gamle -Mac-tekstdokumenter, kunne medføre udførelse af vilkårlig kode, hvis et -misdannet dokument blev åbnet.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.3.1-2+deb8u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.3.9-2.

- -

Vi anbefaler at du opgraderer dine libmwaw-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3875.data" diff --git a/danish/security/2017/dsa-3876.wml b/danish/security/2017/dsa-3876.wml deleted file mode 100644 index ed82b7bff6f..00000000000 --- a/danish/security/2017/dsa-3876.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="705cbd813afad6975f63cc5ccd628d979205f9f0" mindelta="1" -sikkerhedsopdatering - -

Joerg-Thomas Vogt opdagede at SecureMode blev utilstrækkeligt valideret i -sagssporingssystemet OTRS, hvilket gjorde det muligt for agenter at forøge deres -rettigheder.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.3.9-3+deb8u1.

- -

I den kommende stabile distribution (stretch), vil dette problem snart blive -rettet.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.0.20-1.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3876.data" diff --git a/danish/security/2017/dsa-3877.wml b/danish/security/2017/dsa-3877.wml deleted file mode 100644 index f603447cb4d..00000000000 --- a/danish/security/2017/dsa-3877.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="6e5d89362d3108f00e7b79963099e3c941b22cb0" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Tor, et forbindelsesbaseret anonymt kommunikationssystem med -lav latency, indeholdt en fejl i den skjulte servicekode, når der blev modtaget -en BEGIN_DIR-celle på et skjult service-rendezvous-kredsløb. En fjernangriber -kunne drage nytte af fejlen til at få den skjulte service til at gå ned med en -assertionfejl (TROVE-2017-005).

- -

I den stabile distribution (jessie), er dette problem rettet i version -0.2.5.14-1.

- -

I den kommende stabile distribution (stretch), vil dette problem blive rettet -i version 0.2.9.11-1~deb9u1.

- -

I den ustabile distribution (sid), er dette problem rettet i version -0.2.9.11-1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3877.data" diff --git a/danish/security/2017/dsa-3878.wml b/danish/security/2017/dsa-3878.wml deleted file mode 100644 index cf760ff71ab..00000000000 --- a/danish/security/2017/dsa-3878.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a078163556d501a64450c0ebd42db92bcbbfe49b" mindelta="1" -sikkerhedsopdatering - -

Agostino Sarubbo opdagede adskillige sårbarheder i zziplib, et bibliotek til -at tilgå Zip-arkiver med, hvilke kunne medføre lammelsesangreb og potentielt -udførelse af vilkårlig kode, hvis et misdannet arkiv blev behandlet.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 0.13.62-3+deb8u1.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 0.13.62-3.1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 0.13.62-3.1.

- -

Vi anbefaler at du opgraderer dine zziplib-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3878.data" diff --git a/danish/security/2017/dsa-3879.wml b/danish/security/2017/dsa-3879.wml deleted file mode 100644 index 27671a82997..00000000000 --- a/danish/security/2017/dsa-3879.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="48ceaea0b05a187d894440ee57cbe3fa8d9451ec" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder er fundet i oSIP, et bibliotek der -implementerer Session Initiation Protocol, hvilke kunne medføre lammelsesangreb -gennem misdannede SIP-meddelelser.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.1.0-2+deb8u1.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 4.1.0-2.1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.1.0-2.1.

- -

Vi anbefaler at du opgraderer dine libosip2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3879.data" diff --git a/danish/security/2017/dsa-3880.wml b/danish/security/2017/dsa-3880.wml deleted file mode 100644 index 9554158ac10..00000000000 --- a/danish/security/2017/dsa-3880.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7bab9156b6f9ddcd9a4d47cd6fa2f4a0d4fb8b32" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at et sidekanalsangreb i håndteringen af EdDSA-sessionnøglen i -Libgcrypt kunne medføre informationsafsløring.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 1.6.3-2+deb8u3.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 1.7.6-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.7.6-2.

- -

Vi anbefaler at du opgraderer dine libgcrypt20-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3880.data" diff --git a/danish/security/2017/dsa-3881.wml b/danish/security/2017/dsa-3881.wml deleted file mode 100644 index 0e3f8f422a7..00000000000 --- a/danish/security/2017/dsa-3881.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="c3654d7c08a4a40163b43a419fa32a53433d5e37" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl, anvendelser efter frigivelser, -bufferoverløb og andre implementeringsfejl kunne føre til udførelse af vilkårlig -kode, lammelsesangreb eller domæneforfalskning..

- -

Debian følger Firefox' udvidet support-udgivelser (ESR). Support af -45.x-serien er ophørt, så fra denne opdatering følger vi nu -52.x-udgivelserne.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 52.2.0esr-1~deb8u1.

- -

I den kommende stabile distribution (stretch), vil disse problemer snart -blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 52.2.0esr-1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3881.data" diff --git a/danish/security/2017/dsa-3882.wml b/danish/security/2017/dsa-3882.wml deleted file mode 100644 index 1de193d0278..00000000000 --- a/danish/security/2017/dsa-3882.wml +++ /dev/null @@ -1,60 +0,0 @@ -#use wml::debian::translation-check translation="9864ee7137baa1842a53340d47151db5ad782ac7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Request Tracker, et omfattende system til -sporing af fejlsager. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2016-6127 - -

    Man opdagede at Request Tracker var sårbar over for et angreb i - forbindelse med udførelse af skripter på tværs af websteder (XSS), hvis en - angriber uploadede en ondsindet fil med en bestemt contenttype. - Installationer hvor opsætningsindstillingen AlwaysDownloadAttachments - anvendes, er ikke påvirket af fejlen. Den benyttede rettelse løser fejlen - for alle eksisterende og fremtidige vedhæftelsesuploads.

    • - -
  • CVE-2017-5361 - -

    Man opdagede at Request Tracker var sårbar over for timingsidekanalangreb - ved brugeres adgangskoder.

    • - -
  • CVE-2017-5943 - -

    Man opdagede at Request Tracker var ramt af en informationslækage i - forbindelse med forfalskning af forespørgsler på tværs af websteder (CSRF) - med verifikationstokens, hvis en bruger blev narret af en angriber til at - besøge en særligt fremstillet URL.

    • - -
  • CVE-2017-5944 - -

    Man opdagede at Request Tracker var ramt af en sårbarhed i forbindelse - med fjernudførelse af kode i grænsefladen til dashboardabonnement. En - priviligeret angriber kunne drage nytte af fejlen gennem omhyggeligt - fremstillede gemt søgning-navne, til at forårsage at uventet kode blev - udført. Den benyttede rettelser løser fejlen for alle eksisterende og - fremtidige gemte søgninger.

    - -
- -

Ud over de ovennævnte CVE'er, omgår denne opdatering -\ -CVE-2015-7686 i Email::Address, hvilket fremkalde et lammelsesangreb i -Request Tracker selv.

- -

I den stabile distribution (jessie), er disse problemer rettet i -version 4.2.8-3+deb8u2.

- -

I den kommende stabile distribution (stretch), er disse problemer -rettet i version 4.4.1-3+deb9u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.4.1-4.

- -

Vi anbefaler at du opgraderer dine request-tracker4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3882.data" diff --git a/danish/security/2017/dsa-3883.wml b/danish/security/2017/dsa-3883.wml deleted file mode 100644 index 0373c74940e..00000000000 --- a/danish/security/2017/dsa-3883.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="9bead2bb120db908bbe12b1f92be94580b41c23e" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at RT::Authen::ExternalAuth, et eksternt autentifikationsmodul -til Request Tracker, var sårbar over for timingsidekanalangreb ved brugeres -adgangskoder. Kun ExternalAuth i DBI-tilstand (database) var sårbar.

- -

I den stabile distribution (jessie), er dette problem rettet i -version 0.25-1+deb8u1.

- -

Vi anbefaler at du opgraderer dine rt-authen-externalauth-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3883.data" diff --git a/danish/security/2017/dsa-3884.wml b/danish/security/2017/dsa-3884.wml deleted file mode 100644 index 0f8bb4e2251..00000000000 --- a/danish/security/2017/dsa-3884.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="37fe77ae447a66adfd136fb9097d02e494e59e24" mindelta="1" -sikkerhedsopdatering - -

Hubert Kario opdagede at GnuTLS, et bibliotek der implementerer protokollerne -TLS og SSL, ikke på korrekt vis dekodede et statussvar fra TLS-udvidelsen, -hvilket gjorde det muligt for en angriber at forårsage at en applikation, der -anvender GnuTLS-biblioteket, gik ned (lammelsesangreb).

- -

I den stabile distribution (jessie), er dette problem rettet i -version 3.3.8-6+deb8u6.

- -

I den kommende stabile distribution (stretch), er dette problem -rettet i version 3.5.8-5+deb9u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.5.8-6.

- -

Vi anbefaler at du opgraderer dine gnutls28-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3884.data" diff --git a/danish/security/2017/dsa-3885.wml b/danish/security/2017/dsa-3885.wml deleted file mode 100644 index 9afc2be64ed..00000000000 --- a/danish/security/2017/dsa-3885.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="2d4f4a28276318685ca576d08d599d360639439d" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Irssi, en terminalbaseret IRC-klient. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2017-9468 - -

    Joseph Bisch opdagede at Irssi ikke på korrekt vis håndterede - DCC-meddelelser uden en kilde-nick/-vært. En ondsindet IRC-server kunne - drage nytte af feilen til at få Irssi til at gå ned, medførende et - lammelsesangreb.

    • - -
  • CVE-2017-9469 - -

    Joseph Bisch opdagede at Irssi ikke på korrekt vis håndterede - modtagelse af ukorrekt citerede DCC-filer. En fjernangriber kunne drage - nytte af filent til at få Irssi til at gå ned, medførende et - lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 0.8.17-1+deb8u4.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.0.2-1+deb9u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.3-1.

- -

Vi anbefaler at du opgraderer dine irssi-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3885.data" diff --git a/danish/security/2017/dsa-3886.wml b/danish/security/2017/dsa-3886.wml deleted file mode 100644 index 760cbeced6f..00000000000 --- a/danish/security/2017/dsa-3886.wml +++ /dev/null @@ -1,113 +0,0 @@ -#use wml::debian::translation-check translation="3babbb6dd57238bbc6b58489e7f3ed3c6bebbb16" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kerne, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2017-7487 - -

    Li Qiang rapporterede om en referencetællerlækage i funktionen - ipxitf_ioctl, der kunne medføre en sårbarhed i forbindelse med anvendelse - efter frigivelse, udløsbar når en IPX-grænseflade blev opsat.

    • - -
  • CVE-2017-7645 - -

    Tuomas Haanpaa og Matti Kamunen fra Synopsys Ltd, opdagede at - serverimplementeringerne af NFSv2 og NFSv3 var sårbare over for et problem - med hukommelsestilgang uden for grænserne, når der blev behandlet vilkårligt - lange parametre sendt af NFSv2/NFSv3 PRC-klienter, førende til et - lammelseangreb.

    • - -
  • CVE-2017-7895 - -

    Ari Kauppi fra Synopsys Ltd, opdagede at serverimplementeringerne af - NFSv2 og NFSv3 ikke på korrekt vis håndterede payloadgrænsekontrller af - WRITE-forespørgsler. En fjernangriber med skriveadgang til et NFS-mount, - kunne drage nytte af fejlen til at læse chunks af vilkårlig hukommelse fra - både kernerummet og brugerrummet.

    • - -
  • CVE-2017-8064 - -

    Arnd Bergmann konstaterede at DVB-USB-core misbrugte - enhedsloggingsystemet, medførende en anvendelse efter frigivelse-sårbarhed, - med ukendt sikkerhedspåvirkning.

    • - -
  • CVE-2017-8890 - -

    Man opdagede at funktionen net_csk_clone_lock() tillod at en - fjernangriber kunne forårsage en dobbelt frigivelse, førende til et - lammelsesangreb eller potentielt have anden påvirkning.

    • - -
  • CVE-2017-8924 - -

    Johan Hovold konstaterede at USB-seriedriveren io_ti kunne løkke - følsomme oplysninger, hvis en ondsindet USB-enhed blev forbundet.

    • - -
  • CVE-2017-8925 - -

    Johan Hovold konstaterede en referencetællerlækage i USB-seriedriveren - omninet, medførende en sårbarhed i forbindelse med anvendelse efter - frigivelse. Det kunne udløses af en lokal bruger, med rettigheder til at - åbne tty-enheder.

    • - -
  • CVE-2017-9074 - -

    Andrey Konovalov rapporterede at implementeringen af IPv6-fragmentering - kunne læse forbi slutninge af en pakkebuffer. En lokal bruger eller - gæste-VM kunne måske være i stand til at anvende fejlen til at lække - følsomme oplysninger eller medføre et lammelsesangreb (nedbrud).

    • - -
  • CVE-2017-9075 - -

    Andrey Konovalov rapporterede at implementeringen af SCTP/IPv6 på forkert - vis initialiserede adresselister på forbundne sockets, medførende en - sårbarhed i forbindelse med anvendelse efter frigivelse, et problem svarende - til - CVE-2017-8890. - Det kunne udløses af enhver lokal bruger.

    • - -
  • CVE-2017-9076 / - CVE-2017-9077 - -

    Cong Wang konstaterede at implementeringerne af TCP/IPv6 og DCCP/IPv6 på - forkert vis initialiserede adresselister på forbundne sockets, et problem - svarende til - CVE-2017-9075.

    • - -
  • CVE-2017-9242 - -

    Andrey Konovalov rapporterede om et pakkebufferoverløb i implementeringen - af IPv6. En lokal bruger kunne udnytte fejlen til lammelsesangreb - (hukommelseskorruption; nedbrud) og mulig til rettighedsforøgelse.

    • - -
  • CVE-2017-1000364 - -

    Qualys Research Labs opdagede at størrelsen på stakguardsiden ikke var - tilstrækkelig stor. Stakpointeren kunne springe over guardsiden og gå fra - stakken til en anden hukommelsesregion uden at tilgå guardsiden. I dette - tilfælde blev der ikke aktiveret en page-fault-exception og stakken bredte - sig ind i den anden hukommelsesregion. En angriber kunne udnytte fejlen til - rettighedsforøgelse.

    - -

    Standardstakgapbeskyttelsen er sat til 256 sider og kan opsættes gennem - kerneparameteret stack_guard_gap på kernens kommandolinje.

    - -

    Flere oplysninger finder man på - \ - https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet i -version 3.16.43-2+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.9.30-2+deb9u1 eller tidligere versioner før udgivelsen af stretch.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3886.data" diff --git a/danish/security/2017/dsa-3887.wml b/danish/security/2017/dsa-3887.wml deleted file mode 100644 index d00fe567cf7..00000000000 --- a/danish/security/2017/dsa-3887.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="f0793326c49d4bae2ac44dba6020ff8b8cfd1d02" mindelta="1" -sikkerhedsopdatering - -

Qualys Research Labs opdagede forskellige problemer i den dynamiske linker i -GNU C Library, hvilke muliggjorde lokal rettighedsforøgelse ved at clashe -stakken. For fuldstændige oplysninger, se deres bulletin udgivet på: -\ -https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

- -

I den gamle stabile distribution (jessie), er dette problem rettet i version -2.19-18+deb8u10.

- -

I den stabile distribution (stretch), er dette problem rettet i version -2.24-11+deb9u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine glibc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3887.data" diff --git a/danish/security/2017/dsa-3888.wml b/danish/security/2017/dsa-3888.wml deleted file mode 100644 index dc56cdf9c0b..00000000000 --- a/danish/security/2017/dsa-3888.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="c6a3b21b42fda39273427b5a1f43fced4cdbec1c" mindelta="1" -sikkerhedsopdatering - -

Qualys Research Labs opdagede en hukommelseslækage i mailtransportagenten -Exim. Alenestående er det ikke en sikkerhedssårbarhed i Exim, men det kan -anvendes til at udnytte en sårbarhed i stakhåndteringen. For de komplette -oplysninger, se deres bulletin udgivet på : -\ -https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

- -

I den gamle stabile distribution (jessie), er dette problem rettet i version -4.84.2-2+deb8u4.

- -

I den stabile distribution (stretch), er dette problem rettet i version -4.89-2+deb9u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3888.data" diff --git a/danish/security/2017/dsa-3889.wml b/danish/security/2017/dsa-3889.wml deleted file mode 100644 index ad088b22fa1..00000000000 --- a/danish/security/2017/dsa-3889.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="5c8aef6aa3374d4ee2c1c598f9ac4c2d3443fc35" mindelta="1" -sikkerhedsopdatering - -

libffi, et bibliotek der anvendes til at kalde kode skrivet i et sprog fra -kode skrivet i et andet sprog, håndhævede en udførbar stak på i386-arkitekturen. -Selv om det alene måske ikke kan betragtes som en sårbarhed, kunne det være en -løftestang ved udnyttelse af andre sårbarheder, som eksempelvis -sårbarhedsklassen stack clash, opdaget af Qualys Research Labs. For de -komplette oplysninger, se deres bulletin udgivet på: -\ -https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

- -

I den gamle stabile distribution (jessie), er dette problem rettet i version -3.1-2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i version -3.2.1-4.

- -

I distributionen testing (buster), er dette problem rettet i version -3.2.1-4.

- -

I den ustabile distribution (sid), er dette problem rettet i version -3.2.1-4.

- -

Vi anbefaler at du opgraderer dine libffi-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3889.data" diff --git a/danish/security/2017/dsa-3890.wml b/danish/security/2017/dsa-3890.wml deleted file mode 100644 index a306b2bcfff..00000000000 --- a/danish/security/2017/dsa-3890.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e904bc92ff3370e7cf2d1013769b3775dfdd441a" mindelta="1" -sikkerhedsopdatering - -

Emeric Boit fra ANSSI rapporterede at SPIP, en webstedsmotor til udgivelse, -på utilstrækkelig vis fornuftighedskontrollerede værdien fra HTTP-headerfeltet -X-Forwarded-Host. En uautentificeret angriber kunne drage nytte af fejlen til -fjernudførelse af kode.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.1.4-3~deb9u1.

- -

I distributionen testing (buster), er dette problem rettet -i version 3.1.4-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.1.4-3.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3890.data" diff --git a/danish/security/2017/dsa-3891.wml b/danish/security/2017/dsa-3891.wml deleted file mode 100644 index 44d0246b69f..00000000000 --- a/danish/security/2017/dsa-3891.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="ad2adba82c67c5d6f6f6d3c76a8e6e3d57100ea7" mindelta="1" -sikkerhedsopdatering - -

Aniket Nandkishor Kulkarni opdagede at i tomcat8, en servlet- og JSP-motor, -benyttede statiske fejlsider den oprindelige forespørgsels HTTP-metode til at -servere indhold, i stedet for systematisk at benytte GET-metoden. Det kunne -under visse omstændigheder medføre uønskede resultater, herunder erstatning -eller fjernelse af den skræddersyede fejlside.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 8.0.14-1+deb8u10.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 8.5.14-1+deb9u1.

- -

I distributionen testing (buster), er dette problem rettet -i version 8.5.14-2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 8.5.14-2.

- -

Vi anbefaler at du opgraderer dine tomcat8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3891.data" diff --git a/danish/security/2017/dsa-3892.wml b/danish/security/2017/dsa-3892.wml deleted file mode 100644 index 178d816f75e..00000000000 --- a/danish/security/2017/dsa-3892.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="abd1b3d024227c140c171534f698331997521f4b" mindelta="1" -sikkerhedsopdatering - -

Aniket Nandkishor Kulkarni opdagede at i tomcat7, en servlet- og JSP-motor, -benyttede statiske fejlsider den oprindelige forespørgsels HTTP-metode til at -servere indhold, i stedet for systematisk at benytte GET-metoden. Det kunne -under visse omstændigheder medføre uønskede resultater, herunder erstatning -eller fjernelse af den skræddersyede fejlside.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 7.0.56-3+deb8u11.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.0.72-3.

- -

I distributionen testing (buster), er dette problem rettet -i version 7.0.72-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.0.72-3.

- -

Vi anbefaler at du opgraderer dine tomcat7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3892.data" diff --git a/danish/security/2017/dsa-3893.wml b/danish/security/2017/dsa-3893.wml deleted file mode 100644 index 090b7e0a6ad..00000000000 --- a/danish/security/2017/dsa-3893.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="7de14c950a9103b766dedf2679b087d9c89d5bda" mindelta="1" -sikkerhedsopdatering - -

Alvaro Munoz og Christian Schneider opdagede at jython, en implementering af -Python-sproget og sømløst integreret med Java, var sårbar over for udførelse af -af vilkårlig kode, udløst når der blev sendt en serialiseret funktion til -deserializer'en.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.5.3-3+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.5.3-16+deb9u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.5.3-17.

- -

Vi anbefaler at du opgraderer dine jython-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3893.data" diff --git a/danish/security/2017/dsa-3894.wml b/danish/security/2017/dsa-3894.wml deleted file mode 100644 index 97a8952594a..00000000000 --- a/danish/security/2017/dsa-3894.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="e6433e2323af1142d20a2f9cccd4845b6f065563" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i fontrenderingmotoren Graphite, hvilke -kunne medføre lammelsesangreb eller udførelse af vilkårlig kode, hvis en -misdannet fontfil blev behandlet.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.3.10-1~deb8u1.

- -

I den stabile distribution (stretch), blev disse problemer rettet inden -udgivelsen.

- -

Vi anbefaler at du opgraderer dine graphite2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3894.data" diff --git a/danish/security/2017/dsa-3895.wml b/danish/security/2017/dsa-3895.wml deleted file mode 100644 index 6160778d6dd..00000000000 --- a/danish/security/2017/dsa-3895.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="0bcfdc346d48bd7b69955e3d8b57402b76bf04a2" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Flatpak, et applikationsudrulningsframework til apps i -skrivebordsmiljøet, på utilstrækkelig vis begrænsede filrettigheder i -tredjepartsarkiver, hvilket kunne medføre rettighedsforøgelse.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.8.5-2+deb9u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 0.8.7-1.

- -

Vi anbefaler at du opgraderer dine flatpak-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3895.data" diff --git a/danish/security/2017/dsa-3896.wml b/danish/security/2017/dsa-3896.wml deleted file mode 100644 index 31e93973fba..00000000000 --- a/danish/security/2017/dsa-3896.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="75c7a54dd90383a79342c3ca354d5701b5f7acf8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i Apache HTTPD-server'en.

- -
    - -
  • CVE-2017-3167 - -

    Emmanuel Dreyfus rapporterede at anvendelsen af ap_get_basic_auth_pw() af - tredjepartsmoduler uden for autentifikationsfasen, kunne føre til omgåelse - af autentifikationskrav.

    • - -
  • CVE-2017-3169 - -

    Vasileios Panopoulos fra AdNovum Informatik AG opdagede at mod_ssl kunne - dereferere en NULL-pointer når tredjepartsmoduler kalder - ap_hook_process_connection() under en HTTP-forespørgsel til en HTTPS-port, - førende til et lammelsesangreb.

    • - -
  • CVE-2017-7659 - -

    Robert Swiecki rapporterede at en særligt fremstillet HTTP/2-forespørgsel - kunne få mod_http2 til at dereferere en NULL-pointer og få serverprccessen - til at gå ned.

    • - -
  • CVE-2017-7668 - -

    Javier Jimenez rapporterede at den strikse HTTP-fortolkning indeholdt en - fejl, der førte til en bufferoverlæsning i ap_find_token(). En - fjernangriber kunne drage nytte af fejlen, ved omhyggeligt at fabrikere en - sekvens af forespørgselsheadere til at forårsage en segmenteringsfejl eller - til at tvinge ap_find_token() til at returnere en ukorrekt værdi.

    • - -
  • CVE-2017-7679 - -

    ChenQin og Hanno Boeck rapporterede at mod_mime kunne læse en byte forbi - slutningen af en buffer, når der blev sendt en ondsindet - Content-Type-svarheader.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet i -version 2.4.10-10+deb8u9. Den gamle stabile distribution (jessie) er ikke -påvirket af -CVE-2017-7659.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.4.25-3+deb9u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.4.25-4.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3896.data" diff --git a/danish/security/2017/dsa-3897.wml b/danish/security/2017/dsa-3897.wml deleted file mode 100644 index 27444d8147e..00000000000 --- a/danish/security/2017/dsa-3897.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="f057f8ae39cd7223c9c72c925e41603fc3291e06" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Drupal, et komplet indholdshåndteringssystem. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2015-7943 - -

    Samuel Mortenson og Pere Orga opdagede at overlay-modulet ikke på - tilstrækkelig vis validerede URL'er før deres indhold blev vist, førende til - en åben viderestilling-sårbarhed.

    - -

    Flere oplysninger finder man i - \ - https://www.drupal.org/SA-CORE-2015-004

    -
    • - -
  • CVE-2017-6922 - -

    Greg Knaddison, Mori Sugimoto og iancawthorne opdagede at filer uploadet - af anonyme brugere til et privat filsystem, kunne tilgås af andre anonyme - brugere, førende til adgangsomgåelsessårbarhed.

    - -

    Flere oplysninger finder man i - \ - https://www.drupal.org/SA-CORE-2017-003

    -
    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet i -version 7.32-1+deb8u9.

- -

I den stabile distribution (stretch), er disse problemer rettet i version -7.52-2+deb9u1. I den stabile distribution (stretch), blev -\ -CVE-2015-7943 rettet allerede inden udgivelsen.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3897.data" diff --git a/danish/security/2017/dsa-3898.wml b/danish/security/2017/dsa-3898.wml deleted file mode 100644 index a963a4a7ae0..00000000000 --- a/danish/security/2017/dsa-3898.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="cbfa746e384d0b250ba9faf2f32f5d5f49a8b2e9" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Expat, et C-bibliotek til -XML-fortolkning. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2016-9063 - -

    Gustavo Grieco opdagede en heltalsoverløbsfejl under fortolking af XML. - En angriber kunne drage nytte af fejlen til at forårsage et lammelsesangreb - mod en applikation, der anvender Expat-biblioteket.

    • - -
  • CVE-2017-9233 - -

    Rhodri James opdagede en uendelig løkke-sårbarhed i funktionen - entityValueInitProcessor(), under fortolkning af misdannet XML i en ekstern - entitet. En angriber kunne drage nytte af fejlen til at forårsage et - lammelsesangreb mod en applikation, der anvender Expat-biblioteket.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet i -version 2.1.0-6+deb8u4.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.2.0-2+deb9u1. I den stabile distribution (stretch), blev -\ -CVE-2016-9063 rettet allerede inden udgivelsen.

- -

I distributionen testing (buster), er disse problemer rettet i version -2.2.1-1 eller i en tidligere version.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2.2.1-1 eller i en tidligere version.

- -

Vi anbefaler at du opgraderer dine expat-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3898.data" diff --git a/danish/security/2017/dsa-3899.wml b/danish/security/2017/dsa-3899.wml deleted file mode 100644 index f54c727238d..00000000000 --- a/danish/security/2017/dsa-3899.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="29dd0147a78782cb637352502b083cdc016d2574" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i VLC, VideoLAN-projektets medieafspiller. -Behandling af misdannede undertekster eller filmfiler, kunne føre til -lammelsesangreb og potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2.2.6-1~deb8u1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3899.data" diff --git a/danish/security/2017/dsa-3900.wml b/danish/security/2017/dsa-3900.wml deleted file mode 100644 index 67c91e4dc25..00000000000 --- a/danish/security/2017/dsa-3900.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="67b3c5f83f6c58030e443662c6b87a0eb2fdcee3" mindelta="1" -sikkerhedsopdatering - -

Flere problemer blev opdaget i openvpn, en virtuelt privat -netværk-applikation.

- -
    - -
  • CVE-2017-7479 - -

    Man opdagede at openvpn ikke på korrekt vis håndterede at - pakkeidentifikationer starter forfra. Dermed var det muligt for en - autentificeret fjernangriber at forårsage et lammelsesangreb gennem - applikationsnedbrud.

    • - -
  • CVE-2017-7508 - -

    Guido Vranken opdagede at openvpn ikke på korrekt vis håndterede - specifikt misdannede IPv6-pakker. Dermed var det muligt for en - fjernangriber at forårsage et lammelsesangreb gennem - applikationsnedbrud.

    • - -
  • CVE-2017-7520 - -

    Guido Vranken opdagede at openvpn ikke på korrekt vis håndterede - klienter, der forbinder sig til en HTTP-proxy med NTLMv2-autentifikation. - Dermed var det muligt for en fjernangriber at forårsage et lammelsesangreb - gennem applikationsnedbrud eller potentielt lække følsomme oplysninger, så - som brugerens proxyadgangskode.

    • - -
  • CVE-2017-7521 - -

    Guido Vranken opdagede at openvpn ikke på korrekt vis håndterede nogle - x509-udvidelser. Dermed var det muligt for en fjernangriber at forårsage et - lammelsesangreb gennem applikationsnedbrud.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2.3.4-5+deb8u2.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.4.0-6+deb9u1.

- -

I distributionen testing (buster), er disse problemer rettet -i version 2.4.3-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.4.3-1.

- -

Vi anbefaler at du opgraderer dine openvpn-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3900.data" diff --git a/danish/security/2017/dsa-3901.wml b/danish/security/2017/dsa-3901.wml deleted file mode 100644 index 3df1bce8b3f..00000000000 --- a/danish/security/2017/dsa-3901.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="f6c8d124b79a178ad3171682636af32269b18c15" mindelta="1" -sikkerhedsopdatering - -

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, -Nadia Heninger, Tanja Lange, Christine van Vredendaal og Yuval Yarom opdagede at -Libgcrypt var sårbar over for et lokalt sidekanalsangreb, som tillod komplet -gendannelse af RSA-1024-nøgler.

- -

Se \ -https://eprint.iacr.org/2017/627 for flere oplysninger.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.6.3-2+deb8u4.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.7.6-2+deb9u1.

- -

I distributionen testing (buster), er dette problem rettet -i version 1.7.8-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.7.8-1.

- -

Vi anbefaler at du opgraderer dine libgcrypt20-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3901.data" diff --git a/danish/security/2017/dsa-3902.wml b/danish/security/2017/dsa-3902.wml deleted file mode 100644 index 7c5f66b793d..00000000000 --- a/danish/security/2017/dsa-3902.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="0fab96aaba2c9367604b4dac52ea2370d47c7496" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at jabberd2, en instant messenger-Jabber-server, tillod anonyme -SASL-forbindelser, selv hvis det var deaktiveret i opsætningen.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.4.0-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine jabberd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3902.data" diff --git a/danish/security/2017/dsa-3903.wml b/danish/security/2017/dsa-3903.wml deleted file mode 100644 index c422362afab..00000000000 --- a/danish/security/2017/dsa-3903.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="0dad16e09f453d01267d1cb12896d47d8264d556" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i biblioteket libtiff og de medfølgende -værktøjer, hvilke kunne medføre lammelsesangreb eller udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 4.0.3-12.3+deb8u4.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.0.8-2+deb9u1.

- -

I distributionen testing (buster), er disse problemer rettet -i version 4.0.8-3.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.0.8-3.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3903.data" diff --git a/danish/security/2017/dsa-3904.wml b/danish/security/2017/dsa-3904.wml deleted file mode 100644 index 94c0ca9ed75..00000000000 --- a/danish/security/2017/dsa-3904.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="5c85acacd594bb0fde4f34ed6041cb70ad81a6d2" mindelta="1" -sikkerhedsopdatering - -

Clément Berthaux fra Synaktiv opdagede to sårbarheder i BIND, en -DNS-serverimplementering. De gjorde det muligt for en angriber at omgå -TSIG-autentificering ved at sende fabrikerede DNS-pakker til en server.

- -
    - -
  • CVE-2017-3142 - -

    En angriber, der er i stand til at sende og modtage meddelelser til en - autoritativ DNS-server, og som har viden om et gyldigt TSIG-nøglenavn, kunne - være i stand til at omgå AXFR-forespørgslers TSIG-autentifikation, gennem en - omhyggeligt fremstillet forespørgselspakke. En server, der kun er afhængig - af TSIG-nøgler til beskyttelse, uden nogen anden ACL-beskyttelse, kunne - blive manipuleret til at:

    - -
      -
    • levere en AXFR af en zone til en uautoriseret modtager
      • -
    • acceptere falske NOTIFY-pakker
      • -
    -
    • - -
  • CVE-2017-3143 - -

    En angriber, der er i stand til at sende og modtage meddelelser til en - autorisativ DNS-server, og som har viden om et gyldigt TSIG-nøglenavn til - zonen og navnet på tjenesten der er målet, kunne være i stand til at - manipulere BIND til at acceptere en uautoriseret dynamisk - opdatering.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:9.9.5.dfsg-9+deb8u12.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:9.10.3.dfsg.P4-12.3+deb9u1.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3904.data" diff --git a/danish/security/2017/dsa-3905.wml b/danish/security/2017/dsa-3905.wml deleted file mode 100644 index ca20d82e58e..00000000000 --- a/danish/security/2017/dsa-3905.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="72763ee080a0d25bc2375ea0bf00dd06af7e4826" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer er opdaget i X-serveren X.org, hvilke kunne føre til -rettighedsforøgelse eller en uendelig løkke.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2:1.16.4-1+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2:1.19.2-1+deb9u1. Opsætninger, der kører X uden root, er ikke -påvirkede.

- -

I distributionen testing (buster), er disse problemer rettet -i version 2:1.19.3-2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2:1.19.3-2.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3905.data" diff --git a/danish/security/2017/dsa-3906.wml b/danish/security/2017/dsa-3906.wml deleted file mode 100644 index 0e84dbabf26..00000000000 --- a/danish/security/2017/dsa-3906.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="d7b95a93fc423853e3b99a281b2076e317cb03d4" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i Undertow, en webserver skrevet i Java, hvilke -kunne føre til lammelsesangreb eller smugling af HTTP-forespørgsler.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.4.8-1+deb9u1.

- -

I distributionen testing (buster), er disse problemer rettet -i version 1.4.18-1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.4.18-1.

- -

Vi anbefaler at du opgraderer dine undertow-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3906.data" diff --git a/danish/security/2017/dsa-3907.wml b/danish/security/2017/dsa-3907.wml deleted file mode 100644 index 5046aef3cad..00000000000 --- a/danish/security/2017/dsa-3907.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="fb8c5c0febe487845569f85d6ea775ac38818e38" mindelta="1" -sikkerhedsopdatering - -

Frediano Ziglio opdagede et bufferoverløb i spice, et klient- og -serverbibliotek til SPICE-protokollen, hvilken kunne medføre -hukommelsesafsløring, lammelsesangreb og potentielt udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 0.12.5-1+deb8u5.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.12.8-2.1+deb9u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine spice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3907.data" diff --git a/danish/security/2017/dsa-3908.wml b/danish/security/2017/dsa-3908.wml deleted file mode 100644 index b8d52619b02..00000000000 --- a/danish/security/2017/dsa-3908.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="f03c9e254733c4b7a7956dd25e867df9b7b0f2df" mindelta="1" -sikkerhedsopdatering - -

Et heltalsoverløb er fundet i modulet HTTP-range i Nginx, en højtydende -web- og reverseproxyserver, hvilken kunne medføre informationsafsløring.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.6.2-5+deb8u5.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.10.3-1+deb9u1.

- -

I den ustabile distribution (sid), vil dette problem snart blive rettet.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3908.data" diff --git a/danish/security/2017/dsa-3909.wml b/danish/security/2017/dsa-3909.wml deleted file mode 100644 index 4893922b31e..00000000000 --- a/danish/security/2017/dsa-3909.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="ef84aaf556ad9a89c89bde46e197754bdbf442a0" mindelta="1" -sikkerhedsopdatering - -

Jeffrey Altman, Viktor Duchovni og Nico Williams identificerede en sårbarhed -i forbindelse med gensidig autentifikationsomgåelse i samba, SMB/CIFS-fil-, -print- og loginserveren. Sårbarheden, der også er kendt som Orpheus' Lyre, er -i komponenten Samba Kerberos Key Distribution Center (KDC-REP), og kunne -anvendes af en angriber på netværksstien til at udgive sig for at være en -server.

- -

Flere oplysninger finder man på sårbarhedswebstedet -(https://orpheus-lyre.info/) og på -Samba-projektets websted (\ -https://www.samba.org/samba/security/CVE-2017-11103.html)

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2:4.2.14+dfsg-0+deb8u7.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:4.5.8+dfsg-2+deb9u1.

- -

I distributionen testing (buster), er dette problem rettet -i version 2:4.6.5+dfsg-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:4.6.5+dfsg-4.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3909.data" diff --git a/danish/security/2017/dsa-3910.wml b/danish/security/2017/dsa-3910.wml deleted file mode 100644 index f72178987d5..00000000000 --- a/danish/security/2017/dsa-3910.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e8b309c316a3a49c5d324a042d8fb9c62c8b19a4" mindelta="1" -sikkerhedsopdatering - -

Clément Berthaux fra Synaktiv opdagede en signaturforfalskningssårbarhed i -knot, en kun-autoritativ DNS-server. Sårbarheden tillod at en angriber kunne -omgå TSIG-autentifikation ved at sende fabrikerede DNS-pakker til en server.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.6.0-1+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.4.0-3+deb9u1.

- -

I distributionen testing (buster) og i den ustabile distribution (sid), vil -dette problem blive rettet i en senere opdatering.

- -

Vi anbefaler at du opgraderer dine knot-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3910.data" diff --git a/danish/security/2017/dsa-3911.wml b/danish/security/2017/dsa-3911.wml deleted file mode 100644 index c050d926f29..00000000000 --- a/danish/security/2017/dsa-3911.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b8ae1215a53663b7d9337f58116b0f7e0d2ee4ef" mindelta="1" -sikkerhedsopdatering - -

Felix Wilhelm opdagede at dokumentvisningsprogrammet Evince benyttede tar på -en usikker måde, når der blev åbnet tar comic book-arkiver (CBT). Åbning af et -ondsindet CBT-arkiv kunne medføre udførelse af vilkårlig kode. Denne opdatering -deaktiverer fuldstændig CBT-formatet.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 3.14.1-2+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.22.1-3+deb9u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.22.1-4.

- -

Vi anbefaler at du opgraderer dine evince-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3911.data" diff --git a/danish/security/2017/dsa-3912.wml b/danish/security/2017/dsa-3912.wml deleted file mode 100644 index a6324b78ab5..00000000000 --- a/danish/security/2017/dsa-3912.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="37b10903d2f0a2b276dab5233c394df1459c4048" mindelta="1" -sikkerhedsopdatering - -

Jeffrey Altman, Viktor Dukhovni og Nicolas Williams rapporterede at Heimdal, -en implementering af Kerberos 5, med det formål at være kompatibel med MIT -Kerberos, stolede på metadata taget fra uautentificeret klartekst (Ticket), frem -for det autentificerede og krypterede KDC-svar. En manden i midten-angriber -kunne udnytte fejlen til over for klienter at udgive sig for at være -tjenester.

- -

Se https://orpheus-lyre.info/ for -flere oplysninger.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.6~rc2+dfsg-9+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.1.0+dfsg-13+deb9u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.4.0.dfsg.1-1.

- -

Vi anbefaler at du opgraderer dine heimdal-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3912.data" diff --git a/danish/security/2017/dsa-3913.wml b/danish/security/2017/dsa-3913.wml deleted file mode 100644 index 4c3b23d0c86..00000000000 --- a/danish/security/2017/dsa-3913.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="49ad085bda4dab8a632c5aa945eb693c7ac42c3e" mindelta="1" -sikkerhedsopdatering - -

Robert Swiecki rapporterede at mod_auth_digest ikke på korrekt vis -initialiserede eller nulstille værdiplaceholder'en i -[Proxy-]Authorization-headere af typen Digest, mellem på hinanden -følgende key=value-tildelinger, førende til informationsafsløring eller -lammelsesangreb.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.4.10-10+deb8u10.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.4.25-3+deb9u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.4.27-1.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3913.data" diff --git a/danish/security/2017/dsa-3914.wml b/danish/security/2017/dsa-3914.wml deleted file mode 100644 index 2d29ce144b1..00000000000 --- a/danish/security/2017/dsa-3914.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="7f150865673922750f333d8a0e696237956b52f7" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter flere sårbarheder i imagemagick: Forskellige -hukommelseshåndteringsproblemer og tilfælde af manglende eller ufuldstændig -fornuftighedskontrol af inddata, kunne medføre lammelsesangreb, -hukommelsesblotlæggelse eller udførelse af vilkårig kode, hvis misdannede -filer af typerne RLE, SVG, PSD, PDB, DPX, MAT, TGA, VST, CIN, DIB, MPC, EPT, -JNG, DJVU, JPEG, ICO, PALM eller MNG blev behandlet.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 8:6.8.9.9-5+deb8u10.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8:6.9.7.4+dfsg-11+deb9u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 8:6.9.7.4+dfsg-12.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3914.data" diff --git a/danish/security/2017/dsa-3915.wml b/danish/security/2017/dsa-3915.wml deleted file mode 100644 index df022a18305..00000000000 --- a/danish/security/2017/dsa-3915.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="112465099d73a26f2754bfcf9a77a412f7255f83" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ruby-mixlib-archive, et Chef Software-bibliotek som anvendes -til at håndtere forskellige arkiveringsformater, var sårbart over for et -mappegennemløbsangreb. Dermed var det muligt for angribere at overskrive -vilkårlige filer, ved at anvende et ondsindet tar-arkiv, indeholdende .. -i dets entiteter.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.2.0-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine ruby-mixlib-archive-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3915.data" diff --git a/danish/security/2017/dsa-3916.wml b/danish/security/2017/dsa-3916.wml deleted file mode 100644 index ab9bf7b0347..00000000000 --- a/danish/security/2017/dsa-3916.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="439634d84d202cfbb817b1dcb45ac8b203a667a1" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Atril, dokumentfremviseren i MATE, anvendte tar på usikker -vis, når tar comic book-arkiver (CBT) blev åbnet. Åbning af et ondsindet -CBT-arkiv kunne medføre udførelse af vilkårlig kode. Denne opdatering -deaktiverer fuldstændig CBT-formatet.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.8.1+dfsg1-4+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.16.1-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine atril-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3916.data" diff --git a/danish/security/2017/dsa-3917.wml b/danish/security/2017/dsa-3917.wml deleted file mode 100644 index 4872f545af2..00000000000 --- a/danish/security/2017/dsa-3917.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="9e55975861ede8a7d8afbb24dacf30d7a9d2d905" mindelta="1" -sikkerhedsopdatering - -

En heapbaseret bufferunderløbsfejl blev opdaget i catdoc, et program til at -udtrække tekst fra MS-Office-filer, hvilket kunne føre til lammelsesangreb -(applikationsnedbrud) eller have anden ikke-angivet indvirkning, hvis en særligt -fabrikeret fil blev behandlet.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 0.94.4-1.1+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:0.94.3~git20160113.dbc9ec6+dfsg-1+deb9u1.

- -

I distributionen testing (buster), er dette problem rettet -i version 1:0.95-3.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:0.95-3.

- -

Vi anbefaler at du opgraderer dine catdoc-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3917.data" diff --git a/danish/security/2017/dsa-3918.wml b/danish/security/2017/dsa-3918.wml deleted file mode 100644 index 32d6f4d9416..00000000000 --- a/danish/security/2017/dsa-3918.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="f7ffd50d849671e982c17dc6a11074af21eb6e61" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerheddsproblemer er fundet i Thunderbird, hvilke kunne føre -til udførelse af vilkårlig kode eller lammelsesangreb.

- -

Debian følger Thunderbirds extended support releases (ESR, udvidet -support-udgivelser). Support af 45.x-serien er ophørt, så begyndende med denne -opdatering følger vi nu 52.x-udgivelserne.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:52.2.1-4~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:52.2.1-4~deb9u1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3918.data" diff --git a/danish/security/2017/dsa-3919.wml b/danish/security/2017/dsa-3919.wml deleted file mode 100644 index 5fd9bc7b825..00000000000 --- a/danish/security/2017/dsa-3919.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="524f739e1564b01839ce6f04561b275a1b21b39d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementerubg af Oracles -Java-platform, medførende omgåelse af sandkassen, anvendelse af usikker -kryptografi, sidekanalangreb, informationsafsløring, udførelse af vilkårlig -kode, lammelsesangreb eller omgåelse af Jar-verifikation.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8u141-b15-1~deb9u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 8u141-b15-1.

- -

Vi anbefaler at du opgraderer dine openjdk-8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3919.data" diff --git a/danish/security/2017/dsa-3920.wml b/danish/security/2017/dsa-3920.wml deleted file mode 100644 index e5464961b42..00000000000 --- a/danish/security/2017/dsa-3920.wml +++ /dev/null @@ -1,48 +0,0 @@ -#use wml::debian::translation-check translation="536fa4b9e836ecd33f2c7e3527085d536674040f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev fundet i qemu, en hurtig processoremulator:

- -
    - -
  • CVE-2017-9310 - -

    Lammelsesangreb gennem uendelig løkke i emulering af e1000e NIC.

    • - -
  • CVE-2017-9330 - -

    Lammeslesangreb gennem uendelig løkke i emulering af USB OHCI.

    • - -
  • CVE-2017-9373 - -

    Lammelsesangreb gennem hukommelseslækage i emulering af IDE - AHCI.

    • - -
  • CVE-2017-9374 - -

    Lammelsesangreb gennem hukommelseslækage i emulering af USB - EHCI.

    • - -
  • CVE-2017-10664 - -

    Lammelsesangreb i serveren qemu-nbd.

    • - -
  • CVE-2017-10911 - -

    Informationslækage i svarhåndteringen i Xen blkif.

    • - -
- -

Vedrørende den gamle stabile distribution (jessie), vil en separat DSA blive -udsendt.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:2.8+dfsg-6+deb9u1.

- -

I den ustabile distribution (sid), vil disse problemer snart blive rettet.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3920.data" diff --git a/danish/security/2017/dsa-3921.wml b/danish/security/2017/dsa-3921.wml deleted file mode 100644 index 065fae4346a..00000000000 --- a/danish/security/2017/dsa-3921.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="d2551164b92a8291923a6a1f86d3c6a51bb17c1d" mindelta="1" -sikkerhedsopdatering - -

I DSA 3918 blev Thunderbird opgraderet til den seneste ESR-serie. Denne -opdatering opgraderer Enigmail, OpenPGP-udvidelsen til Thunderbird, til version -1.9.8.1, for at genetablere komplet kompabilitet.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2:1.9.8.1-1~deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:1.9.8.1-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine enigmail-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3921.data" diff --git a/danish/security/2017/dsa-3922.wml b/danish/security/2017/dsa-3922.wml deleted file mode 100644 index 1330cf996bf..00000000000 --- a/danish/security/2017/dsa-3922.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="875c451a9eff520a5f7c89d225377c1cfa8e466b" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion 5.5.57, der indeholder -yderligere ændringer, så som forbedret ydeevne, fejlrettelser, ny -funktionalitet, samt muligvis inkompatible ændringer. Se MySQL 5.5 Release -Notes og Oracles Critical Patch Update-bulletin for flere oplysninger:

- - - -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 5.5.57-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3922.data" diff --git a/danish/security/2017/dsa-3923.wml b/danish/security/2017/dsa-3923.wml deleted file mode 100644 index 4742b21d65b..00000000000 --- a/danish/security/2017/dsa-3923.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="1e79769d83caa56dcc728ffda150989ab3ca1208" mindelta="1" -sikkerhedsopdatering - -

Tyler Bohan fra Talos opdagede at FreeRDP, en fri implementering af Remote -Desktop Protocol (RDP), indeholdt flere sårbarheder, som tillod at en ondsindet -fjernserver eller mand i midten, enten kunne forårsage et lammelsesangreb ved at -gennemtvinge en terminering af klienten eller ved at udføre vilkårlig kode på -klientsiden.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.1.0~git20140921.1.440916e+dfsg1-4+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.1.0~git20140921.1.440916e+dfsg1-14.

- -

Vi anbefaler at du opgraderer dine freerdp-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3923.data" diff --git a/danish/security/2017/dsa-3924.wml b/danish/security/2017/dsa-3924.wml deleted file mode 100644 index 451ef973b1a..00000000000 --- a/danish/security/2017/dsa-3924.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="c5c975974c9c5028148642b721b8fcaba0b200e7" mindelta="1" -sikkerhedsopdatering - -

En lammelsesangrebssårbarhed blev opdaget i Varnish, en avanceret og -højtydende webaccellerator. Særligt fremstillede HTTP-forespørgsler kunne -få Varnish-dæmonen til at assert'e og genstarte, og undervejs tømme cachen.

- -

Se \ -https://varnish-cache.org/security/VSV00001.html for flere oplysninger.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 4.0.2-1+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 5.0.0-7+deb9u1.

- -

Vi anbefaler at du opgraderer dine varnish-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3924.data" diff --git a/danish/security/2017/dsa-3925.wml b/danish/security/2017/dsa-3925.wml deleted file mode 100644 index eda7eb013e8..00000000000 --- a/danish/security/2017/dsa-3925.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="bee0236e02f09ff0c36d630b6d6f9187f9124c29" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev fundet i qemu, en hurtig processoremulator:

- -
    - -
  • CVE-2017-9524 - -

    Lammelsesangreb i serveren qemu-nbd.

    • - -
  • CVE-2017-10806 - -

    Bufferoverløb i USB-viderestilleren.

    • - -
  • CVE-2017-11334 - -

    Hukommelsestilgang uden for grænserne i DMA-handlinger.

    • - -
  • CVE-2017-11434 - -

    Hukommelsestilgang uden for grænserne i SLIRP/DHCP.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:2.8+dfsg-6+deb9u2.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3925.data" diff --git a/danish/security/2017/dsa-3926.wml b/danish/security/2017/dsa-3926.wml deleted file mode 100644 index 1564ecf246c..00000000000 --- a/danish/security/2017/dsa-3926.wml +++ /dev/null @@ -1,125 +0,0 @@ -#use wml::debian::translation-check translation="a896fd09f3c1d624118dfb2d839808304a378111" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2017-5087 - -

    Ned Williamson opdagede en måde at udslippe sandkassen på.

    • - -
  • CVE-2017-5088 - -

    Xiling Gong opdagede et problem med læsning uden for grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2017-5089 - -

    Michal Bentkowski opdagede et spoofingproblem.

    • - -
  • CVE-2017-5091 - -

    Ned Williamson opdagede et problem med anvendelse efter frigivelse i - IndexedDB.

    • - -
  • CVE-2017-5092 - -

    Yu Zhou opdagede et problem med anvendelse efter frigivelse i - PPAPI.

    • - -
  • CVE-2017-5093 - -

    Luan Herrera opdagede et problem med brugergrænsefladespoofing.

    • - -
  • CVE-2017-5094 - -

    Et typeforvirringsproblem blev opdaget i extensions.

    • - -
  • CVE-2017-5095 - -

    Et problem med læsning uden for grænserne blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2017-5097 - -

    Et problem med læsning uden for grænserne blev opdaget i biblioteket - skia.

    • - -
  • CVE-2017-5098 - -

    Jihoon Kim opdagede et problem med anvendelse efter frigivelse i - JavaScript-biblioteket v8.

    • - -
  • CVE-2017-5099 - -

    Yuan Deng opdagede et problem med skrivning uden for grænserne i - PPAPI.

    • - -
  • CVE-2017-5100 - -

    Et problem med anvendelse efter frigivelse blev opdaget i Chrome - Apps.

    • - -
  • CVE-2017-5101 - -

    Luan Herrera opdagede et URL-spoofingproblem.

    • - -
  • CVE-2017-5102 - -

    En uinitialiseret variabel blev opdaget i biblioteket skia.

    • - -
  • CVE-2017-5103 - -

    En anden uinitialiseret variabel blev opdaget i biblioteket - skia.

    • - -
  • CVE-2017-5104 - -

    Khalil Zhani opdagede et problem med brugergrænsefladespoofing.

    • - -
  • CVE-2017-5105 - -

    Rayyan Bijoora opdagede et problem med URL-spoofing.

    • - -
  • CVE-2017-5106 - -

    Jack Zac opdagede et problem med URL-spoofing.

    • - -
  • CVE-2017-5107 - -

    David Kohlbrenner opdagede en informationslækage i håndteringen af - SVG-filer.

    • - -
  • CVE-2017-5108 - -

    Guang Gong opdagede et problem med typeforvirring i biblioteket - pdfium.

    • - -
  • CVE-2017-5109 - -

    Jose Maria Acuna Morgado opdagede et problem med - brugergrænsefladespoofing.

    • - -
  • CVE-2017-5110 - -

    xisigr opdagede en måde at spoof'e betalingsdialogen på.

    • - -
  • CVE-2017-7000 - -

    Chaitin Security Research Lab opdagede et problem med - informationsafsløring i biblioteket sqlite.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 60.0.3112.78-1~deb9u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 60.0.3112.78-1 eller tidligere versioner.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3926.data" diff --git a/danish/security/2017/dsa-3927.wml b/danish/security/2017/dsa-3927.wml deleted file mode 100644 index 69547f6b019..00000000000 --- a/danish/security/2017/dsa-3927.wml +++ /dev/null @@ -1,88 +0,0 @@ -#use wml::debian::translation-check translation="e05bc912147c2de0205fd9dd5ace67b1b3e2344d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2017-7346 - -

    Li Qiang opdagede at DRM-driveren til VMwares virtuelle GPU'er ikke på - korrekt vis kontrollerede brugerstyrede værdier før øvre grænser i - vmw_surface_define_ioctl()-funktionerne. En lokal bruger kunne drage nytte - af fejlen til at forårsage et lammelsesangreb.

    • - -
  • CVE-2017-7482 - -

    Shi Lei opdagede at RxRPC Kerberos 5-sagshåndteringskoden ikke på korrekt - vis verificerede metadata, førende til informationsafsløring, - lammelsesangreb eller potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2017-7533 - -

    Fan Wu og Shixiong Zhao opdagede en kapløbstilstand mellem inotify-events - og VFS-opdøbningshandlingerne, gørende det muligt for en upriviligeret lokal - angriber at forårsage et lammelsesangreb eller forøge rettigheder.

    • - -
  • CVE-2017-7541 - -

    En bufferoverløbsfejl i Broadcom IEEE802.11n PCIe SoftMAC WLAN-driveren - kunne gøre det muligt for en lokal bruger at forårsage - kernehukommelseskorruption, førende til et lammelsesangreb eller potentielt - rettighedsforøgelse.

    • - -
  • CVE-2017-7542 - -

    Der blev fundet en heltalsoverløbssårbarhed i funktionen - ip6_find_1stfragopt(), hvilken gjorde det muligt for en lokal angriber med - rettigheder til åbne raw sockets, at forårsage et lammelsesangreb.

    • - -
  • CVE-2017-9605 - -

    Murray McAllister opdagede at DRM-driver til VMwares virtuelle GPU'er - ikke på korrekt vis initialiserede hukommelse, potentielt gørende det - muligt for en lokal angriber at få fat i følsomme oplysninger fra - uinitialiseret kernehukommelse gennem et fabrikeret ioctl-kald.

    • - -
  • CVE-2017-10810 - -

    Li Qiang opdagede en hukommelseslækagefejl i VirtIO GPU-driveren, - medførende lammelsesangreb (hukommelsesforbrug).

    • - -
  • CVE-2017-10911 / -XSA-216 - -

    Anthony Perard fra Citrix opdagede en informationslækagefejl i - svarhåndteringen i Xen blkif, gørende det muligt for en upriviligeret gæst - at få fat i følsomme oplysninger fra værten eller andre gæster.

    • - -
  • CVE-2017-11176 - -

    Man opdagede at funktionen the mq_notify() ikke opsatte sock-pointeren - til NULL, når den kom ind i retry-logikken. En angiber kunne drage nytte - af fejlen under en lukning af en Netlink-socket i brugerrummet, til at - forårsage et lammelsesangreb eller potentielt forårsage anden - indvirkning.

    • - -
  • CVE-2017-1000365 - -

    Man opdagede at der ikke blev taget korrekt hensyn til parameter- og - miljøpointere angående de påtvungne størrelsesbegrænsninger på parametre - og miljøstrenge overført gennem RLIMIT_STACK/RLIMIT_INFINITY. En lokal - angriber kunne drage nytte af fejlen i sammenhæng med andre fejl, til at - udføre vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (jessie), vil disse problemer blive rettet i -en efterfølgende DSA.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.9.30-2+deb9u3.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3927.data" diff --git a/danish/security/2017/dsa-3928.wml b/danish/security/2017/dsa-3928.wml deleted file mode 100644 index 6e33b99c855..00000000000 --- a/danish/security/2017/dsa-3928.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1245c38bf9083a4be50972617404a70ab497cb46" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl, anvendelder efter frigivelser, -bufferoverløb og andre implementeringsfejl, kunne føre til udførelse af -vilkårlig kode, lammelsesangreb, omgåelse af samme ophav-policy eller ukorrekt -håndhævelse af CSP.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 52.3.0esr-1~deb8u2.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 52.3.0esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3928.data" diff --git a/danish/security/2017/dsa-3929.wml b/danish/security/2017/dsa-3929.wml deleted file mode 100644 index a43696b846e..00000000000 --- a/danish/security/2017/dsa-3929.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="bf007c0a3ef2daa342c3139797752c3ad93f3b40" mindelta="1" -sikkerhedsopdatering - -

Aleksandar Nikolic fra Cisco Talos opdagede en stakbaseret -bufferoverløbssårbarhed i libsoup2.4, en HTTP-biblioteksimplementering i C. -En fjernangriber kunne drage nytte af fejlen, ved at sende en særligt -fremstillet HTTP-forespørgsel, med det formål at få en applikation, der -anvender biblioteket libsoup2.4, til at gå ned (lammelsesangreb) eller -potentielt udføre vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.48.0-1+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.56.0-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine libsoup2.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3929.data" diff --git a/danish/security/2017/dsa-3930.wml b/danish/security/2017/dsa-3930.wml deleted file mode 100644 index e38957f8d17..00000000000 --- a/danish/security/2017/dsa-3930.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="e0266b54a00d80946515ac8b4161ac6f4024f7c5" mindelta="1" -sikkerhedsopdatering - -

Guido Vranken opdagede at FreeRADIUS, en open source-implementering af -RADIUS, IETF-protokollen til AAA (Authorisation, Authentication og Accounting), -ikke på korrekt vis håndterede hukommelse, når pakker blev behandlet. Dermed -fik en fjernangriber mulighed for at forårsage et lammelsesangreb, gennem et -applikationsnedbrud, eller potentielt udføre vilkårlig kode.

- -

Alle problemerne er dækket af denne DSA, men bemærk at alle problem ikke -påvirker alle udgivelser:

- - - -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2.2.5+dfsg-0.2+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 3.0.12+dfsg-5+deb9u1.

- -

Vi anbefaler at du opgraderer dine freeradius-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3930.data" diff --git a/danish/security/2017/dsa-3931.wml b/danish/security/2017/dsa-3931.wml deleted file mode 100644 index cc689cd8609..00000000000 --- a/danish/security/2017/dsa-3931.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="cf5b2d5df2577e171e1851e77f89421be1c1bfac" mindelta="1" -sikkerhedsopdatering - -

Jens Mueller opdagede at et ukorrekt regulært udtryk i rack-cors, kune føre -til utilstrækkelige begrænsninger på CORS-forespørgsler.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.4.0-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine ruby-rack-cors-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3931.data" diff --git a/danish/security/2017/dsa-3932.wml b/danish/security/2017/dsa-3932.wml deleted file mode 100644 index 534315e120a..00000000000 --- a/danish/security/2017/dsa-3932.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="5ae20f86e0043004800c4626f339f1e975bafdbb" mindelta="1" -sikkerhedsopdatering - -

Flere problemer blev opdaget i Subversion, et centraliseret -versionsstyringsssystem.

- -
    - -
  • CVE-2016-8734 -

    (kun jessie)

    - -

    Subversions servermodul mod_dontdothat og Subversion-klienter, som - anvender http(s)://, var sårbare over for et lammelsesangreb forårsaget af - eksponentiel udvidelse af XML-entiteter.

    • - -
  • CVE-2017-9800 - -

    Joern Schneeweisz opdagede at Subversion ikke på korrekt vis håndterede - ondsindet konstruerede svn+ssh://-URL'er. Dermed kunne en angriber køre en - vilkårlig shell-kommando, eksempelvis gennem egenskaberne - svn:externals properties eller når svnsync sync blev anvendt.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.8.10-6+deb8u5.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.9.5-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine subversion-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3932.data" diff --git a/danish/security/2017/dsa-3933.wml b/danish/security/2017/dsa-3933.wml deleted file mode 100644 index ac9c92d69dd..00000000000 --- a/danish/security/2017/dsa-3933.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="e33bde22e44a6a685a6e66c77a778bdff572e263" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev fundet i kommunikationsbiblioteket PJSIP/PJProject, -hvilke kunne medføre lammelsesangreb.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2.1.0.0.ast20130823-1+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet før den -første udgivelse.

- -

Vi anbefaler at du opgraderer dine pjproject-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3933.data" diff --git a/danish/security/2017/dsa-3934.wml b/danish/security/2017/dsa-3934.wml deleted file mode 100644 index d7072f4e1b5..00000000000 --- a/danish/security/2017/dsa-3934.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="c0eb2724a50391b6ee38e0568d7b4d8ee0235fb2" mindelta="1" -sikkerhedsopdatering - -

Joern Schneeweisz opdagede at git, et distribuerede versionsstyringssystem, -ikke på korrekt vis håndterede ondsindet fremstillede ssh://-URL'er. Dermed -kunne en angriber køre en vilkårlig shell-kommando, eksempelvis gennem -git-undermoduler.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1:2.1.4-2.1+deb8u4.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:2.11.0-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine git-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3934.data" diff --git a/danish/security/2017/dsa-3935.wml b/danish/security/2017/dsa-3935.wml deleted file mode 100644 index 2317681c5ae..00000000000 --- a/danish/security/2017/dsa-3935.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="c60c9963614f173cca8af93b178ac2d94c87f02c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i databasesystemet PostgreSQL:

- - - -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 9.4.13-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3935.data" diff --git a/danish/security/2017/dsa-3936.wml b/danish/security/2017/dsa-3936.wml deleted file mode 100644 index 2d377ad6aa2..00000000000 --- a/danish/security/2017/dsa-3936.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="e28feac994042abd43193de239a7c49739faafe6" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i databasesystemet PostgreSQL:

- - - -

I den stabile distribution (stretch), er disse problemer rettet i -version 9.6.4-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3936.data" diff --git a/danish/security/2017/dsa-3937.wml b/danish/security/2017/dsa-3937.wml deleted file mode 100644 index 00d14d2e55a..00000000000 --- a/danish/security/2017/dsa-3937.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="695691aa815d1e0a461b4c91a9ab1ecff4db5a98" mindelta="1" -sikkerhedsopdatering - -

Lilith Wyatt opdagede to sårbarheder i netværksovervågningssystemet Zabbix, -hvilke kunne medføre udførelse af vilkårlig kode eller databaseskrivninger -foretaget af ondsindede proxy'er.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:2.2.7+dfsg-2+deb8u3.

- -

I den stabile distribution (stretch), er disse problemer rettet før den -første udgivelse.

- -

Vi anbefaler at du opgraderer dine zabbix-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3937.data" diff --git a/danish/security/2017/dsa-3938.wml b/danish/security/2017/dsa-3938.wml deleted file mode 100644 index ee0460bcaad..00000000000 --- a/danish/security/2017/dsa-3938.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b325bbf33c2cb5d18a8204d7d06f1dc2ed1f606f" mindelta="1" -sikkerhedsopdatering - -

Matviy Kotoniy rapporterede at funktionen gdImageCreateFromGifCtx(), der -anvendes til at indlæse billeder fra GIF-formatfiler i libgd2, et bibliotek til -programmatisk fremstilling og behandling af grafik, ikke nulstillede -stakallokerede color map-buffere, før de blev anvendt, hvilket kunne medføre -informationsafsløring, hvis en særligt fremstillet fil blev behandlet.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.1.0-5+deb8u10.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.2.4-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3938.data" diff --git a/danish/security/2017/dsa-3939.wml b/danish/security/2017/dsa-3939.wml deleted file mode 100644 index 1aa19e962a8..00000000000 --- a/danish/security/2017/dsa-3939.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="dfa0f5b7123833f112ba15d483c8072455e06c11" mindelta="1" -sikkerhedsopdatering - -

Aleksandar Nikolic opdagede at en fejl i x509-fortolkeren i det -kryptografiske bibliotek Botan, kunne medføre en hukommelseslæsning uden for -grænserne, medførende lammelsesangreb eller en informationslækage, hvis et -misdannet certifikat blev behandlet.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.10.8-2+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet før den første -udgivelse.

- -

Vi anbefaler at du opgraderer dine botan1.10-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3939.data" diff --git a/danish/security/2017/dsa-3940.wml b/danish/security/2017/dsa-3940.wml deleted file mode 100644 index b8edcccb6ff..00000000000 --- a/danish/security/2017/dsa-3940.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="e90bd5b5bbba8642fd0c2a368859e2a85789c050" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at CVS, et centraliseret versionsstyringssystem, ikke på korrekt -vis håndterede ondsindet fremstillede arkiv-URL'er, hvilket gjorde det muligt -for en angriber, at køre vilkårlige shell-kommandoer.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2:1.12.13+real-15+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:1.12.13+real-22+deb9u1.

- -

Vi anbefaler at du opgraderer dine cvs-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3940.data" diff --git a/danish/security/2017/dsa-3941.wml b/danish/security/2017/dsa-3941.wml deleted file mode 100644 index 9814a3eee8d..00000000000 --- a/danish/security/2017/dsa-3941.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="52ddfda248eae01d12b31eada324e208fa849ea1" mindelta="1" -sikkerhedsopdatering - -

En læsningsbufferoverløb blev opdaget i idtech3-familien (Quake III Arena) af -spilmotorer. Dermed kunne fjernangribere forårsage et lammelsesangreb -(applikationsnedbrud) eller muligvis have anden ikke-angivet indvirkning gennem -en fabrikeret pakke.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.50a+dfsg1-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine iortcw-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3941.data" diff --git a/danish/security/2017/dsa-3942.wml b/danish/security/2017/dsa-3942.wml deleted file mode 100644 index 90fe45cf48c..00000000000 --- a/danish/security/2017/dsa-3942.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="63acfe388c39a5265ed75347ca8b6a3f2bd36516" mindelta="1" -sikkerhedsopdatering - -

Calum Hutton rapporterede at XML-RPC-serveren i supervisor, et system til -kontrollering af procetilstande, ikke udførte validering af forespurgte -XML-RPC-metoder, gør det muligt for en autentificeret klient at sende en -onsindet XML-RPC-forespørgsel til supervisord, som kørte vilkårlige -shell-kommandoer på serveren med den samme bruger som supervisord.

- -

Sårbarhederne er rettet ved helt at deaktivere nestede navnerumsopslag. -Supervisord kalder nu kun metoder på objektet, som er registreret til at -håndtere XML-RPC-forespørgsler, og ikke nogen childobjekter den kan indeholde, -hvilket muligvis medfører at eksisterende opsætninger holder op med at fungere. -Der er ikke kendskab til nogen offentligt tilgængelige plugin'er, som benytter -nestede navnerum. Plugin'er, som anvender et enkelt navnerum, vil fungere som -hidtil. Flere oplysninger finder man i opstrømsrapporteringen på -\ -https://github.com/Supervisor/supervisor/issues/964.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 3.0r1-1+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.3.1-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine supervisor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3942.data" diff --git a/danish/security/2017/dsa-3943.wml b/danish/security/2017/dsa-3943.wml deleted file mode 100644 index dc29f2447ec..00000000000 --- a/danish/security/2017/dsa-3943.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="8dcb4d440b36571d942a19d1eaf6f7782b1149d7" mindelta="1" -sikkerhedsopdatering - -

Gajim, en GTK+-baseret XMPP-/Jabber-klient, implementerer betingelsesløst -udgivelsen XEP-0146: Remote Controlling Clients, som gør det muligt for -en ondsindet XMPP-server, at udløse kommandoer der lækker private samtaler fra -krypterede sessioner. Med denne opdatering deaktiveres understøttelse af -XEP-0146 som standard, og er gjort valgfri med indstillingen -remote_commands.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 0.16-1+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet før den første -udgivelse.

- -

Vi anbefaler at du opgraderer dine gajim-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3943.data" diff --git a/danish/security/2017/dsa-3944.wml b/danish/security/2017/dsa-3944.wml deleted file mode 100644 index c4f2551db7e..00000000000 --- a/danish/security/2017/dsa-3944.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="8eb0014c3b1dea57af05d733e4c6f138589bc31b" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MariaDB. Sårbarhederne er løst -ved at opgradere MariaDB til den nye opstrømsversion 10.0.32. Se MariaDB 10.0 -Release Notes for flere oplysninger:

- - - -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 10.0.32-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mariadb-10.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3944.data" diff --git a/danish/security/2017/dsa-3945.wml b/danish/security/2017/dsa-3945.wml deleted file mode 100644 index dd384ecc3f9..00000000000 --- a/danish/security/2017/dsa-3945.wml +++ /dev/null @@ -1,103 +0,0 @@ -#use wml::debian::translation-check translation="c10676e1a61f97b18eb26fd401d2d8d9bac3d776" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2014-9940 - -

    En anvendelse efter frigivelse-fejl i driveren voltage and current - regulator, kunne gøre det muligt for en lokal bruger at forårsage et - lammelsesangreb eller potentielt forøge rettigheder.

    • - -
  • CVE-2017-7346 - -

    Li Qiang opdagede at DRM-driveren til VMwares virtuelle GPU'er, ikke på - korrekt vis tjekkede brugerkontrollerede værdier i - vmw_surface_define_ioctl()-funktionerne for øvre grænser. En lokal bruger - kunne drage nytte af fejlen til at forårsage et lammelsesangreb.

    • - -
  • CVE-2017-7482 - -

    Shi Lei opdagede at RxRPC Kerberos 5-tickethåndteringskoden ikke på - korrekt vis tjekkede metadata, førende til informationsafsløring, - lammelsesangreb eller potentielt udførelse af vilkårlig kode.

    • - -
  • CVE-2017-7533 - -

    Fan Wu og Shixiong Zhao opdagede en kapløbstilstand mellem - inotify-events og VFS-omdøbningshandlinger, gørende det muligt for en - upriviligeret angriber at forårsage et lammelsesangreb eller forøge - rettigheder.

    • - -
  • CVE-2017-7541 - -

    En bufferoverløbsfejl i WLAN-driveren Broadcom IEEE802.11n PCIe SoftMAC, - kunne gøre det muligt for en lokal bruger at forårsage - kernehukommelseskorruption, førende til et lammelsesangreb eller potentielt - rettighedsforøgelse.

    • - -
  • CVE-2017-7542 - -

    Der blev fundet en heltalsoverløbssårbarhed i funktionen - ip6_find_1stfragopt(), som gjorde det muligt for en lokal angriber, med - rettigheder til at åbne raw sockets, at forårsage et - lammelsesangreb.

    • - -
  • CVE-2017-7889 - -

    Tommi Rantala og Brad Spengler rapporterede at mm-undersystemet ikke på - korrekt vis håndhævede beskyttelsesmekanismen CONFIG_STRICT_DEVMEM, hvilket - gjorde det muligt for en lokal angriber med adgang til /dev/mem, at få fat i - følsomme oplysninger eller potentielt udføre vilkårlig kode.

    • - -
  • CVE-2017-9605 - -

    Murray McAllister opdagede at DRM-driveren til VMwares virtuelle GPU'er - ikke på korrekt vis initialiserede hukommelse, potentielt gørende det muligt - for en lokal angriber, at få fat i følsomme oplysninger fra uinitialiseret - kernehukommelse gennem et fabrikeret ioctl-kald.

    • - -
  • CVE-2017-10911 - -

    / XSA-216

    - -

    Anthony Perard fra Citrix opdagede en informationslækagefejl i Xen - blkif-svarhåndteringen, gørende det muligt for en ondsindet upriviligeret - gæst at få fat i følsomme oplysninger fra værten eller andre - gæster.

    • - -
  • CVE-2017-11176 - -

    Man opdagede at funktionen mq_notify() ikke satte sockpointer'en til null - ved start af retrylogikken. En angriber kunne drage nytte af fejlen under - en brugerrumslukning af en Netlink-socket, til at forårsage et - lammelsesangreb eller potentielt forårsagen anden indvirkning.

    • - -
  • CVE-2017-1000363 - -

    Roee Hay rapporterede at lp-driveren ikke på korrekt vis foretog - grænsekontroller på overførte parametre, gørende det muligt for en lokal - angriber med skriveadgang til kernekommandolinjeparametre, at udføre - vilkårlig kode.

    • - -
  • CVE-2017-1000365 - -

    Man opdagede at parameter- og miljøpointere, ikke blev taget korrekt i - betragtning i forhold til de håndhævede størrelsesbegrænsninger på - parameter- og miljøstrenge overført gennem RLIMIT_STACK/RLIMIT_INFINITY. En - lokal anriger kunne drage nytte af fejlen i sammenhæng med andre fejl, til - at udføre vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 3.16.43-2+deb8u3.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3945.data" diff --git a/danish/security/2017/dsa-3946.wml b/danish/security/2017/dsa-3946.wml deleted file mode 100644 index 1c66203c2b8..00000000000 --- a/danish/security/2017/dsa-3946.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b96f9e51cd0fb113189f5aeb9df16d0efe4023be" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libsmpack, et bibliotek som anvendes til at håndtere -Microsofts komprimeringsformater, ikke på korrekt vis validerede sine -inddata. En fjernangriber kunne fabrikerede ondsindede CAB- eller CHM-filer, -og anvende fejlen til at forårsage et lammelsesangreb gennem applikationsnedbrud -eller potentielt udføre vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 0.5-1+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.5-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine libmspack-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3946.data" diff --git a/danish/security/2017/dsa-3947.wml b/danish/security/2017/dsa-3947.wml deleted file mode 100644 index 197da6e8deb..00000000000 --- a/danish/security/2017/dsa-3947.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="03d084811ceb494d7c950d1a653b54e1e28ef0b1" mindelta="1" -sikkerhedsopdatering - -

Jeriko One opdagede at newsbeuter, en RSS-feedlæser i tekstilstand, ikke på -korrekt vis indkapslede en nyhedsartikels titel og beskrivelse, når den blev -bogmærket. Dermed kunne en fjernangriber køre en vilkårlig shell-kommando på -klientmaskinen.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.8-2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.9-5+deb9u1.

- -

Vi anbefaler at du opgraderer dine newsbeuter-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3947.data" diff --git a/danish/security/2017/dsa-3948.wml b/danish/security/2017/dsa-3948.wml deleted file mode 100644 index 099483f566e..00000000000 --- a/danish/security/2017/dsa-3948.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="08bae52456699417144595dd39f4061e9a21d927" mindelta="1" -sikkerhedsopdatering - -

Et læsningsbufferoverløb blev opdaget i idtech3-familien (Quake III Arena) af -spilmotorer. Dermed kunne fjernangribere forårsage et lammelsesangreb -(applikationsnedbrud) eller muligvis have anden ikke-angivet indvirkning gennem -en fabrikeret pakke.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.36+u20140802+gca9eebb-2+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.36+u20161101+dfsg1-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine ioquake3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3948.data" diff --git a/danish/security/2017/dsa-3949.wml b/danish/security/2017/dsa-3949.wml deleted file mode 100644 index a5bffd2534d..00000000000 --- a/danish/security/2017/dsa-3949.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ff2d8c1c566dbc4c27469e0b1da577427d69b1d9" mindelta="1" -sikkerhedsopdatering - -

Han Han fra Red Hat opdagede at augeas, et værktøj til opsætningsredigering, -på ukorrekt vis håndterede nogle escapede strenge. En fjernangriber kunne -anvende fejlen som løftestang, ved at sende ondsindet fabrikerede strenge, som -derved forårsagede at en applikation som anvender augeas, gik ned eller -potentielt udførte vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.2.0-0.2+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.8.0-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine augeas-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3949.data" diff --git a/danish/security/2017/dsa-3950.wml b/danish/security/2017/dsa-3950.wml deleted file mode 100644 index 2bbf40ebf9a..00000000000 --- a/danish/security/2017/dsa-3950.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="16af68c626506bffcc8bc5def6130b2807924f79" mindelta="1" -sikkerhedsopdatering - -

Hossein Lotfi og Jakub Jirasek fra Secunia Research opdagede adskillige -sårbarheder i LibRaw, et bibliotek til læsning af RAW-billeder. En angriber -kunne forårsage hukommelseskorruption førende til et lammelsesangreb, med -en fabrikeret KDC- eller TIFF-fil.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 0.16.0-9+deb8u3.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.17.2-6+deb9u1.

- -

Vi anbefaler at du opgraderer dine libraw-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3950.data" diff --git a/danish/security/2017/dsa-3951.wml b/danish/security/2017/dsa-3951.wml deleted file mode 100644 index 01e6dbca1a0..00000000000 --- a/danish/security/2017/dsa-3951.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="dad0a20fd1f7db385d9f6bb7d82e1fb293ea26df" mindelta="1" -sikkerhedsopdatering - -

Sebastian Krahmer opdagede at en programmingsfejl i den binære mount -helper-fil i Smb4k Samba-netværkssharebrowseren, kunne medføre lokal -rettighedsforøgelse.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.2.1-2~deb8u1.

- -

Vi anbefaler at du opgraderer dine smb4k-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3951.data" diff --git a/danish/security/2017/dsa-3952.wml b/danish/security/2017/dsa-3952.wml deleted file mode 100644 index e46128e98c8..00000000000 --- a/danish/security/2017/dsa-3952.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="f908d59e2b951f746b7b012073793483fd05dd5e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libxml2, et bibliotek som leverer -undersøttelse af læsning, ændring og skrivning af XML- og HTML-filer. En -fjernangriber kunne levere særligt fremstillet XML- eller HTML-fil, som, når den -blev behandlet af en applikation, der anvender libxml2, medførte et -lammelsesangreb mod applikationen, informationslækager eller potentielt -udførelse af vilkårlig kode med rettighederne hørende til brugeren, der kører -applikationen.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2.9.1+dfsg1-5+deb8u5.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.9.4+dfsg1-2.2+deb9u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 2.9.4+dfsg1-3.1.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3952.data" diff --git a/danish/security/2017/dsa-3953.wml b/danish/security/2017/dsa-3953.wml deleted file mode 100644 index 1ddfab11d05..00000000000 --- a/danish/security/2017/dsa-3953.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="0fbe9c4bacb832902a1f5e4ef3b2c9856a1d242c" mindelta="1" -sikkerhedsopdatering - -

Zane Bitter fra Red Hat opdagede en sårbarhed i Aodh, OpenStacks alarmmotor. -Aodh verificerede ikke om brugeren, der opretter en alarm i trustor'en eller har -de samme rettigheder som trustor'en, ej heller om trust'en gælder det samme -projekt, som alarmen. Fejlen gjorde det muligt for en autentificeret bruger -uden et Keystone-token, med viden om trust-ID'er, til at udføre uspecificerede -autentificerede handlinger ved at tilføje alarmhandlinger.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.0.0-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine aodh-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3953.data" diff --git a/danish/security/2017/dsa-3954.wml b/danish/security/2017/dsa-3954.wml deleted file mode 100644 index c681e566d75..00000000000 --- a/danish/security/2017/dsa-3954.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="81cc1ddc5b222928fef318a43a0098515321f5e6" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende omgåelse af sandkassen, ukorrekt autentifikation, -udførelse af vilkårlig kode, lammelsesangreb, informationsafsløring, anvendelse -af usikker kryptografi eller omgåelse af Jar-verifikation.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 7u151-2.6.11-1~deb8u1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3954.data" diff --git a/danish/security/2017/dsa-3955.wml b/danish/security/2017/dsa-3955.wml deleted file mode 100644 index 4c5aee70410..00000000000 --- a/danish/security/2017/dsa-3955.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="bd295574cda730f9bf12107eb10f8a59172cc966" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MariaDB. Sårbarhederne er løst -ved at opgradere MariaDB til den nye opstrømsversion 10.1.26. Se MariaDB 10.1 -Release Notes for flere oplysninger:

- - - -

I den stabile distribution (stretch), er disse problemer rettet -i version 10.1.26-0+deb9u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 10.1.26-1.

- -

Vi anbefaler at du opgraderer dine mariadb-10.1-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3955.data" diff --git a/danish/security/2017/dsa-3956.wml b/danish/security/2017/dsa-3956.wml deleted file mode 100644 index 42be030830a..00000000000 --- a/danish/security/2017/dsa-3956.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="c7bd8940a6152cd703d0b682cef3f26876dbff71" mindelta="1" -sikkerhedsopdatering - -

Sikkerhedskonsulenter hos NRI Secure Technologies opdagede en -stakoverløbssårbarhed i ConnMan, en netværksmanager til indlejrede -enheder. En angriber med kontrol over DNS-serverne til DNS-proxy'en i -devices. An attacker with control of the DNS responses to the DNS proxy -ConnMan, kunne være i stand til at få den til at gå ned, og i nogle -tilfælde fjernudføre vilkårlige kommandoer på værten, der kører -servicen.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.21-1.2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.33-3+deb9u1.

- -

I distributionen testing (buster), er dette problem rettet -i version 1.33-3+deb9u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.35-1.

- -

Vi anbefaler at du opgraderer dine connman-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3956.data" diff --git a/danish/security/2017/dsa-3957.wml b/danish/security/2017/dsa-3957.wml deleted file mode 100644 index 5b4fc35667a..00000000000 --- a/danish/security/2017/dsa-3957.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="2ee878b22bdbf3e86226e0a5d4f38d02d61768d0" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i FFmpeg, en multimedieafspiller, -server og --encoder. Problemer kunne føre til lammelsesangreb og i nogle situationer -udførelse af vilkårlig kode.

- -
    - -
  • CVE-2017-9608 - -

    Yihan Lian fra Qihoo 360 GearTeam opdagede en NULL-pointertilgang, når - der blev fortolket en fabrikeret MOV-fil.

    • - -
  • CVE-2017-9993 - -

    Thierry Foucu opdagede at det var muligt at lække oplysninger fra filer - og symlinks, der slutter på en almindelig multimediaudvidelse, ved hjælp af - HTTP Live Streaming.

    • - -
  • CVE-2017-11399 - -

    Liu Bingchang fra IIE opdagede et heltalsoverløb i APE-dekoderen, som - kunne udløses af en fabrikeret APE-fil.

    • - -
  • CVE-2017-11665 - -

    JunDong Xie fra Ant-financial Light-Year Security Lab opdagede at en - angriber, som er i stand til at fabrikere en RTMP-stream, kunne få FFmpeg - til at gå ned.

    • - -
  • CVE-2017-11719 - -

    Liu Bingchang fra IIE opdagede at en tilgang uden for grænserne, kunne - udløses af en fabrikeret DNxHD-fil.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7:3.2.7-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3957.data" diff --git a/danish/security/2017/dsa-3958.wml b/danish/security/2017/dsa-3958.wml deleted file mode 100644 index 15cf3286357..00000000000 --- a/danish/security/2017/dsa-3958.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="4ea3740acfff78a1ba327c9fb0c7c5ac7f3f47a3" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at FontForge, en fonteditor, ikke på korrekt vis validerede -sine inddata. En angriber kunne udnytte fejlen, ved at narre en bruger til at -åbne en ondsindet fabrikeret OpenType-fontfil, og dermed forårsagende et -lammelsesangreb gennem applikationsnedbrud, eller udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 20120731.b-5+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:20161005~dfsg-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine fontforge-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3958.data" diff --git a/danish/security/2017/dsa-3959.wml b/danish/security/2017/dsa-3959.wml deleted file mode 100644 index ce50fa289a0..00000000000 --- a/danish/security/2017/dsa-3959.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a5e18a1dcdbec32061c03af3cc38f72d37f55da9" mindelta="1" -sikkerhedsopdatering - -

Daniel Genkin, Luke Valenta og Yuval Yarom opdagede at Libgcrypt var sårbar -over for et lokalt sidekanalsangreb mod ECDH-krypteringen med Curve25519, -hvilket gjorde det muligt at få fat i den private nøgle.

- -

Se \ -https://eprint.iacr.org/2017/806 for flere oplysninger.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.7.6-2+deb9u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.7.9-1.

- -

Vi anbefaler at du opgraderer dine libgcrypt20-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3959.data" diff --git a/danish/security/2017/dsa-3960.wml b/danish/security/2017/dsa-3960.wml deleted file mode 100644 index 4a6b0bc1773..00000000000 --- a/danish/security/2017/dsa-3960.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="36f31123f606b69b05577a679bdc98915c816373" mindelta="1" -sikkerhedsopdatering - -

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot -Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal og Yuval -Yarom opdagede at GnuPG var sårbar over for et lokalt sidekanalangreb, som -gjorde det muligt at få fat i en komplet RSA-1024-nøgle.

- -

Se \ -https://eprint.iacr.org/2017/627 for flere oplysninger.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.4.18-7+deb8u4.

- -

Vi anbefaler at du opgraderer dine gnupg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3960.data" diff --git a/danish/security/2017/dsa-3961.wml b/danish/security/2017/dsa-3961.wml deleted file mode 100644 index 752975c1aeb..00000000000 --- a/danish/security/2017/dsa-3961.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e654a691482e2cc50a9ae992d212b6ff3faf1f36" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med dobbelt frigivelse blev opdaget i funktionen -gdImagePngPtr() i libgd2, et bibliotek til programmatisk fremstilling og -behandling af grafik, hvilken kunne medføre lammelsesangreb eller potentielt -udførelse af vilkårlig kode, hvis en særligt fremstillet fil blev behandlet.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.1.0-5+deb8u11.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.2.4-2+deb9u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.2.5-1.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3961.data" diff --git a/danish/security/2017/dsa-3962.wml b/danish/security/2017/dsa-3962.wml deleted file mode 100644 index 2b0a46156f4..00000000000 --- a/danish/security/2017/dsa-3962.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="ea3369a6ef085c36dc2c1d98a429e88f8d0b29bf" mindelta="1" -sikkerhedsopdatering - -

En lammelsesangrebssårbarhed blev opdaget i strongSwan, en IKE-/IPsec-suite, -ved hjælp af Googles OSS-Fuzz-fuzzingprojekt.

- -

Plugin'en gmp i strongSwan havde utilstrækkelig inddatavalidering, når der -blev verificeret RSA-signaturer. Programmeringsfejlen kunne føre til en -nullpointerdereference, førende til et procesnedbrud.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 5.2.1-6+deb8u5.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 5.5.1-4+deb9u1.

- -

I distributionen testing (buster), er dette problem rettet -i version 5.6.0-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 5.6.0-1.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3962.data" diff --git a/danish/security/2017/dsa-3963.wml b/danish/security/2017/dsa-3963.wml deleted file mode 100644 index 9e1969073fb..00000000000 --- a/danish/security/2017/dsa-3963.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="75372e765a36d4477cf24e98f24698dc67b4e330" mindelta="1" -sikkerhedsopdatering - -

Flere problemer blev opdaget i Mercurial, et distribueret -versionsstyringssystem.

- -
    - -
  • CVE-2017-9462 - (kun rettet i stretch) - -

    Jonathan Claudius fra Mozilla opdagede at arkiver som blev serveret over - stdio, kunne blive narret til at give autoriserede brugere adgang til at - Python-debuggeren.

    • - -
  • CVE-2017-1000115 - -

    Mercurials symlinkauditing var ufuldstændig, og kunne misbruges til at - skrive filer uden for arkiver.

    • - -
  • CVE-2017-1000116 - -

    Joern Schneeweisz opdagede at Mercurial ikke på korrekt vis håndterede - ondsindet fremstillede ssh://-URL'ers. Dermed kunne en angriber køre en - vilkårlig shellkomamndo.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 3.1.2-2+deb8u4.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.0-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine mercurial-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3963.data" diff --git a/danish/security/2017/dsa-3964.wml b/danish/security/2017/dsa-3964.wml deleted file mode 100644 index 1b9b20d27b5..00000000000 --- a/danish/security/2017/dsa-3964.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="832a81e13abf0ab0eb3916c1ebc713e4d66d0107" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Asterisk, et open source-PBX og --telefoniværktøjssæt, hvilke kunne medføre afsløring af RTP-forbindelser eller -udførelse af vilkårlige shellkommandoer.

- -

For yderligere oplysninger, se opstrøms bulletiner: -\ -http://downloads.asterisk.org/pub/security/AST-2017-005.html, -\ -http://downloads.asterisk.org/pub/security/AST-2017-006.html

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:11.13.1~dfsg-2+deb8u3.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:13.14.1~dfsg-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3964.data" diff --git a/danish/security/2017/dsa-3965.wml b/danish/security/2017/dsa-3965.wml deleted file mode 100644 index 4ff64d65207..00000000000 --- a/danish/security/2017/dsa-3965.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="6a85c7345de7d245b292248dfd46fc2c42b4a46e" mindelta="1" -sikkerhedsopdatering - -

Thomas Jarosch opdagede en stakbaseret bufferoverløbsfejl i file, et værktøj -til klassifikation af filtyper, hvilken kunne medføre lammelsesangreb, hvis en -binær ELF-fil med et særligt fremstillet .notes-afsnit, blev behandlet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:5.30-1+deb9u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:5.32-1.

- -

Vi anbefaler at du opgraderer dine file-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3965.data" diff --git a/danish/security/2017/dsa-3966.wml b/danish/security/2017/dsa-3966.wml deleted file mode 100644 index a60558c458a..00000000000 --- a/danish/security/2017/dsa-3966.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="a77d9a6eaf12125ea742bc606c7ec915a1c73875" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i fortolkeren af sproget Ruby:

- -
    - -
  • CVE-2015-9096 - -

    SMTP-kommandoindsprøjtning i Net::SMTP.

    • - -
  • CVE-2016-7798 - -

    Ukorrekt håndtering af initialiseringsvektor i GCM-tilstand i - OpenSSL-udvidelsen.

    • - -
  • CVE-2017-0900 - -

    Lammelsesangreb i RubyGems-klienten.

    • - -
  • CVE-2017-0901 - -

    Potentiel filoverskrivelse i RubyGems-klienten.

    • - -
  • CVE-2017-0902 - -

    DNS-kapring i RubyGems-klienten.

    • - -
  • CVE-2017-14064 - -

    Heaphukommelsesafsløring i JSON-biblioteket.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i version -2.3.3-1+deb9u1. Denne opdatering hærder også RubyGems mod ondsindede -terminal-escapesekvenser -(CVE-2017-0899).

- -

Vi anbefaler at du opgraderer dine ruby2.3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3966.data" diff --git a/danish/security/2017/dsa-3967.wml b/danish/security/2017/dsa-3967.wml deleted file mode 100644 index 667419a5bda..00000000000 --- a/danish/security/2017/dsa-3967.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="e6d62366b1abc1f88b1b9f5588d9b61caf91fc34" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med omgåelse af autentifikation, blev opdaget i -mbed TLS, et letvægtskrypterings- og SSL-/TLS-bibliotek, når -autentifikationsstilstanden var opsat som optional (valgfri). En -fjernangriber kunne drage nytte af fejlen til at iværksætte et manden i -midten-agnreb og udgive sig for at være en tilsigtet peer, gennem en -X.509-certifikatkæde med mange mellemled.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.4.2-1+deb9u1.

- -

I distributionen testing (buster), er dette problem rettet -i version 2.6.0-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.6.0-1.

- -

Vi anbefaler at du opgraderer dine mbedtls-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3967.data" diff --git a/danish/security/2017/dsa-3968.wml b/danish/security/2017/dsa-3968.wml deleted file mode 100644 index 77b9fe86276..00000000000 --- a/danish/security/2017/dsa-3968.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="df2cb2f669b080ea57519a1837b5dedafe5a1a63" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsfejl er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 52.3.0-4~deb8u2.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 52.3.0-4~deb9u1.

- -

Vi anbefaler at du opgraderer dine icedove-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3968.data" diff --git a/danish/security/2017/dsa-3969.wml b/danish/security/2017/dsa-3969.wml deleted file mode 100644 index 4fb163b7773..00000000000 --- a/danish/security/2017/dsa-3969.wml +++ /dev/null @@ -1,91 +0,0 @@ -#use wml::debian::translation-check translation="ea2ae7721efee15d86be4885df15dc06cffaf769" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisor'en Xen:

- -
    - -
  • CVE-2017-10912 - -

    Jann Horn opdagede at ukorrekt håndtering af sidetransitioner, kunne - medføre rettighedsforøgelse.

    • - -
  • CVE-2017-10913 / CVE-2017-10914 - -

    Jann Horn opdagede at kapløbstilstande i grant-håndtering, kunne medføre - informationslækager eller rettighedsforøgelse.

    • - -
  • CVE-2017-10915 - -

    Andrew Cooper opdagede at ukorrekt referenceoptælling med shadow paging, - kunne medføre rettighedsforøgelse.

    • - -
  • CVE-2017-10916 - -

    Andrew Cooper opdagede en informationslækage i håndteringen af - CPU-funktionaliteterne Memory Protection Extensions (MPX) og Protection Key - (PKU). Det påvirker kun Debian stretch.

    • - -
  • CVE-2017-10917 - -

    Ankur Arora opdagede en NULL-pointerdereference i event polling, - medførende lammelsesangreb.

    • - -
  • CVE-2017-10918 - -

    Julien Grall opdagede at ukorrekt fejlhåndtering i fysisk til - maskine-hukommelsesmapning, kunne medføre rettighedsforøgelse, - lammelsesangreb eller en informationslækage.

    • - -
  • CVE-2017-10919 - -

    Julien Grall opdagede at ukorrekt håndtering af virtuelle - interruptindsprøjtninger på ARM-systemer, kunne medføre - lammelsesangreb.

    • - -
  • CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922 - -

    Jan Beulich opdagede adskillige steder hvor referenceoptælling på grant - table-handlinger, var ukorrekt, medførende potentiel - rettighedsforøgelse.

    • - -
  • CVE-2017-12135 - -

    Jan Beulich fandt adskillige problemer i håndteringen af transitive - grants, hvilke kunne medføre lammelsesangreb eller potentielt - rettighedsforøgelse.

    • - -
  • CVE-2017-12136 - -

    Ian Jackson opdagede at kapløbstilstande i allokatoren af grant mappings, - kunne medføre lammelsesangreb eller rettighedsforøgelse. Det påvirker kun - Debian stretch.

    • - -
  • CVE-2017-12137 - -

    Andrew Cooper opdagede at ukorrekt validering af grants, kunne medføre - rettighedsforøgelse.

    • - -
  • CVE-2017-12855 - -

    Jan Beulich opdagede ukorrekt grant status-håndtering handling, dermed - blev gæsten ukorrekt oplyst om at en grant ikke længere var i brug.

    • - -
  • XSA-235 (endnu ingen CVE) - -

    Wei Liu opdagede at ukorrekt låsning af add-to-physmap-handlinger på ARM, - kunne medføre lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 4.4.1-9+deb8u10.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.8.1-1+deb9u3.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3969.data" diff --git a/danish/security/2017/dsa-3970.wml b/danish/security/2017/dsa-3970.wml deleted file mode 100644 index 2a4023c311e..00000000000 --- a/danish/security/2017/dsa-3970.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="0f883137a1477df2ec9d765faa89a59d74d56487" mindelta="1" -sikkerhedsopdatering - -

Charles A. Roelli opdagede at Emacs var sårbar over for udførelse af -vilkårlig kode, ved rendering af text/enriched-MIME-data (fx når der -anvendes Emacs-baserede mailklienter).

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 24.4+1-5+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 24.5+1-11+deb9u1.

- -

Vi anbefaler at du opgraderer dine emacs24-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3970.data" diff --git a/danish/security/2017/dsa-3971.wml b/danish/security/2017/dsa-3971.wml deleted file mode 100644 index f89e8eed31f..00000000000 --- a/danish/security/2017/dsa-3971.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="9c5357fb5740d762ce93f799ad9fcd164377c108" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i tcpdump, et kommandolinjeprogram til -analysering af netværkstrafik. Sårbarhederne kunne medføre lammelsesangreb -eller potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet i -version 4.9.2-1~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.9.2-1~deb9u1.

- -

I distributionen testing (buster), er disse problemer rettet i -version 4.9.2-1 eller tidligere versioner.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.9.2-1 eller tidligere versioner.

- -

Vi anbefaler at du opgraderer dine tcpdump-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3971.data" diff --git a/danish/security/2017/dsa-3972.wml b/danish/security/2017/dsa-3972.wml deleted file mode 100644 index 7a250aa63a5..00000000000 --- a/danish/security/2017/dsa-3972.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="730cb2409683fe21117da9d03dea510db39687ec" mindelta="1" -sikkerhedsopdatering - -

En informationsafsløringssårbarhed blev opdaget i Service Discovery Protocol -(SDP) i bluetoothd, hvilken gjorde det muligt for en nært tilstedeværende -angriber at få adgang til følsomme oplysninger fra bluetoothds proceshukommelse, -herunder Bluetooth-krypteringsnøgler.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 5.23-2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 5.43-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine bluez-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3972.data" diff --git a/danish/security/2017/dsa-3973.wml b/danish/security/2017/dsa-3973.wml deleted file mode 100644 index 3ebd5bb952d..00000000000 --- a/danish/security/2017/dsa-3973.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="03992bfe4299066608ea69ac2c49492c07265f00" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med udførelse af skripter på tværs af websteder er -opdaget i loginformularen hørende til identity provider-modulet Shibboleth til -Wordpress.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.4-2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.4-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine wordpress-shibboleth-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3973.data" diff --git a/danish/security/2017/dsa-3974.wml b/danish/security/2017/dsa-3974.wml deleted file mode 100644 index ac873ea2a71..00000000000 --- a/danish/security/2017/dsa-3974.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="5efdc886b003f70d9b0cc257af84e749911991d4" mindelta="1" -sikkerhedsopdatering - -

To problemer blev opdaget i Tomcats servlet og JSP-motor.

- -
    - -
  • CVE-2017-7674 - -

    Rick Riemer opdagede at Cross-Origin Resource Sharing-filteret ikke - tilføjede en Vary-header, som indikerer mulige forskellige svar, hvilket - kunne føre til cacheforgiftning.

    • - -
  • CVE-2017-7675 (stretch only) - -

    Markus Dörschmidt opdagede at HTTP/2-implementering omgik nogle - sikkerhedskontroller, dermed gørende det muligt for en angriber at - iværksætte mappegennemløbsangreb ved at anvende særligt fremstillede - URL'er.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 8.0.14-1+deb8u11.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8.5.14-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine tomcat8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3974.data" diff --git a/danish/security/2017/dsa-3975.wml b/danish/security/2017/dsa-3975.wml deleted file mode 100644 index ee731ec7b0c..00000000000 --- a/danish/security/2017/dsa-3975.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="85752fa5b76eb5abd1a0c88c678bdae4e77a9d02" mindelta="1" -sikkerhedsopdatering - -

Charles A. Roelli opdagede at Emacs var sårbar over for udførelse af -vilkårlig kode under rendering af text/enriched-MIME-data (fx når der anvendes -Emacs-baserede mailklienter).

- -

I den stabile distribution (stretch), er dette problem rettet i -version 25.1+1-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine emacs25-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3975.data" diff --git a/danish/security/2017/dsa-3976.wml b/danish/security/2017/dsa-3976.wml deleted file mode 100644 index f8a802076de..00000000000 --- a/danish/security/2017/dsa-3976.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="00f6c1a20538a12d0e1d366d76c4e21ae02b767c" mindelta="1" -sikkerhedsopdatering - -

Marcin Icewall Noga fra Cisco Talos opdagede to sårbarheder i freexl, -et bibliotek til læsning af Microsoft Excel-regneark, hvilket kunne medføre -lammelsesangreb eller udførelse af vilkårlig kode, hvis en misdannet Excel-fil -blev åbnet.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.0.0g-1+deb8u4.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.0.2-2+deb9u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.4-1.

- -

Vi anbefaler at du opgraderer dine freexl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3976.data" diff --git a/danish/security/2017/dsa-3977.wml b/danish/security/2017/dsa-3977.wml deleted file mode 100644 index 24800889008..00000000000 --- a/danish/security/2017/dsa-3977.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="cdddb507a194c4d6b9ad05df88fa43bf196b4383" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at podbeuter, podcasthenteren i newsbeuter, en tekstbaseret -RSS-feedlæser, ikke på korrekt vis escape'de navnet på medieindkapslingen -(podcastfilen), hvilket gjorde det muligt for en fjernangriber at køre en -vilkårlig shellkommando på klientmaskinen. Det er kun udnytbart hvis filen også -afspilles af podbeuter.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.8-2+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.9-5+deb9u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.9-7.

- -

Vi anbefaler at du opgraderer dine newsbeuter-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3977.data" diff --git a/danish/security/2017/dsa-3978.wml b/danish/security/2017/dsa-3978.wml deleted file mode 100644 index 2d69e248dd1..00000000000 --- a/danish/security/2017/dsa-3978.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="0e7bc885231037690c577429814479f18852fb45" mindelta="1" -sikkerhedsopdatering - -

Marcin Noga opdagede et bufferoverløb i JPEG-indlæseren i biblioteket GDK -Pixbuf, hvilket kunne medføre udførelse af vilkårlig kode, hvis en misdannet fil -blev åbnet.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.31.1-2+deb8u6.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.36.5-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine gdk-pixbuf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3978.data" diff --git a/danish/security/2017/dsa-3979.wml b/danish/security/2017/dsa-3979.wml deleted file mode 100644 index 6f4f3fcc947..00000000000 --- a/danish/security/2017/dsa-3979.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="13ae69d943de9fb0efb51f873feb233ebbeaaf50" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at PyJWT, en Python-implementering af JSON Web Token, udførte -utilstrækkelig validering af nogle offentlig nøgle-typer, hvilket kunne gøre det -muligt for en fjernangriber at fabrikere JWT'er helt fra begyndelsen.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 0.2.1-1+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.4.2-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine pyjwt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3979.data" diff --git a/danish/security/2017/dsa-3980.wml b/danish/security/2017/dsa-3980.wml deleted file mode 100644 index 8436a3fd3a7..00000000000 --- a/danish/security/2017/dsa-3980.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="4fe7a42129a1a0c9aaf54478bd806788188ea89f" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck opdagede at ukorrekt fortolkning i Apache HTTP Server af -direktivet Limit i .htaccess-filer, kunne medføre hukommelsesblotlægning.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.4.10-10+deb8u11.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.4.25-3+deb9u3.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3980.data" diff --git a/danish/security/2017/dsa-3981.wml b/danish/security/2017/dsa-3981.wml deleted file mode 100644 index 854326e6144..00000000000 --- a/danish/security/2017/dsa-3981.wml +++ /dev/null @@ -1,188 +0,0 @@ -#use wml::debian::translation-check translation="1ed1b439e193379ba0d00a4fee98b13d791a83d1" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2017-7518 - -

    Andy Lutomirski opdagede at KVM var sårbar på grund af en ukorrekt - debugexceptionfejl (#DB), som opstår når en syscall-instruktion simuleres. - En proces inde i en gæst, kunne drage nytte af fejlen til - rettighedsforøgelse inde i gæsten.

    • - -
  • CVE-2017-7558 - (kun stretch) - -

    Stefano Brivio fra Red Hat opdagede at undersystemet SCTP var sårbart på - grund af en datalækagesårbarhed som følge af en fejl ved læsning uden for - grænserne, hvilket gjorde det muligt at lække op til 100 uinitialiserede - bytes til brugerrummet.

    • - -
  • CVE-2017-10661 - (kun jessie) - -

    Dmitry Vyukov fra Google rapporterede at faciliteten timerfd ikke på - korrekt vis håndterede visse samtidige handlinger på en enkelt - fildescriptor. Dermed var det muligt for en lokal angriber, at forårsage et - lammelsesangreb eller potentielt udføre vilkårlig kode.

    • - -
  • CVE-2017-11600 - -

    Bo Zhang rapporterede at undersystemet subsystem ikke på korrekt vis - validerede et af parametre til en netlink-meddelelse. Lokale brugere med - CAP_NET_ADMIN-kapabilitet, kunne udnytte fejlen til at forårsage et - lammelsesangreb eller potenielt udføre vilkårlig kode.

    • - -
  • CVE-2017-12134 - / #866511 / XSA-229 - -

    Jan H. Schoenherr fra Amazon opdagede at når Linux kører i et Xen - PV-domæne på et x86-system, kan det på ukorrekt vis sammenlægge - blok-I/O-forespørgsler. En fejlfyldt eller ondsindet gæst kunne udløse - fejlen i dom0 eller i et PV-driverdomæne, forårsagende lammelsesangreb eller - potentielt udførelse af vilkårlig kode.

    - -

    Problemet kan afbødes ved at deaktivere sammenlægninger på - underliggende back-end-blokenheder, eksempelvis: - echo 2 > /sys/block/nvme0n1/queue/nomerges

    • - -
  • CVE-2017-12146 - (kun stretch) - -

    Adrian Salido fra Google rapporterede om en kapløbstilstand i adgangen til - attributten driver_override til platformsenheder i sysfs. Hvis - upriviligerede brugere har rettigheder til at tilgå attributten, kunne det - give dem mulighed for at forøge rettigheder.

    • - -
  • CVE-2017-12153 - -

    Bo Zhang rapporterede at undersystemet cfg80211 (wifi), ikke på korrekt - vis validerede parametrene til en netlink-meddelelse. Lokale bruger med - kapabiliteten CAP_NET_ADMIN (i et hvilket som helst brugernavnerum med en - wifi-enhed) kunne udnytte fejlen til at forårsage et - lammelsesangreb.

    • - -
  • CVE-2017-12154 - -

    Jim Mattson fra Google rapporterede at implementeringen af KVM for Intel - x86-processorer, ikke på korrekt vis håndterede visse indlejrede (nested) - hypervisor-opsætninger. En ondsindet gæst (eller indlejret gæst i en - passende L1-hypervisor), kunne udnytte fejlen til lammelsesangreb.

    • - -
  • CVE-2017-14106 - -

    Andrey Konovalov opdagede at brugerudløst division med nul i funktionen - tcp_disconnect(), kunne medføre lokalt lammelsesangreb.

    • - -
  • CVE-2017-14140 - -

    Otto Ebeling rapportered at systemkaldet move_pages() udførte - utilstrækkelig validering af UID'er fra den kaldende og målets processer, - medførende en delvisning omgåelse af ASLR. Dermed var det lettere for - lokale brugere, at udnytte sårbarheder i programmer, der er installeret - således at bitten set-UID er opsat.

    • - -
  • CVE-2017-14156 - -

    sohu0106 rapporterede om en informationslækage i videodriveren - atyfb. En lokal bruger med adgang til en framebufferenhed, som - håndteres af denne driver, kunne udnytte fejlen til at få adgang til - følsomme oplysninger.

    • - -
  • CVE-2017-14340 - -

    Richard Wareing opdagede at implementeringen af XFS tillod oprettelse af - filer med flaget realtime, på et filsystem uden realtime-enheder, - hvilket kunne medføre et nedbrud (oops). En lokal bruger med adgang til et - XFS-filsystem, som ikke har en realtime-enhed, kunne udnytte fejlen til - lammelsesangreb.

    • - -
  • CVE-2017-14489 - -

    ChunYu Wang fra Red Hat opdagede at undersystemet iSCSI ikke på korrekt - vis validerede længden på en netlink-meddelelse, førende til - hukommelseskorruption. En lokal bruger med rettigheder til at håndtere - iSCSI-enheder, kunne udnytte fejlen til lammelsesangreb eller muligvis til - udførelse af vilkårlig kode.

    • - -
  • CVE-2017-14497 - (kun stretch) - -

    Benjamin Poirier fra SUSE rapporterede at vnet-header ikke blev - håndteret korrekt i funktionen tpacket_rcv() i raw packet-funktionaliteten - (af_packet). En lokal bruger med kapabiliteten CAP_NET_RAW, kunne drage - nytte af fejlen til at forårsage et lammelsesangreb (bufferoverløb og - disk- og hukommelseskorruption) eller have anden indvirkning.

    • - -
  • CVE-2017-1000111 - -

    Andrey Konovalov fra Google rapporterede om en kapløbstilstand i - raw packet-funktionaliteten (af_packet). Lokale brugere med kapabiliteten - CAP_NET_RAW, kunne udnytte fejlen til lammelsesangreb eller muligvis til - udførelse af vilkårlig kode.

    • - -
  • CVE-2017-1000112 - -

    Andrey Konovalov fra Google rapporterede om en kapløbstilstandsfejl i - koden til UDP Fragmentation Offload (UFO). En lokal bruger kunne udnytte - fejlen til at lammelsesangreb eller muligvis til udførelse af vilkårlig - kode.

    • - -
  • CVE-2017-1000251 - / #875881 - -

    Armis Labs opdagede at undersystemet Bluetooth ikke på korrekt vis - validerede L2CAP-opsætningssvar, førende til et stakbufferoverløb. Det er - en af flere sårbarheder navngivet Blueborne. En angriber i nærheden - kunne udnytte det til at forårsage et lammelsesangreb eller muligvis til - udførelse af vilkårlig kode på et system, hvor Bluetooth er - aktiveret.

    • - -
  • CVE-2017-1000252 - (kun stretch) - -

    Jan H. Schoenherr fra Amazon rapporterede at implementeringen af KVM - for Intel x86-processorer, ikke på korrekt vis validerede - interruptindsprøjtningsforespørgsler. En lokal bruger med rettighed til at - anvende KVM, kunne udnytte dette til lammelsesangreb.

    • - -
  • CVE-2017-1000370 - -

    Qualys Research Labs rapporterede at en stor parameter eller miljøliste, - kunne medføre omgåelse af ASLR ved 32 bit binære PIE-filer.

    • - -
  • CVE-2017-1000371 - -

    Qualys Research Labs rapporterede at en stor parameter- eller miljøliste, - kunne medføre stak-/heap-klonflikt ved 32 bit binære PIE-filer.

    • - -
  • CVE-2017-1000380 - -

    Alexander Potapenko fra Google rapporterede om en kapløbstilstand i - ALSA-(lyd)timerdriveren, førende til en informationslækage. En lokal bruger - med rettigheder til at tilgå lydenheder, kunne udnytte dette til at få - adgang til følsomme oplysninger.

    • - -
- -

Debian deaktiverer som standard brugernavnerum for upriviligerede brugere, -men hvis de er aktiveret (gennem sysctl'en kernel.unprivileged_userns_clone) kan -CVE-2017-11600, -CVE-2017-14497 og -CVE-2017-1000111 -udnyttes af enhver lokal bruger.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 3.16.43-2+deb8u5.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.9.30-2+deb9u5.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3981.data" diff --git a/danish/security/2017/dsa-3982.wml b/danish/security/2017/dsa-3982.wml deleted file mode 100644 index 84dc5c089e9..00000000000 --- a/danish/security/2017/dsa-3982.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="58e7c8ed747c17831b628431cae9d51caf0404ba" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i implementeringen af -programmeringssproget Perl. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2017-12837 - -

    Jakub Wilk rapporterede om en heapbufferoverløbsfejl i compileren af - regulære udtræk, hvilket gjorde det muligt for en fjernangriber at - forårsage et lammelsesangreb gennem et særligt fremstillet regulært udtryk - med en medifikator som ikke er følsom over for små og store - bogstaver.

    • - -
  • CVE-2017-12883 - -

    Jakub Wilk rapporterede om en bufferoverlæsningsfejl i fortolkeren af - regulære udtræk, hvilket gjorde det muligt for en fjernangriber at - forårsage et lammelsesangreb eller informationslækage.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 5.20.2-3+deb8u9.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 5.24.1-3+deb9u2.

- -

I distributionen testing (buster), er disse problemer rettet -i version 5.26.0-8.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 5.26.0-8.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3982.data" diff --git a/danish/security/2017/dsa-3983.wml b/danish/security/2017/dsa-3983.wml deleted file mode 100644 index f52f5c7d417..00000000000 --- a/danish/security/2017/dsa-3983.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="6f1e726304417971217fefa3247e61b1e8594f0a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er opdaget i Samba, en SMB-/CIFS-fil-, -print- -og -loginserver til Unix:

- -
    - -
  • CVE-2017-12150 - -

    Stefan Metzmacher opdagede adskillige kodestier, hvor SMB-signering ikke - blev håndhævet.

    • - -
  • CVE-2017-12151 - -

    Stefan Metzmacher opdagede at værktøjer, som anvender libsmbclient, ikke - håndhævede kryptering, når der DFS-viderestillinger blev fulgt, hvilket - kunne gøre det muligt for en manden i midten-angriber, at læse eller ændre - forbindelse, som skulle have været krypteret.

    • - -
  • CVE-2017-12163 - -

    Yihan Lian og Zhibin Hu opdagede at utilstrækkelige grænsekontroller i - behandlingen af SMB1-skrivningsforespørgsler, kunne medføre blotlæggelse af - serverhukommelse.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2:4.2.14+dfsg-0+deb8u8.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2:4.5.8+dfsg-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3983.data" diff --git a/danish/security/2017/dsa-3984.wml b/danish/security/2017/dsa-3984.wml deleted file mode 100644 index cb005a60abd..00000000000 --- a/danish/security/2017/dsa-3984.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="809c6c318b5cf68cbae3e97ca789ae811c7bf8a3" mindelta="1" -sikkerhedsopdatering - -

joernchen opdagede at underkommandoen git-cvsserver i Git, et distribueret -versionsstyringssystem, var ramt af en sårbarhed i forbindelse med indsprøjtning -af shell-kommandoer, på grund af usikker anvendelse af Perls backtickoperator. -Underkommandoen git-cvsserver er tilgængelig fra underkommandoen git-shell, selv -hvis understøttelse af CVS ikke er opsat (dog skal pakken git-cvs være -installeret).

- -

Ud over rettelsen af den egentlige fejl, fjerner denne opdatering som -standard underkommandoen cvsserver fra git-shell. Se den opdaterede -dokumentation for oplysninger om hvordan man genaktiverer igen, i tilfælde af af -CVS-funktionaliteten stadig er nødvendig.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1:2.1.4-2.1+deb8u5.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:2.11.0-3+deb9u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1:2.14.2-1.

- -

Vi anbefaler at du opgraderer dine git-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3984.data" diff --git a/danish/security/2017/dsa-3985.wml b/danish/security/2017/dsa-3985.wml deleted file mode 100644 index b703d1fc7d4..00000000000 --- a/danish/security/2017/dsa-3985.wml +++ /dev/null @@ -1,78 +0,0 @@ -#use wml::debian::translation-check translation="3d033a89ac30168648fe396b278bcb676126a656" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2017-5111 - -

    Luat Nguyen opdagede et problem med anvendelse efter frigivelse i - biblioteket pdfium.

    • - -
  • CVE-2017-5112 - -

    Tobias Klein opdagede et bufferoverløbsproblem i biblioteket - webgl.

    • - -
  • CVE-2017-5113 - -

    Et bufferoverløbsproblem blev opdaget i biblioteket skia.

    • - -
  • CVE-2017-5114 - -

    Ke Liu opdagede et hukommelsesproblem i biblioteket pdfium.

    • - -
  • CVE-2017-5115 - -

    Marco Giovannini opdagede et typeforvirringsproblem i - JavaScript-biblioteket v8.

    • - -
  • CVE-2017-5116 - -

    Guang Gong opdagede et typeforvirringsproblem i JavaScript-biblioteket - v8.

    • - -
  • CVE-2017-5117 - -

    Tobias Klein opdagede en uinitialiseret værdi i biblioteket - skia.

    • - -
  • CVE-2017-5118 - -

    WenXu Wu opdagede en måde at omgå Content Security Policy på.

    • - -
  • CVE-2017-5119 - -

    En anden uinitialiseret værdi blev opdaget i biblioteket skia.

    • - -
  • CVE-2017-5120 - -

    Xiaoyin Liu opdagede en måde at nedgradere HTTPS-forbindelser på under en - viderestilling.

    • - -
  • CVE-2017-5121 - -

    Jordan Rabet opdagede en hukommelsestilgang uden for grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2017-5122 - -

    Choongwoo Han opdagede en hukommelsestilgang uden for grænserne i - JavaScript-biblioteket v8.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 61.0.3163.100-1~deb9u1.

- -

I distributionen testing (buster), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 61.0.3163.100-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3985.data" diff --git a/danish/security/2017/dsa-3986.wml b/danish/security/2017/dsa-3986.wml deleted file mode 100644 index 3bf5d4c6854..00000000000 --- a/danish/security/2017/dsa-3986.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="b4bbd9b1c2e57d94c041bdaaab0ac1361a22c554" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Ghostscript, GPL-fortolkeren af -PostScript/PDF, hvilke kunne medføre lammelsesangreb, hvis en særligt -fremstillet Postscript-fil blev behandlet.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 9.06~dfsg-2+deb8u6.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 9.20~dfsg-3.2+deb9u1.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3986.data" diff --git a/danish/security/2017/dsa-3987.wml b/danish/security/2017/dsa-3987.wml deleted file mode 100644 index 990e5c070c6..00000000000 --- a/danish/security/2017/dsa-3987.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b10c7b51ad5cfb976c74e4dc51c0ed6f4eb92e83" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl, anvendelser efter frigivelser, -bufferoverløb og andre implmenteringsfejl kunne føre til udførelse af vilkårlig -kode, lammelsesangreb, udførelse af skripter på tværs af websteder eller -omgåelse af funktionen til beskyttelse mod phishing og malware.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 52.4.0esr-1~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 52.4.0esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3987.data" diff --git a/danish/security/2017/dsa-3988.wml b/danish/security/2017/dsa-3988.wml deleted file mode 100644 index 8837ec7721a..00000000000 --- a/danish/security/2017/dsa-3988.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="4078ce9be4e6c560b634ffd8581a35ab68dfb2df" mindelta="1" -sikkerhedsopdatering - -

En heltalsoverløbssårbarhed blev opdaget i decode_digit() i libidn2-0, -GNU-biblioteket til Internationalized Domain Names (IDN'er), hvilken gjorde det -muligt for en fjernangriber at forårsage et lammelsesangreb mod en applikation, -der anvender biblioteket (applikationsnedbrud).

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 0.10-2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.16-1+deb9u1.

- -

I distributionen testing (buster), er dette problem rettet -i version 2.0.2-4.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2.0.2-4.

- -

Vi anbefaler at du opgraderer dine libidn2-0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3988.data" diff --git a/danish/security/2017/dsa-3989.wml b/danish/security/2017/dsa-3989.wml deleted file mode 100644 index 5b7c5332103..00000000000 --- a/danish/security/2017/dsa-3989.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="42754bb76a519dc6b5eae4762c5ce64caf92897f" mindelta="1" -sikkerhedsopdatering - -

Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron Bowes og -Gynvael Coldwind fra Google Security Team, opdagede flere sårbarheder i dnsmasq, -en lille caching-DNS-proxy og DHCP-/TFTP-server, hvilke kunne medføre -lammelsesangreb, informationslækage eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2.72-3+deb8u2.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.76-5+deb9u1.

- -

Vi anbefaler at du opgraderer dine dnsmasq-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3989.data" diff --git a/danish/security/2017/dsa-3990.wml b/danish/security/2017/dsa-3990.wml deleted file mode 100644 index 4b1753733ac..00000000000 --- a/danish/security/2017/dsa-3990.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="895228aa91fa0709a0412b20408670a5307725a5" mindelta="1" -sikkerhedsopdatering - -

Klaus-Peter Junghann opdagede at utilstrækkelig validering af RTCP-pakker i -Asterisk, kunne føre til en informationslækage. Se opstrøms bulletin på -\ -http://downloads.asterisk.org/pub/security/AST-2017-008.html for flere -oplysninger.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1:11.13.1~dfsg-2+deb8u4.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:13.14.1~dfsg-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3990.data" diff --git a/danish/security/2017/dsa-3991.wml b/danish/security/2017/dsa-3991.wml deleted file mode 100644 index 99c1cb5a51f..00000000000 --- a/danish/security/2017/dsa-3991.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="0c7632cdd654d5bef633b79470a2ade017160a75" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev fundet i qemu, en hurtig processoremulator:

- -
    - -
  • CVE-2017-9375 - -

    Lammelsesangreb gennem hukommeleslækage i USB XHCI-emulering.

    • - -
  • CVE-2017-12809 - -

    Lammelsesangreb i emulering af CDROM-enhedsdrev.

    • - -
  • CVE-2017-13672 - -

    Lammelsesangreb i emulering af VGA-grafikkort.

    • - -
  • CVE-2017-13711 - -

    Lammelsesangreb i SLIRP-netværksunderstøttelse.

    • - -
  • CVE-2017-14167 - -

    Ukorrekt validering af multibootheader, kunne medføre udførelse af - vilkårlig kode.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:2.8+dfsg-6+deb9u3.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3991.data" diff --git a/danish/security/2017/dsa-3992.wml b/danish/security/2017/dsa-3992.wml deleted file mode 100644 index 794415b5ad3..00000000000 --- a/danish/security/2017/dsa-3992.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="a898fc728e075d68b4098dd43596590bc9b7a3ef" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i cURL, et URL-overførselsbibliotek. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2017-1000100 - -

    Even Rouault rapporterede at cURL ikke på korrekt vis håndterede lange - filnavne under en TFTP-upload. En ondsindet HTTP(S)-server kunne drage - nytte af fejlen til at viderestille en klient, ved hjælp af - cURL-biblioteket, til en fabrikeret TFTP-URL, og narre den til at sende - private hukommelsesindhold over UDP til en fjern server.

    • - -
  • CVE-2017-1000101 - -

    Brian Carpenter og Yongji Ouyang rapporterede at cURL indeholdt en fejl - i globbing-funktionen, der fortolker det numeriske interval, førende til en - læsning uden for grænserne, når en særligt fremstillet URL blev - fortolket.

    • - -
  • CVE-2017-1000254 - -

    Max Dymond rapporterede at cURL indeholdt en fejl i forbindelse med - læsning uden for grænserne i fortolkeren af FTP PWD-svar. En ondsindet - server kunne drage nytte af fejlen til faktisk at forhindre cURL-biblioteket - i at fungere med den, medførende et lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 7.38.0-4+deb8u6.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7.52.1-5+deb9u1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3992.data" diff --git a/danish/security/2017/dsa-3993.wml b/danish/security/2017/dsa-3993.wml deleted file mode 100644 index fc60e4e3fc4..00000000000 --- a/danish/security/2017/dsa-3993.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="17fea628f9c70c2f47b615fb5af2377ed9136737" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at oniontjensten Tor kunne lække følsomme oplysninger til -logfiler, hvis valgmuligheden SafeLogging er sat til 0.

- -

Den gamle stabile distribution (jessie) er ikke påvirket.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.2.9.12-1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3993.data" diff --git a/danish/security/2017/dsa-3994.wml b/danish/security/2017/dsa-3994.wml deleted file mode 100644 index 5245095b918..00000000000 --- a/danish/security/2017/dsa-3994.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="48d4d4c3e6425caae2070a701453b82036f53544" mindelta="1" -sikkerhedsopdatering - -

Christian Boxdörfer opdagede en sårbarhed i håndteringen af -FreeDesktop.org-.desktop-filer i Nautilus, et filhåndteringsprogram til -skrivebordsmiljøet GNOME. En angriber kunne fabrikere en .desktop-fil beregnet -til at køre ondsindede kommandoer, men visende en uskyldigt udseende dokumentfil -i Nautilus. En bruger kunne dernæst stole på den, og åbne filen, og Nautilus -ville derefter udføre det ondsindede indhold. Nautilus' beskyttelse ved kun at -stole på .desktop-filer med rettigheden udførbar, kunne omgås ved at levere -.desktop-filen inde i en tarball.

- -

I den gamle stabile distribution (jessie), er problemet endnu ikke -rettet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.22.3-1+deb9u1.

- -

I distributionen testing (buster), er dette problem rettet -i version 3.26.0-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.26.0-1.

- -

Vi anbefaler at du opgraderer dine nautilus-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3994.data" diff --git a/danish/security/2017/dsa-3995.wml b/danish/security/2017/dsa-3995.wml deleted file mode 100644 index 667dfa53086..00000000000 --- a/danish/security/2017/dsa-3995.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="d24d251e885cedb77f0d35039dd4904fc1d0c145" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev fundet i libXfont, X11-biblioteket til fontrasterisering, -hvilke kunne medføre lammelsesangreb eller hukommelsesblotlæggelse.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:1.5.1-1+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:2.0.1-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine libxfont-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3995.data" diff --git a/danish/security/2017/dsa-3996.wml b/danish/security/2017/dsa-3996.wml deleted file mode 100644 index 17a20d609c3..00000000000 --- a/danish/security/2017/dsa-3996.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="d842a66217d16cdb4b3477bef7e054d75604af4c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i multimedieframeworket FFmpeg, hvilke kunne -medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis -misdannede filer/strømme i formaterne Real, MV, RL2, ASF, Apple HLS, Phantom -Cine, MXF, NSV, MOV eller RTP H.264, blev behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7:3.2.8-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3996.data" diff --git a/danish/security/2017/dsa-3997.wml b/danish/security/2017/dsa-3997.wml deleted file mode 100644 index 2b5866732ae..00000000000 --- a/danish/security/2017/dsa-3997.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="d4d8d237ace5747deda6de76c42a618490d8b835" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Wordpress, et webbloggingværktøj. De gjorde -det muligt for fjernangribere at udnytte mappegennemløbsproblemer, udføre -SQL-indsprøjtninger og forskellige angreb i forbindelse med skripter på tværs af -websteder.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 4.1+dfsg-1+deb8u15.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.7.5+dfsg-2+deb9u1.

- -

I distributionen testing (buster), er disse problemer rettet -i version 4.8.2+dfsg-2.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 4.8.2+dfsg-2.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3997.data" diff --git a/danish/security/2017/dsa-3998.wml b/danish/security/2017/dsa-3998.wml deleted file mode 100644 index e1095c3caec..00000000000 --- a/danish/security/2017/dsa-3998.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="d8bc37be6320e87f372e148fec03b600db6b9488" mindelta="1" -sikkerhedsopdatering - -

Martin Thomson opdagede at nss, biblioteket Mozilla Network Security Service, -var sårbart over for en sårbarhed i forbindelse med anvendelse efter frigivelse -i implementeringen af TLS 1.2, når handshake-hashes genereres. En fjernangriber -kunne drage nytte af fejlen til at få en applikation, der anvender -nss-biblitoeket, til at gå ned, medførende et lammelsesangreb eller potentielt -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2:3.26-1+debu8u3.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:3.26.2-1.1+deb9u1.

- -

I distributionen testing (buster), er dette problem rettet -i version 2:3.33-1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 2:3.33-1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3998.data" diff --git a/danish/security/2017/dsa-3999.wml b/danish/security/2017/dsa-3999.wml deleted file mode 100644 index dcf45f0186f..00000000000 --- a/danish/security/2017/dsa-3999.wml +++ /dev/null @@ -1,77 +0,0 @@ -#use wml::debian::translation-check translation="5bf6135126914686f0fce456a2022161ac3e07fd" mindelta="1" -sikkerhedsopdatering - -

Mathy Vanhoef fra efterforskningsgruppen imec-DistriNet ved KU Leuven, -opdagede adskillige sårbarheder i WPA-protokollen, som anvendes til -autentifikation i trådløse netværk. Sårbarhederne gælder både accesspointet -(implementeret i hostapd) og stationen (implementeret i wpa_supplicant).

- -

En angriber, som udnytter sårbarhederne, kunne tvinge det sårbare system tli -at genbruge krypografiske sessionsnøgler, hvilket muliggør en række -kryptografiske angreb mod de ciphers, der anvendes i WPA1 og WPA2.

- -

Flere oplysninger finder man i efterforskernes artikel, -Key Reinstallation Attacks: -Forcing Nonce Reuse in WPA2.

- -
    - -
  • CVE-2017-13077: - -

    Geninstallering af pairwise-nøglen i four-way-handshake.

    • - -
  • CVE-2017-13078: - -

    Geninstallering af group-nøglen i four-way-handshake.

    • - -
  • CVE-2017-13079: - -

    Geninstallering af integrity group-nøglen i four-way-handshake.

    • - -
  • CVE-2017-13080: - -

    Geninstallering af group-nøglen i group key-handshake.

    • - -
  • CVE-2017-13081: - -

    Geninstallering af integrity group-nøglen i group key-handshake.

    • - -
  • CVE-2017-13082: - -

    Acceptering af genoverført Fast BSS Transition Reassociation Request og - geninstallering af pairwise-nøgle under behandlingen af den.

    • - -
  • CVE-2017-13086: - -

    Geninstallering af Tunneled Direct-Link Setup (TDLS) PeerKey-nøgle (TPK) - i TDLS-handshake.

    • - -
  • CVE-2017-13087: - -

    Geninstallering af group-nøglen (GTK) under behandlingen af en Wireless - Network Management (WNM) Sleep Mode Response-frame.

    • - -
  • CVE-2017-13088: - -

    Geninstallering af integrity group-nøglen (IGTK) under behandlingen af en - Wireless Network Management (WNM) Sleep Mode Response-frame

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet i version -2.3-1+deb8u5.

- -

I den stabile distribution (stretch), er disse problemer rettet i version -2:2.4-1+deb9u1.

- -

I distributionen testing (buster), er disse problemer rettet i version -2:2.4-1.1.

- -

I den ustabile distribution (sid), er disse problemer rettet i version -2:2.4-1.1.

- -

Vi anbefaler at du opgraderer dine wpa-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-3999.data" diff --git a/danish/security/2017/dsa-4000.wml b/danish/security/2017/dsa-4000.wml deleted file mode 100644 index 48eaeccb523..00000000000 --- a/danish/security/2017/dsa-4000.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="dee509ed2d90516b79e04b49b9a589b3db45eb11" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i X-serveren X.Org. En angriber, som er i stand -til at forbinde sig til en X-server, kunne forårsage et lammelsesangreb eller -potentielt udføre vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2:1.16.4-1+deb8u2.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2:1.19.2-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4000.data" diff --git a/danish/security/2017/dsa-4001.wml b/danish/security/2017/dsa-4001.wml deleted file mode 100644 index f1658a53d63..00000000000 --- a/danish/security/2017/dsa-4001.wml +++ /dev/null @@ -1,16 +0,0 @@ -#use wml::debian::translation-check translation="7d354378c81095f8c416b9b25cac8c7a00532ab5" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at YADIFA, en autoritativ DNS-server, ikke på tilstrækkelig vis -kontrollede sine inddata. Dermed var det muligt for en fjernangriber at -forårsage et lammelsesangreb ved at tvinge dæmonen til at gå ind i en uendelig -løkke.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.2.3-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine yadifa-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4001.data" diff --git a/danish/security/2017/dsa-4002.wml b/danish/security/2017/dsa-4002.wml deleted file mode 100644 index fcd25bb007c..00000000000 --- a/danish/security/2017/dsa-4002.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="137556b9279d40f296b174b08435f9da6b8081b3" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion 5.5.58, som indeholder -yderligere ændringer, så som forbedringer af ydeevnen, fejlrettelser, ny -funktionalitet samt muligvis inkompatible ændringer. Se MySQL 5.5 Release Notes -og Oracles Critical Patch Update-bulletin for flere oplysninger:

- - - -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 5.5.58-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4002.data" diff --git a/danish/security/2017/dsa-4003.wml b/danish/security/2017/dsa-4003.wml deleted file mode 100644 index ac3dcc39fab..00000000000 --- a/danish/security/2017/dsa-4003.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="6e82a156316d74dbfec055bb7f7865f031c9492a" mindelta="1" -sikkerhedsopdatering - -

Daniel P. Berrange rapporterede at Libvirt, et abstraktionsbibliotek til -virtualisering, ikke på korrekt vis håndterede parametrene -default_tls_x509_verify (og relaterede) i qemu.conf, når TLS-klienter og --servere blev opsat i QEMU, førende til at verifikationen var slået i -TLS-klienter til tegnenheder og diskenheder, samt at alle fejl blev ignoreret -når servercertifikatet blevet valideret.

- -

Der er flere oplysninger i -\ -https://security.libvirt.org/2017/0002.html.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.0.0-4+deb9u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 3.8.0-3.

- -

Vi anbefaler at du opgraderer dine libvirt-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4003.data" diff --git a/danish/security/2017/dsa-4004.wml b/danish/security/2017/dsa-4004.wml deleted file mode 100644 index fd1b1cc4e7b..00000000000 --- a/danish/security/2017/dsa-4004.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="dbc685b695043701fed1038f95c1aa2212387ac0" mindelta="1" -sikkerhedsopdatering - -

Liao Xinxi opdagede at jackson-databind, et Java-bibliotek som anvendes til -at fortolke JSON og andre dataformater, ikke på korrekt vis validerede -brugerinddata, før deserialisering blev forsøgt. Dermed kunne en angriber udføre -kode, ved at levere ondsindet fremstillede inddata.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.4.2-2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.8.6-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine jackson-databind-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4004.data" diff --git a/danish/security/2017/dsa-4005.wml b/danish/security/2017/dsa-4005.wml deleted file mode 100644 index 9bf825e8aca..00000000000 --- a/danish/security/2017/dsa-4005.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="58e2c29e46e28686c42fbf6cb964bd92f9226fb5" mindelta="1" -sikkerhedsopdatering - -

To ikke-beskrevne sårbarheder blev opdaget i OpenJFX, en rig -klientapplikationsplatform til Java.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8u141-b14-3~deb9u1.

- -

Vi anbefaler at du opgraderer dine openjfx-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4005.data" diff --git a/danish/security/2017/dsa-4006.wml b/danish/security/2017/dsa-4006.wml deleted file mode 100644 index 6a7f8ef72fb..00000000000 --- a/danish/security/2017/dsa-4006.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="aa7ee46021567417e87960b67c08cfb0735ffa3c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i MuPDF, en PDF-filviser, hvilke kunne -medføre lammelsesangreb eller udførelse af vilkårlig kode.

- -
    - -
  • CVE-2017-14685, - CVE-2017-14686 og - CVE-2017-14687 - -

    WangLin opdagede at en fabrikeret .xps-fil kunne benyttes til at få MuPDF - til at gå ned, og potentielt til udførelse af vilkårlig kode på flere måder, - da applikationen havde ukontrollerede formodninger om - inddataformatet.

    • - -
  • CVE-2017-15587 - -

    Terry Chia og Jeremy Heng opdagede et heltalsoverløb, som kunne forårsage - udførelse af vilkårlig kode gennem en fabrikeret .pdf-fil.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.9a+ds1-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine mupdf-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4006.data" diff --git a/danish/security/2017/dsa-4007.wml b/danish/security/2017/dsa-4007.wml deleted file mode 100644 index f98c77cf3e4..00000000000 --- a/danish/security/2017/dsa-4007.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="842ccedd0008fa7a919921795bdd9c312f89c212" mindelta="1" -sikkerhedsopdatering - -

Brian Carpenter, Geeknik Labs og 0xd34db347 opdagede at cURL, et -URL-overførselsbibliotek, ukorrekt fortolkede et IMAP FETCH-svar med en -størrelse på 0, førende til en læsning uden for grænserne.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 7.38.0-4+deb8u7.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.52.1-5+deb9u2.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 7.56.1-1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4007.data" diff --git a/danish/security/2017/dsa-4008.wml b/danish/security/2017/dsa-4008.wml deleted file mode 100644 index 5a3c0aeb031..00000000000 --- a/danish/security/2017/dsa-4008.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="30c9d212d2cf6932c6da183eda52e5b333e2d3b5" mindelta="1" -sikkerhedsopdatering - -

Antti Levomaeki, Christian Jalio, Joonas Pihlaja og Juhani Eronen opdagede -to bufferoverløb i HTTP-protokolhandleren i downloadværktøjet Wget, hvilke kunne -medføre udførelse af vilkårlig kode, når der blev etableret forbindelse til en -ondsindet HTTP-server.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.16-1+deb8u4.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.18-5+deb9u1.

- -

Vi anbefaler at du opgraderer dine wget-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4008.data" diff --git a/danish/security/2017/dsa-4009.wml b/danish/security/2017/dsa-4009.wml deleted file mode 100644 index 0443d1dd854..00000000000 --- a/danish/security/2017/dsa-4009.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="03bad249718a858d17c97c893149d12fb621c861" mindelta="1" -sikkerhedsopdatering - -

Niklas Abel opdagede at utilstrækkelig fornuftighedskontrol af inddata i -komponenten ss-manager i shadowsocks-libev, en letvægts-socks5-proxy, kunne -medføre udførelse af vilkårlige shell-kommandoer.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.6.3+ds-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine shadowsocks-libev-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4009.data" diff --git a/danish/security/2017/dsa-4010.wml b/danish/security/2017/dsa-4010.wml deleted file mode 100644 index ed1bc6aeb00..00000000000 --- a/danish/security/2017/dsa-4010.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="fa6d8c5df3e281222d5dcd7e979082584e55a8d5" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at git-annex, et værktøj til håndtering af filer med git uden -at checke indholdet ind, ikke på korrekt vis håndterede ondsindet fremstillede -ssh://-URL'er. Dermed var det muligt for en angriber, at køre en vilkårlig -shell-kommando.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 5.20141125+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 6.20170101-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine git-annex-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4010.data" diff --git a/danish/security/2017/dsa-4011.wml b/danish/security/2017/dsa-4011.wml deleted file mode 100644 index 7366c48ac4c..00000000000 --- a/danish/security/2017/dsa-4011.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="1df63e1f5a4deefbef2ec8efa796a3f49cb2ed44" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at bgpd-dæmonen i routingsuiten Quagga, ikke på korrekt vis -beregnede længden på multisegmentmeddelelser af typen AS_PATH UPDATE, hvilket -medførte at bgpd droppede en session, potentielt medførende mistet -netværksadgang.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 0.99.23.1-1+deb8u4.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.1.1-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine quagga-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4011.data" diff --git a/danish/security/2017/dsa-4012.wml b/danish/security/2017/dsa-4012.wml deleted file mode 100644 index df017c8a9ce..00000000000 --- a/danish/security/2017/dsa-4012.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="a77cf7cd9e256bfa145d81ca1bb8c5dea432bfaf" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er rettet i adskillige demuxere og dekodere -hørende til multimediebiblioteket libav. En komplet liste over ændringerne er -tilgængelige i -\ -https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.11

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 6:11.11-1~deb8u1.

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4012.data" diff --git a/danish/security/2017/dsa-4013.wml b/danish/security/2017/dsa-4013.wml deleted file mode 100644 index d572e8beeb5..00000000000 --- a/danish/security/2017/dsa-4013.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="df26ddc00f7686224566dd074c18776e80c3dbf9" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder i OpenJPEG, et bibliotek til kompromering og -dekomprimering af JPEG 2000-billeder, kunne medføre lammelsesangreb eller -udførelse af vilkårlig kode, hvis en misdannet JPEG 2000-fil blev behandlet.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2.1.0-2+deb8u3.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.1.2-1.1+deb9u2.

- -

Vi anbefaler at du opgraderer dine openjpeg2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4013.data" diff --git a/danish/security/2017/dsa-4014.wml b/danish/security/2017/dsa-4014.wml deleted file mode 100644 index 8ac992688d4..00000000000 --- a/danish/security/2017/dsa-4014.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="db7021161520cb3ddd464b82e1499a78514373db" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:52.4.0-1~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:52.4.0-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4014.data" diff --git a/danish/security/2017/dsa-4015.wml b/danish/security/2017/dsa-4015.wml deleted file mode 100644 index 1cabe997a15..00000000000 --- a/danish/security/2017/dsa-4015.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="88ed370a315b3151509609c975c719b1fe5ea78b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende imitation af Kerberos-services, lammelsesangreb, -omgåelse af sandkasse og HTTP-headerindsprøjtning.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8u151-b12-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine openjdk-8-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4015.data" diff --git a/danish/security/2017/dsa-4016.wml b/danish/security/2017/dsa-4016.wml deleted file mode 100644 index d058690ae77..00000000000 --- a/danish/security/2017/dsa-4016.wml +++ /dev/null @@ -1,75 +0,0 @@ -#use wml::debian::translation-check translation="c9fb9a40967be4b5a85e87cbd5ca8062f3bc38a0" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Irssi, en terminalbaseret IRC-klient. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2017-10965 - -

    Brian geeknik Carpenter fra Geeknik Labs opdagede at Irssi ikke på - korrekt vis håndterede modtagelse af meddelelser med ugyldige - tidsstemplinger. En ondsindet IRC-server kunne drage nytte af fejlen til at - få Irssi til at gå ned, medførende et lammelsesangreb.

    • - -
  • CVE-2017-10966 - -

    Brian geeknik Carpenter fra Geeknik Labs opdagede at Irssi var - ramt af en anvendelse efter frigivelse-fejl, når den interne nickliste blev - opdateret. En ondsindet IRC-server kunne drage nytte af fejlen til at få - Irssi til at gå ned, medførende et lammelsesangreb.

    • - -
  • CVE-2017-15227 - -

    Joseph Bisch opdagede at mens der ventes på kanalsynkroniseringen, kunne - Irssi på ukorrekt vis mislykkes med at fjerne destruerede kanaler fra - querylisten, medførende anvendelse efter frigivelse-tilstande, når - tilstanden senere blev opdateret. En ondsindet IRC-server kunne drage nytte - af fejlen til at få Irssi til at gå ned, medførende et - lammelsesangreb.

    • - -
  • CVE-2017-15228 - -

    Hanno Boeck rapporterede at Irssi ikke på korrekt vis håndterede - installering af temaer med uafsluttede farveformateringssekvenser, førende - til et lammelsesangreb hvis en bruger blev narret til at installere et - særligt fabrikeret tema.

    • - -
  • CVE-2017-15721 - -

    Joseph Bisch opdagede at Irssi ikke på korrekt vis håndterede ukorrekt - formaterede DCC CTCP-meddelelser. En fjernangriber kunne drage nytte af - fejlen til at få Irssi til at gå ned, medførende et - lammelsesangreb.

    • - -
  • CVE-2017-15722 - -

    Joseph Bisch opdagede at Irssi ikke på korrekt vis verificerede - Safe-kanal-id'er. En ondsindet IRC-server kunne drage nytte af fejlen til - at få Irssi til at gå ned, medførende et lammelsesangreb.

    • - -
  • CVE-2017-15723 - -

    Joseph Bisch rapporterede at Irssi ikke på korrekt vis håndterede alt - for lange nicks eller mål, medførende en NULL-pointerdereference, når en - meddelelse blev opsplittet, førende til et lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 0.8.17-1+deb8u5.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.0.2-1+deb9u3. -\ -CVE-2017-10965 og -\ -CVE-2017-10966 var allerede rettet i en tidligere punktudgave.

- -

Vi anbefaler at du opgraderer dine irssi-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4016.data" diff --git a/danish/security/2017/dsa-4017.wml b/danish/security/2017/dsa-4017.wml deleted file mode 100644 index a454348f49f..00000000000 --- a/danish/security/2017/dsa-4017.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="a39f4a923ae16ce3057aca11435b1ad4d5ff672f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i OpenSSL, et Secure Sockets -Layer-værktøjssæt. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- - - -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.0.2l-2+deb9u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.0.2m-1.

- -

Vi anbefaler at du opgraderer dine openssl1.0-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4017.data" diff --git a/danish/security/2017/dsa-4018.wml b/danish/security/2017/dsa-4018.wml deleted file mode 100644 index 0a9831abf9c..00000000000 --- a/danish/security/2017/dsa-4018.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="4ba126cb5b00dec2f12d84180945b9e1e7db932f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenSSL, et Secure Sockets Layer-værktøjssæt. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- - - -

I den gamle stabile distribution (jessie), er -\ -CVE-2017-3735 rettet i version 1.0.1t-1+deb8u7. Den gamle stabile -distribution er ikke påvirket af -\ -CVE-2017-3736.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.1.0f-3+deb9u1.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 1.1.0g-1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4018.data" diff --git a/danish/security/2017/dsa-4019.wml b/danish/security/2017/dsa-4019.wml deleted file mode 100644 index 6a75b0297cb..00000000000 --- a/danish/security/2017/dsa-4019.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="f5e293571840c20f8509af5f496966d5bf344c02" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter flere sårbarheder i imagemagick: Forskellige -problemer med hukommelseshåndtering og tilfælde af manglende eller ufuldstændig -fornuftighedskontrol af inddata, kunne føre til lammelsesangreb, -hukommelsesafsløring eller udførelse af vilkårlig kode, hvis misdannede -billedfiler blev behandlet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 8:6.9.7.4+dfsg-11+deb9u2.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4019.data" diff --git a/danish/security/2017/dsa-4020.wml b/danish/security/2017/dsa-4020.wml deleted file mode 100644 index 59380c7e205..00000000000 --- a/danish/security/2017/dsa-4020.wml +++ /dev/null @@ -1,125 +0,0 @@ -#use wml::debian::translation-check translation="c95dc438808be3041c014db1493262a7ad9797c3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -

Desuden kan vi med denne meddelelse oplyse, at sikkerhedsunderstøttelse af -chromium i den gamle stabile udgave (jessie), Debian 8, nu er ophørt.

- -

Debian 8-brugere af chromium, som ønsker fortsatte sikkerhedsopdateringer, -opfordres kraftigt til at opgradere til den aktuelle stabile udgave (stretch), -Debian 9.

- -

Et alternativ er at skifte til browseren firefox, som i nogen tid endnu vil -modtage sikkerhedsopdateringer i jessie.

- -
    - -
  • CVE-2017-5124 - -

    Et problem med udførelse af skripter på tværs af websteder, blev opdaget - i MHTML.

    • - -
  • CVE-2017-5125 - -

    Et heapoverløbsproblem blev opdaget i biblioteket skia.

    • - -
  • CVE-2017-5126 - -

    Luat Nguyen opdagede et problem med anvendelse efter frigivelse i - biblioteket pdfium.

    • - -
  • CVE-2017-5127 - -

    Luat Nguyen opdagede et andet problem med anvendelse efter frigivelse i - biblioteket pdfium.

    • - -
  • CVE-2017-5128 - -

    Omair opdagede et heapoverløbsproblem i implementeringen af - WebGL.

    • - -
  • CVE-2017-5129 - -

    Omair opdagede et problem med anvendelse efter frigivelse i - implementeringen af WebAudio.

    • - -
  • CVE-2017-5131 - -

    Man opdagede et problem med skrivning uden for grænserne i biblioteket - skia.

    • - -
  • CVE-2017-5132 - -

    Guarav Dewan opdagede en fejl i implementeringen af WebAssembly.

    • - -
  • CVE-2017-5133 - -

    Aleksandar Nikolic opdagede et problem med skrivning uden for grænserne i - biblioteket skia.

    • - -
  • CVE-2017-15386 - -

    WenXu Wu opdagede et problem med forfalskning af brugergrænsefladen.

    • - -
  • CVE-2017-15387 - -

    Jun Kokatsu opdagede en måde at omgå indholdssikkerhedspolicy på.

    • - -
  • CVE-2017-15388 - -

    Kushal Arvind Shah opdagede et problem med læsning uden for grænserne i - biblioteket skia.

    • - -
  • CVE-2017-15389 - -

    xisigr opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2017-15390 - -

    Haosheng Wang opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2017-15391 - -

    Joao Lucas Melo Brasio opdagede en måde hvorpå en udvidelse kunne omgå - sine begrænsninger.

    • - -
  • CVE-2017-15392 - -

    Xiaoyin Liu opdagede en fejl i implementeringen af registry keys.

    • - -
  • CVE-2017-15393 - -

    Svyat Mitin opdagede et problem i devtools.

    • - -
  • CVE-2017-15394 - -

    Sam opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2017-15395 - -

    Johannes Bergman et problem med en nullpointerdereference.

    • - -
  • CVE-2017-15396 - -

    Yuan Deng opdagede et stakoverløbsproblem i JavaScript-biblioteket - v8.

    • - -
- -

I den gamle stabile distribution (jessie), er sikkerhedsunderstøttelse af -chromium ophørt.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 62.0.3202.75-1~deb9u1.

- -

I distributionen testing (buster), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 62.0.3202.75-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4020.data" diff --git a/danish/security/2017/dsa-4021.wml b/danish/security/2017/dsa-4021.wml deleted file mode 100644 index d6b6f4cbbe2..00000000000 --- a/danish/security/2017/dsa-4021.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="d573202177a50dbcc8e3499deac5fec5dcf8a1cb" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at manglende fornuftighedskontrol af inddata i Open Ticket -Request System, kunne medføre rettighedsforøgelse fra en agent med -skriverettigheder til statistik.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 3.3.18-1+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 5.0.16-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4021.data" diff --git a/danish/security/2017/dsa-4022.wml b/danish/security/2017/dsa-4022.wml deleted file mode 100644 index 4d7ee7f926b..00000000000 --- a/danish/security/2017/dsa-4022.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="d57e0696b81ec71b2e66010597a95afb35b84797" mindelta="1" -sikkerhedsopdatering - -

Marcin Noga opdagede to sårbarheder i LibreOffice, hvilke kunne medføre -udførelse af vilkårlig kode, hvis et misdannet PPT- eller DOC-dokument blev -åbnet.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:4.3.3-2+deb8u9.

- -

Sårbarhederne blev rettet i Libreoffice 5.0.2, så versionen i den stabile -distribution (stretch) er ikke påvirket.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4022.data" diff --git a/danish/security/2017/dsa-4023.wml b/danish/security/2017/dsa-4023.wml deleted file mode 100644 index 3e6bf624187..00000000000 --- a/danish/security/2017/dsa-4023.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="0826e5c94efcb989717fca02b96589665da452a0" mindelta="1" -sikkerhedsopdatering - -

Ryan Day opdagede at Simple Linux Utility for Resource Management (SLURM), -et system til administrering af klyngeressourcer og jobplanlægning, ikke på -korrekt vis håndterede SPANK-miljøvariabler, hvilket gjorde det muligt for en -bruger med tilladelse til at indsende jobs, at udføre kode som root under -Prolog'en eller Epilog'en. Alle systemer som anvender et Prolog- eller -Epilog-skript var sårbare, uanset om der anvendes SPANK-plugins eller ej.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 16.05.9-1+deb9u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 17.02.9-1.

- -

Vi anbefaler at du opgraderer dine slurm-llnl-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4023.data" diff --git a/danish/security/2017/dsa-4024.wml b/danish/security/2017/dsa-4024.wml deleted file mode 100644 index f9566758e03..00000000000 --- a/danish/security/2017/dsa-4024.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="2fa8abdc74890870a5d9e294b3b8c1d23fae99a9" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i browseren chromium.

- -
    - -
  • CVE-2017-15398 - -

    Ned Williamson et problem med et stakoverløb.

    • - -
  • CVE-2017-15399 - -

    Zhao Qixun opdagede et problem med anvendelse efter frigivelse i - JavaScript-biblioteket v8.

    • - -
- -

I den gamle stabile distribution (jessie), er sikkerhedsunderstøttelse af -chromium ophørt.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 62.0.3202.89-1~deb9u1.

- -

I distributionen testing (buster), vil disse problemer snart blive rettet.

- -

I den ustabile distribution (sid), er disse problemer rettet i -version 62.0.3202.89-1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4024.data" diff --git a/danish/security/2017/dsa-4025.wml b/danish/security/2017/dsa-4025.wml deleted file mode 100644 index f5ec1b4a919..00000000000 --- a/danish/security/2017/dsa-4025.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="d3ba579e2e8efd43f35083d00742272713286f3a" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libpam4j, en Java-bibliotekswrapper til integration med PAM, -ikke kaldte pam_acct_mgmt() under autentifikation. Dermed kunne en bruger med -en gyldig adgangskoden, men med en deaktiveret konto, alligevel logge på.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.4-2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.4-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine libpam4j-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4025.data" diff --git a/danish/security/2017/dsa-4026.wml b/danish/security/2017/dsa-4026.wml deleted file mode 100644 index 53df81f64e4..00000000000 --- a/danish/security/2017/dsa-4026.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="dac2e3036eee4d669b53485340df4efb21a400f0" mindelta="1" -sikkerhedsopdatering - -

Wen Bin opdagede at bchunk, en applikation der kan konvertere et CD-filaftryk -i bin/cue-format til et sæt iso- og cdr/wav-trackfiler, ikke på korrekt vis -kontrollerede sine inddata. Dermed kunne ondsindede brugere få applikationen -til at gå ned eller potentielt udføre vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.2.0-12+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.2.0-12+deb9u1.

- -

Vi anbefaler at du opgraderer dine bchunk-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4026.data" diff --git a/danish/security/2017/dsa-4027.wml b/danish/security/2017/dsa-4027.wml deleted file mode 100644 index 4045c0f7ef5..00000000000 --- a/danish/security/2017/dsa-4027.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="ed1b8784f98a3778af3f719a9e861d4c076d8534" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed er fundet i databasesystemet PostgreSQL: Lammelsesangreb og -potentiel hukommelseafsløring i funktionerne json_populate_recordset() og -jsonb_populate_recordset().

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 9.4.15-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4027.data" diff --git a/danish/security/2017/dsa-4028.wml b/danish/security/2017/dsa-4028.wml deleted file mode 100644 index 8fb2f2a32a9..00000000000 --- a/danish/security/2017/dsa-4028.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="0dee2f051a50001ab1b3684828c133e92c8473b2" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i databasesystemet PostgreSQL:

- -
    - -
  • CVE-2017-15098 - -

    Lammelsesangreb og potentiel hukommelsesafsløring i funktionerne - json_populate_recordset() and jsonb_populate_recordset().

    • - -
  • CVE-2017-15099 - -

    Utilstrækkelige rettighedskontroller i INSERT ... ON CONFLICT DO - UPDATE-statements.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 9.6.6-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4028.data" diff --git a/danish/security/2017/dsa-4029.wml b/danish/security/2017/dsa-4029.wml deleted file mode 100644 index dacd3629eaa..00000000000 --- a/danish/security/2017/dsa-4029.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="dc789b4ef17fd36cbf5692840da05247dbaaa564" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at kommandoerne pg_ctlcluster, pg_createcluster og -pg_upgradecluster, håndterede symbolske links på usikker vis, hvilket kunne -medføre lammelsesangreb ved at overskrive vilkårlige filer.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 165+deb8u3.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 181+deb9u1.

- -

Vi anbefaler at du opgraderer dine postgresql-common-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4029.data" diff --git a/danish/security/2017/dsa-4030.wml b/danish/security/2017/dsa-4030.wml deleted file mode 100644 index 7a0f306fa76..00000000000 --- a/danish/security/2017/dsa-4030.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="d05a3549d3e1c61b95f9f98d704ffc8e6345a28d" mindelta="1" -sikkerhedsopdatering - -

En filafsløringssårbarhed blev opdaget i roundcube, en AJAX-baseret, skindbar -webmailløsning til IMAP-servere. En autentificeret angriber kunne drage nytte -af fejlen til at læse roundcubes opsætningsfiler.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.2.3+dfsg.1-4+deb9u1.

- -

I den ustabile distribution (sid), er dette problem rettet i -version 1.3.3+dfsg.1-1.

- -

Vi anbefaler at du opgraderer dine roundcube-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4030.data" diff --git a/danish/security/2017/dsa-4031.wml b/danish/security/2017/dsa-4031.wml deleted file mode 100644 index 753b9a895de..00000000000 --- a/danish/security/2017/dsa-4031.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="60bbfaf2abb6c026015e0805d790a044c7b24088" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i fortolkeren af sproget Ruby. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2017-0898 - -

    aerodudrizzt rapporterede om en bufferunderløbssårbarhed i metoden - sprintf af modulet Kernel, medførende korruption af heaphukommelsen eller - informationsafsløring fra heap.

    • - -
  • CVE-2017-0903 - -

    Max Justicz rapporterede at RubyGems var ramt af en sårbarhed i - forbindelse med usikker deserialisering af objekter. Når det blev - fortolket af en applikation, der behandler gems, kunne en særligt - fremstillet YAML-formateret gem-specifikation føre til fjernudførelse af - kode.

    • - -
  • CVE-2017-10784 - -

    Yusuke Endoh opdagede en sårbarhed i forbindelse med indsprøjtning af - escapesekvenser i Basic-autentifikationen i WEBrick. En angriber kunne - drage nytte af fejlen til at indsprøjte ondsindede escapesekvenser til - WEBrick'ens log, samt potentielt udføre kontroltegn i offerets - terminalemulator, når der læses logninger.

    • - -
  • CVE-2017-14033 - -

    asac rapporterede om en bufferunderløbssårbarhed i OpenSSL-udvidelsen. - En fjernangriber kunne drage nytte af fejlen til at forårsage at - Ruby-fortolkeren gik ned, førende til et lammelsesangreb.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.3.3-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine ruby2.3-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4031.data" diff --git a/danish/security/2017/dsa-4032.wml b/danish/security/2017/dsa-4032.wml deleted file mode 100644 index 4cc2c823014..00000000000 --- a/danish/security/2017/dsa-4032.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="df62c787c8dae4d954215bc1d806732898affdba" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter flere sårbarheder i imagemagick: Forskellige -hukommelseshåndteringsproblemer og tilfælde af manglende eller ufuldstændig -fornuftighedskontrol af inddata, kunne medføre lammelsesangreb, -hukommelsesblotlæggelse eller udførelse af vilkårlig kode, hvis misdannede -filer af typerne GIF, TTF, SVG, TIFF, PCX, JPG eller SFW, blev behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8:6.9.7.4+dfsg-11+deb9u3.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4032.data" diff --git a/danish/security/2017/dsa-4033.wml b/danish/security/2017/dsa-4033.wml deleted file mode 100644 index 77673e262f6..00000000000 --- a/danish/security/2017/dsa-4033.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="2cd2c6e234276a39c29f78f9c4113e69b317f9a4" mindelta="1" -sikkerhedsopdatering - -

Joseph Bisch opdagede at Konversation, en brugervenlig Internet Relay -Chat-klient (IRC) til KDE, kunne gå ned når visse IRC-farveformateringskoder -blev fortolket.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.5-2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.6.2-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine konversation-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4033.data" diff --git a/danish/security/2017/dsa-4034.wml b/danish/security/2017/dsa-4034.wml deleted file mode 100644 index 172b18bbc32..00000000000 --- a/danish/security/2017/dsa-4034.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="93a6968ae86191f6005be2cf1091702125c24734" mindelta="1" -sikkerhedsopdatering - -

shamger og Carlo Cannas opdagede at en programmingsfejl i Varnish, en -avanceret og højtydende webaccelerator, kunne medføre blotlæggelse af -hukommelsesindhold eller lammelsesangreb.

- -

Se \ -https://varnish-cache.org/security/VSV00002.html for flere oplysninger.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 5.0.0-7+deb9u2.

- -

Vi anbefaler at du opgraderer dine varnish-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4034.data" diff --git a/danish/security/2017/dsa-4035.wml b/danish/security/2017/dsa-4035.wml deleted file mode 100644 index 640ebc36a08..00000000000 --- a/danish/security/2017/dsa-4035.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="86ef9067e9b6040fec6c22be00611aba2f01566f" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl, anvendelser efter frigivelse samt andre -implementeringsfejl, kunne føre til udførelse af vilkårlig kode, -lammelsesangreb eller omgåelse af samme ophav-policy.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 52.5.0esr-1~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 52.5.0esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4035.data" diff --git a/danish/security/2017/dsa-4036.wml b/danish/security/2017/dsa-4036.wml deleted file mode 100644 index 647792515e1..00000000000 --- a/danish/security/2017/dsa-4036.wml +++ /dev/null @@ -1,51 +0,0 @@ -#use wml::debian::translation-check translation="5a372f473993967746d942d8f0a149dc75960230" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder er opdaget i MediaWiki, en webstedsmotor til -samarbejde:

- -
    - -
  • CVE-2017-8808 - -

    Udførelse af skripter på tværs af websteder med ikke-standard - URL-escaping og $wgShowExceptionDetails deaktivet.

    • - -
  • CVE-2017-8809 - -

    Reflected fildownload i API.

    • - -
  • CVE-2017-8810 - -

    På private wikier skelnede logonformularen ikke mellem logonfejl på grund - af forkert brugernavn og forkert adgangskode.

    • - -
  • CVE-2017-8811 - -

    Det var muligt at forvrænge HTML gennem parameterudvidelse af - raw-message.

    • - -
  • CVE-2017-8812 - -

    Id-attributter i overskrifter tillod rå >.

    • - -
  • CVE-2017-8814 - -

    Sprogkonvertering kunne narres til at erstatte tekst inde i - tags.

    • - -
  • CVE-2017-8815 - -

    Indsprøjtning af usikker attribut gennem glossary-regler i - sprogkonvertering.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:1.27.4-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4036.data" diff --git a/danish/security/2017/dsa-4037.wml b/danish/security/2017/dsa-4037.wml deleted file mode 100644 index e73f271fb74..00000000000 --- a/danish/security/2017/dsa-4037.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="851730da096eab072f8487d832a74411268e9832" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at jackson-databind, et Java-bibliotek der anvendes til at -fortolke JSON og andre dataformater, på ukorrekt vis validerede brugerinddata -før deserialisering: efter DSA-4004-1 vedrørende -\ -CVE-2017-7525, blev der fundet yderligere et sæt klasser, der var usikre i -forhold til deserialisering.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.4.2-2+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.8.6-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine jackson-databind-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4037.data" diff --git a/danish/security/2017/dsa-4038.wml b/danish/security/2017/dsa-4038.wml deleted file mode 100644 index e372c9495b1..00000000000 --- a/danish/security/2017/dsa-4038.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="bd410f3c6c301bc406b52cb6f1ac32fbb6e7eea1" mindelta="1" -sikkerhedsopdatering - -

Rod Widdowson fra Steading System Software LLP, opdagede en -programmeringsfejl i metadataplugin'en Dynamic i Shibboleth Service -Provider, hvilket medførte at plugin'en ikke fik opsat sig selv med de modtagne -filtre, og dermed blev ingen af de tilsigtede kontroller udført.

- -

Se \ -https://shibboleth.net/community/advisories/secadv_20171115.txt for flere -oplysninger.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.5.3+dfsg-2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.6.0+dfsg1-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine shibboleth-sp2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4038.data" diff --git a/danish/security/2017/dsa-4039.wml b/danish/security/2017/dsa-4039.wml deleted file mode 100644 index 66d89c5663a..00000000000 --- a/danish/security/2017/dsa-4039.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="73325ffa00d886c93317489d1f68d2c5dcd12ef2" mindelta="1" -sikkerhedsopdatering - -

Rod Widdowson fra Steading System Software LLP, opdagede en -programmeringsfejl i biblioteket OpenSAML, hvilket medførte at klassen -DynamicMetadataProvider ikke fik opsat sig selv med de modtagne filtre, og -dermed blev de tilsigtede kontroller ikke udført.

- -

Se \ -https://shibboleth.net/community/advisories/secadv_20171115.txt for flere -oplysninger.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.5.3-2+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.6.0-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine opensaml2-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4039.data" diff --git a/danish/security/2017/dsa-4040.wml b/danish/security/2017/dsa-4040.wml deleted file mode 100644 index 2f80a578ce3..00000000000 --- a/danish/security/2017/dsa-4040.wml +++ /dev/null @@ -1,17 +0,0 @@ -#use wml::debian::translation-check translation="cc092ec17f5afae92f0ff3c9be604050d79b2e6a" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter flere sårbarheder i imagemagick: Forskellige -problemer med hukommelseshåndtering og tilfælde af manglende eller ufuldstændig -fornuftighedskontrol af inddata, kunne medføre lammelsesangreb, -hukommelsesafsløring eller udførelse af vilkårlig kode, hvis misdannede -billedfiler blev behandlet.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 8:6.8.9.9-5+deb8u11.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4040.data" diff --git a/danish/security/2017/dsa-4041.wml b/danish/security/2017/dsa-4041.wml deleted file mode 100644 index 69c5e297a89..00000000000 --- a/danish/security/2017/dsa-4041.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="c66f242a0ec2ca577dba8e98ca1d8784a0b5f6d2" mindelta="1" -sikkerhedsopdatering - -

Jakub Wilk rapporterede om en heapbaseret bufferoverløbssårbarhed i procmails -værktøj formail, når der blev behandlet særligt fremstillede mailheadere. En -fjernangriber kunne udnytte fejlen tilat få formail til at gå ned, medførende et -lammelsesangreb eller datatab.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 3.22-24+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.22-25+deb9u1.

- -

Vi anbefaler at du opgraderer dine procmail-pakker.

- -

For the detailed security status of procmail please refer to its -security tracker page at: -https://security-tracker.debian.org/tracker/procmail

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4041.data" diff --git a/danish/security/2017/dsa-4042.wml b/danish/security/2017/dsa-4042.wml deleted file mode 100644 index 87b9b59e45d..00000000000 --- a/danish/security/2017/dsa-4042.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="9213b18ec09a321ade74920c36e44c486350c0cb" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med anvendelse efter frigivelse blev opdaget i -XML::LibXML, en Perl-grænseflade til biblioteket libxml2, hvilket gjorde det -muligt for en angriber at udføre vilkårlig kode, ved at kontrollere parametrene -til et replaceChild()-kald.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.0116+dfsg-1+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.0128+dfsg-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine libxml-libxml-perl-pakker.

- -

For the detailed security status of libxml-libxml-perl please refer to -its security tracker page at: -https://security-tracker.debian.org/tracker/libxml-libxml-perl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4042.data" diff --git a/danish/security/2017/dsa-4043.wml b/danish/security/2017/dsa-4043.wml deleted file mode 100644 index ed6f448bd0e..00000000000 --- a/danish/security/2017/dsa-4043.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="04432370b0ac14c024dc45bf408c8127a4e1faf8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Samba, en SMB/CIFS fil-, print- og loginserver -til Unix. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- -
    - -
  • CVE-2017-14746 - -

    Yihan Lian og Zhibin Hu fra Qihoo 360 GearTeam, opdagede en sårbarhed i - forbindelse med anvendelse efter frigivelse, som tillod at en klient kunne - kompromittere en SMB-server gennem ondsindede SMB1-forespørgsler.

    • - -
  • CVE-2017-15275 - -

    Volker Lendecke fra SerNet og Samba-holdet, opdagede at Samba var ramt af - en heaphukommelsesinformationslækage, hvor serveren tillod at heaphukommelse - kunne føres tilbage til klienten, uden at være blevet renset.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2:4.2.14+dfsg-0+deb8u9.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2:4.5.12+dfsg-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende samba, se dens -sikkerhedssporingsside på: \ -https://security-tracker.debian.org/tracker/samba

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4043.data" diff --git a/danish/security/2017/dsa-4044.wml b/danish/security/2017/dsa-4044.wml deleted file mode 100644 index 8834b597e23..00000000000 --- a/danish/security/2017/dsa-4044.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c39802a491e59344881042e748ea6948adbcbd4e" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed er opdaget i swauth, et autentificeringssystem til Swift, et -distribueret virtuelt objektstore, der anvendes i Openstack.

- -

En brugers autentificeringstoken blev gemt i klartekst i logfilen, hvilket -kunne gøre det muligt for en angriber, med angang til logfilerne, at omgå den -autentifikation, som swauth stiller til rådighed.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.2.0-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine swauth-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende swauth, se dens -sikkerhedssporingsside på \ -https://security-tracker.debian.org/tracker/swauth

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4044.data" diff --git a/danish/security/2017/dsa-4045.wml b/danish/security/2017/dsa-4045.wml deleted file mode 100644 index ccf99b72df5..00000000000 --- a/danish/security/2017/dsa-4045.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="3caef406fd7c0df67e69b79f2423af935af97899" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i VLC, VideoLAN-projektets medieafspiller. -Behandling af misdannede mediefiler, kunne føre til lammelsesangreb og -potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2.2.7-1~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.2.7-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende vlc, -se dens sikkerhedssporingsside på -\ -https://security-tracker.debian.org/tracker/vlc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4045.data" diff --git a/danish/security/2017/dsa-4046.wml b/danish/security/2017/dsa-4046.wml deleted file mode 100644 index e6bc985bc22..00000000000 --- a/danish/security/2017/dsa-4046.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="de983994dff75a4fa7599cd8278faacb94b9225b" mindelta="1" -sikkerhedsopdatering - -

Tobias Schneider opdagede at libspring-ldap-java, et Java-bibliotek til -Spring-baserede appliaktioner, som anvender Lightweight Directory Access -Protocol, under nogle omstændigheder tillod autentifikation med et korrekt -brugernavn, men en vilkårlig adgangskode.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.3.1.RELEASE-5+deb8u1.

- -

Vi anbefaler at du opgraderer dine libspring-ldap-java-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libspring-ldap-java, -se dens sikkerhedssporingsside på -\ -https://security-tracker.debian.org/tracker/libspring-ldap-java

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4046.data" diff --git a/danish/security/2017/dsa-4047.wml b/danish/security/2017/dsa-4047.wml deleted file mode 100644 index 853f3e32cd4..00000000000 --- a/danish/security/2017/dsa-4047.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="410acebc2cf1b0431184ff049647f325c92f5356" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Open Ticket Request System, hvilke kunne -medføre blotlæggelse af loginoplysninger til databasen eller indloggede -agenters udførelse af vilkårlige shell-kommendoer.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 3.3.18-1+deb8u2.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 5.0.16-1+deb9u3.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende otrs2, -se dens sikkerhedssporingsside på -\ -https://security-tracker.debian.org/tracker/otrs2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4047.data" diff --git a/danish/security/2017/dsa-4048.wml b/danish/security/2017/dsa-4048.wml deleted file mode 100644 index 9173b732d20..00000000000 --- a/danish/security/2017/dsa-4048.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="410acebc2cf1b0431184ff049647f325c92f5356" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende imitation af Kerberos-tjenester, lammelsesangreb, -omgåelse af sandkassen eller HTTP-headerindsprøjtning.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 7u151-2.6.11-2~deb8u1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-7, -se dens sikkerhedssporingsside på -\ -https://security-tracker.debian.org/tracker/openjdk-7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4048.data" diff --git a/danish/security/2017/dsa-4049.wml b/danish/security/2017/dsa-4049.wml deleted file mode 100644 index 9a468361e8b..00000000000 --- a/danish/security/2017/dsa-4049.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="630a68677ad44bb5438d02e0c09c64ac7dae54ba" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i multimedieframeworket FFmpeg, hvilke kunne -medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis -misdannede filer/streams blev behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7:3.2.9-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ffmpeg, -se dens sikkerhedssporingsside på -\ -https://security-tracker.debian.org/tracker/ffmpeg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4049.data" diff --git a/danish/security/2017/dsa-4050.wml b/danish/security/2017/dsa-4050.wml deleted file mode 100644 index 681aeef8a7e..00000000000 --- a/danish/security/2017/dsa-4050.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="2c4c362f1f65702c698d5d4227f6c14cc6827373" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Xen-hypervisor, hvilke kunne medføre -lammelsesangreb, informationslækager, rettighedsforøgelse eller udførelse af -vilkårlig kode.

- -

I den gamle stabile distribution (jessie) a separate update will be -released.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.8.2+xsa245-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, -se dens sikkerhedssporingsside på -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4050.data" diff --git a/danish/security/2017/dsa-4051.wml b/danish/security/2017/dsa-4051.wml deleted file mode 100644 index 4a336dec7ef..00000000000 --- a/danish/security/2017/dsa-4051.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="31062928930c5d1bde3ea562f87a1901990517e0" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i cURL, en URL-overførselsbibliotek.

- -
    - -
  • CVE-2017-8816 - -

    Alex Nichols opdagede en bufferoverløbsfejl i NTLM-autentifikationskoden, - hvilken kunne udløses på 32 bit-systemer, hvor et heltalsoverløb kunne opstå - når størrelsen på en hukommelsesallokering blev beregnet.

    • - -
  • CVE-2017-8817 - -

    Fuzzing udført af OSS-Fuzz-projektet, førte til opdagelse af en læsning - uden for grænserne i FTP-wildcardfunktionen i libcurl. En ondsindet server - kunne omdirigere en libcurl-baseret klient til en URL, anvendende et - wildcardmønster, udløsende læsningen uden for grænserne.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 7.38.0-4+deb8u8.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7.52.1-5+deb9u3.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende curl, -se dens sikkerhedssporingsside på -\ -https://security-tracker.debian.org/tracker/curl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4051.data" diff --git a/danish/security/2017/dsa-4052.wml b/danish/security/2017/dsa-4052.wml deleted file mode 100644 index 267f6dce638..00000000000 --- a/danish/security/2017/dsa-4052.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="7b6dc54720ca5e28df30eb20a59941c50a897011" mindelta="1" -sikkerhedsopdatering - -

Adam Collard opdagede at Bazaar, et letanvendeligt distribueret -versionskontrolsystem, ikke på korrekt vis håndterede ondsindet fremstillede -bzr+ssh-URL'er, hvilket gjorde det muligt for en fjernangriber at køre en -vilkårlig shell-kommando.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.6.0+bzr6595-6+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.7.0+bzr6619-7+deb9u1.

- -

Vi anbefaler at du opgraderer dine bzr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bzr, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/bzr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4052.data" diff --git a/danish/security/2017/dsa-4053.wml b/danish/security/2017/dsa-4053.wml deleted file mode 100644 index 4e37f7f0051..00000000000 --- a/danish/security/2017/dsa-4053.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="085b41e641a93bc2fc87c0ce1a322825171adee2" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Exim, en mailtransportagent. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2017-16943 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse, blev opdaget - i Exims rutiner med ansvar for at fortolke mailheadere. En fjernangriber - kunne drage nytte af fejlen, til at få Exim til at gå ned, medførende et - lammelsesangreb eller potentielt fjernudførelse af kode.

    • - -
  • CVE-2017-16944 - -

    Man opdagede at Exim ikke på korrekt vis håndterede BDAT-dataheadere, - hvilket gjorde det muligt for en fjernangriber, at få Exim til at gå ned, - medførende et lammelsesangreb.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.89-2+deb9u2. I standardinstallationer er udstilling af ESMTP -CHUNKING-udvidelsen ikke aktiveret, og er dermed ikke påvirket af disse -problemer.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende exim4, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/exim4

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4053.data" diff --git a/danish/security/2017/dsa-4054.wml b/danish/security/2017/dsa-4054.wml deleted file mode 100644 index 58052e15378..00000000000 --- a/danish/security/2017/dsa-4054.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="f686b20ff827193a320bf26cc6851434693647cf" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i Tor, et forbindelsesbaseret anonymt -kommunikationssystem med lav latency.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 0.2.5.16-1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.2.9.14-1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tor, -se dens sikkerhedssporingsside på -\ -https://security-tracker.debian.org/tracker/tor

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4054.data" diff --git a/danish/security/2017/dsa-4055.wml b/danish/security/2017/dsa-4055.wml deleted file mode 100644 index 5278e20c18c..00000000000 --- a/danish/security/2017/dsa-4055.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="32b04531ff13483dee044acff87f094caa4cac3e" mindelta="1" -sikkerhedsopdatering - -

Michael Eder og Thomas Kittel opdagede at Heimdal, en implementering af -Kerberos 5, med det formål at være kompatibel med MIT Kerberos, ikke på korrekt -vis håndterede ASN.1-data. Dermed kunne en uautoriseret fjernangriber forårsage -et lammelsesangreb (nedbrud i KDC-dæmonen), ved at sende ondsindet fremstillede -pakker.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.1.0+dfsg-13+deb9u2.

- -

Vi anbefaler at du opgraderer dine heimdal-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende heimdal, -se dens sikkerhedssporingsside på -\ -https://security-tracker.debian.org/tracker/heimdal

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4055.data" diff --git a/danish/security/2017/dsa-4056.wml b/danish/security/2017/dsa-4056.wml deleted file mode 100644 index 5b22df40cf4..00000000000 --- a/danish/security/2017/dsa-4056.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="949df7a4eb2733a3a745de02250416fd533911f5" mindelta="1" -sikkerhedsopdatering - -

George Shuklin fra servers.com, opdagede at Nova, fabric-controller til -cloudcomputing, ikke på korrekt vis håndhævede sine image- eller hosts-filtre. -Dermed kunne en autentificeret bruger omgå filtrene ved simpelthen at genopbygge -instansen.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:14.0.0-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine nova-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nova, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nova

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4056.data" diff --git a/danish/security/2017/dsa-4057.wml b/danish/security/2017/dsa-4057.wml deleted file mode 100644 index 597ad28e6e1..00000000000 --- a/danish/security/2017/dsa-4057.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e605a1a0720e24bda90600218a6defe233d574b7" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at TLS-serveren i Erlang var sårbar over for et adptivt valgt -ciphertext-angreb mod RSA-nøgler.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1:17.3-dfsg-4+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:19.2.1+dfsg-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine erlang-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende erlang, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/erlang

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4057.data" diff --git a/danish/security/2017/dsa-4058.wml b/danish/security/2017/dsa-4058.wml deleted file mode 100644 index 6027f6f21f2..00000000000 --- a/danish/security/2017/dsa-4058.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="6197e6d210ec08b47593090051b386e6d9895590" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i optipng, et avanceret optimiseringsprogram til -PNG-filer, hvilke kunne medføre lammelsesangreb eller udførelse af vilkårlig -kode, hvis en misdannet fil blev behandlet.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 0.7.5-1+deb8u2.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.7.6-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine optipng-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende optipng, se dens -sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/optipng

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4058.data" diff --git a/danish/security/2017/dsa-4059.wml b/danish/security/2017/dsa-4059.wml deleted file mode 100644 index c3a1c3413ae..00000000000 --- a/danish/security/2017/dsa-4059.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="003b77c32b5f02d9fe3010e5d6b356cc4fbab1eb" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libXcursor, et bibliotek til håndtering af X-markører, var -ramt af flere heapoverløb, når ondsindede filer blev behandlet. En angriber -kunne drage nytte af fejlene til at udføre vilkårlig kode, hvis en bruger blev -narret til at behandle en særligt fremstillet markørfil.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:1.1.14-1+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:1.1.14-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine libxcursor-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libxcursor, se dens -sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libxcursor

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4059.data" diff --git a/danish/security/2017/dsa-4060.wml b/danish/security/2017/dsa-4060.wml deleted file mode 100644 index 2f45dc84ca3..00000000000 --- a/danish/security/2017/dsa-4060.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="e80830be8445bcd1d4b11ba5b8e513d3d197cd68" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at wireshark, et program til analysering af netværksprotokoller, -indeholdt flere sårbarheder i dissektorerne til CIP Safety, IWARP_MPA, NetBIOS, -Profinet I/O og AMQP, hvilke kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.12.1+g01b65bf-4+deb8u12.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.2.6+g32dac6a-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wireshark, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wireshark

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4060.data" diff --git a/danish/security/2017/dsa-4061.wml b/danish/security/2017/dsa-4061.wml deleted file mode 100644 index 600c2be4ed9..00000000000 --- a/danish/security/2017/dsa-4061.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="a8863bc88fcf46995415b2bdb54049e8f7d241ac" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode eller lammelseangreb.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:52.5.0-1~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:52.5.0-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4061.data" diff --git a/danish/security/2017/dsa-4062.wml b/danish/security/2017/dsa-4062.wml deleted file mode 100644 index bf3a1a04a7b..00000000000 --- a/danish/security/2017/dsa-4062.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="efb9e19ae8c1ac071763750a20f6c60f2fc454ca" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at webbrowseren Firefox' privat browsing-tilstand, tillod at der -kunne tages fingeraftryk af en bruger på tværs af adskillige sessioner via -IndexedDB.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 52.5.2esr-1~deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 52.5.2esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4062.data" diff --git a/danish/security/2017/dsa-4063.wml b/danish/security/2017/dsa-4063.wml deleted file mode 100644 index 89bb6dc08ea..00000000000 --- a/danish/security/2017/dsa-4063.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="f8f80142665ea03aebb76800003d966a32116735" mindelta="1" -sikkerhedsopdatering - -

Toshifumi Sakaguchi opdagede at PowerDNS Recursor, en højtydende -navneopløsende navneserver, var ramt af et lammelsesangrebssårbarhed gennem et -fabrikeret CNAME-svar.

- -

Den gamle stabile distribution (jessie), er ikke påvirket.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 4.0.4-1+deb9u3.

- -

Vi anbefaler at du opgraderer dine pdns-recursor-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pdns-recursor, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pdns-recursor

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4063.data" diff --git a/danish/security/2017/dsa-4064.wml b/danish/security/2017/dsa-4064.wml deleted file mode 100644 index 7866ba44c91..00000000000 --- a/danish/security/2017/dsa-4064.wml +++ /dev/null @@ -1,97 +0,0 @@ -#use wml::debian::translation-check translation="05d984aad161b8c3ea7ddf9c15e19d6b0bec4b0c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2017-15407 - -

    Ned Williamson opdagede et problem med skrivning uden for - grænserne.

    • - -
  • CVE-2017-15408 - -

    Ke Liu opdagede et heapoverløbsproblem i biblioteket pdfium.

    • - -
  • CVE-2017-15409 - -

    Et problem med læsning uden for grænserne blev opdaget i biblioteket - skia.

    • - -
  • CVE-2017-15410 - -

    Luat Nguyen opdagede et problem med anvendelse efter frigivelse i - biblioteket pdfium.

    • - -
  • CVE-2017-15411 - -

    Luat Nguyen opdagede et problem med anvendelse efter frigivelse i - biblioteket pdfium.

    • - -
  • CVE-2017-15413 - -

    Gaurav Dewan opdagede et typeforvirringsproblem.

    • - -
  • CVE-2017-15415 - -

    Viktor Brange opdagede informationslækageproblem.

    • - -
  • CVE-2017-15416 - -

    Ned Williamson opdagede et problem med læsning uden for - grænserne.

    • - -
  • CVE-2017-15417 - -

    Max May opdagede et informationslækageproblem i biblioteket - skia.

    • - -
  • CVE-2017-15418 - -

    Kushal Arvind Shah opdagede en uinitialiseret værdi i biblioteket - skia.

    • - -
  • CVE-2017-15419 - -

    Jun Kokatsu opdagede et informationslækageproblem.

    • - -
  • CVE-2017-15420 - -

    WenXu Wu opdagede et URL-forfalskningsproblem.

    • - -
  • CVE-2017-15423 - -

    Greg Hudson opdagede et problem i biblioteket boringssl.

    • - -
  • CVE-2017-15424 - -

    Khalil Zhani opdagede et URL-forfalskningsproblem.

    • - -
  • CVE-2017-15425 - -

    xisigr opdagede et URL-forfalskningsproblem.

    • - -
  • CVE-2017-15426 - -

    WenXu Wu opdagede et URL-forfalskningsproblem.

    • - -
  • CVE-2017-15427 - -

    Junaid Farhan opdagede et problem med omnibox'en.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 63.0.3239.84-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium-browser, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium-browser

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4064.data" diff --git a/danish/security/2017/dsa-4065.wml b/danish/security/2017/dsa-4065.wml deleted file mode 100644 index 06b818b4e6a..00000000000 --- a/danish/security/2017/dsa-4065.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="b54382c412bc1bc769b055464e59874df3c82fb3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenSSL, et Secure Sockets -Layer-værktøjssæt. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2017-3737 - -

    David Benjamin fra Google rapporterede at OpenSSL ikke på korrekt vis - hpnterede SSL_read() og SSL_write(), efter at have været blevet kaldt i - en fejltilstand, medførende at data blev overført uden at blive dekrypteret - eller krypteret direkte fra SSL-/TLS-recordlaget.

    • - -
  • CVE-2017-3738 - -

    Man opdagede at OpenSSL indeholdt en overløbsfejl i proceduren til AVX2 - Montgomery-multiplikation, som anvende i eksponentialisering med 1024 - bit-moduli.

    • - -
- -

Flere oplysninger finder man i opstrøms bulletin: -\ -https://www.openssl.org/news/secadv/20171207.txt

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.0.2l-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine openssl1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl1.0, -se dens sikkerhedssporingsside: -\ -https://security-tracker.debian.org/tracker/openssl1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4065.data" diff --git a/danish/security/2017/dsa-4066.wml b/danish/security/2017/dsa-4066.wml deleted file mode 100644 index 1dbd2ed66d6..00000000000 --- a/danish/security/2017/dsa-4066.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="ec31cfa944aa8054647456604e724c4f6231ff81" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Open Ticket Request System, hvilke kunne -medføre informationsafsløring eller indloggede agenters udførelse af -vilkårlige shell-kommandoer.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 3.3.18-1+deb8u3.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 5.0.16-1+deb9u4.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende otrs2, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/otrs2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4066.data" diff --git a/danish/security/2017/dsa-4067.wml b/danish/security/2017/dsa-4067.wml deleted file mode 100644 index 59f38361f49..00000000000 --- a/danish/security/2017/dsa-4067.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="18814b85147b95fe5489e965a4f5cd81c19bea0e" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at misdannede jumbogram-pakker kunne medføre et lammelsesangreb -mod OpenAFS, en implementering af det distribuerede filsystem Andrew.

- -

I den gamle stabile distribution (jessie), er dette problem rettet i version -1.6.9-2+deb8u6. Opdateringen indeholder også rettelser af -\ -CVE-2016-4536 og -\ -CVE-2016-9772.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.6.20-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine openafs-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openafs, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openafs

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4067.data" diff --git a/danish/security/2017/dsa-4068.wml b/danish/security/2017/dsa-4068.wml deleted file mode 100644 index faf174ee5f4..00000000000 --- a/danish/security/2017/dsa-4068.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="925142ad64aca13e7b32d5b29b8be0e0fa9290db" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i rsync, et hurtigt, fleksibelt, fjernt (og -lokalt) filkopieringsværktøj, gjorde de muligt for en fjernangriber at omgå -tilsigtede adgangsbegrænsninger eller forårsage et lammelsesangreb.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 3.1.1-3+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 3.1.2-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine rsync-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende rsync, -se dens sikkerhedssporingsside: -\ -https://security-tracker.debian.org/tracker/rsync

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4068.data" diff --git a/danish/security/2017/dsa-4069.wml b/danish/security/2017/dsa-4069.wml deleted file mode 100644 index ef658a898e6..00000000000 --- a/danish/security/2017/dsa-4069.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="96c20f0746ecf93bc792172a473bc89e300e2720" mindelta="1" -sikkerhedsopdatering - -

Francesco Sirocco opdagede en fejl i otrs2, Open Ticket Request System, -hvilken kunne medføre afsløring af sessionoplysninger, når cookie-understøttelse -er deaktiveret. En fjernangriber kunne drage nytte af fejlen til at overtage en -agents session, hvis agenten blev narret til at klikke på et link i en særligt -fremstillet mail.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 3.3.18-1+deb8u4.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 5.0.16-1+deb9u5.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende otrs2, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/otrs2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4069.data" diff --git a/danish/security/2017/dsa-4070.wml b/danish/security/2017/dsa-4070.wml deleted file mode 100644 index 73b92f2d08d..00000000000 --- a/danish/security/2017/dsa-4070.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="3ab90342a40757e11946a8d85040ccfa23caff2e" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Enigmail, en OpenPGP-udvidelse til -Thunderbird, hvilke kunne medføre tab af fortroelighed, forfalskede signaturer, -lækager af ren tekst og lammelsesangreb. Yderligere oplysninger finder man i: -\ -https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2:1.9.9-1~deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:1.9.9-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine enigmail-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende enigmail, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/enigmail

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4070.data" diff --git a/danish/security/2017/dsa-4071.wml b/danish/security/2017/dsa-4071.wml deleted file mode 100644 index 8a7e57ebb5d..00000000000 --- a/danish/security/2017/dsa-4071.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="94aa200f735529f8913f579989d8c615c1ceabf5" mindelta="1" -sikkerhedsopdatering - -

Gabriel Corona rapporterede at sensible-browser fra sensible-utils, en -samling af små værktøjer som anvendes til på fornuftig vis at vælge og -åbne en passende browser, editor eller pager, ikke validerede strenge før -programmet der er angivet i miljøvariablen BROWSER blev åbnet. Potentielt -fik en fjernangriber dermed mulighed for at iværksætte angreb i forbindelse med -indsprøjtning af parametre, hvis en bruger blev narret til at behandlet en -særligt fremstillet URL.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 0.0.9+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.0.9+deb9u1.

- -

Vi anbefaler at du opgraderer dine sensible-utils-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende sensible-utils, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/sensible-utils

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4071.data" diff --git a/danish/security/2017/dsa-4072.wml b/danish/security/2017/dsa-4072.wml deleted file mode 100644 index f4ff8b83fd3..00000000000 --- a/danish/security/2017/dsa-4072.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="839f6ec186bf987dea0929a4dc0a5f3e8bd796b8" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck, Juraj Somorovsky og Craig Young opdagede at TLS-implementeringen -i Bouncy Castle var sårbar over for et angreb i forbindelse med en -selvjusterende valgt ciphertekst mod RSA-nøgler.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.56-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine bouncycastle-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bouncycastle, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/bouncycastle

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4072.data" diff --git a/danish/security/2017/dsa-4073.wml b/danish/security/2017/dsa-4073.wml deleted file mode 100644 index 4c87ef2e617..00000000000 --- a/danish/security/2017/dsa-4073.wml +++ /dev/null @@ -1,162 +0,0 @@ -#use wml::debian::translation-check translation="31a8c119aea5d07630c347cb815b6f825446e5aa" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2017-8824 - -

    Mohamed Ghannam opdagede at DCCP-implementeringen ikke på korrekt vis - håndterede ressourcer, når en socket blev frakoblet og gentilkoblet, - potentielt førende til en anvendelse efter frigivelse. En lokal bruger - kunne udnyte fejlen til lammelsesangreb (nedbrud eller datakorruption) eller - muligvis til rettighedsforøgelse. På systemer hvor dccp-modulet ikke - allerede er indlæst, kan det løses ved at deaktiveret modulet: - echo >> /etc/modprobe.d/disable-dccp.conf install dccp false

    • - -
  • CVE-2017-16538 - -

    Andrey Konovalov rapporterede at mediedriveren dvb-usb-lmedm04 ikke på - korrekt vis håndterede nogle fejltilstande under initialiseringen. En - fysisk tilstedeværende bruger med en særligt fremstillet USB-enhed, kunne - udnytte fejlen til at forårsage et lammelsesangreb (nedbrud).

    • - -
  • CVE-2017-16644 - -

    Andrey Konovalov rapporterede at mediedriveren hdpvr ikke på korrekt vis - håndterede nogle fejltilstande under initialiseringen. En fysisk - tilstedeværende bruger med en særligt fremstillet USB-enhed, kunnne - udnytte fejlen til at forårsage et lammelsesangreb (nedbrud).

    • - -
  • CVE-2017-16995 - -

    Jann Horn opdagede at Extended BPF-verifikatoren ikke på korrekt vis - modellerede 32 bit-loadinstruktioners virkemåde. En lokal bruger kunne - udnytte fejlen til rettighedsforøgelse.

    • - -
  • CVE-2017-17448 - -

    Kevin Cernekee opdagede at netfilter-undersystemet tillod at brugere med - CAP_NET_ADMIN-muligheden i ethvert brugernavnerum, ikke kun rodnavnerummet, - kunne aktivere og deaktivere forbindelsessportingshjælpere. Det kunne føre - til lammelsesangreb, overtrædelse af netværkssikkerhedspolicy samt anden - indvirkning.

    • - -
  • CVE-2017-17449 - -

    Kevin Cernekee opdagede at netlink-undersystemet tillod at brugere med - CAP_NET_ADMIN-muligheden i ethvert brugernavnerum, at overvåge netlinktrafik - i alle netnavnerum, ikke kun dem, der er ejet af det pågældende - brugernavnerum. Det kunne føre til blotlæggelse af følsomme - oplysninger.

    • - -
  • CVE-2017-17450 - -

    Kevin Cernekee opdagede at modulet xt_osf tillod brugere med muligheden - CAP_NET_ADMIN-muligheden i et vilkårligt brugernavnerum, at ændre den - globale OS-fingeraftryksliste.

    • - -
  • CVE-2017-17558 - -

    Andrey Konovalov rapporterede at USB-core ikke på korrekt vis håndterede - nogle fejltilstande under initialisering. En fysisk tilstedeværende bruger, - med en særligt fremstillet USB-enhed, kunne udnytte det til at forårsage et - lammelsesangreb (nedbrud eller hukommelseskorruption) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2017-17712 - -

    Mohamed Ghannam opdagede en kapløbstilstand i implementeringen af - IPv4-raw socket. En lokal bruger kunne udnytte det til at få adgang til - følsomme oplysninger fra kernen.

    • - -
  • CVE-2017-17741 - -

    Dmitry Vyukov rapporterede at implementeringen af KVM til x86, overlæste - data fra hukommelsen, når en MMIO-skrivning emuleres, hvis tracepoint'et - kvm_mmio var aktiveret. En gæste-VM kunne måske være i stand til at anvende - det til at forårsage et lammelsesangreb (nedbrud)).

    • - -
  • CVE-2017-17805 - -

    Man opdagede at nogle implementeringer af blokcipher'en Salsa20, ikke på - korrekt vis håndterede inddata med en længde på nul. En lokal bruger kunne - udnytte det til at forårsage et lammelsesangreb (nedbrud) eller muligvis - kunne det have anden sikkerhedspåvirkning.

    • - -
  • CVE-2017-17806 - -

    Man opdagede at implementeringen af HMAC kunne anvendes med en - underliggende hash-algoritme, som kræver en nøgle, hvilket ikke var - tilsigtet. En lokal bruger kunne udnytte det til at forårsaage et - lammelsesangreb (nedbrud eller hukommelseskorruption) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2017-17807 - -

    Eric Biggers opdagede at KEYS-undersystemet manglende en kontrol af - skriveadgang, når der tilføjes nøgler til en proces' standardnøglering. En - lokal bruger kunne udnytte det til at forårsage et lammelsesangreb eller til - at få adgang til følsomme oplysninger.

    • - -
  • CVE-2017-17862 - -

    Alexei Starovoitov opdagede at Extended BPF-verifikatoren ignorerede - utilgængelig kode, selv om den stadig ville blive behandlet af - JIT-compilere. Det kunne muligvis anvendes af lokale brugere til - lammelsesangreb. Det forøgede også alvorlighedsgraden ved fejl i - afgørelse af hvorvidt kode er utilgængelig.

    • - -
  • CVE-2017-17863 - -

    Jann Horn opdagede at Extended BPF-verifikatoren ikke på korrekt vis - modelerede pointeraritmetik på stakframepointeren. En lokal bruger kunne - udnytte det til rettighedsforøgelse.

    • - -
  • CVE-2017-17864 - -

    Jann Horn opdagede at Extended BPF-verifikatoren kunne mislykkes i at - opdagede pointerlækager fra conditional kode. En lokal bruger kunne - udnytte det til at få adgang til følsomme oplysninger, med det formål at - udnytte andre sårbarheder.

    • - -
  • CVE-2017-1000407 - -

    Andrew Honig rapporterede at implementeringen af KVM til - Intel-processorer tillod direkte adgang til værtens I/O-port 0x80, hvilket - generelt ikke er sikkert. På nogle systemer kunne en gæste-VM dermed - forårsage et lammelsesangreb (nedbrud) på værten.

    • - -
  • CVE-2017-1000410 - -

    Ben Seri rapporterede at Bluetooth-undersystemet ikke på korrekt vis - håndterede korte EFS-informationslementer i L2CAP-meddelelser. En angriber, - der er i stand til at kommunikere over Bluetooth, kunne udnytte dette til at - få fat i følsomme oplysninger fra kernen.

    • - -
- -

De forskellige problemer i Extended BPF-verifikatoren, kan omgås ved at -deaktivere upriviligerede brugeres anvendelse af Extended BPF: -sysctl kernel.unprivileged_bpf_disabled=1

- -

Debian deaktiverer som standard upriviligerede brugernavne, men hvis de er -aktiveret (gennem sysctl'en kernel.unprivileged_userns_clone), så -kunne \ -CVE-2017-17448 udnyttes af enhver lokal bruger.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.9.65-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4073.data" diff --git a/danish/security/2017/dsa-4074.wml b/danish/security/2017/dsa-4074.wml deleted file mode 100644 index ee42f136ff5..00000000000 --- a/danish/security/2017/dsa-4074.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="8acbfbef47b932945f636bae22e99d5adb7a195a" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter flere sårbarheder i imagemagick: Forskellige -hukommelseshåndteringsproblemer og tilfælde af manglende eller ufuldstændig -fornuftighedskontrol af inddata, kunne medføre lammelsesangreb, -hukommelseafsløring eller udførelse af vilkårlig kode, hvis misdannede -billedfiler blev behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8:6.9.7.4+dfsg-11+deb9u4.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende imagemagick, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/imagemagick

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4074.data" diff --git a/danish/security/2017/dsa-4075.wml b/danish/security/2017/dsa-4075.wml deleted file mode 100644 index 31db56f850d..00000000000 --- a/danish/security/2017/dsa-4075.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="fa54035d97b063b7a173d84750a4a881a04d4c4b" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode, lammelsesangreb, informationsafsløring eller -forfalskning af afsenderes mailadresser.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:52.5.2-2~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:52.5.2-2~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4075.data" diff --git a/danish/security/2017/dsa-4076.wml b/danish/security/2017/dsa-4076.wml deleted file mode 100644 index 01480af2ccf..00000000000 --- a/danish/security/2017/dsa-4076.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="91dca351cdc900f4e5928721effeceb1e8d4bf4e" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Asterisk, en open source PBX- og -telefoniværktøjssæt, hvilke kunne medføre lammelsesangreb, informationsafsløring -og muligvis udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:11.13.1~dfsg-2+deb8u5.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:13.14.1~dfsg-2+deb9u3.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende asterisk, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/asterisk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4076.data" diff --git a/danish/security/2017/dsa-4077.wml b/danish/security/2017/dsa-4077.wml deleted file mode 100644 index 44a2f40fc26..00000000000 --- a/danish/security/2017/dsa-4077.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="a5d8ef765a03b2df0eef9dd90ee2892b70ab4c33" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i GIMP, GNU Image Manipulation Program, hvilke -kunne medføre lammelsesangreb (applikationsnedbrud) eller potentielt udførelse -af vilkårlig kode, hvis misdannede filer blev åbnet.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2.8.14-1+deb8u2.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.8.18-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine gimp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gimp, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gimp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2017/dsa-4077.data" diff --git a/danish/security/2017/index.wml b/danish/security/2017/index.wml deleted file mode 100644 index 3bb5965d682..00000000000 --- a/danish/security/2017/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2017 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security -#use wml::debian::translation-check translation="dace092385d19a97d0a21f78d1600118aa5bc25b" - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/security/2017' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2018/Makefile b/danish/security/2018/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2018/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2018/dsa-4078.wml b/danish/security/2018/dsa-4078.wml deleted file mode 100644 index 0f9373b3eee..00000000000 --- a/danish/security/2018/dsa-4078.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="9be537189e8e664c1aef58b02ec3173b2c11388b" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsefterforskere har opdaget en sårbarhed i Intels -processorer, som gør det muligt for en angriber, der kontrollerer en -upriviligeret proces, at læse hukommelse fra vilkårlige adresser, herunder fra -kernen og alle andre processer, der kører på systemet.

- -

Dette specifikke angreb er blev døbt Meltdown (nedsmeltning) og er løst i -Linux-kernen for Intels x86-64-arkitektur, med et patchsæt kaldet Kernel Page -Table Isolation, som håndhæver en næsten fuldstændig adskillelse af kernens og -brugerrummets adressekort, hvorved angrebet forhindres. Løsningen kan påvirke -ydeevnen, og kan deaktiveres ved boot, ved at overføre pti=off på -kernens kommandolinje.

- -

Vi har desuden opdaget en regression i ældgamle brugerrum, som anvender -vsyscall-grænsefladen, eksempelvis chroot og containere, der anvender -(e)glibc 2.13 og ældre, herunder dem der er baseret på Debian 7 eller -RHEL/CentOS 6. Regressionen vil blive løst i en senere opdatering.

- -

De andre sårbarheder (døbt Spectre), som blev offentliggjort på samme tid, -løses ikke med denne opdatering, men vil blive rettet ved en senere -opdatering.

- -

I den gamle stabile distribution (jessie), vil dette problem blive rettet i -en særskilt opdatering.

- -

I den stabile distribution (stretch), er dette problem rettet i version -4.9.65-3+deb9u2.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4078.data" diff --git a/danish/security/2018/dsa-4079.wml b/danish/security/2018/dsa-4079.wml deleted file mode 100644 index c44b4d2ff26..00000000000 --- a/danish/security/2018/dsa-4079.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="40a96160760c1ff636f20e18428e5892397411d1" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i PDF-rederingbiblioteket poppler, hvilke -kunne medføre lammelsesangreb eller udførelse af vilkårlig kode, hvis en -misdannet PDF-fil blev behandlet.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 0.26.5-2+deb8u2.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.48.0-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine poppler-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende poppler, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/poppler

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4079.data" diff --git a/danish/security/2018/dsa-4080.wml b/danish/security/2018/dsa-4080.wml deleted file mode 100644 index 45798376b81..00000000000 --- a/danish/security/2018/dsa-4080.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="37a758304f34ffcd8dd185c24bc1ba2533e8beac" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et ubredt, generelt anvendeligt open -source-skriptsprog:

- -
    - -
  • CVE-2017-11144 - -

    Lammelsesangreb i openssl-udvidelsen, på grund af ukorrekt returværditjek - af OpenSSL-sealingfunktion.

    • - -
  • CVE-2017-11145 - -

    Læsning uden for grænserne i wddx_deserialize().

    • - -
  • CVE-2017-11628 - -

    Bufferoverløb i PHP INI-fortolknings-API.

    • - -
  • CVE-2017-12932 / - CVE-2017-12934 - -

    Anvendelse efter frigivelser under afserialisering.

    • - -
  • CVE-2017-12933 - -

    Bufferoverlæsning i finish_nested_data().

    • - -
  • CVE-2017-16642 - -

    Læsning uden for grænserne i timelib_meridian().

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7.0.27-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine php7.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.0, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4080.data" diff --git a/danish/security/2018/dsa-4081.wml b/danish/security/2018/dsa-4081.wml deleted file mode 100644 index a60e4ba91f6..00000000000 --- a/danish/security/2018/dsa-4081.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="35eae0b49f2fc0f3d878925fae15487181f538a5" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et ubredt, generelt anvendeligt open -source-skriptsprog:

- -
    - -
  • CVE-2017-11142 - -

    Lammelsesangreb gennem for lange formularvariabler.

    • - -
  • CVE-2017-11143 - -

    Ugyldig free() i wddx_deserialize().

    • - -
  • CVE-2017-11144 - -

    Lammelsesangreb i openssl-udvidelsen, på grund af ukorrekt returværditjek - af OpenSSL-sealingfunktion.

    • - -
  • CVE-2017-11145 - -

    Læsning uden for grænserne i wddx_deserialize().

    • - -
  • CVE-2017-11628 - -

    Bufferoverløb i PHP INI-fortolknings-API.

    • - -
  • CVE-2017-12933 - -

    Bufferoverlæsning i finish_nested_data().

    • - -
  • CVE-2017-16642 - -

    Læsning uden for grænserne i timelib_meridian().

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 5.6.33+dfsg-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine php5-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php5, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php5

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4081.data" diff --git a/danish/security/2018/dsa-4082.wml b/danish/security/2018/dsa-4082.wml deleted file mode 100644 index c4ff86ff525..00000000000 --- a/danish/security/2018/dsa-4082.wml +++ /dev/null @@ -1,144 +0,0 @@ -#use wml::debian::translation-check translation="fbd297b80050aa3ca0d43681de062ab723cce78e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne medføre en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2017-5754 - -

    Adskillige sikkerhedsefterforskere har opdaget en sårbarhed i Intels - processorer, som gør det muligt for en angriber, der kontrollerer en - upriviligeret proces, at læse hukommelse fra vilkårlige adresser, herunder - fra kernen og alle andre processer, der kører på systemet.

    - -

    Dette specifikke angreb er blev døbt Meltdown (nedsmeltning) og er løst i - Linux-kernen for Intels x86-64-arkitektur, med et patchsæt kaldet Kernel - Page Table Isolation, som håndhæver en næsten fuldstændig adskillelse af - kernens og brugerrummets adressekort, hvorved angrebet forhindres. - Løsningen kan påvirke ydeevnen, og kan deaktiveres ved boot, ved at overføre - pti=off på kernens kommandolinje.

    - -
  • CVE-2017-8824 - -

    Mohamed Ghannam opdagede at DCCP-implementeringen ikke på korrekt vis - håndterede ressourcer, når en socket blev afbrudt og genoptaget, potentielt - førende til en anvendelse efter frigivelse. En lokal bruger kunne udnytte - fejlen til lammelsesangreb (nedbrud eller datakorruption) eller muligvis til - rettighedsforøgelse. På systemer, hvor modulet dccp ikke allerede er - indlæst, kan det løses ved at deaktivere modulet: - echo >> /etc/modprobe.d/disable-dccp.conf install dccp false

    • - -
  • CVE-2017-15868 - -

    Al Viro opdagede at implementeringen af Bluebooth Network Encapsulation - Protocol (BNEP) ikke validerede typen på den anden socket overført til - BNEPCONNADD ioctl(), hvilket kunne føre til hukommelseskorruption. En lokal - bruger kunne udnytte fejlen til lammelsesangreb (nedbrud eller - datakorruption) eller muligvis til rettighedsforøgelse.

    • - -
  • CVE-2017-16538 - -

    Andrey Konovalov rapporterede at mediedriveren dvb-usb-lmedm04 ikke på - korrekt vis håndterede nogle fejltilstande under initialisering. En - fysisk tilstedeværende bruger med en særligt fremstillet USB-enhed, kunne - udnytte fejlen til at forårsage et lammelsesangreb (nedbrud).

    • - -
  • CVE-2017-16939 - -

    Mohamed Ghannam rapporterede (gennem Beyond Securitys SecuriTeam - Secure Disclosure-program), at implementeringen af IPsec (xfrm) ikke på - korrekt vis håndterede nogle fejlsituationer, når policyoplysnigner blev - dumpet gennem netlink. En lokal bruger med muligheden CAP_NET_ADMIN, kunne - udnytte fejlen til lammelsesangreb (nedbrud eller datakorruption) eller - muligvis til rettighedsforøgelse.

    • - -
  • CVE-2017-17448 - -

    Kevin Cernekee opdagede at netfilter-undersystemet tillod brugere med - muligheden CAP_NET_ADMIN i ethvvert brugernavnerum, ikke bare - rootnavnerummet, til at aktivere og deaktivere forbindelsesporingshjælpere. - Det kunne føre til lammelsesangreb, overtrædelse af - netværkssikkerhedspolicy, eller have anden påvirkning.

    • - -
  • CVE-2017-17449 - -

    Kevin Cernekee opdagede at netlink-undersystemet tillod brugere med - muligheden CAP_NET_ADMIN i ethvert brugernavnerum, at overvåge netlinktrafik - i alle netnavnerum, ikke bare dem der er ejet af det pågældende - brugernavnerum. Det kunne føre til blotlæggelse af følsomme - oplysninger.

    • - -
  • CVE-2017-17450 - -

    Kevin Cernekee opdagede at modulet xt_osf module tillod brugere med - muligheden CAP_NET_ADMIN i ethvert brugernavnerum, at ændring den globale - OS-fingeraftryksliste.

    • - -
  • CVE-2017-17558 - -

    Andrey Konovalov rapporterede at USB-core ikke på korrekt vis håndterede - nogle fejltilstande under intialisering. En fysisk tilstedeværende bruger - med en særligt designet USB-enhed, kunne udnytte fejlen til at forårsage et - lammelsesangreb (nedbrud eller hukommelseskorruption) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2017-17741 - -

    Dmitry Vyukov rapporterede at KVM-implementeringen til x86, overlæste - data fra hukommelsen, når der blev emuleret en MMIO-skrivning, hvis - tracepoint'et kvm_mmio var aktiveret. En gæste-virtuel maskine kunne være - i stend til at forårsage et lammelsesangreb (nedbrud).

    • - -
  • CVE-2017-17805 - -

    Man opdagede at nogle implementeringer af blockcipher'en Salsa20, ikke på - korrekt vis håndterede inddata med en længde på nul. En lokal bruger kunne - udnytte fejlen til at forårsage et lammelsesangreb (nedbrud) eller - potentielt have anden sikkerhedspåvirkning.

    • - -
  • CVE-2017-17806 - -

    Man opdagede at HMAC-implementeringen kunne anvendes med en underliggende - hash-algoritme, der kræver en nøgle, hvilket ikke var tilsigtet. En lokal - bruger kunne udnytte fejlen til at foråsage et lammelsesangreb (nedbrud - eller hukommelseskorruption) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2017-17807 - -

    Eric Biggers opdagede at KEYS-undersystemet manglede en kontrol af - skriverettigheder, når der tilføjes nøgle til en proces' standardnøglering. - En lokal bruger kunne udnytte fejlen til at forårsage et lammelsesangreb - eller til at få adgang til følsomme oplysninger.

    • - -
  • CVE-2017-1000407 - -

    Andrew Honig rapporterede at KVM-implementeringen til Intels processorer - tillod direkte adgang til værtens I/O-port 0x80, hvilket generelt ikke er - sikkert. På nogle systemer, gav det en gæste-VM mulighed for at forårsage - et lammelsesangreb (nedbrud) på værten.

    • - -
  • CVE-2017-1000410 - -

    Ben Seri rapporterede at Bluetooth-undersystemet ikke på korrekt vis - håndterede korte EFS-oplysningselementer i L2CAP-meddelelser. En angriber, - der er i stand til at kommunikere over Bluetooth, kunne udnytte fejlen til - at få fat i følsomme oplysninger fra kernen.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 3.16.51-3+deb8u1.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4082.data" diff --git a/danish/security/2018/dsa-4083.wml b/danish/security/2018/dsa-4083.wml deleted file mode 100644 index c8cdcc40bcc..00000000000 --- a/danish/security/2018/dsa-4083.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="0f249c8a59e51025504ffda853108ee99c38990d" mindelta="1" -sikkerhedsopdatering - -

Stephan Zeisberg opdagede at poco, en samling af open -source-klassebiblioteker til C++, ikke på korrekt vis validerede filstier i -ZIP-arkiver. En angriber kunne udnytte fejlen til at oprette eller overskrive -vilkårlige filer.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.3.6p1-5+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.7.6+dfsg1-5+deb9u1.

- -

Vi anbefaler at du opgraderer dine poco-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende poco, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/poco

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4083.data" diff --git a/danish/security/2018/dsa-4084.wml b/danish/security/2018/dsa-4084.wml deleted file mode 100644 index f468935a124..00000000000 --- a/danish/security/2018/dsa-4084.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="d275b4a75a8a083c7db0e0ac43daf872ea81361b" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at gifsicle, et værktøj til manipulering af GIF-billedfiler, -indeholdt en fejl, der kunne føre til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.86-1+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.88-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine gifsicle-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gifsicle, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gifsicle

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4084.data" diff --git a/danish/security/2018/dsa-4085.wml b/danish/security/2018/dsa-4085.wml deleted file mode 100644 index fc9b0cfbd45..00000000000 --- a/danish/security/2018/dsa-4085.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="210c3ba2abb6eba5e3ff4a22da837c4d975cd427" mindelta="1" -sikkerhedsopdatering - -

Philip Huppert opdagede at Shibboleth-serviceleverandøren var sårbar over for -imitationsangreb og informationsafløringer på grund af fejlhåndtering af DTD'er -i XML-fortolkningsbiblioteket XMLTooling. For yderligere oplysninger, se -opstrøms bulletin på -\ -https://shibboleth.net/community/advisories/secadv_20180112.txt.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.5.3-2+deb8u2.

- -

Den stabile distribution (stretch) er ikke påvirket.

- -

Vi anbefaler at du opgraderer dine xmltooling-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xmltooling, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xmltooling

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4085.data" diff --git a/danish/security/2018/dsa-4086.wml b/danish/security/2018/dsa-4086.wml deleted file mode 100644 index 9560825441f..00000000000 --- a/danish/security/2018/dsa-4086.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5bc1c6de95b4f4154c74fcab63dfe0dbdada5af1" mindelta="1" -sikkerhedsopdatering - -

Nick Wellnhofer opdagede at visse funktionskald inde i XPath-prædikater, -kunne føre til fejl i forbindelse med anvendelse efter frigivelse og dobbelt -frigivelse, når de blev udført af libxml2's XPath-motor gennem en -XSLT-transformation.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.9.1+dfsg1-5+deb8u6.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.9.4+dfsg1-2.2+deb9u2.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libxml2, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libxml2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4086.data" diff --git a/danish/security/2018/dsa-4087.wml b/danish/security/2018/dsa-4087.wml deleted file mode 100644 index 2ec9275024c..00000000000 --- a/danish/security/2018/dsa-4087.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="97630e36f45df62bfe1fd4e9add0551433e6d131" mindelta="1" -sikkerhedsopdatering - -

Tavis Ormandy opdagede en sårbarhed i Transmission BitTorrent-klienten; -usikker RPC-håndtering mellem Transmission-dæmonens og klientens græseflade(r), -kunne medføre udførelse af vilkårlig kode, hvis en bruger besøger et ondsindet -websted, mens Transmission kører.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.84-0.2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.92-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine transmission-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende transmission, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/transmission

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4087.data" diff --git a/danish/security/2018/dsa-4088.wml b/danish/security/2018/dsa-4088.wml deleted file mode 100644 index 68fb2f5348b..00000000000 --- a/danish/security/2018/dsa-4088.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="464470edbea50c675b117ecd89922c70c33f7210" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at adskillige heltalsoverløb GIF-billedindlæseren i biblioteket -GDK Pixbuf, kunne medføre lammelsesangreb og potentielt udførelse af vilkårlig -kode, hvis en misdannet billedfil blev åbnet.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.31.1-2+deb8u7.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.36.5-2+deb9u2. Desuden indeholder denne opdatering rettelser af -\ -CVE-2017-6312, -\ -CVE-2017-6313 og -\ -CVE-2017-6314.

- -

Vi anbefaler at du opgraderer dine gdk-pixbuf-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gdk-pixbuf, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gdk-pixbuf

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4088.data" diff --git a/danish/security/2018/dsa-4089.wml b/danish/security/2018/dsa-4089.wml deleted file mode 100644 index e5fd8f306f0..00000000000 --- a/danish/security/2018/dsa-4089.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="13666d94bfc85d2ea2e78d7967a53e907c47f695" mindelta="1" -sikkerhedsopdatering - -

Jayachandran Palanisamy fra Cygate AB rapporterede at BIND, en -DNS-serverimplementering, på ukorrekt vis ryddede op efter -sekvenseringshandlinger, i nogle tilfælde førende til en fejl i forbindelse med -anvendelse efter frigivelse, udløsende en assertionfejl og nedbrud i named.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1:9.9.5.dfsg-9+deb8u15.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:9.10.3.dfsg.P4-12.3+deb9u4.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bind9, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/bind9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4089.data" diff --git a/danish/security/2018/dsa-4090.wml b/danish/security/2018/dsa-4090.wml deleted file mode 100644 index 6e957b9b2f2..00000000000 --- a/danish/security/2018/dsa-4090.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="1fa229d5a4f0660ef187950bdf3562f13b43e018" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Wordpress, et webbloggingværktøj. De gjorde -det muligt for fjernangribere at udføre SQL-indspøjtninger og forskellige angreb -i forbindelse med Cross-Side Scripting (XSS) og Server-Side Request Forgery -(SSRF), samt omgåelse af nogle adgangsbegrænsninger.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 4.1+dfsg-1+deb8u16.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.7.5+dfsg-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wordpress, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wordpress

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4090.data" diff --git a/danish/security/2018/dsa-4091.wml b/danish/security/2018/dsa-4091.wml deleted file mode 100644 index 8e3e47a7f28..00000000000 --- a/danish/security/2018/dsa-4091.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="c22141e5ac34b5218123ffcff5b9f57381cbbbc7" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion 5.5.59, der indeholder -yderligere ændringer. Se MySQL 5.5 Release Notes og Oracles Critical Patch -Update-bulletin for flere oplysninger:

- - - -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 5.5.59-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mysql-5.5, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mysql-5.5

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4091.data" diff --git a/danish/security/2018/dsa-4092.wml b/danish/security/2018/dsa-4092.wml deleted file mode 100644 index 75b2510f57e..00000000000 --- a/danish/security/2018/dsa-4092.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="d1daec46a7071f3b5d7189aae311b0ffd8bd4ed7" mindelta="1" -sikkerhedsopdatering - -

cPanel Security Team opdagede at awstats, et program til analysering af -logfiler, var sårbar overfor mappegennemløbsangreb. En uautentificeret -fjernangriber kunne bruge det som løftestang til at udføre vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 7.2+dfsg-1+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.6+dfsg-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine awstats-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende awstats, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/awstats

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4092.data" diff --git a/danish/security/2018/dsa-4093.wml b/danish/security/2018/dsa-4093.wml deleted file mode 100644 index 72a31bf1f11..00000000000 --- a/danish/security/2018/dsa-4093.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="19269fe99356650d39bc4a5c1ae56e1a7f6fb028" mindelta="1" -sikkerhedsopdatering - -

Josef Gajdusek opdagede at OpenOCD, en JTAG-debugger til ARM og MIPS, var -sårbar overfor Cross Protocol Scripting-angreb. En angriber kunne fabrikere en -HTML-side, der ved besøg af et offer som kører OpenOCD, kunne udføre vilkårlige -kommandoer på offerts værtsmaskine.

- -

Denne rettelse opsætter også OpenOCD's standardbinding til localhost, i -stedet for alle netværksgrænseflader. Det kan ændres med det tilføjede -kommandoparameter bindto.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 0.8.0-4+deb7u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.9.0-1+deb8u1.

- -

Vi anbefaler at du opgraderer dine openocd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openocd, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openocd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4093.data" diff --git a/danish/security/2018/dsa-4094.wml b/danish/security/2018/dsa-4094.wml deleted file mode 100644 index 1484ce412f8..00000000000 --- a/danish/security/2018/dsa-4094.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="ddeba9234812b1e5df0e691820bf2a084436c7bf" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Smarty, en PHP-skabelonmotor, var sårbar over for -kodeindsprøjtningsangreb. En angriber var i stand til at fabrikere et filnavn -i kommentarer, der kunne føre til udførelse af vilkårlig kode på værten, der -kører Smarty.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 3.1.21-1+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine smarty3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende smarty3, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/smarty3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4094.data" diff --git a/danish/security/2018/dsa-4095.wml b/danish/security/2018/dsa-4095.wml deleted file mode 100644 index 326ea2b04e0..00000000000 --- a/danish/security/2018/dsa-4095.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="181e53bd227bcbdceb4e4035743a3a8ae4158ae9" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at gcab, et værktøj til bearbejdelse af Microsoft Cabinet-filer, -var ramt af en stakbaseret bufferoverløbssårbarhed, når der udpakkes .cab-filer. -En angriber kunne drage nytte af fejlen til at forårsage et lammelsesangreb -eller potentielt udføre vilkårlig kode med rettighederne hørende til den bruger, -der kører gcab, hvis en særligt fremstillet .cab-fil blev behandlet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.7-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine gcab-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gcab, se dens -sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gcab

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4095.data" diff --git a/danish/security/2018/dsa-4096.wml b/danish/security/2018/dsa-4096.wml deleted file mode 100644 index f35595f7bc7..00000000000 --- a/danish/security/2018/dsa-4096.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="ede252493cff900cff082fd3d64a2906955a0d4f" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl, anvendelser efter frigivelser, -heltalsoverløb og andre implementeringsfejl, kunne føre til udførelse af -vilkårlig kode, lammelsesangreb eller URL-forfalskning.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 52.6.0esr-1~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 52.6.0esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4096.data" diff --git a/danish/security/2018/dsa-4097.wml b/danish/security/2018/dsa-4097.wml deleted file mode 100644 index c9381b4bd30..00000000000 --- a/danish/security/2018/dsa-4097.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="7bddaca19ee53c2af6dfe03b78e6e869e05fded2" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i PDF-renderingbiblioteket poppler, -hvilke kunne medføre lammelsesangreb eller udførelse af vilkårlig kode, hvis en -misdannet PDF-fil blev behandlet.

- -

Opdateringen retter også en regression i håndteringen af Type -3-skrifttyper.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 0.26.5-2+deb8u3.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.48.0-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine poppler-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende poppler, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/poppler

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4097.data" diff --git a/danish/security/2018/dsa-4098.wml b/danish/security/2018/dsa-4098.wml deleted file mode 100644 index ce49368c1bf..00000000000 --- a/danish/security/2018/dsa-4098.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="55afa5fd2cda0a0395472e8113dd6625c86dc706" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i cURL, et URL-overførselsbibliotek.

- -
    - -
  • CVE-2018-1000005 - -

    Zhouyihai Ding opdagede en læsning uden for grænserne i koden, der - håndterer HTTP/2-trailere. Problemet påvirker ikke den gamle stabile - distribution (jessie).

    • - -
  • CVE-2018-1000007 - -

    Craig de Stigter opdagede at autentifikationsdata kunne lækkes til - tredjeparter, når HTTP-viderestillinger blev fulgt.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 7.38.0-4+deb8u9.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7.52.1-5+deb9u4.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende curl, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/curl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4098.data" diff --git a/danish/security/2018/dsa-4099.wml b/danish/security/2018/dsa-4099.wml deleted file mode 100644 index 2437836f027..00000000000 --- a/danish/security/2018/dsa-4099.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="77d57d96b00c16881e32a491e0863b546f3b177c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i multimedieframeworket FFmpeg, hvilke kunne -medøre lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis -misdannede filer/streams blev behandlet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7:3.2.10-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ffmpeg, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ffmpeg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4099.data" diff --git a/danish/security/2018/dsa-4100.wml b/danish/security/2018/dsa-4100.wml deleted file mode 100644 index e40904885e9..00000000000 --- a/danish/security/2018/dsa-4100.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="fc4c0ffc17d58ff372d33ecb7f6b1f8c51bd379f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i biblioteket libtiff og de medfølgende -værktøjer, hvilke kunne medføre lammelsesangreb eller udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 4.0.3-12.3+deb8u5.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.0.8-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tiff, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tiff

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4100.data" diff --git a/danish/security/2018/dsa-4101.wml b/danish/security/2018/dsa-4101.wml deleted file mode 100644 index e08eda7bf25..00000000000 --- a/danish/security/2018/dsa-4101.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="4d518ee6726007285a037a721148ab76355c6f46" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at wireshark, et program til analysering af netværksprotokoller, -indeholdt flere sårbarheder i dissektorerne/filfortolkerne til IxVeriWave, WCP, -JSON, XML, NTP, XMPP og GDB, hvilke kunne medføre lammelsesangreb eller -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.12.1+g01b65bf-4+deb8u13.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.2.6+g32dac6a-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wireshark, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wireshark

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4101.data" diff --git a/danish/security/2018/dsa-4102.wml b/danish/security/2018/dsa-4102.wml deleted file mode 100644 index edfd5b4602f..00000000000 --- a/danish/security/2018/dsa-4102.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c8c7ddf465f6cfa73d4a7c3e1e14d978d3422c91" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode, lammelsesangreb eller URL-forfalskning.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:52.6.0-1~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:52.6.0-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4102.data" diff --git a/danish/security/2018/dsa-4103.wml b/danish/security/2018/dsa-4103.wml deleted file mode 100644 index 1f420a715c4..00000000000 --- a/danish/security/2018/dsa-4103.wml +++ /dev/null @@ -1,132 +0,0 @@ -#use wml::debian::translation-check translation="f32adc0e456359827bb348333e680a0f2a502894" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2017-15420 - -

    Drew Springall opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2017-15429 - -

    Et problem med udførelse af skripter på tværs af websteder, blev opdaget - i JavaScript-biblioteket v8.

    • - -
  • CVE-2018-6031 - -

    Et problem med anvendelse efter frigivelse, blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2018-6032 - -

    Jun Kokatsu opdagede en måde at omgå samme ophav-reglen på.

    • - -
  • CVE-2018-6033 - -

    Juho Nurminen opdagede en kapløbstilstand, når downloadede filer - åbnes.

    • - -
  • CVE-2018-6034 - -

    Tobias Klein opdagede et heltalsoverløbsproblem.

    • - -
  • CVE-2018-6035 - -

    Rob Wu opdagede en måde for udvidelser, at tilgå devtools på.

    • - -
  • CVE-2018-6036 - -

    Storbritanniens National Cyber Security Centre opdagede et - heltalsoverløbsproblem.

    • - -
  • CVE-2018-6037 - -

    Paul Stone opdagede et problem i autofill-funktionaliteten.

    • - -
  • CVE-2018-6038 - -

    cloudfuzzer opdagede et bufferoverløbsproblem.

    • - -
  • CVE-2018-6039 - -

    Juho Nurminen opdagede et problem med udførelse af skripter på tværs af - websteder i developer tools.

    • - -
  • CVE-2018-6040 - -

    WenXu Wu opdagede en måde at omgå indholdssikkerhedsreglerne på.

    • - -
  • CVE-2018-6041 - -

    Luan Herrera opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-6042 - -

    Khalil Zhani opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-6043 - -

    Et blev opdaget et problem med escaping af tegn.

    • - -
  • CVE-2018-6045 - -

    Rob Wu opdagede en måde hvorved udvidelser kunne tilgå devtools.

    • - -
  • CVE-2018-6046 - -

    Rob Wu opdagede en måde hvorved udvidelser kunne tilgå devtools.

    • - -
  • CVE-2018-6047 - -

    Masato Kinugawa opdagede et problem med informationslækage.

    • - -
  • CVE-2018-6048 - -

    Jun Kokatsu opdagede en måde at omgå referrerreglerne på.

    • - -
  • CVE-2018-6049 - -

    WenXu Wu opdagede et problem med forfalskning af - brugergrænsefladen.

    • - -
  • CVE-2018-6050 - -

    Jonathan Kew opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-6051 - -

    Anonio Sanso opdagede et problem med informaktionslækage.

    • - -
  • CVE-2018-6052 - -

    Tanner Emek opdagede at implementeringen af referrerreglerne var - ufuldstændig.

    • - -
  • CVE-2018-6053 - -

    Asset Kabdenov opdagede et problem med informationslækage.

    • - -
  • CVE-2018-6054 - -

    Rob Wu opdagede et problem med anvendelse efter frigivelse.

    • - -
- -

I den gamle stabile distribution (jessie), security support for chromium -has been discontinued.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 64.0.3282.119-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium-browser, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium-browser

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4103.data" diff --git a/danish/security/2018/dsa-4104.wml b/danish/security/2018/dsa-4104.wml deleted file mode 100644 index d7a4ad2fb4a..00000000000 --- a/danish/security/2018/dsa-4104.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="a532744a613e440ec3f93d1b0bad3bbdb66b3f9a" mindelta="1" -sikkerhedsopdatering - -

landave opdagede en heapbaseret bufferoverløbssårbarhed i metoden -NCompress::NShrink::CDecoder::CodeReal i p7zip, et 7zr-filarkiveringsprogram med -en høj komprimeringsgrad. En fjernangriber kunne drage nytte af fejlen til at -forårsage et lammelsesangreb eller potentielt udførelse af vilkårlig kode under -rettighederne hørende til den bruger, der kører p7zip, hvis et særligt -fremstillet skrumpet ZIP-arkiv behandles.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 9.20.1~dfsg.1-4.1+deb8u3.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 16.02+dfsg-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine p7zip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende p7zip, se dens -sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/p7zip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4104.data" diff --git a/danish/security/2018/dsa-4105.wml b/danish/security/2018/dsa-4105.wml deleted file mode 100644 index 9299813a367..00000000000 --- a/danish/security/2018/dsa-4105.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="d80d1acf0fe17385f4142224bc1fc7b5bf23941c" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at mpv, en medieafspiller, var sårbar over for fjernudførelse af -kode. En angriber kunne fabrikere en ondsindet webside, der ved brug som et -parameter i mpv, kunne udføre vilkårlig kode på værtsmaskinen, som brugeren af -mpv anvender.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.23.0-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine mpv-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mpv, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mpv

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4105.data" diff --git a/danish/security/2018/dsa-4106.wml b/danish/security/2018/dsa-4106.wml deleted file mode 100644 index 8841cb01aaa..00000000000 --- a/danish/security/2018/dsa-4106.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="aec112b29508da7fc781dafbe82e908e05603012" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Libtasn1, et bibliotek til håndtering af -ASN.1-strukturer, hvilket gjorde det muligt for fjernangribere at forårsage et -lammelsesangreb mod en applikation, der anvender biblioteket Libtasn1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.10-1.1+deb9u1.

- -

Vi anbefaler at du opgraderer dine libtasn1-6-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libtasn1-6, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libtasn1-6

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4106.data" diff --git a/danish/security/2018/dsa-4107.wml b/danish/security/2018/dsa-4107.wml deleted file mode 100644 index 752bac24b73..00000000000 --- a/danish/security/2018/dsa-4107.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b9349e7a94d8d7e7197915be100f13bf80e0b04f" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at webhook-valideringen i Anymail, en Django-mailbackend til -adskillige ESP'er, var sårbar over for et timingangreb. En fjernangriber kunne -drage nytte af fejlen til at få fat i en WEBHOOK_AUTHORIZATION-hemmelighed, og -indsende vilkårlige mailsporingsbegivenheder.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.8-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine django-anymail-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende django-anymail, -se dens sikkerhedsporingsside på: -\ -https://security-tracker.debian.org/tracker/django-anymail

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4107.data" diff --git a/danish/security/2018/dsa-4108.wml b/danish/security/2018/dsa-4108.wml deleted file mode 100644 index 53d84620d31..00000000000 --- a/danish/security/2018/dsa-4108.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="d6cf90588e378e7cf0bc5ddc5ab81838b09a5ae5" mindelta="1" -sikkerhedsopdatering - -

Calum Hutton og Mailman-holdet, opdagede en sårbarhed i forbindelse med -udførelse af skripter på tværs servere og en informationslækage, på -brugerindstillingssiden. En fjernangriber kunne benytte en fabrikeret URL til -at stjæle cookieoplysninger eller til at fiske efter hvorvidt en bruger er -tilmeldt en liste med en privat tilmeldingsoversigt.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.1.18-2+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.1.23-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine mailman-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mailman, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mailman

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4108.data" diff --git a/danish/security/2018/dsa-4109.wml b/danish/security/2018/dsa-4109.wml deleted file mode 100644 index a44d46a5626..00000000000 --- a/danish/security/2018/dsa-4109.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="91b22c01bacbab05c164549aec62343634a0811c" mindelta="1" -sikkerhedsopdatering - -

Lalith Rallabhandi opdagede at OmniAuth, et Ruby-bibliotek til implementering -af autentifikation mod flere leverandører i webapplikationer, fejlbehandlede og -lækkede følsomme oplysninger. En angriber med adgang til callback-miljøet, som -det er tilfældet med en fabrikeret webapplikation, kunne bede om -autentifikationstjenester fra dette modul, og tilgå CSRF-token'et.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.2.1-1+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.3.1-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine ruby-omniauth-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-omniauth, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-omniauth

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4109.data" diff --git a/danish/security/2018/dsa-4110.wml b/danish/security/2018/dsa-4110.wml deleted file mode 100644 index 6757f41523c..00000000000 --- a/danish/security/2018/dsa-4110.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="9e28a57e9cf67641cca39f1e9601d5d4af64aecf" mindelta="1" -sikkerhedsopdatering - -

Meh Chang opdagede en bufferoverløbsfejl i hjælpefunktio, der anvendes i -SMTP-lytteren i Exim, et mailoverførselsprogram. En fjernangriber kunne drage -nytte af fejlen til at forårsage et lammelsesangreb eller potentielt til -udførelse af vilkårlig kode gennem en særligt fremstillet meddelelse.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 4.84.2-2+deb8u5.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 4.89-2+deb9u3.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende exim4, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/exim4

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4110.data" diff --git a/danish/security/2018/dsa-4111.wml b/danish/security/2018/dsa-4111.wml deleted file mode 100644 index 4ef1c7babde..00000000000 --- a/danish/security/2018/dsa-4111.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1d234abd0cb6d3d7e75ce722a9fea224df8bb875" mindelta="1" -sikkerhedsopdatering - -

Mikhail Klementev, Ronnie Goodrich og Andrew Krasichkov opdagede at manglende -begrænsninger i implementeringen af WEBSERVICE-funktionen i LibreOffice, kunne -medføre blotlæggelse af vilkårlige filer, der er læsbare for brugeren, der åbner -et misdannet dokument.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:5.2.7-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libreoffice, -se dens sikkerhedssporingsside på: -https://security-tracker.debian.org/tracker/libreoffice

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4111.data" diff --git a/danish/security/2018/dsa-4112.wml b/danish/security/2018/dsa-4112.wml deleted file mode 100644 index 229911c8933..00000000000 --- a/danish/security/2018/dsa-4112.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="05463598bf9a37d71aceb4de5a0485475d02daa9" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisoren Xen:

- -
    - -
  • CVE-2017-17563 - -

    Jan Beulich opdagede at en ukorrekt kontrol af referenceoverløbsoptælling - i x86-skyggetilstand, kunne medføre lammelsesangreb eller - rettighedsforøgelse.

    • - -
  • CVE-2017-17564 - -

    Jan Beulich opdagede at fejlagtig fejlhåndtering af referenceoptælling - vedrørende x86-skyggetilstand, kunne medføre lammelsesangreb eller - rettighedsforøgelse.

    • - -
  • CVE-2017-17565 - -

    Jan Beulich opdagede at en ufuldstændig fejlkontrol i håndteringen af - x86 log-dirty, kunne medføre lammelsesangreb.

    • - -
  • CVE-2017-17566 - -

    Jan Beulich opdagede at x86 PV-gæster kunne få adgang til internt - anvendte sider, hvilket kunne medføre lammelsesangreb eller potentielt - rettighedsforøgelse.

    • - -
- -

Desuden leveres denne opdatering med Comet-shim'en for at løse -Meltdown-sårbarhederne for gæster med forældede PV-kerner. Yderligere -indeholder pakken afbødningen af Xen PTI stage 1, der er indbygget og -aktiveret som standard på Intel-systemer, men kan deaktivere med -xpti=false på hypervisor-kommandolinjen (det giver ikke mening at -anvende både xpti og Comet-shim'en).

- -

Se følgende URL for flere oplysninger om hvordan man opsætter individuelle -afbødningsstrategier: \ -https://xenbits.xen.org/xsa/advisory-254.html

- -

Yderligere oplysninger finder man også i README.pti og README.comet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4112.data" diff --git a/danish/security/2018/dsa-4113.wml b/danish/security/2018/dsa-4113.wml deleted file mode 100644 index eb33251d7a5..00000000000 --- a/danish/security/2018/dsa-4113.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c885f752d0586562900722860bab8fdbdf57ab3c" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i bibliotekerne hørende til Vorbis' -lydkomprimeringscodec, hvilke kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode, hvis en misdannet mediefil blev behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.3.5-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine libvorbis-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libvorbis, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libvorbis

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4113.data" diff --git a/danish/security/2018/dsa-4114.wml b/danish/security/2018/dsa-4114.wml deleted file mode 100644 index 43280d1d5cd..00000000000 --- a/danish/security/2018/dsa-4114.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="412e842ac9050996501ad27379eddfee115e5605" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at jackson-databind, et Java-bibliotek som anvendes til at -fortolke JSON og andre dataformater, ikke på korrekt vis validerede -brugerinddata før deserialisering blev forsøgt. Dermed var det muligt for en -angriber, at iværksætte udførelse af kode gennem at levere ondsindet -fremstillede inddata.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2.4.2-2+deb8u3.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.8.6-1+deb9u3.

- -

Vi anbefaler at du opgraderer dine jackson-databind-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende jackson-databind, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/jackson-databind

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4114.data" diff --git a/danish/security/2018/dsa-4115.wml b/danish/security/2018/dsa-4115.wml deleted file mode 100644 index c485ed62800..00000000000 --- a/danish/security/2018/dsa-4115.wml +++ /dev/null @@ -1,62 +0,0 @@ -#use wml::debian::translation-check translation="b2d59e27c8885e3fd69c617daa6a5e823e8f95ef" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Quagga, en routingdæmon. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2018-5378 - -

    Man opdagede at Quaggas BGP-dæmon, bgpd, ikke på korrekt vis - kontrollerede grænser på data sendt med en NOTIFY til en peer, hvis en - attributlængde er ugyldig. En opsat BGP-peer kunne drage nytte af fejlen - til at læse hukommelse fra bgpd-processen eller forårsage et lammelsesangreb - (dæmonnedbrud).

    - -

    https://www.quagga.net/security/Quagga-2018-0543.txt

    • - -
  • CVE-2018-5379 - -

    Man opdagede at Quaggas BGP-dæmon, bgpd, kunne dobbelt-frigive - hukommelse når der blev behandlet visse former for UPDATE-meddelelser, - indeholdende cluster-list og/eller ukendte attributter, medførende et - lammelsesangreb (nedbrud i bgpd-dæmonen).

    - -

    https://www.quagga.net/security/Quagga-2018-1114.txt

    • - -
  • CVE-2018-5380 - -

    Man opdagede at Quaggas BGP-dæmon, bgpd, ikke på korrekt vis håndterede - BGP's interne konverteringstabeller fra kode til streng.

    - -

    https://www.quagga.net/security/Quagga-2018-1550.txt

    • - -
  • CVE-2018-5381 - -

    Man opdagede at Quaggas BGP-dæmon, bgpd, kunne gå i en uendelig løkke, - hvis den modtog en ugyldig OPEN-meddelelse fra en opsat peer. En opsat - peer kunne drage nytte af fejlen til at forårsage et lammelsesangreb - (bgpd-dæmonen svarer ikke på nogen andre events; BGP-sessioner mistes og kan - ikke genetableres; CLI-grænseflade svarer ikke).

    - -

    https://www.quagga.net/security/Quagga-2018-1975.txt

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 0.99.23.1-1+deb8u5.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.1.1-3+deb9u2.

- -

Vi anbefaler at du opgraderer dine quagga-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende quagga, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/quagga

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4115.data" diff --git a/danish/security/2018/dsa-4116.wml b/danish/security/2018/dsa-4116.wml deleted file mode 100644 index 7b5790f7ec7..00000000000 --- a/danish/security/2018/dsa-4116.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c845be0e5db5a3f902c51d59c48f34ebd87d196b" mindelta="1" -sikkerhedsopdatering - -

Krzysztof Sieluzycki opdagede at notifikationsprogrammet vedrørende enheder, -der kan fjernes, i KDE Plasma workspace, udførte utilstrækkelig -fornuftighedskontrol på FAT-/VFAT-volumenavne, hvilket kunne medføre udførelse -af vilkårlige shell-kommandoer, hvis en enhed, der kan fjernes, men har et -misdannet disknavn, blev mount'et.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 4:5.8.6-2.1+deb9u1.

- -

Vi anbefaler at du opgraderer dine plasma-workspace-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende plasma-workspace, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/plasma-workspace

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4116.data" diff --git a/danish/security/2018/dsa-4117.wml b/danish/security/2018/dsa-4117.wml deleted file mode 100644 index 19833a7f17f..00000000000 --- a/danish/security/2018/dsa-4117.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="09ca68399810e463a3511464dbcfe1d8b1809d1b" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter ikke en sårbarhed i GCC selv, men i stedet leveres -understøttelse af opbygning af retpoline-aktiverede Linux-kerneopdateringer.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 4.9.2-10+deb8u1.

- -

Vi anbefaler at du opgraderer dine gcc-4.9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gcc-4.9, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gcc-4.9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4117.data" diff --git a/danish/security/2018/dsa-4118.wml b/danish/security/2018/dsa-4118.wml deleted file mode 100644 index 7185bdb35ee..00000000000 --- a/danish/security/2018/dsa-4118.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="9869f562bb6d7a2d6e684cd646d6f93489262840" mindelta="1" -sikkerhedsopdatering - -

Jonas Klempel rapporterede at tomcat-native, et bibliotek der giver Tomcat -adgang til Apache Portable Runtime-bibliotekets (APR) implementering af -netværksforbindelse (socket) og generator af tilfældige tal, ikke på korrekt vis -håndterede felter, der er længere end 127 bytes, når AIA-Extension-feltet i et -klientcertifikat blev fortolket. Hvis OCSP-kontroller anvendes, kunne det -medføre accept af klientcertifikater, der skulle have været afvist.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.1.32~repack-2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.2.12-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine tomcat-native-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tomcat-native, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tomcat-native

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4118.data" diff --git a/danish/security/2018/dsa-4119.wml b/danish/security/2018/dsa-4119.wml deleted file mode 100644 index 68afb99dbb0..00000000000 --- a/danish/security/2018/dsa-4119.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="dc7d65327eb39576792466bdc467bf8e8d31d8b0" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er rettet i adskillige demuxere og dekodere hørende -til multimediebiblioteket libav. En komplet liste over ændringerne er -tilgængelig på: -\ -https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.12

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 6:11.12-1~deb8u1.

- -

Vi anbefaler at du opgraderer dine libav-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libav, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libav

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4119.data" diff --git a/danish/security/2018/dsa-4120.wml b/danish/security/2018/dsa-4120.wml deleted file mode 100644 index e5dcaf18d19..00000000000 --- a/danish/security/2018/dsa-4120.wml +++ /dev/null @@ -1,88 +0,0 @@ -#use wml::debian::translation-check translation="e957448a747ba76734e0d9fce475660191141e95" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2017-5715 - -

    Adskillige efterforskere har opdaget en sårbarhed i forskellige - processorer, der understøtter spekulativ udførelse, hvilket gjorde det - muligt for en angriber, med kontrol over en upriviligeret proces, at læse - hukommelse fra vilkårlige adresser, herunder fra kernen og alle andre - processer, der kører på systemet.

    - -

    Dette specifikke angreb er døbt Spectre variant 2 (indsprøjtning af - forgreningsmål, branch target injection), og er løst i Linux-kernen - på Intel x86-64-arkitekturen, ved at anvende compilerfunktionaliteten - retpoline, som tillader at indirekte forgreninger kan isoleres fra - den spekulative udførelse.

    • - -
  • CVE-2017-5754 - -

    Adskillige efterforskere har opdaget en sårbarhed i Intels processorer, - som gjorde det muligt for en angriber, med kontrol en upriviligeret proces, - at læse hukommelse fra vilkårlige adresser, herunder fra kernen og alle - andre processer, der kører på systemet.

    - -

    Dette specifikke angreb er døbt Meltdown, og er løst i Linux-kernen på - powerpc-/ppc64el-arkitekturerne,, ved at tømme L1-datacachen, når overgås - fra kernetilstand til brugertilstand (eller fra hypervisor til kerne).

    - -

    Det fungerer på processorerne Power7, Power8 og Power9.

    • - -
  • CVE-2017-13166 - -

    Der er fundet en fejl i 32 bit-kompatibilitetslaget i v4l2's - IOCTL-håndteringskode. Hukommelsesbeskyttelser, der sikrer at - brugerleverede buffere altid peger på hukommelse i brugerrummet, var - deaktiverede, hvilket muliggjorde at måladresser kunne være i kernerummet. - Fejlen kunne udnyttes af en angriber til at overskrive kernehukommelse fra - en upriviligeret brugerrumsproces, førende til rettighedsforøgelse.

    • - -
  • CVE-2018-5750 - -

    En informationslækage er fundet i Linux-kernen. acpi_smbus_hc_add() - udskriver en kerneadresse i kerneloggen ved hver boot, hvilket kunne - anvendes af en angriber på systemet, til at nedkæmpe kerne-ASLR.

    • -
- -

Ud over disse sårbarheder, er der i denne udgave medtaget nogle afbødninger -af \ -CVE-2017-5753.

- -
    - -
  • CVE-2017-5753 - -

    Adskillige efterforskere har opdaget en sårbarhed i forskellige - processorer, der understøtter spekulativ udførelse, hvilket gjorde det - muligt for en angriber, med kontrol over en upriviligeret proces, at læse - hukommelse fra vilkårlige adresser, herunder fra kernen og alle andre - processer, der kører på systemet.

    - -

    Dette specifikke angreb er døbt Spectre variant 1 (omgåelse af - grænsekontroller, bounds-check bypass), og er løst i - Linux-kernearkitekturen, ved at identificere sårbare kodeafsnit - (arraygrænsekontroller efterfulgt af arraytilgang), og erstatte - arraytilgangen med den spekulativ-sikrede funktion array_index_nospec().

    - -

    Flere anvendelsesområder vil med tiden blive tilføjet.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.9.82-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4120.data" diff --git a/danish/security/2018/dsa-4121.wml b/danish/security/2018/dsa-4121.wml deleted file mode 100644 index b9b57cc619c..00000000000 --- a/danish/security/2018/dsa-4121.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="bcf42ed8d94df5e6dfe756075440c9df7b3779ea" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter ikke en sårbarhed i GCC selv, men i stedet leveres -understøttelse af opbygning af retpoline-aktiverede opdateringer af -Linux-kernen.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 6.3.0-18+deb9u1.

- -

Vi anbefaler at du opgraderer dine gcc-6-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4121.data" diff --git a/danish/security/2018/dsa-4122.wml b/danish/security/2018/dsa-4122.wml deleted file mode 100644 index d54fedd8b5a..00000000000 --- a/danish/security/2018/dsa-4122.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="b14d0056028cc7a4387470791aa9561110c9e5e4" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Squid3, en komplet webproxycache. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2018-1000024 - -

    Louis Dion-Marcil opdagede at Squid ikke på korrekt vis håndterede - behandlingen af visse ESI-svar. En fjern server, som leverer bestemte - ESI-svarsyntakser, kunne drage nytte af fejlen til at forårsage et - lammelsesangreb mod alle klienter, der tilgå Squid-tjensten. Problemet er - bgrænset til Squids skræddersyede ESI-fortolker.

    - -

    • - -
  • CVE-2018-1000027 - -

    Louis Dion-Marcil opdagede at Squid var ramt af en - lammelsesangrebsårbarhed, når der blev behandlet ESI-svar eller hentet - mellemmands-CA-certifikater. En fjernangriber kunne drage nytte af fejlen - til at forårsage et lammelsesangreb mod alle klienter, der tilgår - Squid-tjensten.

    - -

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 3.4.8-6+deb8u5.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 3.5.23-5+deb9u1.

- -

Vi anbefaler at du opgraderer dine squid3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende squid3, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/squid3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4122.data" diff --git a/danish/security/2018/dsa-4123.wml b/danish/security/2018/dsa-4123.wml deleted file mode 100644 index 088c1f08086..00000000000 --- a/danish/security/2018/dsa-4123.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="ebcd09b67d4bae6730363a747d7e0d012d0fc765" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i indholdshåndteringsframeworket Drupal. -For yderligere oplysninger, se opstrøms bulletin på -\ -https://www.drupal.org/sa-core-2018-001.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 7.32-1+deb8u10.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.52-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende drupal7, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/drupal7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4123.data" diff --git a/danish/security/2018/dsa-4124.wml b/danish/security/2018/dsa-4124.wml deleted file mode 100644 index 0efe85de0c2..00000000000 --- a/danish/security/2018/dsa-4124.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="648bb52c5a1da5da0ebfa1f5adc298a50c865336" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er fundet i Solr, en søgeserver baseret på Lucene, hvilke -kunne medføre udførelse af vilkårlig kode eller mappegennemløb.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 3.6.2+dfsg-5+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 3.6.2+dfsg-10+deb9u1.

- -

Vi anbefaler at du opgraderer dine lucene-solr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lucene-solr, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lucene-solr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4124.data" diff --git a/danish/security/2018/dsa-4125.wml b/danish/security/2018/dsa-4125.wml deleted file mode 100644 index beecb019a7d..00000000000 --- a/danish/security/2018/dsa-4125.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="d9e02aff73ec00d06205a79bcaf7cc25fa774ae2" mindelta="1" -sikkerhedsopdatering - -

Joonun Jang opdagede flere problemer i wavpack, en suite af -lydkomprimeringsformater. Ukorrekt behandling af inddata, medførte flere -heap- og stakbaserede bufferoverløb, førende til applikationsnedbrud eller -potentielt udførelse af kode.

- -

I den stabile distribution (stretch), er disse problemer rettet -i version 5.0.0-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine wavpack-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wavpack, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wavpack

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4125.data" diff --git a/danish/security/2018/dsa-4126.wml b/danish/security/2018/dsa-4126.wml deleted file mode 100644 index 815dd74742f..00000000000 --- a/danish/security/2018/dsa-4126.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="03b0cc71103427c40913f80a6a6d1d785af9eb56" mindelta="1" -sikkerhedsopdatering - -

Kelby Ludwig og Scott Cantor opdagede at Shibboleth-serviceprovideren var -sårbar over for imitationsangreb og informationsafsløring på grund af ukorrekt -XML-fortolkning. For yderligere oplysninger, se opstrøms bulletin på -\ -https://shibboleth.net/community/advisories/secadv_20180227.txt.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.5.3-2+deb8u3.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.6.0-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine xmltooling-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xmltooling, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xmltooling

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4126.data" diff --git a/danish/security/2018/dsa-4127.wml b/danish/security/2018/dsa-4127.wml deleted file mode 100644 index 2f463b0d770..00000000000 --- a/danish/security/2018/dsa-4127.wml +++ /dev/null @@ -1,80 +0,0 @@ -#use wml::debian::translation-check translation="e33d7a66a7c074c3cee74802c0095de375720e9e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i SimpleSAMLphp, et framework til -autentifikation, primært gennem SAML-protokollen.

- -
    - -
  • CVE-2017-12867 - -

    Angribere med adgang til et hemmeligt token, kunne forlænge dets - gyldighedsperiode, ved at manipulere med det foranstillede - tidsforskydelse.

    • - -
  • CVE-2017-12869 - -

    Ved anvendelse af multiauth-modulet, kunne angribere omgå - autentifikationskontaktbegrænsninger, og anvende en vilkårlig - autentifikationskilde defineret i opsætningen.

    • - -
  • CVE-2017-12873 - -

    Der blev taget defensive foranstaltninger for at forhindre - administratoren i at fejlopsætte vedvarende NameID'er, for at forhindre - identifikationssammenfald (påvirker kun Debian 8 Jessie).

    • - -
  • CVE-2017-12874 - -

    Modulet InfoCard kunne i sjældne tilfælde acceptere ukorrekt signerede - XML-meddelelser.

    • - -
  • CVE-2017-18121 - -

    Modulet consentAdmin var sårbart over for et angreb i forbindelse med - udførelse af skripter på tværs af websteder, hvilket gjorde det muligt for - en angriber at fabrikere links, der kunne udføre vilkårlig JavaScript-kode i - offerets browser.

    • - -
  • CVE-2017-18122 - -

    Den (udfasede) implementering af SAML 1.1, betragtede som gyldige ethvert - usignerede SAML-svar, som indeholder flere end en signeret assertion, - forudsat at signaturen på mindst en af assertion'erne er gyldig, hvilket - gjorde det muligt for en angriber, der er i stand til at få fat i en - gyldig signeret assertion fra en IdP, at udgive sig for at være brugere fra - den IdP.

    • - -
  • CVE-2018-6519 - -

    Lammelsesangreb i regulært udtræk, når der blev fortolket ekstraordinært - lange tidsstempler.

    • - -
  • CVE-2018-6521 - -

    Ændrer sqlauth-modulets MySQL-tegnsæt fra utf8 til utf8mb, for at - forhindre teoretisk query-trunkering, som kunne gøre det muligt fo - fjernangribere at omgå tilsigtede adgangsbegrænsninger.

    • - -
  • CVE-2018-7644 - -

    Kritisk sårbarhed ved signaturvalidering.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.13.1-2+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.14.11-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine simplesamlphp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende simplesamlphp, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/simplesamlphp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4127.data" diff --git a/danish/security/2018/dsa-4128.wml b/danish/security/2018/dsa-4128.wml deleted file mode 100644 index 8bd9a222634..00000000000 --- a/danish/security/2018/dsa-4128.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="28a9347f520772bb73e3d8dfad0f76b03cb4f603" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Apache Traffic Server, en reverse- og -forwardproxyserver. De kunne føre til anvendelse af en ukorrekt opstrømsproxy, -eller tillade at en fjernangriber kunne forårsage et lammelsesangreb gennem et -applikationsnedbrud.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7.0.0-6+deb9u1.

- -

Vi anbefaler at du opgraderer dine trafficserver-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende trafficserver, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/trafficserver

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4128.data" diff --git a/danish/security/2018/dsa-4129.wml b/danish/security/2018/dsa-4129.wml deleted file mode 100644 index 3c28f060e81..00000000000 --- a/danish/security/2018/dsa-4129.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="500b05c4a19ba284705855f89898af0d775f08be" mindelta="1" -sikkerhedsopdatering - -

Adskillige heapbufferoverlæsninger blev opdaget i freexl, et bibliotek til -læsning af Microsoft Excel-regneark, hvilke kunne medføre lammelsesangreb.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.0.0g-1+deb8u5.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.0.2-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine freexl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende freexl, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/freexl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4129.data" diff --git a/danish/security/2018/dsa-4130.wml b/danish/security/2018/dsa-4130.wml deleted file mode 100644 index 13658619ceb..00000000000 --- a/danish/security/2018/dsa-4130.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="a62ab7b13f6a5b7421b2574ff6dc61df54f48260" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i mailserveren Dovecot. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2017-14461 - -

    Aleksandar Nikolic fra Cisco Talos og flxflndy, opdagede at - Dovecot ikke på korrekt vis fortolkede ugyldige mailadresser, hvilket - kunne forårsage et nedbrud eller lækage af hukommelsesindhold til en - angriber.

    • - -
  • CVE-2017-15130 - -

    Man opdagede at TLS SNI-opsætningsopslag kunne føre til for stort - hukommelsesforbrug, forårsagende VSZ-begrænsningen i - imap-login/pop3 blev opnået, og processen genstartet, medførende - lammelsesangreb. Kun Dovecot-opsætninger indeholdende opsætningsblokken - med local_name { } eller local { }, var - påvirkede.

    • - -
  • CVE-2017-15132 - -

    Man opdagede at Dovecot indeholdt en hukommelseslækagefejl i - loginprocessen ved afbrudt SASL-autentifikation.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:2.2.13-12~deb8u4.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:2.2.27-3+deb9u2.

- -

Vi anbefaler at du opgraderer dine dovecot-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dovecot, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/dovecot

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4130.data" diff --git a/danish/security/2018/dsa-4131.wml b/danish/security/2018/dsa-4131.wml deleted file mode 100644 index 9e4c6cc7eed..00000000000 --- a/danish/security/2018/dsa-4131.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="71fa63b222574363f8057feab4b971bc4fe679d3" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisoren Xen:

- -
    - -
  • CVE-2018-7540 - -

    Jann Horn opdagede at manglende kontroller i sidetabelfrigivelsen kunne - medføre lammelsesangreb.

    • - -
  • CVE-2018-7541 - -

    Jan Beulich opdagede at ukorrekt fejlhåndtering i granttabelkontroller - kunne medføre i gæst til vært-lammelsesangreb og potentielt - rettighedsforøgelse.

    • - -
  • CVE-2018-7542 - -

    Ian Jackson opdagede at utilstrækkelig håndtering af x86 PVH-gæster uden - lokale APIC'er kunne medføre gæst til vært-lammelsesangreb.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4131.data" diff --git a/danish/security/2018/dsa-4132.wml b/danish/security/2018/dsa-4132.wml deleted file mode 100644 index e28ffef99a9..00000000000 --- a/danish/security/2018/dsa-4132.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="ac01bda0404591f1fe55913aeb8bb3e4bb76003f" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ukorrekt validering af framebredder i multimediebiblioteket -libvpx, kunne medføre lammelsesangreb og potentielt udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.3.0-3+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.6.1-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine libvpx-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libvpx, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libvpx

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4132.data" diff --git a/danish/security/2018/dsa-4133.wml b/danish/security/2018/dsa-4133.wml deleted file mode 100644 index 9ca761db697..00000000000 --- a/danish/security/2018/dsa-4133.wml +++ /dev/null @@ -1,50 +0,0 @@ -#use wml::debian::translation-check translation="f9b40fce128b5a6ba880581f69472940c95457b7" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i ISC DHCP-klienten, -relayet og -serveren. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2017-3144 - -

    Man opdagede at DHCP-serveren ikke på korrekt vis ryddede op i lukkede - OMAPI-forbindelser, hvilket kunne føre til tømning af mængden af - socketdescriptorer tilgængelige for DHCP-serveren, medførende - lammelsesangreb.

    • - -
  • CVE-2018-5732 - -

    Felix Wilhelm fra Google Security Team opdagede at DHCP-klienten var - sårbar over for en sårbarhed i forbindelse med hukommelsestilgang uden for - grænserne, når der blev behandlet særligt fremstillede - DHCP-valgmulighedssvar, medførende i potentielt udførelse af vilkårlig kode - af en ondsindet DHCP-server.

    • - -
  • CVE-2018-5733 - -

    Felix Wilhelm fra Google Security Team opdagede at DHCP-serveren ikke på - korrekt vis håndterede referenceoptælling, når der blev behandlet - klientforespørgsler. En ondsindet klient kunne drage nytte af fejlen til at - forårsage et lammelsesangreb (dhcpd-nedbrud), ved at sende store mængder - trafik.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 4.3.1-6+deb8u3.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.3.5-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine isc-dhcp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende isc-dhcp, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/isc-dhcp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4133.data" diff --git a/danish/security/2018/dsa-4134.wml b/danish/security/2018/dsa-4134.wml deleted file mode 100644 index 625a16ce884..00000000000 --- a/danish/security/2018/dsa-4134.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="e24a7b27210cba3237ad1f504cabccd01d801e8d" mindelta="1" -sikkerhedsopdatering - -

Bjorn Bosselmann opdagede at umounts bash-completion fra util-linux, ikke på -korrekt vis håndterede indlejrede shell-kommandoer i navnet på et mountpoint. -En angriber med rettigheder til at mounte filsystemer, kunne drage nytte af -fejlen til rettighedsforøgelse, hvis en bruger (i særdeleshed root), blev narret -til at anvende umount-completion mens en særligt fabrikeret mount var til -stede.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.29.2-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine util-linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende util-linux, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/util-linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4134.data" diff --git a/danish/security/2018/dsa-4135.wml b/danish/security/2018/dsa-4135.wml deleted file mode 100644 index c075aee82f4..00000000000 --- a/danish/security/2018/dsa-4135.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="0064ff27bc544ede8da661ee0366156fb637d0de" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Samba, en SMB/CIFS fil-, print- og loginserver -til Unix. Projektet Common Vulnerabilities and Exposures har registreret -følgende problemer:

- - - -

I den gamle stabile distribution (jessie), vil CVE-2018-1050 blive løst i en -senere opdatering. Desværre er de nødvendige ændringer til at rette -CVE-2018-1057 i Debians gamle stabile distribution, for invasive til at blive -tilbageført. Brugere, der anvender Samba som en AD-kompatibel domænecontroller, -opfordres til at benytte den omgåelse af problemet, som er beskrevet i Sambas -wiki, samt at opgradere til Debian stretch.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2:4.5.12+dfsg-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende samba, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/samba

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4135.data" diff --git a/danish/security/2018/dsa-4136.wml b/danish/security/2018/dsa-4136.wml deleted file mode 100644 index 1c2ae509397..00000000000 --- a/danish/security/2018/dsa-4136.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="15c5d96a3bbe0a64e70a1cd32455e8859bee30ef" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i cURL, et URL-overførselsbibliotek.

- -
    - -
  • CVE-2018-1000120 - -

    Duy Phan Thanh opdagede at curl kunne blive narret til at skrive en - nulbyte uden for grænserne, når curl fik besked på at arbejde på FTP-URL, og - indstillet til kun at benytte en enkelt CWD-kommando, hvis mappedelen af - URL'en indeholder en “%00”-sekvents.

    • - -
  • CVE-2018-1000121 - -

    Dario Weisser opdagede at curl kunne might dereferere en - næsten-NULL-adresse, når den modtager en LDAP-URL, på grund af at funktionen - ldap_get_attribute_ber() returnerer LDAP_SUCCESS og en NULL-pointer. En - ondsindet server kunne få applikationer, der benytter libcurl og som - tillader viderestillinger til LDAP-URL'er, til at gå ned.

    • - -
  • CVE-2018-1000122 - -

    OSS-fuzz, med hjælp fra Max Dymond, opdagede at curl kunne narres til at - kopiere data forbi slutningen af dens heapbaserede buffer, når det blev bedt - om at overføre en RTSP-URL.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 7.38.0-4+deb8u10.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7.52.1-5+deb9u5.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende curl, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/curl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4136.data" diff --git a/danish/security/2018/dsa-4137.wml b/danish/security/2018/dsa-4137.wml deleted file mode 100644 index 87e6440f3bf..00000000000 --- a/danish/security/2018/dsa-4137.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="ef2979d0210ace9389b35cb8d47babaedcc6dc3e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Libvirt, et -virtualiseringsabstraktionsbibliotek:

- -
    - -
  • CVE-2018-1064 - -

    Daniel Berrange opdagede at QEMU-gæsteagenten udførte utilstrækkelig - validering af indkommende data, hvilket gjorde det muligt for en - priviligeret bruger hos gæsten, at udmatte ressourcer på den virtuelle - vært, medførende lammelsesangreb guest agent performed - insufficient validation of incom.

    • - -
  • CVE-2018-5748 - -

    Daniel Berrange og Peter Krempa opdagede at QEMU's monitor var ramt af - et lammelsesangreb gennem hukommelsesudmattelse. Det er allerede rettet i - Debian stretch, og påvirker kun Debian jessie.

    • - -
  • CVE-2018-6764 - -

    Pedro Sampaio opdagede at LXC-containere opdagede værtsnavnet på - usikker vis. Det påvirker kun Debian stretch.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.2.9-9+deb8u5.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 3.0.0-4+deb9u3.

- -

Vi anbefaler at du opgraderer dine libvirt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libvirt, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libvirt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4137.data" diff --git a/danish/security/2018/dsa-4138.wml b/danish/security/2018/dsa-4138.wml deleted file mode 100644 index 08cd3381890..00000000000 --- a/danish/security/2018/dsa-4138.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="8021162d65eaefb9beb259748799b6f52088d678" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i mbed TLS, et letvægtscrypto og --SSL/TLS-bibliotek, som gjorde det muligt for en fjernangriber at enten -forårsage et lammelsesangreb ved applikationsnedbrug eller fjernudførelse af -vilkårlig kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.4.2-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine mbedtls-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mbedtls, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mbedtls

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4138.data" diff --git a/danish/security/2018/dsa-4139.wml b/danish/security/2018/dsa-4139.wml deleted file mode 100644 index f1a25c8772d..00000000000 --- a/danish/security/2018/dsa-4139.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="621895a52e27b66decc53c03824a26d9189cdbad" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl og andre implementeringsfejl kunne føre til -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 52.7.1esr-1~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 52.7.1esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4139.data" diff --git a/danish/security/2018/dsa-4140.wml b/danish/security/2018/dsa-4140.wml deleted file mode 100644 index 2b4b0a1fda2..00000000000 --- a/danish/security/2018/dsa-4140.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="3d766aac57a721766056afb285159d58e5eda395" mindelta="1" -sikkerhedsopdatering - -

Richard Zhu opdagede en hukommelseslæsning uden for grænserne i -codebook-fortolkningskoden i multimediebiblioteket Libvorbis, hvilket kunne -medføre udførelse af vilkårlig kode, hvis en misdannet Vorbis-fil blev -åbnet.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.3.4-2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.3.5-4+deb9u2.

- -

Vi anbefaler at du opgraderer dine libvorbis-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libvorbis, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libvorbis

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4140.data" diff --git a/danish/security/2018/dsa-4141.wml b/danish/security/2018/dsa-4141.wml deleted file mode 100644 index 2a964dc700c..00000000000 --- a/danish/security/2018/dsa-4141.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="2248474d7408df92a10c1bc7340f4552a3b5bfd2" mindelta="1" -sikkerhedsopdatering - -

Richard Zhu opdagede en hukommelseslæsning uden for grænserne i -codebook-fortolkningskoden i multimediebiblioteket Libtremor, hvilket kunne -medføre udførelse af vilkårlig kode, hvis en misdannet Vorbis-fil blev -åbnet.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.0.2+svn18153-1~deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.0.2+svn18153-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine libvorbisidec-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libvorbisidec, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libvorbisidec

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4141.data" diff --git a/danish/security/2018/dsa-4142.wml b/danish/security/2018/dsa-4142.wml deleted file mode 100644 index 22c59bf3272..00000000000 --- a/danish/security/2018/dsa-4142.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="d664553ed976467c5155d8b2c3397280f3821e85" mindelta="1" -sikkerhedsopdatering - -

Marios Nicolaides opdagede at PHP-plugin'en i uWSGI, en hurtig, -selvhelbredende applikationscontainerserver, ikke på korrekt vis håndterede et -DOCUMENT_ROOT-tjek ved anvendelse af parameteret --php-docroot, hvilket gjorde -det muligt for en fjernangriber at iværksætte et mappegennemløbsangreb og få -uautoriseret læseadgang til følsomme filer, som befinder sig uden for -webrodsmappen.

- -

I den gamle stabile distribution (jessie), er dette problem rettet i version -2.0.7-1+deb8u2. Opdateringen indeholder desuden rettelsen til -\ -CVE-2018-6758, der var tiltænkt at blive løst i den kommende punktopdatering -af jessie.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.0.14+20161117-3+deb9u2.

- -

Vi anbefaler at du opgraderer dine uwsgi-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende uwsgi, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/uwsgi

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4142.data" diff --git a/danish/security/2018/dsa-4143.wml b/danish/security/2018/dsa-4143.wml deleted file mode 100644 index bc66c5b0308..00000000000 --- a/danish/security/2018/dsa-4143.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="6dd2848c0870d5466d18155e4a13d5af27df9e27" mindelta="1" -sikkerhedsopdatering - -

Richard Zhu og Huzaifa Sidhpurwala opdagede at en skrivning uden for -grænserne, når man afspiller Vorbis-mediefiler, kunne medføre udførelse af -vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 52.7.2esr-1~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 52.7.2esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4143.data" diff --git a/danish/security/2018/dsa-4144.wml b/danish/security/2018/dsa-4144.wml deleted file mode 100644 index 5cf7384c603..00000000000 --- a/danish/security/2018/dsa-4144.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e82e05b343b18c729c2cc3842d28698012e0f029" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende lammelsesangreb, omgåelse af sandkasse, udførelse af -vilkårlig kode, ukorrekt LDAP/GSS-autentifikation, usikker anvendelse af -kryptografi og omgåelse af deserialiseringsbegræsninger.

- -

I den stabile distribution (stretch), er disse problemer -rettet i version 8u162-b12-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine openjdk-8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-8, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4144.data" diff --git a/danish/security/2018/dsa-4145.wml b/danish/security/2018/dsa-4145.wml deleted file mode 100644 index f9b0276a9ad..00000000000 --- a/danish/security/2018/dsa-4145.wml +++ /dev/null @@ -1,48 +0,0 @@ -#use wml::debian::translation-check translation="20b54fff2126ca54008f13822b252355ae56b90d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Gitlab, en softwareplatform til -kodesamarbejde:

- -
    - -
  • CVE-2017-0915 / - CVE-2018-3710 - -

    Udførelse af vilkårlig kode i projektimport.

    • - -
  • CVE-2017-0916 - -

    Kommandoindsprøjtning gennem Webhooks.

    • - -
  • CVE-2017-0917 - -

    Udførelse af skripter på tværs af websteder i CI-jobuddata.

    • - -
  • CVE-2017-0918 - -

    Utilstrækkelig begrænsning på CI-runner for projektcacheadgang.

    • - -
  • CVE-2017-0925 - -

    Informationsafsløring i Services-API'et.

    • - -
  • CVE-2017-0926 - -

    Begrænsninger for deaktiveret OAuth-providers kunne omgås.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8.13.11+dfsg1-8+deb9u1.

- -

Vi anbefaler at du opgraderer dine gitlab-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gitlab, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gitlab

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4145.data" diff --git a/danish/security/2018/dsa-4146.wml b/danish/security/2018/dsa-4146.wml deleted file mode 100644 index f75e35206f3..00000000000 --- a/danish/security/2018/dsa-4146.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="f96c0dbcb88015e3ff2ff19a307cce9277370691" mindelta="1" -sikkerhedsopdatering - -

Charles Duffy opdagede at klassen Commandline i værktøjerne til -Plexus-frameworket, benyttede utilstrækkelig quoting af dobbelt-enkodede -strenge, hvilket kunne meføre udførelse af vilkårlige shell-kommandoer.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1:1.5.15-4+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:1.5.15-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine plexus-utils-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende plexus-utils, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/plexus-utils

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4146.data" diff --git a/danish/security/2018/dsa-4147.wml b/danish/security/2018/dsa-4147.wml deleted file mode 100644 index d6aced34ded..00000000000 --- a/danish/security/2018/dsa-4147.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f2f040451db5d19bb591fb322b5959547c2c5f1c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i PolarSSL, et letvægts krypto- og -SSL/TLS-bibliotek, som gjorde det muligt for en fjernangriber at enten forårsage -et lammelsesangreb gennem applikationsnedbrud, eller udføre vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.3.9-2.1+deb8u3.

- -

Vi anbefaler at du opgraderer dine polarssl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende polarssl, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/polarssl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4147.data" diff --git a/danish/security/2018/dsa-4148.wml b/danish/security/2018/dsa-4148.wml deleted file mode 100644 index 5174691b8b3..00000000000 --- a/danish/security/2018/dsa-4148.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="566423828a5c39d0bc96ad606430af5bb1e47162" mindelta="1" -sikkerhedsopdatering - -

Alfred Farrugia og Sandro Gauci opdagede et forskudt med en-heapoverløb i -SIP-serveren Kamailio, hvilken kunne medføre lammelsesangreb og potentielt -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 4.2.0-2+deb8u3.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 4.4.4-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine kamailio-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende kamailio, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/kamailio

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4148.data" diff --git a/danish/security/2018/dsa-4149.wml b/danish/security/2018/dsa-4149.wml deleted file mode 100644 index fe889552544..00000000000 --- a/danish/security/2018/dsa-4149.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="eb49d1298bc100d66eec62f559836ce597a35e30" mindelta="1" -sikkerhedsopdatering - -

Charles Duffy opdagede at klassen Commandline i værktøjerne til -Plexus-frameworket, benyttede utilstrækkelig quoting af dobbelt-enkodede -strenge, hvilket kunne meføre udførelse af vilkårlige shell-kommandoer.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 3.0.15-1+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet før den -første udgivelse.

- -

Vi anbefaler at du opgraderer dine plexus-utils2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende plexus-utils2, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/plexus-utils2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4149.data" diff --git a/danish/security/2018/dsa-4150.wml b/danish/security/2018/dsa-4150.wml deleted file mode 100644 index 4a37fbdb2ef..00000000000 --- a/danish/security/2018/dsa-4150.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="1f2901bbfb2d8901b439412e8a4eab0ff2b83c05" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at et heltalsoverløb i biblioteket International Components for -Unicode (ICU) kunne medføre lammelsesangreb og potentielt udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 52.1-8+deb8u7.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 57.1-6+deb9u2.

- -

Vi anbefaler at du opgraderer dine icu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende icu, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/icu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4150.data" diff --git a/danish/security/2018/dsa-4151.wml b/danish/security/2018/dsa-4151.wml deleted file mode 100644 index ffb02e3475b..00000000000 --- a/danish/security/2018/dsa-4151.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="b1de4b4ed85aeb62c80b5f636c6658a9dec1d6dc" mindelta="1" -sikkerhedsopdatering - -

Bas van Schaik og Kevin Backhouse opdagede en stakbaseret -bufferoverløbssårbarhed i librelp, et bibliotek der stiller en pålidelig -eventlogning over netværket til rådighed, som blev udløst mens der blev -kontrolleret x509-certifikater fra en peer. En fjernangrier, der er i stand til -at forbinde sig til rsyslog, kunne drage nytte af fejlen til fjernudførelse af -kode, ved at sende et særligt fremstillet x509-certifikat.

- -

Flere oplysninger finder man i opstrøms bulletin: -\ -https://www.rsyslog.com/cve-2018-1000140/

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.2.7-2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.2.12-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine librelp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende librelp, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/librelp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4151.data" diff --git a/danish/security/2018/dsa-4152.wml b/danish/security/2018/dsa-4152.wml deleted file mode 100644 index 56331fb1bd9..00000000000 --- a/danish/security/2018/dsa-4152.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="a422f029b9ffa189853ff67e39f6886a1130d2e3" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i MuPDF, et fremvisningsprogram til PDF-, XPS- -og e-book-filer, hvilket kunne medføre lammelsesangreb eller fjernudførelse af -kode. En angriber kunne fabrikere et PDF-dokument, som ved åbning på offerets -vært, kunne forbruge enorme mængder hukommelse, få programmet til at gå ned, -eller i nogle situationer, udføre kode i den kontekst, som applikationen kører -under.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.5-1+deb8u4.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.9a+ds1-4+deb9u3.

- -

Vi anbefaler at du opgraderer dine mupdf-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mupdf, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mupdf

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4152.data" diff --git a/danish/security/2018/dsa-4153.wml b/danish/security/2018/dsa-4153.wml deleted file mode 100644 index b1fb0badaf5..00000000000 --- a/danish/security/2018/dsa-4153.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="85bac29c7209956a87af0e2c5cf95d4b48905c40" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at en anvendelse efter frigivelse i Firefox' compositor kunne -medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 52.7.3esr-1~deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 52.7.3esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4153.data" diff --git a/danish/security/2018/dsa-4154.wml b/danish/security/2018/dsa-4154.wml deleted file mode 100644 index a5bf8c696e1..00000000000 --- a/danish/security/2018/dsa-4154.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="0746a7961085d6d1aa9c70bc10871f0f5a9070d7" mindelta="1" -sikkerhedsopdatering - -

En heapkorruptionssårbarhed blev opdaget i net-snmp, en samling Simple -Network Management Protocol-applikationer, som blev udløst når PDU'en blev -fortolket forud for autentifikationsprocessen. En fjern, uautoriseret bruger -kunne drage nytte af fejlen til at få snmpd-processen til at gå ned -(forårsagende et lammelsesangreb) eller potentielt udførelse af vilkårlig -kode med rettighederne hørende til brugeren, der kører snmpd.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 5.7.2.1+dfsg-1+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet -before the initial release.

- -

Vi anbefaler at du opgraderer dine net-snmp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende net-snmp, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/net-snmp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4154.data" diff --git a/danish/security/2018/dsa-4155.wml b/danish/security/2018/dsa-4155.wml deleted file mode 100644 index 3395b16d7b6..00000000000 --- a/danish/security/2018/dsa-4155.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="286e55b2dac8e32efe532688266b68a7ff7b49b2" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:52.7.0-1~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:52.7.0-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4155.data" diff --git a/danish/security/2018/dsa-4156.wml b/danish/security/2018/dsa-4156.wml deleted file mode 100644 index bd4b27bb25a..00000000000 --- a/danish/security/2018/dsa-4156.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="4342f739f452ef4bfbcff5c9b8d6712e643cad77" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med fjernudførelse af kode, er fundet i Drupal, -et komplet indholdshåndteringsframework. For yderligere oplysninger, se -opstrøms bulleting på: -\ -https://www.drupal.org/sa-core-2018-002

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 7.32-1+deb8u11.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.52-2+deb9u3.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende drupal7, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/drupal7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4156.data" diff --git a/danish/security/2018/dsa-4157.wml b/danish/security/2018/dsa-4157.wml deleted file mode 100644 index b123f645475..00000000000 --- a/danish/security/2018/dsa-4157.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="f318b2267f9cc64f8be31b4ae4961c569c84372d" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i OpenSSL, et Secure Sockets -Layer-værktøjssæt. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2017-3738 - -

    David Benjamin fra Google rapporterede om en overløbsfejl i AVX2 - Montgomery-multiplikationsproceduren, der anvendes i eksponentiering - med 1024 bit-moduli.

    • - -
  • CVE-2018-0739 - -

    Man opdagede at konstruerede ASN.1-typer med en rekursiv definition, - kunne overskride stakken, potentielt førende til et - lammelsesangreb.

    • - -
- -

Flere oplysninger finder man i opstrøms bulletin: -\ -https://www.openssl.org/news/secadv/20180327.txt

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.0.1t-1+deb8u8. Den gamle stabile distribution er ikke påvirket af -\ -CVE-2017-3738.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.1.0f-3+deb9u2.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4157.data" diff --git a/danish/security/2018/dsa-4158.wml b/danish/security/2018/dsa-4158.wml deleted file mode 100644 index 84424f30030..00000000000 --- a/danish/security/2018/dsa-4158.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="166ca19a40301ba433f02a362644984b497a5bdf" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at konstruerede ASN.1-typer med en rekursiv definition, -kunne overskride stakken, potentielt førende til et lammelsesangreb.

- -

Flere oplysninger finder man i opstrøms bulletin: -\ -https://www.openssl.org/news/secadv/20180327.txt

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.0.2l-2+deb9u3.

- -

Vi anbefaler at du opgraderer dine openssl1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl1.0, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssl1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4158.data" diff --git a/danish/security/2018/dsa-4159.wml b/danish/security/2018/dsa-4159.wml deleted file mode 100644 index 0cc22207f78..00000000000 --- a/danish/security/2018/dsa-4159.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="8947832720a0069e4a9e475fc6007c31845d1daa" mindelta="1" -sikkerhedsopdatering - -

Santosh Ananthakrishnan opdagede en anvendelse efter frigivelse i remctl, en -server til Kerberos-autentificeret kommandoudførelse. Hvis kommandoen er opsat -med sudo-valgmuligheden, kunne det potentielt føre til udførelse af vilkårlig -kode.

- -

Den gamle stabile distribution (jessie) er ikke påvirket.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.13-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine remctl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende remctl, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/remctl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4159.data" diff --git a/danish/security/2018/dsa-4160.wml b/danish/security/2018/dsa-4160.wml deleted file mode 100644 index faf2c2328f4..00000000000 --- a/danish/security/2018/dsa-4160.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c2e281b183a91bd79f2e942a9010439b0053f4f5" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at utilstrækkelig fornuftighedskontrol af inddata i libevt, et -bibliotek til at tilgå formatet Windows Event Log (EVT), kunne medføre -lammelsesangreb, hvis en misdannet EVT-fil blev behandlet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 20170120-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine libevt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libevt, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libevt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4160.data" diff --git a/danish/security/2018/dsa-4161.wml b/danish/security/2018/dsa-4161.wml deleted file mode 100644 index bd406ddd525..00000000000 --- a/danish/security/2018/dsa-4161.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="8e7fd482fffa5e239eb89c737088710cdc51ac13" mindelta="1" -sikkerhedsopdatering - -

James Davis opdagede to problemer i Django, et webudviklingsframework på højt -niveau til Python, hvilke kunne føre til et lammelsesangreb. En angriber med -kontrol over inddata til funktionen django.utils.html.urlize() eller -django.utils.text.Truncators chars()- og words()-metoder, kunne fabrikere en -string, der kunne få udførelsen af applikationen til at hænge.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.7.11-1+deb8u3.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:1.10.7-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-django, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-django

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4161.data" diff --git a/danish/security/2018/dsa-4162.wml b/danish/security/2018/dsa-4162.wml deleted file mode 100644 index e13c088786f..00000000000 --- a/danish/security/2018/dsa-4162.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="da604a40d69e488704fed886ff3118ea46733b41" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Irssi, en terminalbaseret IRC-klient, -hvilke kunne føre til lammelsesangreb.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.0.7-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine irssi-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende irssi, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/irssi

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4162.data" diff --git a/danish/security/2018/dsa-4163.wml b/danish/security/2018/dsa-4163.wml deleted file mode 100644 index bfb6bdefab0..00000000000 --- a/danish/security/2018/dsa-4163.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="ff4d471d9fe8f1e94b997384dbf58528649e97b4" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at en kapløbstilstand i beep (hvis opsat som setuid gennem -debconf), tillod lokal rettighedsforøgelse.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.3-3+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.3-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine beep-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende beep, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/beep

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4163.data" diff --git a/danish/security/2018/dsa-4164.wml b/danish/security/2018/dsa-4164.wml deleted file mode 100644 index 223bd890cec..00000000000 --- a/danish/security/2018/dsa-4164.wml +++ /dev/null @@ -1,71 +0,0 @@ -#use wml::debian::translation-check translation="06055c46458fbef39d77aaab9daaaa91bd7e3344" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i Apache HTTPD-serveren.

- -
    - -
  • CVE-2017-15710 - -

    Alex Nichols og Jakob Hirsch rapporterede at mod_authnz_ldap, hvis opsat - med AuthLDAPCharsetConfig, kunne forårsage en skrivning uden for grænserne, - hvis der blev leveret en fabrikeret Accept-Language-header. Det kunne - potentielt anvendelse til et lammelsesangreb.

    • - -
  • CVE-2017-15715 - -

    Elar Lang opdagede at udtryk angivet i <FilesMatch>, kunne matche - '$' til en newlinetegn i et ondsindet fremstillet filnavn, frem for kun at - matche slutningen af filnavnet. Det kunne udnyttes i miljøer hvor upload af - nogle filer blokeres eksternt, men kun ved at matche den afsluttende del af - filnavnet.

    • - -
  • CVE-2018-1283 - -

    Når mod_session er opsat til at viderestille sine sessionsdata til - CGI-applikationer (SessionEnv on, ikke som standard), en fjernbruger kunne - påvirke deres indhold ved at anvende en Session-header.

    • - -
  • CVE-2018-1301 - -

    Robert Swiecki rapporterede at en særligt fremstillet forespørgsel kunne - have fået Apache HTTP-serveren til at gå ned, på grund af en tilgang uden - for grænserne efter en størrelsesgrænse er nået, ved at læse - HTTP-headeren.

    • - -
  • CVE-2018-1303 - -

    Robert Swiecki rapporterede at en særligt fremstillet - HTTP-forespørgselssheader kunne have fået Apache HTTP-serveren til at gå - ned, hvis mod_cache_socache anvendes, på grund af en læsning uden for - grænserne, mens data forberedes til at blive cachet i delt - hukommelse.

    • - -
  • CVE-2018-1312 - -

    Nicolas Daniels opdagede at når der blev genereret en HTTP - Digest-autentifikationschallenge, var den nonce der sendes af - mod_auth_digest til at forhindre replay-angreb, ikke genereret korrekt - ved hjælp af en pseudo-random seed. I en serverklynge, der anvender en - fælles Digest-autentifikationsopsætning, kunne HTTP-forespørgsler blive - genafspillet på tværs af servere af en angriber, uden at blive - opdaget.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2.4.10-10+deb8u12.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.4.25-3+deb9u4.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende apache2, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/apache2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4164.data" diff --git a/danish/security/2018/dsa-4165.wml b/danish/security/2018/dsa-4165.wml deleted file mode 100644 index c8a7b50d1b6..00000000000 --- a/danish/security/2018/dsa-4165.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="132486e47436283e0a2d78c34a0fd8f3a263b035" mindelta="1" -sikkerhedsopdatering - -

Michal Kedzior fandt to sårbarheder i LDAP Account Manager, en webfrontend -til LDAP-kataloger.

- -
    - -
  • CVE-2018-8763 - -

    Den fundne Reflected Cross Site Scripting-sårbarhed (XSS) kunne gøre det - muligt for en angriber, at udføre JavaScript-kode i offerets browser eller - at viderestille vedkommende til et ondsindet websted, hvis offeret klikker - på et særligt fremstillet link.

    • - -
  • CVE-2018-8764 - -

    Applikationen lækker CSRF-tokenet i URL'en, hvilket kunne anvendes af en - angriber til at iværksætte et Cross-Site Request Forgery-angreb, i hvilket - et offer logget ind i LDAP Account Manager, måske kunne udføre uønskede - handlinger i frontend'en, ved at klikke på et link, fabrikeret af - angriberen.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 4.7.1-1+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 5.5-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine ldap-account-manager-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ldap-account-manager, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ldap-account-manager

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4165.data" diff --git a/danish/security/2018/dsa-4166.wml b/danish/security/2018/dsa-4166.wml deleted file mode 100644 index b5494eb8272..00000000000 --- a/danish/security/2018/dsa-4166.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="26b91be191b0fbf379037538277fdfe179dfe44d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende lammelsesangreb, omgåelse af sandkassen, udførelse af -vilkårlig kode, ukorrekt LDAP-/GSS-autentifikation, usikker anvendelse af -kryptografi eller omgåelse af deserialiseringsbegrænsninger.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 7u171-2.6.13-1~deb8u1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-7, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4166.data" diff --git a/danish/security/2018/dsa-4167.wml b/danish/security/2018/dsa-4167.wml deleted file mode 100644 index 892c9601fee..00000000000 --- a/danish/security/2018/dsa-4167.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="e6b3ac017c0c14787976a3dfbc7c4c45657c2d04" mindelta="1" -sikkerhedsopdatering - -

En bufferoverløbssårbarhed blev opdaget i Sharutils, et sæt værktøjer til -håndtering af Shell Archives. En angriber med kontrol over inddata til -unshar-kommanden, kunne få applikationen til at gå ned eller udføre vilkårlig -kode i dens kontekst.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1:4.14-2+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:4.15.2-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine sharutils-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende sharutils, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/sharutils

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4167.data" diff --git a/danish/security/2018/dsa-4168.wml b/danish/security/2018/dsa-4168.wml deleted file mode 100644 index 4412866c735..00000000000 --- a/danish/security/2018/dsa-4168.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="d4c366a7eb087a21593334a1a85bcd2785f5c2d5" mindelta="1" -sikkerhedsopdatering - -

Florian Grunow og Birk Kauer fra ERNW opdagede en mappegennemløbssårbarhed i -SquirrelMail, en webmailapplikation, hvilket gjorde det muligt for en -autentificeret fjernangriber at hente eller slette vilkårlige filer gennem -mailvedhæftelse.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2:1.4.23~svn20120406-2+deb8u2.

- -

Vi anbefaler at du opgraderer dine squirrelmail-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende squirrelmail, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/squirrelmail

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4168.data" diff --git a/danish/security/2018/dsa-4169.wml b/danish/security/2018/dsa-4169.wml deleted file mode 100644 index e6e770ecf55..00000000000 --- a/danish/security/2018/dsa-4169.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="6204b33068ef81f7672e5995dfe7aaf440401e54" mindelta="1" -sikkerhedsopdatering - -

Cédric Buissart fra Red Hat opdagede en informationsafsløringsfejl i pcs, en -pacemaker-kommandolinjegrænseflade og -GUI. REST-interfacet tillader noramlt -ikke anvendelse af parameteret --debug, for at forindre informationslækage, men -kontrollen var ikke tilstrækkelig.

- -

I den stabile distribution (stretch), er dette problem rettet i version -0.9.155+dfsg-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine pcs-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pcs, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pcs

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4169.data" diff --git a/danish/security/2018/dsa-4170.wml b/danish/security/2018/dsa-4170.wml deleted file mode 100644 index 8d09f876f6f..00000000000 --- a/danish/security/2018/dsa-4170.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="d0c11aeab089caf50b0e4d0a128aecc032137550" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i multimediekommunikationen -PJSIP/PJProject, hvilke kunne medføre lammelsesangreb under behandlingen af -SIP- og SDP-meddelelser og ioqueue-nøgler.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.5.5~dfsg-6+deb9u1.

- -

Vi anbefaler at du opgraderer dine pjproject-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pjproject, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pjproject

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4170.data" diff --git a/danish/security/2018/dsa-4171.wml b/danish/security/2018/dsa-4171.wml deleted file mode 100644 index f7964f37020..00000000000 --- a/danish/security/2018/dsa-4171.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="8b8fe789f79334d4f6dfc87817c6dce85f5578d3" mindelta="1" -sikkerhedsopdatering - -

Shopify Application Security Team rapporterede at ruby-loofah, et generelt -bibliotek til behandling og transformering af HTML-/XML-dokumenter og --fragmenter, tillod at ikke-hvidlistede attributter kunne være til stede i -rensede uddata, efter at have modtaget inddata med særligt fremstillede -HTML-fragmenter. Dermed kunne det måske være muligt at iværksætte et -kodeindsprøjtningsangreb i en browser, der benytter de rensede uddata.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.0.3-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine ruby-loofah-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-loofah, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-loofah

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4171.data" diff --git a/danish/security/2018/dsa-4172.wml b/danish/security/2018/dsa-4172.wml deleted file mode 100644 index 9dd27ad30e8..00000000000 --- a/danish/security/2018/dsa-4172.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="b41b0ebcc23ca0097d64706c3865f88ab642cb68" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i implementeringen af -programmeringssproget Perl. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2018-6797 - -

    Brian Carpenter rapporterede at et fabrikeret regulært udtryk kunne - forårsage et heapoverskrivningsoverløb, med kontrol over de skrevne - bytes.

    • - -
  • CVE-2018-6798 - -

    Nguyen Duc Manh rapporterede at matching af en fabrikeret locale - afhængig af regulære udtryk, kunne medføre en heapbaseret bufferoverlæsning - og potentielt informationsafsløring.

    • - -
  • CVE-2018-6913 - -

    GwanYeong Kim rapporterede at pack() kunne forårsage et - heapbufferskrivningsoverløb med et stort antal elementer.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet i -version 5.20.2-3+deb8u10. Opdateringen af den gamle stabile distribution -(jessie) indeholder kun en rettelse af -CVE-2018-6913.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 5.24.1-3+deb9u3.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende perl, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/perl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4172.data" diff --git a/danish/security/2018/dsa-4173.wml b/danish/security/2018/dsa-4173.wml deleted file mode 100644 index 5b163e1305f..00000000000 --- a/danish/security/2018/dsa-4173.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="d3370c40d84fab707c969cd7d271778bbd1cfdcf" mindelta="1" -sikkerhedsopdatering - -

Marcin Noga opdagede adskillige sårbarheder i readxl, en GNU R-pakke til -læsning af Excel-filer (gennem det integrerede libxls-bibliotek), hvilket kunne -medføre udførelse af vilkårlig kode, hvis et misdannet regneark blev -behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.1.1-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine r-cran-readxl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende r-cran-readxl, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/r-cran-readxl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4173.data" diff --git a/danish/security/2018/dsa-4174.wml b/danish/security/2018/dsa-4174.wml deleted file mode 100644 index 95985788b05..00000000000 --- a/danish/security/2018/dsa-4174.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="0bd4e5a8622c5460949db49c45323687b17e7188" mindelta="1" -sikkerhedsopdatering - -

Citrix Security Response Team opdagede at corosync, en -klyngemotorimplementering, tillod at en uautentificeret bruger kunne forårsage -et lammelsesangreb gennem applikationsnedbrud.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.4.2-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine corosync-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende corosync, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/corosync

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4174.data" diff --git a/danish/security/2018/dsa-4175.wml b/danish/security/2018/dsa-4175.wml deleted file mode 100644 index 98212650d9b..00000000000 --- a/danish/security/2018/dsa-4175.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="99e31f16344daa2986102784829ad44c8055fe37" mindelta="1" -sikkerhedsopdatering - -

Wojciech Regula opdagede en XML External Entity-sårbarhed i XML Parser i -mindmap-indlæseren i freeplane, et Java-program til at arbejde med mindkort, -medførende potentiel informationsafsløring, hvis en ondsindet mindkortfil -åbnes.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.3.12-1+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.5.18-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine freeplane-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende freeplane, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/freeplane

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4175.data" diff --git a/danish/security/2018/dsa-4176.wml b/danish/security/2018/dsa-4176.wml deleted file mode 100644 index a131999eb19..00000000000 --- a/danish/security/2018/dsa-4176.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="3acc2c2cc0c84c331343237a1f4710eab09a7e30" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MySQL. Sårbarhederne er løst -ved at opgradere MySQL til den nye opstrømsversion 5.5.60, der indeholder -yderligere ændringer. Se MySQL 5.5 Release Notes og Oracles Critical Patch -Update-bulletin for flere oplysninger:

- -

- -
- -

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 5.5.60-0+deb8u1.

- -

Vi anbefaler at du opgraderer dine mysql-5.5-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mysql-5.5, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mysql-5.5

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4176.data" diff --git a/danish/security/2018/dsa-4177.wml b/danish/security/2018/dsa-4177.wml deleted file mode 100644 index 804def3fd1f..00000000000 --- a/danish/security/2018/dsa-4177.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="6352ddb3b7d77b06eaab9c7b7991a23cc55722e3" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i billedindlæsningsbiblioteket til Simple -DirectMedia Layer 2, hvilke kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode, hvis misdannede billedfiler blev åbnet.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2.0.0+dfsg-3+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.0.1+dfsg-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine libsdl2-image-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libsdl2-image, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libsdl2-image

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4177.data" diff --git a/danish/security/2018/dsa-4178.wml b/danish/security/2018/dsa-4178.wml deleted file mode 100644 index 501ac29a04a..00000000000 --- a/danish/security/2018/dsa-4178.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="79c885fa549e1260fdff78810418ffbfc3df2580" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i LibreOffices kode til fortolkning af MS Word- -og Structured Storage-filer, hvilke kunne medføre lammelsesangreb og potentielt -udførelse af vilkårlig kode, hvis en misdannet fil blev åbnet.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:4.3.3-2+deb8u11.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:5.2.7-1+deb9u4.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libreoffice, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libreoffice

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4178.data" diff --git a/danish/security/2018/dsa-4179.wml b/danish/security/2018/dsa-4179.wml deleted file mode 100644 index c736b47bcf4..00000000000 --- a/danish/security/2018/dsa-4179.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="287c3173ff11dc88fd9ccabc720efb6cf4c36a70" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter ikke en sårbarhed i linux-tools, men leverer -understøttelse af opbygning af Linux-kernemoduler med afhjælpning af -retpoline vedrørende -\ -CVE-2017-5715 (Spectre-variant 2).

- -

Opdateringen indeholderogså fejlrettelse fra opstrøms stabile Linux -3.16-forgrening, op til og med 3.16.56.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 3.16.56-1.

- -

Vi anbefaler at du opgraderer dine linux-tools-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux-tools, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux-tools

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4179.data" diff --git a/danish/security/2018/dsa-4180.wml b/danish/security/2018/dsa-4180.wml deleted file mode 100644 index 233d56e4f81..00000000000 --- a/danish/security/2018/dsa-4180.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="eccde3d78a9d63d38d558f6c29a7f1edf3eb2b60" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med fjernudførelse af kode, er fundet i Drupal, et -komplet indholdshåndteringsframework. For flere oplysninger, se opstrøms -bulletin på: -\ -https://www.drupal.org/sa-core-2018-004

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 7.32-1+deb8u12.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.52-2+deb9u4.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende drupal7, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/drupal7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4180.data" diff --git a/danish/security/2018/dsa-4181.wml b/danish/security/2018/dsa-4181.wml deleted file mode 100644 index 1457446018a..00000000000 --- a/danish/security/2018/dsa-4181.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="bf3f0199f2373da58c4df6b62efeafb71c4e1337" mindelta="1" -sikkerhedsopdatering - -

Andrea Basile opdagede at archive-plugin'en i roundcube, en skindbar -AJAX-baseret webmailløsning til IMAP-servere, ikke på korrekt vis -fornuftighedskontrollerede et brugerleveret parameter, hvilket gjorde det -muligt for fjernangribere, at indsprøjte vilkårlige IMAP-kommandoer og udføre -ondsindede handlinger.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.2.3+dfsg.1-4+deb9u2.

- -

Vi anbefaler at du opgraderer dine roundcube-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende roundcube, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/roundcube

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4181.data" diff --git a/danish/security/2018/dsa-4182.wml b/danish/security/2018/dsa-4182.wml deleted file mode 100644 index 78846e6a9d3..00000000000 --- a/danish/security/2018/dsa-4182.wml +++ /dev/null @@ -1,290 +0,0 @@ -#use wml::debian::translation-check translation="68dc049d0096d81ef432ae1796a7ed764cb7b63a" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2018-6056 - -

    lokihardt opdagede en fejl i JavaScript-biblioteket v8.

    • - -
  • CVE-2018-6057 - -

    Gal Beniamini opdagede fejl i forbindelse med rettigheder ved delt - hukommelse.

    • - -
  • CVE-2018-6060 - -

    Omair opdagede et problem med anvendelse efter frigivelse i - blink/webkit.

    • - -
  • CVE-2018-6061 - -

    Guang Gong opdagede en kapløbstilstand i JavaScript-biblioteket - v8.

    • - -
  • CVE-2018-6062 - -

    Et heapoverløbsproblem blev opdaget i JavaScript-biblioteket v8.

    • - -
  • CVE-2018-6063 - -

    Gal Beniamini opdagede fejl i forbindelse med rettigheder ved delt - hukommelse.

    • - -
  • CVE-2018-6064 - -

    lokihardt opdagede en typeforvirringsfejl i JavaScript-biblioteket - v8.

    • - -
  • CVE-2018-6065 - -

    Mark Brand opdagede et heltalsoverløbsproblem i JavaScript-biblioteket - v8.

    • - -
  • CVE-2018-6066 - -

    Masato Kinugawa opdagede en måde at omgå Same Origin Policy på.

    • - -
  • CVE-2018-6067 - -

    Ned Williamson opdagede et bufferoverløbsproblem i biblioteket - skia.

    • - -
  • CVE-2018-6068 - -

    Luan Herrera opdagede problemer med objekters livscyklus.

    • - -
  • CVE-2018-6069 - -

    Wanglu og Yangkang opdagede et stakoverløbsproblem i biblioteket - skia.

    • - -
  • CVE-2018-6070 - -

    Rob Wu opdagede en måde at omgå Content Security Policy på.

    • - -
  • CVE-2018-6071 - -

    Et heapoverløbsproblem blev opdaget i biblioteket skia.

    • - -
  • CVE-2018-6072 - -

    Atte Kettunen opdagede et heltalsoverløbsproblem i biblioteket - pdfium.

    • - -
  • CVE-2018-6073 - -

    Omair opdagede et heapoverløbsproblem i implementeringen af - WebGL.

    • - -
  • CVE-2018-6074 - -

    Abdulrahman Alqabandi opdagede en måde at få en downloadet webside til - ikke at indeholde et Mark of the Web.

    • - -
  • CVE-2018-6075 - -

    Inti De Ceukelaire opdagede en måde at omgå Same Origin Policy - på.

    • - -
  • CVE-2018-6076 - -

    Mateusz Krzeszowiec opdagede at URL-fragmentidentifikatorer kunne blive - behandlet på forkert vis.

    • - -
  • CVE-2018-6077 - -

    Khalil Zhani opdagede et timingproblem.

    • - -
  • CVE-2018-6078 - -

    Khalil Zhani opdagede et URL-forfalskningsproblem.

    • - -
  • CVE-2018-6079 - -

    Ivars opdagede et informationsafsløringsproblem.

    • - -
  • CVE-2018-6080 - -

    Gal Beniamini opdagede et informationsafslørinsproblem.

    • - -
  • CVE-2018-6081 - -

    Rob Wu opdagede et problem med udførelse af skripter på tværs af - websteder.

    • - -
  • CVE-2018-6082 - -

    WenXu Wu opdagede en måde at omgå blokerede porte på.

    • - -
  • CVE-2018-6083 - -

    Jun Kokatsu opdagede at AppManifests kunne blive håndteret på ukorrekt - vis.

    • - -
  • CVE-2018-6085 - -

    Ned Williamson opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2018-6086 - -

    Ned Williamson opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2018-6087 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - implementeringen af WebAssembly.

    • - -
  • CVE-2018-6088 - -

    Et problem med anvendelse efter frigivelse blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2018-6089 - -

    Rob Wu opdagede en måde at omgå Same Origin Policy på.

    • - -
  • CVE-2018-6090 - -

    ZhanJia Song opdagede et heapoverløbsproblem i biblioteket skia.

    • - -
  • CVE-2018-6091 - -

    Jun Kokatsu opdagede at plugins kunne blive håndteret på ukorrekt - vis.

    • - -
  • CVE-2018-6092 - -

    Natalie Silvanovich opdagede et heltalsoverløbsproblem i implementeringen - af WebAssembly.

    • - -
  • CVE-2018-6093 - -

    Jun Kokatsu opdagede en måde at omgå Same Origin Policy på.

    • - -
  • CVE-2018-6094 - -

    Chris Rohlf opdagede en regression i hærdningen af - garbagecollection.

    • - -
  • CVE-2018-6095 - -

    Abdulrahman Alqabandi opdagede at filer kunne uploades uden - brugerinteraktion.

    • - -
  • CVE-2018-6096 - -

    WenXu Wu opdagede et problem med forfalskning af - brugergrænsefladen.

    • - -
  • CVE-2018-6097 - -

    xisigr opdagede et problem med forfalskning af - brugergrænsefladen.

    • - -
  • CVE-2018-6098 - -

    Khalil Zhani opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-6099 - -

    Jun Kokatsu opdagede en måde at omgå Cross Origin Resource - Sharing-mekanismen på.

    • - -
  • CVE-2018-6100 - -

    Lnyas Zhang opdagede et URL-forfalskningsproblem.

    • - -
  • CVE-2018-6101 - -

    Rob Wu opdagede et problem i fjerndebuggingsprotokollen i - udviklerværktøjet.

    • - -
  • CVE-2018-6102 - -

    Khalil Zhani opdagede et URL-forfalskningsproblem.

    • - -
  • CVE-2018-6103 - -

    Khalil Zhani discovered a user interface spoofing issue.

    • - -
  • CVE-2018-6104 - -

    Khalil Zhani opdagede et URL-forfalskningsproblem.

    • - -
  • CVE-2018-6105 - -

    Khalil Zhani opdagede et URL-forfalskningsproblem.

    • - -
  • CVE-2018-6106 - -

    lokihardt opdagede at v8-løfter ikke blive håndteret forkert.

    • - -
  • CVE-2018-6107 - -

    Khalil Zhani opdagede et URL-forfalskningsproblem.

    • - -
  • CVE-2018-6108 - -

    Khalil Zhani opdagede et URL-forfalskningsproblem.

    • - -
  • CVE-2018-6109 - -

    Dominik Weber opdagede en måde at misbruge FileAPI-funktionen - på.

    • - -
  • CVE-2018-6110 - -

    Wenxiang Qian opdagede at lokale ren tekst-filer kunne blive håndteret på - ukorrekt vis.

    • - -
  • CVE-2018-6111 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - udviklerværktøjerne.

    • - -
  • CVE-2018-6112 - -

    Khalil Zhani opdagede ukorrekt håndtering af URL'er i - udviklerværktøjerne.

    • - -
  • CVE-2018-6113 - -

    Khalil Zhani opdagede et URL-forfalskningsproblem.

    • - -
  • CVE-2018-6114 - -

    Lnyas Zhang opdagede en måde at omgå Content Security Policy på.

    • - -
  • CVE-2018-6116 - -

    Chengdu Security Response Center opdagede en fejl når der er en lille - mængde ledig hukommelse.

    • - -
  • CVE-2018-6117 - -

    Spencer Dailey opdagede en fejl i indstillingerne til automatisk - udfyldelse af formularer.

    • - -
- -

I den gamle stabile distribution (jessie), security support for chromium -has been discontinued.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 66.0.3359.117-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium-browser, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium-browser

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4182.data" diff --git a/danish/security/2018/dsa-4183.wml b/danish/security/2018/dsa-4183.wml deleted file mode 100644 index 808e59966db..00000000000 --- a/danish/security/2018/dsa-4183.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="8c0bdafd19082d2b3c310459809cbb738d0bf7e9" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Tor, et forbindelsesbaseret anonymt kommunikationssystem med -lave svartider, indeholdt en fejlen i forbindelse med håndteringen af -protokollister, som kunne anvendes til fjernudført nedbrud af mappemyndigheder -med en nullpointerexception (TROVE-2018-001).

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.2.9.15-1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tor, -se dens sikkerhedsporingsside på: -\ -https://security-tracker.debian.org/tracker/tor

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4183.data" diff --git a/danish/security/2018/dsa-4184.wml b/danish/security/2018/dsa-4184.wml deleted file mode 100644 index dfd788aa821..00000000000 --- a/danish/security/2018/dsa-4184.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="1c4875431a962b87b087c25b49ad397722cf5f19" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i billedindlæsningsbiblioteket til Simple -DirectMedia Layer 1.2, hvilke kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode, hvis misdannede billedfiler åbnes.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.2.12-5+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.2.12-5+deb9u1.

- -

Vi anbefaler at du opgraderer dine sdl-image1.2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende sdl-image1.2, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/sdl-image1.2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4184.data" diff --git a/danish/security/2018/dsa-4185.wml b/danish/security/2018/dsa-4185.wml deleted file mode 100644 index 73dbaae2740..00000000000 --- a/danish/security/2018/dsa-4185.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="d2e2946e4ac8cb98b095eae0a5f4923f48daa3c7" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende lammelsesangreb, omgåelse af sandkassen, udførelse af -vilkårlig kode eller omgåelse af JAR-signaturvalidering.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8u171-b11-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine openjdk-8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-8, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4185.data" diff --git a/danish/security/2018/dsa-4186.wml b/danish/security/2018/dsa-4186.wml deleted file mode 100644 index ca87e06b13a..00000000000 --- a/danish/security/2018/dsa-4186.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="ae126c70efeaed3be53ab01e5aac814e6cea69fb" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at gunicorn, en event-baseret HTTP-/WSGI-server, var ramt af -HTTP Response-opsplitning.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 19.0-1+deb8u1.

- -

Vi anbefaler at du opgraderer dine gunicorn-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gunicorn, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gunicorn

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4186.data" diff --git a/danish/security/2018/dsa-4187.wml b/danish/security/2018/dsa-4187.wml deleted file mode 100644 index 2e7a306758f..00000000000 --- a/danish/security/2018/dsa-4187.wml +++ /dev/null @@ -1,267 +0,0 @@ -#use wml::debian::translation-check translation="070dcbdcc233070f28ee776795703ec2a1b9554b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2015-9016 - -

    Ming Lei rapporterede om en kapløbstilstand i multiqueue-bloklaget - (blk-mq). På et system med en driver, der anvender blk-mq (mtip32xx, - null_blk eller virtio_blk), kunne en lokal bruger være i stand til at - anvende dette til lammelsesangreb eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2017-0861 - -

    Robb Glasser rapporterede om en potentiel anvendelse efter frigivelse i - ALSA's PCM-core (lyd). Vi mener, at dette i praksis ikke var - muligt.

    • - -
  • CVE-2017-5715 - -

    Adskillige efterforskere har opdaget en sårbarhed i forskellige - processorer, som understøtter spekulativ udførelse, hvilken gjorde det - muligt for en angriber med kontrol over en upriviligeret proces, at læse - hukommelse fra vilkårlig adresser, herunder fra kernen og alle andre - processer, der kører på systemet.

    - -

    Dette specifikke angreb er navngivet Spectre variant 2 (forgrening - målindsprøjtning) og er afhjulet på x86-arkitekturen (amd64 og i386) ved at - anvende compilerfunktionen retpoline, der tillader at inddirekte - forgreninger kan isoleres fra spekulativ udførelse.

    • - -
  • CVE-2017-5753 - -

    Adskillige efterforskere har opdaget en sårbarhed i forskellige - processorer, som understøtter spekulativ udførelse, hvilken gjorde det - muligt for en angriber med kontrol over en upriviligeret proces, at læse - hukommelse fra vilkårlig adresser, herunder fra kernen og alle andre - processer, der kører på systemet.

    - -

    Dette specifikke angreb er navngivet Spectre variant 1 (omgåelse af - grænsekontrol) og er afhjulpet ved at identificere sårbare kodeafsnit - (arraygrænsekontroller efterfulgt af arraytilgang) og erstatning af - arraytilgang med den spekulationssikre funktion array_index_nospec().

    - -

    Flere anvendelsessteder vil med tiden blive tilføjet.

    • - -
  • CVE-2017-13166 - -

    Der er fundet en fejl i kompabilitetslaget til 32 bit i v4l2's kode til - ioctl-håndtering. Hukommelsesbeskyttelser, som sikrer at brugerleverede - buffere altid peger på brugerrumshukommelse, var deaktiveret, hvilket gjorde - det muligt at have måladresser i kernerummet. Med en 64 bit-kerne, kunne en - lokal bruger med adgang til en passende videoenhed, udnytte fejlen til at - overskrive kernehukommelse, førende til rettighedsforøgelse.

    • - -
  • CVE-2017-13220 - -

    Al Viro rapporterede at implementeringen af Bluetooth HIDP kunne - dereferere en pointer før der blev udført den nødvendige typekontrol. En - lokal bruger kunne anvende dette til at forårsage et - lammelsesangreb.

    • - -
  • CVE-2017-16526 - -

    Andrey Konovalov rapporterede at UWB-undersystemet kunne dereferere en - ugyldig pointer i en fejlsituation. En lokal bruger kunne være i stand til - at anvende dette til lammelsesangreb.

    • - -
  • CVE-2017-16911 - -

    Secunia Research rapporterede at USB/IP-vhci_hcd-driveren udstillede - kerneheapadresser til lokale brugere. Denne oplysning kunne assistere ved - udnyttelse af andre sårbarheder.

    • - -
  • CVE-2017-16912 - -

    Secunia Research rapporterede at USB/IP-stubdriveren ikke udførte - intervalkontrol på et modtaget pakkeheaderfelt, førende til en læsning uden - for grænserne. En fjernbruger, som er i stand til at forbinde sig til - USB/IP-serveren, kunne anvende dette til lammelsesangreb.

    • - -
  • CVE-2017-16913 - -

    Secunia Research rapporterede at USB/IP-stubdriveren ikke udførte - intervalkontrol på et modtaget pakkeheaderfelt, førende til en for stor - hukommelsesallokering. En fjernbruger, som er i stand til at forbinde sig - til USB/IP-serveren, kunne anvende dette til lammelsesangreb.

    • - -
  • CVE-2017-16914 - -

    Secunia Research rapporterede at USB/IP-stubdriveren ikke kontrollerede - for en ugyldig kombination af felter i en modtaget pakke, førende til en - nullpointerdereference. En fjernbruger, som er i stand til at forbinde sig - til en USB/IP-server, kunne anvende dette til lammesesangreb.

    • - -
  • CVE-2017-18017 - -

    Denys Fedoryshchenko rapporterede at netfilter-modulet xt_TCPMSS, - validerede ikke TCP-headerlængder, potentielt førende til en anvendelse - efter frigivelse. Hvis modulet er indlæst, kunne det anvendes af en - fjernangriber til lammelsesangreb eller muligvis til kodeudførelse.

    • - -
  • CVE-2017-18203 - -

    Hou Tao rapporterede at der var en kapløbstilstand i oprettelse og - sletning af device-mapper-enheder (DM). En lokal bruger kunne potentielt - anvende dette til lammelsesangreb.

    • - -
  • CVE-2017-18216 - -

    Alex Chen rapporterede at filsystemet OCFS2 ikke havde en nødvendig lås - under nodemanagers sysfs-filhandlinger, potentielt førende til en - nullpointerdereference. En lokal bruger kunne udnytte dette til - lammelsesangreb.

    • - -
  • CVE-2017-18232 - -

    Jason Yan rapporterede om en kapløbstilstand i SAS-undersystemet - (Serial-Attached SCSI), mellem granskning og nedlæggelse af en port. Det - kunne føre til en deadlock. En fysisk tilstedeværende angriber kunne - anvende dette til at forårsage et lammelsesangreb.

    • - -
  • CVE-2017-18241 - -

    Yunlei He rapporterede at implementeringen af f2fs ikke på korrekt vis - initialiserede sin tilstand, hvis mountvalgmuligheden noflush_merge - blev benyttet. En lokal bruger med adgang til et filsystem mountet med den - valgmulighed, kunne udnytte fejlen til at forårsage et - lammelsesangreb.

    • - -
  • CVE-2018-1066 - -

    Dan Aloni rapporterede til Red Hat at CIFS-klientimplementeringen - dereferede en nullpointer, hvis serveren sendte et ugyldigt svar under - NTLMSSP-opsætningsforhandlingen. Det kunne anvendes af en ondsindet server - til at lammelsesangreb.

    • - -
  • CVE-2018-1068 - -

    Værktøjet syzkaller opdagede at 32 bit-kompabilitetslager i ebtables, - ikke på tilstrækkelig vis validerede offsetværdier. Med en 64 bit-kerne, - kunne en lokal bruger med muligheden CAP_NET_ADMIN (i ethvert - brugernavnerum) anvende det til at overskrive kernehukommelse, muligvis - førende til rettighedsforøgelse. Debian deaktiverer som standard - upriviligerede brugernavnerum.

    • - -
  • CVE-2018-1092 - -

    Wen Xu rapporterede at et fabrikeret ext4-filsystemsaftryk ville udløse - en nulldereference, når det blev mountet. En lokal bruger, som er i stand - til at mounte vilkårlige filsystemer, kunne anvende det til - lammelsesangreb.

    • - -
  • CVE-2018-5332 - -

    Mohamed Ghannam rapporterede at RDS-protokollen ikke på tilstrækkelig vis - validerede RDMA-forespørgsler, førende til en skrivning uden for grænserne. - En lokal angriber på et system med indlæst rds-modul, kunne anvende fejlen - til lammelsesangreb eller muligvis til rettighedsforøgelse.

    • - -
  • CVE-2018-5333 - -

    Mohamed Ghannam rapporterede at RDS-protokollen ikke på korrekt vis - håndterende en fejlsituation, førende til en nullpointerdereference. En - lokal angriber på et system med indlæst rds-modul, kunne muligvis anvende - fejlen til lammelsesangreb.

    • - -
  • CVE-2018-5750 - -

    Wang Qize rapporterede at ACPI-sbshcdriveren loggede en kerneheapadresse. - Oplysningen kunne assistere ved udnyttelse af andre sårbarheder.

    • - -
  • CVE-2018-5803 - -

    Alexey Kodanev rapporterede at SCTP-protokollen ikke udførte - intervalkontrol på længden af chunks, der skal oprettes. En lokal eller - fjern bruger kunne anvende fejlen til at forårsage et - lammelsesangreb.

    • - -
  • CVE-2018-6927 - -

    Li Jinyue rapporterede at handlingen FUTEX_REQUEUE på futexe'er ikke - kontrollerede for negative parameterværdier, hvilket kunne føre til et - lammelsesangreb eller have anden sikkerhedspåvirkning.

    • - -
  • CVE-2018-7492 - -

    Værktøjet syzkaller opdagede at RDS-protokollen manglede en - nullpointerkontrol. En lokal angriber på et system med indlæst rds-modul, - kunne anvende fejlen til lammelsesangreb.

    • - -
  • CVE-2018-7566 - -

    Fan LongFei rapporterede om en kapløbstilstand i ALSA sequencercore - (lyd), mellem skrivnings- og ioctl-handlinger. Det kunne føre til - tilgang uden for grænserne eller anvendelse efter frigivelse. En lokal - bruger med adgang til en sequencerenhed, kunne anvende fejlen til - lammelsesangreb eller muligvis til rettighedsforøgelse.

    • - -
  • CVE-2018-7740 - -

    Nic Losby rapporterede at filsystemet hugetlbfs' nmap-handling ikke på - korrekt vis intervalkontrollerede filoffset'et. En lokal bruger med adgang - til filer på et hugetlbfs-filsystem, kunne anvende fejlen til at forårsage - et lammelsesangreb.

    • - -
  • CVE-2018-7757 - -

    Jason Yan rapporterede om en hukommelseslækage i SAS-undersystemet - (Serial-Attached SCSI). En lokal bruger på et system med SAS-enheder, kunne - anvende fejlen til at forårsage et lammelsesangreb.

    • - -
  • CVE-2018-7995 - -

    Seunghun Han rapporterede om en kapløbstilstand i x86 MCE-driveren - (Machine Check Exception). Det er usandsynligt at denne fejl kan have nogen - sikkerhedspåvirkning.

    • - -
  • CVE-2018-8781 - -

    Eyal Itkin rapporterede at udl-driverens (DisplayLink) mmap-handling ikke - på korrekt vis intervalkontrollerede filoffset'et. En lokal bruger med - adgang til en udl-framebufferenhed, kunne udnytte fejlen til at overskrive - kernehukommelse, førende til rettighedsforøgelse.

    • - -
  • CVE-2018-8822 - -

    Dr Silvio Cesare fra InfoSect rapporterede at - ncpfs-klientimplementeringen ikke validerede svarlængder fra serveren. En - ncpfs-server kunne anvende fejlen til at forårsage et lammelsesangreb eller - til fjernudførelse af kode på klienten.

    • - -
  • CVE-2018-1000004 - -

    Luo Quan rapporterede om en kapløbstilstand i ALSA-sequencercore (lyd), - mellem adskillige ioctl-handlinger. Det kunne føre til en deadlock eller - anvendelse efter frigivelse. En lokal bruger med adgang til en - sequencerenhed, kunne anvende fejlen til lammelsesangreb eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2018-1000199 - -

    Andy Lutomirski opdagede at ptrace-undersystemet ikke på tilstrækkelig - vis validerede indstillinger af hardwarebreakpoint. Lokale brugere kunne - anvende fejlen til at forårsage et lammelsesangreb eller muligvis til - rettighedsforøgelse, på x86 (amd64 og i386) samt muligvis andre - arkitekturer.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 3.16.56-1.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4187.data" diff --git a/danish/security/2018/dsa-4188.wml b/danish/security/2018/dsa-4188.wml deleted file mode 100644 index 3a9647e2324..00000000000 --- a/danish/security/2018/dsa-4188.wml +++ /dev/null @@ -1,228 +0,0 @@ -#use wml::debian::translation-check translation="ca9dd5117f690c9aade93edd2f5a627e7fe945c8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2017-5715 - -

    Adskillige efterforskere har opdaget en sårbarhed i forskellige - processorer, som understøtter spekulativ udførelse, hvilken gjorde det - muligt for en angriber med kontrol over en upriviligeret proces, at læse - hukommelse fra vilkårlig adresser, herunder fra kernen og alle andre - processer, der kører på systemet.

    - -

    Dette specifikke angreb er navngivet Spectre variant 2 (forgrening - målindsprøjtning) og er afhjulet på x86-arkitekturen (amd64 og i386) ved at - anvende compilerfunktionen retpoline, der tillader at inddirekte - forgreninger kan isoleres fra spekulativ udførelse.

    • - -
  • CVE-2017-5753 - -

    Adskillige efterforskere har opdaget en sårbarhed i forskellige - processorer, som understøtter spekulativ udførelse, hvilken gjorde det - muligt for en angriber med kontrol over en upriviligeret proces, at læse - hukommelse fra vilkårlig adresser, herunder fra kernen og alle andre - processer, der kører på systemet.

    - -

    Dette specifikke angreb er navngivet Spectre variant 1 (omgåelse af - grænsekontrol) og er afhjulpet ved at identificere sårbare kodeafsnit - (arraygrænsekontroller efterfulgt af arraytilgang) og erstatning af - arraytilgang med den spekulationssikre funktion array_index_nospec().

    - -

    Flere anvendelsessteder vil med tiden blive tilføjet.

    • - -
  • CVE-2017-17975 - -

    Tuba Yavuz rapporterede at en anvendelse efter frigivelse-fejl i - USBTV007-lyd-video-grabberdriveren. En lokal bruger kunne anvende fejlen - til lammelsesangreb udløst af fejlende lydregistrering.

    • - -
  • CVE-2017-18193 - -

    Yunlei He rapporterede at f2fs-implementeringen ikke på korrekt vis - håndterede extenttræer, hvilket gjorde det muligt for en lokal bruger at - forårsage et lammelsesangreb gennem en applikation med adskillige - tråde.

    • - -
  • CVE-2017-18216 - -

    Alex Chen rapporterede at filsystemet OCFS2 ikke havde en nødvendig lås - under nodemanagers sysfs-filhandlinger, potentielt førende til en - nullpointerdereference. En lokal bruger kunne udnytte dette til - lammelsesangreb.

    • - -
  • CVE-2017-18218 - -

    Jun He rapporterede at en anvendelse efter frigivelse-fejl i Hisilicon - HNS-ethernetdriveren. En lokal bruger kunne anvende fejlen til - lammelsesangreb.

    • - -
  • CVE-2017-18222 - -

    Der blev rapporteret, at implementeringen af Hisilicon Network - Subsystem-driveren (HNS), ikke på korrekt vis håndterede private - ethtool-flag. En lokal bruger kunne anvende fejlen til lammelsesangreb - eller muligvis til anden påvirkning.

    • - -
  • CVE-2017-18224 - -

    Alex Chen rapporterede at OCFS2-filsystemet undlod anvendelsen af en - semafor, som som følge derfor indeholdt en kapløbstilstand ved adgang til - extenttræet under læsningshandlinger i DIRECT-tilstand. En lokal bruger - kunne anvende fejlen til lammelsesangreb.

    • - -
  • CVE-2017-18241 - -

    Yunlei He rapporterede at implementeringen af f2fs ikke på korrekt vis - initialiserede sin tilstand, hvis mountvalgmuligheden noflush_merge - blev benyttet. En lokal bruger med adgang til et filsystem mountet med den - valgmulighed, kunne udnytte fejlen til at forårsage et - lammelsesangreb.

    • - -
  • CVE-2017-18257 - -

    Der blev rapporteret at f2fs-implementeringen var ramt af en uendelig - løkke, forårsaget af et heltalsoverløb i funktionen __get_data_block(), En - lokal bruger kunne anvende fejlen til lammelsesangreb gennem fabrikeret - anvendelse af systemkaldende open og fallocate, med en - FS_IOC_FIEMAP-ioctl.

    • - -
  • CVE-2018-1065 - -

    Værktøjet syzkaller fandt en NULL-pointerdereferencefejl i - netfilter-undersystemet, ved behandling af visse misdannede - iptables-regelsæt. En lokal bruger med mulighederne CAP_NET_RAW eller - CAP_NET_ADMIN (i ethvert brugernavnerum), kunne anvende fejlen til at - forårsage et lammelsesangreb. Debian deaktiverer som standard - upriviligerede brugernavnerum.

    • - -
  • CVE-2018-1066 - -

    Dan Aloni rapporterede til Red Hat at CIFS-klientimplementeringen - dereferede en nullpointer, hvis serveren sendte et ugyldigt svar under - NTLMSSP-opsætningsforhandlingen. Det kunne anvendes af en ondsindet server - til at lammelsesangreb.

    • - -
  • CVE-2018-1068 - -

    Værktøjet syzkaller opdagede at 32 bit-kompabilitetslager i ebtables, - ikke på tilstrækkelig vis validerede offsetværdier. Med en 64 bit-kerne, - kunne en lokal bruger med muligheden CAP_NET_ADMIN (i ethvert - brugernavnerum) anvende det til at overskrive kernehukommelse, muligvis - førende til rettighedsforøgelse. Debian deaktiverer som standard - upriviligerede brugernavnerum.

    • - -
  • CVE-2018-1092 - -

    Wen Xu rapporterede at et fabrikeret ext4-filsystemsaftryk ville udløse - en nulldereference, når det blev mountet. En lokal bruger, som er i stand - til at mounte vilkårlige filsystemer, kunne anvende det til - lammelsesangreb.

    • - -
  • CVE-2018-1093 - -

    Wen Xu rapporterede at et fabrikeret ext4-filsystemsaftryk kunne udløse - en læsning uden for grænserne i funktionen ext4_valid_block_bitmap(). En - lokal bruger, som er i stand til at mounte vilkårlige filsystemer, kunne - anvende fejlen til lammelsesangreb.

    • - -
  • CVE-2018-1108 - -

    Jann Horn rapporterede at crng_ready() ikke på korrekt vis håndterede - crng_init's variabeltilstande, og at RNG'en for tidligt efter systemboot - kunne blive behandlet som kryptografisk sikker.

    • - -
  • CVE-2018-5803 - -

    Alexey Kodanev rapporterede at SCTP-protokollen ikke udførte - intervalkontrol på længden af chunks, der skal oprettes. En lokal eller - fjern bruger kunne anvende fejlen til at forårsage et - lammelsesangreb.

    • - -
  • CVE-2018-7480 - -

    Hou Tao opdagede en dobbelt frigivelse-fejl i funktionen - blkcg_init_queue() i block/blk-cgroup.c. En lokal bruger kunne anvende - fejlen til at forårsage et lammelsesangreb eller til at have anden - sikkerhedspåvirkning.

    • - -
  • CVE-2018-7566 - -

    Fan LongFei rapporterede om en kapløbstilstand i ALSA sequencercore - (lyd), mellem skrivnings- og ioctl-handlinger. Det kunne føre til - tilgang uden for grænserne eller anvendelse efter frigivelse. En lokal - bruger med adgang til en sequencerenhed, kunne anvende fejlen til - lammelsesangreb eller muligvis til rettighedsforøgelse.

    • - -
  • CVE-2018-7740 - -

    Nic Losby rapporterede at filsystemet hugetlbfs' nmap-handling ikke på - korrekt vis intervalkontrollerede filoffset'et. En lokal bruger med adgang - til filer på et hugetlbfs-filsystem, kunne anvende fejlen til at forårsage - et lammelsesangreb.

    • - -
  • CVE-2018-7757 - -

    Jason Yan rapporterede om en hukommelseslækage i SAS-undersystemet - (Serial-Attached SCSI). En lokal bruger på et system med SAS-enheder, kunne - anvende fejlen til at forårsage et lammelsesangreb.

    • - -
  • CVE-2018-7995 - -

    Seunghun Han rapporterede om en kapløbstilstand i x86 MCE-driveren - (Machine Check Exception). Det er usandsynligt at denne fejl kan have nogen - sikkerhedspåvirkning.

    • - -
  • CVE-2018-8087 - -

    En hukommelseslækagefejl blev fundet i funktionen hwsim_new_radio_nl() i - den simulerede radiotestværktøjsdriver til mac80211, hvilket gjorde det - muligt for en lokal bruger, at forårsage et lammelsesangreb.

    • - -
  • CVE-2018-8781 - -

    Eyal Itkin rapporterede at udl-driverens (DisplayLink) mmap-handling ikke - på korrekt vis intervalkontrollerede filoffset'et. En lokal bruger med - adgang til en udl-framebufferenhed, kunne udnytte fejlen til at overskrive - kernehukommelse, førende til rettighedsforøgelse.

    • - -
  • CVE-2018-8822 - -

    Dr Silvio Cesare fra InfoSect rapporterede at - ncpfs-klientimplementeringen ikke validerede svarlængder fra serveren. En - ncpfs-server kunne anvende fejlen til at forårsage et lammelsesangreb eller - til fjernudførelse af kode på klienten.

    • - -
  • CVE-2018-10323 - -

    Wen Xu rapporterede om en NULL-pointerdereferencefejl i funktionen - xfs_bmapi_write(), udløst når der blev mountet og benyttet et fabrikeret - xfs-filsystemsaftryk. En lokal bruger, som er i stand til at mounte - vilkårlige filsystemer, kunne anvende fejlen til lammelsesangreb.

    • - -
  • CVE-2018-1000199 - -

    Andy Lutomirski opdagede at ptrace-undersystemet ikke på tilstrækkelig - vis validerede indstillinger af hardwarebreakpoint. Lokale brugere kunne - anvende fejlen til at forårsage et lammelsesangreb eller muligvis til - rettighedsforøgelse, på x86 (amd64 og i386) samt muligvis andre - arkitekturer.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.9.88-1.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4188.data" diff --git a/danish/security/2018/dsa-4189.wml b/danish/security/2018/dsa-4189.wml deleted file mode 100644 index 59f95ba68fe..00000000000 --- a/danish/security/2018/dsa-4189.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="f7f2b624e24910f60748fb8d57947ccd65893780" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev fundet i IRC-klienten Quassel, hvilke kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb.

- -

Bemærk at du skal genstarte servicen quasselcore efter opgradering af -Quassel-pakkerne.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:0.10.0-2.3+deb8u4.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:0.12.4-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine quassel-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende quassel, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/quassel

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4189.data" diff --git a/danish/security/2018/dsa-4190.wml b/danish/security/2018/dsa-4190.wml deleted file mode 100644 index c87ddd961c0..00000000000 --- a/danish/security/2018/dsa-4190.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="ce0454c84f743d961090335c62b0ce69f5e4d58f" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at jackson-databind, et Java-bibliotek som anvendes til at -fortolke JSON og andre dataformater, på ukorrekt vis validerede brugerinddata -forud for deserialisering, på grund af en ufuldstændig rettelse af -\ -CVE-2017-7525.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.4.2-2+deb8u4.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.8.6-1+deb9u4.

- -

Vi anbefaler at du opgraderer dine jackson-databind-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende jackson-databind, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/jackson-databind

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4190.data" diff --git a/danish/security/2018/dsa-4191.wml b/danish/security/2018/dsa-4191.wml deleted file mode 100644 index 83eac88d3c0..00000000000 --- a/danish/security/2018/dsa-4191.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="1afcd8e9257151f74c4d86119114f289ba14612b" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Redmine, en webapplikation til -projektadministration. De kunne føre til fjernudførelse af kode, -informationsafsløring eller udførelse af skripter på tværs af websteder.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 3.3.1-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine redmine-pakker.

- -

Desuden annoncerer vi hermed, at sikkerhedsunderstøttelse af redmine i Debian -8, den gamle stabile udgave (jessie), nu er ophørt.

- -

Brugere af redmine i Debian 8, som ønsker sikkerhedsopdateringer, opfordres -kraftigt til nu at opgradere til Debian 9, den aktuelle stabile udgave -(stretch).

- -

For detaljeret sikkerhedsstatus vedrørende redmine, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/redmine

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4191.data" diff --git a/danish/security/2018/dsa-4192.wml b/danish/security/2018/dsa-4192.wml deleted file mode 100644 index 172463b40ab..00000000000 --- a/danish/security/2018/dsa-4192.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="b6e0cc11ad6486179bcb4ee6736fc81e6115518e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i MAD, et MPEG-lyddekodningsbibliotek, hvilke -kunne føre til lammelsesangreb, hvis en misdannet lydfil blev behandlet.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 0.15.1b-8+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.15.1b-8+deb9u1.

- -

Vi anbefaler at du opgraderer dine libmad-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libmad, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libmad

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4192.data" diff --git a/danish/security/2018/dsa-4193.wml b/danish/security/2018/dsa-4193.wml deleted file mode 100644 index 143f6a37a98..00000000000 --- a/danish/security/2018/dsa-4193.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="e2214dc3d0ff1a992dbfc9dd7daa14ab63882423" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i wordpress, et webbloggingværktøj, hvilke -kunne gøre det muligt for fjernangribere at kompromittere et websted gennem -udførelse af skripter på tværs af websteder, omgå begrænsninger eller usikre -viderestillinger. Flere oplysninger finder man i opstrøms bulletin på: -\ -https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 4.1+dfsg-1+deb8u17.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.7.5+dfsg-2+deb9u3.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wordpress, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wordpress

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4193.data" diff --git a/danish/security/2018/dsa-4194.wml b/danish/security/2018/dsa-4194.wml deleted file mode 100644 index 2f0be49c755..00000000000 --- a/danish/security/2018/dsa-4194.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="0f756e0d010968c569b8fc5a81d94a01f925931c" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med udvidelse af en ekstern XML-entitet, blev -opdaget i DataImportHandler i Solr, en søgeserver baseret på Lucene, hvilket -kunne medføre informationsafsløring.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 3.6.2+dfsg-5+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.6.2+dfsg-10+deb9u2.

- -

Vi anbefaler at du opgraderer dine lucene-solr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lucene-solr, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lucene-solr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4194.data" diff --git a/danish/security/2018/dsa-4195.wml b/danish/security/2018/dsa-4195.wml deleted file mode 100644 index 68ef90d91d4..00000000000 --- a/danish/security/2018/dsa-4195.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="677083ec192c1c2f8d03b17c2b44a811aa718ad8" mindelta="1" -sikkerhedsopdatering - -

Harry Sintonen opdagede at wget, et netværksværktøj til hentning af filer fra -nettet, ikke på korrekt vis håndterede '\r\n' fra fortsættelseslinjer, mens -HTTP-headeren Set-Cookie blev fortolket. En ondsindet webserver kunne udnytte -fejlen til at indsprøjte vilkårlige cookies til cookiejarfilen, tilføje nye -eller erstatte eksisterende cookieværdier.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.16-1+deb8u5.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.18-5+deb9u2.

- -

Vi anbefaler at du opgraderer dine wget-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wget, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wget

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4195.data" diff --git a/danish/security/2018/dsa-4196.wml b/danish/security/2018/dsa-4196.wml deleted file mode 100644 index b1abc27bff9..00000000000 --- a/danish/security/2018/dsa-4196.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="5678d356438fbfad6961ad09d2827cd003000873" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse eller lammelsesangreb.

- -
    - -
  • CVE-2018-1087 - -

    Andy Lutomirski opdagede at KVM-implementeringen ikke på korrekt vis - håndterede #DB-exceptions, samtidig med at være udskudt af MOV SS/POP SS, - hvilket tillod at en upriviligeret KVM-gæstebruger kunne få gæsten til at gå - ned eller potentielt forøge deres rettigheder.

    • - -
  • CVE-2018-8897 - -

    Nick Peterson fra Everdox Tech LLC opdagede at #DB-exceptions, som er - udskudt af MOV SS eller POP SS, blev ikke håndteret korrekt, hvilket gjorde - det muligt for en upriviligeret bruger at få kernen til at gå ned eller - forårsage lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet i -version 3.16.56-1+deb8u1. Denne opdatering indeholder forskellige rettelser af -regressioner fra 3.16.56-1, som udgivet med DSA-4187-1 (jf. #897427, #898067 og -#898100).

- -

I den stabile distribution (stretch), er disse problemer rettet i version -4.9.88-1+deb9u1. Rettelsen af -\ -CVE-2018-1108 løst via DSA-4188-1, er midlertidigt rullet tilbage på grund -af forskellige regressioner, jf. #897599.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, -se dens pakkesporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4196.data" diff --git a/danish/security/2018/dsa-4197.wml b/danish/security/2018/dsa-4197.wml deleted file mode 100644 index 05856e00dc5..00000000000 --- a/danish/security/2018/dsa-4197.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="f0bd01c80712a5bbe345d9a5ecff606fdd5e34d1" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i wavpack-lydcodec'en, hvilke kunne -medføre lammelsesangreb eller udførelse af vilkårlig kode, hvis misdannede -mediefiler blev behandlet.

- -

Den gamle stabile distribution (jessie) er ikke påvirket.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 5.0.0-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine wavpack-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wavpack, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wavpack

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4197.data" diff --git a/danish/security/2018/dsa-4198.wml b/danish/security/2018/dsa-4198.wml deleted file mode 100644 index bba3b329bac..00000000000 --- a/danish/security/2018/dsa-4198.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="79b2d19b9b7be22b89d3d393e24a6fe1abc23f6f" mindelta="1" -sikkerhedsopdatering - -

Albert Dengg opdagede at ukorrekt fortolkning af -<stream:error>-meddelelser i Prosody Jabber/XMPP-server, kunne medføre -lammelsesangreb.

- -

Den gamle stabile distribution (jessie) er ikke påvirket.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.9.12-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine prosody-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende prosody, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/prosody

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4198.data" diff --git a/danish/security/2018/dsa-4199.wml b/danish/security/2018/dsa-4199.wml deleted file mode 100644 index e34068c4849..00000000000 --- a/danish/security/2018/dsa-4199.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="900dea89ae28982ef8d935583edb4f306b99a009" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl og andre implementeringsfejl kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 52.8.0esr-1~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 52.8.0esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4199.data" diff --git a/danish/security/2018/dsa-4200.wml b/danish/security/2018/dsa-4200.wml deleted file mode 100644 index 9df70debf8a..00000000000 --- a/danish/security/2018/dsa-4200.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="80a98df1d729d8acbd9526fa5393a1f77573c7f7" mindelta="1" -sikkerhedsopdatering - -

Fabian Vogt opdagede at forkert rettighedshåndtering i PAM-modulet i KDE -Wallet, kunne gøre det muligt for en upriviligeret lokal bruger, at opnår -ejerskab over vilkårlige filer.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 5.8.4-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine kwallet-pam-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende kwallet-pam, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/kwallet-pam

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4200.data" diff --git a/danish/security/2018/dsa-4201.wml b/danish/security/2018/dsa-4201.wml deleted file mode 100644 index b9d2fa6558b..00000000000 --- a/danish/security/2018/dsa-4201.wml +++ /dev/null @@ -1,48 +0,0 @@ -#use wml::debian::translation-check translation="8c794e39a6c3620632f57cafb00634095b5938fb" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisoren Xen:

- -
    - -
  • CVE-2018-8897 - -

    Andy Lutomirski og Nick Peterson opdagede at ukorrekt håndtering af - debugexceptions kunne føre til rettighedsforøgelse.

    • - -
  • CVE-2018-10471 - -

    En fejl blev opdaget i foranstaltningerne mod Meltdown, hvilken kunne - medføre lammelsesangreb.

    • - -
  • CVE-2018-10472 - -

    Anthony Perard opdagede at ukorrekt håndtering af CDROM-filaftryk kunne - medføre informationsafsløring.

    • - -
  • CVE-2018-10981 - -

    Jan Beulich opdagede at misdannede enhedsmodeller kunne medføre - lammelsesangreb.

    • - -
  • CVE-2018-10982 - -

    Roger Pau Monne opdagede at ukorrekt håndtering af eventtimere med - høj nøjagtighed, kunne medføre lammelsesangreb og potentielt - rettighedsforøgelse.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4201.data" diff --git a/danish/security/2018/dsa-4202.wml b/danish/security/2018/dsa-4202.wml deleted file mode 100644 index ed719750731..00000000000 --- a/danish/security/2018/dsa-4202.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="3325a60207eb436ad6e8fc838f10d2cd10918cbf" mindelta="1" -sikkerhedsopdatering - -

OSS-fuzz, med hjælp fra Max Dymond, opdagede at cURL, et -URL-overførselsbibliotek, kunne narres til at læse data ud over slutningen af en -heapbseret buffer, når der blev fortolket ugyldige headere i et RTSP-svar.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 7.38.0-4+deb8u11.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.52.1-5+deb9u6.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende curl, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/curl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4202.data" diff --git a/danish/security/2018/dsa-4203.wml b/danish/security/2018/dsa-4203.wml deleted file mode 100644 index 48b5f170e5a..00000000000 --- a/danish/security/2018/dsa-4203.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="283093054b4ed3147341b92bd0926170328360c0" mindelta="1" -sikkerhedsopdatering - -

Hans Jerry Illikainen opdagede en typekonverteringssårbarhed i MP4-demuxer'en -hørende til medieafspilleren VLC, hvilken kunne medføre udførelse af vilkårlig -kode, hvis en misdannet mediefil blev afspillet.

- -

Denne opdatering opgraderer VLC i stretch til den nye 3.x-udgivelsesserie -(fordi sikkerhedsrettelser ikke kunne tilbageføres på fornuftig vis til -2.x-serien). Desuden var det nødvendigt at genopbygge to pakker, for at sikre -kompabilitet med VLC 3; phonon-backend-vlc (0.9.0-2+deb9u1) og goldencheetah -(4.0.0~DEV1607-2+deb9u1).

- -

VLC i jessie kan ikke overgå til version 3 på grund af inkompatible -biblioteksændringer med omvendte afhængigheder, og programmets levetid -erklæres derfor for afsluttet i jessie. Vi anbefaler at opgradere til stretch, -eller at vælge en anden medieafspiller, hvis det ikke er en mulighed.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.0.2-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende vlc, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/vlc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4203.data" diff --git a/danish/security/2018/dsa-4204.wml b/danish/security/2018/dsa-4204.wml deleted file mode 100644 index fb9ccf91f28..00000000000 --- a/danish/security/2018/dsa-4204.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="fc4d242fafe367ecd998d9bb939f87b79840c417" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter flere sårbarheder i imagemagick, en grafisk -softwarepakke. Forskellige hukommelseshåndteringsproblemer eller problemer med -ufuldstændig fornuftighedskontrol af inddata, kunne medføre lammelsesangreb -eller hukommelsesblotlæggelse.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 8:6.8.9.9-5+deb8u12.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende imagemagick, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/imagemagick

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4204.data" diff --git a/danish/security/2018/dsa-4205.wml b/danish/security/2018/dsa-4205.wml deleted file mode 100644 index 2a1ff7ff184..00000000000 --- a/danish/security/2018/dsa-4205.wml +++ /dev/null @@ -1,15 +0,0 @@ -#use wml::debian::translation-check translation="9102095a33d1bb4101b9b1a6e7c3ee3b3421a78b" mindelta="1" -Forvarsel om kommende afslutning af livsforløb af Debian 8 - - -

Hermed forvarsel om at den almindelige sikkerhedsunderstøttelse af Debian -GNU/Linux 8 (kodenavn jessie), ophører den 17. juni.

- -

Som ved tidligere udgiver, vil yderligere LTS-understøttelse blive stillet -til rådighed for et begrænset antal arkitekturer og pakker, hvilket vil blive -offentliggjort separat på et senere tidspunkt.

- - - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4205.data" diff --git a/danish/security/2018/dsa-4206.wml b/danish/security/2018/dsa-4206.wml deleted file mode 100644 index c0aa940f6b7..00000000000 --- a/danish/security/2018/dsa-4206.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="1dc53b6e1cb6faefa161f29ada9691ccae02012c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Gitlab, en softwareplatform til samarbejde om -kode:

- -
    - -
  • CVE-2017-0920 - -

    Man opdagede at manglende validering af merge-requests gjorde det muligt - for brugere at se navne på private projekter, medførende - informationsafsløring.

    • - -
  • CVE-2018-8971 - -

    Man opdagede at Auth0-integrationen var implementeret forkert.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8.13.11+dfsg1-8+deb9u2. Rettelsen af -\ -CVE-2018-8971 kræver også at ruby-omniauth-auth0 opgraderes til version -2.0.0-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine gitlab-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gitlab, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gitlab

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4206.data" diff --git a/danish/security/2018/dsa-4207.wml b/danish/security/2018/dsa-4207.wml deleted file mode 100644 index 85423fd1bfa..00000000000 --- a/danish/security/2018/dsa-4207.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ac563316d2221ce4d831b935135c4533e374a673" mindelta="1" -sikkerhedsopdatering - -

Matthias Gerstner opdagede at PackageKit, et DBus-abstraktionslag til simple -softwarehåndteringsopgaver, indeholdt en autentifikationsomgåelsesfejl, som -gjorde det muligt for brugere uden rettigheder, at installere pakker lokalt.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.1.5-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine packagekit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende packagekit, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/packagekit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4207.data" diff --git a/danish/security/2018/dsa-4208.wml b/danish/security/2018/dsa-4208.wml deleted file mode 100644 index e1c90c8893d..00000000000 --- a/danish/security/2018/dsa-4208.wml +++ /dev/null @@ -1,55 +0,0 @@ -#use wml::debian::translation-check translation="346433d42e38e30b0a91a5cebea614a0151f8ab7" mindelta="1" -sikkerhedsopdatering - -

Qualys Research Labs opdagede adskillige sårbarheder i procps, et sæt -kommandolinje- og fuldskærmsværktøjer til at gennemse procfs med. Projektet -Common Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2018-1122 - -

    top læste sin opsætning fra den aktuelle arbejdsmappe, hvis der ikke er - opsat en $HOME. Hvis top blev startet fra en mappe, som er skrivbar for en - angriber (så som /tmp), kunne det medføre lokal - rettighedsforøgelse.

    • - -
  • CVE-2018-1123 - -

    Lammelsesangreb mod kald af en anden brugers ps.

    • - -
  • CVE-2018-1124 - -

    Et heltalsoverløb i funktionen file2strvec() i libprocps, kunne medføre - lokal rettighedsforøgelse.

    • - -
  • CVE-2018-1125 - -

    Et stakbaseret bufferoverløb i pgrep, kunne medføre lammelsesangreb for - en bruger, der anvender pgrep til at inspicere en særligt fremstillet - proces.

    • - -
  • CVE-2018-1126 - -

    Ukorrekte heltalsstørrelsesparametre, anvendt i wrappere til - standard-C-allokatorer, kunne medføre heltalstrunkering, samt føre til - heltalsoverløbsproblemer.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 2:3.3.9-9+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2:3.3.12-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine procps-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende procps, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/procps

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4208.data" diff --git a/danish/security/2018/dsa-4209.wml b/danish/security/2018/dsa-4209.wml deleted file mode 100644 index 1f8ac898d7e..00000000000 --- a/danish/security/2018/dsa-4209.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="ed6cf868edf7ff4d96db7c2f49fd852537569e76" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode, lammelsesangreb eller angreb mod krypterede -mails.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1:52.8.0-1~deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:52.8.0-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4209.data" diff --git a/danish/security/2018/dsa-4210.wml b/danish/security/2018/dsa-4210.wml deleted file mode 100644 index 89cb302d31f..00000000000 --- a/danish/security/2018/dsa-4210.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="d9867556002f3f8d092ee9f6a49cbcb4fc3f41bb" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering indeholder foranstaltninger mod Spectre v4-varianten i -x86-baserede mikroprocessorer. På Intels CPU'er, kræver det en opdatering af -mikrokoden, som i øjeblikket ikke er frigivet til offentligheden (men din -hardwareleverandør kan have udgivet en opdatering). For servere med AMD's -CPU'er, er en opdatering af mikrokoden ikke nødvendig, se -\ -https://xenbits.xen.org/xsa/advisory-263.html for flere oplysninger.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4210.data" diff --git a/danish/security/2018/dsa-4211.wml b/danish/security/2018/dsa-4211.wml deleted file mode 100644 index e421609ec2c..00000000000 --- a/danish/security/2018/dsa-4211.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="0f1ecfca5471a3f9312af949a72207649879da96" mindelta="1" -sikkerhedsopdatering - -

Gabriel Corona opdagede at xdg-utils, et sæt værktøjer til integration af -skrivebordsmiljøer, var sårbare over for parameterindsprøjtningsangreb. Hvis -miljøvariablen BROWSER på offerets vært indeholder en %s og offeret åbner -et link, fabrikeret af angriberen, med xdg-open, kunne den ondsindede person -manipulere med parametrene, som anvendes af browseren ved åbningen. -Manipulationen kunne eksempelvis opsætte en proxy, til hvilken -netværktstrafikken kunne blive opsnappet i den pågældende udførelse.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.1.0~rc1+git20111210-7.4+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.1.1-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine xdg-utils-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xdg-utils, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xdg-utils

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4211.data" diff --git a/danish/security/2018/dsa-4212.wml b/danish/security/2018/dsa-4212.wml deleted file mode 100644 index aa1378fd975..00000000000 --- a/danish/security/2018/dsa-4212.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="97c63276e44b98a1da68595f99dc2712f2352661" mindelta="1" -sikkerhedsopdatering - -

Etienne Stalmans opdagede at git, et hurtigt, skalerbart, distribueret -versionsstyringssystem, var ramt af en sårbarhed i forbindelse med udførelse af -vilkårlig kode, udnytbar gennem særligt fabrikerede undermodulnavne i en -.gitmodules-fil.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1:2.1.4-2.1+deb8u6.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:2.11.0-3+deb9u3.

- -

Vi anbefaler at du opgraderer dine git-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende git, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/git

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4212.data" diff --git a/danish/security/2018/dsa-4213.wml b/danish/security/2018/dsa-4213.wml deleted file mode 100644 index a58f0cd66b5..00000000000 --- a/danish/security/2018/dsa-4213.wml +++ /dev/null @@ -1,80 +0,0 @@ -#use wml::debian::translation-check translation="72e985dfa9b7a9be1fca49944d2bccd5d39a088c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i qemu, en hurtig processoremulator.

- -
    - -
  • CVE-2017-15038 - -

    Tuomas Tynkkynen opdagede en informationslækage i 9pfs.

    • - -
  • CVE-2017-15119 - -

    Eric Blake opdagede at NBD-serveren på utilstrækkelig vis, begrænsede - store optionforespørgsler, medførende lammelsesangreb.

    • - -
  • CVE-2017-15124 - -

    Daniel Berrange opdagede at den integrerede VNC-server på utilstrækkelig - vis begrænsede hukommelsesallokering, hvilket kunne medføre - lammelsesangreb.

    • - -
  • CVE-2017-15268 - -

    En hukommelseslækage i websocketsunderstøttelsen, kunne medføre - lammelsesangreb.

    • - -
  • CVE-2017-15289 - -

    Guoxiang Niu opdagede en OOB-skrivning i det emulerede Cirrus-grafikkort, - som kunne medføre lammelsesangreb.

    • - -
  • CVE-2017-16845 - -

    Cyrille Chatras opdagede en informationslækage i emuleringen af PS/2-mus - og -tastaturer, hvilket kunne udnyttes under instansmigrering.

    • - -
  • CVE-2017-17381 - -

    Dengzhan Heyuandong Bijunhua og Liweichao opdagede at en - implementeringsfejl i virtio vring-implementeringen, kunne medføre - lammelsesangreb.

    • - -
  • CVE-2017-18043 - -

    Eric Blake opdagede et heltalsoverløb i en internt anvendt makro, hvilket - kunne medføre lammelsesangreb.

    • - -
  • CVE-2018-5683 - -

    Jiang Xin og Lin ZheCheng opdagede en OOB-hukommelsestilgang i det - emulerede VGA-grafikkort, hvilket kunne medføre lammelsesangreb.

    • - -
  • CVE-2018-7550 - -

    Cyrille Chatras opdagede at en OOB-hukommelsesskrivning, når der anvendes - multiboot, kunne medføre udførelse af vilkårlig kode.

    • - -
- -

Denne opdatering tilbagefører en række afhjælpninger mod Spectre -v2-sårbarheden, som påvirker moderne CPU'er -(\ -CVE-2017-5715). For yderligere oplysinger, se: -\ -https://www.qemu.org/2018/01/04/spectre/

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:2.8+dfsg-6+deb9u4.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qemu, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qemu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4213.data" diff --git a/danish/security/2018/dsa-4214.wml b/danish/security/2018/dsa-4214.wml deleted file mode 100644 index 8cf18e1101a..00000000000 --- a/danish/security/2018/dsa-4214.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="98450b2e9138675e3c0f26e7372bc8e190458a9b" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Zookeeper, en tjeneste til vedligeholdelse af -opsætningsoplysninger, ikke krævede autentifikation/autorisation, når en server -forsøgte at deltage i et Zookeeper-quorum.

- -

Denne opdatering tilbagefører autentifikationsunderstøttelse. Yderligere -opsætningstrin kan være nødvendige, se -\ -https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication -for fler oplysninger.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 3.4.9-3+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.4.9-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine zookeeper-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende zookeeper, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/zookeeper

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4214.data" diff --git a/danish/security/2018/dsa-4215.wml b/danish/security/2018/dsa-4215.wml deleted file mode 100644 index feda221bad0..00000000000 --- a/danish/security/2018/dsa-4215.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="52c000832f536f52b57bcf563167053210095c0b" mindelta="1" -sikkerhedsopdatering - -

Man Yue Mo, Lars Krapf og Pierre Ernst opdagede at Batik, et værktøjssæt til -behandling af SVG-billeder, ikke på korrekt vis validerede sine inddata. Dermed -kunne en angriber få mulighed for at forårsage et lammelsesangreb, iværksætte -angreb i forbindelse med udførelse af skripter på tværs af websteder, eller -tilgå adgangsbegrænsede filer på serveren.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.7+dfsg-5+deb8u1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.8-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine batik-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende batik, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/batik

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4215.data" diff --git a/danish/security/2018/dsa-4216.wml b/danish/security/2018/dsa-4216.wml deleted file mode 100644 index d6e4b9f4baf..00000000000 --- a/danish/security/2018/dsa-4216.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="012397a8cf378f88a443716d86936f74eb6de448" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Prosody, en letvægts-Jabber-/XMPP-server, ikke på korrekt vis -validerede klientleverede parametre under genstart af XMPP-strømme, hvilket -gjorde det muligt for autentificerede brugere at overskrive det realm, som er -forbundet med deres session, potentielt omgående sikkerhedsregler og tilladende -imitation af andre.

- -

Flere oplysninger finder man i opstrøms bulletin på: -\ -https://prosody.im/security/advisory_20180531/

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 0.9.7-2+deb8u4.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.9.12-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine prosody-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende prosody, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/prosody

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4216.data" diff --git a/danish/security/2018/dsa-4217.wml b/danish/security/2018/dsa-4217.wml deleted file mode 100644 index cde1f4690ee..00000000000 --- a/danish/security/2018/dsa-4217.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="3def0df3c8040e5cd34998f5a0cfe00cd868f9cd" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Wireshark, et program til analysering af netværksprotokoller, -indeholdt flere sårbarheder i dissektorerne til PCP, ADB, NBAP, UMTS MAC, IEEE -802.11, SIGCOMP, LDSS, GSM A DTAP og Q.931, hvilket medførte lammelsesangreb -eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.12.1+g01b65bf-4+deb8u14.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.2.6+g32dac6a-2+deb9u3.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wireshark, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wireshark

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4217.data" diff --git a/danish/security/2018/dsa-4218.wml b/danish/security/2018/dsa-4218.wml deleted file mode 100644 index 0f7386d0086..00000000000 --- a/danish/security/2018/dsa-4218.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="4ebfdd503e9e85f67ec7fcf9034b307c4969a337" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i memcached, et højtydende system til caching -af objekter i hukommelsen. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2017-9951 - -

    Daniel Shapira rapporterede om en heapbaseret bufferoverlæsning i - memcached (på grund af en ufuldsætndig rettelse af - CVE-2016-8705) - udløst af særligt fremstillede forespørgsler til at tilføje/opsætte en - nøgle, og gøre det muligt for en fjernangriber at forårsage et - lammelsesangreb.

    • - -
  • CVE-2018-1000115 - -

    Der blev rapporteret at memcached lytter til UDP som standard. En - fjernangriber kunne drage nytte heraf til at anvende memcachedservicen som - en DDoS-forstærker.

    - -

    Defaultinstalleringer af memcached i Debian er ikke påvirket af denne - fejl, da installeringsstandarden er kun at lytte til localhost. Denne - opdatering deaktiverer som standard UDP-porten. Lytning til UDP kan - genaktiveres i /etc/memcached.conf (jf. - /usr/share/doc/memcached/NEWS.Debian.gz).

    • - -
  • CVE-2018-1000127 - -

    Et heltalsoverløb blev rapporteret i memcached, medførende - ressourcelækager, datakorruption, deadlocks eller nedbrud.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 1.4.21-1.1+deb8u2.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.4.33-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine memcached-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende memcached, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/memcached

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4218.data" diff --git a/danish/security/2018/dsa-4219.wml b/danish/security/2018/dsa-4219.wml deleted file mode 100644 index 78b51bd8ad6..00000000000 --- a/danish/security/2018/dsa-4219.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="d11cf1b0803bc7729a91ad6add2ac877fe1b5a5e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i jruby, en Java-implementering af -programmeringssproget Ruby. Dermed kunne det være muligt for en angriber, at -anvende særligt fremstillede gem-filer, til at iværksætte angreb i forbindelse -med udførelse af skripter på tværs af websteder, forårsage lammelsesangreb -gennem en uendelig løkke, skrive vilkårlige filer eller køre ondsindet kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.7.26-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine jruby-pakker.

- -

Desuden fungerer denne meddelelse som annoncering af at -sikkerhedsunderstøttelse af jruby i den gamle stabile udgave, Debian 8 -(jessie), nu er ophørt.

- -

Brugere af jruby i Debian 8, som ønsker sikkerhedsopdateringer, opfordres -kraftigt til nu at opgradere til den aktuelle stabile udgave, Debian 9 -(stretch).

- -

For detaljeret sikkerhedsstatus vedrørende jruby, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/jruby

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4219.data" diff --git a/danish/security/2018/dsa-4220.wml b/danish/security/2018/dsa-4220.wml deleted file mode 100644 index e015611bb10..00000000000 --- a/danish/security/2018/dsa-4220.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e9b1f51d55c44d8dc0e60cb9d2b3ced577538783" mindelta="1" -sikkerhedsopdatering - -

Ivan Fratric opdagede et bufferoverløb i grafikbiblioteket Skia, som benyttes -af Firefox, hvilket kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 52.8.1esr-1~deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 52.8.1esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4220.data" diff --git a/danish/security/2018/dsa-4221.wml b/danish/security/2018/dsa-4221.wml deleted file mode 100644 index eeecb58a7eb..00000000000 --- a/danish/security/2018/dsa-4221.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="d563d633de1ee9304bf32343a9293dc585db166d" mindelta="1" -sikkerhedsopdatering - -

Alexander Peslyak opdagede at utilstrækkelig fornuftighedskontrol af inddata -af RFB-pakker i LibVNCServer, kunne medføre blotlæggelse af -hukommelsesindhold.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 0.9.9+dfsg2-6.1+deb8u3.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.9.11+dfsg-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine libvncserver-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libvncserver, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libvncserver

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4221.data" diff --git a/danish/security/2018/dsa-4222.wml b/danish/security/2018/dsa-4222.wml deleted file mode 100644 index 70f82969ded..00000000000 --- a/danish/security/2018/dsa-4222.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="d1349d64259929502ddfccc844f3c2995b566934" mindelta="1" -sikkerhedsopdatering - -

Marcus Brinkmann opdagede at GnuPG udførte utilstrækkelig -fornuftighedskontrol af filnavne, der vises i statusmeddelelser, hvilket kunne -misbruges til at forfalske verifikationsstatussen på en signeret mail.

- -

Flere oplysninger finder man i opstrøms bulletin på: -\ -https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 2.0.26-6+deb8u2.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.1.18-8~deb9u2.

- -

Vi anbefaler at du opgraderer dine gnupg2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gnupg2, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gnupg2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4222.data" diff --git a/danish/security/2018/dsa-4223.wml b/danish/security/2018/dsa-4223.wml deleted file mode 100644 index 42ad6e7cf98..00000000000 --- a/danish/security/2018/dsa-4223.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="d1349d64259929502ddfccc844f3c2995b566934" mindelta="1" -sikkerhedsopdatering - -

Marcus Brinkmann opdagede at GnuPG udførte utilstrækkelig -fornuftighedskontrol af filnavne, der vises i statusmeddelelser, hvilket kunne -misbruges til at forfalske verifikationsstatussen på en signeret mail.

- -

Flere oplysninger finder man i opstrøms bulletin på: -\ -https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.4.21-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine gnupg1-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gnupg1, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gnupg1

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4223.data" diff --git a/danish/security/2018/dsa-4224.wml b/danish/security/2018/dsa-4224.wml deleted file mode 100644 index 40923a725ad..00000000000 --- a/danish/security/2018/dsa-4224.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="d1349d64259929502ddfccc844f3c2995b566934" mindelta="1" -sikkerhedsopdatering - -

Marcus Brinkmann opdagede at GnuPG udførte utilstrækkelig -fornuftighedskontrol af filnavne, der vises i statusmeddelelser, hvilket kunne -misbruges til at forfalske verifikationsstatussen på en signeret mail.

- -

Flere oplysninger finder man i opstrøms bulletin på: -\ -https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.4.18-7+deb8u5.

- -

Vi anbefaler at du opgraderer dine gnupg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gnupg, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gnupg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4224.data" diff --git a/danish/security/2018/dsa-4225.wml b/danish/security/2018/dsa-4225.wml deleted file mode 100644 index 6b414a8f0b3..00000000000 --- a/danish/security/2018/dsa-4225.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="dc21b433af0966edcac8e6493f8ca148cb89b07f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende lammelsesangreb, omgåelse af sandkasse, udførelse af -vilkårlig kode eller omgåelse af verifikations JAR-signatur.

- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 7u181-2.6.14-1~deb8u1.

- -

Vi anbefaler at du opgraderer dine openjdk-7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-7, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4225.data" diff --git a/danish/security/2018/dsa-4226.wml b/danish/security/2018/dsa-4226.wml deleted file mode 100644 index a4afbe0b61d..00000000000 --- a/danish/security/2018/dsa-4226.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="c27a3a3fc4f98984faaf4d9cfd317c0c082808dc" mindelta="1" -sikkerhedsopdatering - -

Jakub Wilk opdagede en mappegennemløbsfejl i modulet Archive::Tar, hvilket -gjorde det muligt for en angriber at overskrive enhver fil, som er skrivbar for -den udpakkende bruger, gennem et særligt fabrikeret tar-arkiv.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 5.20.2-3+deb8u11.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 5.24.1-3+deb9u4.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende perl, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/perl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4226.data" diff --git a/danish/security/2018/dsa-4227.wml b/danish/security/2018/dsa-4227.wml deleted file mode 100644 index 7817d82e7d2..00000000000 --- a/danish/security/2018/dsa-4227.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="126cdadd4d05eadd58f4df41e6106b95deb70f68" mindelta="1" -sikkerhedsopdatering - -

Danny Grander opdagede en mappegennemløbsfejl i plexus-archiver, en -arkiveringsplugin til compilersystemet Plexus, hvilken gjorde det muligt for en -angriber at overskrive enhver fil, som er skrivbar for den udpakkende bruger, -gennem et fabrikeret zip-arkiv.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 1.2-1+deb8u1.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.2-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine plexus-archiver-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende plexus-archiver, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/plexus-archiver

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4227.data" diff --git a/danish/security/2018/dsa-4228.wml b/danish/security/2018/dsa-4228.wml deleted file mode 100644 index 1e2bbc86a40..00000000000 --- a/danish/security/2018/dsa-4228.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="5d75916c48ef884d01cf7dfb0301d113a4d09d39" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i SPIP, en webstedsmotor til udgivelse, -medførende udførelse af skripter på tværs af websteder samt -PHP-indsprøjtning.

- -

I den gamle stabile distribution (jessie), er dette problem rettet -i version 3.0.17-2+deb8u4.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.1.4-4~deb9u1.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spip, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/spip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4228.data" diff --git a/danish/security/2018/dsa-4229.wml b/danish/security/2018/dsa-4229.wml deleted file mode 100644 index 837c3ab0d75..00000000000 --- a/danish/security/2018/dsa-4229.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="7663b108adb6e62efb10927c79ca889cf71999b5" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i strongSwan, en IKE-/IPsec-programsamling.

- -
    - -
  • CVE-2018-5388 - -

    Stroke-plugin'en kontrollerede ikke meddelelseslængden, når den læste fra - sin kontrolsocket. Sårbarheden kunne føre til lammelsesangreb. I Debian - kræver skriveadgang til socket'en rodrettigheder i - standardopsætningen..

    • - -
  • CVE-2018-10811 - -

    En manglende variabelinitialisering i IKEv2-nøglederivation kunne føre - til et lammelsesangreb (nedbrud af IKE-dæmonen charon), hvis - openssl-plugin'en anvendes i FIPS-tilstand, og den forhandlede PRF er - HMAC-MD5.

    • - -
- -

I den gamle stabile distribution (jessie), er disse problemer rettet -i version 5.2.1-6+deb8u6.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 5.5.1-4+deb9u2.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende strongswan, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/strongswan

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4229.data" diff --git a/danish/security/2018/dsa-4230.wml b/danish/security/2018/dsa-4230.wml deleted file mode 100644 index 5b508313d4c..00000000000 --- a/danish/security/2018/dsa-4230.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a4c274ef1917964e72b8b0a5e1b9b2c6ec76fc05" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Lua-undersystemet i Redis, en -vedblivende nøgleværdidatabase, hvilke kunne medføre lammelsesangreb.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 3:3.2.6-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine redis-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende redis, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/redis

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4230.data" diff --git a/danish/security/2018/dsa-4231.wml b/danish/security/2018/dsa-4231.wml deleted file mode 100644 index 455a1273c44..00000000000 --- a/danish/security/2018/dsa-4231.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="7a64a9aeb9449043606abd36c8704f0576740ffb" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Libgcrypt var sårbar over for et lokalt sidekanalsangreb, som -gjorde det muligt at få fat i private ECDSA-nøgler.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.7.6-2+deb9u3.

- -

Vi anbefaler at du opgraderer dine libgcrypt20-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libgcrypt20, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libgcrypt20

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4231.data" diff --git a/danish/security/2018/dsa-4232.wml b/danish/security/2018/dsa-4232.wml deleted file mode 100644 index 9cb3b674ba2..00000000000 --- a/danish/security/2018/dsa-4232.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="cc1049d2a8e80457c2710554b875b19b503a72e0" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering indeholder afhjælpninger af lazy FPU-sårbarheden, som -påvirker en række af Intels CPU'er, hvilken kunne medføre lækage af CPU'ens -registertilstande hørende til en anden vCPU, tidligere placeret på den samme -CPU. For yderligere oplysninger, se: -\ -https://xenbits.xen.org/xsa/advisory-267.html

- -

I den stabile distribution (stretch), er dette problem rettet i -version 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4232.data" diff --git a/danish/security/2018/dsa-4233.wml b/danish/security/2018/dsa-4233.wml deleted file mode 100644 index 39221003fe0..00000000000 --- a/danish/security/2018/dsa-4233.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b9827adb0326c7851cde425fbd57f83c86975cdb" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at lavniveaugrænsefladen til RSA-nøglepargeneratoren i Bouncy -Castle (en Java-implementering af cryptografiske algoritmer), kunne udføre -færre Miller-Rabin-primaltalstests end forventet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.56-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine bouncycastle-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bouncycastle, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/bouncycastle

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4233.data" diff --git a/danish/security/2018/dsa-4234.wml b/danish/security/2018/dsa-4234.wml deleted file mode 100644 index d3a204bbd64..00000000000 --- a/danish/security/2018/dsa-4234.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a9e0e685cbd4c3464291a843174375807d9b5587" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i LAVA, et continuous integration-system til -udrulning af styresystemer til kørende test, hvilket kunne medføre -informationsafsløring af filer, som er læsbare for lavaservers systembruger, -eller udføre vilkårlig kode gennem et XMLRPC-kald.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2016.12-3.

- -

Vi anbefaler at du opgraderer dine lava-server-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lava-server, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lava-server

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4234.data" diff --git a/danish/security/2018/dsa-4235.wml b/danish/security/2018/dsa-4235.wml deleted file mode 100644 index 1d85e241274..00000000000 --- a/danish/security/2018/dsa-4235.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e2cd91bcc730a82283b60dcc266ec537288dcdbf" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl og andre implementeringsfejl kunne føre til -udførelse af vilkårlig kode, lammelsesangreb, forfalskning af forespørgsler på -tværs af websteder eller informationsafsløring.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 52.9.0esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4235.data" diff --git a/danish/security/2018/dsa-4236.wml b/danish/security/2018/dsa-4236.wml deleted file mode 100644 index 747ec32fd97..00000000000 --- a/danish/security/2018/dsa-4236.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="3439a8546d4fe55d238759727de6099c665dbc72" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisor'en Xen:

- -
    - -
  • CVE-2018-12891 - -

    Man opdagede at utilstrækkelig validering af PV MMU-handlinger kunne - medføre lammelsesangreb.

    • - -
  • CVE-2018-12892 - -

    Man har opdaget libxl ikke efterkommer readonly-flaget på - HVM-emulaterede SCSI-diske.

    • - -
  • CVE-2018-12893 - -

    Man opdagede at ukorrekt implementering af debugexceptiontjek, kunne - medføre lammelsesangreb.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4236.data" diff --git a/danish/security/2018/dsa-4237.wml b/danish/security/2018/dsa-4237.wml deleted file mode 100644 index b677635a49b..00000000000 --- a/danish/security/2018/dsa-4237.wml +++ /dev/null @@ -1,157 +0,0 @@ -#use wml::debian::translation-check translation="38064b8fd0bc72aee5667310770c1e8a7cc78720" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrwoseren chromium.

- -
    - -
  • CVE-2018-6118 - -

    Ned Williamson opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2018-6120 - -

    Zhou Aiting opdagede et bufferoverløbsproblem i biblioteket - pdfium.

    • - -
  • CVE-2018-6121 - -

    Man opdagede ondsindede udvidelser kunne forøge rettigheder.

    • - -
  • CVE-2018-6122 - -

    Et typeforvekslingsproblem blev opdaget i JavaScript-biblioteket - v8.

    • - -
  • CVE-2018-6123 - -

    Looben Yang opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2018-6124 - -

    Guang Gong opdagede et typeforvekslingsproblem.

    • - -
  • CVE-2018-6125 - -

    Yubico opdagede at implementeringen af WebUSB tillod for meget.

    • - -
  • CVE-2018-6126 - -

    Ivan Fratric opdagede et bufferoverløbsproblem i biblioteket - skia.

    • - -
  • CVE-2018-6127 - -

    Looben Yang opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2018-6129 - -

    Natalie Silvanovich opdagede et problem med læsning uden for grænserne i - WebRTC.

    • - -
  • CVE-2018-6130 - -

    Natalie Silvanovich opdagede et problem med læsning uden for grænserne i - WebRTC.

    • - -
  • CVE-2018-6131 - -

    Natalie Silvanovich opdagede en fejl i WebAssembly.

    • - -
  • CVE-2018-6132 - -

    Ronald E. Crane opdagede et problem med uinitialiseret - hukommelse.

    • - -
  • CVE-2018-6133 - -

    Khalil Zhani opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-6134 - -

    Jun Kokatsu opdagede en måde at omgå Referrer Policy på.

    • - -
  • CVE-2018-6135 - -

    Jasper Rebane opdagede et problem med forfalskning af - brugergrænsefladen.

    • - -
  • CVE-2018-6136 - -

    Peter Wong opdagede et problem med læsning uden for grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2018-6137 - -

    Michael Smith opdagede en informationslækage.

    • - -
  • CVE-2018-6138 - -

    François Lajeunesse-Robert opdagede at reglerne for udvidelse tillod for - meget.

    • - -
  • CVE-2018-6139 - -

    Rob Wu opdagede en måde at omgå restriktioner på i - debuggerudvidelsen.

    • - -
  • CVE-2018-6140 - -

    Rob Wu opdagede en måde at omgå restriktioner på i - debuggerudvidelsen.

    • - -
  • CVE-2018-6141 - -

    Yangkang opdagede et bufferoverløbsproblem i biblioteket skia.

    • - -
  • CVE-2018-6142 - -

    Choongwoo Han opdagede en læsning uden for grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2018-6143 - -

    Guang Gong opdagede en læsning uden for grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2018-6144 - -

    pdknsk opdagede en læsning uden for grænserne i biblioteket - pdfium.

    • - -
  • CVE-2018-6145 - -

    Masato Kinugawa opdagede en fejl i implementeringen af MathML.

    • - -
  • CVE-2018-6147 - -

    Michail Pishchagin opdagede en fejl i felterne til angivelse af - adgangskoder.

    • - -
  • CVE-2018-6148 - -

    Michał Bentkowski opdagede at Content Security Policy-headeren blev - håndteret på forkert vis.

    • - -
  • CVE-2018-6149 - -

    Yu Zhou og Jundong Xie opdagede et problem med læsning uden for grænserne - i JavaScript-biblioteket v8.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 67.0.3396.87-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium-browser, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium-browser

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4237.data" diff --git a/danish/security/2018/dsa-4238.wml b/danish/security/2018/dsa-4238.wml deleted file mode 100644 index 0b1b6e67137..00000000000 --- a/danish/security/2018/dsa-4238.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="10f3a4c35407b2bf8f3ea80e236c6b33a201386f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Exiv2, et C++-bibliotek og et -kommandolinjeværktøj til håndtering af billeders metadata, hvilke kunne føre til -lammelsesangreb eller udførelse af vilkårlig kode, hvis en misdannet fil blev -fortolket.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.25-3.1+deb9u1.

- -

Vi anbefaler at du opgraderer dine exiv2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende exiv2, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/exiv2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4238.data" diff --git a/danish/security/2018/dsa-4239.wml b/danish/security/2018/dsa-4239.wml deleted file mode 100644 index d4753746a55..00000000000 --- a/danish/security/2018/dsa-4239.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="70c8800a536386c9c84f9bee5854b51293c15256" mindelta="1" -sikkerhedsopdatering - -

Fabian Henneke opdagede en sårbarhed i forbindelse med udførelse af skripter -på tværs af websteder, i formularen til ændring af adgangskode i GOsa, et -webbaseret LDAP-administrationsprogram.

- -

I den stabile distribution (stretch), er dette problem rettet i -version gosa 2.7.4+reloaded2-13+deb9u1.

- -

Vi anbefaler at du opgraderer dine gosa-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gosa, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gosa

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4239.data" diff --git a/danish/security/2018/dsa-4240.wml b/danish/security/2018/dsa-4240.wml deleted file mode 100644 index 4a4c3aba251..00000000000 --- a/danish/security/2018/dsa-4240.wml +++ /dev/null @@ -1,51 +0,0 @@ -#use wml::debian::translation-check translation="106284ed210b4894870fc06b0f1886be682e6dfd" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev fundet i PHP, et vidt udbredt, generelt anvendeligt open -source-scriptsprog:

- -
    - -
  • CVE-2018-7584 - -

    Bufferunderlæsning i fortolkning af HTTP-svar.

    • - -
  • CVE-2018-10545 - -

    Dumpbare FPM-barneprocesser tillod omgåelse af opcaches - adgangskontroller.

    • - -
  • CVE-2018-10546 - -

    Lammelsesangreb gennem uendelig løkke i streamfilteret - convert.iconv.

    • - -
  • CVE-2018-10547 - -

    Rettelsen af \ - CVE-2018-5712 (leveret med DSA 4080) var ufuldstændig.

    • - -
  • CVE-2018-10548 - -

    Lammelsesangreb gennem misdannede LDAP-serversvar.

    • - -
  • CVE-2018-10549 - -

    Læsning uden for grænserne, ved fortolkning af misdannede - JPEG-filer.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7.0.30-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine php7.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.0, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4240.data" diff --git a/danish/security/2018/dsa-4241.wml b/danish/security/2018/dsa-4241.wml deleted file mode 100644 index a95aa52626b..00000000000 --- a/danish/security/2018/dsa-4241.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="6bb3bc0cc9cc4d1a1aa6fda194f3cf7440257938" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Soup HTTP-biblioteket udførte utilstrækkelig validering af -cookieforespørgsler, hvilket kunne medføre hukommelseslæsning uden for -grænserne.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.56.0-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine libsoup2.4-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libsoup2.4, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libsoup2.4

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4241.data" diff --git a/danish/security/2018/dsa-4242.wml b/danish/security/2018/dsa-4242.wml deleted file mode 100644 index 38cc657fa23..00000000000 --- a/danish/security/2018/dsa-4242.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="520cd84fe7763070d62d97295b9095e6d763ddd1" mindelta="1" -sikkerhedsopdatering - -

Orange Tsai opdagede en mappegennemløbsfejl i ruby-sprockets, et Rack-baseret -asset-pakningssystem. En fjernangriber kunne drage nytte af fejlen til at læse -vilkårlige filer udenfor en applikations rodmappe, gennem særligt fremstillede -forespørgsler, når Sprockets-serveren anvendes i produktion.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.7.0-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine ruby-sprockets-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-sprockets, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-sprockets

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4242.data" diff --git a/danish/security/2018/dsa-4243.wml b/danish/security/2018/dsa-4243.wml deleted file mode 100644 index 36bbecde95e..00000000000 --- a/danish/security/2018/dsa-4243.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="2a51d7df00b2a3ce821da43704c57a93a05fda39" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i CUPS, Common UNIX Printing System. -Problemerne er registreret med følgende CVE-id'er:

- -
    - -
  • CVE-2017-15400 - -

    Rory McNamara opdagede at en angriber ville være i stand til at udføre - vilkårlige kommandoer (med rettighederne hørende til CUPS-dæmonen), ved at - opsætte en ondsindet IPP-server med en fabrikeret PPD-fil.

    • - -
  • CVE-2018-4180 - -

    Dan Bastone fra Gotham Digital Science opdagede at en lokal angriber med - adgang til cupsctl, kunne forøge rettigheder ved at opsætte en - miljøvariabel.

    • - -
  • CVE-2018-4181 - -

    Eric Rafaloff og John Dunlap fra Gotham Digital Science opdagede at en - lokal angriber kunne iværksætte begrænsede læsninger af vilkårlige filer - som root, ved at manipulere med cupsd.conf.

    • - -
  • CVE-2018-6553 - -

    Dan Bastone fra Gotham Digital Science opdagede at en angriber kunne - omgå AppArmors cupsd-sandkasse, ved at kalde dnssd-backend'en ved hjælp af - et alternativt navn, hårdtlinket til dnssd.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.2.1-8+deb9u2.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende cups, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/cups

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4243.data" diff --git a/danish/security/2018/dsa-4244.wml b/danish/security/2018/dsa-4244.wml deleted file mode 100644 index d5c909e77e5..00000000000 --- a/danish/security/2018/dsa-4244.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="a71ba0806ba69261598af596aac0f19689207f03" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode, lammelsesangreb eller angreb mod krypterede -mails.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:52.9.1-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4244.data" diff --git a/danish/security/2018/dsa-4245.wml b/danish/security/2018/dsa-4245.wml deleted file mode 100644 index 4534b251173..00000000000 --- a/danish/security/2018/dsa-4245.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="98179eaf28cbf1118b404355ec9fa0d9bfff1f7e" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter flere sårbarheder i Imagemagick, en programsamling -med grafisk software. Forskellige hukommelseshåndteringsproblemer eller -ufuldstændig fornuftighedskontrol af inddata, kunne medføre lammelsesangreb -eller udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8:6.9.7.4+dfsg-11+deb9u5.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende imagemagick, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/imagemagick

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4245.data" diff --git a/danish/security/2018/dsa-4246.wml b/danish/security/2018/dsa-4246.wml deleted file mode 100644 index 898ea0b75c6..00000000000 --- a/danish/security/2018/dsa-4246.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c4a5c3a857da924c38d9bf6f83c0541c2b67048c" mindelta="1" -sikkerhedsopdatering - -

Toshitsugu Yoneyama fra Mitsui Bussan Secure Directions, Inc., opdagede at -mailman, et webbaseret program til håndtering af postlister, var ramt af en fejl -i forbindelse med udførelse af skripter tværs af websteder, hvilket gjorde det -muligt for en ondsindet listeejer, at indsprøjte skript på listinfosiden, på -grund af ikke-validerede inddata i feltet host_name.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:2.1.23-1+deb9u3.

- -

Vi anbefaler at du opgraderer dine mailman-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mailman, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mailman

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4246.data" diff --git a/danish/security/2018/dsa-4247.wml b/danish/security/2018/dsa-4247.wml deleted file mode 100644 index 7fbb870cbe4..00000000000 --- a/danish/security/2018/dsa-4247.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="87a1a05601e1cf6747bb659479da757daa40dd29" mindelta="1" -sikkerhedsopdatering - -

Et timingangreb blev opdaget i funktionen til validering af CSRF-tokens i -frameworket til Ruby rack protection.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.5.3-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine ruby-rack-protection-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-rack-protection, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-rack-protection

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4247.data" diff --git a/danish/security/2018/dsa-4248.wml b/danish/security/2018/dsa-4248.wml deleted file mode 100644 index 9a5a361335b..00000000000 --- a/danish/security/2018/dsa-4248.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="5955bba0dd37209eae89638564d5ed289277b00f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i forskellige fortolkere i Blender, et -program til 3-D-modelering og -rendering. Misdannede .blend-modelfiler og -misdannede multimediefiler (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF), kunne -medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.79.b+dfsg0-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine blender-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende blender, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/blender

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4248.data" diff --git a/danish/security/2018/dsa-4249.wml b/danish/security/2018/dsa-4249.wml deleted file mode 100644 index 4e3a8a267a3..00000000000 --- a/danish/security/2018/dsa-4249.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="afd59afccfea34d7c7660652a0162b8a4797fb3d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i multimedieframeworket FFmpeg, hvilke kunne -medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis -misdannede filer/streams blev behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7:3.2.11-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ffmpeg, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ffmpeg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4249.data" diff --git a/danish/security/2018/dsa-4250.wml b/danish/security/2018/dsa-4250.wml deleted file mode 100644 index c2846b83455..00000000000 --- a/danish/security/2018/dsa-4250.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="c20db41dabfb2bf0b155bf0056cffe3ef5d7e80a" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i Wordpress, et webbloggingværktøj. Den gjorde det -muligt for fjernangribere med specifikke roller, at udføre vilkårlig kode.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 4.7.5+dfsg-2+deb9u4.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wordpress, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wordpress

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4250.data" diff --git a/danish/security/2018/dsa-4251.wml b/danish/security/2018/dsa-4251.wml deleted file mode 100644 index cb542f8625e..00000000000 --- a/danish/security/2018/dsa-4251.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="03d3f574ba00d1319d1c293fc78798b0b7408555" mindelta="1" -sikkerhedsopdatering - -

En anvendelse efter frigivelse blev opdaget i MP4-demuxeren i -medieafspilleren VLC, hvilken kunne medføre udførelse af vilkårlig kode, hvis en -misdannet mediefil blev afspillet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.0.3-1-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende vlc, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/vlc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4251.data" diff --git a/danish/security/2018/dsa-4252.wml b/danish/security/2018/dsa-4252.wml deleted file mode 100644 index 7ca17cd1447..00000000000 --- a/danish/security/2018/dsa-4252.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="4b4124cd32131028b2b4fada737e15ba90d72618" mindelta="1" -sikkerhedsopdatering - -

Jeriko One opdagede to sårbarheder i ZNC IRC-bounceren, hvilke kunne medføre -rettighedsforøgelse eller lammelsesangreb.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.6.5-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine znc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende znc, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/znc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4252.data" diff --git a/danish/security/2018/dsa-4253.wml b/danish/security/2018/dsa-4253.wml deleted file mode 100644 index 227bc2a64b4..00000000000 --- a/danish/security/2018/dsa-4253.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="aa50a8a71248a2894016a08e6c47690f3e21bc06" mindelta="1" -sikkerhedsopdatering - -

Denis Andzakovic opdagede at network-manager-vpnc, en plugin der leverer -VPNC-understøttelse i NetworkManager, var ramt af en sårbarhed i forbindelse med -rettighedsforøgelse. Et newline-tegn kunne anvendes til at indsprøjte et -Password-hjælperparameter i konfigurationsdataene, der overføres til vpnc, -hvilket gjorde det muligt for en lokal bruger med rettigheder til at ændre en -systemforbindelse, til at udføre vilkårlige kommandoer som root.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.2.4-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine network-manager-vpnc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende network-manager-vpnc, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/network-manager-vpnc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4253.data" diff --git a/danish/security/2018/dsa-4254.wml b/danish/security/2018/dsa-4254.wml deleted file mode 100644 index 5c691b3adea..00000000000 --- a/danish/security/2018/dsa-4254.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="d35310fd10413405f3f75514ca57e7d4cc6b8085" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Simple Linux Utility for Resource Management -(SLURM), et system til håndtering af klyngeressourcer og jobplanlægning. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2018-7033 - -

    Ufuldstændig fornuftighedskontrol af brugerleverede tekststrenge, kunne - føre til SQL-indsprøjtningsangreb mod slurmdbd.

    • - -
  • CVE-2018-10995 - -

    Usikker håndtering af user_name- og gid-felter førende til ukorrekt - autentifikationshåndtering.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 16.05.9-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine slurm-llnl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende slurm-llnl, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/slurm-llnl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4254.data" diff --git a/danish/security/2018/dsa-4255.wml b/danish/security/2018/dsa-4255.wml deleted file mode 100644 index 1b9699b32f9..00000000000 --- a/danish/security/2018/dsa-4255.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="4d0db63a06dc64eeed382ca15efaf593ffa07d08" mindelta="1" -sikkerhedsopdatering - -

Danny Grander rapporterede at taskene unzip og untar i ant, et Java-baseret -opbygningsværktør svarende til make, tillod udpakning af filer udenfor en -målmappe. En angriber kunne drage nytte af fejlen ved at levere særligt -fabrikerede Zip- eller Tar-arkiver til en ant-opbygning, til at overskrive -enhver fil, der er skrivbar for brugeren, der kører ant.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.9.9-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine ant-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ant, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ant

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4255.data" diff --git a/danish/security/2018/dsa-4256.wml b/danish/security/2018/dsa-4256.wml deleted file mode 100644 index 40bfba7f557..00000000000 --- a/danish/security/2018/dsa-4256.wml +++ /dev/null @@ -1,168 +0,0 @@ -#use wml::debian::translation-check translation="65f56a46642aa27f4d3f4487d2d6322db1e2585d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2018-4117 - -

    AhsanEjaz opdagede en informationslækage.

    • - -
  • CVE-2018-6044 - -

    Rob Wu opdagede en måde at forøge rettigheder på ved hjælp af - udvidelser.

    • - -
  • CVE-2018-6150 - -

    Rob Wu opdagede et informationsafsløringsproblem (problemet blev rettet i - en tidligere udgave, men blev ved en fejl i sin tid ikke medtaget i opstrøms - annoncering).

    • - -
  • CVE-2018-6151 - -

    Rob Wu opdagede et problem med udviklerværktøjerne (problemet blev rettet - i en tidligere udgave, men blev ved en fejl i sin tid ikke medtaget i - opstrøms annoncering).

    • - -
  • CVE-2018-6152 - -

    Rob Wu opdagede et problem med udviklerværktøjerne (problemet blev rettet - i en tidligere udgave, men blev ved en fejl i sin tid ikke medtaget i - opstrøms annoncering).

    • - -
  • CVE-2018-6153 - -

    Zhen Zhou opdagede et bufferoverløbsproblem i biblioteket skia.

    • - -
  • CVE-2018-6154 - -

    Omair opdagede et bufferoverløbsproblem i implementeringen af - WebGL.

    • - -
  • CVE-2018-6155 - -

    Natalie Silvanovich opdagede et problem med anvendelse efter frigivelse i - implementeringen af WebRTC.

    • - -
  • CVE-2018-6156 - -

    Natalie Silvanovich opdagede et bufferoverløbsproblem i implementeringen - af WebRTC.

    • - -
  • CVE-2018-6157 - -

    Natalie Silvanovich opdagede et typeforvirringsproblem i implementeringen - af WebRTC.

    • - -
  • CVE-2018-6158 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2018-6159 - -

    Jun Kokatsu opdagede en måde at omgå samme ophav-reglen på.

    • - -
  • CVE-2018-6161 - -

    Jun Kokatsu opdagede en måde at omgå samme ophav-reglen på.

    • - -
  • CVE-2018-6162 - -

    Omair opdagede et bufferoverløbsproblem i implementeringen af - WebGL.

    • - -
  • CVE-2018-6163 - -

    Khalil Zhani opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-6164 - -

    Jun Kokatsu opdagede en måde at omgå samme ophav-reglen på.

    • - -
  • CVE-2018-6165 - -

    evil1m0 opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-6166 - -

    Lynas Zhang opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-6167 - -

    Lynas Zhang opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-6168 - -

    Gunes Acar og Danny Y. Huang opdagede en måde at omgå Cross Origin - Resource Sharing-reglen på.

    • - -
  • CVE-2018-6169 - -

    Sam P opdagede en måde at omgå rettigheder når der installeres - udvidelser.

    • - -
  • CVE-2018-6170 - -

    Et typeforvirringsproblem blev opdaget i biblioteket pdfium.

    • - -
  • CVE-2018-6171 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - implementeringen af WebBluetooth.

    • - -
  • CVE-2018-6172 - -

    Khalil Zhani opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-6173 - -

    Khalil Zhani opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-6174 - -

    Mark Brand opdagede et problem med heltalsoverløb i biblioteket - swiftshader.

    • - -
  • CVE-2018-6175 - -

    Khalil Zhani opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-6176 - -

    Jann Horn opdagede en måde at forøge rettigheder på ved hjælp af - udvidelser.

    • - -
  • CVE-2018-6177 - -

    Ron Masas opdagede en informationslækage.

    • - -
  • CVE-2018-6178 - -

    Khalil Zhani opdagede et problem med forfalskning af - brugergrænsefladen.

    • - -
  • CVE-2018-6179 - -

    Man opdagede at oplysninger om lokaler filer på systemet kunne lækkes til - udvidelser.

    • -
- -

Denne version retter også en regression opstået i den foregående -sikkerhedsopdatering, hvilket kunne forhindre dekodning af bestemte -audio-/videocodecs.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 68.0.3440.75-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium-browser, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium-browser

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4256.data" diff --git a/danish/security/2018/dsa-4257.wml b/danish/security/2018/dsa-4257.wml deleted file mode 100644 index 3f4dbb71881..00000000000 --- a/danish/security/2018/dsa-4257.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="fc1667800a12b2282f2d43da67b4d9158f8ee83e" mindelta="1" -sikkerhedsopdatering - -

Jann Horn opdagede at FUSE, Filesystem in USErspace, tillod omgåelse af -restriktionen user_allow_other, når SELinux er aktiv (herunder i -permissive-tilstand). En lokal bruger kunne drage nytte af fejlen i -værktøjet fusermount til at omgå systemopsætningen og mount'e et FUSE-filsystem -med mountvalgmuligheden allow_other.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.9.7-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine fuse-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende fuse, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/fuse

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4257.data" diff --git a/danish/security/2018/dsa-4258.wml b/danish/security/2018/dsa-4258.wml deleted file mode 100644 index e1d413324d6..00000000000 --- a/danish/security/2018/dsa-4258.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="93121e2a588f1cc3d623dd178effe98a8ce6ee10" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i multimedieframeworket FFmpeg, hvilke kunne -føre til lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis -misdannede filer/streams blev behandlet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7:3.2.12-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ffmpeg, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ffmpeg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4258.data" diff --git a/danish/security/2018/dsa-4259.wml b/danish/security/2018/dsa-4259.wml deleted file mode 100644 index 72e6f5ffff3..00000000000 --- a/danish/security/2018/dsa-4259.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="f2b1c8c852199e9cb68f9abc25691b7d7dbd876e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i fortolkeren af sproget Ruby, hvilke kunne -medføre ukorrekt behandling af HTTP/FTP, mappegennemløb, kommandoindsprøjtning, -utilsigtet oprettelse af socket eller informationsafsløring.

- -

Opdateringen retter også flere problemer i RubyGems, hvilke kunne gøre det -muligt for en angriber, at anvende særligt fremstillede gem-filer til at -iværksætte angreb i forbindelse med udførelse af skripter på tværs af websteder, -forårsage lammelsesangreb gennem en uendelig løkke, skrive vilkårlige filer -eller køre ondsindet kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.3.3-1+deb9u3.

- -

Vi anbefaler at du opgraderer dine ruby2.3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby2.3, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby2.3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4259.data" diff --git a/danish/security/2018/dsa-4260.wml b/danish/security/2018/dsa-4260.wml deleted file mode 100644 index 9cf036b660c..00000000000 --- a/danish/security/2018/dsa-4260.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="7e8fedd4323e490f7b14377031ef0e368ce1792e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libsmpack, et bibliotek der anvendes til at -håndtere Microsofts komprimeringsformater. En fjernangriber kunne fabrikere -ondsindede CAB-, CHM- eller KWAJ-filer, og udnytte fejlene til at forårsage et -lammelsesangreb gennem applikationsnedbrud eller potentielt udførelse af -vilkårlig kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.5-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine libmspack-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libmspack, -se dens sikkerhedsporingsside: -\ -https://security-tracker.debian.org/tracker/libmspack

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4260.data" diff --git a/danish/security/2018/dsa-4261.wml b/danish/security/2018/dsa-4261.wml deleted file mode 100644 index f4ab6fd7311..00000000000 --- a/danish/security/2018/dsa-4261.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="d9cc9d183be355509538ed8970f3aa32a72aab52" mindelta="1" -sikkerhedsopdatering - -

Enrico Zini opdagede en sårbarhed i Syntastic, en tilføjelsesmodul til -editoren Vim, som kører en fil gennem eksterne checkere og viser eventuelle -fejlbeskeder. Opsætningsfiler blev eftersøgt i den aktuelle arbejdsmappe, -hvilket kunne medføre udførelse af vilkårlige shell-kommandoer, hvis en -misdannet kildekodefil blev åbnet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.7.0-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine vim-syntastic-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende vim-syntastic, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/vim-syntastic

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4261.data" diff --git a/danish/security/2018/dsa-4262.wml b/danish/security/2018/dsa-4262.wml deleted file mode 100644 index 3e24c4dc2b0..00000000000 --- a/danish/security/2018/dsa-4262.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7c62356728d14a8a175af8c0b5dede88707e54fd" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i PHP-frameworket Symfony, hvilke kunne føre -til åbne viderestillinger, forfalskning af forespørgsler på tværs af websteder, -informationsafsløring, sessionsfiksering eller lammelsesangreb.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.8.7+dfsg-1.3+deb9u1.

- -

Vi anbefaler at du opgraderer dine symfony-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende symfony, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/symfony

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4262.data" diff --git a/danish/security/2018/dsa-4263.wml b/danish/security/2018/dsa-4263.wml deleted file mode 100644 index 0895f0932a1..00000000000 --- a/danish/security/2018/dsa-4263.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="49b48c1dea3498968fa3abe3c5dcbfc6ca97d91c" mindelta="1" -sikkerhedsopdatering - -

Jann Horn opdagede en mappegennemløbssårbarhed i cgit, en hurtig webfrontend -til Git-arkiver, skrevet i C. En fjernangriber kunne drage nytte af fejlen til -at hente vilkårlige filer gennem en særligt fabrikeret forespørgsel, når -enable-http-clone=1 (default) er slået fra.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.1+git2.10.2-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine cgit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende cgit, its security -tracker page at: -https://security-tracker.debian.org/tracker/cgit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4263.data" diff --git a/danish/security/2018/dsa-4264.wml b/danish/security/2018/dsa-4264.wml deleted file mode 100644 index cf58707b234..00000000000 --- a/danish/security/2018/dsa-4264.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="71f4676dc29d7a59150eb7c09c6c20b8a0d257c6" mindelta="1" -sikkerhedsopdatering - -

Andreas Hug opdagede en åben viderestilling i Django, et -webudviklingsframework til Python, hvilken kunne udnyttes hvis -django.middleware.common.CommonMiddleware anvendes, og -indstillingen APPEND_SLASH er aktiveret.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:1.10.7-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-django, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-django

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4264.data" diff --git a/danish/security/2018/dsa-4265.wml b/danish/security/2018/dsa-4265.wml deleted file mode 100644 index 76012529b41..00000000000 --- a/danish/security/2018/dsa-4265.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="ab09df8b90b45bcc1a2c4e1e9c3c374b37c7dcd9" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at biblioteket Apache XML Security for C++ udførte -utilstrækkelig validering af KeyInfo-hints, hvilket kunne medføre -lammelsesangreb gennem en NULL-pointerdereferences, når misdannede XML-data blev -behandlet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.7.3-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine xml-security-c-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xml-security-c, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xml-security-c

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4265.data" diff --git a/danish/security/2018/dsa-4266.wml b/danish/security/2018/dsa-4266.wml deleted file mode 100644 index f985c7e1fbb..00000000000 --- a/danish/security/2018/dsa-4266.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="f8f2f9257e00f87b05dddb078027f5189f09138f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse eller lammelsesangreb.

- -
    - -
  • CVE-2018-5390 - -

    Juha-Matti Tilli opdagede at en fjernangriber kunne udløse de værste - tilfælde af kodestier til genetablering af TCP-stream med lave værdier af - særligt fremstillede pakker, førende til fjernaktiveret - lammelsesangreb.

    • - -
  • CVE-2018-13405 - -

    Jann Horn opdagede at funktionen inode_init_owner i fs/inode.c i - Linux-kernen, tillod at lokale brugere kunne oprette filer med et - utilsigtet gruppeejerskab, hvilket gjorde det muligt for angribere at - forøge rettigheder, ved at gøre en almindelig fil udførbar og - SGID.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.9.110-3+deb9u1. Opdateringen indeholder rettelser af flere -regressioner fra den seneste punktopdatering.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4266.data" diff --git a/danish/security/2018/dsa-4267.wml b/danish/security/2018/dsa-4267.wml deleted file mode 100644 index a359e7c2028..00000000000 --- a/danish/security/2018/dsa-4267.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="0be031a7376165f1792742c757752f497e2125e3" mindelta="1" -sikkerhedsopdatering - -

Henning Westerholt opdagede en fejl i forbindelse med behandlingen af -To-headeren i kamailio, en meget hurtig, dynamisk og konfigurerbar SIP-server. -Manglende validering af inddata i funktionen build_res_buf_from_sip_req, kunne -medføre lammelsesangreb og potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er dette problem rettet i version -4.4.4-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine kamailio-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende kamailio, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/kamailio

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4267.data" diff --git a/danish/security/2018/dsa-4268.wml b/danish/security/2018/dsa-4268.wml deleted file mode 100644 index a25aef6fcdf..00000000000 --- a/danish/security/2018/dsa-4268.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="a558fec395a958036c3b56cc58d68409e3ef2e17" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at klassen PatternSyntaxException i Concurrency-komponenten i -OpenJDK, en implementering af Oracles Java-platform, kunne medføre -lammelsesangreb gennem alt for højt hukommelsesforbrug.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 8u181-b13-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine openjdk-8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-8, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4268.data" diff --git a/danish/security/2018/dsa-4269.wml b/danish/security/2018/dsa-4269.wml deleted file mode 100644 index cd7886cc322..00000000000 --- a/danish/security/2018/dsa-4269.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="18b8804feb5d3da3be18b5fb9a764a50b651179f" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er fundet i databasesystemet PostgreSQL:

- -
    - -
  • CVE-2018-10915 - -

    Andrew Krasichkov opdagede at libpq ikke nulstillede alle sine - forbindelsestilstande under genetablering af forbindelser.

    • - -
  • CVE-2018-10925 - -

    Man opdagede at nogle CREATE TABLE-statements kunne afsløre - serverhukommelse.

    • - -
- -

For yderligere oplysninger, se opstrøms annoncering på -\ -https://www.postgresql.org/about/news/1878/.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 9.6.10-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.6-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende postgresql-9.6, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/postgresql-9.6

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4269.data" diff --git a/danish/security/2018/dsa-4270.wml b/danish/security/2018/dsa-4270.wml deleted file mode 100644 index e94bd6500ad..00000000000 --- a/danish/security/2018/dsa-4270.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="228062a1d25326e13441342a92ea0ff1deecd777" mindelta="1" -sikkerhedsopdatering - -

Chris Coulson opdagede en fejl i forbindelse med anvendelse efter frigivelse -i GNOME Display Manager, udløsbar af en upriviligeret bruger gennem en særligt -fremstillet sekvens af D-Bus-metodekald, førende til lammelsesangreb eller -potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.22.3-3+deb9u2.

- -

Vi anbefaler at du opgraderer dine gdm3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gdm3, -se dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gdm3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4270.data" diff --git a/danish/security/2018/dsa-4271.wml b/danish/security/2018/dsa-4271.wml deleted file mode 100644 index a1b874a0196..00000000000 --- a/danish/security/2018/dsa-4271.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="afc2995f5b6da41047c4e4d8a609a13fb6b0bf88" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Samba, en Unix-server til SMB/CIFS, print og -login. Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2018-10858 - -

    Svyatoslav Phirsov opdagede at utilstrækkelig fornuftighedskontrol af - inddata i libsmbclient, gjorde det muligt for en ondsindet Samba-server at - skrive til klientens heaphukommelse.

    • - -
  • CVE-2018-10919 - -

    Phillip Kuhrt opdagede at Samba, når den fungerer som en Active - Domain-controller, blotlagde nogle følsomme attributter.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2:4.5.12+dfsg-2+deb9u3.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende samba, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/samba

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4271.data" diff --git a/danish/security/2018/dsa-4272.wml b/danish/security/2018/dsa-4272.wml deleted file mode 100644 index 225ffba08c0..00000000000 --- a/danish/security/2018/dsa-4272.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="a26fc1a0cf33422e27cb70072ecad746749afe71" mindelta="1" -sikkerhedsopdatering - - -
    - -
  • CVE-2018-5391 (FragmentSmack) - -

    Juha-Matti Tilli opdagede en fejl i den måde Linux-kernen håndterede - gensamling af fragmenterede IPv4- og IPv6-pakker. En fjernangriber kunne - drage nytte af fejlen til at udløse tids- og beregningsmæssigt dyre - beregningsalgoritmer til gensamling af fragmenter, ved at sende særligt - fremstillede pakker, førende til fjernudført lammelsesangreb.

    - -

    Det er afhjulpet ved at reducere standardbegrænsningerne på - hukommelsesforbrug ved ufuldstændige, fragmenterede pakker. Den afhjælpelse - kan opnås uden behov for genstart, ved at opsætte sysctl'erne:

    - - - net.ipv4.ipfrag_low_thresh = 196608
    - net.ipv6.ip6frag_low_thresh = 196608
    - net.ipv4.ipfrag_high_thresh = 262144
    - net.ipv6.ip6frag_high_thresh = 262144
    -     - -

    Det er fortsat muligt at forøge standardværdierne den lokale opsætning, - om nødvendigt.

    • - -
- -

I den stabile distribution (stretch), er dette problem rettet i -version 4.9.110-3+deb9u2.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4272.data" diff --git a/danish/security/2018/dsa-4273.wml b/danish/security/2018/dsa-4273.wml deleted file mode 100644 index 96568a9a5f2..00000000000 --- a/danish/security/2018/dsa-4273.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="008ec66544857c10f643f47f6f1c6afeb30ac63d" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering leverer opdateret CPU-mikrokode til nogle typer af Intels -CPU'er, samt indfører SSBD-understøttelse (nødvendigt for at løse Spectre -v4) og rettelser af Spectre v3a.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 3.20180703.2~deb9u1.

- -

Vi anbefaler at du opgraderer dine intel-microcode-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende intel-microcode, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/intel-microcode

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4273.data" diff --git a/danish/security/2018/dsa-4274.wml b/danish/security/2018/dsa-4274.wml deleted file mode 100644 index 921fe87c441..00000000000 --- a/danish/security/2018/dsa-4274.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="e35eb2fbc3e4127fa57a83ff514e87e74b966400" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering leverer afhjælpning af sårbarheden L1 Terminal Fault, -som påvirker en række af Intels CPU'er.

- -

For yderligere oplysninger, se -\ -https://xenbits.xen.org/xsa/advisory-273.html. Opdateringerne til -mikrokoden, som er nævnt her, er endnu ikke tilgængelige på en måde, som Debian -kan videredistribuere.

- -

Desuden er to lammelsesangrebssårbarheder rettet (XSA-268 and XSA-269).

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4274.data" diff --git a/danish/security/2018/dsa-4275.wml b/danish/security/2018/dsa-4275.wml deleted file mode 100644 index ff3e991acee..00000000000 --- a/danish/security/2018/dsa-4275.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="8908e7de87e09475e12f6a80de8679af5404602f" mindelta="1" -sikkerhedsopdatering - -

Kristi Nikolla opdagede en informationslækage i Keystone, OpenStacks -identifikationstjeneste, hvis der køres i en fødereret opsætning.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:10.0.0-9+deb9u1.

- -

Vi anbefaler at du opgraderer dine keystone-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende keystone, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/keystone

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4275.data" diff --git a/danish/security/2018/dsa-4276.wml b/danish/security/2018/dsa-4276.wml deleted file mode 100644 index b027d62336f..00000000000 --- a/danish/security/2018/dsa-4276.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="3ad2199570e7445554ec60098ad8d123c3a19983" mindelta="1" -sikkerhedsopdatering - -

Fariskhi Vidyan og Thomas Jarosch opdagede flere sårbarheder i -php-horde-image, billedbehandlingsbiblioteket til groupwaresuiten Horde. De -kunne gøre det muligt for en angriber at forårsage et lammelsesangreb eller -udføre vilkårlig kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.3.6-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine php-horde-image-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php-horde-image, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php-horde-image

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4276.data" diff --git a/danish/security/2018/dsa-4277.wml b/danish/security/2018/dsa-4277.wml deleted file mode 100644 index 4fa7ef45bc9..00000000000 --- a/danish/security/2018/dsa-4277.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="001dd82ddaf00bf65009a4bca4223fe2a9ce7f5e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Mutt, en tekstbaseret maillæser der -understøtter MIME, GPG, PGP og tråde, potentielt førende til udførsel af kode, -lammelsesangreb eller informationsafsløring, når der etableredes forbindelse til -en ondsindet mail-/NNTP-server.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.7.2-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine mutt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mutt, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/mutt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4277.data" diff --git a/danish/security/2018/dsa-4278.wml b/danish/security/2018/dsa-4278.wml deleted file mode 100644 index 24e8faf233c..00000000000 --- a/danish/security/2018/dsa-4278.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="db0f3efe55e440e0f697a377f54696fa033f93fc" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Jetty, en Java-servletmotor og --webserver, der kunne medføre smugling af HTTP-forespørgsler.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 9.2.21-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine jetty9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende jetty9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/jetty9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4278.data" diff --git a/danish/security/2018/dsa-4279.wml b/danish/security/2018/dsa-4279.wml deleted file mode 100644 index b594f183f43..00000000000 --- a/danish/security/2018/dsa-4279.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="65d1db6c065886054ac41ae413ad911f80019afe" mindelta="1" -sikkerhedsopdatering - -

Adskillige efterforskere har opdaget en sårbarhed i den måde Intels -processordesign har implementeret spekulativ udførelse af instruktioner i -kombination med håndtering af sidefejl. Fejlen kunne gøre det muligt for en -angriber, med kontrol over en upriviligeret proces, at læse hukommelse fra -vilkårlige (ikke-brugerkontrollerede) adresser, herunder fra kernen og alle -andre processer, der kører på systemet eller passerer gæst-/vært-grænser til -læsning af værtens hukommelse.

- -

For fuldstændigt at løse disse sårbarheder, er det også nødvendigt at -installere opdateret CPU-mikrokode (kun tilgængelig i Debian non-free). -Fælles serverklasse-CPU'er er dækket af opdateringen, der er udgivet som -DSA 4273-1.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.9.110-3+deb9u3.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4279.data" diff --git a/danish/security/2018/dsa-4280.wml b/danish/security/2018/dsa-4280.wml deleted file mode 100644 index ebda9394afe..00000000000 --- a/danish/security/2018/dsa-4280.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="86a854872ca9a3a53419e11273af562b726ec1b9" mindelta="1" -sikkerhedsopdatering - -

Dariusz Tytko, Michal Sajdak og Qualys Security opdagede at OpenSSH, en -implementering af SSH-protokolsuiten, var ramt af en sårbarhed i forbindelse med -brugeropgørelse. Det kunne gøre det muligt for en fjernangriber at kontrollere -hvorvidt en specifik brugerkonto findes på målserveren.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:7.4p1-10+deb9u4.

- -

Vi anbefaler at du opgraderer dine openssh-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssh, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssh

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4280.data" diff --git a/danish/security/2018/dsa-4281.wml b/danish/security/2018/dsa-4281.wml deleted file mode 100644 index d401645d768..00000000000 --- a/danish/security/2018/dsa-4281.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f1d5ad4b409bf9a95786d639542fc79d8232a243" mindelta="1" -sikkerhedsopdatering - -

Flere problemer blev opdaget i Tomcat-servlet'en og -JSP-motoren. De kunne -føre til uautentificeret adgang til beskyttede ressourcer, lammelsesangreb eller -informationslækage.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8.5.14-1+deb9u3.

- -

Vi anbefaler at du opgraderer dine tomcat8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tomcat8, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tomcat8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4281.data" diff --git a/danish/security/2018/dsa-4282.wml b/danish/security/2018/dsa-4282.wml deleted file mode 100644 index 004a5803250..00000000000 --- a/danish/security/2018/dsa-4282.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="729334a59b6ae5c77ff48ecd210d12c01a3602f7" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Apache Traffic Server, en reverse- og -forward-proxyserver, hvilke kunne medføre lammelsesangreb, cacheforgiftning -eller informationslækage.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7.0.0-6+deb9u2.

- -

Vi anbefaler at du opgraderer dine trafficserver-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende trafficserver, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/trafficserver

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4282.data" diff --git a/danish/security/2018/dsa-4283.wml b/danish/security/2018/dsa-4283.wml deleted file mode 100644 index 2c6b1dae31e..00000000000 --- a/danish/security/2018/dsa-4283.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="bffeab6e983008304ac296a79ef20edd0f4767a9" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ruby-json-jwt, en Ruby-implementering af JSON-webtokens, -udførte utilstrækkelig validering af GCM-authtags.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.6.2-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine ruby-json-jwt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-json-jwt, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-json-jwt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4283.data" diff --git a/danish/security/2018/dsa-4284.wml b/danish/security/2018/dsa-4284.wml deleted file mode 100644 index 8b565ff32bc..00000000000 --- a/danish/security/2018/dsa-4284.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="88076b5ad616173c29481afaca00a63ee4e7754e" mindelta="1" -sikkerhedsopdatering - -

Quang Nguyen opdagede et heltalsoverløb i farvehåndteringsbiblioteket i -Little CMS 2, hvilket kunne medføre lammelsesangreb eller potentielt udførelse -af vilkårlig kode, hvis en misdannet IT8-kalibreringsfil blev behandlet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.8-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine lcms2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lcms2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lcms2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4284.data" diff --git a/danish/security/2018/dsa-4285.wml b/danish/security/2018/dsa-4285.wml deleted file mode 100644 index 798b0f070f5..00000000000 --- a/danish/security/2018/dsa-4285.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="ddfc05ef7ae84596892833ef24477ee0bba548fe" mindelta="1" -sikkerhedsopdatering - -

Michael Kaczmarczik opdagede en sårbarhed i webbrugergrænsefladen til -redigering af skabeloner i Sympa, et postlistehåndteringsprogram. Ejer og -listmastere kunne udnytte fejlen til at oprette eller ændre vilkårlige filer på -serveren, med rettighederne hørende til sympa-brugeren eller i opsætningsfiler -hørende til ejervisningslister, selv om edit_list.conf forbyder det

- -

I den stabile distribution (stretch), er dette problem rettet i -version 6.2.16~dfsg-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine sympa-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende sympa, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/sympa

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4285.data" diff --git a/danish/security/2018/dsa-4286.wml b/danish/security/2018/dsa-4286.wml deleted file mode 100644 index 2ff0d9eac81..00000000000 --- a/danish/security/2018/dsa-4286.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="01e18e585c9d65e0d5b837923322bf5ea211d8ed" mindelta="1" -sikkerhedsopdatering - -

Zhaoyang Wu opdagede at cURL, et URL-overførselsbibliotek, indeholdt et -bufferoverløb i NTLM-autentifikationskoden, udløst af adgangskoder som -overstiger 2GB i længde på 32 bit-systemer.

- -

Se \ -https://curl.haxx.se/docs/CVE-2018-14618.html for flere oplysninger.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.52.1-5+deb9u7.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende curl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/curl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4286.data" diff --git a/danish/security/2018/dsa-4287.wml b/danish/security/2018/dsa-4287.wml deleted file mode 100644 index 103250b4f40..00000000000 --- a/danish/security/2018/dsa-4287.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="fd0f064a9e9005190b9d2761616dfa300fe6e73f" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox: -Adskillige hukommelsessikkerhedsfejl og anvendelser efter frigivelser, kunne -føre til udførelse af vilkårlig kode eller lammelsesangreb.

- -

Debian følgende Firefox' ESR-udgivelser (udvidet understøttelse). -Understøttelse af 52.x-serier er ophørt, så gældende fra denne opdatering, -følger vi nu 60.x-udgaverne.

- -

Mellem 52.x og 60.x, har Firefox gennemgået betydelige innterne ændringer, -hvilket gør den inkompatibel med en række udvidelser. For flere oplysninger, -se \ -https://www.mozilla.org/en-US/firefox/60.0esr/releasenotes/.

- -

Desuden kræver de nye Firefox-pakker, at Rust for at kunne opbygges. En -kompatibel Rust-værktøjskæde er tilbageført til Debian stretch, men er ikke -tilgængelig for alle arkitekturerer, som tidligere var understøttet af rent -C++-baserede Firefox-pakker. Dermed understøtter der nye Firefox-pakker på -nuværende tidspunkt ikke arkitekturerne armel, armhf, mips, mips64el og -mipsel.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 60.2.0esr-1~deb9u2.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4287.data" diff --git a/danish/security/2018/dsa-4288.wml b/danish/security/2018/dsa-4288.wml deleted file mode 100644 index eab895d5601..00000000000 --- a/danish/security/2018/dsa-4288.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="06ce206f6fbe3f8dc891105a860d0216e654823a" mindelta="1" -sikkerhedsopdatering - -

Tavis Ormandy opdagede adskillige sårbarheder i Ghostscript, en fortolker af -Postscript-sproget, hvilke kunne føre til lammelsesangreb, filoprettelse eller -udførelse af vilkårlig kode, hvis en misdannet Postscript-fil blev behandlet -(på trods af at sandkassen dSAFER er aktiveret).

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 9.20~dfsg-3.2+deb9u4.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ghostscript, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ghostscript

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4288.data" diff --git a/danish/security/2018/dsa-4289.wml b/danish/security/2018/dsa-4289.wml deleted file mode 100644 index 87b22253586..00000000000 --- a/danish/security/2018/dsa-4289.wml +++ /dev/null @@ -1,121 +0,0 @@ -#use wml::debian::translation-check translation="5f57b1d60948805f6760c4c3533ab3315b3c6b49" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2018-16065 - -

    Brendon Tiszka opdagede et problem med skrivning uden for grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2018-16066 - -

    cloudfuzzer opdagede at problem med læsning uden for grænserne i - blink/webkit.

    • - -
  • CVE-2018-16067 - -

    Zhe Jin opdagede et problem med læsning uden for grænserne i - implementeringen af WebAudio.

    • - -
  • CVE-2018-16068 - -

    Mark Brand opdagede et problem med skrivning uden for grænserne i - meddelelsesfortolkningsbiblioteket Mojo.

    • - -
  • CVE-2018-16069 - -

    Mark Brand opdagede et problem med læsning uden for grænserne i - biblioteket swiftshader.

    • - -
  • CVE-2018-16070 - -

    Ivan Fratric opdagede et heltalsoverløbsproblem i biblioteket - skia.

    • - -
  • CVE-2018-16071 - -

    Natalie Silvanovich opdagede et problem med anvendelse efter frigivelse i - implementeringen af WebRTC.

    • - -
  • CVE-2018-16073 - -

    Jun Kokatsu opdagede en fejl i funktionaliteten Site Isolation, når - browserfaner gendannes.

    • - -
  • CVE-2018-16074 - -

    Jun Kokatsu opdagede en fejl i funktionaliteten Site Isolation, når der - anvendes en Blob-URL.

    • - -
  • CVE-2018-16075 - -

    Pepe Vila opdagede en fejl, der kunne gøre det muligt for fjerne - websteder at tilgå lokale filer.

    • - -
  • CVE-2018-16076 - -

    Aseksandar Nikolic opdagede et problem med læsning uden for grænserne i - biblioteket pdfium.

    • - -
  • CVE-2018-16077 - -

    Manuel Caballero opdagede en måde at omgå Content Security Policy - på.

    • - -
  • CVE-2018-16078 - -

    Cailan Sacks opdagede at funktionaliteten Autofill kunne lække gemte - kreditkortoplysninger.

    • - -
  • CVE-2018-16079 - -

    Markus Vervier og Michele Orrù opdagede et problem med - URL-forfalskning.

    • - -
  • CVE-2018-16080 - -

    Khalil Zhani opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-16081 - -

    Jann Horn opdagede at lokale filer kunne tilgås fra - udviklerværktøjet.

    • - -
  • CVE-2018-16082 - -

    Omair opdagede et bufferoverløbsproblemet i biblioteket - swiftshader.

    • - -
  • CVE-2018-16083 - -

    Natalie Silvanovich opdagede et problem med læsning uden for grænserne i - implementeringen af WebRTC.

    • - -
  • CVE-2018-16084 - -

    Jun Kokatsu opdagede en måde at omgå en brugerbekræftelsesdialog - på.

    • - -
  • CVE-2018-16085 - -

    Roman Kuksin opdagede et problem med anvendelse efter - frigivelse.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 69.0.3497.81-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium-browser, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium-browser

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4289.data" diff --git a/danish/security/2018/dsa-4290.wml b/danish/security/2018/dsa-4290.wml deleted file mode 100644 index b6490994405..00000000000 --- a/danish/security/2018/dsa-4290.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c91536408344cd96e85d12fa82af1209b40ef49f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libextractor, et bibliotek til udpakning af -vilkårlige metadata fra filer, hvilke kunne føre til lammelsesangreb eller -udførelse af vilkårlig kode, hvis en særligt fremstillet fil blev åbnet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:1.3-4+deb9u2.

- -

Vi anbefaler at du opgraderer dine libextractor-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libextractor, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libextractor

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4290.data" diff --git a/danish/security/2018/dsa-4291.wml b/danish/security/2018/dsa-4291.wml deleted file mode 100644 index 495a319e871..00000000000 --- a/danish/security/2018/dsa-4291.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e788b6e7eef134beb2441d7494a518b0c6ba254c" mindelta="1" -sikkerhedsopdatering - -

To fejl i forbindelse med fornuftighedskontrol af inddata, blev fundet i de -binære filer faxrunq og faxq hørende til mgetty, en smartmodemerstatning for -getty. En angriber kunne udnytte fejlene til at indsætte kommandoer gennem -shell-metategn i jobs id'er, og få dem udført me rettighederne hørende til -brugeren, der anvender faxrunq/faxq.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.1.36-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine mgetty-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mgetty, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mgetty

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4291.data" diff --git a/danish/security/2018/dsa-4292.wml b/danish/security/2018/dsa-4292.wml deleted file mode 100644 index 9ca594c933a..00000000000 --- a/danish/security/2018/dsa-4292.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="a92089c3560c9f553b935d6d316a918e590eaf76" mindelta="1" -sikkerhedsopdatering - -

Henning Westerholt opdagede en fejl i forbindelse med behandlingen af -Via-headeren i kamailio, en meget hurtig, dynamisk og konfigurérbar SIP-server. -En uautentificeret angriber kunne drage nytte af fejlen til at iværksætte et -lammelsesangreb gennem en særligt fabrikeret SIP-meddelelse, med en ugyldig -Via-header.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 4.4.4-2+deb9u3.

- -

Vi anbefaler at du opgraderer dine kamailio-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende kamailio, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/kamailio

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4292.data" diff --git a/danish/security/2018/dsa-4293.wml b/danish/security/2018/dsa-4293.wml deleted file mode 100644 index 97dd7be3bb3..00000000000 --- a/danish/security/2018/dsa-4293.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="ef68905e3e99509bf7f8b8a83375b11cd3d9474c" mindelta="1" -sikkerhedsopdatering - -

Flere heapbufferoverløb blev fundet i discount, en implementering af -markupsproget Markdown, hvilke kunne udløses med særligt fremstillede -Markdown-data, og medføre at discount læste forbi slutningen af interne -buffere.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.2.2-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine discount-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende discount, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/discount

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4293.data" diff --git a/danish/security/2018/dsa-4294.wml b/danish/security/2018/dsa-4294.wml deleted file mode 100644 index 02f7296bad5..00000000000 --- a/danish/security/2018/dsa-4294.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="d5d8b922549e9f89232ae2a6cd957d056d585eb1" mindelta="1" -sikkerhedsopdatering - -

Tavis Ormandy opdagede adskillige sårbarheder i Ghostscript, en fortolker af -PostScript-sproget, hvilke kunne medføre udførelse af vilkårlig kode, hvis en -misdannet PostScript-fil blev behandlet (på trods af at sandkassen dSAFER er -aktiveret).

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 9.20~dfsg-3.2+deb9u5.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ghostscript, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ghostscript

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4294.data" diff --git a/danish/security/2018/dsa-4295.wml b/danish/security/2018/dsa-4295.wml deleted file mode 100644 index 8ac6982e4df..00000000000 --- a/danish/security/2018/dsa-4295.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="7675125395bb0d8ec105f1bc3dc56a939b6da0ba" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird: Adskillige -hukommelsessikkerhedsfejl og anvendelser efter frigivelser, kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb.

- -

Debian følger Thunderbirds opstrømsudgivelser. Understøttelse af 52.x-serien -er ophørt, så begyndende med denne opdatering, følger vi nu -60.x-udgivelserne.

- -

Mellem 52.x og 60.x, har Thunderbird gennemgået betydelige interne -opdateringer, hvilke gør den inkompatibel med en række udvidelser. For flere -oplysninger, se -\ -https://support.mozilla.org/en-US/kb/new-thunderbird-60.

- -

Desuden kræver de nye Thunderbird-pakker Rust til opbygning,. En kompatibel -Rust-værktøjskæde er tilbageført til Debian stretch, men den er ikke tilgængelig -for alle arkitekturer, der tidligere understøttende de rent C++-baserede -Thunderbird-pakker. Dermed understøtter de nye Thunderbird-pakker på nuværende -tidspunkt ikke arkitekturerne mips, mips64el og mipsel.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:60.0-3~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4295.data" diff --git a/danish/security/2018/dsa-4296.wml b/danish/security/2018/dsa-4296.wml deleted file mode 100644 index 42a459eb289..00000000000 --- a/danish/security/2018/dsa-4296.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="bf9f9f20cdb17c54195342c3afb25959c4b739f9" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i mbedtls, et letvægts-krypto- og -SSL-/TLS-bibliotek, hvilke kunne medføre genskabelse af ren tekst gennem -sidekanalangreb.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.4.2-1+deb9u3.

- -

Vi anbefaler at du opgraderer dine mbedtls-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mbedtls, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mbedtls

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4296.data" diff --git a/danish/security/2018/dsa-4297.wml b/danish/security/2018/dsa-4297.wml deleted file mode 100644 index 53f9f35761a..00000000000 --- a/danish/security/2018/dsa-4297.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="33c867c853c3a15e5065e9e51c37e1cd91e59ffc" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i webbrowseren chromium. Kevin Cheung opdagede en -fejl i implementeringen af WebAssembly, og evil1m0 opdagede et problem med -URL-forfalskning.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 69.0.3497.92-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium-browser, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium-browser

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4297.data" diff --git a/danish/security/2018/dsa-4298.wml b/danish/security/2018/dsa-4298.wml deleted file mode 100644 index 98322c97c1b..00000000000 --- a/danish/security/2018/dsa-4298.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c56ab657661cc6aa74c08a63b7abc6dcab7ab952" mindelta="1" -sikkerhedsopdatering - -

Luis Merino, Markus Vervier og Eric Sesterhenn opdagede at manglende -fornuftighedskontrol af inddata i faxprogrammet Hylafax, potentielt kunne -medføre udførelse af vilkårlig kode, gennem en misdannet faxmeddelelse.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3:6.0.6-7+deb9u1.

- -

Vi anbefaler at du opgraderer dine hylafax-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende hylafax, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/hylafax

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4298.data" diff --git a/danish/security/2018/dsa-4299.wml b/danish/security/2018/dsa-4299.wml deleted file mode 100644 index b7b3041ccb8..00000000000 --- a/danish/security/2018/dsa-4299.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="a1e7e75ec154ca953abe9b62dda3c88b33273fd3" mindelta="1" -sikkerhedsopdatering - -

Nick Roessler fra University of Pennsylvania har fundet et bufferoverløb i -texlive-bin, de udførbare filer hørende til TexLives udførbare filer, det -populære system til produktion af TeX-dokumenter.

- -

Bufferoverløb kunne udnyttes til udførelse af vilkårlig kode, ved af -fabrikere et særligt type1-skrifttypen (.pfb) og stille det til rådighed for -brugere, der kører pdf(la)tex, dvips eller luatex på en sådan måde, at -skrifttypen indlæses.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2016.20160513.41080.dfsg-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine texlive-bin-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende texlive-bin, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/texlive-bin

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4299.data" diff --git a/danish/security/2018/dsa-4300.wml b/danish/security/2018/dsa-4300.wml deleted file mode 100644 index 99a7ae9048d..00000000000 --- a/danish/security/2018/dsa-4300.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="0269dbb45df8cf941926262f4e51ca86f2922a9c" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Archive::Zip, et perl-modul til behandling af ZIP-arkiver, -var ramt af en mappegennemløbssårbarhed. En angriber, der er i stand til at -levere et særligt fremstillet arkiv til behandling, kunne drage nytte af fejlen -til at overskrive vilkårlige filer under arkivudpakning.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.59-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine libarchive-zip-perl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libarchive-zip-perl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libarchive-zip-perl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4300.data" diff --git a/danish/security/2018/dsa-4301.wml b/danish/security/2018/dsa-4301.wml deleted file mode 100644 index a712a5c787c..00000000000 --- a/danish/security/2018/dsa-4301.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="165118cb1322fb6edfe56a18d4e37e933ba0462f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder er opdaget i MediaWiki, en webstedsmotor til -samarbejde, hvilke medførte ukorrekt opsatte ratebegrænsninger, -informationsafsløring i Special:Redirect/logid, samt omgåelse af en -kontolåsning.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:1.27.5-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mediawiki, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mediawiki

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4301.data" diff --git a/danish/security/2018/dsa-4302.wml b/danish/security/2018/dsa-4302.wml deleted file mode 100644 index 4615f7653c9..00000000000 --- a/danish/security/2018/dsa-4302.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="9d19853d1bd4453f92d1596e9586b88789a7f8b8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i openafs, en implementering af det -distribuerede filsystem AFS. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2018-16947 - -

    Jeffrey Altman rapporterede at backup tape controller-processen (butc), - accepterede indkommende RPC'er, men ikke krævede (eller tog højde for) - autentifikation af disse RPC'er, hvilket gjorde det muligt for en - uautoriseret angriber, at iværksætte volume-handlinger med - administratorrettigheder.

    - -

    • - -
  • CVE-2018-16948 - -

    Mark Vitale rapporterede at flere RPC-serverrutiner ikke fultstændigt - inistialiserede uddatavariabler, hvilket medførte lækage af - hukommelsesinhold (fra både stak og heap) til fjernkalderen af ellers - succesrige RPC'er.

    - -

    • - -
  • CVE-2018-16949 - -

    Mark Vitale rapporterede at en uautentificeret angriber kunne forbruge - store mængder serverhukommelse og netværksbåndbredde gennem særligt - fremstillede forespørgsler, medførende lammelsesangreb for legitime - klienter.

    - -

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.6.20-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine openafs-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openafs, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/openafs

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4302.data" diff --git a/danish/security/2018/dsa-4303.wml b/danish/security/2018/dsa-4303.wml deleted file mode 100644 index 5d5b7a803e8..00000000000 --- a/danish/security/2018/dsa-4303.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="49145d2e9551335a9617ca3ca888f4f83af2dbc4" mindelta="1" -sikkerhedsopdatering - -

Joran Herve opdagede at dokumentviseren Okular var ramt af en -mappegennemløbsfejl via misdannede .okular-filer (annoterede dokumentarkiver), -hvilken kunne medføre oprettelse af vilkårlige filer.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 4:16.08.2-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine okular-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende okular, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/okular

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4303.data" diff --git a/danish/security/2018/dsa-4304.wml b/danish/security/2018/dsa-4304.wml deleted file mode 100644 index 19d3671aeba..00000000000 --- a/danish/security/2018/dsa-4304.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="8cafedf863d0c04b9cef052c60be4bc10083f016" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, hvilke -potentielt kunne medføre udførelse af vilkårlig kode og lokal -informationsafsløring.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 60.2.1esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4304.data" diff --git a/danish/security/2018/dsa-4305.wml b/danish/security/2018/dsa-4305.wml deleted file mode 100644 index d35ef9fc36f..00000000000 --- a/danish/security/2018/dsa-4305.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="3c7e2954b18597d994cd43ebceed5830b33bf4b8" mindelta="1" -sikkerhedsopdatering - -

Sze Yiu Chau og hans hold fra Purdue University og The University of Iowa, -fandt flere problemer i gmp-plugin'en hørende til strongSwan, en -IKE/IPsec-programsamling.

- -

Problemer i fortolkningen og verifikationen af RSA-signaturer, kunne føre til -en laveksponentsignaturforfalskning i Bleichenbacher-stil i certifikater, og -under IKE-autentifikation.

- -

Selv om gmp-plugin'en ikke tillader vilkårlige data efter ASN.1-strukturen -(det oprindelige Bleichenbacher-angreb), er ASN.1-fortolkeren ikke striks nok, -og tillader data i specifikke felter inde i ASN.1-strukturen.

- -

Kun installationer som anvender gmp-plugin'en er påvirkede (i Debian er -OpenSSL-plugin'en prioriteret over GMP-plugin'en hvad angår RSA-handlinger), og -kun når der anvendes nøgler, og certifikater (herunder fra CA'er) som anvender -nøgler med en eksponent exponent e = 3, hvilket normalt i praksis er -sjældent.

- -
    - -
  • CVE-2018-16151 - -

    OID-fortolkeren i ASN.1-koden i gmp, tillod ethvert antal tilfælde - bytes efter en gyldig OID.

    • - -
  • CVE-2018-16152 - -

    algorithmIdentifier-fortolkeren i ASN.1-koden i gmp, håndhævede ikke en - NULL-værdi i det valgfrie parameter, som ikke anvendes med nogen - PKCS#1-algorime.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 5.5.1-4+deb9u3.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende strongswan, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/strongswan

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4305.data" diff --git a/danish/security/2018/dsa-4306.wml b/danish/security/2018/dsa-4306.wml deleted file mode 100644 index fbd56899756..00000000000 --- a/danish/security/2018/dsa-4306.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="56c6892f30b5bcf11f1f27b38f5167c452d31b01" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Python: ElementTree fik ikke -initialiseret Expats hashsalt, to lammelsesangrebsproblemer blev fundet i -difflib og poplib, og modulet shutil var ramt af en -kommandoindsprøjtningssårbarhed.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.7.13-2+deb9u3.

- -

Vi anbefaler at du opgraderer dine python2.7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python2.7, se -dens sikkerhedssporingsside på: - -https://security-tracker.debian.org/tracker/python2.7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4306.data" diff --git a/danish/security/2018/dsa-4307.wml b/danish/security/2018/dsa-4307.wml deleted file mode 100644 index d69370d3262..00000000000 --- a/danish/security/2018/dsa-4307.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="09603045e4646e32faf65665e81956f84f5ff198" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Python: ElementTree fik ikke -initialiseret Expats hashsalt, to lammelsesangrebsproblemer blev fundet i -difflib og poplib, og et bufferoverløb i PyString_DecodeEscape.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 3.5.3-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine python3.5-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python3.5, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python3.5

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4307.data" diff --git a/danish/security/2018/dsa-4308.wml b/danish/security/2018/dsa-4308.wml deleted file mode 100644 index 8e0d19ed8e0..00000000000 --- a/danish/security/2018/dsa-4308.wml +++ /dev/null @@ -1,156 +0,0 @@ -#use wml::debian::translation-check translation="9b0f24167bab7ac047fcd437a31fd6c303f0f804" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2018-6554 - -

    Der blev opdaget en hukommelseslækage i funktionen irda_bind i - undersystemet irda. En lokal bruger kunne drage nytte af fejlen til at - forårsage et lammelsesangreb (hukommelsesforbrug).

    • - -
  • CVE-2018-6555 - -

    En fejl blev opdaget i funktionen irda_setsockopt i undersystemet irda, - hvilken gjorde det muligt for en lokal bruger at forårsage et - lammelsesangreb (anvendelse efter frigivelse samt systemnedbrud).

    • - -
  • CVE-2018-7755 - -

    Brian Belleville opdagede en fejl i funktionen fd_locked_ioctl i - floppydriveren i Linux-kernen. Floppydriveren kopierede en kernepointer til - brugerhukommelse, som svar på en FDGETPRM-ioctl. En lokal bruger med adgang - til et floppydrev, kunne drage nytte af fejlen til at opdage placeringen af - kernekode og -data.

    • - -
  • CVE-2018-9363 - -

    Man opdagede at implementeringenaf Bluetooth HIDP ikke på korrekt vis - kontrollerede længden på modtagne rapportmeddelelser. En forbundet (paired) - HIDP-enhed kunne udnytte fejlen til at forårsage et bufferoverløb, førende - til lammelsesangreb (hukommelseskorruption eller nedbrud) eller potentielt - til fjernudførelse af kode.

    • - -
  • CVE-2018-9516 - -

    Man opdagede at HID-eventsinterfacet i debugfs ikke på korrekt vis - begrænsede længden af kopier til brugerbufferre. En lokal bruger med - adgang til disse filer, kunne udnytte fejlen til at forårsage et - lammelsesangreb (hukommelseskorruption eller nedbrud) eller muligvis til - rettighedsforøgelse. Dog er debugfs som standard kun tilgængelig for - rootbrugeren.

    • - -
  • CVE-2018-10902 - -

    Man opdagede at kernedriveren rawmidi ikke beskyttede mod samtidig - adgang, hvilket førte til en dobbelt realloc-fejl (dobbelt frigivelse). En - lokal angriber kunne drage nytte af problemet til - rettighedsforøgelse.

    • - -
  • CVE-2018-10938 - -

    Yves Younan fra Cisco rapporterede at Cipso IPv4-modulet ikke på korrekt - vis kontrollede længden på IPv4-options. På skræddersyede kerner med - CONFIG_NETLABEL aktiveret, kunne en fjernangriber udnytte fejlen til at - forårsage et lammelsesangreb (hængende system).

    • - -
  • CVE-2018-13099 - -

    Wen Xu fra SSLab ved Gatech rapporterede om en fejl i forbindelse med - anvendelse efter frigivelse i implementeringen af F2FS. En angriber som er - i stand til at mounte en fabrikeret F2FS-volume, kunne udnytte fejlen til - at forårsage et lammelsesangreb (nedbrud eller hukommelseskorruption) eller - muligvis til rettighedsforøgelse.

    • - -
  • CVE-2018-14609 - -

    Wen Xu fra SSLab ved Gatech rapporterede om en potentiel - nullpointerdereference i implementeringen af F2FS. En angriber som er i - stand til at mounte en fabrikeret F2FS-volume, kunne udnytte fejlen til at - forårsage et lammelsesangreb (nedbrud).

    • - -
  • CVE-2018-14617 - -

    Wen Xu fra SSLab ved Gatech rapporterede et en potentiel - nullpointerdereference i implementeringen af HFS+. En angriber som er i - stand til at mounte en fabrikeret HFS+-volume, kunne udnytte fejlen til at - forårsage et lammelsesangreb (nedbrud).

    • - -
  • CVE-2018-14633 - -

    Vincent Pelletier opdagede en stakbaseret bufferoverløbsfejl i funktionen - chap_server_compute_md5() i iSCSI-målkoden. En uautentificeret - fjernangriber kunne drage nytte af fejlen til at forårsage et - lammelsesangreb eller muligvis få ikke-autoriseret adgang til data - eksporteret af et iSCSI-mål.

    • - -
  • CVE-2018-14678 - -

    M. Vefa Bicakci og Andy Lutomirski opdagede en fejl i kernens exitkode, - som anvendes på amd64-systemer, der kører som Xen PV-gæster. En lokal - bruger kunne udnytte fejlen til at forårsage et lammelsesangreb - (nedbrud).

    • - -
  • CVE-2018-14734 - -

    En fejl i forbindelse med anvendelse efter frigivelse, blev opdaget i - kommunikationsmanageren InfiniBand. En lokal bruger kunne udnytte fejlen - til at forårsage et lammelsesangreb (nedbrud eller hukommelseskorruption) - eller muligvis til rettighedsforøgelse.

    • - -
  • CVE-2018-15572 - -

    Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song og Nael - Abu-Ghazaleh fra University of California, Riverside, rapporterede om en - variant af Spectre variant 2, kaldet SpectreRSB. En lokal bruger kunne - være i stand til at læse følsomme oplysninger fra processer ejet af andre - brugere.

    • - -
  • CVE-2018-15594 - -

    Nadav Amit rapporterede at nogle indirekte funktionskalds anvendt i - paravirtualiserede gæster, var sårbare over for Spectre variant 2. En - lokal bruger kunne være i stand til at anvende fejlen til at læse - følsomme oplysninger fra kernen.

    • - -
  • CVE-2018-16276 - -

    Jann Horn opdagede at yurex-driveren ikke på korrekt vis begrænsede - længden på kopier til brugerbuffere. En lokal bruger med adgang til en - yurex-enhedsnode, kunne udnytte fejlen til at forårsage et lammelsesangreb - (hukommelseskorruption eller nedbrud) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2018-16658 - -

    Man opdagede at cdrom-driveren ikke på korrekt vis validerede - parameteret til ioctl'en CDROM_DRIVE_STATUS. En bruger med adgang til et - cdromdrev kunne udnytte fejlen til at læse følsomme oplysninger fra - kernen eller til at forårsage et lammelsesangreb (nedbrud).

    • - -
  • CVE-2018-17182 - -

    Jann Horn opdagede at funktionen vmacache_flush_all fejlhåndterede - sekvenstaloverløb. En lokal bruger kunne drage nytte af fejlen til at - udløse en anvendelse efter frigivelse, medførende et lammelsesangreb - (nedbrud eller hukommelseskorruption) eller til - rettighedsforøgelse.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.9.110-3+deb9u5.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4308.data" diff --git a/danish/security/2018/dsa-4309.wml b/danish/security/2018/dsa-4309.wml deleted file mode 100644 index 4b6e353b17c..00000000000 --- a/danish/security/2018/dsa-4309.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="a5b7ec0c0184954ce50a1cba985b7f783185f781" mindelta="1" -sikkerhedsopdatering - -

Googles OSS-Fuzz afslørede en udnytbar fejl i plugin'en gmp, forårsaget af -patch'en som retter -\ -CVE-2018-16151 og -\ -CVE-2018-16152 (DSA-4305-1).

- -

En angriber kunne udløse fejlen ved at anvende fabrikerede certifikater med -RSA-nøgler med meget små moduli. Verifikation af signaturer med sådanne nøgler -kunne forårsage et heltalsunderløb og efterfølgende heapbufferoverløb, -medførende et nedbrud i dæmonen. Om end vilkårlig udførelse af kode ikke er -helt udelukket på grund af heapbufferoverløbet, på grund af den måde data -skrives til bufferen, lader det til at være svært faktisk at udnytte fejlen på -en sådan måde.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 5.5.1-4+deb9u4.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende strongswan, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/strongswan

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4309.data" diff --git a/danish/security/2018/dsa-4310.wml b/danish/security/2018/dsa-4310.wml deleted file mode 100644 index 4690a66a4a2..00000000000 --- a/danish/security/2018/dsa-4310.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ede79f1afd13feaf7d39f8d7668240a75fae445c" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, hvilke -potentielt kunne medføre udførelse af vilkårlig kode inde i -indholdsprocessens sandkasse.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 60.2.2esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4310.data" diff --git a/danish/security/2018/dsa-4311.wml b/danish/security/2018/dsa-4311.wml deleted file mode 100644 index a8dd30ae9af..00000000000 --- a/danish/security/2018/dsa-4311.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="109968bd2506826f7f4be00312b1c6161931ac20" mindelta="1" -sikkerhedsopdatering - -

Joernchen fra Phenoelit opdagede at git, et hurtigt, skalerbart og -distribueret versionsstyringssystem, var ramt af en sårbarhed i forbindelse med -udførelse af vilkårlig kode gennem en særligt fremstillet .gitmodules-fil i et -projekt klonet med --recurse-submodules.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:2.11.0-3+deb9u4.

- -

Vi anbefaler at du opgraderer dine git-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende git, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/git

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4311.data" diff --git a/danish/security/2018/dsa-4312.wml b/danish/security/2018/dsa-4312.wml deleted file mode 100644 index 9ed6d419fad..00000000000 --- a/danish/security/2018/dsa-4312.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="363d45e1c65ff9f20020695e9e1640af3ef72620" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i tinc, en Virtual Private Network-dæmon -(VPN). Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2018-16738 - -

    Michael Yonli opdagede en fejl i implementeringen af - autentifikationsprotokollen, hvilken kunne gøre det muligt for en - fjernangriber at etablere en autentificeret, ensrettet forbindelse med en - anden node.

    • - -
  • CVE-2018-16758 - -

    Michael Yonli opdagede at en manden i midten, der har opsnappet en - TCP-forbindelse, måske kunne være i stand til at deaktivere kryptering af - UDP-pakker sendt af en node.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.0.31-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine tinc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tinc, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/tinc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4312.data" diff --git a/danish/security/2018/dsa-4313.wml b/danish/security/2018/dsa-4313.wml deleted file mode 100644 index 4862599c6e8..00000000000 --- a/danish/security/2018/dsa-4313.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="bd5c1d8de829ac651648a38f4c68957a9b664e9d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2018-15471 (XSA-270) - -

    Felix Wilhelm fra Google Project Zero opdagede en fejl i - hashhåndteringen af Linux-kernemodulet xen-netback. En ondsindet eller - fejlfyldt frontend kunne medføre at (den normalt priviligerede) backend - tilgør hukommelse uden for grænserne, potentielt førende til - rettighedsforøgelse, lammelsesangreb eller informationslækager.

    - -

    • - -
  • CVE-2018-18021 - -

    Man opdagede at KVM-undersystemet på arm64-platformen, ikke på korrekt - vis håndterede ioctl'en KVM_SET_ON_REG. En angriber, der er i stand til at - oprette KVM-baserede virtuelle maskiner, kunne drage nytte af fejlen til - lammelsesangreb (hypervisorpanik) eller rettighedsforøgelse (vilkårlig - viderestilling af hypervisorens kontrolforløb med total - registerkontrol).

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.9.110-3+deb9u6.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4313.data" diff --git a/danish/security/2018/dsa-4314.wml b/danish/security/2018/dsa-4314.wml deleted file mode 100644 index 4bea36e4b3b..00000000000 --- a/danish/security/2018/dsa-4314.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="704754ce9669f557cbd27b4a6e6d7de43b6bad5e" mindelta="1" -sikkerhedsopdatering - -

Magnus Klaaborg Stubman opdagede en NULL-pointerdereferencefejl i net-snmp, -en samling afSimple Network Management Protocol-applikationer, hvilken gjorde -det muligt for en fjern, autentificeret angriber at få snmpd-processen til at gå -ned (forårsagende et lammelsesangreb).

- -

I den stabile distribution (stretch), er dette problem rettet i -version 5.7.3+dfsg-1.7+deb9u1.

- -

Vi anbefaler at du opgraderer dine net-snmp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende net-snmp, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/net-snmp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4314.data" diff --git a/danish/security/2018/dsa-4315.wml b/danish/security/2018/dsa-4315.wml deleted file mode 100644 index c176a0f8092..00000000000 --- a/danish/security/2018/dsa-4315.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="458175a8a268b339a3ffa352b77b38f693c4b616" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Wireshark, et program til analysering af -netværksprotokoller, hvilke kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.6.3-1~deb9u1. Opdateringen opgraderer Wireshark til releaseforgrening -2.6.x, og fremtidige sikkerhedsopgraderinger vil blive baseret på denne -serie.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wireshark, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wireshark

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4315.data" diff --git a/danish/security/2018/dsa-4316.wml b/danish/security/2018/dsa-4316.wml deleted file mode 100644 index da4832fda31..00000000000 --- a/danish/security/2018/dsa-4316.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b8c09cafc4b524922b58f92f24dd4a5173f0bddd" mindelta="1" -sikkerhedsopdatering - -

Opdateringen retter flere sårbarheder i Imagemagick, en samling af -grafikprogrammer. Forskellige hukommelseshåndteringsproblemer og ufuldstændig -fornuftighedskontrol af inddata, er er fundet i coders til BMP, DIB, PICT, DCM, -CUT og PSD.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8:6.9.7.4+dfsg-11+deb9u6.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende imagemagick, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/imagemagick

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4316.data" diff --git a/danish/security/2018/dsa-4317.wml b/danish/security/2018/dsa-4317.wml deleted file mode 100644 index 0d83b20adb2..00000000000 --- a/danish/security/2018/dsa-4317.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="053a441f4d418e67ed93695ff218b31fd328803a" mindelta="1" -sikkerhedsopdatering - -

Tre sårbarheder blev opdaget i Open Ticket Request System, hvilke kunne føre -til rettighedsforøgelse eller lammelsesangreb.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 5.0.16-1+deb9u6.

- -

Vi anbefaler at du opgraderer dine otrs2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende otrs2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/otrs2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4317.data" diff --git a/danish/security/2018/dsa-4318.wml b/danish/security/2018/dsa-4318.wml deleted file mode 100644 index adce1eb5973..00000000000 --- a/danish/security/2018/dsa-4318.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c3120657a7e8583ccb92f2cfcb1b0e9f6ca62377" mindelta="1" -sikkerhedsopdatering - -

Nitin Venkatesh opdagede en sårbarhed i forbindelse med udførelse af skripter -på tværs af websteder i moin, en Python-klone af WikiWiki. En fjernangriber -kunne udføre skripter på tværs af websteder gennem GUI-editorens linkdialog. -Det påvirker kun installationer, som har opsat fckeditor (ikke aktiveret som -standard).

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.9.9-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine moin-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende moin, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/moin

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4318.data" diff --git a/danish/security/2018/dsa-4319.wml b/danish/security/2018/dsa-4319.wml deleted file mode 100644 index 7163e28c7fa..00000000000 --- a/danish/security/2018/dsa-4319.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="ed2119a35159cb709a44e5bea4b898b68d1c2438" mindelta="1" -sikkerhedsopdatering - -

Frediano Ziglio rapporterede om en manglende kontrol i skriptet til -generering af demarshalling-kode i SPICE-protokollens klient/server-bibliotek. -Den genererede demarshalling-kode var sårbar over for adskillige bufferoverløb. -En autentificeret angriber kunne drage nytte af fejlen til at forårsage et -lammelsesangreb (nedbrud af spiceserveren) eller muligvis til udførelse af -vilkårlig kode.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.12.8-2.1+deb9u2.

- -

Vi anbefaler at du opgraderer dine spice-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spice, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/spice

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4319.data" diff --git a/danish/security/2018/dsa-4320.wml b/danish/security/2018/dsa-4320.wml deleted file mode 100644 index de7ab82e287..00000000000 --- a/danish/security/2018/dsa-4320.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="4c4a87e7be85aafd69fadd1d3a8019ca0ec72783" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Asterisk, et open source-værktøjssæt til -PBX og telefoni, hvilke kunne medføre lammelsesangreb eller -informationsafsløring.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:13.14.1~dfsg-2+deb9u4.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende asterisk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/asterisk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4320.data" diff --git a/danish/security/2018/dsa-4321.wml b/danish/security/2018/dsa-4321.wml deleted file mode 100644 index 9a939ad9cb8..00000000000 --- a/danish/security/2018/dsa-4321.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b617bf53d2a0ee0e5b8a3e5c5fa5d469398b7f58" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i GraphicsMagick, et sæt kommandolinjeværktøjer -til behandling af billedfiler, hvilke kunne medføre lammelsesangreb eller -udførsel af vilkårlig kode, hvis en misdannet billedfil blev behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.3.30+hg15796-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine graphicsmagick-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende graphicsmagick, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/graphicsmagick

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4321.data" diff --git a/danish/security/2018/dsa-4322.wml b/danish/security/2018/dsa-4322.wml deleted file mode 100644 index ada765ab1ee..00000000000 --- a/danish/security/2018/dsa-4322.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="b04c964cd714f32ee57d7fa636b7bca8daeb51ff" mindelta="1" -sikkerhedsopdatering - -

Peter Winter-Smith fra NCC Group opdagede at libssh, et lille SSH-bibliotek -skrevet i C, i serverkoden indeholdt en sårbarhed i forbindelse med omgåelse af -autentifikationsomgåelse. En angriber kunne drage nytte af fejlen til med -succes at blive autentificeret uden nogen form for loginoplysninger, ved at -præsentere serveren for en SSH2_MSG_USERAUTH_SUCCESS-meddelelse i stedet for den -SSH2_MSG_USERAUTH_REQUEST-meddelelse, som serveren forventede ville indlede -autentifikationen.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.7.3-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine libssh-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libssh, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libssh

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4322.data" diff --git a/danish/security/2018/dsa-4323.wml b/danish/security/2018/dsa-4323.wml deleted file mode 100644 index 6e195731119..00000000000 --- a/danish/security/2018/dsa-4323.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="21b584dd841e81aeb317045305fbc650db9273ad" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev fundet i Drupal, et komplet indholdshåndteringsframework, -hvilke kunne medføre udførelse af vilkårlig kode eller en åben viderestrilling. -For flere oplysninger, se opstrømsbulletin på -\ -https://www.drupal.org/sa-core-2018-006.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.52-2+deb9u5.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende drupal7, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/drupal7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4323.data" diff --git a/danish/security/2018/dsa-4324.wml b/danish/security/2018/dsa-4324.wml deleted file mode 100644 index b241936bf1e..00000000000 --- a/danish/security/2018/dsa-4324.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="37956c693eee16e6c5d5949266f8a2c3f0cdb5e4" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke kunne medføre udførelse af vilkårlig kode, rettighedsforøgelse eller -informationsafsløring.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 60.3.0esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4324.data" diff --git a/danish/security/2018/dsa-4325.wml b/danish/security/2018/dsa-4325.wml deleted file mode 100644 index fa7212d247f..00000000000 --- a/danish/security/2018/dsa-4325.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="7f426d6b431404698d30934f0c344e0e2f2ce4d6" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at mosquitto, en MQTT-broker, var sårbar over for fjernudførte -lammelsesangreb, der kunne iværksættes på forskellige måder.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.4.10-3+deb9u2.

- -

Vi anbefaler at du opgraderer dine mosquitto-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mosquitto, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mosquitto

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4325.data" diff --git a/danish/security/2018/dsa-4326.wml b/danish/security/2018/dsa-4326.wml deleted file mode 100644 index ee185d3b48d..00000000000 --- a/danish/security/2018/dsa-4326.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e22fb25904208e602789b1dcb4bb6e32f0bfcb02" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende lammelsesangreb, omgåelse af sandkasse, ufuldstændig -TLS-identitetsverifikation, informationsafsløring eller udførelse af vilkårlig -kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8u181-b13-2~deb9u1.

- -

Vi anbefaler at du opgraderer dine openjdk-8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-8, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4326.data" diff --git a/danish/security/2018/dsa-4327.wml b/danish/security/2018/dsa-4327.wml deleted file mode 100644 index caa88ef2b67..00000000000 --- a/danish/security/2018/dsa-4327.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="3e125aee962b2b7f0d28c49a4132cf90a180d3a5" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird: Adskillige -hukommelsesfejl og anvendelser efter frigivelser, kunne føre til udførelse af -vilkårlig kode eller lammelsesangreb.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:60.2.1-2~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4327.data" diff --git a/danish/security/2018/dsa-4328.wml b/danish/security/2018/dsa-4328.wml deleted file mode 100644 index c32488f3259..00000000000 --- a/danish/security/2018/dsa-4328.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="5b87f3611fd30b9ad5f84702ee7aee8c424e3784" mindelta="1" -sikkerhedsopdatering - -

Narendra Shinde opdagede at ukorrekt validering af kommandolinjeparametre i -Xorg X-server kunne medføre overskrivelse af vilkårlige filer, hvilket -efterfølgende kunne føre til rettighedsforøgelse.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:1.19.2-1+deb9u4.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xorg-server, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xorg-server

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4328.data" diff --git a/danish/security/2018/dsa-4329.wml b/danish/security/2018/dsa-4329.wml deleted file mode 100644 index 1b7762bf472..00000000000 --- a/danish/security/2018/dsa-4329.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="5c44523d6b6b4de947b94c71e9e075b442656fe5" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at en ukorrekt forbindelsesopsætning i Teeworlds-serveren, et -online 2-D-platformskydespil til flere personer, kunne medføre lammelsesangreb -gennem fabrikerede forbindelsespakker (medførende at alle spilserverslots var -optaget).

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.6.5+dfsg-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine teeworlds-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende teeworlds, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/teeworlds

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4329.data" diff --git a/danish/security/2018/dsa-4330.wml b/danish/security/2018/dsa-4330.wml deleted file mode 100644 index e5b142c6ab0..00000000000 --- a/danish/security/2018/dsa-4330.wml +++ /dev/null @@ -1,97 +0,0 @@ -#use wml::debian::translation-check translation="56baa1aa5fad724cf89ddd056dfeb02216ffb096" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2018-5179 - -

    Yannic Boneberger opdagede en fejl i implementeringen af - ServiceWorker.

    • - -
  • CVE-2018-17462 - -

    Ned Williamson og Niklas Baumstark opdagede en måde at slippe ud af - sandkassen på.

    • - -
  • CVE-2018-17463 - -

    Ned Williamson og Niklas Baumstark opdagede et problem i forbindelse med - fjernudførsel af kode i JavaScript-biblioteket v8.

    • - -
  • CVE-2018-17464 - -

    xisigr opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2018-17465 - -

    Lin Zuojian opdagede et problem med anvendelse efter frigivelse i - JavaScript-biblioteket v8.

    • - -
  • CVE-2018-17466 - -

    Omair opdagede et problem med hukommelseskorruption i biblioteket - angle.

    • - -
  • CVE-2018-17467 - -

    Khalil Zhani opdagedet et problem med URL-forfalskning.

    • - -
  • CVE-2018-17468 - -

    Jams Lee opdagede et problem med informationsafsløring.

    • - -
  • CVE-2018-17469 - -

    Zhen Zhou opdagedet et bufferoverløbsproblem i biblioteket - pdfium.

    • - -
  • CVE-2018-17470 - -

    Zhe Jin opdagedet et problem med hukommelseskorruption i implementeringen - af GPU-backend'en.

    • - -
  • CVE-2018-17471 - -

    Lnyas Zhang opdagedet et problem med fuldskærmsbrugerfladen.

    • - -
  • CVE-2018-17473 - -

    Khalil Zhani opdagedet et problem med URL-forfalskning.

    • - -
  • CVE-2018-17474 - -

    Zhe Jin opdagedet et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2018-17475 - -

    Vladimir Metnew opdagedet et problem med URL-forfalskning.

    • - -
  • CVE-2018-17476 - -

    Khalil Zhani opdagede et problem med fuldskærmsbrugerfladen.

    • - -
  • CVE-2018-17477 - -

    Aaron Muir Hamilton opdagede et problem med forfalskning af brugerfladen - i udvidelsesruden.

    • - -
- -

Denne opdatering retter også et bufferoverløb i det indlejrede bibliotek -lcms, som følger med chromium.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 70.0.3538.67-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium-browser, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium-browser

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4330.data" diff --git a/danish/security/2018/dsa-4331.wml b/danish/security/2018/dsa-4331.wml deleted file mode 100644 index cf3fb91fecd..00000000000 --- a/danish/security/2018/dsa-4331.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="ce2c6df5f974a2c9be8ca06bb4afda282a57e3f9" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i cURL, et URL-overførselsbibliotek.

- -
    - -
  • CVE-2018-16839 - -

    Harry Sintonen opdagede at på systemet med en 32 bit-size_t, blev et - heltalsoverløb udløst når et SASL-brugernavn længere end 2GB blev anvendt. - Det førte herefter til at en meget lille buffer blev oprettet, i stedet for - den tilsigtede enorme, hvilket udløste et heapbufferoverløb når bufferen - blev anvendt.

    • - -
  • CVE-2018-16842 - -

    Brian Carpenter opdagede at logikken i curls værktøj til at ombryde - fejlmeddelelser ved 80 tegn, var fejlbehæftet, førende til overløb i en - læsningsbuffer, hvis et enkelt ord i meddelelsen er længere end 80 - bytes.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7.52.1-5+deb9u8.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende curl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/curl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4331.data" diff --git a/danish/security/2018/dsa-4332.wml b/danish/security/2018/dsa-4332.wml deleted file mode 100644 index 4c26f4afd36..00000000000 --- a/danish/security/2018/dsa-4332.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="47392efd21a71717e3d185eeb02d51f7fe74be33" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i fortolkeren af Ruby-sproget. Projektet Common -Vulnerabilities and Exposures har registreret følgende problemer:

- -
    - -
  • CVE-2018-16395 - -

    Tyler Eckstein rapporterede at lighedskontrollen i OpenSSL::X509::Name, - kunne returnere true for objekter der ikke er ligmed med. Hvis et ondsindet - X.509-certifikat overføres til sammenligning med et eksisterende certifikat, - var der mulighed for at de fejlagtigt blev vurderet som værende ens.

    • - -
  • CVE-2018-16396 - -

    Chris Seaton opdagede at tainted flags ikke blev ført videre i Array#pack - og String#unpack, med visse parametre.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.3.3-1+deb9u4.

- -

Vi anbefaler at du opgraderer dine ruby2.3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby2.3, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/ruby2.3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4332.data" diff --git a/danish/security/2018/dsa-4333.wml b/danish/security/2018/dsa-4333.wml deleted file mode 100644 index 89b0c45d0d0..00000000000 --- a/danish/security/2018/dsa-4333.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="d6dcc12a82bb49abdfb729627b48b4ebac3ec085" mindelta="1" -sikkerhedsopdatering - -

Nick Rolfe opdagede adskillige bufferoverløb i multimediestreamingserveren -Icecast, hvilke kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.4.2-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine icecast2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende icecast2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/icecast2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4333.data" diff --git a/danish/security/2018/dsa-4334.wml b/danish/security/2018/dsa-4334.wml deleted file mode 100644 index f410f4fd6eb..00000000000 --- a/danish/security/2018/dsa-4334.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="dfae2db1747e0329dcb03f343ab6a9328504bc7f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i MuPDF, en fremviser af PDF, XPS og -e-bøger, hvilke kunne medføre lammelsesangreb eller udførsel af vilkårlig kode, -hvis misdannede dokumenter blev åbnet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.9a+ds1-4+deb9u4.

- -

Vi anbefaler at du opgraderer dine mupdf-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mupdf, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mupdf

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4334.data" diff --git a/danish/security/2018/dsa-4335.wml b/danish/security/2018/dsa-4335.wml deleted file mode 100644 index 80197a04235..00000000000 --- a/danish/security/2018/dsa-4335.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="8266f41d7779590117890745beb04103a08486ab" mindelta="1" -sikkerhedsopdatering - -

Tre sårbarheder blev opdaget i Nginx, en højtydende web og reverse -proxy-server, hvilke kunne føre til lammelsesangreb ved behandlingen af HTTP/2 -(gennem alt for højt hukommelses-/CPU-forbrug) eller serverhukommelsesafsløring -i modulet ngx_http_mp4_module module (anvende til serverside-MP4-streaming).

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.10.3-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nginx, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nginx

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4335.data" diff --git a/danish/security/2018/dsa-4336.wml b/danish/security/2018/dsa-4336.wml deleted file mode 100644 index 63424e23266..00000000000 --- a/danish/security/2018/dsa-4336.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="30f295f54f15a5511415016115af1538e40b2baf" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Ghostscript, PostScript-/PDF-fortolkeren -udgivet under GPL, hvilke kunne medføre lammelsesangreb, afsløring af -tilstedeværelse og størrelse på vilkårlige filer, eller udførelse af vilkårlig -kode, hvis en misdannet PostScript-fil blev behanldet (på trods af aktiveret -dSAFER-sandkasse).

- -

Opdaterer rebaser stretchs ghostscript til opstrømsversion 9.25, der -indeholder yderligere ikke-sikkerhedsrelaterede ændringer.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 9.25~dfsg-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ghostscript, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ghostscript

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4336.data" diff --git a/danish/security/2018/dsa-4337.wml b/danish/security/2018/dsa-4337.wml deleted file mode 100644 index e5a1f6167ef..00000000000 --- a/danish/security/2018/dsa-4337.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="894cb65c4308115375f38b2621d842aab55f7af5" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird: Adskillige -hukommelsessikkerhedsfejl kunne føre til udførelse af vilkårlig kode eller -lammelsesangreb.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:60.3.0-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4337.data" diff --git a/danish/security/2018/dsa-4338.wml b/danish/security/2018/dsa-4338.wml deleted file mode 100644 index 29c65ed37b7..00000000000 --- a/danish/security/2018/dsa-4338.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="83934a2f26614ea9763cb52ff41f5677e8a56eac" mindelta="1" -sikkerhedsopdatering - -

Heltalsoverløb i behandlingen af pakker i netværkskort emuleret af QEMU, en -hurtig processoremulator, kunne medføre lammelsesangreb.

- -

Desuden tilbagefører denne opdatering understøttelse af ny CPU-funktionalitet -tilføjet i opdateringen af intel-microcode, leveret i forbindelse med DSA 4273 -til x86-baserede gæster.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:2.8+dfsg-6+deb9u5.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qemu, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qemu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4338.data" diff --git a/danish/security/2018/dsa-4339.wml b/danish/security/2018/dsa-4339.wml deleted file mode 100644 index 79ab62b99af..00000000000 --- a/danish/security/2018/dsa-4339.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="c1763bbf92b379a36ce63d2b8ac86ad7b4c6a7ff" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Ceph, et distributeret storage- og -filsystem: Cephx' autentifikationsprotokol var sårbar over for replayangreb og -beregnede signaturer forkert, ceph mon validerede ikke kapabiliteterne -ved pool-handlinger (medførende potentielt korruption eller sletning af -snapshotaftryk) og en formatstrengsårbarhed i libradosstriper, kunne medføre -lammelsesangreb.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 10.2.11-1.

- -

Vi anbefaler at du opgraderer dine ceph-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ceph, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ceph

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4339.data" diff --git a/danish/security/2018/dsa-4340.wml b/danish/security/2018/dsa-4340.wml deleted file mode 100644 index 6dbac0f2863..00000000000 --- a/danish/security/2018/dsa-4340.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="053790c0d9e41d10f42aa88e186bc01d5f535f18" mindelta="1" -sikkerhedsopdatering - -

Et problem med hukommelsestilgang udenfor grænserne, blev opdaget af -cloudfuzzer i chromiums JavaScript-bibliotek v8.

- -

Opdateringen retter også to problemer opstået i den foregående -sikkerhedsupload. Understøttelse af arm64 er genindført, og gconf-service er -ikke længere en pakkeafhængighed.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 70.0.3538.102-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium-browser, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium-browser

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4340.data" diff --git a/danish/security/2018/dsa-4341.wml b/danish/security/2018/dsa-4341.wml deleted file mode 100644 index f4322f2fa24..00000000000 --- a/danish/security/2018/dsa-4341.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="23827ea77e8391f791f7a8741cbbf1f0f50a6c24" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i databaseserveren MariaDB. Sårbarhederne er løst -ved at opgradere MariaDB til den nye opstrømsversion 10.1.37. Se MariaDB 10.1's -Release Notes for flere oplysninger:

- - - -

I den stabile distribution (stretch), er disse problemer rettet i -version 10.1.37-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine mariadb-10.1-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mariadb-10.1, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mariadb-10.1

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4341.data" diff --git a/danish/security/2018/dsa-4343.wml b/danish/security/2018/dsa-4343.wml deleted file mode 100644 index c72d8fafc28..00000000000 --- a/danish/security/2018/dsa-4343.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="30b410b9c28d1592a3fe64826aaffbbeb54ec991" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at et bufferoverløb i liveMedia, et sæt C++-biblioteker til -multimediestream, kunne medføre udførelse af vilkårlig kode, når en misdannet -RTSP-stream blev behandlet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2016.11.28-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine liblivemedia-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende liblivemedia, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/liblivemedia

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4343.data" diff --git a/danish/security/2018/dsa-4344.wml b/danish/security/2018/dsa-4344.wml deleted file mode 100644 index a25ee0b171e..00000000000 --- a/danish/security/2018/dsa-4344.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="8e8be7e1310df833bbd582664555a9b8b62956f6" mindelta="1" -sikkerhedsopdatering - -

Aidan Marlin opdagede at roundcube, en skindbar, AJAX-baseret webmailløsning -til IMAP-servere, var ramt af en sårbarhed i forbindelse med udførelse af -skripter på tværs af websteder, i håndtering af ugyldigt styletagindhold.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.2.3+dfsg.1-4+deb9u3.

- -

Vi anbefaler at du opgraderer dine roundcube-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende roundcube, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/roundcube

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4344.data" diff --git a/danish/security/2018/dsa-4345.wml b/danish/security/2018/dsa-4345.wml deleted file mode 100644 index 0c87f0da6e9..00000000000 --- a/danish/security/2018/dsa-4345.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="1d1f8d159bd57a26b5a8603a6dfc4a1937981b1c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Samba, en Unix-server til SMB/CIFS, print og -login. Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- - - -

I den stabile distribution (stretch), er disse problemer rettet i -version 2:4.5.12+dfsg-2+deb9u4.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende samba, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/samba

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4345.data" diff --git a/danish/security/2018/dsa-4346.wml b/danish/security/2018/dsa-4346.wml deleted file mode 100644 index 690c9f0ea66..00000000000 --- a/danish/security/2018/dsa-4346.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="6e01f4fba8d847ed19962aa1aaf320df50c01910" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Ghostscript, PostScript-/PDF-fortolkeren -udgivet under GPL, hvilke kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode, hvis en misdannet Postscript-fil behandles (på trods af --dSAFER-sandkassen er aktiveret).

- -

This update rebases ghostscript for stretch to the opstrømsversion 9.26 -which includes additional changes.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 9.26~dfsg-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ghostscript, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ghostscript

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4346.data" diff --git a/danish/security/2018/dsa-4347.wml b/danish/security/2018/dsa-4347.wml deleted file mode 100644 index f5fee51b216..00000000000 --- a/danish/security/2018/dsa-4347.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="165625c3a669960bb5e1c766db812564b5fd665e" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i implementeringen af -programmeringssproget Perl. Projektet Common Vulnerabilities and Exposures har -registreret følgende problemer:

- -
    - -
  • CVE-2018-18311 - -

    Jayakrishna Menon og Christophe Hauser opdagede en - heltalsoverløbssårbarhed i Perl_my_setenv, førende til et heapbaseret - bufferoverløb med angriberkontrollerede inddata.

    • - -
  • CVE-2018-18312 - -

    Eiichi Tsukata opdagede at et fabrikeret regulært udtryk, kunne medføre - en heapbaseret bufferoverløbsskrivning under kompilering, potentielt førende - til udførelse af vilkårlig kode.

    • - -
  • CVE-2018-18313 - -

    Eiichi Tsukata opdagede at et fabrikeret regulært udtryk kunne medføre en - heapbaseret bufferoverløbslæsning under kompilering, hvilket førte til - informationslækage.

    • - -
  • CVE-2018-18314 - -

    Jakub Wilk opdagede at et særlig fremstillet regulært udtryk kunne føre - til et heapbaseret bufferoverløb.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 5.24.1-3+deb9u5.

- -

Vi anbefaler at du opgraderer dine perl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende perl, se -dens sikkerhedssporingssidede på: -https://security-tracker.debian.org/tracker/perl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4347.data" diff --git a/danish/security/2018/dsa-4348.wml b/danish/security/2018/dsa-4348.wml deleted file mode 100644 index ea7bdb87150..00000000000 --- a/danish/security/2018/dsa-4348.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a60f7421a600f5926ff6dfb5c39d4d15e61faaca" mindelta="1" -sikkerhedsopdatering - -

Flere lokale sidekanalsangreb og et lammelsesangreb via store -Diffie-Hellman-parametre, blev opdaget i OpenSSL, et Secure Sockets -Layer-værktøjssæt.

- -

I den stabile distribution (stretch), er disse problemer rettet i version -1.1.0j-1~deb9u1. Fremover vil sikkerhedsopdateringer af openssl i stretch -blive baseret på 1.1.0x-opstrømsudgaverne.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4348.data" diff --git a/danish/security/2018/dsa-4349.wml b/danish/security/2018/dsa-4349.wml deleted file mode 100644 index 4a92a05f166..00000000000 --- a/danish/security/2018/dsa-4349.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="71f789e1254254effcbb9dc6cbdeec7c27c82469" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i biblioteket libtiff library og de -medfølgende værktøjer, hvilke kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode, hvis misdannede billedfiler blev behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.0.8-2+deb9u4.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tiff, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tiff

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4349.data" diff --git a/danish/security/2018/dsa-4350.wml b/danish/security/2018/dsa-4350.wml deleted file mode 100644 index 2f0985831a6..00000000000 --- a/danish/security/2018/dsa-4350.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b8c497c9b65e0b3c9f962e66e3f454c49ed0017c" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ukorrekt behandling af meget høje UID'er i Policykit, et -framework til håndtering af administrative policies og rettigheder, kunne -medføre omgåelse af autentifikation.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.105-18+deb9u1.

- -

Vi anbefaler at du opgraderer dine policykit-1-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende policykit-1, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/policykit-1

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4350.data" diff --git a/danish/security/2018/dsa-4351.wml b/danish/security/2018/dsa-4351.wml deleted file mode 100644 index 6bbd5b76b70..00000000000 --- a/danish/security/2018/dsa-4351.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="1546149939907cc909ba2da3cf1b949ba05e4a24" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at PHPMailer, et bibliotek til udsendelse af mail fra -PHP-applikationern, var ramt af en sårbarhed i forbindelse med indsprøjtning af -PHP-objekter, potentielt gørende det muligt for en fjernangriber at udføre -vilkårlig kode.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 5.2.14+dfsg-2.3+deb9u1.

- -

Vi anbefaler at du opgraderer dine libphp-phpmailer-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libphp-phpmailer, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libphp-phpmailer

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4351.data" diff --git a/danish/security/2018/dsa-4352.wml b/danish/security/2018/dsa-4352.wml deleted file mode 100644 index 2cb0fc80971..00000000000 --- a/danish/security/2018/dsa-4352.wml +++ /dev/null @@ -1,146 +0,0 @@ -#use wml::debian::translation-check translation="2fffb6d907665c5179287a533ba1d4ef4412e32a" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2018-17480 - -

    Guang Gong opdagede et problem med skrivning uden for grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2018-17481 - -

    Flere problemer med anvendelse efter frigivelse blev opdaget i - biblioteket pdfium.

    • - -
  • CVE-2018-18335 - -

    Et bufferoverløbsproblem blev opdaget i biblioteket skia.

    • - -
  • CVE-2018-18336 - -

    Huyna opdagede et problem med anvendelse efter frigivelse i biblioteket - pdfium.

    • - -
  • CVE-2018-18337 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - blink/webkit.

    • - -
  • CVE-2018-18338 - -

    Zhe Jin opdagede et bufferoverløbsproblem i canvas-renderer'en.

    • - -
  • CVE-2018-18339 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - implementeringen af WebAudio.

    • - -
  • CVE-2018-18340 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - implementeringen af MediaRecorder.

    • - -
  • CVE-2018-18341 - -

    cloudfuzzer opdagede et bufferoverløbsproblem i blink/webkit.

    • - -
  • CVE-2018-18342 - -

    Guang Gong opdagede en problem med læsning uden for grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2018-18343 - -

    Tran Tien Hung opdagede et problem med anvendelse efter frigivelse i - biblioteket skia.

    • - -
  • CVE-2018-18344 - -

    Jann Horn opdagede en fejl i implementeringen af Extensions.

    • - -
  • CVE-2018-18345 - -

    Masato Kinugawa og Jun Kokatsu opdagede en fejl i funktionaliteten Site - Isolation.

    • - -
  • CVE-2018-18346 - -

    Luan Herrera opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2018-18347 - -

    Luan Herrera opdagede en fejl i implementeringen af Navigation.

    • - -
  • CVE-2018-18348 - -

    Ahmed Elsobky opdagede en fejl i implementeringen af omnibox.

    • - -
  • CVE-2018-18349 - -

    David Erceg opdagede en fejl i håndhævelsen af policy.

    • - -
  • CVE-2018-18350 - -

    Jun Kokatsu opdagede en fejl i håndhævelsen af policy.

    • - -
  • CVE-2018-18351 - -

    Jun Kokatsu opdagede en fejl i håndhævelsen af policy.

    • - -
  • CVE-2018-18352 - -

    Jun Kokatsu opdagede en fejl i Media-håndteringen.

    • - -
  • CVE-2018-18353 - -

    Wenxu Wu opdagede en fejl i implementeringen af - netværksautentifikationen.

    • - -
  • CVE-2018-18354 - -

    Wenxu Wu opdagede en fejl i forbindelse med integrationen med GNOME - Shell.

    • - -
  • CVE-2018-18355 - -

    evil1m0 opdagede en fejl i håndhævelsen af policy.

    • - -
  • CVE-2018-18356 - -

    Tran Tien Hung opdagede et problem med anvendelse efter frigivelse i - biblioteket skia.

    • - -
  • CVE-2018-18357 - -

    evil1m0 opdagede en fejl i håndhævelsen af policy.

    • - -
  • CVE-2018-18358 - -

    Jann Horn opdagede en fejl i håndhævelsen af policy.

    • - -
  • CVE-2018-18359 - -

    cyrilliu opdagede et problem med læsning uden for grænserne i - JavaScript-biblioteket v8.

    • - -
- -

Yderligere sikkerhedsrelevante problemer er også løst med denne opdatering, -men de er endnu ikke blevet tildelt CVE-identifikatorer.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 71.0.3578.80-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine chromium-browser-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium-browser, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium-browser

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4352.data" diff --git a/danish/security/2018/dsa-4353.wml b/danish/security/2018/dsa-4353.wml deleted file mode 100644 index f83e8ed9ce5..00000000000 --- a/danish/security/2018/dsa-4353.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="c4f5a9b7b36060e89ec006b8bca2732d18d8bf8a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev fundet i PHP, et ubredt, generelt -anvendeligt open source-skriptsprog: EXIF-modulet var sårbart over for -lammelsesangreb/informationsafsløring, når der blev fortolket misdannede -billeder, Apache-modulet muliggjorde udførelse af skripter på tværs af -websteder gennem body-delen af en "Transfer-Encoding: chunked"-forespørgsel, -og IMAP-udvidelsen foretog utilstrækkelig fornuftighedskontrol af inddata, -hvilket kunne medføre udførelse af vilkårlige shell-kommandoer i funktionen -imap_open() function og lammelsesangreb i funktionen imap_mail().

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7.0.33-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine php7.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4353.data" diff --git a/danish/security/2018/dsa-4354.wml b/danish/security/2018/dsa-4354.wml deleted file mode 100644 index 75c4cbffc1d..00000000000 --- a/danish/security/2018/dsa-4354.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="234a275bc642d55f44a2829ff34ce4e95997746a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne føre til udførelse af vilkårlig kode eller omgåelse af -samme ophav-reglen.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 60.4.0esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4354.data" diff --git a/danish/security/2018/dsa-4355.wml b/danish/security/2018/dsa-4355.wml deleted file mode 100644 index e1b9ffc7be7..00000000000 --- a/danish/security/2018/dsa-4355.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="5148a542f3160bade0b30f0e7adc48baea104586" mindelta="1" -sikkerhedsopdatering - -

Flere lokale sidekanalsangreb og lammelsesangreb gennem store -Diffie-Hellman-parametre, blev opdaget i OpenSSL, et Secure Sockets -Layer-værktøjssæt.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.0.2q-1~deb9u1. Fremover vil sikkerhedsopdateringer af openssl1.0 i -stretch blive baseret på opstrøms 1.0.2x-udgivelser.

- -

Vi anbefaler at du opgraderer dine openssl1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl1.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssl1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4355.data" diff --git a/danish/security/2018/dsa-4356.wml b/danish/security/2018/dsa-4356.wml deleted file mode 100644 index 21c67e1b8f8..00000000000 --- a/danish/security/2018/dsa-4356.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f603e5f228363d4cb4204680086d7159057e458f" mindelta="1" -sikkerhedsopdatering - -

Jacob Baines opdagede en fejl i håndteringen af DSI Opensession-kommandoen i -Netatalk, en implementering af AppleTalk Protocol Suite, som gjorde det muligt -for en uautentiticeret bruger at udføre vilkårlige kode med rootrettigheder.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.2.5-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine netatalk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende netatalk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/netatalk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4356.data" diff --git a/danish/security/2018/dsa-4357.wml b/danish/security/2018/dsa-4357.wml deleted file mode 100644 index b47b16eb03d..00000000000 --- a/danish/security/2018/dsa-4357.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="dbf4ba8e9bfb35169a40a69893c185951be6f765" mindelta="1" -sikkerhedsopdatering - -

Raphael Arrouas og Jean Lejeune opdagede en sårbarhed i forbindelse med -omgåelse af adgangskontrol i mod_jk, Apache-connector'en til Tomcat -Java-servlet-motoren. Sårbarheden er løst ved at opgradere mod_jk til den nye -opstrømsversion 1.2.46, der indeholder yderligere ændringer.

- - - -

I den stabile distribution (stretch), er dette problem rettet i -version 1:1.2.46-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine libapache-mod-jk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libapache-mod-jk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libapache-mod-jk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4357.data" diff --git a/danish/security/2018/dsa-4358.wml b/danish/security/2018/dsa-4358.wml deleted file mode 100644 index 8300e29bf72..00000000000 --- a/danish/security/2018/dsa-4358.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="0f190f575d9a6e82bee320fe416647841a7f264e" mindelta="1" -sikkerhedsopdatering - -

Shopify Application Security Team opdagede at ruby-sanitize, en -hvidlistebaseret HTML-renser, var ramt af en HTML-indsprøjtningssårbarhed. Et -særligt fabrikeret HTML-fragment kunne medføre at ikke-hvidlistede attributter -blev anvendt i et hvidlistet HTML-elmenent.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.1.0-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine ruby-sanitize-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-sanitize, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-sanitize

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4358.data" diff --git a/danish/security/2018/dsa-4359.wml b/danish/security/2018/dsa-4359.wml deleted file mode 100644 index c29ac5da94e..00000000000 --- a/danish/security/2018/dsa-4359.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ee21dc37fb23ea84beba56e6392fce89bd93382a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Wireshark, et program til analysering af -netværksprotokoller, hvilke kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.6.5-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wireshark, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wireshark

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4359.data" diff --git a/danish/security/2018/dsa-4360.wml b/danish/security/2018/dsa-4360.wml deleted file mode 100644 index fad8ee804b3..00000000000 --- a/danish/security/2018/dsa-4360.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="ae0b39f48f599ac19f9d6570b72ac88c85bd90a1" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev fundet i libarchive, et arkiverings- og -komprimeringsbibliotek som understøtter mange formater: Behandling af -misdannede RAR-arkiver kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode, og misdannede WARC-, LHarc-, ISO-, Xar- eller CAB-arkiver kunne -medføre lammelsesangreb.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 3.2.2-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine libarchive-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libarchive, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libarchive

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4360.data" diff --git a/danish/security/2018/dsa-4361.wml b/danish/security/2018/dsa-4361.wml deleted file mode 100644 index b771c8fa651..00000000000 --- a/danish/security/2018/dsa-4361.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e422097318c2b9061a3de717e10cd1c63589dbdf" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i libextractor, et bibliotek til udtrækning af -vilkårlige metadata fra filer, hvilke kunne føre til lammelsesangreb eller -hukommelsesafsløring, hvis en misdannet OLE-fil blev behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:1.3-4+deb9u3.

- -

Vi anbefaler at du opgraderer dine libextractor-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libextractor, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libextractor

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2018/dsa-4361.data" diff --git a/danish/security/2018/index.wml b/danish/security/2018/index.wml deleted file mode 100644 index 2c7370a656a..00000000000 --- a/danish/security/2018/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2018 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security -#use wml::debian::translation-check translation="8635bbbedf6cf68c100d16e30d03160b02a7aad7" - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/security/2018' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2019/Makefile b/danish/security/2019/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2019/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2019/dsa-4362.wml b/danish/security/2019/dsa-4362.wml deleted file mode 100644 index 029b45111e5..00000000000 --- a/danish/security/2019/dsa-4362.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="1571086ce3bff86e411a2f13c6517856f4182646" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:60.4.0-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4362.data" diff --git a/danish/security/2019/dsa-4363.wml b/danish/security/2019/dsa-4363.wml deleted file mode 100644 index 7fef66c6e3d..00000000000 --- a/danish/security/2019/dsa-4363.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a30fc86ea21305333ea2670e4ae537412db1a858" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at misdannede URL'er kunne forfalske indholdet af -default-404-siden i Django, en Python-webudviklingsframework.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:1.10.7-2+deb9u4.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-django, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-django

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4363.data" diff --git a/danish/security/2019/dsa-4364.wml b/danish/security/2019/dsa-4364.wml deleted file mode 100644 index 468cbbdf26a..00000000000 --- a/danish/security/2019/dsa-4364.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="4e651f5536a27d2765ba4140b02cc398cdb5f7fd" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ruby-loofah, et generelt bibliotek til behandling og -transformering af HTML-/XML-dokumenter og -fragmenter, udførte utilstrækkelig -rensning af SVG-elementer.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.0.3-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine ruby-loofah-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-loofah, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-loofah

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4364.data" diff --git a/danish/security/2019/dsa-4365.wml b/danish/security/2019/dsa-4365.wml deleted file mode 100644 index 46c25046206..00000000000 --- a/danish/security/2019/dsa-4365.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c3f09e2a38bea05e9ae85e2e7af413e1eda70975" mindelta="1" -sikkerhedsopdatering - -

Stephen Roettger opdagede en kapløbstilstand i tmpreaper, et program der -baseret på filers alder foretager oprydning i mapper, hvilken kunne medføre -lokal rettighedsforøgelse.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.6.13+nmu1+deb9u1.

- -

Vi anbefaler at du opgraderer dine tmpreaper-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tmpreaper, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tmpreaper

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4365.data" diff --git a/danish/security/2019/dsa-4366.wml b/danish/security/2019/dsa-4366.wml deleted file mode 100644 index 62f41cec9c1..00000000000 --- a/danish/security/2019/dsa-4366.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="e38897fa2f512b6bd8aa6fc56e01320b30c21fec" mindelta="1" -sikkerhedsopdatering - -

Et heltalsunderløb blev opdaget i CAF-demuxer'en i medieafspilleren VLC.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.0.6-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende vlc, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/vlc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4366.data" diff --git a/danish/security/2019/dsa-4367.wml b/danish/security/2019/dsa-4367.wml deleted file mode 100644 index 62d5a1edefd..00000000000 --- a/danish/security/2019/dsa-4367.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="9b882a5d38bd6c3c5a8d79a39b0033bc189699c0" mindelta="1" -sikkerhedsopdatering - -

Qualys Research Labs opdagede adskillige sårbarheder i systemd-journald. To -hukommelseskorruptionsfejl via angriberkontrolleret allokering vha. funktionen -alloca (\ -CVE-2018-16864, -\ -CVE-2018-16865) og en læsningsfejl uden for grænserne førende til en -informationslækage -(\ -CVE-2018-16866), kunne gøre det muligt for en angriber at forårsage et -lammelsesangreb eller udførelse af vilkårlig kode.

- -

Flere oplysninger finder man i Qualys Security Advisory på: -\ -https://www.qualys.com/2019/01/09/system-down/system-down.txt

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 232-25+deb9u7.

- -

Vi anbefaler at du opgraderer dine systemd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende systemd, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/systemd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4367.data" diff --git a/danish/security/2019/dsa-4368.wml b/danish/security/2019/dsa-4368.wml deleted file mode 100644 index bdd05c4ff19..00000000000 --- a/danish/security/2019/dsa-4368.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="3af3ca701db359cb0e776a690fd5e1cbcae67627" mindelta="1" -sikkerhedsopdatering - -

Guido Vranken opdagede at ukorrekte grænsekontroller i ZeroMQ, en -letvægtskerne til messaging, kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 4.2.1-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine zeromq3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende zeromq3, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/zeromq3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4368.data" diff --git a/danish/security/2019/dsa-4369.wml b/danish/security/2019/dsa-4369.wml deleted file mode 100644 index 79a115aaca9..00000000000 --- a/danish/security/2019/dsa-4369.wml +++ /dev/null @@ -1,45 +0,0 @@ -#use wml::debian::translation-check translation="8a1c0e346cc4b60809eb2067ebcb114fe8cc027d" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisor'en Xen:

- -
    - -
  • CVE-2018-19961 / - CVE-2018-19962 - -

    Paul Durrant opdagede at ukorrekt TLB-håndtering kunne medføre - lammelsesangreb, rettighedsforøgelse eller informationslækager.

    • - -
  • CVE-2018-19965 - -

    Matthew Daley opdagede at ukorrekt håndtering af INVPCID-instruktionen - kunne medføre lammelsesangreb foretaget af PV-gæster.

    • - -
  • CVE-2018-19966 - -

    Man opdagede at en regression i rettelsen af - CVE-2017-15595 - kunne medføre lammelsesangreb, rettighedsforøgelse eller informationslækager - foretaget af en PV-gæst.

    • - -
  • CVE-2018-19967 - -

    Man opdagede at en fejl i nogle Intel CPU'er kunne medføre - lammelsesangreb foretaget af en gæsteinstans.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.8.5+shim4.10.2+xsa282-1+deb9u11.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4369.data" diff --git a/danish/security/2019/dsa-4370.wml b/danish/security/2019/dsa-4370.wml deleted file mode 100644 index 290cbcf7896..00000000000 --- a/danish/security/2019/dsa-4370.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="4eb54b0c3467c7c7d85b14f5c07fa5a97d71ae2f" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev fundet i Drupal, et komplet framework til -indholdshåndtering, hvilke kunne medføre udførelse af vilkårlig kode.

- -

For yderligere oplysninger, se opstrøms bulletiner på: -https://www.drupal.org/sa-core-2019-001 og -https://www.drupal.org/sa-core-2019-002

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.52-2+deb9u6.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende drupal7, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/drupal7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4370.data" diff --git a/danish/security/2019/dsa-4371.wml b/danish/security/2019/dsa-4371.wml deleted file mode 100644 index 7794335e205..00000000000 --- a/danish/security/2019/dsa-4371.wml +++ /dev/null @@ -1,193 +0,0 @@ -#use wml::debian::translation-check translation="901f7a15374b175ce7794ff11269a24e33da9dd5" mindelta="1" -sikkerhedsopdatering - -

Max Justicz opdagede en sårbarhed i APT, pakkehåndteringsprogrammet på højt -niveau. Koden til håndtering af HTTP-viderestillinger i HTTP-transportmetoden, -rensede ikke på korrekt vis felter overført over netet. Sårbarheden kunne -anvendes af en angriber, der befinder sig som manden i midten mellem APT og et -filspejl, til at indsprøjte indsindet indhold i HTTP-forbindelsen. Indholdet -kunne dernæst blive genkendt af APT som en gyldig pakke, og senere blive -benyttet til udførelse af kode med rootrettigheder på offerets maskine.

- -

Da sårbarheden findes i selve pakkehåndteringsprogrammet, anbefales det at -deaktivere viderestillinger for at forhindre udnyttelse under selve -opgraderingen, det gøres med:

- -apt -o Acquire::http::AllowRedirect=false update
-apt -o Acquire::http::AllowRedirect=false upgrade - -

Nogle proxy'er fungerer ikke med denne opsætningsændring, når det benyttes -mod security.debian.org. Hvis det sker, kan man ændres sin APT-kilde til at -benytte:

- -deb http://cdn-fastly.deb.debian.org/debian-security stable/updates main - -

I den stabile distribution (stretch), er dette problem rettet i -version 1.4.9.

- -

Vi anbefaler at du opgraderer dine apt-pakker.

- -

Særlig opgraderingsvejledning:

- -

Hvis opgradering af APT uden viderestilling ikke er muligt i din situation, -kan du manuelt hente filerne (vha. wget/curl) til din arkitektur, med brug af -URL'erne herunder, og med kontrol af at hash-værdierne stemmer. Du kan dernæst -installere dem med dpkg -i.

- -

Kildekodearkiver:

- -

http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9.dsc - Størrelse/SHA256-kontrolsum: 2549 986d98b00caac809341f65acb3d14321d645ce8e87e411c26c66bf149a10dfea
-http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9.tar.xz - Størrelse/SHA256-kontrolsum: 2079572 d4d65e7c84da86f3e6dcc933bba46a08db429c9d933b667c864f5c0e880bac0d

- -

Arkitekturuafhængige filer:

- -

http://security.debian.org/pool/updates/main/a/apt/apt-doc_1.4.9_all.deb - Størrelse/SHA256-kontrolsum: 365094 8880640591f64ab7b798f0421d18cba618512ca61ed7c44fbbbb6140423551d5
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_1.4.9_all.deb - Størrelse/SHA256-kontrolsum: 1004234 42f4c5945c4c471c3985db1cec7adcac516cc21a497a438f3ea0a2bfa7ffe036

- -

amd64-arkitektur:

- -

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_1.4.9_amd64.deb - Størrelse/SHA256-kontrolsum: 170820 c8c4366d1912ff8223615891397a78b44f313b0a2f15a970a82abe48460490cb
-http://security.debian.org/pool/updates/main/a/apt/apt-utils_1.4.9_amd64.deb - Størrelse/SHA256-kontrolsum: 409958 fb227d1c4615197a6263e7312851ac3601d946221cfd85f20427a15ab9658d15
-http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9_amd64.deb - Størrelse/SHA256-kontrolsum: 1231594 dddf4ff686845b82c6c778a70f1f607d0bb9f8aa43f2fb7983db4ff1a55f5fae
-http://security.debian.org/pool/updates/main/a/apt/libapt-inst2.0_1.4.9_amd64.deb - Størrelse/SHA256-kontrolsum: 192382 a099c57d20b3e55d224433b7a1ee972f6fdb79911322882d6e6f6a383862a57d
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_1.4.9_amd64.deb - Størrelse/SHA256-kontrolsum: 235220 cfb0a03ecd22aba066d97e75d4d00d791c7a3aceb2e5ec4fbee7176389717404
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg5.0_1.4.9_amd64.deb - Størrelse/SHA256-kontrolsum: 916448 03281e3d1382826d5989c12c77a9b27f5f752b0f6aa28b524a2df193f7296e0b

- -

arm64-arkitektur:

- -

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_1.4.9_arm64.deb - Størrelse/SHA256-kontrolsum: 167674 6635e174290f89555a2eb9cbc083b1fa566b2cd65318212c8c760b87bfb2c544
-http://security.debian.org/pool/updates/main/a/apt/apt-utils_1.4.9_arm64.deb - Størrelse/SHA256-kontrolsum: 401136 f7e95f4fbc94409ff4dceb16626beb6cd0eecff5e6982e1bf808af014ea7331f
-http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9_arm64.deb - Størrelse/SHA256-kontrolsum: 1202864 54abf458ed6b78f56638771fa30cdc9e482469cc0e2dfc2146b3606ea22a3449
-http://security.debian.org/pool/updates/main/a/apt/libapt-inst2.0_1.4.9_arm64.deb - Størrelse/SHA256-kontrolsum: 191188 27d1254e03a80f77458e2c2aceb097c9a85e9cefb4623643a1e25b45e0b889ae
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_1.4.9_arm64.deb - Størrelse/SHA256-kontrolsum: 235220 3f046e34009db988edd4e0474b13100ba92adf3beac16456785ee16940b51f2d
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg5.0_1.4.9_arm64.deb - Størrelse/SHA256-kontrolsum: 855612 c3b333927f340bb044ec44f2bfe2abced35ebb3e91457ae91249d26058e7b796

- -

armel-arkitektur:

- -

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_1.4.9_armel.deb - Størrelse/SHA256-kontrolsum: 165820 179bcd2457beb0c8449101684c40dc94c9882166b17d584162109928d124cffc
-http://security.debian.org/pool/updates/main/a/apt/apt-utils_1.4.9_armel.deb - Størrelse/SHA256-kontrolsum: 394280 90f760e7480582bcabc2a2f50a44a2d1f5ce4070370295832bc82424887e5289
-http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9_armel.deb - Størrelse/SHA256-kontrolsum: 1190316 862ba546c54b66732d2a2d17b44aa4d20109f2bd4ba158d62d158ba190eed649
-http://security.debian.org/pool/updates/main/a/apt/libapt-inst2.0_1.4.9_armel.deb - Størrelse/SHA256-kontrolsum: 189878 531e3a673d24b3ae79babc5110d3b27cdbd7a274c0839ff650d691d88d28d8d7
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_1.4.9_armel.deb - Størrelse/SHA256-kontrolsum: 235218 46ecb77704fb8957505d96bdfa7c1f190559914ad96297a6b15609ed1a1a24d9
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg5.0_1.4.9_armel.deb - Størrelse/SHA256-kontrolsum: 829040 6d2ca52d1823ca3100a2bc3d98ed15aca5af1b59203006794b8e8cb4575433b0

- -

armhf-arkitektur:

- -

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_1.4.9_armhf.deb - Størrelse/SHA256-kontrolsum: 166962 523bf76fd9ee262b08fb04ce2afcd5c0d4e81087c111f31179f5ec2882bbbe93
-http://security.debian.org/pool/updates/main/a/apt/apt-utils_1.4.9_armhf.deb - Størrelse/SHA256-kontrolsum: 397912 4d4699621974098a2d7d1d76c4ee5995e0a56c40a336bbc008308f799cc6bc77
-http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9_armhf.deb - Størrelse/SHA256-kontrolsum: 1198550 0d2b46b839041ac660a33bb17477e66a5317690135346a9a616dfb2efc07906d
-http://security.debian.org/pool/updates/main/a/apt/libapt-inst2.0_1.4.9_armhf.deb - Størrelse/SHA256-kontrolsum: 189906 37acb514874d95cd39991ff0c759bf17ba2d7f1af746b5e0767b1ee2da52f892
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_1.4.9_armhf.deb - Størrelse/SHA256-kontrolsum: 235220 2596fbe7bbad28d57374a2ab6278e9be7cb01e0eee4733f66b76a62492db46e8
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg5.0_1.4.9_armhf.deb - Størrelse/SHA256-kontrolsum: 851386 a7619b4cf5b6205bae21cd25fcc8a856dc108e9f1be6c48e246379f157dc8703

- -

i386-arkitektur:

- -

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_1.4.9_i386.deb - Størrelse/SHA256-kontrolsum: 174508 1e7a22d8f976f56ace375e7e02e19b2629a68e6e28c71d9b9126aa0ac3d3175c
-http://security.debian.org/pool/updates/main/a/apt/apt-utils_1.4.9_i386.deb - Størrelse/SHA256-kontrolsum: 421244 25835d5ae4330608421ac4cc6e5c938d36590b55f88bae8ba49b8ce95f3edee1
-http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9_i386.deb - Størrelse/SHA256-kontrolsum: 1263876 e5ce4790d6565634199199f6bf1d29986468603748aa56d135067ae878416649
-http://security.debian.org/pool/updates/main/a/apt/libapt-inst2.0_1.4.9_i386.deb - Størrelse/SHA256-kontrolsum: 194534 5937ffef18ef22271a616d32388b50a06ee0ce6ccab90ca870548b9aa5b29e32
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_1.4.9_i386.deb - Størrelse/SHA256-kontrolsum: 235220 0b045d17a2b45aa59b55c6c5ccd47f738e2edeb189cd892d710f0e35b4d09b27
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg5.0_1.4.9_i386.deb - Størrelse/SHA256-kontrolsum: 989166 16e6470005d25741a9bf39c02ba3f287fda0a66dda8a5859c0efa24a97f56351

- -

mips64el-arkitektur:

- -

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_1.4.9_mips64el.deb - Størrelse/SHA256-kontrolsum: 168898 c3af79ed48010edb558d1e80b1a6ee182c66e234506de96c056844743234c9ba
-http://security.debian.org/pool/updates/main/a/apt/apt-utils_1.4.9_mips64el.deb - Størrelse/SHA256-kontrolsum: 407486 d634b98ae56c7d4e8640fbdb515a17a53d86a3f53a1890edbc40085fa2e6b1be
-http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9_mips64el.deb - Størrelse/SHA256-kontrolsum: 1212204 d9d44ffb8b1860071908267ebda728e8d1086fc911eb66e16f52de07547af6da
-http://security.debian.org/pool/updates/main/a/apt/libapt-inst2.0_1.4.9_mips64el.deb - Størrelse/SHA256-kontrolsum: 192760 6d3fc127c587cce8de194ea7976e3c2664515f5c7959428d89c0d01affcf8567
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_1.4.9_mips64el.deb - Størrelse/SHA256-kontrolsum: 235226 30b6ae87ecb434fb008760d2ccd29c2f70cbd44a130eb4731b040d8893dfc909
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg5.0_1.4.9_mips64el.deb - Størrelse/SHA256-kontrolsum: 850490 51e697b30b4f9f5ff0d942e04fb48962e6ae9a898d6bd165d16733c064325fd8

- -

mips-arkitektur:

- -

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_1.4.9_mips.deb - Størrelse/SHA256-kontrolsum: 169328 4e9b54777d8c2a5813fa8e4aa395a91b587edd33f4ef661898ada4cbc8943197
-http://security.debian.org/pool/updates/main/a/apt/apt-utils_1.4.9_mips.deb - Størrelse/SHA256-kontrolsum: 408388 8a834ddee8e6182de5768e12564137eb063bee6b1918d4c08c88b9c11a4cb856
-http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9_mips.deb - Størrelse/SHA256-kontrolsum: 1212756 ea41a5c84b953bb818a6779a141efdcd3e2b46c895eb64e9c0e11d49755bf256
-http://security.debian.org/pool/updates/main/a/apt/libapt-inst2.0_1.4.9_mips.deb - Størrelse/SHA256-kontrolsum: 192556 2e09a9207914f215686a6b305a0e46bbdeb46c18ba9ea9115631ed216a2896cb
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_1.4.9_mips.deb - Størrelse/SHA256-kontrolsum: 235216 2c582528fb38966de60476e2121037a80d3357fd95cc8e1453c3e5a52d030655
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg5.0_1.4.9_mips.deb - Størrelse/SHA256-kontrolsum: 858768 125dcd2c1e284600a94a5a471a96534c03e55c9c3091ad06b8d5bfef4d65a574

- -

mipsel-arkitektur:

- -

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_1.4.9_mipsel.deb - Størrelse/SHA256-kontrolsum: 169958 cea079260b61817bb6163c3268e6714e09326777d8bbc2b70de7bc6f8cf9ef33
-http://security.debian.org/pool/updates/main/a/apt/apt-utils_1.4.9_mipsel.deb - Størrelse/SHA256-kontrolsum: 409708 5f95e0433899d05bceb8150a02ee444cc42476a0c81eb35ed43402a0f4f7f5fd
-http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9_mipsel.deb - Størrelse/SHA256-kontrolsum: 1218954 6eaf9b8d9e0239d2ffcce046892bf0d0553688dfd5e44332c0dbe84a66648545
-http://security.debian.org/pool/updates/main/a/apt/libapt-inst2.0_1.4.9_mipsel.deb - Størrelse/SHA256-kontrolsum: 192822 59c2dcfe8e23f63cd201777a11b45d5833045ada44b616ed059d223cee99311a
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_1.4.9_mipsel.deb - Størrelse/SHA256-kontrolsum: 235216 7fe6c1f8074bff4a29a2988556295ef558b5650edd66145866957e2528c92f7e
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg5.0_1.4.9_mipsel.deb - Størrelse/SHA256-kontrolsum: 869792 2abb3afa5689f3dd0461b998449934ce06ced68ef6cdc8e4e121196f40bd30e6

- -

ppc64el-arkitektur:

- -

http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_1.4.9_ppc64el.deb - Størrelse/SHA256-kontrolsum: 169566 9de5b780e0e0d381bb1f1cfbff5626e36bae7df6ca25f6c49affc650b88cd152
-http://security.debian.org/pool/updates/main/a/apt/apt-utils_1.4.9_ppc64el.deb - Størrelse/SHA256-kontrolsum: 406494 5f66c194b5897c490212c15806821d6f924c1353b5031a11383f3b2ebb25d44c
-http://security.debian.org/pool/updates/main/a/apt/apt_1.4.9_ppc64el.deb - Størrelse/SHA256-kontrolsum: 1221036 b6235daa430bd3e6df37855fd8fcebe057c187335c9e45744e35694600475495
-http://security.debian.org/pool/updates/main/a/apt/libapt-inst2.0_1.4.9_ppc64el.deb - Størrelse/SHA256-kontrolsum: 192604 92d4290b343ada2eaca425f09d56d2767b0bca5221957477515fdb9391497fa8
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_1.4.9_ppc64el.deb - Størrelse/SHA256-kontrolsum: 235222 e6ef81e5f61383584aba546056f43458cd83d1d56a96087301ba0454efdd3941
-http://security.debian.org/pool/updates/main/a/apt/libapt-pkg5.0_1.4.9_ppc64el.deb - Størrelse/SHA256-kontrolsum: 888440 0f2987f64499f3b3f15f2d560d2d41ddc71986e557e94a20ea02af4c71481b47

- -

For detaljeret sikkerhedsstatus vedrørende apt, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/apt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4371.data" diff --git a/danish/security/2019/dsa-4372.wml b/danish/security/2019/dsa-4372.wml deleted file mode 100644 index 82ccb692279..00000000000 --- a/danish/security/2019/dsa-4372.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a05dfb29c66965bb2d09e3a15d2a0c0addbbb08c" mindelta="1" -sikkerhedsopdatering - -

Tavis Ormandy opdagede en sårbarhed i Ghostscript, GPL -PostScript-/PDF-fortolkeren, hvilken kunne medføre lammelsesangreb eller -udførelse af vilkårlig kode, hvis en misdannet Postscript-fil blev behandlet (på -trods af sandkassen -dSAFER er aktiveret).

- -

I den stabile distribution (stretch), er dette problem rettet i version -9.26a~dfsg-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ghostscript, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ghostscript

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4372.data" diff --git a/danish/security/2019/dsa-4373.wml b/danish/security/2019/dsa-4373.wml deleted file mode 100644 index d815099bd4f..00000000000 --- a/danish/security/2019/dsa-4373.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="08e97d6a66338b9fb8da51eb27b4c3dde971c164" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i coTURN, en TURN- og STUN-server til -VoIP.

- -
    - -
  • CVE-2018-4056 - -

    En SQL-indsprøjtningssårbarhed blev opdaget i coTURN's - administratorwebportal. Da administrationswebgrænsefladen deles med - produktion, er det desværre ikke muligt at på en let måde at bortfiltrere - adgang udefra, og denne sikkerhedsopdatering deaktiverer fuldstændig - webgrænsefladen. Brugerne bør i stedet benytte den lokale - kommandolinjegrænseflade.

    • - -
  • CVE-2018-4058 - -

    Standardopsætningen aktiverer usikker loopback-viderestilling. En - fjernangriber med adgang til TURN-grænsefladen kunne udnytte sårbarheden til - at opnå adgang til tjenester, der kun bør være lokale.

    • - -
  • CVE-2018-4059 - -

    Standardopsætningen anvender en tom adgangskode til den lokale - kommandolinjebaserede administrationsgrænseflade. En angriber med adgang - til den lokale konsol (enten en lokal angriber eller en fjern angriber, der - drager nytte af - CVE-2018-4058) - kunne forøge rettigheder til administrator af coTURN-serveren.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.5.0.5-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine coturn-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende coturn, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/coturn

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4373.data" diff --git a/danish/security/2019/dsa-4374.wml b/danish/security/2019/dsa-4374.wml deleted file mode 100644 index 47c419cc165..00000000000 --- a/danish/security/2019/dsa-4374.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="3533697830e63ccbcf364cd1ee3485c871f2e152" mindelta="1" -sikkerhedsopdatering - -

Flere problemer blev opdaget i qtbase-opensource-src, et -C++-applikationsframework som fungerer på flere platforme, hvilke kunne føre til -lammelsesangreb gennem applikationsnedbrud. Desuden retter denne opdatering et -problem, som påvirker vlc, hvor programmet startede uden en GUI.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 5.7.1+dfsg-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine qtbase-opensource-src-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qtbase-opensource-src, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qtbase-opensource-src

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4374.data" diff --git a/danish/security/2019/dsa-4375.wml b/danish/security/2019/dsa-4375.wml deleted file mode 100644 index 4e673f4eef7..00000000000 --- a/danish/security/2019/dsa-4375.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="2e4e6e9ae1b5b13ebcc2fecf6205fad709e16991" mindelta="1" -sikkerhedsopdatering - -

Christophe Fergeau opdagede en sårbarhed i forbindelse med læsning uden for -grænserne i spice, et klient- og serverbibliotek til SPICE-protokollen, hvilken -kunne medføre lammelsesangreb (nedbrud af spiceserveren) eller muligvis -udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.12.8-2.1+deb9u3.

- -

Vi anbefaler at du opgraderer dine spice-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spice, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/spice

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4375.data" diff --git a/danish/security/2019/dsa-4376.wml b/danish/security/2019/dsa-4376.wml deleted file mode 100644 index 366166de71b..00000000000 --- a/danish/security/2019/dsa-4376.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="66b94f427de72117b4c9a5a585954dc90a426d56" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode eller -rettighedsforøgelse.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 60.5.0esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4376.data" diff --git a/danish/security/2019/dsa-4377.wml b/danish/security/2019/dsa-4377.wml deleted file mode 100644 index c372d4e99ba..00000000000 --- a/danish/security/2019/dsa-4377.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="5ab30aafbfd62a548582887f297aa136a1d43e7b" mindelta="1" -sikkerhedsopdatering - -

ESnets sikkerhedshold opdagede en sårbarhed i rssh, en begrænset shell der -gør det muligt for brugere kun at udføre scp-, sftp-, cvs-, svnserve- -(Subversion), rdist- og/eller rsync-handlinger. Manglende validering i -scp-understøttelsen kunne medføre omgåelse af denne begrænsning, gørende det -muligt at udføre vilkårlige shell-kommandoer.

- -

Bemærk at når denne opdatering er installeret, kan scp's parameter -3 -ikke længere anvendes.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.3.4-5+deb9u1.

- -

Vi anbefaler at du opgraderer dine rssh-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende rssh, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/rssh

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4377.data" diff --git a/danish/security/2019/dsa-4378.wml b/danish/security/2019/dsa-4378.wml deleted file mode 100644 index 17ad5cbfd85..00000000000 --- a/danish/security/2019/dsa-4378.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="9100a7bb07a19bd0e0ff30f6a7a76ce9a79f4f99" mindelta="1" -sikkerhedsopdatering - -

Fariskhi Vidyan opdagede at pakken PEAR Archive_Tar til håndtering af -tar-filer i PHP, var ramt af en sårbarhed i forbindelse med indsprøjtning af -PHP-objekter, hvilket potentielt gjorde det muligt for en fjernangriber at -udføre vilkårlig kode.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:1.10.1+submodules+notgz-9+deb9u1.

- -

Vi anbefaler at du opgraderer dine php-pear-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php-pear, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php-pear

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4378.data" diff --git a/danish/security/2019/dsa-4379.wml b/danish/security/2019/dsa-4379.wml deleted file mode 100644 index 32399efb18d..00000000000 --- a/danish/security/2019/dsa-4379.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="787e00b9ef1424f75a0a0b8861e5d54c3252c3c0" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i implementeringen af de elliptiske kurver P-521 og -P-384, hvilken kunne medføre lammelsesangreb og i nogle tilfælde gendannelse af -nøgler.

- -

Desuden retter denne opdatering en sårbarhed i go get, som kunne medføre -udførelse af vilkårlige shell-kommandoer.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.7.4-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine golang-1.7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende golang-1.7, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/golang-1.7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4379.data" diff --git a/danish/security/2019/dsa-4380.wml b/danish/security/2019/dsa-4380.wml deleted file mode 100644 index 41830ee0cb4..00000000000 --- a/danish/security/2019/dsa-4380.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="e1aa243819cbb2c02daf7b917e24de557160879f" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i implementeringen af de elliptiske kurver P-521 og -P-384, hvilken kunne medføre lammelsesangreb og i nogle tilfælde gendannelse af -nøgler.

- -

Desuden retter denne opdatering to sårbarheder i go get, som kunne medføre -udførelse af vilkårlige shell-kommandoer.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.8.1-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine golang-1.8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende golang-1.8, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/golang-1.8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4380.data" diff --git a/danish/security/2019/dsa-4381.wml b/danish/security/2019/dsa-4381.wml deleted file mode 100644 index 141d0ea34f7..00000000000 --- a/danish/security/2019/dsa-4381.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="14a0a379eae5d1240663703dd6c9612ac6a9c584" mindelta="1" -sikkerhedsopdatering - -

Alex Infuehr opdagede en mappegennemløbssårbarhed, som kunne medføre -udførelse af Python-skriptkode, når et misdannet dokument blev åbnet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:5.2.7-1+deb9u5. Desuden retter denne opdatering en fejl i -valideringen af signerede PDF-filer; der blev vist en ufuldstændig -statusmeddelelse, når der blev håndteret en delvist signatur.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libreoffice, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libreoffice

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4381.data" diff --git a/danish/security/2019/dsa-4382.wml b/danish/security/2019/dsa-4382.wml deleted file mode 100644 index 3d2106598ee..00000000000 --- a/danish/security/2019/dsa-4382.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="1c446c59fe81d2896ffc8c4c25df1a888c219f9c" mindelta="1" -sikkerhedsopdatering - -

Nick Cleaton opdagede to sårbarheder i rssh, en begrænset shell der gør det -muligt for brugere kun at udføre scp-, sftp-, cvs-, svnserve- (Subversion), -rdist- og/eller rsync-handlinger. Manglende validering i rsync-understøttelsen -kunne medføre omgåelse af denne begrænsning, gørende det muligt at udføre -vilkårlige shell-kommandoer.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.3.4-5+deb9u2.

- -

Vi anbefaler at du opgraderer dine rssh-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende rssh, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/rssh

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4382.data" diff --git a/danish/security/2019/dsa-4383.wml b/danish/security/2019/dsa-4383.wml deleted file mode 100644 index 7a779bad4c0..00000000000 --- a/danish/security/2019/dsa-4383.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e77aa72d123a12f996604ebe3132d972a88e24a0" mindelta="1" -sikkerhedsopdatering - -

Pavel Cheremushkin opdagede flere sårbarheder i libvncserver, et bibliotek -til implementering af VNC-server/klient-funktionalitet, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.9.11+dfsg-1.3~deb9u1.

- -

Vi anbefaler at du opgraderer dine libvncserver-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libvncserver, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libvncserver

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4383.data" diff --git a/danish/security/2019/dsa-4384.wml b/danish/security/2019/dsa-4384.wml deleted file mode 100644 index 5ab8251025f..00000000000 --- a/danish/security/2019/dsa-4384.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="9fc03c20adf02f4d771091a9f0cf56c6dfb2eb71" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i libgd2, et bibliotek til programmatisk -fremstilling og behandling af grafik, hvilke kunne medføre lammelsesangreb eller -potentielt udførelse af vilkårlig kode, hvis en misdannet fil blev -behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.2.4-2+deb9u4.

- -

Vi anbefaler at du opgraderer dine libgd2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libgd2, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/libgd2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4384.data" diff --git a/danish/security/2019/dsa-4385.wml b/danish/security/2019/dsa-4385.wml deleted file mode 100644 index fd379f89e12..00000000000 --- a/danish/security/2019/dsa-4385.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="61543f0d92cd8408059b731fb690edab0a4a3a8e" mindelta="1" -sikkerhedsopdatering - -

halfdog opdagede en sårbarhed i forbindelse med omgåelse af autentifikation i -mailserveren Dovecot. Med nogle opsætninger, havde Dovecot fejlagtigt tillid -til det brugernavn, som leveres autentifikationen, i stedet for at fejle. Hvis -der ikke er en yderligere adgangskodekontrol, var det muligt for en angriber at -logge på systemet som enhver anden bruger. Kun installationer der anvender:

- -
    -
  • auth_ssl_require_client_cert = yes
    • -
  • auth_ssl_username_from_cert = yes
    • -
- -

er påvirkede af fejlen.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:2.2.27-3+deb9u3.

- -

Vi anbefaler at du opgraderer dine dovecot-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dovecot, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/dovecot

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4385.data" diff --git a/danish/security/2019/dsa-4386.wml b/danish/security/2019/dsa-4386.wml deleted file mode 100644 index 4a00e8ada51..00000000000 --- a/danish/security/2019/dsa-4386.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="399626927b999b3938582bfb0243645dfed48f14" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i cURL, et bibliotek til overførsel af -URL'er.

- -
    - -
  • CVE-2018-16890 - -

    Wenxiang Qian fra Tencent Blade Team opdagede at funktionen der - håndterer indkommende NTLM type 2-meddelelser, ikke validerede de - indkommende data på korrekt vis, og var ramt af en - heltalsoverløbssårbarhed, hvilken kunne føre til en læsning uden for - bufferens grænser.

    • - -
  • CVE-2019-3822 - -

    Wenxiang Qian fra Tencent Blade Team opdagede at funktionen der - opretter en udgående NTLM type 3-header, var ramt af en - heltalsoverløbssårbarhed, hvilken kunne føre til en skrivning uden for - grænserne.

    • - -
  • CVE-2019-3823 - -

    Brian Carpenter fra Geeknik Labs opdagede at koden der håndterer - håndterer SMTP's end-of-response, var ramt af en læsning uden for heap'ens - grænser.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7.52.1-5+deb9u9.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende curl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/curl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4386.data" diff --git a/danish/security/2019/dsa-4387.wml b/danish/security/2019/dsa-4387.wml deleted file mode 100644 index f59c398f85c..00000000000 --- a/danish/security/2019/dsa-4387.wml +++ /dev/null @@ -1,49 +0,0 @@ -#use wml::debian::translation-check translation="19fdc288616ee3bfe6ee122b16cd10940121ffb2" mindelta="1" -sikkerhedsopdatering - -

Harry Sintonen fra F-Secure Corporation opdagede adskillige sårbarheder i -OpenSSH, en implementering af SSH-protokolprogrampakken. Alle sårbarhederne -blev findet i scp-klientens implementering af SCP-protokollen.

- -
    - -
  • CVE-2018-20685 - -

    På grund af ukorrekt validering af mappenavn, tillod scp-klienten at - servere kunne ændre målmappens rettigheder, ved at anvende tomme eller - punktum-mappenavne.

    • - -
  • CVE-2019-6109 - -

    På grund af manglende tegnindkapsling i fremgangsvisningen, kunne - objektnavnet anvendes til at manipulere med klientens uddata, for eksempel - til at bruge ANSI-koder til at skjule yderligere filer i en - overførsel.

    • - -
  • CVE-2019-6111 - -

    På grund af utilstrækkelig validering af inddata i stinavne, sendt af en - server, i scp-klienten, kunne en ondsindet server foretage vilkårlige - filoverskrivninger i målmappen. Hvis en rekursiv valgmulighed (-r) blev - benyttet, kunne serveren også manipulere med undermapper.

    - -

    Kontrollen der er tilføjet i denne version, kan føre til regression, hvis - klienten og serveren har forskelle i wildcardudvidelsesreglerne. Hvis - der stoles på serveren til det formål, kan kontrollere deaktivere med en ny - valgmulighed, -T, i scp-klienten.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:7.4p1-10+deb9u5.

- -

Vi anbefaler at du opgraderer dine openssh-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssh, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssh

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4387.data" diff --git a/danish/security/2019/dsa-4388.wml b/danish/security/2019/dsa-4388.wml deleted file mode 100644 index 788a0f54e2e..00000000000 --- a/danish/security/2019/dsa-4388.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="f83e60277f547a814f390389ca36a61fb8c277c6" mindelta="1" -sikkerhedsopdatering - -

Tre sårbarheder blev opdaget i Mosquitto MQTT-broker'en, hvilke kunne medføre -autentifikationsomgåelse. Se -\ -https://mosquitto.org/blog/2019/02/version-1-5-6-released/ for flere -oplysninger.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.4.10-3+deb9u3.

- -

Vi anbefaler at du opgraderer dine mosquitto-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mosquitto, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mosquitto

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4388.data" diff --git a/danish/security/2019/dsa-4389.wml b/danish/security/2019/dsa-4389.wml deleted file mode 100644 index 637b0ad1e3a..00000000000 --- a/danish/security/2019/dsa-4389.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="6106e3005d85783e7500485f21df9642eb744497" mindelta="1" -sikkerhedsopdatering - -

Christian Reitter opdagede at libu2f-host, et bibliotek hvor værtssiden af -U2F-protokollen er implementeret, kontrollerede ikke på korrekt vis for et -bufferoverløb. Dermed var det muligt for en angriber, med en skræddersyet, -ondsindet USB-enhed, som giver sig ud for at være en sikkerhedsnøgle, samt med -fysisk adgang til en computer hvor PAM U2F eller en applikation med integreret -libu2f-host, potentielt at udføre vilkårlig kode på denne computer.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.1.2-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine libu2f-host-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libu2f-host, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libu2f-host

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4389.data" diff --git a/danish/security/2019/dsa-4390.wml b/danish/security/2019/dsa-4390.wml deleted file mode 100644 index 5655bc92526..00000000000 --- a/danish/security/2019/dsa-4390.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="dd6f27290be06e734e9dc5a5f82fcdceaa81d5df" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Flatpak, et applikationsudrulningsframework til -skrivebordsapps, på utilstrækkelig vis begrænsede udførelse af -apply_extra-skripter, hvilket potentielt kunne medføre -rettighedsforøgelse.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 0.8.9-0+deb9u2.

- -

Vi anbefaler at du opgraderer dine flatpak-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende flatpak, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/flatpak

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4390.data" diff --git a/danish/security/2019/dsa-4391.wml b/danish/security/2019/dsa-4391.wml deleted file mode 100644 index 01ecedf96cd..00000000000 --- a/danish/security/2019/dsa-4391.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="130ecf9b987b9c3e7f932f0818e5f39e9642ab7f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne meføre udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 60.5.1esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4391.data" diff --git a/danish/security/2019/dsa-4392.wml b/danish/security/2019/dsa-4392.wml deleted file mode 100644 index 6dfc792586c..00000000000 --- a/danish/security/2019/dsa-4392.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b5dc65b9360fc57fe2e4d405c439dd707a7548cb" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i mailklienten Thunderbird, hvilke -kunne medføre til udførelse af vilkårlig kode, lammelsesangreb eller -forfalskning af S/MIME-signaturer.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:60.5.1-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4392.data" diff --git a/danish/security/2019/dsa-4393.wml b/danish/security/2019/dsa-4393.wml deleted file mode 100644 index e6d59ab93ea..00000000000 --- a/danish/security/2019/dsa-4393.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="34ae0f19a9de75249743ece524cf203642ea021a" mindelta="1" -sikkerhedsopdatering - -

Chris Coulson opdagede en fejl i systemd, førende til lammelsesangreb. En -upriviligeret bruger kunne drage nytte af problemet til at få PID1 til at gå -ned, ved at sende særligt fremstillede D-Bus-meddelelser på systembus'en.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 232-25+deb9u9.

- -

Vi anbefaler at du opgraderer dine systemd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende systemd, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/systemd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4393.data" diff --git a/danish/security/2019/dsa-4394.wml b/danish/security/2019/dsa-4394.wml deleted file mode 100644 index fcd7638a27d..00000000000 --- a/danish/security/2019/dsa-4394.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="16d42027e2ab1580144089adefdf6985b8421c4a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i rdesktop RDP-klienten, hvilke -kunne medføre lammelsesangreb, informationsafsløring og udførelse af vilkårlig -kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.8.4-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine rdesktop-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende rdesktop, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/rdesktop

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4394.data" diff --git a/danish/security/2019/dsa-4395.wml b/danish/security/2019/dsa-4395.wml deleted file mode 100644 index 413280c0553..00000000000 --- a/danish/security/2019/dsa-4395.wml +++ /dev/null @@ -1,162 +0,0 @@ -#use wml::debian::translation-check translation="13c74272ff7923316d1023584e21f19c0a5f1e92" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2018-17481 - -

    Et problem med anvendelse efter frigivelse blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2019-5754 - -

    Klzgrad opdagede en fejl i implementeringen af QUIC-networking.

    • - -
  • CVE-2019-5755 - -

    Jay Bosamiya opdagede en implementeringsfejl i JavaScript-biblioteket - v8.

    • - -
  • CVE-2019-5756 - -

    Et problem med anvendelse efter frigivelse blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2019-5757 - -

    Alexandru Pitis opdagede en typeforvirringsfejl i implementeringen af - billedformatet SVG.

    • - -
  • CVE-2019-5758 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse i - blink/webkit.

    • - -
  • CVE-2019-5759 - -

    Almog Benin opdagede et problem med anvendelse efter frigivelse, når der - blev håndteret HTML-sider indeholdelse select-elementer.

    • - -
  • CVE-2019-5760 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse i - implementeringen af WebRTC.

    • - -
  • CVE-2019-5762 - -

    Et problem med anvendelse efter frigivelse blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2019-5763 - -

    Guang Gon opdagede en inddatavalideringsfejl i JavaScript-biblioteket - v8.

    • - -
  • CVE-2019-5764 - -

    Eyal Itkin opdagede et problem med anvendelse efter frigivelse i - implementeringen af WebRTC.

    • - -
  • CVE-2019-5765 - -

    Sergey Toshin opdagede en fejl i forbindelse med håndhævelse af policy.

    • - -
  • CVE-2019-5766 - -

    David Erceg opdagede en fejl i forbindelse med håndhævelse af policy.

    • - -
  • CVE-2019-5767 - -

    Haoran Lu, Yifan Zhang, Luyi Xing og Xiaojing Liao rapporterede om en - fejl i WebAPKs brugergrænseflade.

    • - -
  • CVE-2019-5768 - -

    Rob Wu opdagede en fejl i forbindelse med håndhævelse af policy i developer tools.

    • - -
  • CVE-2019-5769 - -

    Guy Eshel opdagede en inddatavalideringsfejl i blink/webkit.

    • - -
  • CVE-2019-5770 - -

    hemidallt opdagede et bufferoverløbsproblem i implementeringen af - WebGL.

    • - -
  • CVE-2019-5772 - -

    Zhen Zhou opdagede et problem med anvendelse efter frigivelse i biblioteket - pdfium.

    • - -
  • CVE-2019-5773 - -

    Yongke Wong opdagede en inddatavalideringsfejl i implementeringen af - IndexDB.

    • - -
  • CVE-2019-5774 - -

    Junghwan Kang og Juno Im opdagede en inddatavalideringsfejl i - implementeringen af SafeBrowsing.

    • - -
  • CVE-2019-5775 - -

    evil1m0 opdagede en fejl i forbindelse med håndhævelse af policy.

    • - -
  • CVE-2019-5776 - -

    Lnyas Zhang opdagede en fejl i forbindelse med håndhævelse af policy.

    • - -
  • CVE-2019-5777 - -

    Khalil Zhani opdagede en fejl i forbindelse med håndhævelse af policy.

    • - -
  • CVE-2019-5778 - -

    David Erceg opdagede en fejl i forbindelse med håndhævelse af policy i - implementeringen af Extensions.

    • - -
  • CVE-2019-5779 - -

    David Erceg opdagede en fejl i forbindelse med håndhævelse af policy i - implementerrngen af ServiceWorker.

    • - -
  • CVE-2019-5780 - -

    Andreas Hegenberg opdagede en fejl i forbindelse med håndhævelse af policy.

    • - -
  • CVE-2019-5781 - -

    evil1m0 opdagede en fejl i forbindelse med håndhævelse af policy.

    • - -
  • CVE-2019-5782 - -

    Qixun Zhao opdagede en implementeringsfejl i JavaScript-biblioteket - v8.

    • - -
  • CVE-2019-5783 - -

    Shintaro Kobori opdagede en inddatavalideringsfejl i developer - tools.

    • - -
  • CVE-2019-5784 - -

    Lucas Pinheiro opdagede en implementeringsfejl i JavaScript-biblioteket - v8.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 72.0.3626.96-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4395.data" diff --git a/danish/security/2019/dsa-4396.wml b/danish/security/2019/dsa-4396.wml deleted file mode 100644 index 4a77bc67f6e..00000000000 --- a/danish/security/2019/dsa-4396.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="326ce30b40d6fb0de9a5955b4d8b0d7b4d143303" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i Ansible, et system til konfiguration, -administration, udrulning og udførelse af tasks:

- -
    - -
  • CVE-2018-10855 / - CVE-2018-16876 - -

    Taskflaget no_log blev ikke respekteret, medførende en - informationslækage.

    • - -
  • CVE-2018-10875 - -

    ansible.cfg blev læst fra den aktuelle arbejdsmappe.

    • - -
  • CVE-2018-16837 - -

    User-modulet lækkede parametre overført til ssh-keygen, til - procesmiljøet.

    • - -
  • CVE-2019-3828 - -

    Fetch-modulet var ramt af et mappegennemløb.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i version -2.2.1.0-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine ansible-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ansible, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ansible

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4396.data" diff --git a/danish/security/2019/dsa-4397.wml b/danish/security/2019/dsa-4397.wml deleted file mode 100644 index 62ebb3f0586..00000000000 --- a/danish/security/2019/dsa-4397.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="18b0e95ce3f963024e05673dd08a175501b9abec" mindelta="1" -sikkerhedsopdatering - -

Garming Sam rapporterede om en læsning udenfor grænserne i funktionen -ldb_wildcard_compare() i ldb, en LDAP-lignende indlejret database, medførende -lammelsesangreb.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:1.1.27-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine ldb-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ldb, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ldb

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4397.data" diff --git a/danish/security/2019/dsa-4398.wml b/danish/security/2019/dsa-4398.wml deleted file mode 100644 index 1e1d0ccc60b..00000000000 --- a/danish/security/2019/dsa-4398.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="28b63ba606aa3ea650902b16b950b08313e6f582" mindelta="1" -sikkerhedsopdatering - -

Akskillige sikkerhedsproblemer blev fundet i PHP, et vidt ubredt, generelt -anvendeligt open source-skriptsprog: Adskillige hukommelsestilgange udenfor -grænserne blev fundet i udvidelserne xmlrpc, mbstring og phar extensions, og i -funktionen dns_get_record().

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7.0.33-0+deb9u2.

- -

Vi anbefaler at du opgraderer dine php7.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4398.data" diff --git a/danish/security/2019/dsa-4399.wml b/danish/security/2019/dsa-4399.wml deleted file mode 100644 index 6809057b921..00000000000 --- a/danish/security/2019/dsa-4399.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="3020e6c7287b76cd08f5f343bd8e868db6876ce6" mindelta="1" -sikkerhedsopdatering - -

Joey Hess opdagede at plugin'en aggregate i wikicompileren Ikiwiki, var -sårbar over for en forespørgselsforfalskning på serversiden, medførende -informationsafsløring eller lammelsesangreb.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.20170111.1.

- -

Vi anbefaler at du opgraderer dine ikiwiki-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ikiwiki, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ikiwiki

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4399.data" diff --git a/danish/security/2019/dsa-4400.wml b/danish/security/2019/dsa-4400.wml deleted file mode 100644 index 523561e10c8..00000000000 --- a/danish/security/2019/dsa-4400.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a2447d2459414988bc2225736bc5921ce8943d7c" mindelta="1" -sikkerhedsopdatering - -

Juraj Somorovsky, Robert Merget og Nimrod Aviram opdagede et padding -oracle-angreb i OpenSSL.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.0.2r-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine openssl1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl1.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssl1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4400.data" diff --git a/danish/security/2019/dsa-4401.wml b/danish/security/2019/dsa-4401.wml deleted file mode 100644 index c0d99570df2..00000000000 --- a/danish/security/2019/dsa-4401.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="b90a1d4e2e3f5e47021829135fc91939c84c896e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Wordpress, et webbloggingsværktøj. De -gjorde det muligt for fjernangribere at udføre forskellige angreb i forbindelse -med udførelse af skripter på tværs af websteder (XSS) og PHP-indspøjtning, -sletning af filer, lækage af potentielt følsomme data, oprettelse af indlæg med -uautoriserede typer eller forårsagelse af lammelsesangreb gennem -applikationsnedbrud.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.7.5+dfsg-2+deb9u5.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wordpress, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wordpress

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4401.data" diff --git a/danish/security/2019/dsa-4402.wml b/danish/security/2019/dsa-4402.wml deleted file mode 100644 index 37442510f4b..00000000000 --- a/danish/security/2019/dsa-4402.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="cdc990cfe6ed5dda7be8306834dce6def395036b" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at utilstrækkelige begrænsninger i forbindelseshåndteringen i -Mumble, en krypteret low latency VoIP-klient, kunne medføre lammelsesangreb.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.2.18-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine mumble-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mumble, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mumble

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4402.data" diff --git a/danish/security/2019/dsa-4403.wml b/danish/security/2019/dsa-4403.wml deleted file mode 100644 index fb284b0ac2d..00000000000 --- a/danish/security/2019/dsa-4403.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="fb033fe9fd43b9a12b5d022033bc1e08e2a130ab" mindelta="1" -sikkerhedsopdatering - -

Akskillige sikkerhedsproblemer blev fundet i PHP, et vidt ubredt, generelt -anvendeligt open source-skriptsprog: EXIF-udvidelen havde adskillige -forekomster af ugyldige hukommelsestilgange, og rename() var implementeret på -usikker vis.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.0.33-0+deb9u3.

- -

Vi anbefaler at du opgraderer dine php7.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4403.data" diff --git a/danish/security/2019/dsa-4404.wml b/danish/security/2019/dsa-4404.wml deleted file mode 100644 index 11b70eeba32..00000000000 --- a/danish/security/2019/dsa-4404.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="7316fa5a7c15b7f447a635385eeacce9a9cd2ba9" mindelta="1" -sikkerhedsopdatering - -

Clement Lecigne opdagede et problem med anvendelse efter frigivelse i -chromiums fillæserimplementering. En ondsindet fabrikeret fil kunne anvendes -til fjernudførelse af vilkårlig kode pga. dette problem.

- -

Opdateringen retter også en regression, som opstod i den foregående -opdatering. Browseren gik altid ned, når den blev startet i -fjerndebuggingtilstand.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 72.0.3626.122-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4404.data" diff --git a/danish/security/2019/dsa-4405.wml b/danish/security/2019/dsa-4405.wml deleted file mode 100644 index bf0228af3d2..00000000000 --- a/danish/security/2019/dsa-4405.wml +++ /dev/null @@ -1,50 +0,0 @@ -#use wml::debian::translation-check translation="da347ceee9cca800740ef75deed5e600ef8e2b1d" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i openjpeg2, open source JPEG -2000-codec'et, hvilke kunne udnyttes til at forårsage et lammelsesangreb eller -muligvis fjernudførelse af kode.

- -
    - -
  • CVE-2017-17480 - -

    Bufferoverløb i stakskrivning i codec'erne jp3d og jpwl, kunne medføre - lammelsesangreb eller fjernudførelse af kode gennem en fabrikeret jp3d- - eller jpwl-fil.

    • - -
  • CVE-2018-5785 - -

    Heltalsoverløb kunne medføre et lammelsesangreb gennem en fabrikeret - bmp-fil.

    • - -
  • CVE-2018-6616 - -

    Alt for mange iterationer kunne medføre et lammelsesangreb gennem en - fabrikeret bmp-fil.

    • - -
  • CVE-2018-14423 - -

    Division med nul-sårbarheder, kunne medføre et lammelsesangreb gennem en - fabrikeret j2k-fil.

    • - -
  • CVE-2018-18088 - -

    En nullpointerdereference kunne medføre lammelsesangreb gennem en - fabrikeret bmp-fil.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.1.2-1.1+deb9u3.

- -

Vi anbefaler at du opgraderer dine openjpeg2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjpeg2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjpeg2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4405.data" diff --git a/danish/security/2019/dsa-4406.wml b/danish/security/2019/dsa-4406.wml deleted file mode 100644 index d0dd44ade89..00000000000 --- a/danish/security/2019/dsa-4406.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="17ad00a8e0aa7e57608e532137ace459e664757f" mindelta="1" -sikkerhedsopdatering - -

Francis McBratney opdagede at Windows Azure Linux Agent oprettede swapfiler -med verdensskrivbare rettigheder, medførende informationsafsløring.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.2.18-3~deb9u2.

- -

Vi anbefaler at du opgraderer dine waagent-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende waagent, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/waagent

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4406.data" diff --git a/danish/security/2019/dsa-4407.wml b/danish/security/2019/dsa-4407.wml deleted file mode 100644 index 5d030a31e76..00000000000 --- a/danish/security/2019/dsa-4407.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1c42e0b226687c28b609075615fdb187f120744e" mindelta="1" -sikkerhedsopdatering - -

Ross Geerlings opdagede at biblioteket XMLTooling ikke på korrekt vis -håndterede exceptions ved misdannede XML-deklarationer, hvilket kunne medføre -lammelsesangreb mod applikationen, der anvender XMLTooling.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.6.0-4+deb9u2.

- -

Vi anbefaler at du opgraderer dine xmltooling-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xmltooling, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xmltooling

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4407.data" diff --git a/danish/security/2019/dsa-4408.wml b/danish/security/2019/dsa-4408.wml deleted file mode 100644 index 134f69dbc15..00000000000 --- a/danish/security/2019/dsa-4408.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="ef804eb23ab51b71a72fbbb929e22867f6077440" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i liveMedia, et sæt -C++-biblioteker til multimediestreaming, hvilke kunne medføre udførelse af -vilkårlig kode eller lammelsesangreb, når der blev fortolket en misdannet -RTSP-stream.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2016.11.28-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine liblivemedia-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende liblivemedia, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/liblivemedia

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4408.data" diff --git a/danish/security/2019/dsa-4409.wml b/danish/security/2019/dsa-4409.wml deleted file mode 100644 index 77b4013c128..00000000000 --- a/danish/security/2019/dsa-4409.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="0fdccd8b2d3829f52c8a619cca5a9765f7bd54da" mindelta="1" -sikkerhedsopdatering - -

Erik Olof Gunnar Andersson opdagede at ukorrekt validering af -portindstillinger i iptable-sikkerhedsgruppedriveren hørende til Neutron, den -virtuelle netværksservice OpenStack, kunne medføre lammelsesangreb i en -multi-tenant-opsætning.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:9.1.1-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine neutron-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende neutron, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/neutron

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4409.data" diff --git a/danish/security/2019/dsa-4410.wml b/danish/security/2019/dsa-4410.wml deleted file mode 100644 index 1ed77750080..00000000000 --- a/danish/security/2019/dsa-4410.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="41ca52ecca2d75bbed349ef94e2b3b2e2732f7dd" mindelta="1" -sikkerhedsopdatering - -

En hukommelsesafsløringssårbarhed blev opdaget i OpenJDK, en implementering -af Oracles Java-platform, medførende informationsafsløring eller omgåelse af -sandkassebegrænsninger.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 8u212-b01-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine openjdk-8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-8, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4410.data" diff --git a/danish/security/2019/dsa-4411.wml b/danish/security/2019/dsa-4411.wml deleted file mode 100644 index 9985959bc0f..00000000000 --- a/danish/security/2019/dsa-4411.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="2cb2035cf565b9e1b87ec824172232c05a7aefb4" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 60.6.0esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4411.data" diff --git a/danish/security/2019/dsa-4412.wml b/danish/security/2019/dsa-4412.wml deleted file mode 100644 index 00e23cbd054..00000000000 --- a/danish/security/2019/dsa-4412.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="41f344685b2010ba39806344890bbbcc35e37a7a" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at manglende fornuftighedskontrol af inddata i file-modulet -hørende til Drupal, et komplet indholdshåndteringsframework, kunne medføre -udførelse af skripter på tværs af websteder.

- -

For yderligere oplysninger, se opstrøms bulletin på -\ -https://www.drupal.org/sa-core-2019-004.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.52-2+deb9u7.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende drupal7, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/drupal7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4412.data" diff --git a/danish/security/2019/dsa-4413.wml b/danish/security/2019/dsa-4413.wml deleted file mode 100644 index e628282611b..00000000000 --- a/danish/security/2019/dsa-4413.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="8369787bb3d891ba4a1feb0adfd2e8f80b151546" mindelta="1" -sikkerhedsopdatering - -

Et heapbaseret bufferoverløb blev opdaget i NTFS-3G, en læsnings- og -skrivnings-NTFS-driver til FUSE. En lokal bruger kunne drage nytte af fejlen -til lokal root-rettighedsforøgelse.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:2016.2.22AR.1+dfsg-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine ntfs-3g-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ntfs-3g, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/ntfs-3g

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4413.data" diff --git a/danish/security/2019/dsa-4414.wml b/danish/security/2019/dsa-4414.wml deleted file mode 100644 index fca884297d0..00000000000 --- a/danish/security/2019/dsa-4414.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="49d6d85a79874ccc5eece0c873e13c73f733ac07" mindelta="1" -sikkerhedsopdatering - -

Flere problemer er opdaget i Apache-modulet auth_mellon, hvilket leverer -SAML 2.0-autentifikation.

- -
    - -
  • CVE-2019-3877 - -

    Der var muligt at omgå kontrollen af viderestillings-URL'en ved - udlogning, således at modulet kunne anvendes som en åben - viderestillings-facilitet.

    • - -
  • CVE-2019-3878 - -

    Når mod_auth_mellon anvendes i en Apache-opsætning, der fungerer som en - fjernproxy med modulet http_proxy, var det muligt at omgå autentifikation - ved at sende SAML ECP-headere.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.12.0-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine libapache2-mod-auth-mellon-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libapache2-mod-auth-mellon, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libapache2-mod-auth-mellon

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4414.data" diff --git a/danish/security/2019/dsa-4415.wml b/danish/security/2019/dsa-4415.wml deleted file mode 100644 index 0cc7c9e50e8..00000000000 --- a/danish/security/2019/dsa-4415.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="7091678bd3a540f4a688a962894f583007354cc4" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med vilkårlig læsning, blev opdaget i passenger, -en webapplikationsserver. En lokal bruger med tilladelse til at udrulle en -applikation til passenger, kunne drage nytte af fejlen til at oprette et -symlink fra filen REVISION til en vilkårlig fil på systemet, og få dens indhold -vist gennem passenger-status.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 5.0.30-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine passenger-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende passenger, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/passenger

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4415.data" diff --git a/danish/security/2019/dsa-4416.wml b/danish/security/2019/dsa-4416.wml deleted file mode 100644 index 9875a11cd46..00000000000 --- a/danish/security/2019/dsa-4416.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="09936af61cb3cca04e4d83b167919fd556d75a34" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Wireshark, et program til analysering af netværkstrafik, -indeholdt flere sårbarheder i dissektorerne til 6LoWPAN, P_MUL, RTSE, ISAKMP, -TCAP, ASN.1 BER og RPCAP, hvilke kunne medføre lammelsesangreb.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.6.7-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wireshark, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wireshark

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4416.data" diff --git a/danish/security/2019/dsa-4417.wml b/danish/security/2019/dsa-4417.wml deleted file mode 100644 index f3fa100ce65..00000000000 --- a/danish/security/2019/dsa-4417.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="ba2c7f4bf09cf8f687842ce999de2a23e6b38575" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 60.6.1esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4417.data" diff --git a/danish/security/2019/dsa-4418.wml b/danish/security/2019/dsa-4418.wml deleted file mode 100644 index 333e65d3ceb..00000000000 --- a/danish/security/2019/dsa-4418.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="b853ea3be70cc97bf61a9e24dff05f8b0cfb418e" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i mailserveren Dovecot. Ved læsning af FTS- eller -POP3-UIDL-headere fra Dovecots indeks, blev der ikke udført grænsekontrol på -inputbufferens størrelse. En angriber med mulighed for at ændre Dovecots -indeks, kunne udnytte fejlen til rettighedsforøgelse eller udførelse af -vilkårlig kode med rettighederne hørende til dovecotbrugeren. Kun -installationer, der anvender FTS- eller pop3-migreringsplugins, er -påvirkede.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1:2.2.27-3+deb9u4.

- -

Vi anbefaler at du opgraderer dine dovecot-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dovecot, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/dovecot

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4418.data" diff --git a/danish/security/2019/dsa-4419.wml b/danish/security/2019/dsa-4419.wml deleted file mode 100644 index 2a67ed43169..00000000000 --- a/danish/security/2019/dsa-4419.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7b29e95fa54826c2b25468482e1810d07c2182ae" mindelta="1" -sikkerhedsopdatering - -

Fabien Potencier opdagede at twig, en skabelonmotor til PHP, ikke på korrekt -vis håndhævede brug af sandkasse. Det kunne potentielt medføre -informationsafsløring.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.24.0-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine twig-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende twig, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/twig

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4419.data" diff --git a/danish/security/2019/dsa-4420.wml b/danish/security/2019/dsa-4420.wml deleted file mode 100644 index 0390f7ffc25..00000000000 --- a/danish/security/2019/dsa-4420.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="1be050004b452a76b018e5fcf784d7950c822e33" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i mailklienten Thunderbird, hvilke -kunne føre til udførelse af vilkårlig kode eller lammelsesangreb.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:60.6.1-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4420.data" diff --git a/danish/security/2019/dsa-4421.wml b/danish/security/2019/dsa-4421.wml deleted file mode 100644 index e5e8683d1e8..00000000000 --- a/danish/security/2019/dsa-4421.wml +++ /dev/null @@ -1,97 +0,0 @@ -#use wml::debian::translation-check translation="5357ead7bb298e3857977fea7b0087543c6072b3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2019-5787 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-5788 - -

    Mark Brand opdagede et problem med anvendelse efter frigivelse i - implementeringen af FileAPI.

    • - -
  • CVE-2019-5789 - -

    Mark Brand opdagede et problem med anvendelse efter frigivelse i - implementeringen af WebMIDI.

    • - -
  • CVE-2019-5790 - -

    Dimitri Fourny opdagede et bufferoverløbsproblem i JavaScript-biblioteket - v8.

    • - -
  • CVE-2019-5791 - -

    Choongwoo Han opdagede et typeforvirringsproblem i JavaScript-biblioteket - v8.

    • - -
  • CVE-2019-5792 - -

    pdknsk opdagede et heltalsoverløbsproblem i biblioteket pdfium.

    • - -
  • CVE-2019-5793 - -

    Jun Kokatsu opdagede et rettighedsproblewm i implementeringen af - Extensions.

    • - -
  • CVE-2019-5794 - -

    Juno Im of Theori opdagede et problem med forfalskning af - brugergrænsefladen.

    • - -
  • CVE-2019-5795 - -

    pdknsk opdagede et heltalsoverløbsproblem i biblioteket pdfium.

    • - -
  • CVE-2019-5796 - -

    Mark Brand opdagede en kapløbstilstand i implementeringen af - Extensions.

    • - -
  • CVE-2019-5797 - -

    Mark Brand opdagede en kapløbstilstand i implementeringen af - DOMStorage.

    • - -
  • CVE-2019-5798 - -

    Tran Tien Hung opdagede et problem med læsning udenfor grænserne i - biblioteket skia.

    • - -
  • CVE-2019-5799 - -

    sohalt opdagede en måde at omgå Content Security Policy på.

    • - -
  • CVE-2019-5800 - -

    Jun Kokatsu opdagede en måde at omgå Content Security Policy på.

    • - -
  • CVE-2019-5802 - -

    Ronni Skansing opdagede et problem med forfalskning af - brugergrænsefladen.

    • - -
  • CVE-2019-5803 - -

    Andrew Comminos opdagede en måde at omgå Content Security Policy - på.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 73.0.3683.75-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4421.data" diff --git a/danish/security/2019/dsa-4422.wml b/danish/security/2019/dsa-4422.wml deleted file mode 100644 index e9ffc2b8e15..00000000000 --- a/danish/security/2019/dsa-4422.wml +++ /dev/null @@ -1,67 +0,0 @@ -#use wml::debian::translation-check translation="9bf43d9ebe1fe8f0f648cd5c0431b530d1105d92" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i Apaches HTTP-server.

- -
    - -
  • CVE-2018-17189 - -

    Gal Goldshtein fra F5 Networks opdagede en lammelsesangrebssårbarhed i - mod_http2. Ved at sende misdannede forespørgsler, lagde http/2-strømmen til - denne forespørgsel unødvendigt beslag på en servertråd til oprydning af - indkommende data, medførende lammelsesangreb.

    • - -
  • CVE-2018-17199 - -

    Diego Angulo fra ImExHS opdagede at mod_session_cookie ikke respekterede - udløbstiden.

    • - -
  • CVE-2019-0196 - -

    Craig Young opdagede at http/2-forespørgselshåndteringen i mod_http2 - kunne bringes til at tilgå frigivet hukommelse i strengsammenligninger, - når forespørgslens metode blev afgjort, og dermed blev forespørgsel - behandlet forkert.

    • - -
  • CVE-2019-0211 - -

    Charles Fol opdagede en rettighedsforøgelse fra en mindre priviligeret - barneproces til forælderprocessen, der kører som root.

    • - -
  • CVE-2019-0217 - -

    En kapløbstilstand i mod_auth_digest, når der køres i en - threaded server, kunne gøre det muligt for en bruger med gyldige - loginoplysninger, at autentificere sig med et andet brugernavn, og dermed - omgå opsatte adgangskontrolbegrænsninger. Problemet blev opdaget af Simon - Kappel.

    • - -
  • CVE-2019-0220 - -

    Bernhard Lorenz fra Alpha Strike Labs GmbH rapporterede at - URL-normaliseringerne blev behandlet inkonsekvent. Når stikomponenten i - en forespørgsels-URL indeholder adskillige på hinanden følgende skråstreger - ('/'), tog direktiver så som LocationMatch og RewriteRule hensyn til - duplikater i reuglære udtræk, mens andre aspekter ved serverbehandlingen - implicit slog dem sammen.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.4.25-3+deb9u7.

- -

Denne opdatering indeholder også fejlrettelser, der var planlagt til at blive -medtaget i den næste stabile punktopdatering. Herunder en rettelse af en -regression, forårsaget af en sikkerhedsrettelse i version 2.4.25-3+deb9u6.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende apache2, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/apache2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4422.data" diff --git a/danish/security/2019/dsa-4423.wml b/danish/security/2019/dsa-4423.wml deleted file mode 100644 index 8993a775262..00000000000 --- a/danish/security/2019/dsa-4423.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="36dea9c2234259e7dfdd56cf50069039dff8a5e7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i SSH-klienten PuTTY, hvilke kunne medføre -lammelsesangreb og potentielt udførelse af vilkårlig kode. Desuden kunne -tilfældige tal i nogle situationer potentielt blive genbrugt.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.67-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine putty-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende putty, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/putty

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4423.data" diff --git a/danish/security/2019/dsa-4424.wml b/danish/security/2019/dsa-4424.wml deleted file mode 100644 index 7c1be1ac0fa..00000000000 --- a/danish/security/2019/dsa-4424.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="b7e2c7807e6fd5aaf84631fa7e99673c76b652c6" mindelta="1" -sikkerhedsopdatering - -

Adam Dobrawy, Frederico Silva og Gregory Brzeski fra HyperOne.com, opdagede -at pdns, en authoritativ DNS-server, ikke på korrekt vis validerede -brugerleverede data, når der blev opbygget en HTTP-forespørgsel fra et -DNS-opslag, i HTTP-connector'en i Remote-backend'en. Dermed var det muligt for -en fjernbruger, at forårsage enten et lammelsesangreb eller -informationsafsløring.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 4.0.3-1+deb9u4.

- -

Vi anbefaler at du opgraderer dine pdns-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pdns, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pdns

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4424.data" diff --git a/danish/security/2019/dsa-4425.wml b/danish/security/2019/dsa-4425.wml deleted file mode 100644 index a41ddfc8d0a..00000000000 --- a/danish/security/2019/dsa-4425.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="281cf9948f92f19718ae01ec3360c0fd2e5269d0" mindelta="1" -sikkerhedsopdatering - -

Kusano Kazuhiko opdagede en bufferoverløbssårbarhed i håndteringen af -Internationalized Resource Identifiers (IRI) i wget, et netværksværktøj til -hentning af filer fra webbet, hvilket kunne medføre udførelse af vilkårlig kode -eller lammelsesangreb, når der rekursivt hentes fra en server, der ikke er -tillid til.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.18-5+deb9u3.

- -

Vi anbefaler at du opgraderer dine wget-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wget, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/wget

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4425.data" diff --git a/danish/security/2019/dsa-4426.wml b/danish/security/2019/dsa-4426.wml deleted file mode 100644 index d7759225e52..00000000000 --- a/danish/security/2019/dsa-4426.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="de36b069f078eb3f77d951bc24d4a3d0bfbfabe8" mindelta="1" -sikkerhedsopdatering - -

Cedric Krier opdagede at manglende adgangsvalidering i Tryton kunne medføre -informationsafsløring.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 4.2.1-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine tryton-server-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tryton-server, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tryton-server

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4426.data" diff --git a/danish/security/2019/dsa-4427.wml b/danish/security/2019/dsa-4427.wml deleted file mode 100644 index d13a0c301b8..00000000000 --- a/danish/security/2019/dsa-4427.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b9016a0a51d02f1349d102b798c8e447d768b1ce" mindelta="1" -sikkerhedsopdatering - -

Michael Hanselmann opdagede at Samba, en SMB/CIFS-fil-, -print- og --loginserver til Unix, var ramt af et symlink-gennemløbsangreb. Dermed var det -muligt for fjernautentificerede brugere med skriverettigheder, at enten skrive -eller konstatere eksistens af filer udenfor Sambas shares.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:4.5.16+dfsg-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende samba, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/samba

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4427.data" diff --git a/danish/security/2019/dsa-4428.wml b/danish/security/2019/dsa-4428.wml deleted file mode 100644 index 12a73be2a6f..00000000000 --- a/danish/security/2019/dsa-4428.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="9969b1c993a42ac9607c8814c1e94d4e5a39712e" mindelta="1" -sikkerhedsopdatering - -

Jann Horn opdagede at PAM-modulet i systemd på usikker vis anvendte miljøet -og manglede seat-verifikation, gørende det muligt at forfalske en aktiv session -over for PolicyKit. En fjernangriber med SSH-adgang kunne drage nytte af -problemet til at få PolicyKit-rettigheder, som normalt kun gives til klienter -i en aktiv session på den lokale konsol.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 232-25+deb9u11.

- -

Denne opdatering indeholder opdateringer, som var planlagt til at blive -udgivet i punktopdatering 9.9 af stretch.

- -

Vi anbefaler at du opgraderer dine systemd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende systemd, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/systemd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4428.data" diff --git a/danish/security/2019/dsa-4429.wml b/danish/security/2019/dsa-4429.wml deleted file mode 100644 index 9b92aefd487..00000000000 --- a/danish/security/2019/dsa-4429.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b5a1a44788c21042b76cfb192cf0b82dfa9bcb50" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at SPIP, en webstedsmotor til udgivelse, ikke på korrekt vis -fornuftighedskontrollerede brugerinddata. Dermed kunne det være muligt for en -autentificeret bruger at udføre vilkårlige kommandoer.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.1.4-4~deb9u2.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spip, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/spip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4429.data" diff --git a/danish/security/2019/dsa-4430.wml b/danish/security/2019/dsa-4430.wml deleted file mode 100644 index dbf530d5f8d..00000000000 --- a/danish/security/2019/dsa-4430.wml +++ /dev/null @@ -1,75 +0,0 @@ -#use wml::debian::translation-check translation="907a0371eb05342911768c66ad56f028349d3301" mindelta="1" -sikkerhedsopdatering - -

Mathy Vanhoef (NYUAD) og Eyal Ronen (Tel Aviv University & KU Leuven) -fandt adskillige sårbarheder i WPA-implementeringen i wpa_supplication -(station) og hostapd (accesspoint). Sårbarhederne er også samlet kendt som -Dragonblood.

- -
    - -
  • CVE-2019-9495 - -

    Cache-baseret sidekanalsangreb mod implementeringen af EAP-pwd: En - angriber, der er i stand til at køre upriviligeret kode på målmaskinen - (herunder eksempelvis JavaScript-kode i en browser på en smartphone), - under handshake, kunne deducere tilstrækkeligt med oplysninger til at - finde adgangskoden i et ordbogsangreb.

    • - -
  • CVE-2019-9497 - -

    Reflektionsangreb mod implementeringen af EAP-pwd server: Manglende - validering af modtagne skalar- og elementværdier i - EAP-pwd-Commit-meddelelser, kunne medføre angreb, der var i stand til at - fuldføre autentifikationsudvekslingen uden at angriberen er nødt til at - kende adgangskoden. Det medfører ikke at angriberen er i stand til at - udlede sessionsnøglen, fuldfuldføre den efterfølgende nøgleudveksling og - tilgå netværket.

    • - -
  • CVE-2019-9498 - -

    EAP-pwd server manglende commit-validering af skalar/element: hostapd - validerer ikke værdier modtaget i EAP-pwd-Commit-meddelelsen, så en angriber - kunne anvende en særligt fremstillet commitmeddelelse til at manipulere med - udvekslingen, for at få hostapd til at udlede en sessionsnøgle fra et - begrænset antal mulige værdier. Det kunne medføre at angriberen var i stand - til at fuldføre autentifikationen og få adgang til netværket.

    • - -
  • CVE-2019-9499 - -

    EAP-pwd peer manglende commitvalidering af skalar/element: - wpa_supplicant validerer ikke værdier modtaget i EAP-pwd-Commit-meddelelsen, - så en angriber kunne anvende en særligt fremstillet commitmeddelelse til at - manipulere med udvekslingen, for at få wpa_supplicant til at udlede en - sessionsnøgle fra et begrænset antal mulige værider. Det kunne medføre at - angriberen blev i stand til at fuldføre autentifikationen og fungere som et - falskt accesspoint.

    - -
- -

Bemærk at tilnavnet Dragonblood også gælder -\ -CVE-2019-9494 og -\ -CVE-2014-9496, hvilke er sårbarheder i SAE-protokollen i WPA3. SAE er ikke -aktiveret i Debian stretch-opbygninger af wpa, hvilket dermed ikke som standard -er sårbar.

- -

På grund af kompleksiteten af tilbageførselsprocessen, er rettelsen af -disse sårbarheder delvist. Brugerne opfordres til at anvende stærke -adgangskoder for at forhindre ordbogsangreb eller anvende en 2.7-baseret version -fra stretch-backports (version større end 2:2.7+git20190128+0c1e29f-4).

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2:2.4-1+deb9u3.

- -

Vi anbefaler at du opgraderer dine wpa-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpa, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpa

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4430.data" diff --git a/danish/security/2019/dsa-4431.wml b/danish/security/2019/dsa-4431.wml deleted file mode 100644 index 9d419651a4c..00000000000 --- a/danish/security/2019/dsa-4431.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ac3480dceb85a2848b4491e0a83a16367ba034d3" mindelta="1" -sikkerhedsopdatering - -

Chris Coulson opdagede flere sårbarheder i libssh2, et -SSH2-klientsidebibliotek, hvilke kunne medføre lammelsesangreb, -informationslækager eller udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.7.0-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine libssh2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libssh2, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/libssh2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4431.data" diff --git a/danish/security/2019/dsa-4432.wml b/danish/security/2019/dsa-4432.wml deleted file mode 100644 index 01e274af6f9..00000000000 --- a/danish/security/2019/dsa-4432.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="21d9162dd33c918629dd3d402942607101fbf7fb" mindelta="1" -sikkerhedsopdatering - -

Cedric Buissart opdagede to sårbarheder i Ghostscript, GPL -PostScript/PDF-fortolkeren, hvilke kunne medføre omgåelse af -filsystemsbegrænsninger af dSAFER-sandkassen.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 9.26a~dfsg-0+deb9u2.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ghostscript, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ghostscript

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4432.data" diff --git a/danish/security/2019/dsa-4433.wml b/danish/security/2019/dsa-4433.wml deleted file mode 100644 index 7eefb126906..00000000000 --- a/danish/security/2019/dsa-4433.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="75b8ebea04c21e1a6bb52ee0d143001588e654e9" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i den Rubygems, som følger med fortolkeren af -sproget Ruby, hvilke kunne medføre lammelsesangreb eller udførelse af vilkårlig -kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.3.3-1+deb9u6.

- -

Vi anbefaler at du opgraderer dine ruby2.3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby2.3, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby2.3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4433.data" diff --git a/danish/security/2019/dsa-4434.wml b/danish/security/2019/dsa-4434.wml deleted file mode 100644 index 2256f0bb22a..00000000000 --- a/danish/security/2019/dsa-4434.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="1d70d68aed7f00d7e027bb68f1495d0878857e76" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med udførelse af skripter på tværs af websteder, -blev fundet i Drupal, et komplet framework til indholdshåndtering. For -yderligere oplysninger, se opstrøms bulletin på -\ -https://www.drupal.org/sa-core-2019-006.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.52-2+deb9u8.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende drupal7, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/drupal7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4434.data" diff --git a/danish/security/2019/dsa-4435.wml b/danish/security/2019/dsa-4435.wml deleted file mode 100644 index 6e87f74040b..00000000000 --- a/danish/security/2019/dsa-4435.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="cc460a2de5942ef6a479acae5a9530660672cf7d" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med anvendelse efter frigivelse, blev opdaget i -funktionen png_image_free() i PNG-biblioteket libpng, hvilke kunne føre til -lammelsesangreb, hvis et misdannet billede blev behandlet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.6.28-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine libpng1.6-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libpng1.6, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libpng1.6

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4435.data" diff --git a/danish/security/2019/dsa-4436.wml b/danish/security/2019/dsa-4436.wml deleted file mode 100644 index 446053d0e4e..00000000000 --- a/danish/security/2019/dsa-4436.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="9865dbf22490e686686c9029e7ebd514d546a496" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter to sårbarheder i Imagemagick: Problemer med -hukommelseshåndteringen samt manglende eller ufuldstændig fornuftighedskontrol -af inddata, kunne medføre lammelsesangreb, hukommelsesafsløring eller udførelse -af vilkårlig kode, hvis misdannede TIFF- eller Postscript-filer blev -behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8:6.9.7.4+dfsg-11+deb9u7.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende imagemagick, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/imagemagick

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4436.data" diff --git a/danish/security/2019/dsa-4437.wml b/danish/security/2019/dsa-4437.wml deleted file mode 100644 index 7280e09f547..00000000000 --- a/danish/security/2019/dsa-4437.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="858e69e587d8840e8ec0746b342b26008e7bfd97" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at et bufferoverløb i RTSP-fortolkeren i medieframeworket -GStreamer, kunne medføre udførelse af vilkårlig kode, hvis en misdannet -RTSP-strøm blev åbnet.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.10.4-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine gst-plugins-base1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gst-plugins-base1.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gst-plugins-base1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4437.data" diff --git a/danish/security/2019/dsa-4438.wml b/danish/security/2019/dsa-4438.wml deleted file mode 100644 index 4f9ff68dae3..00000000000 --- a/danish/security/2019/dsa-4438.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="5024841ed4d1abac861623d4bd54469103b6bf89" mindelta="1" -sikkerhedsopdatering - -

Denis Andzakovic opdagede to sårbarheder i atftp, den avancerede TFTP-server, -der kunne medføre lammelsesangreb ved at sende misdannede pakker.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 0.7.git20120829-3.1~deb9u1.

- -

Vi anbefaler at du opgraderer dine atftp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende atftp, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/atftp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4438.data" diff --git a/danish/security/2019/dsa-4439.wml b/danish/security/2019/dsa-4439.wml deleted file mode 100644 index 3dcaedb1ca0..00000000000 --- a/danish/security/2019/dsa-4439.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="1b2caf25933bc6a22e87eebd88e23bb4dbe13167" mindelta="1" -sikkerhedsopdatering - -

Dean Rasheed opdagede at rækkesikkerhedsregler kunne omgås i databasesystemet -PostgreSQL.

- -

For yderligere oplysninger, se opstrøms bulletin på -\ -https://www.postgresql.org/about/news/1939/.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 9.6.13-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.6-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende postgresql-9.6, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/postgresql-9.6

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4439.data" diff --git a/danish/security/2019/dsa-4440.wml b/danish/security/2019/dsa-4440.wml deleted file mode 100644 index eb0c787feb8..00000000000 --- a/danish/security/2019/dsa-4440.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="45c7a748884ba819e8e43a8bafa9c7b0a2629b5a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev fundet i DNS-serveren BIND:

- -
    - -
  • CVE-2018-5743 - -

    Forbindelsesgrænser blev håndhævet på ukorrekt vis.

    • - -
  • CVE-2018-5745 - -

    Funktionaliteten managed-keys var sårbar over for et - lammelsesangreb, udløst af en assert.

    • - -
  • CVE-2019-6465 - -

    ACL'er til zoneoverførsler blev håndhævet på ukorrekt vis ved - dynamisk indlæsbare zoner (DLZ'er).

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:9.10.3.dfsg.P4-12.3+deb9u5.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bind9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/bind9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4440.data" diff --git a/danish/security/2019/dsa-4441.wml b/danish/security/2019/dsa-4441.wml deleted file mode 100644 index 85700bf0fcc..00000000000 --- a/danish/security/2019/dsa-4441.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="ad71d519730a7a7c0864574c9600084cf26d9d45" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i PHP-frameworket Symfony PHP, hvilke -kunne føre til omgåelse af cache, autentifikationsomgåelse, -informationsafsløring, åben viderestilling, forfalsking af forespørgsler på -tværs af websteder, sletning af vilkårlige filer eller udførelse af vilkårlig -kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.8.7+dfsg-1.3+deb9u2.

- -

Vi anbefaler at du opgraderer dine symfony-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende symfony, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/symfony

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4441.data" diff --git a/danish/security/2019/dsa-4442.wml b/danish/security/2019/dsa-4442.wml deleted file mode 100644 index 72e69c38905..00000000000 --- a/danish/security/2019/dsa-4442.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="ae8afc08376cc6b87246915ae239c925d8faa687" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i Ghostscript, GPL PostScript/PDF-fortolkeren, -hvilken kunne medføre lammelsesangreb eller udførelse af vilkårlig kode, hvis en -misdannet PostScript-fil blev behandlet (på trods af at -dSAFER-sandkassen er -aktiveret).

- -

I den stabile distribution (stretch), er dette problem rettet i -version 9.26a~dfsg-0+deb9u3.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ghostscript, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ghostscript

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4442.data" diff --git a/danish/security/2019/dsa-4443.wml b/danish/security/2019/dsa-4443.wml deleted file mode 100644 index 22f7ffa7e15..00000000000 --- a/danish/security/2019/dsa-4443.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="e9576c021a0fbd38170055312fb39566c40a3971" mindelta="1" -sikkerhedsopdatering - -

Isaac Boukris og Andrew Bartlett opdagede at Kerberos-udvidelsen S4U2Self, -som anvendes i Sambas Active Directory-understøttelse, var sårbar over for -manden i midten-angreb, forårsaget af ufuldstændig validering af kontrolsum.

- -

Flere oplysninger finder man i opstrøms bulletin på -

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:4.5.16+dfsg-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende samba, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/samba

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4443.data" diff --git a/danish/security/2019/dsa-4444.wml b/danish/security/2019/dsa-4444.wml deleted file mode 100644 index e3419654943..00000000000 --- a/danish/security/2019/dsa-4444.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="42b6b660e613679ceb4726fb1a5aebaa47b68d96" mindelta="1" -sikkerhedsopdatering - -

Adskillige efterforskere har opdaget sårbarheder i den måde Intels -processordesign har implementeret spekulativ videresendelse af data placeret i -midlertidige mikroarkitektoniske strukturer (buffere). Fejlen kunne gøre det -muligt for en angriber, med kontrol over en upriviligeret proces, at læse -følsomme oplysninger, herunder fra kernen og alle andre processer, der kører på -systemet eller på tværs af gæst-/værtgrænser til læsning af værtshukommelse.

- -

Se \ -https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for -flere oplysninger.

- -

For helt at løse disse sårbarheder, er det også nødvendigt at installere -opdateret CPU-mikrokode. En opdateret intel-microcode-pakke (kun tilgængelige -i Debian non-free), vil blive stillet til rådighed gennem en separat DSA. Den -opdaterede CPU-mikrokode kan også være tilgængelige som en del af et systems -firmwareopdatering (BIOS).

- -

Desuden indeholder denne opdatering en rettelse af en regression, som medførte -deadlock inde i loopbackdriveren, hvilken opstod i forbindelse med opdateringen -til 4.9.168 i den seneste punktopdatering af Stretch.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.9.168-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4444.data" diff --git a/danish/security/2019/dsa-4445.wml b/danish/security/2019/dsa-4445.wml deleted file mode 100644 index 069239f87bc..00000000000 --- a/danish/security/2019/dsa-4445.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="e01fccd2c54266785be8a0f26b50ca4fc4c0d4d7" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ufuldstændig validernig i et Phar-behandlingsbibliotek, som -leveres med Drupel, et komplet indholdshåndteringsframework, kunne medføre -informationsafsløring.

- -

For flere oplysninger, se opstrøms bulletin på -\ -https://www.drupal.org/sa-core-2019-007.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 7.52-2+deb9u9.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende drupal7, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/drupal7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4445.data" diff --git a/danish/security/2019/dsa-4446.wml b/danish/security/2019/dsa-4446.wml deleted file mode 100644 index e120512a3cd..00000000000 --- a/danish/security/2019/dsa-4446.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e01fccd2c54266785be8a0f26b50ca4fc4c0d4d7" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at web-SSO-systemet Lemonldap::NG udførte utilstrækkelig -validering af sessiontokens, hvis valgmuligheden tokenUseGlobalStorage -er aktiveret, hvilket kunne give brugere med adgang til den primære -sessiondatabase, adgang til en anonym session.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.9.7-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine lemonldap-ng-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lemonldap-ng, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lemonldap-ng

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4446.data" diff --git a/danish/security/2019/dsa-4447.wml b/danish/security/2019/dsa-4447.wml deleted file mode 100644 index fd1f24656a8..00000000000 --- a/danish/security/2019/dsa-4447.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="57ef2f400a0513617d3063f2880a21a9d4767b03" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering leverer opdateret CPU-mikrokode til de fleste af Intel -CPU'er. Det afhjælper hardwaresårbarhederne MSBDS, MFBDS, MLPDS og MDSUM.

- -

For helt at løse sårbarhederne, er det også nødvendigt at opdatere -Linux-kernepakkerne, som er udgivet i DSA 4444.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 3.20190514.1~deb9u1.

- -

Vi anbefaler at du opgraderer dine intel-microcode-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende intel-microcode, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/intel-microcode

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4447.data" diff --git a/danish/security/2019/dsa-4448.wml b/danish/security/2019/dsa-4448.wml deleted file mode 100644 index 9d6ab727d80..00000000000 --- a/danish/security/2019/dsa-4448.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="7b5aa9f443533586011592f873e37b4942c4ac3f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 60.7.0esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4448.data" diff --git a/danish/security/2019/dsa-4449.wml b/danish/security/2019/dsa-4449.wml deleted file mode 100644 index a479ddcd093..00000000000 --- a/danish/security/2019/dsa-4449.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1731f8a4513696a761b682cb51b53c0fdc463157" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i multimedieframeworket FFmpeg, hvilke kunne -medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis -misdannede filer/streams blev behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7:3.2.14-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ffmpeg, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ffmpeg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4449.data" diff --git a/danish/security/2019/dsa-4450.wml b/danish/security/2019/dsa-4450.wml deleted file mode 100644 index 5dcdc351c42..00000000000 --- a/danish/security/2019/dsa-4450.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="1f0499097245903ed56eee01d867c3b58d1dfac0" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev fundet i implementeringen af WPA-protokollen, som findes i -wpa_supplication (station) og hostapd (accesspoint).

- -

Implementeringen af EAP-pwd i hostapd (EAP-server) og wpa_supplicant -(EAP-peer) validerer ikke på korrekt vis fragmenteringsreassemblytilstand, når -der blev modtaget et uventet fragment. Det kunne til et procesnedbrud på grund -af en NULL-pointerderefrence.

- -

En angriben indenfor radioafstand af stationen eller accesspointet, med -EAP-pwd-understøttelse, kunne forårsage et nedbrud i den relevante proces -(wpa_supplicant eller hostapd), medførende et lammelsesangreb.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:2.4-1+deb9u4.

- -

Vi anbefaler at du opgraderer dine wpa-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpa, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpa

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4450.data" diff --git a/danish/security/2019/dsa-4451.wml b/danish/security/2019/dsa-4451.wml deleted file mode 100644 index b96e9b7712c..00000000000 --- a/danish/security/2019/dsa-4451.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c3b54d80ebdc7aa0436ea7ba60558c0f42cd6967" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird: Adskillige -sårbarheder kunne føre til udførelse af vilkårlig kode eller -lammlesesangreb.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:60.7.0-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4451.data" diff --git a/danish/security/2019/dsa-4452.wml b/danish/security/2019/dsa-4452.wml deleted file mode 100644 index 41221175138..00000000000 --- a/danish/security/2019/dsa-4452.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="0182100b7f52c580749d17e60b39e926492bd7ec" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i jackson-databind, et -Java-bibliotek til fortolkning af JSON og andre dataformater, hvilke kunne føre -til informationsafsløring eller udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 2.8.6-1+deb9u5.

- -

Vi anbefaler at du opgraderer dine jackson-databind-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende jackson-databind, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/jackson-databind

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4452.data" diff --git a/danish/security/2019/dsa-4453.wml b/danish/security/2019/dsa-4453.wml deleted file mode 100644 index 89bfe105a57..00000000000 --- a/danish/security/2019/dsa-4453.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="b5e2418f82be2911f8166a18cece02c478fdeeba" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK, en implementering af Oracles -Java-platform, medførende lammelsesangreb eller omgåelse af sandkassen.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 8u212-b03-2~deb9u1.

- -

Vi anbefaler at du opgraderer dine openjdk-8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-8, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4453.data" diff --git a/danish/security/2019/dsa-4454.wml b/danish/security/2019/dsa-4454.wml deleted file mode 100644 index afa0be49861..00000000000 --- a/danish/security/2019/dsa-4454.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="07dbe48ebf344016ca85c4138ca2e39aad7d3ea7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i QEMU, en hurtig -processoremulator, hvilke kunne medføre lammelsesangreb, udførelse af vilkårlig -kode eller informationsafsløring.

- -

Desuden tilbageføres med denne opdatering understøttelse af videreførsel af -det nye CPU-flag md-clear, tilføjet i opdateringen af intel-microcode, som blev -udsendt i DSA 4447, til x86-baserede gæster.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:2.8+dfsg-6+deb9u6.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qemu, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qemu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4454.data" diff --git a/danish/security/2019/dsa-4455.wml b/danish/security/2019/dsa-4455.wml deleted file mode 100644 index 843fc24dac0..00000000000 --- a/danish/security/2019/dsa-4455.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="1cd443bbff5c5f8e18b9961d25d41c997d4a4103" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Heimdal, en implementering af Kerberos 5, -med det formål at være kompatibel med MIT Kerberos.

- -
    - -
  • CVE-2018-16860 - -

    Isaac Boukris og Andrew Bartlett opdagede at Heimdal var sårbar over for - manden i midten-angreb, forårsaget af ufuldstændig kontrolsumvalidering. - Flere oplysninger om problemet finder man i Sambas bulletin på - \ - https://www.samba.org/samba/security/CVE-2018-16860.html.

    • - -
  • CVE-2019-12098 - -

    Man opdagede at fejlende verfikation af PA-PKINIT-KX-nøgleudveksling på - klientsiden, kunne muliggøre manden i midten-angreb.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 7.1.0+dfsg-13+deb9u3.

- -

Vi anbefaler at du opgraderer dine heimdal-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende heimdal, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/heimdal

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4455.data" diff --git a/danish/security/2019/dsa-4456.wml b/danish/security/2019/dsa-4456.wml deleted file mode 100644 index a3dd79fa032..00000000000 --- a/danish/security/2019/dsa-4456.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="30a5f57cd7740ddc417f3131451bf896477aff69" mindelta="1" -sikkerhedsopdatering - -

Qualys Research Labs rapporterede om en fejl i Exim, en mailtransportagent. -Ukorrekt validering af modtageradressen i funktionen deliver_message(), kunne -medføre udførelse af vilkårlig kommandoer.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 4.89-2+deb9u4.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende exim4, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/exim4

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4456.data" diff --git a/danish/security/2019/dsa-4457.wml b/danish/security/2019/dsa-4457.wml deleted file mode 100644 index 56b388a3261..00000000000 --- a/danish/security/2019/dsa-4457.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="05090161b60513a52deaff861edb44977d533329" mindelta="1" -sikkerhedsopdatering - -

Hanno Böck opdagede at Evolution var sårbar over for forfalskning af -OpenPGP-signaturer i vilkårlige meddelelser, med anvendelse af en særligt -fabrikeret HTML-mail. Problemet blev løst ved at flytte sikkerhedsbjælen -med krypterings- og signaturoplysninger op over meddelelsesheaderne..

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.22.6-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine evolution-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende evolution, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/evolution

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4457.data" diff --git a/danish/security/2019/dsa-4458.wml b/danish/security/2019/dsa-4458.wml deleted file mode 100644 index b45214b309e..00000000000 --- a/danish/security/2019/dsa-4458.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="211753aad2cf271463097d5140cd55a2e3f914a6" mindelta="1" -sikkerhedsopdatering - -

En fejl blev opdaget i CalDAV-funktionaliteten i httpd hørende til Cyrus -IMAP-serveren, førende til lammelsesangreb eller potentielt udførelse af -vilkårlig kode gennem en fabrikeret HTTP PUT-handling til en event med et langt -iCalendar-egenskabsnavn.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.5.10-3+deb9u1.

- -

Vi anbefaler at du opgraderer dine cyrus-imapd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende cyrus-imapd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/cyrus-imapd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4458.data" diff --git a/danish/security/2019/dsa-4459.wml b/danish/security/2019/dsa-4459.wml deleted file mode 100644 index 5dc39a1384f..00000000000 --- a/danish/security/2019/dsa-4459.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="aad738dfc4787cdb21c3b644ebae586eb2cbfb04" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er opdaget i medieafspilleren VLC, hvilke -kunne medføre udførelse af vilkårlig kode eller lammelsesangreb, hvis en -misdannet fil/strøm blev behandlet.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 3.0.7-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende vlc, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/vlc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4459.data" diff --git a/danish/security/2019/dsa-4460.wml b/danish/security/2019/dsa-4460.wml deleted file mode 100644 index b5881451462..00000000000 --- a/danish/security/2019/dsa-4460.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="7aede396b026a6b1896f57341c239e6373d400fd" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder er opdaget i MediaWiki, en webstedsmotor til -samarbejder, hvilke kunne medføre autentifikationsomgåelse, lammelsesangreb, -udførelse af skripter på tværs af websteder, informationsafsløring og omgåelse -af antispamtiltag.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:1.27.7-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mediawiki, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mediawiki

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4460.data" diff --git a/danish/security/2019/dsa-4461.wml b/danish/security/2019/dsa-4461.wml deleted file mode 100644 index 1beac2b7065..00000000000 --- a/danish/security/2019/dsa-4461.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f84def4ae6265dcfb00093bde2a0139eeeb7b39f" mindelta="1" -sikkerhedsopdatering - -

Harrison Neil opdagede at kommandoen getACL() i Zookeeper, en tjeneste til -vedligeholdelse af opsætningsoplysninger, ikke validerede rettigheder, hvilket -kunne medføre informationsafsløring.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 3.4.9-3+deb9u2.

- -

Vi anbefaler at du opgraderer dine zookeeper-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende zookeeper, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/zookeeper

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4461.data" diff --git a/danish/security/2019/dsa-4462.wml b/danish/security/2019/dsa-4462.wml deleted file mode 100644 index b09f25761a4..00000000000 --- a/danish/security/2019/dsa-4462.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="24c857ab9e9769817510eaee4ab4860fd27c3a19" mindelta="1" -sikkerhedsopdatering - -

Joe Vennix opdagede en sårbarhed i forbindelse med omgåelse af -autentifikation i dbus, det asynkrone kommunikationssystem mellem processer. -Implementeringen af autentifikationsmekanismen DBUS_COOKIE_SHA1, var sårbar -over for et symbolsk link-angreb. En lokal angriber kunne drage nytte af -fejlen til at omgå autentifikation, og forbinde sig til en DBusServer med -forøgede rettigheder.

- -

Standardsystemet og sessions-dbus-daemon'er i deres standardopsætning, er -ikke påvirket af denne sårbarhed.

- -

Sårbarheden blev løst ved at opgradere dbus til en ny opstrømsversion, -1.10.28, som indeholder yderligere rettelser.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.10.28-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine dbus-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dbus, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/dbus

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4462.data" diff --git a/danish/security/2019/dsa-4463.wml b/danish/security/2019/dsa-4463.wml deleted file mode 100644 index 8f0fd6dd905..00000000000 --- a/danish/security/2019/dsa-4463.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="af7b203527ee1b8555d0442bb1657b6a2be1a224" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i IRC-bouncer'en ZNC, hvilke kunne medføre -fjernudførelse af kode -(CVE-2019-12816) -eller lammelsesangreb gennem ugyldig encoding -(CVE-2019-9917).

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1.6.5-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine znc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende znc, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/znc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4463.data" diff --git a/danish/security/2019/dsa-4464.wml b/danish/security/2019/dsa-4464.wml deleted file mode 100644 index 548b490f74f..00000000000 --- a/danish/security/2019/dsa-4464.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="dc9deb42461982438599778b22d024213ff3cb11" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode, hvis misdannede mails blev læst.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:60.7.1-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4464.data" diff --git a/danish/security/2019/dsa-4465.wml b/danish/security/2019/dsa-4465.wml deleted file mode 100644 index bde37ab8857..00000000000 --- a/danish/security/2019/dsa-4465.wml +++ /dev/null @@ -1,110 +0,0 @@ -#use wml::debian::translation-check translation="8a5eb3970afae92528c267b43ff2cff70683b130" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2019-3846, - CVE-2019-10126 - -

    huangwen rapporterede om adskillige bufferoverløb i wifi-driveren Marvell - (mwifiex), hvilken en lokal bruger kunne anvende til at forårsage - lammelsesangreb eller udførelse af vilkårlig kode.

    • - -
  • CVE-2019-5489 - -

    Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari - Trachtenberg, Jason Hennessey, Alex Ionescu og Anders Fogh, opdagede at - lokale brugere kunne anvende systemkaldet mincore() til at få fat i - følsomme oplysninger fra andre processer, som tilgår den samme - memory-mapped fil.

    • - -
  • CVE-2019-9500, - CVE-2019-9503 - -

    Hugues Anguelkov opdagede et bufferoverløb og manglende - adgangsvalidering i Broadcom FullMAC wifidriveren (brcmfmac), hvilket en - angriber på det samme wifi-netværk kunne anvende til at forårsage - lammelseangreb eller udførelse af vilkårlig kode.

    • - -
  • CVE-2019-11477 - -

    Jonathan Looney rapporterede at en særligt fremstillet sekvens af - selective TCP-bekræftelser (SACKs) muliggjorde fjernudløsbar - kernepanik.

    • - -
  • CVE-2019-11478 - -

    Jonathan Looney rapporterede at en særligt fremstillet sekvens af - selektive TCP-bekræftelser (SACKs) fragmenterede TCP-gentrasmissionskøen, - hvilket gjorde det muligt for en angriber, at forårsage ekstremt stort - ressourceforbrug.

    • - -
  • CVE-2019-11479 - -

    Jonathan Looney rapporterede at en angriber kunne tvinge Linux-kernen til - at segmentere sine svar i adskillige TCP-segmenter, som hver især indeholder - kun otte bytes data, hvilket drastisk forøger den påkrævede båndbredde til - levering af den samme mængde data.

    - -

    Denne opdatering indfører en ny sysctl-værdi til kontrol af den - minimale MSS (net.ipv4.tcp_min_snd_mss), hvilket som standard anvender den - tidligere hårdkodede værdi 48. Vi anbefaler at forøge denne til 536, med - mindre at dit netværk kræver en lavere værdi.

    • - -
  • CVE-2019-11486 - -

    Jann Horn fra Google rapporterede om mange tilfælde af kapløbstilstand i - Siemens R3964-linjedisciplin. En lokal bruger kunne anvende disse til at - forårsage ikke-angivne sikkerhedspåvirkning. Modulet er derfor blevet - deaktiveret.

    • - -
  • CVE-2019-11599 - -

    Jann Horn fra Google rapporterede om en kapløbstilstand i - implementeringen af coredump, hvilken kunne føre til en anvendelse efter - frigivelse. En lokal bruger kunne anvende dette til at læse følsomme - oplysninger, til at forårsage et lammelsesangreb (hukommelseskorruption) - eller til rettighedsforøgelse.

    • - -
  • CVE-2019-11815 - -

    Man opdagede at en anvendelse efter frigivelse i protokollen Reliable - Datagram Sockets kunne medføre lammelsesangreb eller potentielt - rettighedsforøgelse. Dette protokolmodul indlæses ikke automatisk på - Debian-systemer, hvorfor problemet kun påvirker systemer hvor det - eksplicit indlæses.

    • - -
  • CVE-2019-11833 - -

    Man opdagede at implementeringen af filsystemet ext4, skriver - uinitialiserede data fra kernehukommelsen til nye extent-blokke. En - lokal bruger, der er i stand til at skrive til et ext4-filsystem og - derlæst kan læse filsystemsaftrykket, for eksempel ved hjælp af et - eksternt drev, kunne måske være i stand tila t anvende det til at få - adgang til følsomme oplysninger.

    • - -
  • CVE-2019-11884 - -

    Man opdagede at implementeringen af Bluetooth HIDP, ikke sikrede at nye - forbindelsesnavne blev null-termineret. En lokal bruger med kapabiliteten - CAP_NET_ADMIN, kunne måske være i standd til at anvende den til at få - adgang til følsomme oplysninger fra kernestakken.

    • - -
- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.9.168-1+deb9u3.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4465.data" diff --git a/danish/security/2019/dsa-4466.wml b/danish/security/2019/dsa-4466.wml deleted file mode 100644 index f1d91a301b5..00000000000 --- a/danish/security/2019/dsa-4466.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="33b97c7ed0c12c7701cad4a8987c6d47e6617846" mindelta="1" -sikkerhedsopdatering - -

Samuel Gross opdagede en typeforvirringsfejl i JavaScript-motoren i Mozillas -webbrowser Firefox, hvilken kunne medføre udførelse af vilkårlig kode, når man -besøger et ondsindet websted.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 60.7.1esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4466.data" diff --git a/danish/security/2019/dsa-4467.wml b/danish/security/2019/dsa-4467.wml deleted file mode 100644 index 35bc6ac96c4..00000000000 --- a/danish/security/2019/dsa-4467.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="a0d25d78b2c207b5e643fbc99f4957ec35c99fda" mindelta="1" -sikkerhedsopdatering - -

Brugeren Arminius opdagede en sårbarhed i Vim, en udvidet version af -stadard-UNIX-editoren Vi (Vi IMproved). Projektet Common vulnerabilities and -exposures, har registreret følgende problem:

- -

Editorer tilbyder typisk en måde at indlejre editoropsætningskommandoer på -(dvs. modelines), som udføres når en fil åbnes, mens skadelige kommandoer bliver -bortfiltreret af en sandkassemekanisme. Man opdagede at kommandoen -source (som anvendes til at medtage og udføre en anden fil) ikke blev -filteret, hvilket muliggjorde udførelse af shellkommandoer, med en omhyggeligt -fremstillet fil, der åbnes i Vim.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2:8.0.0197-4+deb9u2.

- -

Vi anbefaler at du opgraderer dine vim-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende vim, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/vim

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4467.data" diff --git a/danish/security/2019/dsa-4468.wml b/danish/security/2019/dsa-4468.wml deleted file mode 100644 index 55d27c9ef20..00000000000 --- a/danish/security/2019/dsa-4468.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c86d1b16df378fc0e230b32c2fd342bdb4f859b9" mindelta="1" -sikkerhedsopdatering - -

En mappegenneløbssårbarhed, på grund af et POST-parameter som ikke var -desinficeret, blev opdaget i php-horde-form, en pakke som tilbyder generering og -validering af formularer, samt anden funktionalitet til Horde Application -Framework. En angriber kunne drage nytte af fejlen til fjernudførelse af -kode.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.0.15-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine php-horde-form-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php-horde-form, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php-horde-form

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4468.data" diff --git a/danish/security/2019/dsa-4469.wml b/danish/security/2019/dsa-4469.wml deleted file mode 100644 index 3d13c3c0494..00000000000 --- a/danish/security/2019/dsa-4469.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="2c3a538ea007bd4c5a40618a3303a4fdd1c34f42" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Libvirt, et bibliotek til -virtualiseringsabstraktion, hvilket gjorde det muligt for en API-klient kun med -læserettigheder, at udføre vilkårlige kommandoer gennem API'et -virConnectGetDomainCapabilities, eller læse eller udføre vilkårlige filer gennem -API'et virDomainSaveImageGetXMLDesc API.

- -

Desuden er libvirts CPU-kort blevet opdageret, for at gøre det lettere at -løse \ -CVE-2018-3639, \ -CVE-2017-5753, \ -CVE-2017-5715, \ -CVE-2018-12126, \ -CVE-2018-12127, \ -CVE-2018-12130 og \ -CVE-2019-11091, ved at understøtte CPU-funktionerne md-clear, ssbd, -spec-ctrl og ibpb, når der vælges CPU-modeller, uden at skulle falde tilbage til -værtsvidereførsel.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 3.0.0-4+deb9u4.

- -

Vi anbefaler at du opgraderer dine libvirt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libvirt, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/libvirt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4469.data" diff --git a/danish/security/2019/dsa-4470.wml b/danish/security/2019/dsa-4470.wml deleted file mode 100644 index 9f690d84811..00000000000 --- a/danish/security/2019/dsa-4470.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="fb5a96ec54e0ff2a78b5f1e85999856b06b71db6" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i pdns, en autoritativ DNS-server, hvilke kunne -medføre lammelsesangreb gennem misdannede zonerecords og alt for mange -NOTIFY-pakker i en master/slave-opsætning.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 4.0.3-1+deb9u5.

- -

Vi anbefaler at du opgraderer dine pdns-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pdns, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pdns

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4470.data" diff --git a/danish/security/2019/dsa-4471.wml b/danish/security/2019/dsa-4471.wml deleted file mode 100644 index 156441eacc9..00000000000 --- a/danish/security/2019/dsa-4471.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="3af75f6e444d9dc3e596312bf796fc17ce2b821c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev fundet i Thunderbird, hvilke kunne føre -til udførelse af vilkårlig kode, hvis en misdannet mail blev læst.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:60.7.2-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4471.data" diff --git a/danish/security/2019/dsa-4472.wml b/danish/security/2019/dsa-4472.wml deleted file mode 100644 index 6369a6cd2ea..00000000000 --- a/danish/security/2019/dsa-4472.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f24aa5af4e55c55e5546cc0e182d5149dcbf12b0" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Expat, et C-bibliotek til fortolkning af XML, ikke på korrekt -vis håndterede XML-inddata, herunder XML-navne indeholdende et stort antal -koloner, potentielt førende til lammelsesangreb.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 2.2.0-2+deb9u2.

- -

Vi anbefaler at du opgraderer dine expat-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende expat, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/expat

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4472.data" diff --git a/danish/security/2019/dsa-4473.wml b/danish/security/2019/dsa-4473.wml deleted file mode 100644 index 0f3eb43eb8b..00000000000 --- a/danish/security/2019/dsa-4473.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="83d0c691f779c15a21f02adac794ff68e68a1f14" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev fundet i rdesktop RDP-klienten, hvilke -kunne medføre lammelsesangreb og udførelse af vilkårlig kode.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.8.6-2~deb9u1.

- -

Vi anbefaler at du opgraderer dine rdesktop-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende rdesktop, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/rdesktop

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4473.data" diff --git a/danish/security/2019/dsa-4474.wml b/danish/security/2019/dsa-4474.wml deleted file mode 100644 index 306455a50b7..00000000000 --- a/danish/security/2019/dsa-4474.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b27bc2036d776d68cce44083f71f8b58fd712902" mindelta="1" -sikkerhedsopdatering - -

Et tilfælde af undslippelse fra sandkassen, blev fundet i webbrowseren -Mozilla Firefox, hvilket potentielt kunne føre til udførelse af vilkårlig kode, -hvis det blev kombineret med yderligere sårbarheder.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 60.7.2esr-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4474.data" diff --git a/danish/security/2019/dsa-4475.wml b/danish/security/2019/dsa-4475.wml deleted file mode 100644 index 31d776c3aa7..00000000000 --- a/danish/security/2019/dsa-4475.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="aeeaf339a8d997a10158499aedcffe4ec71a7d78" mindelta="1" -sikkerhedsopdatering - -

Joran Dirk Greef opdagede at at for lange noncer, anvendt med -ChaCha20-Poly1305, på ukorrekt vis blev behandlet og kunne medføre -nonce-genbrug. Det påvirker ikke intern anvendelse i OpenSSL af -ChaCha20-Poly1305, så som TLS.

- -

I den stabile distribution (stretch), er dette problem rettet i -version 1.1.0k-1~deb9u1. Denne DSA opgraderer openssl1.0 (som ikke selv er -påvirket af -\ -CVE-2019-1543) til 1.0.2s-1~deb9u1

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4475.data" diff --git a/danish/security/2019/dsa-4476.wml b/danish/security/2019/dsa-4476.wml deleted file mode 100644 index 66545cb1334..00000000000 --- a/danish/security/2019/dsa-4476.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="bd92c39f28574e486970de3a58c1be71ac0f09ad" mindelta="1" -sikkerhedsopdatering - -

Tre sikkerhedsproblemer blev fundet i Django, et webudviklingsframework til -Python, hvilke kunne medføre lammelsesangreb, ufuldstædngi fornuftighedskontrol -af klikbare links eller manglende viderestillinger af HTTP-forespørgsler til -HTTPS.

- -

I den stabile distribution (stretch), er disse problemer rettet i -version 1:1.10.7-2+deb9u5.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-django, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-django

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4476.data" diff --git a/danish/security/2019/dsa-4477.wml b/danish/security/2019/dsa-4477.wml deleted file mode 100644 index 9a3c7a11ee1..00000000000 --- a/danish/security/2019/dsa-4477.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="0a1bc44b89e0fffc2994c5f3135054e8022f0b4a" mindelta="1" -sikkerhedsopdatering - -

Fang-Pen Lin opdagede en stakbaseret bufferoverløbsfejl i ZeroMQ, et -letvægtsbeskedbibliotek til kernen. En fjern, uautoriseret klient, som -forbinder sig til en applikation, der anvender biblioteket libzmq, der -kører med en socket der lytter med aktiveret CURVE-kryptering/-autenticikation, -kunne drage nytte af fejlen til at forårsage et lammelsesangreb eller udførelse -af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 4.2.1-4+deb9u2.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.3.1-4+deb10u1.

- -

Vi anbefaler at du opgraderer dine zeromq3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende zeromq3, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/zeromq3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4477.data" diff --git a/danish/security/2019/dsa-4478.wml b/danish/security/2019/dsa-4478.wml deleted file mode 100644 index 90b0018acae..00000000000 --- a/danish/security/2019/dsa-4478.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="749a0bde1b1978c0dc2c82599e2833b772db36e6" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i DOSBox-emulatoren, hvilke kunne medføre -udførelse af vilkårlig kode på værten, der kører DOSBox, når der blev kørt en -ondsindet udførbar fil i emulatoren.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 0.74-4.2+deb9u2.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.74-2-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine dosbox-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4478.data" diff --git a/danish/security/2019/dsa-4479.wml b/danish/security/2019/dsa-4479.wml deleted file mode 100644 index 932bfb49521..00000000000 --- a/danish/security/2019/dsa-4479.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="6bde107f0f532a81d16326f47a68480ab5eb7957" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne føre til udførelse af vilkårlig kode, udførelse af -skripter på tværs af websteder, spoofing, informationsafskløring, -lammelsesangreb eller forfalskning på tværs af websteder.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 60.8.0esr-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 60.8.0esr-1~deb10u1.

- -

\ -CVE-2019-11719 og -\ -CVE-2019-11729 er kun løst i stretch, i buster benytter Firefox den -generelle version af NSS, som bliver uploadet separat.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4479.data" diff --git a/danish/security/2019/dsa-4480.wml b/danish/security/2019/dsa-4480.wml deleted file mode 100644 index b2fba6effb8..00000000000 --- a/danish/security/2019/dsa-4480.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="98fed10448ae279b469c860c43ea27e7ac13f9b6" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i implementeringen af HyperLogLog i -Redis, en persistent key-value-database, hvilke kunne medføre lammelsesangreb -eller potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 3:3.2.6-3+deb9u3.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 5:5.0.3-4+deb10u1.

- -

Vi anbefaler at du opgraderer dine redis-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende redis, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/redis

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4480.data" diff --git a/danish/security/2019/dsa-4481.wml b/danish/security/2019/dsa-4481.wml deleted file mode 100644 index 8a637d95ff4..00000000000 --- a/danish/security/2019/dsa-4481.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="25077367f7fd816cf900e26c85e197be2c59517a" mindelta="1" -sikkerhedsopdatering - -

Harsh Jaiswal opdagede en sårbarhed i forbindelse med udførelse af en fjern -shell i ruby-mini-magick, et Ruby-bibliotek der laver en wrapper omkring -ImageMagick eller GraphicsMagick, som var udnytbar når der blev benyttet -MiniMagick::Image.open med særligt fremstillede URL'er, der kommer fra -fornuftighedskontrollede brugerinddata.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 4.5.1-1+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.9.2-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine ruby-mini-magick-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-mini-magick, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-mini-magick

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4481.data" diff --git a/danish/security/2019/dsa-4482.wml b/danish/security/2019/dsa-4482.wml deleted file mode 100644 index 05171a98cd6..00000000000 --- a/danish/security/2019/dsa-4482.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="699db9248969d8892802c24158bf1b6bf215a684" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke potentielt -kunne medføre udførelse af vilkårlig kode, udførelser af skripter på tværs af -websteder, spoofing, informationsafsløring, lammelsesangreb eller forfalskning -af forespørgsler på tværs af websteder.

- - - -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:60.8.0-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:60.8.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4482.data" diff --git a/danish/security/2019/dsa-4483.wml b/danish/security/2019/dsa-4483.wml deleted file mode 100644 index f4a135a897e..00000000000 --- a/danish/security/2019/dsa-4483.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="a519393250458ed72be6cc6df911105563ae120c" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer er opdaget i LibreOffice:

- -
    - -
  • CVE-2019-9848 - -

    Nils Emmerich opdagede at ondsindede dokumenter kunne udføre vilkårlig - Python-kode gennem LibreLogo.

    • - -
  • CVE-2019-9849 - -

    Matei Badanoiu opdagede at stealth-tilstanden ikke gjaldt - punktopstillingsgrafikken.

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:5.2.7-1+deb9u9.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:6.1.5-3+deb10u2.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libreoffice, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libreoffice

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4483.data" diff --git a/danish/security/2019/dsa-4484.wml b/danish/security/2019/dsa-4484.wml deleted file mode 100644 index bd9312bb191..00000000000 --- a/danish/security/2019/dsa-4484.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="1ac8218b729e6fe62e8b52eb754400fe4a637557" mindelta="1" -sikkerhedsopdatering - -

Jann Horn opdagede at undersystemet ptrace i Linux-kernen fejlbehandlede -håndteringen af legitimeringsoplysninger hørende til en proces, der ønsker at -etablere et forhold til ptrace, hvilket gjorde det muligt for en lokal bruger at -få root-rettigheder under visse omstændigheder.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 4.9.168-1+deb9u4.

- -

I den stabile distribution (buster), er dette problem rettet i version -4.19.37-5+deb10u1. Opdateringen indeholder også en rettelse af en regression, -som opstod ved den oprindelige rettelse af -\ -CVE-2019-11478 (#930904).

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4484.data" diff --git a/danish/security/2019/dsa-4485.wml b/danish/security/2019/dsa-4485.wml deleted file mode 100644 index a970be5329e..00000000000 --- a/danish/security/2019/dsa-4485.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="d744693800e0dd8bd5f4734db3d95b1dab155059" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, medførende -informationsafsløring, lammelsesangreb eller omgåelse af sandkassebegrænsninger. -Desuden er implementeringen af elliptisk kurve-kryptografi blevet -moderniseret.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 8u222-b10-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine openjdk-8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-8, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4485.data" diff --git a/danish/security/2019/dsa-4486.wml b/danish/security/2019/dsa-4486.wml deleted file mode 100644 index a2ab6705d75..00000000000 --- a/danish/security/2019/dsa-4486.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e5aeb8a6308fc885fa2d845272729cfc2dcaed66" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, medførende -informationsafsløring, lammelsesangreb eller omgåelse af sandkassebegrænsninger. -Desuden er implementeringen af elliptisk kurve-kryptografi blevet -moderniseret.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 11.0.4+11-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine openjdk-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4486.data" diff --git a/danish/security/2019/dsa-4487.wml b/danish/security/2019/dsa-4487.wml deleted file mode 100644 index ad075eae85d..00000000000 --- a/danish/security/2019/dsa-4487.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="9670408dbef0857a0fa087288e7c4b76b64ca2fb" mindelta="1" -sikkerhedsopdatering - -

Brugeren Arminius opdagede en sårbarhed i Vim, en udvidet udgave af -UNIX-standardeditoren Vi (Vi IMproved), hvilket også påvirkede forgrenignen -Neovim, en udvidbar editor med fokus på moderne kode og funktionalitet:

- -

Editorer giver typisk mulighed for at indlejre editoropsætningskommandoer -(dvs. modelines), som udføres når en fil åbnes, mens skadelige kommandoer -bortfiltreres af en sandkassemekanisme. Man opdagede at -source-kommandoen (som anvendes til at indlæse og udføre en anden fil) -blev ikke filtreret, hvilket tillod udførelse af shell-kommandoer med en -omhyggeligt fabrikeret fil, der er åbnet i Neovim.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 0.1.7-4+deb9u1.

- -

Vi anbefaler at du opgraderer dine neovim-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4487.data" diff --git a/danish/security/2019/dsa-4488.wml b/danish/security/2019/dsa-4488.wml deleted file mode 100644 index ebfadd7f817..00000000000 --- a/danish/security/2019/dsa-4488.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b6298f6832e320a5ee8a2edc330a4cc1c4edb714" mindelta="1" -sikkerhedsopdatering - -

Jeremy Harris opdagede at Exim, en mailtransportagent, ikke på korrekt vis -håndtere ${sort }-udvidelsen. Fejlen kunne udnyttess af en fjernangriber -til at udføre programmer med root-rettigheder i ikke-standard (og usædvanlige) -opsætninger, hvor ${sort }-udvidelsen anvendes til elementer, der kan -kontrolleres af en angriber.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 4.89-2+deb9u5.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.92-8+deb10u1.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4488.data" diff --git a/danish/security/2019/dsa-4489.wml b/danish/security/2019/dsa-4489.wml deleted file mode 100644 index 7c43bd8e4a0..00000000000 --- a/danish/security/2019/dsa-4489.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="28571f1f95b81eb7b756c120eb0962f456fdea16" mindelta="1" -sikkerhedsopdatering - -

Imre Rad opdagede flere sårbarheder i GNU patch, førende til indsprøjtning af -shell-kommandoer eller undslippelse fra arbejdsmappen, og adgang samt -overskrivelse af filer, hvis særligt fabrikerede patchfiler blev behandlet.

- -

Opdateringen indeholder en fejlrettelse af en regression opstået ved -løsningen af -\ -CVE-2018-1000156, når der udføres en ed-lignende patch (#933140).

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 2.7.5-1+deb9u2.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.7.6-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine patch-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende patch, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/patch

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4489.data" diff --git a/danish/security/2019/dsa-4490.wml b/danish/security/2019/dsa-4490.wml deleted file mode 100644 index 59e1233af8e..00000000000 --- a/danish/security/2019/dsa-4490.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="bbdc5fdd9cf31c8e006e51f38f90961f3cb78f42" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Subversion, et versionsstyringssystem. -Projektet Common Vulnerabilities and Exposures har registreret følgende -problemer:

- -
    - -
  • CVE-2018-11782 - -

    Ace Olszowka rapporterede at Subversions svnserve-serverproces kunne - afslutte, når en veldannet readonly-forespørgsel medførte et bestemt - svar, førende til et lammelsesangreb.

    • - -
  • CVE-2019-0203 - -

    Tomas Bortoli rapporterede at Subversions svnserve-serverproces kunne - afslutte, når en klient sender visse sekvenser af protokolkommandoer. Hvis - serveren er opsat med aktiveret anonym adgang, kunne det føre til et fjernt - uautentificeret lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.9.5-1+deb9u4.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.10.4-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine subversion-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende subversion, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/subversion

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4490.data" diff --git a/danish/security/2019/dsa-4491.wml b/danish/security/2019/dsa-4491.wml deleted file mode 100644 index 3a4d3cdd746..00000000000 --- a/danish/security/2019/dsa-4491.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="cd7dc14fad41ff44dc0be30b055527d3a7b2e929" mindelta="1" -sikkerhedsopdatering - -

Tobias Maedel opdagede at modulet mod_copy i ProFTPD, en -FTP-/SFTP-/FTPS-server, udførte ufuldstændig rettighedsvalidering af -CPFR-/CPTO-kommander.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.3.5b-4+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.3.6-4+deb10u1.

- -

Vi anbefaler at du opgraderer dine proftpd-dfsg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende proftpd-dfsg, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/proftpd-dfsg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4491.data" diff --git a/danish/security/2019/dsa-4492.wml b/danish/security/2019/dsa-4492.wml deleted file mode 100644 index 14dfc9658f3..00000000000 --- a/danish/security/2019/dsa-4492.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="b543826cf91a197de2f12cb175e7cb663e02fbe3" mindelta="1" -sikkerhedsopdatering - -

Et problem er opdaget i databasesystemet PostgreSQL, hvilket kunne medføre -rettighedsforøgelse.

- -

For yderligere oplysninger, se opstrøms annoncering på -\ -https://www.postgresql.org/about/news/1960/

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 9.6.15-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.6-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende postgresql-9.6, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/postgresql-9.6

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4492.data" diff --git a/danish/security/2019/dsa-4493.wml b/danish/security/2019/dsa-4493.wml deleted file mode 100644 index 8872e0e931a..00000000000 --- a/danish/security/2019/dsa-4493.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="f6ed8926284e324b590e8b1341a32f9c15e87285" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer er opdaget i databasesystemet PostgreSQL, hvilke kunne -medføre rettighedsforøgelse, lammelsesangreb eller hukommelsesafsløring.

- -

For yderligere oplysninger, se opstrøms annoncering på -\ -https://www.postgresql.org/about/news/1960/

- -

I den stabile distribution (buster), er disse problemer rettet i -version 11.5-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine postgresql-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende postgresql-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/postgresql-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4493.data" diff --git a/danish/security/2019/dsa-4494.wml b/danish/security/2019/dsa-4494.wml deleted file mode 100644 index b94957455df..00000000000 --- a/danish/security/2019/dsa-4494.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="e2a0febe5662aba5663827024c6257324ba5d9bd" mindelta="1" -sikkerhedsopdatering - -

Dominik Penner opdagede at KConfig, KDE's framework til opstæning af -indstillinger, understøttede en funktion til definering af udførelse af -shell-kommandoer i .desktop-filer. Hvis en bruger modtager en misdannet -.desktop-fil (fx hvis den er indlejret i et downloadet arkiv, og det bliver -åbnet i en filbrowser), kunne vilkårlige kommandoer blive udført. Denne -opdatering fjerner funktionen.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 5.28.0-2+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 5.54.0-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine kconfig-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende kconfig, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/kconfig

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4494.data" diff --git a/danish/security/2019/dsa-4495.wml b/danish/security/2019/dsa-4495.wml deleted file mode 100644 index 1ba0e8047d6..00000000000 --- a/danish/security/2019/dsa-4495.wml +++ /dev/null @@ -1,119 +0,0 @@ -#use wml::debian::translation-check translation="2b74abc752f8e4232fe85da5b7c01782113a2f4d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, som kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2018-20836 - -

    chenxiang rapporterede om en kapløbstilstand i libsas, kerneundersystemet - som understøtter Serial Attached SCSI-enheder (SAS), hvilket kunne føre til - en anvendelse efter frigivelse. Det står ikke klart hvordan det kan - udnyttes.

    • - -
  • CVE-2019-1125 - -

    Man opdagede at de fleste x86-processorer kunne spekulativt springe over - en betinget SWAPGS-instruktion, som anvendes når man går ind i kernen fra - brugertilstand, og/eller kunne spekulativt udføre den, når den skulle - springes over. Det er en undertype af Spectre variant 1, som kunne gøre det - muligt for lokale brugere at få adgang til følsomme oplysninger fra kernen - eller andre processer. Det er løst ved at anvende hukommelsesbarrierer til - at begrænse spekulativ udførelse. Systemer, der anvender en i386-kerne, er - ikke påvirket, da kernen ikke anvender SWAPGS.

    • - -
  • CVE-2019-1999 - -

    En kapløbstilstand blev opdaget i Android-binderdriveren, hvilken kunne - føre til en anvendelse efter frigivelse. Hvis denne driver er indlæst, - kunne en lokal bruger måske være i stand til at anvende fejlen til et - lammelsesangreb (hukommelseskorruption) eller til - rettighedsforøgelse.

    • - -
  • CVE-2019-10207 - -

    Værktøjet syzkaller fandt en potentiel nulldereference i forskellige - drivere til UART-tilsluttede Bluetooth-adaptere. En lokal bruger med - adgang til en pty-enhed eller andre passende tty-enheder, kunne anvende - fejlen til et lammelsesangreb (BUG/oops).

    • - -
  • CVE-2019-10638 - -

    Amit Klein og Benny Pinkas opdagede at genereringen af IP-pakke-id'er - anvendte en svag hash-funktion, jhash. Det kunne medføre sporing af - individuelle computere, når de kommunikerer med forskellige fjerne servere - og fra forskellige netværk. I stedet anvendes nu funktionen - siphash.

    • - -
  • CVE-2019-12817 - -

    Man opdagede at på PowerPC-arkitekturen (ppc64el), håndterede hash page - table-koden (HPT) ikke på korrekt vis fork() i en proces med hukommelses - mappet til adresser over 512 TiB. Det kunne føre til anvendelse efter - frigivelse i kernen, eller utilsigtet deling af hukommelse mellem - brugerprocesser. En lokal bruger kunne anvende fejlen til - rettighedsforøgelse. Systemer, der anvender radix MMU'en, eller en - skræddersyet kerne med en sidestørrelse på 4 KiB, er ikke - påvirkede.

    • - -
  • CVE-2019-12984 - -

    Man opdagede at implementeringen af NFC-protokollen ikke på korrekt vis - validerede en netlink-kontrolmeddelelse, potentielt førende til en - nullpointerdereference. En lokal bruger med en NFC-grænseflade, kunne - udnytte fejlen til lammelsesangreb (BUG/oops).

    • - -
  • CVE-2019-13233 - -

    Jann Horn opdagede en kapløbstilstand på x86-arkitekturen, ved anvendelse - af LDT'en. Det kunne føre til anvendelse efter frigivelse. En lokal bruger - kunne måske anvende fejlen til lammelsesangreb.

    • - -
  • CVE-2019-13631 - -

    Man opdagede at gtco-driveren til USB-inputtablets kunne overløbe en - stakbuffer med konstante data, mens en enheds descriptor blev fortolket. En - fysisk tilstedeværende bruger med en særligt fremstillet USB-enhed, kunne - udnytte fejlen til at forårsage et lammelsesangreb (BUG/oops) eller måske - til rettighedsforøgelse.

    • - -
  • CVE-2019-13648 - -

    Praveen Pandey rapporterede at på PowerPC-systemer (ppc64el) uden - Transactional Memory (TM), forsøgte kernen alligevel at gendanne TM-state - overført til systemkaldet sigreturn() system call. En lokal bruger kunne - udnytte fejlen til lammelsesangreb (oops).

    • - -
  • CVE-2019-14283 - -

    Værktøjet syzkaller fandt en manglende grænsekontrol i diskettedriveren. - En lokal bruger med adgang til en disketteenhed, uden en diskette, kunne - anvende fejlen til at læse kernehukommelse ud over I/O-bufferen, og måske - få fat i følsomme oplysninger.

    • - -
  • CVE-2019-14284 - -

    Værktøjet syzkaller fandt en potentiel division med nul i - diskettedriveren. En lokal bruger med adgang til en disketteenhed, kunne - anvende fejlen til lammelsesangreb (oops).

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.19.37-5+deb10u2.

- -

I den gamle stabile distribution (stretch), vil disse problemer snart blive -rettet.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4495.data" diff --git a/danish/security/2019/dsa-4496.wml b/danish/security/2019/dsa-4496.wml deleted file mode 100644 index dc2dfd9c03a..00000000000 --- a/danish/security/2019/dsa-4496.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="3edf351d0a6cb56a3b6226b235880a5a5340ee13" mindelta="1" -sikkerhedsopdatering - -

Benno Fuenfstueck opdagede at Pango, et bibliotek til layout og rendering af -tekst med fokus på internationalisering, var ramt af en heapbaseret -bufferoverløbsfejl i funktionen pango_log2vis_get_embedding_levels. En angriber -kunne drage nytte af fejlen til lammelsesangreb eller potentielt udførelse af -vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.42.4-7~deb10u1.

- -

Vi anbefaler at du opgraderer dine pango1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pango1.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pango1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4496.data" diff --git a/danish/security/2019/dsa-4497.wml b/danish/security/2019/dsa-4497.wml deleted file mode 100644 index 3cb4918fbc7..00000000000 --- a/danish/security/2019/dsa-4497.wml +++ /dev/null @@ -1,161 +0,0 @@ -#use wml::debian::translation-check translation="4f5ef50b5d7008577cb1752c366cedd8f01980e3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2015-8553 - -

    Jan Beulich opdagede at - \ - CVE-2015-2150 ikke var løst fuldstændigt. Hvis en fysisk PCI-funktion - blev overført til en Xen-gæst, kunne gæsten var i stand til at tilgå dens - hukommelse og I/O-områder, før dekodning af disse områder blev aktiveret. - Det kunne medføre et lammelsesangreb (uventet NMI) på værten.

    - -

    Rettelsen af denne fejl er ikke kompatibel med versioner af qemu før - 2.5.

    • - -
  • CVE-2017-18509 - -

    Denis Andzakovic rapporterede om en manglende typekontrol i - implementeringen af IPv4 multicast-routing. En bruger med muligheden - CAP_NET_ADMIN (i et vilkårlig brugernavnerum) kunne udnytte fejlen til - lammelsesangreb (hukommelseskorruption eller nedbrud) eller måske til - rettighedsforøgelse.

    • - -
  • CVE-2018-5995 - -

    ADLab fra VenusTech opdagede at kernen loggede den virtuelle adresse, som - tildeles pr.-CPU-data, hvilket kunne gøre det lettere at udnytte andre - sårbarheder.

    • - -
  • CVE-2018-20836 - -

    chenxiang rapporterede om en kapløbstilstand i libsas, kerneundersystemet - som understøtter Serial Attached SCSI-enheder (SAS), hvilket kunne føre til - en anvendelse efter frigivelse. Det står ikke klart hvordan det kan - udnyttes.

    • - -
  • CVE-2018-20856 - -

    Xiao Jin rapporterede om en potentiel dobbelt frigivelse i - block-undersystemet, i tilfælde af en fejl opstod mens en I/O-scheduler - blev initialiseret for en blockenhed. Det står ikke klart hvorvidt denne - fejl kan udnyttes.

    • - -
  • CVE-2019-1125 - -

    Man opdagede at de fleste x86-processorer kunne spekulativt springe over - en betinget SWAPGS-instruktion, som anvendes når man går ind i kernen fra - brugertilstand, og/eller kunne spekulativt udføre den, når den skulle - springes over. Det er en undertype af Spectre variant 1, som kunne gøre det - muligt for lokale brugere at få adgang til følsomme oplysninger fra kernen - eller andre processer. Det er løst ved at anvende hukommelsesbarrierer til - at begrænse spekulativ udførelse. Systemer, der anvender en i386-kerne, er - ikke påvirket, da kernen ikke anvender SWAPGS.

    • - -
  • CVE-2019-3882 - -

    Man opdagede at implementeringen af vfio ikke begrænsede antallet af - DMA-mapninger til enhedshukommelse. En lokal bruger, der har fået ejerskab - af en vfio-enhed, kunne udnytte fejlen til at forårsage et lammelsesangreb - (ikke mere hukommelse-tilstand).

    • - -
  • CVE-2019-3900 - -

    Man opdagede at vhost-driverne ikke på korrekt vis kontrollerede mængden - af arbejde der blev gjort for at betjene forespørgsler fra gæste-VM'er. En - ondsindet gæst kunne udnytte fejlen til at forårsage et lammelsesangreb - (ubegrænset CPU-forbrug) på værten.

    • - -
  • CVE-2019-10207 - -

    Værktøjet syzkaller fandt en potentiel nulldereference i forskellige - drivere til UART-tilsluttede Bluetooth-adaptere. En lokal bruger med - adgang til en pty-enhed eller andre passende tty-enheder, kunne anvende - fejlen til et lammelsesangreb (BUG/oops).

    • - -
  • CVE-2019-10638 - -

    Amit Klein og Benny Pinkas opdagede at genereringen af IP-pakke-id'er - anvendte en svag hash-funktion, jhash. Det kunne medføre sporing af - individuelle computere, når de kommunikerer med forskellige fjerne servere - og fra forskellige netværk. I stedet anvendes nu funktionen - siphash.

    • - -
  • CVE-2019-10639 - -

    Amit Klein og Benny Pinkas opdagede at genereringen af IP-pakke-id'er - anvendte en svag hash-funktion, der integrerede en virtuel kerneadresse. - Denne hash-funktion anvendes ikke længere IP-id'er, selv om den stadig - anvendes til andre formål i netværksstakken.

    • - -
  • CVE-2019-13631 - -

    Man opdagede at gtco-driveren til USB-inputtablets kunne overløbe en - stakbuffer med konstante data, mens en enheds descriptor blev fortolket. En - fysisk tilstedeværende bruger med en særligt fremstillet USB-enhed, kunne - udnytte fejlen til at forårsage et lammelsesangreb (BUG/oops) eller måske - til rettighedsforøgelse.

    • - -
  • CVE-2019-13648 - -

    Praveen Pandey rapporterede at på PowerPC-systemer (ppc64el) uden - Transactional Memory (TM), forsøgte kernen alligevel at gendanne TM-state - overført til systemkaldet sigreturn() system call. En lokal bruger kunne - udnytte fejlen til lammelsesangreb (oops).

    • - -
  • CVE-2019-14283 - -

    Værktøjet syzkaller fandt en manglende grænsekontrol i diskettedriveren. - En lokal bruger med adgang til en disketteenhed, uden en diskette, kunne - anvende fejlen til at læse kernehukommelse ud over I/O-bufferen, og måske - få fat i følsomme oplysninger.

    • - -
  • CVE-2019-14284 - -

    Værktøjet syzkaller fandt en potentiel division med nul i - diskettedriveren. En lokal bruger med adgang til en disketteenhed, kunne - anvende fejlen til lammelsesangreb (oops).

    • - -
  • CVE-2019-15239 - -

    Denis Andzakovic rapporterede om en mulig anvendelse efter frigivelse i - implementeringen af TCP-sockets. En lokal bruger kunne udnytte fejlen til - lammelsesangreb (hukommelseskorruption eller nedbrud) eller måske til - rettighedsforøgelse.

    • - -
  • (CVE-id endnu ikke tildelt) - -

    Undersystemet netfilter-conntrack anvendte kerneadresser som id'er - synlige for brugerne, hvilket kunne gøre det lettere at udnytte andre - sikkerhedssårbarheder.

    • - -
  • XSA-300 - -

    Julien Grall rapporterede at Linux ikke begrænsede mængden af hukommelse, - som et domæne forsøger at udvide, der var heller ikke begrænsning af mængden - af foreign/grant map-hukommelse, som hver enkelt gæst kan forbruge, - førende til lammelsesangrebstilstande (for værter eller gæster).

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 4.9.168-1+deb9u5.

- -

I den stabile distribution (buster), er disse problemer primært løst -i version 4.19.37-5+deb10u2 eller tidligere.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4497.data" diff --git a/danish/security/2019/dsa-4498.wml b/danish/security/2019/dsa-4498.wml deleted file mode 100644 index d0e8f691ffe..00000000000 --- a/danish/security/2019/dsa-4498.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="77a180a465343e9516a98959a7a6cb095ce570b9" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i python-django, et webudviklingsframework. -De kunne føre til fjernt lammelsesangreb eller SQL-indsprøjtning.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:1.10.7-2+deb9u6.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:1.11.23-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-django, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-django

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4498.data" diff --git a/danish/security/2019/dsa-4499.wml b/danish/security/2019/dsa-4499.wml deleted file mode 100644 index abd8855c289..00000000000 --- a/danish/security/2019/dsa-4499.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="65aeebeeb680b006b7abd280632468d607d2602f" mindelta="1" -sikkerhedsopdatering - -

Netanel rapporterede at proceduren .buildfont1 i Ghostscript, en GPL -PostScript-/PDF-fortolker, ikke på korrekt vis begrænsede priviligerede kald, -hvilket kunne medføre omgåelse af filsystemrestriktioner vedrørende -dSAFER-sandkassen.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 9.26a~dfsg-0+deb9u4.

- -

I den stabile distribution (buster), er dette problem rettet i -version 9.27~dfsg-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ghostscript, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ghostscript

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4499.data" diff --git a/danish/security/2019/dsa-4500.wml b/danish/security/2019/dsa-4500.wml deleted file mode 100644 index 23592aedf6a..00000000000 --- a/danish/security/2019/dsa-4500.wml +++ /dev/null @@ -1,262 +0,0 @@ -#use wml::debian::translation-check translation="3a434572e5a5011fce231866da5376d28082ebe6" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2019-5805 - -

    Et problem med anvendelse efter frigivelse blev opdaget i biblioteket - pdfium.

    • - -
  • CVE-2019-5806 - -

    Wen Xu opdagede et heltalsoverløbsproblem i biblioteket Angle.

    • - -
  • CVE-2019-5807 - -

    TimGMichaud opdagede et problem med hukommelseskorruption i - JavaScript-biblioteket v8.

    • - -
  • CVE-2019-5808 - -

    cloudfuzzer opdagede et problem med anvendelse efter frigivelse i - Blink/Webkit.

    • - -
  • CVE-2019-5809 - -

    Mark Brand opdagede et problem med anvendelse efter frigivelse i Blink/Webkit.

    • - -
  • CVE-2019-5810 - -

    Mark Amery opdagede et problem med informationsafsløring.

    • - -
  • CVE-2019-5811 - -

    Jun Kokatsu opdagede en måde at omgå funktionaliteten Cross-Origin - Resource Sharing på.

    • - -
  • CVE-2019-5813 - -

    Aleksandar Nikolic opdagede et problem med læsning udenfor grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2019-5814 - -

    @AaylaSecura1138 opdagede en måde at omgå funktionaliteten Cross-Origin - Resource Sharing på.

    • - -
  • CVE-2019-5815 - -

    Nicolas Grégoire opdagede et bufferoverløbsproblem i Blink/Webkit.

    • - -
  • CVE-2019-5818 - -

    Adrian Tolbaru opdagede et problem med en uinitialiseret værdi.

    • - -
  • CVE-2019-5819 - -

    Svyat Mitin opdagede en fejl i developer tools.

    • - -
  • CVE-2019-5820 - -

    pdknsk opdagede et heltalsoverløbsproblem i biblioteket pdfium.

    • - -
  • CVE-2019-5821 - -

    pdknsk opdagede et andet heltalsoverløbsproblem i biblioteket - pdfium.

    • - -
  • CVE-2019-5822 - -

    Jun Kokatsu opdagede en måde at omgå funktionaliteten Cross-Origin - Resource Sharing på.

    • - -
  • CVE-2019-5823 - -

    David Erceg opdagede en navigeringsfejl.

    • - -
  • CVE-2019-5824 - -

    leecraso og Guang Gong opdagede en fejl i medieafspilleren.

    • - -
  • CVE-2019-5825 - -

    Genming Liu, Jianyu Chen, Zhen Feng og Jessica Liu opdagede et problem - med læsning udenfor grænserne i JavaScript-biblioteket v8.

    • - -
  • CVE-2019-5826 - -

    Genming Liu, Jianyu Chen, Zhen Feng og Jessica Liu opdagede et problem - med anvendelse efter frigivelse.

    • - -
  • CVE-2019-5827 - -

    mlfbrown opdagede et problem med læsning udenfor grænserne i biblioteket - sqlite.

    • - -
  • CVE-2019-5828 - -

    leecraso og Guang Gong opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2019-5829 - -

    Lucas Pinheiro opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2019-5830 - -

    Andrew Krashichkov opdagede en credentialfejl i funktionaliteten - Cross-Origin Resource Sharing.

    • - -
  • CVE-2019-5831 - -

    yngwei opdagede en mapningsfejl i JavaScript-biblioteket v8.

    • - -
  • CVE-2019-5832 - -

    Sergey Shekyan opdagede en fejl i funktionaliteten Cross-Origin Resource - Sharing.

    • - -
  • CVE-2019-5833 - -

    Khalil Zhani opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2019-5834 - -

    Khalil Zhani opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2019-5836 - -

    Omair opdagede et bufferoverløbsproblem i biblioteket Angle.

    • - -
  • CVE-2019-5837 - -

    Adam Iawniuk opdagede et problem med informationsafsløring.

    • - -
  • CVE-2019-5838 - -

    David Erceg opdagede en fejl i udvidelsers rettigheder.

    • - -
  • CVE-2019-5839 - -

    Masato Kinugawa opdagede implementeringsfejl i Blink/Webkit.

    • - -
  • CVE-2019-5840 - -

    Eliya Stein og Jerome Dangu opdagede en måde at omgå - popupblokeringen.

    • - -
  • CVE-2019-5842 - -

    BUGFENSE opdagede et problem med anvendelse efter frigivelse i - Blink/Webkit.

    • - -
  • CVE-2019-5847 - -

    m3plex opdagede en fejl i JavaScript-biblioteket v8.

    • - -
  • CVE-2019-5848 - -

    Mark Amery opdagede et informationsafsløringsproblem.

    • - -
  • CVE-2019-5849 - -

    Zhen Zhou opdagede en læsning udenfor grænserne i biblioteket - Skia.

    • - -
  • CVE-2019-5850 - -

    Brendon Tiszka opdagede et problem med anvendelse efter frigivelse i - offlineside-henteren.

    • - -
  • CVE-2019-5851 - -

    Zhe Jin opdagede et problem med anvendelse efter forgiftning.

    • - -
  • CVE-2019-5852 - -

    David Erceg opdagede et informationsafsløringsproblem.

    • - -
  • CVE-2019-5853 - -

    Yngwei og sakura opdagede et problem med hukommelseskorruption.

    • - -
  • CVE-2019-5854 - -

    Zhen Zhou opdagede et heltalsoverløbsproblem i biblioteket - pdfium.

    • - -
  • CVE-2019-5855 - -

    Zhen Zhou opdagede et heltalsoverløbsproblem i biblioteket - pdfium.

    • - -
  • CVE-2019-5856 - -

    Yongke Wang opdagede en fejl i forbindelse med filsystem: - URI-rettigheder.

    • - -
  • CVE-2019-5857 - -

    cloudfuzzer opdagede en måde at få chromium til at gå ned på.

    • - -
  • CVE-2019-5858 - -

    evil1m0 opdagede et problem med informationsafsløring.

    • - -
  • CVE-2019-5859 - -

    James Lee opdagede en måde at starte alternative browsere på.

    • - -
  • CVE-2019-5860 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - JavaScript-biblioteket v8.

    • - -
  • CVE-2019-5861 - -

    Robin Linus opdagede en fejl i fastlæggelsen af hvor et klik blev - foretaget.

    • - -
  • CVE-2019-5862 - -

    Jun Kokatsu opdagede en fejl i implementeringen af AppCache.

    • - -
  • CVE-2019-5864 - -

    Devin Grindle opdagede en fejl i funktionaliten Cross-Origin Resourse - Sharing til udvidelser.

    • - -
  • CVE-2019-5865 - -

    Ivan Fratric opdagede en måde at omgå funktionaliteten til - webstedsisolation.

    • - -
  • CVE-2019-5867 - -

    Lucas Pinheiro opdagede et problem med læsning udenfor grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2019-5868 - -

    banananapenguin opdagede et problem med anvendelse efter frigivelse i - JavaScript-biblioteket v8.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 76.0.3809.100-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4500.data" diff --git a/danish/security/2019/dsa-4501.wml b/danish/security/2019/dsa-4501.wml deleted file mode 100644 index 385f39f2d75..00000000000 --- a/danish/security/2019/dsa-4501.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="227bcefec15ae1228bb8a066c501b02e7674d310" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at koderettelserne til løsningen af -\ -CVE-2018-16858 og -\ -CVE-2019-9848 ikke var fuldstændige.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:5.2.7-1+deb9u10.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:6.1.5-3+deb10u3.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libreoffice, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libreoffice

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4501.data" diff --git a/danish/security/2019/dsa-4502.wml b/danish/security/2019/dsa-4502.wml deleted file mode 100644 index 3aef698357f..00000000000 --- a/danish/security/2019/dsa-4502.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="5fff986997c3e1e9483387fcbd8c7504d8adb1e8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i multimedieframeworket FFmpeg, hvilke -kunne medføre lammelsesangreb eller potentielt til udførelse af vilkårlig kode, -hvis misdannede filer/streams blev behandlet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 7:4.1.4-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ffmpeg, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ffmpeg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4502.data" diff --git a/danish/security/2019/dsa-4503.wml b/danish/security/2019/dsa-4503.wml deleted file mode 100644 index 53cb9a1fdc4..00000000000 --- a/danish/security/2019/dsa-4503.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="de89bdd77e63a7302f2e07515418c51eb48e6b04" mindelta="1" -sikkerhedsopdatering - -

Tre sårbarheder er opdaget i programmeringssproget Go: "net/url" accepterede -nogle ugyldige værter i URL'er, hvilket kunne medføre omgåelse af autorisation i -nogle applikationer, desuden var implementeringen af HTTP/2 sårbar overfor -lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.11.6-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine golang-1.11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende golang-1.11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/golang-1.11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4503.data" diff --git a/danish/security/2019/dsa-4504.wml b/danish/security/2019/dsa-4504.wml deleted file mode 100644 index e6a00f9821f..00000000000 --- a/danish/security/2019/dsa-4504.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="3fa0183b450f2fae7e2922ed7c01c1a7a4dbf462" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i medieafspilleren VLC, hvilke -kunne medføre udførelse af vilkårlig kode eller lammelsesangreb, hvis en -misdannet fil/stream blev behandlet.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 3.0.8-0+deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 3.0.8-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende vlc, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/vlc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4504.data" diff --git a/danish/security/2019/dsa-4505.wml b/danish/security/2019/dsa-4505.wml deleted file mode 100644 index 840b884f4ba..00000000000 --- a/danish/security/2019/dsa-4505.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="f5cd46c3e3924ab23d0d4f1d513135cf447a4a23" mindelta="1" -sikkerhedsopdatering - -

Tre sårbarheder blev opdaget i HTTP/2-koden i Nginx, en højtydende web- og -reverseproxyserver, hvilke kunne medføre lammelsesangreb.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.10.3-1+deb9u3.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.14.2-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nginx, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nginx

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4505.data" diff --git a/danish/security/2019/dsa-4506.wml b/danish/security/2019/dsa-4506.wml deleted file mode 100644 index 1df36e14360..00000000000 --- a/danish/security/2019/dsa-4506.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="cbab5335c764283922ad7e91ad6fe0d0bb8e6bf8" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i QEMU, en hurtig -processoremulator, hvilke kunne medføre lammelsesangreb, udførelse af vilkårlig -kode eller omgåelse af ACL'er.

- -

Desuden rettes med opdateringen en regression, der kunne medføre hængende -NBD-forbindelser.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:2.8+dfsg-6+deb9u8.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qemu, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qemu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4506.data" diff --git a/danish/security/2019/dsa-4507.wml b/danish/security/2019/dsa-4507.wml deleted file mode 100644 index 9a106c3fbda..00000000000 --- a/danish/security/2019/dsa-4507.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="3af4060645645520f7827d5fbf76af3c6bb56ea3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Squid, en komplet webproxycache. Fejlene i -behandlingen af HTTP Digest Authentication, HTTP Basic Authentication og i -cachemgr.cgi, gjorde det muligt for fjernangribere at iværksætte lammelsesangreb -og udførelse af skripter på tværs af websteder, samt potentielt udførelse af -vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.6-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine squid-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende squid, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/squid

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4507.data" diff --git a/danish/security/2019/dsa-4508.wml b/danish/security/2019/dsa-4508.wml deleted file mode 100644 index ed2f45e105d..00000000000 --- a/danish/security/2019/dsa-4508.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="404cce71ee05931afe05b1f7983eee244c2aa6a5" mindelta="1" -sikkerhedsopdatering - -

Tre sårbarheder blev opdaget i HTTP/2-koden i H2O HTTP-serveren, hvilke kunne -medføre lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.2.5+dfsg2-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine h2o-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende h2o, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/h2o

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4508.data" diff --git a/danish/security/2019/dsa-4509.wml b/danish/security/2019/dsa-4509.wml deleted file mode 100644 index 995e286fb3c..00000000000 --- a/danish/security/2019/dsa-4509.wml +++ /dev/null @@ -1,63 +0,0 @@ -#use wml::debian::translation-check translation="b917e690cbacd447496fcc36bb3b22df5d6873b2" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i Apache HTTPD-serveren.

- -
    - -
  • CVE-2019-9517 - -

    Jonathan Looney rapporterede at en ondsindet klient kunne iværksætte - lammelsesangreb (udmattelse af h2-workers) ved at oversvømme en forbindelse - med forespørgsler, og ikke læse svar på TCP-forbindelsen.

    • - -
  • CVE-2019-10081 - -

    Craig Young rapporterede at HTTP/2-PUSH kunne føre til en overskrivning - af hukommelse i den push'ende forespørgsels pool, førende til - nedbrud.

    • - -
  • CVE-2019-10082 - -

    Craig Young rapporterede at man kunne få HTTP/2-sessionhåndteringen kunne - til at læse hukommelse efter den var frigivet, under nedlukning af en - forbindelse.

    • - -
  • CVE-2019-10092 - -

    Matei Mal Badanoiu rapporterede om en begrænset sårbarhed i - forbindelse med udførelse af skripter på tværs af websteder på - mod_proxys fejlside.

    • - -
  • CVE-2019-10097 - -

    Daniel McCarney rapporterede at når mod_remoteip var opsat til at anvende - en mellemliggende proxyserver, som der er tillid til, ved hjælp af - PROXY-protokollen, kunne en særligt fremstillet PROXY-header udløse - et stakbrugeroverløb eller en NULL-pointerdeference. Sårbarheden kunne kun - udløses af en proxy, man har tillid til, og ikke af HTTP-klienter, men ikke - har tillid til. Problemet påvirker ikke stretch-udgaven.

    • - -
  • CVE-2019-10098 - -

    Yukitsugu Sasaki rapporterede om en potentiel åben - viderestilling-sårbarhed i modulet mod_rewrite.

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 2.4.25-3+deb9u8.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.4.38-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende apache2, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/apache2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4509.data" diff --git a/danish/security/2019/dsa-4510.wml b/danish/security/2019/dsa-4510.wml deleted file mode 100644 index 96d34810d30..00000000000 --- a/danish/security/2019/dsa-4510.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="c1ea0c532237ebe87381e982acdfd0b88c70ad4f" mindelta="1" -sikkerhedsopdatering - -

Nick Roessler og Rafi Rubin opdagede at IMAP- og -ManageSieve-protokolfortolkerne i mailserveren Dovecot, ikke på korrekt vis -validerede inddata (både før og efter login). En fjernangriber kunne drage -nytte af fejlen til at udløse heaphukommelsesskrivninger udenfor grænserne, -førende til informationslækager eller potentielt udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1:2.2.27-3+deb9u5.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:2.3.4.1-5+deb10u1.

- -

Vi anbefaler at du opgraderer dine dovecot-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dovecot, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/dovecot

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4510.data" diff --git a/danish/security/2019/dsa-4511.wml b/danish/security/2019/dsa-4511.wml deleted file mode 100644 index a0b973cd6ae..00000000000 --- a/danish/security/2019/dsa-4511.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="d21226457358fef6fa59f6c57dae91b796918db2" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i HTTP/2-koden i nghttp2-HTTP-serveren, hvilke -kunne medføre lammelsesangreb.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.18.1-1+deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.36.0-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine nghttp2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nghttp2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nghttp2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4511.data" diff --git a/danish/security/2019/dsa-4512.wml b/danish/security/2019/dsa-4512.wml deleted file mode 100644 index 8670dfabbc2..00000000000 --- a/danish/security/2019/dsa-4512.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="d50b12ef5d44fe40467692db9134c3576ad3e540" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i QEMU, en hurtig -processoremulator, hvilke kunne medføre lammelsesangreb, udførelse af vilkårlig -kode eller omgåelse af ACL'er.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:3.1+dfsg-8+deb10u2.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qemu, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qemu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4512.data" diff --git a/danish/security/2019/dsa-4513.wml b/danish/security/2019/dsa-4513.wml deleted file mode 100644 index b6815f40844..00000000000 --- a/danish/security/2019/dsa-4513.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="1b90d12352f7fdbd5e4f381737cade634ef6a40e" mindelta="1" -sikkerhedsopdatering - -

Stefan Metzmacher opdagede en fejl i Samba, en SMB/CIFS-fil-, print- og -loginserver til Unix. Specifikke kombinationer af parametre og rettigheder, -kunne gøre det muligt for en bruger at undslippe fra share-stidefinitionen og -se det komplette /-filsystem. Unix-rettighedskontroller i kernen -håndhæves fortsat.

- -

Flere oplysninger finder man i opstrøms bulletin på -\ -https://www.samba.org/samba/security/CVE-2019-10197.html

- -

I den stabile distribution (buster), er dette problem rettet i -version 2:4.9.5+dfsg-5+deb10u1.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende samba, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/samba

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4513.data" diff --git a/danish/security/2019/dsa-4514.wml b/danish/security/2019/dsa-4514.wml deleted file mode 100644 index b3dce2816a1..00000000000 --- a/danish/security/2019/dsa-4514.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="98c1c605e310fa261a78ba9e0db014ce48a4bc61" mindelta="1" -sikkerhedsopdatering - -

Alf-Andre Walla opdagede en fjernudløsbar assert i webacceleratoren Varnish; -afsendelse af en misdannet HTTP-forespørgsel kunne medføre lammelsesangreb.

- -

Den gamle stabile distribution (stretch) er ikke påvirket.

- -

I den stabile distribution (buster), er dette problem rettet i -version 6.1.1-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine varnish-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende varnish, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/varnish

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4514.data" diff --git a/danish/security/2019/dsa-4515.wml b/danish/security/2019/dsa-4515.wml deleted file mode 100644 index ba674ba4f3a..00000000000 --- a/danish/security/2019/dsa-4515.wml +++ /dev/null @@ -1,132 +0,0 @@ -#use wml::debian::translation-check translation="9f4968f1d9a97ff25da0334028d0e74ab7c96c32" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2019-8644 - -

    G. Geshev opdagede hukommelseskorruptionsproblemer, som kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8649 - -

    Sergei Glazunov opdagede et problem, der kunne føre til global udførelse - af skripter på tværs af servere.

    • - -
  • CVE-2019-8658 - -

    akayn opdagede et problem, der kunne føre til global udførelse af - skripter på tværs af servere.

    • - -
  • CVE-2019-8666 - -

    Zongming Wang og Zhe Jin opdagede hukommelseskorruptionsproblemer, der - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8669 - -

    akayn opdagede hukommelseskorruptionsproblemer, der kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8671 - -

    Apple opdagede hukommelseskorruptionsproblemer, der kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8672 - -

    Samuel Gross opdagede hukommelseskorruptionsproblemer, der kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8673 - -

    Soyeon Park og Wen Xu opdagede hukommelseskorruptionsproblemer, der kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8676 - -

    Soyeon Park og Wen Xu opdagede hukommelseskorruptionsproblemer, der kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8677 - -

    Jihui Lu opdagede hukommelseskorruptionsproblemer, der kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8678 - -

    An anonymous researcher, Anthony Lai, Ken Wong, Jeonghoon Shin, - Johnny Yu, Chris Chan, Phil Mok, Alan Ho og Byron Wai opdagede - hukommelseskorruptionsproblemer, der kunne føre til udførelse af vilkårlig - kode.

    • - -
  • CVE-2019-8679 - -

    Jihui Lu opdagede hukommelseskorruptionsproblemer, der kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8680 - -

    Jihui Lu opdagede hukommelseskorruptionsproblemer, der kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8681 - -

    G. Geshev opdagede hukommelseskorruptionsproblemer, der kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8683 - -

    lokihardt opdagede hukommelseskorruptionsproblemer, der kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8684 - -

    lokihardt opdagede hukommelseskorruptionsproblemer, der kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8686 - -

    G. Geshev opdagede hukommelseskorruptionsproblemer, der kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8687 - -

    Apple opdagede hukommelseskorruptionsproblemer, der kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8688 - -

    Insu Yun opdagede hukommelseskorruptionsproblemer, der kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8689 - -

    lokihardt opdagede hukommelseskorruptionsproblemer, der kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8690 - -

    Sergei Glazunov opdagede et problem, der kunne føre til global udførelse - af skripter på tværs af servere.

    • - -
- -

Der er flere oplysninger i WebKitGTK og WPE WebKit Security Advisory -WSA-2019-0004.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.24.4-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4515.data" diff --git a/danish/security/2019/dsa-4516.wml b/danish/security/2019/dsa-4516.wml deleted file mode 100644 index b584c0b9601..00000000000 --- a/danish/security/2019/dsa-4516.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="ab3dde3317e3c7f455e71d1e530d36280ef5251f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode, udførelse af -skripter på tværs af websteder, omgåelse af samme ophav-policy, undslippelse fra -sandkassen, informationsafsløring eller lammelsesangreb.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 60.9.0esr-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 60.9.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4516.data" diff --git a/danish/security/2019/dsa-4517.wml b/danish/security/2019/dsa-4517.wml deleted file mode 100644 index d008ce13772..00000000000 --- a/danish/security/2019/dsa-4517.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="d557dc27d0e6c0c155f3f7ee85e1e54ee4a59e98" mindelta="1" -sikkerhedsopdatering - -

Zerons og Qualys opdagede at et bufferoverløb, udløsbart i -TLS-forhandlingskoden i mailtransportagenten Exim, kunne medføre udførelse af -vilkårlig kode med root-rettigheder.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 4.89-2+deb9u6.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.92-8+deb10u2.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende exim4, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/exim4

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4517.data" diff --git a/danish/security/2019/dsa-4518.wml b/danish/security/2019/dsa-4518.wml deleted file mode 100644 index 6a1b6332517..00000000000 --- a/danish/security/2019/dsa-4518.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="402d50ce47bc20bacbe089dc02cfe7154385569d" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at forskellige procedurer i Ghostscript, GPL -PostScript/PDF-fortolkeren, ikke på korrekt vis begrænsede priviligerede kald, -hvilket kunne medføre omgåelse af filsystembegrænsninger i -dSAFER-sandkassen.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 9.26a~dfsg-0+deb9u5.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 9.27~dfsg-2+deb10u2.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ghostscript, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ghostscript

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4518.data" diff --git a/danish/security/2019/dsa-4519.wml b/danish/security/2019/dsa-4519.wml deleted file mode 100644 index 9239342c328..00000000000 --- a/danish/security/2019/dsa-4519.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="c7ca0a1ab69b9a860b09e5fe73e761386d8ba7fa" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at koderettelserne i LibreOffice til løsning af -\ -CVE-2019-9852, ikke var fuldstændige. Yderligere oplysninger kan findes på -.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1:5.2.7-1+deb9u11.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:6.1.5-3+deb10u4.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libreoffice, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libreoffice

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4519.data" diff --git a/danish/security/2019/dsa-4520.wml b/danish/security/2019/dsa-4520.wml deleted file mode 100644 index 45a8ed8e05e..00000000000 --- a/danish/security/2019/dsa-4520.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="d8e782567180846114733fb0dd6d88692ace0673" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i HTTP/2-koden i Apache Traffic Server, en -reverse- og forwardproxyserver, hvilke kunne medføre lammelsesangreb.

- -

Rettelserne er for omfattende til at kunne tilbageføres til versionen i den -gamle stabile distribution (stretch). I stedet anbefales det at opgradere til -Debian stable (buster).

- -

I den stabile distribution (buster), er disse problemer rettet i -version 8.0.2+ds-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine trafficserver-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende trafficserver, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/trafficserver

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4520.data" diff --git a/danish/security/2019/dsa-4521.wml b/danish/security/2019/dsa-4521.wml deleted file mode 100644 index f0303e5a866..00000000000 --- a/danish/security/2019/dsa-4521.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="47e98befc5737223dae4aac04b97842526b5c5da" mindelta="1" -sikkerhedsopdatering - -

Tre sikkerhedssårbarheder blev opdaget i Dockers containerruntime: Usikker -indlæsning af NSS-biblioteker i docker cp, kunne medføre udførelse af -vilkårlig kode med root-rettigheder, følsomme data kunne logges i debugtilstand -og der var en kommandoindsprøjtningssårbarhed i kommandoen docker -build.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 18.09.1+dfsg1-7.1+deb10u1.

- -

Vi anbefaler at du opgraderer dine docker.io-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende docker.io, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/docker.io

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4521.data" diff --git a/danish/security/2019/dsa-4522.wml b/danish/security/2019/dsa-4522.wml deleted file mode 100644 index 60bbeec8154..00000000000 --- a/danish/security/2019/dsa-4522.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="c1731de4ad0482e796a629dff9226c3538d7b0b6" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i faad2, Freeware Advanced Audio Coder. -Sårbarhederne kunne gøre det muligt for fjernangribere, at forårsage -lammelsesangreb eller potentielt udføre vilkårlig kode, hvis fabrikerede MPEG -AAC-filer blev behandlet.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 2.8.0~cvs20161113-1+deb9u2.

- -

Vi anbefaler at du opgraderer dine faad2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende faad2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/faad2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4522.data" diff --git a/danish/security/2019/dsa-4523.wml b/danish/security/2019/dsa-4523.wml deleted file mode 100644 index b0722d1978e..00000000000 --- a/danish/security/2019/dsa-4523.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="0456abbb23451d7f30489ae619f922a5e496ab38" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke potentielt -kunne medføre udførelse af vilkårlig kode, udførelse af skripter på tværs af -websteder, informationsafsløring og skjult indholdsangreb på S/MIME-kryptering -ved hjælp af en fabrikeret multipart/alternative-meddelelse.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:60.9.0-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:60.9.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4523.data" diff --git a/danish/security/2019/dsa-4524.wml b/danish/security/2019/dsa-4524.wml deleted file mode 100644 index 131a19c108c..00000000000 --- a/danish/security/2019/dsa-4524.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="3bb0f4f61da5abb5e9e806d002e619e1c8a64cd2" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i XMPP-klienten Dino, hvilke kunne gøre -det muligt at forfalske meddelelser, manipulere med en brugers kontaktliste og -uautoriseret afsendelse af meddelelseskopier.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.0.git20181129-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine dino-im-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dino-im, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/dino-im

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4524.data" diff --git a/danish/security/2019/dsa-4525.wml b/danish/security/2019/dsa-4525.wml deleted file mode 100644 index c4361e85a0a..00000000000 --- a/danish/security/2019/dsa-4525.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="8d9ce2ed95e0dd5428bb16b32cf4a2c1634c4815" mindelta="1" -sikkerhedsopdatering - -

Simon McVittie rapporterede om en fejl i ibus, Intelligent Input Bus. På -grund af en fejlopsætning under opsætningen af DBus'en, kunne enhver -upriviligeret bruger overvåge og sende metodekald til ibus-bussen tilhørende en -anden bruger, hvis vedkommende var i stand til at finde den UNIX-socket, som -blev anvendt en anden bruger forbundet via et grafisk miljø. Angriberen kunne -drage nytte af fejlen til at opsnappe offerets tastetryk eller gennem DBUS's -metodekald ændre inddata-relaterede opsætninger.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.5.14-3+deb9u2.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.5.19-4+deb10u1.

- -

Vi anbefaler at du opgraderer dine ibus-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ibus, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/ibus

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4525.data" diff --git a/danish/security/2019/dsa-4526.wml b/danish/security/2019/dsa-4526.wml deleted file mode 100644 index f2f58813cd9..00000000000 --- a/danish/security/2019/dsa-4526.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="7f4df948e9b4b013e8fa3d8bf66f33e8a1d29f1a" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at OpenDMARC, en milter-implementering af DMARC, var ramt af en -sårbarhed i forbindelse med signaturomgåelse med mange From:-adresser.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.3.2-2+deb9u2.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.3.2-6+deb10u1.

- -

Vi anbefaler at du opgraderer dine opendmarc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende opendmarc, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/opendmarc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4526.data" diff --git a/danish/security/2019/dsa-4527.wml b/danish/security/2019/dsa-4527.wml deleted file mode 100644 index ab3fda012ef..00000000000 --- a/danish/security/2019/dsa-4527.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="be1635e35282002f172c30fa3fa1e98ec34a66ca" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev fundet i PHP, et vidt udbredt og -generelt anvendeligt open source-scriptsprog: Manglende fornuftighedskontrol i -EXIF-udvidelsen og i funktionen iconv_mime_decode_headers(), kunne medføre -informationsafsløring eller lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 7.3.9-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine php7.3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.3, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4527.data" diff --git a/danish/security/2019/dsa-4528.wml b/danish/security/2019/dsa-4528.wml deleted file mode 100644 index a78ab12b9a5..00000000000 --- a/danish/security/2019/dsa-4528.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="3e1c8d5f42f45a73395755451ecb2c6855bad71c" mindelta="1" -sikkerhedsopdatering - -

Daniel McCarney opdagede at internetroutingdæmonen BIRD på ukorrekt vis -validerede RFC 8203-meddelelser i sin BGP-dæmon, medføre et -stakbufferoverløb.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.6.6-1+deb10u1. Desuden retter opdateringen en ufuldstændig -tilbagekaldelse af rettigheder samt et nedbrud, der kunne udløses via CLI'en -(sidstnævnte to fejl er også rettet i den gamle stabile distribution (stretch), -som ikke er påvirket af -\ -CVE-2019-16159).

- -

Vi anbefaler at du opgraderer dine bird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/bird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4528.data" diff --git a/danish/security/2019/dsa-4529.wml b/danish/security/2019/dsa-4529.wml deleted file mode 100644 index be6729c610e..00000000000 --- a/danish/security/2019/dsa-4529.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="979476acbf8b1401cd8ce3a975b5a2059f687c02" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev fundet i PHP, et vidt udbredt og -generelt anvendeligt open source-scriptsprog: Manglende fornuftighedskontrol i -EXIF-udvidelsen og i funktionen iconv_mime_decode_headers(), kunne medføre -informationsafsløring eller lammelsesangreb.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 7.0.33-0+deb9u5.

- -

Vi anbefaler at du opgraderer dine php7.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4529.data" diff --git a/danish/security/2019/dsa-4530.wml b/danish/security/2019/dsa-4530.wml deleted file mode 100644 index 7f3963eb8e2..00000000000 --- a/danish/security/2019/dsa-4530.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="2d8933ae77bc3fe97abdfadbda1ff1d229d2e40e" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Expat, et XML-fortolkningsbibliotek i C, ikke på korrekt vis -håndterede interne entitet som afslutter doctype, potentielt medførende -lammelsesangreb eller informationsafsløring, hvis en misdannet XML-fil blev -behandlet.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 2.2.0-2+deb9u3.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.2.6-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine expat-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende expat, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/expat

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4530.data" diff --git a/danish/security/2019/dsa-4531.wml b/danish/security/2019/dsa-4531.wml deleted file mode 100644 index 57820556c42..00000000000 --- a/danish/security/2019/dsa-4531.wml +++ /dev/null @@ -1,67 +0,0 @@ -#use wml::debian::translation-check translation="5ff7a077f0e13d9fe9cae52a517d81e9a15c05d7" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2019-14821 - -

    Matt Delco rapporterede om en kapløbstilstand i KVM's coalescede - MMIO-facilitet, hvilket kunne medføre tilgang udenfor grænserne i kernen. - En lokal angriber, med rettigheder til at tilgå /dev/kvm, kunne udnytte - fejlen til at forårsage et lammelsesangreb (hukommelseskorruption eller - nedbrud) eller muligvis itl rettighedsforøgelse.

    • - -
  • CVE-2019-14835 - -

    Peter Pi fra Tencent Blade Team opdagede en manglende grænsekontrol i - vhost_net, netværksbackenddriveren til KVM-værter, førende til et - bufferoverløb, når værten påbegyndte en livemigrering af en VM. En - angriber med kontrol over en VM, kunne udnytte fejlen til at forårsage - et lammelsesangreb (hukommelseskorruption eller nedbrud) eller muligvis - til rettighedsforøgelse på værten.

    • - -
  • CVE-2019-15117 - -

    Hui Peng og Mathias Payer rapporterede om en manglende grænsekontrol i - usb-audio-driverens kode til descriptorfortolkning, førende til en - bufferoverlæsning. En angriber, der var i stand til at tilføje USB-enheder, - kunne muligvis udnytte fejlen til at forårsage et lammelsesangreb - (nedbrud).

    • - -
  • CVE-2019-15118 - -

    Hui Peng og Mathias Payer rapporterede om ubegrænset rekursion i - usb-audio-driverens kode til descriptorfortolkning, førende til et - stakoverløb. En angriber, der var i stand til at tilføje USB-enheder, - kunne forårsage et lammelsesangreb (hukommelseskorruption eller nedbrud) - eller muligvis rettighedsforøgelse. På arkitekturen amd64, og på - arkitekturen arm64 i buster, er det løst med en guardpage i kernestakken, så - det kun er muligt at forårsage et nedbrud.

    • - -
  • CVE-2019-15902 - -

    Brad Spengler rapporterede at en tilbageførselsfejl, genindførte en - spectre-v1-sårbarhed i ptrace-undersystemet i funktionen - ptrace_get_debugreg().

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 4.9.189-3+deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.19.67-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4531.data" diff --git a/danish/security/2019/dsa-4532.wml b/danish/security/2019/dsa-4532.wml deleted file mode 100644 index 37a8568fde1..00000000000 --- a/danish/security/2019/dsa-4532.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="edfe657325314e29fd9d674bf68e6a1399e352fe" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at SPIP, en webstedsmotor til udgivelse, tillod at -uautentificerede brugere kunne ændre udgivet indhold og skrive til databasen, -udføre forespørgselsforfalskninger på tværs af websteder, samt optælle -registrerede brugere.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 3.1.4-4~deb9u3.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 3.2.4-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spip, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/spip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4532.data" diff --git a/danish/security/2019/dsa-4533.wml b/danish/security/2019/dsa-4533.wml deleted file mode 100644 index f7229cf115b..00000000000 --- a/danish/security/2019/dsa-4533.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="764f40879fe06378ede00881560b64a7832ec4a5" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at web-SSO-systemet Lemonldap::NG ikke begrænsede -OIDC-autorisationskoder til det relevante relying party.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.0.2+ds-7+deb10u2.

- -

Vi anbefaler at du opgraderer dine lemonldap-ng-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lemonldap-ng, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lemonldap-ng

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4533.data" diff --git a/danish/security/2019/dsa-4534.wml b/danish/security/2019/dsa-4534.wml deleted file mode 100644 index f56ad047c5d..00000000000 --- a/danish/security/2019/dsa-4534.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="91314767f60a71c3303788fca8a905ff30d701db" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at programmeringssproget Go accepterede og ikke normaliserede -ugyldige HTTP/1.1-headere med et mellemrum før kolonet, hvilket kunne føre til -omgåelse af filter eller forespørgselssmugling i nogle opsætninger.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.11.6-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine golang-1.11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende golang-1.11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/golang-1.11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4534.data" diff --git a/danish/security/2019/dsa-4535.wml b/danish/security/2019/dsa-4535.wml deleted file mode 100644 index 697ca90efe4..00000000000 --- a/danish/security/2019/dsa-4535.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="1c686bd599c7621300e18bc3d2d79f93da751f4d" mindelta="1" -sikkerhedsopdatering - -

Lilith fra Cisco Talos opdagede en bufferoverløbsfejl i kvotekoden, der -anvendes af e2fsck fra filsystemsværktøjerne hørende til ext2/ext3/ext4. Hvis -man kørte e2fsck på et misdannet filsystem, kunne det medføre udførelse af -vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.43.4-2+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.44.5-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine e2fsprogs-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende e2fsprogs, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/e2fsprogs

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4535.data" diff --git a/danish/security/2019/dsa-4536.wml b/danish/security/2019/dsa-4536.wml deleted file mode 100644 index 5b59d905fad..00000000000 --- a/danish/security/2019/dsa-4536.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1dc3caa7a2dc9e0f5053a4a8a0622b3a366b77b6" mindelta="1" -sikkerhedsopdatering - -

En bufferoverløbsfejl blev opdaget i Exim, en mailtransportagent. En -fjernangriber kunne drage nytte af fejlen til at forårsage et lammelsesangreb -eller potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.92-8+deb10u3.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende exim4, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/exim4

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4536.data" diff --git a/danish/security/2019/dsa-4537.wml b/danish/security/2019/dsa-4537.wml deleted file mode 100644 index f65ec132252..00000000000 --- a/danish/security/2019/dsa-4537.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="2591f3b4f3918e1e537cb6be077b0cae65335198" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at file-roller, en arkivmanager til GNOME, ikke på korrekt vis -håndterede udpakning af arkiver med et enkelt ./../ i en filsti. En -angriber, som er i stand til at fremstillet et særligt arkiv til behandling, -kunne drage nytte af fejlen til at overskrive filer, hvis en bruger trækker en -specifik fil eller map'er til en placering, som der skal udpakkes til.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 3.22.3-1+deb9u1.

- -

Vi anbefaler at du opgraderer dine file-roller-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende file-roller, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/file-roller

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4537.data" diff --git a/danish/security/2019/dsa-4538.wml b/danish/security/2019/dsa-4538.wml deleted file mode 100644 index 602eedffa2e..00000000000 --- a/danish/security/2019/dsa-4538.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="e41f5efa353b2bdd34609a011c02c9132873e041" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er fundet i implementeringen af WPA-protokollen, som findes i -wpa_supplication (station) og hostapd (accesspoint).

- -
    - -
  • CVE-2019-13377 - -

    Et timingbaseret sidekanalsangreb mod WPA3's Dragonfly-håndtryk, når der - anvendes Brainpool-kurver, kunne udnyttes af en angriber til at få fat i - adgangskoden.

    • - -
  • CVE-2019-16275 - -

    Utilstrækkelig validering af kildeadresse for nogle modtagne - Management-frames i hostapd, kunne føre til et lammelsesangreb for stationer - forbundet med et accesspoint. En angriber indenfor radioafstand af - accesspoint'et, kunne indsprøjte en særligt fremstillet uautentificeret - IEEE 802.11-frame til accesspoint'et, og dermed forårsage at forbindelsen - til forbundne stationer blev afbrudt, og krævede en ny forbindelse til - netværket.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2:2.7+git20190128+0c1e29f-6+deb10u1.

- -

Vi anbefaler at du opgraderer dine wpa-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpa, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpa

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4538.data" diff --git a/danish/security/2019/dsa-4539.wml b/danish/security/2019/dsa-4539.wml deleted file mode 100644 index e87d6a36668..00000000000 --- a/danish/security/2019/dsa-4539.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="62a641e1944c721e80cb7778920f8b8acd1602ef" mindelta="1" -sikkerhedsopdatering - -

Tre sikkerhedsproblemer blev opdaget i OpenSSL: Et timingangreb mod ECDSA, et -paddingorakel i PKCS7_dataDecode() og CMS_decrypt_set1_pkey(), og der blev -opdaget at en funktionalitet i generatoren af tilfældige tal (RNG), med den -formål at beskytte mod delt RNG-tilstand mellem forælder- og barneprocesser i -tilfælde af et fork()-systemkald, blev ikke benyttet som standard.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.1.0l-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.1.1d-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4539.data" diff --git a/danish/security/2019/dsa-4540.wml b/danish/security/2019/dsa-4540.wml deleted file mode 100644 index 425ab6933e2..00000000000 --- a/danish/security/2019/dsa-4540.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="0c9fe5faf2768484ff398d997b94857df90b5eae" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer blev opdaget i OpenSSL: Et timingangreb mod ECDSA, et -paddingorakel i PKCS7_dataDecode() og CMS_decrypt_set1_pkey().

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.0.2t-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine openssl1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl1.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssl1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4540.data" diff --git a/danish/security/2019/dsa-4541.wml b/danish/security/2019/dsa-4541.wml deleted file mode 100644 index 3454aa96743..00000000000 --- a/danish/security/2019/dsa-4541.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="e9bfb0887abebb9e360bcb75b0329ab14d8d01e8" mindelta="1" -sikkerhedsopdatering - -

Max Kellermann rapporterede om en NULL-pointerdereferencefejl i libapreq2, et -generisk Apache-forespørgselsbibliotek, som gjorde det muligt for en -fjernangriber at forårsage et lammelsesangreb mod en applikation, der anvender -biblioteket (applikationsnedbrud), hvis der blev behandlet en ugyldig -multipart-body, som optræder flere gange.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 2.13-7~deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.13-7~deb10u1.

- -

Vi anbefaler at du opgraderer dine libapreq2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libapreq2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libapreq2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4541.data" diff --git a/danish/security/2019/dsa-4542.wml b/danish/security/2019/dsa-4542.wml deleted file mode 100644 index c26de325921..00000000000 --- a/danish/security/2019/dsa-4542.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="6f7800b4562d66c25875afecfd9f8039b52eaf60" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at jackson-databind, et Java-bibliotek der anvendes til at -fortolke JSON og andre dataformater, ikke på korrekt vis validerde brugerindata -før det forsøgte deserialisering. Dermed kunne en angreb, der leverer ondsindet -fabrikeret inddata, udføre kode eller læse vilkårlige filer på serveren.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 2.8.6-1+deb9u6.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.9.8-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine jackson-databind-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende jackson-databind, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/jackson-databind

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4542.data" diff --git a/danish/security/2019/dsa-4543.wml b/danish/security/2019/dsa-4543.wml deleted file mode 100644 index 271c832521d..00000000000 --- a/danish/security/2019/dsa-4543.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="1d182b3abd199000857dae0786cf70a840908dd1" mindelta="1" -sikkerhedsopdatering - -

Joe Vennix opdagede at sudo, et program designet til at levere begrænsede -superbrugerrettigheder til specifikke brugere, når det er opsat til at tillade -at en bruger kører kommandoer som en vilkårlig bruger gennem ALL-nøgleordet i -Runas-specifikation, gjorde det muligt at køre kommandoer som root ved at -angive bruger-id'en -1 eller 4294967295. Dermed kunne en bruger med -tilstrækkelige sudo-rettigheder køre kommandoer som root, selv hvis -Runas-specifikationen eksplicit ikke tillader root-adgang.

- -

Detaljerede oplysninger findes i opstrøms bulletin på -\ -https://www.sudo.ws/alerts/minus_1_uid.html.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.8.19p1-2.1+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.8.27-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine sudo-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende sudo, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/sudo

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4543.data" diff --git a/danish/security/2019/dsa-4544.wml b/danish/security/2019/dsa-4544.wml deleted file mode 100644 index c605b8538c3..00000000000 --- a/danish/security/2019/dsa-4544.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="824bb3a694e85897a4c09b1b62e6d8ceab45f71f" mindelta="1" -sikkerhedsopdatering - -

X41 D-Sec opdagede at unbound, en validerende, rekursiv og cachende -DNS-resolver, ikke på korrekt vis behandlede nogle NOTIFY-forespørgsler. Det -kunne føre til fjernudført lammelsesangreb gennem applikationsnedbrud.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.9.0-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine unbound-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende unbound, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/unbound

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4544.data" diff --git a/danish/security/2019/dsa-4545.wml b/danish/security/2019/dsa-4545.wml deleted file mode 100644 index 796d693bcc0..00000000000 --- a/danish/security/2019/dsa-4545.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="4c9d1b69ec0ccf3d0de5b359855773a61d894458" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at funktionaliteten Special:Redirect i MediaWiki, en -webstedsmotor til samarbejde, kunne udstille undertrykte brugernavne, medførende -en informationslækage.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1:1.27.7-1~deb9u2.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:1.31.4-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mediawiki, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mediawiki

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4545.data" diff --git a/danish/security/2019/dsa-4546.wml b/danish/security/2019/dsa-4546.wml deleted file mode 100644 index 9aeccb73e0c..00000000000 --- a/danish/security/2019/dsa-4546.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="9ba16bbc6be99033df4e4ffe42ce76010f0c0ada" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, muliggørende udførelse -af skripter på tværs af websteder, lammelsesangreb, informationsafsløring eller -forgivelse af at være en Kerberos-bruger.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 11_11.0.5+10-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine openjdk-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4546.data" diff --git a/danish/security/2019/dsa-4547.wml b/danish/security/2019/dsa-4547.wml deleted file mode 100644 index d158501ffe7..00000000000 --- a/danish/security/2019/dsa-4547.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="5507dbe8667a147888144ee8dc0bf0418947c65b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i tcpdump, et kommandolinjeprogram til -analysering af netværkstrafik. Sårbarhederne kunne medføre lammelsesangreb -eller potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 4.9.3-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.9.3-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine tcpdump-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tcpdump, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tcpdump

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4547.data" diff --git a/danish/security/2019/dsa-4548.wml b/danish/security/2019/dsa-4548.wml deleted file mode 100644 index d20c40e7748..00000000000 --- a/danish/security/2019/dsa-4548.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="6193ead3fa92e7366d9ab9576913f8929138ce18" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, muliggørende udførelse -af skripter på tværs af websteder, lammelsesangreb, informationsafsløring eller -forgivelse af at være en Kerberos-bruger.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 8u232-b09-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine openjdk-8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-8, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4548.data" diff --git a/danish/security/2019/dsa-4549.wml b/danish/security/2019/dsa-4549.wml deleted file mode 100644 index 9f86de44c2a..00000000000 --- a/danish/security/2019/dsa-4549.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="a7762d7ea18afc6d77cb26d372f94053b56575af" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode, -informationsafsløring, udførelse af skripter på tværs af websteder eller -lammelsesangreb.

- -

Debian følger Firefox' udvidet support-udgivelser (ESR). Supporten af -60.x-serien er ophørt, så fra denne opdatering følger vi nu -68.x-udgivelserne.

- -

I den gamle stabile distribution (stretch), er nogle yderligere ændringer af -buildd-netværket nødvendige (for at kunne tilbyde den nye Rust-baserede -toolchain, som ESR68 kræver). Pakker vil blive gjort tilgængelige, når det er -løst.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 68.2.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4549.data" diff --git a/danish/security/2019/dsa-4550.wml b/danish/security/2019/dsa-4550.wml deleted file mode 100644 index 43a6e409706..00000000000 --- a/danish/security/2019/dsa-4550.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="826cb7fbcde2e2ebb7cd752ad98562cf7e04ed2b" mindelta="1" -sikkerhedsopdatering - -

Et bufferoverløb blev fundet i file, et værktøj til klassificering af -filtyper, hvilket kunne medføre lammelsesangreb eller potentielt udførelse af -vilkårlig kode, hvis en misdannet CDF-fil (Composite Document File) blev -behandlet.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1:5.30-1+deb9u3.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:5.35-4+deb10u1.

- -

Vi anbefaler at du opgraderer dine file-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende file, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/file

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4550.data" diff --git a/danish/security/2019/dsa-4551.wml b/danish/security/2019/dsa-4551.wml deleted file mode 100644 index 071cd81ab25..00000000000 --- a/danish/security/2019/dsa-4551.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="b1373fcfc6758f2f138df624671023f567d5391e" mindelta="1" -sikkerhedsopdatering - -

Daniel Mandragona opdagede at ugyldige offentlige DSA-nøgler kunne medføre -panik i dsa.Verify(), medførende lammelsesangreb.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.11.6-1+deb10u3.

- -

Vi anbefaler at du opgraderer dine golang-1.11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende golang-1.11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/golang-1.11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4551.data" diff --git a/danish/security/2019/dsa-4552.wml b/danish/security/2019/dsa-4552.wml deleted file mode 100644 index 713ff4ddff8..00000000000 --- a/danish/security/2019/dsa-4552.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ed685b196cba4d44fb30b79fdb9a66d81f4abcd5" mindelta="1" -sikkerhedsopdatering - -

Emil Lerner og Andrew Danau opdagede at utilstrækkelig validering i koden til -stihåndtering i PHP FPM, kunne medføre udførelse af vilkårlig kode i nogle -opsætninger.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 7.0.33-0+deb9u6.

- -

Vi anbefaler at du opgraderer dine php7.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4552.data" diff --git a/danish/security/2019/dsa-4553.wml b/danish/security/2019/dsa-4553.wml deleted file mode 100644 index 87a079e37b9..00000000000 --- a/danish/security/2019/dsa-4553.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="9ee46b7d3e02ac3f7de53a693d2fdd398e9371c3" mindelta="1" -sikkerhedsopdatering - -

Emil Lerner og Andrew Danau opdagede at utilstrækkelig validering i koden til -stihåndtering i PHP FPM, kunne medføre udførelse af vilkårlig kode i nogle -opsætninger.

- -

I den stabile distribution (buster), er dette problem rettet i -version 7.3.11-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine php7.3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.3, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4553.data" diff --git a/danish/security/2019/dsa-4554.wml b/danish/security/2019/dsa-4554.wml deleted file mode 100644 index b9d0b2dbf60..00000000000 --- a/danish/security/2019/dsa-4554.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="17e6ef0aedb57c73f48ac93cbcf2391e133c41c8" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ruby-loofah, et generelt bibliotek til manipulering og -forandring af HTML-/XML-dokumenter og -fragmenter, var sårbar over for -udførelse af skripter på tværs af websteder.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 2.0.3-2+deb9u3.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.2.3-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine ruby-loofah-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-loofah, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-loofah

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4554.data" diff --git a/danish/security/2019/dsa-4555.wml b/danish/security/2019/dsa-4555.wml deleted file mode 100644 index f9c6886d47b..00000000000 --- a/danish/security/2019/dsa-4555.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="72b5a29db220141c13b2e15f6d1be16ae48d1fdf" mindelta="1" -sikkerhedsopdatering - -

Malte Kraus opdagede at libpam-python, et PAM-modul som muliggør at -PAM-moduler kan skrives i Python, ikke fornuftighedskontrollerede -miljøvariabler, hvilket kunne medføre lokal rettighedsforøgelse, hvis anvendt -med en binær fil som er setuid'et.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.0.6-1.1+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.0.6-1.1+deb10u1.

- -

Vi anbefaler at du opgraderer dine pam-python-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pam-python, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pam-python

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4555.data" diff --git a/danish/security/2019/dsa-4556.wml b/danish/security/2019/dsa-4556.wml deleted file mode 100644 index 4f93f202359..00000000000 --- a/danish/security/2019/dsa-4556.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="12a69593b8a0e4a988d844f2ea36f23eb7c4a7d8" mindelta="1" -sikkerhedsopdatering - -

En hukommelsestilgang udenfor grænserne blev opdaget i Qt-biblioteket, -hvilket kunne medføre lammelsesangreb gennem en tekstfil indeholdende mange -retningstegn.

- -

Den gamle stabile distribution (stretch) is not affected.

- -

I den stabile distribution (buster), er dette problem rettet i -version 5.11.3+dfsg1-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine qtbase-opensource-src-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qtbase-opensource-src, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qtbase-opensource-src

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4556.data" diff --git a/danish/security/2019/dsa-4557.wml b/danish/security/2019/dsa-4557.wml deleted file mode 100644 index a09e67660c5..00000000000 --- a/danish/security/2019/dsa-4557.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5f4f92ff45c586b386b386dc79214e5978d768e7" mindelta="1" -sikkerhedsopdatering - -

En anvendelse efter frigivelse blev fundet i libarchive, et bibliotek der -understøtter mange arkiveringsformater, hvilket kunne medføre lammelsesangreb og -potentielt udførelse af vilkårlig kode, hvis et misdannet arkiv blev -behandlet.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 3.2.2-2+deb9u2.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.3.3-4+deb10u1.

- -

Vi anbefaler at du opgraderer dine libarchive-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libarchive, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libarchive

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4557.data" diff --git a/danish/security/2019/dsa-4558.wml b/danish/security/2019/dsa-4558.wml deleted file mode 100644 index 3d0a64aa878..00000000000 --- a/danish/security/2019/dsa-4558.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="122cd4d0371114e8cb5f8eb2f4d7b3d228204e1e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2019-8625 - -

    Sergei Glazunov opdagede at ondsindet fremstillet webindhold kunne føre - til universel udførelse af skripter på tværs af servere.

    • - -
  • CVE-2019-8720 - -

    Wen Xu opdagede at ondsindet fremstillet webindhold kunne føre til - udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8769 - -

    Pierre Reimertz opdagede at besøg på et ondsindet fremstillet websted - kunne afsløre browserhistorik.

    • - -
  • CVE-2019-8771 - -

    Eliya Stein opdagede at ondsindet fremstillet webindhold kunne overtræde - iframe-sandkasse-regler.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.26.1-3~deb10u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4558.data" diff --git a/danish/security/2019/dsa-4559.wml b/danish/security/2019/dsa-4559.wml deleted file mode 100644 index 5c15bba4529..00000000000 --- a/danish/security/2019/dsa-4559.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="12b7e90602cd5c473864d880b87e4a67b94c67d1" mindelta="1" -sikkerhedsopdatering - -

Stephan Zeisberg opdagede at manglende fornuftighedskontrol af inddata i -ProFTPD, en FTP-/SFTP-/FTPS-server, kunne medføre lammelsesangreb gennem en -uendelig løkke.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.3.5b-4+deb9u2.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.3.6-4+deb10u2.

- -

Vi anbefaler at du opgraderer dine proftpd-dfsg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende proftpd-dfsg, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/proftpd-dfsg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4559.data" diff --git a/danish/security/2019/dsa-4560.wml b/danish/security/2019/dsa-4560.wml deleted file mode 100644 index 8e059e14f5f..00000000000 --- a/danish/security/2019/dsa-4560.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="38a4027b3a627340890c62d9540431aedc0a25e5" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at det var muligt i SimpleSAMLphp, en implementering af SAML -2.0-protokollen, at omgå XML-signaturverifikation af SAML-meddelelser.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.14.11-1+deb9u2.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.16.3-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine simplesamlphp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende simplesamlphp, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/simplesamlphp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4560.data" diff --git a/danish/security/2019/dsa-4561.wml b/danish/security/2019/dsa-4561.wml deleted file mode 100644 index bb43cd7e62b..00000000000 --- a/danish/security/2019/dsa-4561.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="6286cf953c8e8e38255f3121c0edf3daa3904692" mindelta="1" -sikkerhedsopdatering - -

Alex Murray opdagede en stakbaseret bufferoverløbssårbarhed i fribidi, en -implementering af algoritmen Unicode Bidirectional Algorithm, hvilken kunne -medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode, når der -blev behandlet et stort antal unicode isolate directional-tegn.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.0.5-3.1+deb10u1.

- -

Vi anbefaler at du opgraderer dine fribidi-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende fribidi, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/fribidi

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4561.data" diff --git a/danish/security/2019/dsa-4562.wml b/danish/security/2019/dsa-4562.wml deleted file mode 100644 index fab9b7674e3..00000000000 --- a/danish/security/2019/dsa-4562.wml +++ /dev/null @@ -1,299 +0,0 @@ -#use wml::debian::translation-check translation="760d05261a5f3ebd0572961cf16b78a849bea91a" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2019-5869 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-5870 - -

    Guang Gong opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-5871 - -

    Et bufferoverløbsproblem blev opdaget i biblioteket skia.

    • - -
  • CVE-2019-5872 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-5874 - -

    James Lee opdagede et problem med eksterne Uniform Resource Identifiers.

    • - -
  • CVE-2019-5875 - -

    Khalil Zhani opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2019-5876 - -

    Man Yue Mo opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-5877 - -

    Guang Gong opdagede et problem med læsning udenfor grænserne.

    • - -
  • CVE-2019-5878 - -

    Guang Gong opdagede et problem med anvendelse efter frigivelse i JavaScript-biblioteket v8.

    • - -
  • CVE-2019-5879 - -

    Jinseo Kim opdagede at udvidelser kunne læse filer på det lokale system.

    • - -
  • CVE-2019-5880 - -

    Jun Kokatsu opdagede en måde at omgå SameSite-cookiefunktionen på.

    • - -
  • CVE-2019-13659 - -

    Lnyas Zhang opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2019-13660 - -

    Wenxu Wu opdagede en brugergrænsefejl i fuldskærmstilstand.

    • - -
  • CVE-2019-13661 - -

    Wenxu Wu opdagede et problem med forfalskning af brugerfladen i fuldskærmstilstand.

    • - -
  • CVE-2019-13662 - -

    David Erceg opdagede en måde at omgå Content Security Policy på.

    • - -
  • CVE-2019-13663 - -

    Lnyas Zhang opdagede en måde at forfalske Internationalized Domain Names på.

    • - -
  • CVE-2019-13664 - -

    Thomas Shadwell opdagede en måde at omgå SameSite-cookiefunktionaliteten på.

    • - -
  • CVE-2019-13665 - -

    Jun Kokatsu opdagede en måde at omgå beskyttelsesfunktionalitetens download af flere filer.

    • - -
  • CVE-2019-13666 - -

    Tom Van Goethem opdagede en informationslækage.

    • - -
  • CVE-2019-13667 - -

    Khalil Zhani opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2019-13668 - -

    David Erceg opdagede en informationslækage.

    • - -
  • CVE-2019-13669 - -

    Khalil Zhani opdagede et problem med autentifikationsforfalskning.

    • - -
  • CVE-2019-13670 - -

    Guang Gong opdagede et hukommelseskorruptionsproblem i JavaScript-biblioteket v8.

    • - -
  • CVE-2019-13671 - -

    xisigr opdagede en brugergrænsefladefejl.

    • - -
  • CVE-2019-13673 - -

    David Erceg opdagede en informationslækage.

    • - -
  • CVE-2019-13674 - -

    Khalil Zhani opdagede en måde at forfalske Internationalized Domain Names på.

    • - -
  • CVE-2019-13675 - -

    Jun Kokatsu opdagede en måde at deaktivere udvidelser på.

    • - -
  • CVE-2019-13676 - -

    Wenxu Wu opdagede en fejl i i en certifikatadvarsel.

    • - -
  • CVE-2019-13677 - -

    Jun Kokatsu opdagede en fejl i chromes weblager.

    • - -
  • CVE-2019-13678 - -

    Ronni Skansing opdagede et forfalskningsproblem i downloaddialogens vindue.

    • - -
  • CVE-2019-13679 - -

    Conrad Irwin opdagede at brugeraktivering ikke var krævet ved udskrift.

    • - -
  • CVE-2019-13680 - -

    Thijs Alkamade opdagede et problem med forfalskning af en IP-adresse.

    • - -
  • CVE-2019-13681 - -

    David Erceg opdagede en måde at omgå downloadbegrænsninger på.

    • - -
  • CVE-2019-13682 - -

    Jun Kokatsu opdagede en måde at omgå webstedsisolationsfunktionaliteten på.

    • - -
  • CVE-2019-13683 - -

    David Erceg opdagede en informationslækage.

    • - -
  • CVE-2019-13685 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-13686 - -

    Brendon opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-13687 - -

    Man Yue Mo opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-13688 - -

    Man Yue Mo opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-13691 - -

    David Erceg opdagede et problem med forfalskning af brugerfladen.

    • - -
  • CVE-2019-13692 - -

    Jun Kokatsu opdagede en måde at omgå Same Origin Policy på.

    • - -
  • CVE-2019-13693 - -

    Guang Gong opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-13694 - -

    banananapenguin opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-13695 - -

    Man Yue Mo opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-13696 - -

    Guang Gong opdagede et problem med anvendelse efter frigivelse in the v8 javascript library.

    • - -
  • CVE-2019-13697 - -

    Luan Herrera opdagede en informationslækage.

    • - -
  • CVE-2019-13699 - -

    Man Yue Mo opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-13700 - -

    Man Yue Mo opdagede et bufferoverløbsproblem.

    • - -
  • CVE-2019-13701 - -

    David Erceg opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2019-13702 - -

    Phillip Langlois og Edward Torkington opdagede et rettighedsforøgelsesproblem i installeringsprogrammet.

    • - -
  • CVE-2019-13703 - -

    Khalil Zhani opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2019-13704 - -

    Jun Kokatsu opdagede en måde at omgå Content Security Policy på.

    • - -
  • CVE-2019-13705 - -

    Luan Herrera opdagede en måde at omgå udvidelsers rettigheder på.

    • - -
  • CVE-2019-13706 - -

    pdknsk opdagede et problem med læsning udenfor grænserne in the pdfium library.

    • - -
  • CVE-2019-13707 - -

    Andrea Palazzo opdagede en informationslækage.

    • - -
  • CVE-2019-13708 - -

    Khalil Zhani opdagede et problem med autentifikationsforfalskning.

    • - -
  • CVE-2019-13709 - -

    Zhong Zhaochen opdagede en måde at omgå downloadbegrænsninger på.

    • - -
  • CVE-2019-13710 - -

    bernardo.mrod opdagede en måde at omgå downloadbegrænsninger på.

    • - -
  • CVE-2019-13711 - -

    David Erceg opdagede en informationslækage.

    • - -
  • CVE-2019-13713 - -

    David Erceg opdagede en informationslækage.

    • - -
  • CVE-2019-13714 - -

    Jun Kokatsu opdagede et problem med Cascading Style Sheets.

    • - -
  • CVE-2019-13715 - -

    xisigr opdagede et problem med URL-forfalskning.

    • - -
  • CVE-2019-13716 - -

    Barron Hagerman opdagede en fejl i service worker-implementeringen.

    • - -
  • CVE-2019-13717 - -

    xisigr opdagede et problem med forfalskning af brugerfladen.

    • - -
  • CVE-2019-13718 - -

    Khalil Zhani opdagede en måde at forfalske Internationalized Domain Names på.

    • - -
  • CVE-2019-13719 - -

    Khalil Zhani opdagede et problem med forfalskning af brugerfladen.

    • - -
  • CVE-2019-13720 - -

    Anton Ivanov og Alexey Kulaev opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-13721 - -

    banananapenguin opdagede et problem med anvendelse efter frigivelse i biblioteket pdfium.

    • - -
- -

I den gamle stabile distribution (stretch), er understøttelsen af chromium -ophørt. Opgrader til den stabile udgivelse (buster) for fortsat at modtage -opdatering af chromium, eller skift til firefox, der fortsat er understøttet i -den gamle stabile udgivelse.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 78.0.3904.97-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4562.data" diff --git a/danish/security/2019/dsa-4563.wml b/danish/security/2019/dsa-4563.wml deleted file mode 100644 index a87b50addbd..00000000000 --- a/danish/security/2019/dsa-4563.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="b6e08a2f2188ab1bf8b75fba4f8f2d9861f035e4" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder blev opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2019-8812 - -

    En anonym efterforsker opdagede at ondsindet fremstillet webindhold kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8814 - -

    Cheolung Lee opdagede at ondsindet fremstillet webindhold kunne føre til - udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.26.2-1~deb10+1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4563.data" diff --git a/danish/security/2019/dsa-4564.wml b/danish/security/2019/dsa-4564.wml deleted file mode 100644 index 0a6e4b94f6f..00000000000 --- a/danish/security/2019/dsa-4564.wml +++ /dev/null @@ -1,109 +0,0 @@ -#use wml::debian::translation-check translation="0cc922cd661d77cfeed7f482bce1cfba75c197ae" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækage.

- -
    - -
  • CVE-2018-12207 - -

    Man opdagede at på Intel-CPU'er, der undersøtter hardwarevirtualisering - med Extended Page Tables (EPT), kunne en gæste-VM manipulere - hukommelseshåndteringshardware medførende en Machine Check Error (MCE) og - lammelsesangreb (hængende system eller nedbrud).

    - -

    Gæsten kunne udløse fejlen ved at ændre sidetabeller uden en TLB-flush, - således at både 4 KB- og 2 MB-registreringer på den samme virtuelle adresse, - blev indlæst i instruktion-TLB'en (iTLB). Denne opdatering implementerer en - afhjælpelse i KVM, som forhindrer gæste-VM'er i at indlæse 2 - MB-registreringer i iTLB'en. Det reducerer gæste-VM'ers ydeevne.

    - -

    Yderligere oplysninger om afhjælpelsen, finder man på - - eller i pakkerne linux-doc-4.9 eller linux-doc-4.19.

    - -

    En qemu-opdatering, som tilføjer understøttelse af funktionaliten - PSCHANGE_MC_NO feature, som gør det muligt at deaktivere iTLB - Multihit-afhjælpelser i indlejrede hypervisorer, gøres tilgængelig via DSA - 4566-1.

    - -

    Intels redegørelse for problemet finder man på - .

    • - -
  • CVE-2019-0154 - -

    Intel opdagede at i deres 8. og 9. generation-CPU'er, kunne læsning af - visse registre, mens GPU'en er i lavt strømforbrug-tilstand, medføre at - systemet hænger. En lokal bruger, med rettigheder til at anvende GPU'en, - kunne udnytte fejlen til lammelsesangreb.

    - -

    Denne opdatering afhjælper problemet ved hjælp af ændringer i - i915-driveren.

    - -

    De påvirkede chips (gen8 og gen9) er opremset på - .

    • - -
  • CVE-2019-0155 - -

    Intel opdagede at i deres 9. generation- og nyere CPU'er, manglende der - et sikkerhedstjek i Blitter Command Streamer (BCS). En lokal bruger med - rettigheder til at anvende GPU'en, kunne anvende fejlen til at tilgå enhver - hukommelsesadresse, som GPU'en har adgang til, hvilket kunne medføre - lammelsesangreb (hukommelseskorruption eller nedbrud), lækage af følsomme - oplysninger eller rettighedsforøgelse.

    - -

    Denne opdatering afhjælper problemet ved at tilføje sikkerhedstjekket i - i915-driveren.

    - -

    De påvirkede chips (gen9 og senere) er opremset på - .

    • - -
  • CVE-2019-11135 - -

    Man opdagede at i Intel-CPU'er, der understøtter transaktionshukommelse - (TSX), kunne en transaktion, som vil blive afbrudt, fortsætte med at at - blive udført spekulativt, læsende følsomme data fra interne buffere og lække - dem gennem afhængige handlinger. Intel kalder det TSX Asynchronous - Abort (TAA).

    - -

    CPU'er påvirket af det tidligere offentliggjorte Microarchitectural Data - Sampling-problemer (MDS) - (CVE-2018-12126, - CVE-2018-12127, - CVE-2018-12130, - CVE-2019-11091), - løser eksisterende hjælpelser også dette problem.

    - -

    For processorer, der er sårbare over for TAA, men ikke MDS, deaktiveres - TSX som standard med denne opdatering. Afhjælpelsen kræver opdateret - CPU-mikrokode. En opdateret pakke med intel-microcode (kun tilgængelig i - Debian-non-free) vil blive stillet til rådighed via DSA 4565-1. Den - opdaterede CPU-mikrokode kan også være tilgængelig som en del af en - opdatering af systemets firmware (BIOS).

    - -

    Yderligere oplysninger om hjælpelsen finder man på - - eller i pakkerne linux-doc-4.9 eller linux-doc-4.19.

    - -

    Intels redegørelse for problemet finder man på - .

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 4.9.189-3+deb9u2.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.19.67-2+deb10u2.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4564.data" diff --git a/danish/security/2019/dsa-4565.wml b/danish/security/2019/dsa-4565.wml deleted file mode 100644 index 0ae18601da6..00000000000 --- a/danish/security/2019/dsa-4565.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="45bbfa11bc27bcea1ec2a28b213e086f5b18be60" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering indeholder opdateret CPU-mikrokode til nogle typer af -Intel-CPU'er. I særdeleshed er der tale om afhjælpelser af TAA-sårbarheden (TSX -Asynchronous Abort). For helt af afhjælpe sårbarheden på påvirkede CPU'er, er -det også nødvendigt at opdatere Linux-kernepakkerne, der er udgivet som DSA -4564-1.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 3.20191112.1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 3.20191112.1~deb10u1.

- -

Vi anbefaler at du opgraderer dine intel-microcode-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende intel-microcode, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/intel-microcode

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4565.data" diff --git a/danish/security/2019/dsa-4566.wml b/danish/security/2019/dsa-4566.wml deleted file mode 100644 index e5ef0e9c239..00000000000 --- a/danish/security/2019/dsa-4566.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="771af82940577334ab5d15e6b8037ed647902c1a" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering af QEMU, en hurtig processoremulator, tilbagefører -understøttelse af at CPU-flaget pschange-mc-no kan gennemstilles. Den -virtualiserede MSR, som en gæst kan se, er opsat til at vise fejlen som -rettet, hvilket gør det muligt at deaktivere iTLB Multihit-afhjælpelser -i indlejrede hypervisorer (jf. DSA 4564-1).

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:3.1+dfsg-8+deb10u3.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qemu, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/qemu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4566.data" diff --git a/danish/security/2019/dsa-4567.wml b/danish/security/2019/dsa-4567.wml deleted file mode 100644 index d48cd07c970..00000000000 --- a/danish/security/2019/dsa-4567.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="648ff72f6ffd3349cfdce3e4231f45386fc97aa0" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at vhost-PMD'en i DPDK, et sæt biblioteker til hurtig behandling -af pakker, var påvirket af hukommelses- og fildescriptorlækager, hvilke kunne -medføre lammelsesangreb.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 16.11.9-1+deb9u2.

- -

I den stabile distribution (buster), er dette problem rettet i -version 18.11.2-2+deb10u2.

- -

Vi anbefaler at du opgraderer dine dpdk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dpdk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/dpdk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4567.data" diff --git a/danish/security/2019/dsa-4568.wml b/danish/security/2019/dsa-4568.wml deleted file mode 100644 index 3b8218e2fc8..00000000000 --- a/danish/security/2019/dsa-4568.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="82b298d8baf108aa4e5fd50bb44362370b794adc" mindelta="1" -sikkerhedsopdatering - -

Rich Mirch opdagede at skriptet pg_ctlcluster ikke smed rettigheder når der -blev oprettet midlertidige socket-/statistics-mapper, hvilket kunne medføre -lokal rettighedsforøgelse.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 181+deb9u3.

- -

I den stabile distribution (buster), er dette problem rettet i -version 200+deb10u3.

- -

Vi anbefaler at du opgraderer dine postgresql-common-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende postgresql-common, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/postgresql-common

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4568.data" diff --git a/danish/security/2019/dsa-4569.wml b/danish/security/2019/dsa-4569.wml deleted file mode 100644 index f9702a48baf..00000000000 --- a/danish/security/2019/dsa-4569.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="b8b00bff47207c34c4758856b55dada46b60eea2" mindelta="1" -sikkerhedsopdatering - -

Manfred Paul og Lukas Schauer rapporterede at proceduren .charkeys i -Ghostscript, den GPL-licenserede PostScript-/PDF-fortolker, ikke på korrekt vis -begrænsede priviligerede kald, hvilket kunne medføre omgåelse af -filsystemsbegrænsninger op dSAFER-sandkassen.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 9.26a~dfsg-0+deb9u6.

- -

I den stabile distribution (buster), er dette problem rettet i -version 9.27~dfsg-2+deb10u3.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ghostscript, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ghostscript

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4569.data" diff --git a/danish/security/2019/dsa-4570.wml b/danish/security/2019/dsa-4570.wml deleted file mode 100644 index 6d0a2ab24b8..00000000000 --- a/danish/security/2019/dsa-4570.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="94483780a4ee5447d63c7ccf6a51a1500ca3edf0" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i mosquitto, en messagebroker som er kompatibel med -MQTT version 3.1/3.1.1, hvilken gjorde det muligt for en ondsindet MQTT-klient, -at forårsage et lammelsesangreb (stakoverløb med dæmonnedbrud), ved at sende en -særligt fremstillet SUBSCRIBE-pakke, indeholdende et emne med et ekstremt dybt -hierrarki.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.5.7-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine mosquitto-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mosquitto, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mosquitto

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4570.data" diff --git a/danish/security/2019/dsa-4571.wml b/danish/security/2019/dsa-4571.wml deleted file mode 100644 index 3ce666859b8..00000000000 --- a/danish/security/2019/dsa-4571.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="60422bd0c097175d65df54198ba0c43ce4827c17" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke potentielt -kunne føre til udførelse af villkårlig kode eller lammelsesangreb.

- -

Debian følger opstrømsudgivelserne af Thunderbird. Understøttelse af -60.x-serien er ophørt, så begyndende med denne opdatering, følger vi nu -68.x-udgivelserne.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1:68.2.2-1~deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:68.2.2-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4571.data" diff --git a/danish/security/2019/dsa-4572.wml b/danish/security/2019/dsa-4572.wml deleted file mode 100644 index 33f56471aaf..00000000000 --- a/danish/security/2019/dsa-4572.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="137e4da6051203d226eeef60c621df2dce3a99c0" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Simple Linux Utility for Resource Management (SLURM), et -system til håndtering og jobplanlægning af klyngeressourcer, ikke indkapslede -strenge ved import af en arkivfil til backend'en accounting_storage/mysql, -hvilket kunne medføre SQL-indsprøjtning.

- -

I den stabile distribution (buster), er dette problem rettet i -version 18.08.5.2-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine slurm-llnl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende slurm-llnl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/slurm-llnl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4572.data" diff --git a/danish/security/2019/dsa-4573.wml b/danish/security/2019/dsa-4573.wml deleted file mode 100644 index b67178927f8..00000000000 --- a/danish/security/2019/dsa-4573.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="21677aab7abaa5aba8cdae17e68bc66f39e97357" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er fundet i Symfony PHP framework, hvilke kunne føre -til timingangreb/informationslækage, parameterindsprøjtning og udførelse af kode -gennem afserialisering.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 2.8.7+dfsg-1.3+deb9u3.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 3.4.22+dfsg-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine symfony-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende symfony, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/symfony

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4573.data" diff --git a/danish/security/2019/dsa-4574.wml b/danish/security/2019/dsa-4574.wml deleted file mode 100644 index eef98f62fc7..00000000000 --- a/danish/security/2019/dsa-4574.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="a9d7dc155ea549b91437b73d3bb84bd32f16da90" mindelta="1" -sikkerhedsopdatering - -

Holger Just opdagede en SQL-indsprøjtningssårbarhed i Redmine, en -webapplikation til projektmanagement. Desuden blev et problem i forbindelse med -udførelse af skripter på tværs af websteder fundet i Textile-formateringen.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 3.3.1-4+deb9u3.

- -

Vi anbefaler at du opgraderer dine redmine-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende redmine, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/redmine

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4574.data" diff --git a/danish/security/2019/dsa-4575.wml b/danish/security/2019/dsa-4575.wml deleted file mode 100644 index c49bea4a953..00000000000 --- a/danish/security/2019/dsa-4575.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="1975c9db16f264b28b074f2173a6bcda403cd1f1" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2019-13723 - -

    Yuxiang Li opdagede et problem med anvendelse efter frigivelse i - bluetoothservicen.

    • - -
  • CVE-2019-13724 - -

    Yuxiang Li opdagede et problem med læsning udenfor grænserne i - bluetoothservicen.

    • - -
- -

I den gamle stabile distribution (stretch), security support for the chromium -package has been discontinued.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 78.0.3904.108-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4575.data" diff --git a/danish/security/2019/dsa-4576.wml b/danish/security/2019/dsa-4576.wml deleted file mode 100644 index 49ee7c1b4d3..00000000000 --- a/danish/security/2019/dsa-4576.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a3e9011061fe14746edd52c7a1e14d8c89ba439b" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med skrivning udenfor grænserne, blev opdaget i -php-imagick, en PHP-udvidelse til oprettelse og ændring af billeder ved hjælp af -ImageMagicks API, hvilket kunne medføre lammelsesangreb eller potentielt -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 3.4.3~rc2-2+deb9u1.

- -

Vi anbefaler at du opgraderer dine php-imagick-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php-imagick, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php-imagick

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4576.data" diff --git a/danish/security/2019/dsa-4577.wml b/danish/security/2019/dsa-4577.wml deleted file mode 100644 index 8357c9df37c..00000000000 --- a/danish/security/2019/dsa-4577.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="aa85f70dae1f544aa3a41633fcaa9e4c231b3548" mindelta="1" -sikkerhedsopdatering - -

Tim Düsterhus opdagede at haproxy, en reverse TCP-/HTTP-proxy, ikke på -korrekt vis fornuftighedskontrollerede HTTP-header, ved konvertering fra HTTP/2 -til HTTP/1. Det kunne gøre det muligt for en fjernbruger, at iværksætte -CRLF-indsprøjtning.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.8.19-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine haproxy-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende haproxy, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/haproxy

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4577.data" diff --git a/danish/security/2019/dsa-4578.wml b/danish/security/2019/dsa-4578.wml deleted file mode 100644 index 18fb49b6901..00000000000 --- a/danish/security/2019/dsa-4578.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="d9f28d597b792649fe587d865a643263d9c0a3bd" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev fundet i multimediebiblioteket libvpx, -hvilke kunne medføre lammelsesangreb og potentielt udførelse af vilkårlig kode, -hvis misdannede WebM-filer blev behandlet.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.6.1-3+deb9u2.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.7.0-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine libvpx-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libvpx, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libvpx

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4578.data" diff --git a/danish/security/2019/dsa-4579.wml b/danish/security/2019/dsa-4579.wml deleted file mode 100644 index 34df5d35dff..00000000000 --- a/danish/security/2019/dsa-4579.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="22917e527177fdfaccbe319ac11e4e591fe492f8" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i NSS, et sæt af kryptografiske biblioteker, -hvilke kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig -kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2:3.42.1-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nss, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nss

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4579.data" diff --git a/danish/security/2019/dsa-4580.wml b/danish/security/2019/dsa-4580.wml deleted file mode 100644 index 75500e9f5a4..00000000000 --- a/danish/security/2019/dsa-4580.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="1d6c487247b8ca7c8917eb22b2aea23d31765e27" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 68.3.0esr-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 68.3.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4580.data" diff --git a/danish/security/2019/dsa-4581.wml b/danish/security/2019/dsa-4581.wml deleted file mode 100644 index 983f34f4b17..00000000000 --- a/danish/security/2019/dsa-4581.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="70be9894f7f65be4520c817dfd389d2ee7c87f04" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i git, et hurtigt, skalerbart og distribueret -versionsstyringssystem.

- -
    - -
  • CVE-2019-1348 - -

    Der blev rapporteret af valgmuligheden --export-marks tilhørende git - fast-import, også blev udstilet gennem in-stream-kommandofunktionaliteten - export-marks=..., hvilket gjorde det muligt at overskrive vilkårlige - stier.

    • - -
  • CVE-2019-1387 - -

    Man opdagede at submodule-navne ikke blev valideret tilstrækkeligt - strikst, hvilket muliggjorde målrettede angreb gennem fjernudførelse af - kode, når der blev dannet rekursive kloner.

    • - -
  • CVE-2019-19604 - -

    Joern Schneeweisz rapportered eom en sårbarhed, hvor en rekursiv klone - efterfulgt af opdatering af et submodule, kunne udføre kode indeholdt i - arkivet, uden at brugeren eksplicit havde bedt om det. Det er nu ikke - længere tilladt at .gitmodules indeholder registreringer som - opsætter submodule.<name>.update=!command.

    • - -
- -

Desuden løser denne opdatering et antal sikkerhedsproblemer, som kun er et -problem hvis git afvikles på et NTFS-filsystem -(CVE-2019-1349, -CVE-2019-1352 og -CVE-2019-1353).

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:2.11.0-3+deb9u5.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:2.20.1-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine git-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende git, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/git

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4581.data" diff --git a/danish/security/2019/dsa-4582.wml b/danish/security/2019/dsa-4582.wml deleted file mode 100644 index c6ea7fc32c5..00000000000 --- a/danish/security/2019/dsa-4582.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="1805cdfc5bb13a0344534933964b35950f37b42d" mindelta="1" -sikkerhedsopdatering - -

Adskillige problemer i forbindelse med udførelse af skripter på tværs af -websteder og forfalskning af forespørgsler blev opdaget i DAViCal CalDAV -Server.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.1.5-1+deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.1.8-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine davical-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende davical, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/davical

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4582.data" diff --git a/danish/security/2019/dsa-4583.wml b/danish/security/2019/dsa-4583.wml deleted file mode 100644 index 4fa04a09931..00000000000 --- a/danish/security/2019/dsa-4583.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="add2c354d4048bff1caa9e7e9ab5fd4711d2cf3d" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i udgivelsessystemet SPIP, hvilken kunne medføre at -forfattere kunne skrive uautoriseret til databasen.

- -

Den gamle stabile distribution (stretch) er ikke påvirket.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.2.4-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spip, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/spip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4583.data" diff --git a/danish/security/2019/dsa-4584.wml b/danish/security/2019/dsa-4584.wml deleted file mode 100644 index 89f4bce3cde..00000000000 --- a/danish/security/2019/dsa-4584.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="be70261454371a10eda4db4df697e3ff80e95b74" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i spamassassin, et Perl-baseret spamfilter, som -anvender tekstanalyse.

- -
    - -
  • CVE-2018-11805 - -

    Ondsindede regel- og opsætningsfiler, muligvis hentet fra en - opdateringsserver, kunne udføre vilkårlige kommandoer i en række - tilfælde.

    • - -
  • CVE-2019-12420 - -

    Særligt fremstillede mulitpart-meddelelser kunne medføre at spamassassin - brugte alt for mange ressourcer, medførende lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 3.4.2-1~deb9u2.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 3.4.2-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine spamassassin-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spamassassin, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/spamassassin

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4584.data" diff --git a/danish/security/2019/dsa-4585.wml b/danish/security/2019/dsa-4585.wml deleted file mode 100644 index 25b87cafd60..00000000000 --- a/danish/security/2019/dsa-4585.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="96cc70c332b480ca413d25d5ea30e55f6f1eaae5" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke potentielt -kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:68.3.0-2~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:68.3.0-2~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4585.data" diff --git a/danish/security/2019/dsa-4586.wml b/danish/security/2019/dsa-4586.wml deleted file mode 100644 index 12efc209e10..00000000000 --- a/danish/security/2019/dsa-4586.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="fe7a9c4114dfb923fc5e6bf04150e3dc3482a0e5" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i fortolkeren af Ruby-sproget, hvilke kunne -medføre uautoriseret adgang ved at omgå tilsigtede sti-match, lammelsesangreb -eller udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.5.5-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine ruby2.5-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby2.5, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/ruby2.5

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4586.data" diff --git a/danish/security/2019/dsa-4587.wml b/danish/security/2019/dsa-4587.wml deleted file mode 100644 index ea6373e85c9..00000000000 --- a/danish/security/2019/dsa-4587.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b4c714c22a33415dcea3a5208ae0bc6f09c4ebe8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i fortolkeren af Ruby-sproget, hvilke kunne -medføre uautoriseret adgang ved at omgå tilsigtede sti-match, lammelsesangreb -eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 2.3.3-1+deb9u7.

- -

Vi anbefaler at du opgraderer dine ruby2.3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby2.3, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/ruby2.3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4587.data" diff --git a/danish/security/2019/dsa-4588.wml b/danish/security/2019/dsa-4588.wml deleted file mode 100644 index 09479d1a878..00000000000 --- a/danish/security/2019/dsa-4588.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="fd5cf2fc0633cd70b5c718df841025bd8ad4c7d6" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at python-ecdsa, et kryptografisk signatur-bibliotek til Python, -håndterede visse signaturer på ukorrekt vis. En fjernangriber kunne udnytte -problemet til at forårsage at python-ecdsa enten ikke advarede om ukorrekte -signaturer eller genererede exceptions, medførende et lammelsesangreb.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 0.13-2+deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.13-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine python-ecdsa-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-ecdsa, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-ecdsa

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4588.data" diff --git a/danish/security/2019/dsa-4589.wml b/danish/security/2019/dsa-4589.wml deleted file mode 100644 index 55d8dce8291..00000000000 --- a/danish/security/2019/dsa-4589.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="75f72653f09f3b9a1c1b3b6d4d31909e56f4509f" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at debian-edu-config, et sæt opsætningsfiler der anvendes til -blend'en Debian Edu, havde for liberale ACL'er vedrørende Kerberos' adminserver, -hvilket gjorde det muligt at ændre andre brugerprincipalers adgangskode.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.929+deb9u4.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.10.65+deb10u3.

- -

Vi anbefaler at du opgraderer dine debian-edu-config-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende debian-edu-config, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/debian-edu-config

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4589.data" diff --git a/danish/security/2019/dsa-4590.wml b/danish/security/2019/dsa-4590.wml deleted file mode 100644 index 198751a8465..00000000000 --- a/danish/security/2019/dsa-4590.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="49ebb54e257a4235010353f0f35ea62dfeff80af" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at lmtpd-komponenten i Cyrus' IMAP-server oprettede mailboxes -med administratorrettigheder, hvis fileinto blev anvendt, hvilket omgik -ACL-kontroller.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 2.5.10-3+deb9u2.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.0.8-6+deb10u3.

- -

Vi anbefaler at du opgraderer dine cyrus-imapd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende cyrus-imapd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/cyrus-imapd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4590.data" diff --git a/danish/security/2019/dsa-4591.wml b/danish/security/2019/dsa-4591.wml deleted file mode 100644 index 9e9ccc2f9f2..00000000000 --- a/danish/security/2019/dsa-4591.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="df11709715cec99dcc46d31e0498723d0062fe70" mindelta="1" -sikkerhedsopdatering - -

Stephan Zeisberg rapporterede om en sårbarhed i forbindelse med skrivning -udenfor grænserne i funktionen _sasl_add_string() i cyrus-sasl2, et bibliotek -som implementerer Simple Authentication and Security Layer. En fjernangriber -kunne drage nytte af problemet til at forårsage lammelsesangrebsstilstand i -applikationer, der benytter biblioteket.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 2.1.27~101-g0780600+dfsg-3+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.1.27+dfsg-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine cyrus-sasl2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende cyrus-sasl2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/cyrus-sasl2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4591.data" diff --git a/danish/security/2019/dsa-4592.wml b/danish/security/2019/dsa-4592.wml deleted file mode 100644 index 79a0aea4480..00000000000 --- a/danish/security/2019/dsa-4592.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c8a1be83043aff5fa848cf416ba036a1bf88afe8" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at funktionaliteten til sortlistning af titler i MediaWiki, en -webstedsmotor til samarbejdsprojekter, kunne omgås.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1:1.27.7-1~deb9u3.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:1.31.6-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mediawiki, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mediawiki

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4592.data" diff --git a/danish/security/2019/dsa-4593.wml b/danish/security/2019/dsa-4593.wml deleted file mode 100644 index 65f463f29f6..00000000000 --- a/danish/security/2019/dsa-4593.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="4b462ea192fc355c557625a4edd8b02668ca91dd" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at freeimage, et grafikbibliotek, var påvirket af følgende to -sikkerhedsproblemer:

- -
    - -
  • CVE-2019-12211 - -

    Heapbufferoverløb forårsaget af ugyldig memcpy i PluginTIFF. Fejlen - kunne udnyttes af fjernangribere til at udløse et lammelsesangreb eller - anden ikke-angivet påvirkning ved hjælp af fabrikerede TIFF-data.

    • - -
  • CVE-2019-12213 - -

    Stakudmattelse forårsaget af uønsket rekursivitet i PluginTIFF. Fejlen - kunne udnyttes af fjernangribere til at udløse et lammelsesangreb ved - hjælp af fabrikerede TIFF-data.

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 3.17.0+ds1-5+deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 3.18.0+ds2-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine freeimage-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende freeimage, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/freeimage

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4593.data" diff --git a/danish/security/2019/dsa-4594.wml b/danish/security/2019/dsa-4594.wml deleted file mode 100644 index f799dd450d6..00000000000 --- a/danish/security/2019/dsa-4594.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="11e1663e57afd4ec01a9dcd0258d09273ea21e5e" mindelta="1" -sikkerhedsopdatering - -

Guido Vranken opdagede en overløbsfejl i x64_64's -Montgomery-kvadratprocedure, som anvendes til eksponentiering med 512 -bit-moduli.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.0.2u-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine openssl1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl1.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssl1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4594.data" diff --git a/danish/security/2019/dsa-4595.wml b/danish/security/2019/dsa-4595.wml deleted file mode 100644 index 3203b8061b2..00000000000 --- a/danish/security/2019/dsa-4595.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="6519242e58366ed179bc8c8fb2e8ca3bf298cfae" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at debian-lan-config, et FAI-opsætningsrum til -Debian-LAN-systemet, opsatte for lempelige ACL'er for Kerberos' -adminserver, hvilket muliggjorde adgangskodeændringer af andre -brugerprincipaler.

- -

Denne opdatering indeholder en rettet opsætning til nye udrulninger, mens -der for eksisterede opsætninger i NEWS-filen, som følger med opdateringen, gives -råd til rettelse af opsætningen.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 0.23+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 0.25+deb10u1.

- -

Vi anbefaler at du opgraderer dine debian-lan-config-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende debian-lan-config, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/debian-lan-config

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4595.data" diff --git a/danish/security/2019/dsa-4596.wml b/danish/security/2019/dsa-4596.wml deleted file mode 100644 index 70383c6fef6..00000000000 --- a/danish/security/2019/dsa-4596.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="65d7367533385d5273f2b4e5575c52530adab6a9" mindelta="1" -sikkerhedsopdatering - -

Flere problemer blev opdaget i Tomcats servlet og JSP-motor, hvilke kunne -føre til sessionsfikseringsangreb, informationsafsløring, udførelse af skripter -på tværs af websteder, lammelsesangreb gennem ressourceudmattelse og usikre -viderestillinger.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 8.5.50-0+deb9u1. Opdateringen kræver også en opdateret version af -tomcat-native, som er opdateret til 1.2.21-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine tomcat8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tomcat8, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tomcat8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2019/dsa-4596.data" diff --git a/danish/security/2019/index.wml b/danish/security/2019/index.wml deleted file mode 100644 index 7da3f763dc2..00000000000 --- a/danish/security/2019/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2019 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security -#use wml::debian::translation-check translation="e8123b3425d07e0aa35e56936c3403a3ed975b0a" - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/security/2019' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2020/Makefile b/danish/security/2020/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2020/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2020/dsa-4597.wml b/danish/security/2020/dsa-4597.wml deleted file mode 100644 index c4059977939..00000000000 --- a/danish/security/2020/dsa-4597.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="8a8180313689caf093ac3fe147b1018a2c6545dd" mindelta="1" -sikkerhedsopdatering - -

Der blev rapporteret, at Netty, et Java NIO-klient/server-framework, var en -HTTP-forspørgselssmuglingssårbarhed på grund af fejlhåndteret whitespace før et -kolon i HTTP-headere.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1:4.1.7-2+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:4.1.33-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine netty-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende netty, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/netty

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4597.data" diff --git a/danish/security/2020/dsa-4598.wml b/danish/security/2020/dsa-4598.wml deleted file mode 100644 index 7a1cc12cab5..00000000000 --- a/danish/security/2020/dsa-4598.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="f141e134bdc80eb626430d22803e62ca0e69b576" mindelta="1" -sikkerhedsopdatering - -

Simon Charette rapporterede at funktionaliteten til nulstilling af -adgangskoder i Django, et Python-webudviklingsframework på højt niveau, anvendte -en Unicode-baseret forspørgsel uden hensyntagen til små og store bogstaver, til -at hente konti der modsvarer mailadressen, som beder om at få nulstillet -adgangskoden. En angriber kunne udnytte fejlen til potentielt at hente tokens -til nulstilling af adgangskoder og til at kapre konti.

- -

For flere oplysninger, se -\ -https://www.djangoproject.com/weblog/2019/dec/18/security-releases/.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1:1.10.7-2+deb9u7.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:1.11.27-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-django, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-django

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4598.data" diff --git a/danish/security/2020/dsa-4599.wml b/danish/security/2020/dsa-4599.wml deleted file mode 100644 index 55280692431..00000000000 --- a/danish/security/2020/dsa-4599.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e79b7fa9c4d19ab016e9734db7cf5427757e7c5e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Wordpress, et webbloggingværktøj. De gjorde -det muligt for fjernangribere at iværksætte forskellige angreb i forbindelse med -udførelse af skripter på tværs af websteder (XSS) og forspørgsler på tværs af -websteder (CSRF), oprette åbne viderestillinger, cacheforgiftning, omgåelse af -autorisationsadgang og fornuftighedskontrol af inddata.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 5.0.4+dfsg1-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wordpress, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wordpress

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4599.data" diff --git a/danish/security/2020/dsa-4600.wml b/danish/security/2020/dsa-4600.wml deleted file mode 100644 index efc8927a8ff..00000000000 --- a/danish/security/2020/dsa-4600.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="2c2490c9749352191c6f084851eb0832e358ca83" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne føre til udførelse af vilkårlig kode, dataudsivning -eller udførelse af skripter på tværs af websteder.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 68.4.1esr-1~deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 68.4.1esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4600.data" diff --git a/danish/security/2020/dsa-4601.wml b/danish/security/2020/dsa-4601.wml deleted file mode 100644 index a739632b774..00000000000 --- a/danish/security/2020/dsa-4601.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="7d75d8928987af424e3e50ff2103a45da9815c40" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at et hook-skript i ldm, displaymanageren fra Linux Terminal -Server Project, på ukorrekt vis fortolkede svar fra en SSH-server, hvilket kunne -føre til lokal root-rettighedsforøgelse.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 2:2.2.18-2+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2:2.18.06-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine ldm-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ldm, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ldm

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4601.data" diff --git a/danish/security/2020/dsa-4602.wml b/danish/security/2020/dsa-4602.wml deleted file mode 100644 index ca84600892a..00000000000 --- a/danish/security/2020/dsa-4602.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="4c0996e191dd68b6dfbadfee3c048714d4cfa961" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Xen-hypervisoren, hvilke kunne medføre -lammelsesangreb, gæst til vært-rettighedsforøgelse eller -informationslækager.

- -

Desuden indeholder denne opdatering en afhjælpelse af det spekulative -sidekanalangreb TSX Asynchronous Abort. For flere oplysninger, se -\ -https://xenbits.xen.org/xsa/advisory-305.html.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 4.8.5.final+shim4.10.4-1+deb9u12. Bemærk at dette er den sidste -sikkerhedsopdatering af Xen i den gamle stabile distribution; -opstrømsunderstøttelse af 4.8.x-forgreningen ophørte med udgangen af december -2019. Hvis du er afhængig af at din Xen-installation har -sikkerhedsunderstøttelse anbefales det at opdatere til den stabile distribution -(buster).

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.11.3+24-g14b62ab3e5-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4602.data" diff --git a/danish/security/2020/dsa-4603.wml b/danish/security/2020/dsa-4603.wml deleted file mode 100644 index 01754319520..00000000000 --- a/danish/security/2020/dsa-4603.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="37106d7a2bf19436b2c3fcedd284e215a16d849a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke potentielt -kunne føre til udførelse af vilkårlig kode eller informationsafsløring.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:68.4.1-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:68.4.1-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4603.data" diff --git a/danish/security/2020/dsa-4604.wml b/danish/security/2020/dsa-4604.wml deleted file mode 100644 index f1eeefb3452..00000000000 --- a/danish/security/2020/dsa-4604.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="73b976c71b8b4c13c331a478bd9111aa6f64627e" mindelta="1" -sikkerhedsopdatering - -

Adskillige problemer er fundet i cacti, et serverovervågningssystem, -potentielt medførende udførelse af SQL eller informationsafsløring -foretaget af autentificerede brugere.

- -
    - -
  • CVE-2019-16723 - -

    Autentificerede brugere kunne omgå autorisationskontrollerne vil visning - af en graf, ved at indsende forespørgsler med modificerede - local_graph_id-parametre.

    • - -
  • CVE-2019-17357 - -

    Brugerfladen til administration af graf fornuftighedskontrollerede på - utilstrækkelig vis paremeteret template_id, potentielt førende til - SQL-indsprøjtning. Sårbarheden kunne anvendes som løftestang af - autentificerede angribere, til at udføre uautoriseret SQL-kode i en - database.

    • - -
  • CVE-2019-17358 - -

    Funktionen sanitize_unserialize_selected_items (lib/functions.php) - fornuftighedskontrollerede på utilstrækkelig vis brugerinddata, før de blev - deserialiseret, potentielt medførende usikker deserialisering af - brugerkontrollerede data. Sårbarheden kunne anvendes som løftestang af - autentificerede angribere til at påvirke programkontrolforløbet eller til at - forårsage hukommelseskorruption.

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 0.8.8h+ds1-10+deb9u1. Bemærk at stretch kun var påvirket af -\ -CVE-2018-17358.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.2.2+ds1-2+deb10u2.

- -

Vi anbefaler at du opgraderer dine cacti-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende cacti, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/cacti

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4604.data" diff --git a/danish/security/2020/dsa-4605.wml b/danish/security/2020/dsa-4605.wml deleted file mode 100644 index c5b09e13151..00000000000 --- a/danish/security/2020/dsa-4605.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f63afc8ad74e4e06be31ba0f4afdb777d0097a69" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, medførende -lammelsesangreb, ukorrekt implementering af Kerberos' GSSAPI- og -TGS-forespørgsler eller ukorrekte TLS-handshakes.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 11.0.6+10-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine openjdk-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4605.data" diff --git a/danish/security/2020/dsa-4606.wml b/danish/security/2020/dsa-4606.wml deleted file mode 100644 index 35b3e4c6c51..00000000000 --- a/danish/security/2020/dsa-4606.wml +++ /dev/null @@ -1,210 +0,0 @@ -#use wml::debian::translation-check translation="dca7d154a9aa9b577d941477e201293dd96b6dbc" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2019-13725 - -

    Gengming Liu og Jianyu Chen opdagede et problem med anvendelse efter - frigivelse i bluetooth-implementeringen.

    • - -
  • CVE-2019-13726 - -

    Sergei Glazunov opdagede et bufferoverløbsproblem.

    • - -
  • CVE-2019-13727 - -

    @piochu opdagede en policy-håndhævelsesfejl.

    • - -
  • CVE-2019-13728 - -

    Rong Jian og Guang Gong opdagede en skrivefejl udenfor grænserne i - JavaScript-biblioteket v8.

    • - -
  • CVE-2019-13729 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2019-13730 - -

    Soyeon Park og Wen Xu opdagede anvendelse af en forkert type i - JavaScript-biblioteket v8.

    • - -
  • CVE-2019-13732 - -

    Sergei Glazunov opdagede et problem med anvendelse efter frigivelse i - WebAudio-implementeringen.

    • - -
  • CVE-2019-13734 - -

    Wenxiang Qian opdagede et problem med læsningen udenfor grænserne i - sqlite-biblioteket.

    • - -
  • CVE-2019-13735 - -

    Gengming Liu og Zhen Feng opdagede et problem med læsningn udenfor - grænserne i JavaScript-biblioteket v8.

    • - -
  • CVE-2019-13736 - -

    Et heltalsoverløbsproblem blev opdaget i pdfium-biblioteket.

    • - -
  • CVE-2019-13737 - -

    Mark Amery opdagede en policy-håndhævelsesfejl.

    • - -
  • CVE-2019-13738 - -

    Johnathan Norman og Daniel Clark opdagede en - policy-håndhævelsesfejl.

    • - -
  • CVE-2019-13739 - -

    xisigr opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2019-13740 - -

    Khalil Zhani opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2019-13741 - -

    Michał Bentkowski opdagede at inddata fra brugeren kunne være - ufuldstændigt valideret.

    • - -
  • CVE-2019-13742 - -

    Khalil Zhani opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2019-13743 - -

    Zhiyang Zeng opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2019-13744 - -

    Prakash opdagede en policy-håndhævelsesfejl.

    • - -
  • CVE-2019-13745 - -

    Luan Herrera opdagede en policy-håndhævelsesfejl.

    • - -
  • CVE-2019-13746 - -

    David Erceg opdagede en policy-håndhævelsesfejl.

    • - -
  • CVE-2019-13747 - -

    Ivan Popelyshev og André Bonatti opdagede en uinitialiseret - værdi.

    • - -
  • CVE-2019-13748 - -

    David Erceg opdagede en policy-håndhævelsesfejl.

    • - -
  • CVE-2019-13749 - -

    Khalil Zhani opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2019-13750 - -

    Wenxiang Qian opdagede utilstrækkelig datavalidering i - sqlite-biblioteket.

    • - -
  • CVE-2019-13751 - -

    Wenxiang Qian opdagede en uinitialiseret værdi i - sqlite-biblioteket.

    • - -
  • CVE-2019-13752 - -

    Wenxiang Qian opdagede et problem med læsning udenfor grænserne i - sqlite-biblioteket.

    • - -
  • CVE-2019-13753 - -

    Wenxiang Qian opdagede et problem med læsning udenfor grænserne i - sqlite-biblioteket.

    • - -
  • CVE-2019-13754 - -

    Cody Crews opdagede en policy-håndhævelsesfejl.

    • - -
  • CVE-2019-13755 - -

    Masato Kinugawa opdagede en policy-håndhævelsesfejl.

    • - -
  • CVE-2019-13756 - -

    Khalil Zhani opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2019-13757 - -

    Khalil Zhani opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2019-13758 - -

    Khalil Zhani opdagede en policy-håndhævelsesfejl.

    • - -
  • CVE-2019-13759 - -

    Wenxu Wu opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2019-13761 - -

    Khalil Zhani opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2019-13762 - -

    csanuragjain opdagede en policy-håndhævelsesfejl.

    • - -
  • CVE-2019-13763 - -

    weiwangpp93 opdagede en policy-håndhævelsesfejl.

    • - -
  • CVE-2019-13764 - -

    Soyeon Park og Wen Xu opdagede anvendelse af en forkert type i - JavaScript-biblioteket v8.

    • - -
  • CVE-2019-13767 - -

    Sergei Glazunov opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2020-6377 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2020-6378 - -

    Antti Levomäki og Christian Jalio opdagede et problem med anvendelse - efter frigivelse.

    • - -
  • CVE-2020-6379 - -

    Guang Gong opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2020-6380 - -

    Sergei Glazunov opdagede en fejl i verifikationen af udvidelsers - meddelelser.

    • - -
- -

I den gamle stabile distribution (stretch), security support for chromium has -been discontinued.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 79.0.3945.130-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4606.data" diff --git a/danish/security/2020/dsa-4607.wml b/danish/security/2020/dsa-4607.wml deleted file mode 100644 index d73736c1117..00000000000 --- a/danish/security/2020/dsa-4607.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="54ed69c467a43952f4d70f1aaf9fbc9a5d4b6fcd" mindelta="1" -sikkerhedsopdatering - -

Lukas Kupczyk rapporterede om en sårbarhed i håndteringen af chunked HTTP i -openconnect, en åben klient til Cisco AnyConnect, Pulse og GlobalProtect VPN. -En ondsindet HTTP-server (efter at have accepteret dens identitetscertifikat), -kunne levere forkerte chunk-længder for chunked HTTP-encoding og dermed -forårsage et heapbaseret bufferoverløb.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 7.08-1+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 8.02-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine openconnect-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openconnect, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openconnect

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4607.data" diff --git a/danish/security/2020/dsa-4608.wml b/danish/security/2020/dsa-4608.wml deleted file mode 100644 index fc1e82e999f..00000000000 --- a/danish/security/2020/dsa-4608.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="c61db2c587e6eed3dcf7c02b4a7f4500c4561841" mindelta="1" -sikkerhedsopdatering - -

Adskillige heltalsoverløb er opdaget i biblioteket libtiff og i de -medfølgende værktøjer.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.1.0+git191117-2~deb10u1.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tiff, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tiff

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4608.data" diff --git a/danish/security/2020/dsa-4609.wml b/danish/security/2020/dsa-4609.wml deleted file mode 100644 index 41b51425748..00000000000 --- a/danish/security/2020/dsa-4609.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="f744d49feeb6c6afe3a22a3ed5e2a43eefbe3d46" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer blev fundet i Python-grænsefladen til -pakkehåndteringssystemet apt. Pakker downloadet fra usignerede arkiver blev -fejlagtigt afvist og hash-valideringen var afhængig af MD5.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.4.1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.8.4.1.

- -

Vi anbefaler at du opgraderer dine python-apt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-apt, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-apt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4609.data" diff --git a/danish/security/2020/dsa-4610.wml b/danish/security/2020/dsa-4610.wml deleted file mode 100644 index bce2b03e09a..00000000000 --- a/danish/security/2020/dsa-4610.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="e6ae6b986a5a91be7e9c7bf01d816a4dac8d86bc" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder blev opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2019-8835 - -

    En anonym efterforsker opdagede at ondsindet fabrikeret webindhold kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8844 - -

    William Bowling opdagede at ondsindet fabrikeret webindhold kunne føre - til udførelse af vilkårlig kode.

    • - -
  • CVE-2019-8846 - -

    Marcin Towalski fra Cisco Talos opdagede at ondsindet fabrikeret - webindhold kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.26.3-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4610.data" diff --git a/danish/security/2020/dsa-4611.wml b/danish/security/2020/dsa-4611.wml deleted file mode 100644 index a51ae6556c2..00000000000 --- a/danish/security/2020/dsa-4611.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="3ca692b931073b2f0a3154ffd1fc96ac6743ed54" mindelta="1" -sikkerhedsopdatering - -

Qualys opdagede at OpenSMTPD's SMTP-server udførte utilstrækkelig validering -af mailadresser, hvilket kunne medføre udførelse af vilkårlige kommandoer som -root. Desuden retter denne opdatering et lammelsesangreb, udløst af en -opportunistisk TLS-nedgradering.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet i -version 6.0.2p1-2+deb9u2.

- -

I den stabile distribution (buster), er disse problemer rettet i version -6.0.3p1-5+deb10u3. Opdateringen indeholder også fejlrettelser som ikke er -sikkerhedsrelaterede, hvilke allerede var gjort klar til busters -10.3-punktopdatering.

- -

Vi anbefaler at du opgraderer dine opensmtpd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende opensmtpd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/opensmtpd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4611.data" diff --git a/danish/security/2020/dsa-4612.wml b/danish/security/2020/dsa-4612.wml deleted file mode 100644 index 5a7f0c17ce9..00000000000 --- a/danish/security/2020/dsa-4612.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="fb7d29f63f0954976c5fc7cf9c9bddd6cbb49710" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at LDAP-autentifikationsmodulerne til Prosody -Jabber-/XMPP-serveren på ukorrekt vis validerede XMPP-adresser, når der blev -kontrolleret hvorvidt en bruger har administratoradgang.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 0.0~hg20170123.3ed504b944e5+dfsg-1+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 0.0~hg20190203.b54e98d5c4a1+dfsg-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine prosody-modules-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende prosody-modules, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/prosody-modules

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4612.data" diff --git a/danish/security/2020/dsa-4613.wml b/danish/security/2020/dsa-4613.wml deleted file mode 100644 index edfa34538fe..00000000000 --- a/danish/security/2020/dsa-4613.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e25d434dcac8f08adc70199ce09f30f14d4e8555" mindelta="1" -sikkerhedsopdatering - -

En heapbaseret bufferoverløbssårbarhed blev opdaget i funktionen -idn2_to_ascii_4i() i libidn2, GNU-biblioteket til Internationalized Domain Names -(IDNs), hvilken kunne medføre lammelsesangreb eller udførelse af vilkårlig kode, -når der blev behandlet en lang domænestreng.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.0.5-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine libidn2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libidn2, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/libidn2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4613.data" diff --git a/danish/security/2020/dsa-4614.wml b/danish/security/2020/dsa-4614.wml deleted file mode 100644 index 0b4c2b3551b..00000000000 --- a/danish/security/2020/dsa-4614.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="10d6441f58b80849b1c23b3599dafc9a773a04f2" mindelta="1" -sikkerhedsopdatering - -

Joe Vennix opdagede en stakbaseret bufferoverløbssårbarhed i sudo, et program -der har til formål at give begrænsede superbrugerrettigheder til specifikke -brugere, udløsbar når opsat med aktiveret pwfeedback-valgmulighed. En -upriviligeret bruger kunne drage nytte af fejlen til at få komplette -root-rettigheder.

- -

Flere oplysninger findes i opstrøms bulletin på -\ -https://www.sudo.ws/alerts/pwfeedback.html.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.8.19p1-2.1+deb9u2.

- -

I den stabile distribution (buster), forhindres udnyttelse af fejlen på grund -af ændringer af EOF-håndteringen, som blev indført i version 1.8.26.

- -

Vi anbefaler at du opgraderer dine sudo-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende sudo, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/sudo

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4614.data" diff --git a/danish/security/2020/dsa-4615.wml b/danish/security/2020/dsa-4615.wml deleted file mode 100644 index a8156f45a9e..00000000000 --- a/danish/security/2020/dsa-4615.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="cc26fa4daf1ca0a0ad161b8f9a5b226f730a186c" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i spamassassin, et Perl-baseret spamfilter, der -anvender tekstanalyse. Ondsindede regel- og opsætningsfiler, muligvis hentet -fra en opdateringsserver, kunne udføre vilkårlige kommandoer under flere -omstændigheder.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 3.4.2-1~deb9u3.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 3.4.2-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine spamassassin-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spamassassin, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/spamassassin

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4615.data" diff --git a/danish/security/2020/dsa-4616.wml b/danish/security/2020/dsa-4616.wml deleted file mode 100644 index 3cf3d062dca..00000000000 --- a/danish/security/2020/dsa-4616.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="15dec87b51ed957e42773ff91217a26555cc3465" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer er fundet i SLiRP-netværksimplementeringen i QEMU, en -hurtig processoremulator, hvilke kunne medføre udførelse af vilkårlig kode eller -lammelsesangreb.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:2.8+dfsg-6+deb9u9.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:3.1+dfsg-8+deb10u4.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qemu, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qemu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4616.data" diff --git a/danish/security/2020/dsa-4617.wml b/danish/security/2020/dsa-4617.wml deleted file mode 100644 index 0b60e248369..00000000000 --- a/danish/security/2020/dsa-4617.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="446ba0301e18f9722b30306206b2c61e7c957ed8" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer blev fundet i Qt-biblioteket, hvilke kunne medføre at -plugins og biblioteker blev indlæst fra den aktuelle arbejdsmappe, potentielt -førende til udførelse af kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 5.7.1+dfsg-3+deb9u2.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 5.11.3+dfsg1-1+deb10u3.

- -

Vi anbefaler at du opgraderer dine qtbase-opensource-src-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qtbase-opensource-src, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qtbase-opensource-src

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4617.data" diff --git a/danish/security/2020/dsa-4618.wml b/danish/security/2020/dsa-4618.wml deleted file mode 100644 index 0edb7e7c123..00000000000 --- a/danish/security/2020/dsa-4618.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="3ad892d074815a517f2a1d8ec799fa696a08d752" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med læsning udenfor grænserne, på grund af et -heltalsoverløb, blev rapporteret i libexif, et bibliotek til fortolkning af -EXIF-filer, hvilken kunne medføre lammelsesangreb eller potentielt udførelse -af vilkårlig kode, hvis et særligt fremstillet billede blev behandlet.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 0.6.21-2+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 0.6.21-5.1+deb10u1.

- -

Vi anbefaler at du opgraderer dine libexif-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libexif, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/libexif

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4618.data" diff --git a/danish/security/2020/dsa-4619.wml b/danish/security/2020/dsa-4619.wml deleted file mode 100644 index bb92fab6f66..00000000000 --- a/danish/security/2020/dsa-4619.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="abccef21651668bce87fe0103d623399ffd369cd" mindelta="1" -sikkerhedsopdatering - -

Guillaume Teissier rapporterede om at XMLRPC-klienten i libxmlrpc3-java, en -implementering af XML-RPC i Java, ikke udførte afserialisering af -serverside-undtagelsen, som er serialiseret i faultCause-attributten i -XMLRPC-fejlsvarmeddelelser. En ondsindet XMLRPC-server kunne drage nytte af -fejlen til udførelse af vilkårlig kode, med rettighederne hørende til en -applikation, der anvender Apaches XMLRPC-klientbibliotek.

- -

Bemærk at en klient, der forventer at modtage serverside-undtagelser, -eksplicit skal have opsat egenskaben enabledForExceptions.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 3.1.3-8+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.1.3-9+deb10u1.

- -

Vi anbefaler at du opgraderer dine libxmlrpc3-java-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libxmlrpc3-java, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libxmlrpc3-java

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4619.data" diff --git a/danish/security/2020/dsa-4620.wml b/danish/security/2020/dsa-4620.wml deleted file mode 100644 index d703255c27a..00000000000 --- a/danish/security/2020/dsa-4620.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="fcaa4a008ecfa168724ebd844e253d66450b96d3" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 68.5.0esr-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 68.5.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4620.data" diff --git a/danish/security/2020/dsa-4621.wml b/danish/security/2020/dsa-4621.wml deleted file mode 100644 index 553ea5f9ad6..00000000000 --- a/danish/security/2020/dsa-4621.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="8e8c01053acfcad3b37f0c4932fbaf9682de2121" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, medførende -lammelsesangreb, ukorrekt implementering af Kerberos GSSAPI- og -TGS-forespørgsler eller ukorrekte TLS-handshakes.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 8u242-b08-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine openjdk-8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-8, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4621.data" diff --git a/danish/security/2020/dsa-4622.wml b/danish/security/2020/dsa-4622.wml deleted file mode 100644 index e2a016c04c4..00000000000 --- a/danish/security/2020/dsa-4622.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="d568552e131ea2c7ea7f32112237692071899e0b" mindelta="1" -sikkerhedsopdatering - -

Tom Lane opdagede at ALTER ... DEPENDS ON EXTENSION-underkommandoer i -PostgreSQL-databasen ikke udførte autorisationskontroller.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 9.6.17-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine postgresql-9.6-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende postgresql-9.6, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/postgresql-9.6

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4622.data" diff --git a/danish/security/2020/dsa-4623.wml b/danish/security/2020/dsa-4623.wml deleted file mode 100644 index bac0751ce88..00000000000 --- a/danish/security/2020/dsa-4623.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="68e58f55529766dd62029fba99d7b7a4fad42ba0" mindelta="1" -sikkerhedsopdatering - -

Tom Lane opdagede at ALTER ... DEPENDS ON EXTENSION-underkommandoer i -PostgreSQL-databasen ikke udførte autorisationskontroller.

- -

I den stabile distribution (buster), er dette problem rettet i -version 11.7-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine postgresql-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende postgresql-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/postgresql-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4623.data" diff --git a/danish/security/2020/dsa-4624.wml b/danish/security/2020/dsa-4624.wml deleted file mode 100644 index 2b2045f62d8..00000000000 --- a/danish/security/2020/dsa-4624.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="8be684d647389ee3db99d941206fa9b5cbef2621" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i evince, et simpelt program til visning af -dokumenter.

- -
    - -
  • CVE-2017-1000159 - -

    Tobias Mueller rapporterede at DVI-eksportfunktionen i evince var sårbar - over for en kommandindsprøjtningssårbarhed gennem særligt fremstillede - filnavne.

    • - -
  • CVE-2019-11459 - -

    Andy Nguyen rapporterede at funktionerne tiff_document_render() og - tiff_document_get_thumbnail() i TIFF-dokumentbackend'en ikke håndterede - fejl fra TIFFReadRGBAImageOriented(), førende til blotlæggelse af - uinitialiseret hukommelse, når der blev behandlet - TIFF-billederfiler.

    • - -
  • CVE-2019-1010006 - -

    En bufferoverløbssårbarhed i TIFF-backend'en, kunne føre til - lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis en - særligt fremstillet PDF-fil blev åbnet.

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 3.22.1-3+deb9u2.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 3.30.2-3+deb10u1. The stable distribution is only affected by -CVE-2019-11459.

- -

Vi anbefaler at du opgraderer dine evince-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende evince, se -dens sikkerhedssporingssidede på: -https://security-tracker.debian.org/tracker/evince

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4624.data" diff --git a/danish/security/2020/dsa-4625.wml b/danish/security/2020/dsa-4625.wml deleted file mode 100644 index 2ca871b1942..00000000000 --- a/danish/security/2020/dsa-4625.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="aff1f9d91d55bc4216bac2e9986c8079aa7723d7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:68.5.0-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:68.5.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4625.data" diff --git a/danish/security/2020/dsa-4626.wml b/danish/security/2020/dsa-4626.wml deleted file mode 100644 index f19af22be3d..00000000000 --- a/danish/security/2020/dsa-4626.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f97e30bee8650c46bc061487771c3025e2149195" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i PHP, et vidt udbredt og generelt -anvendeligt skriptsprog, hvilke kunne medføre informationsafsløring, -lammelsesangreb eller ukorrekt validering af stinavne.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 7.3.14-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine php7.3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.3, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4626.data" diff --git a/danish/security/2020/dsa-4627.wml b/danish/security/2020/dsa-4627.wml deleted file mode 100644 index 3c120aad867..00000000000 --- a/danish/security/2020/dsa-4627.wml +++ /dev/null @@ -1,48 +0,0 @@ -#use wml::debian::translation-check translation="0f2e63875207f63029067f8878524f544b09a20f" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2020-3862 - -

    Srikanth Gatta opdagede at et ondsindet websted kunne være i stand til at - forårsage et lammelsesangreb.

    • - -
  • CVE-2020-3864 - -

    Ryan Pickren opdagede at en DOM-objektkontekt måske ikke havde et unikt - sikkerhedsophav.

    • - -
  • CVE-2020-3865 - -

    Ryan Pickren opdagede at en DOM-objektkontekt på øverste niveau - fejlagtigt kunne have været betragtet som sikker.

    • - -
  • CVE-2020-3867 - -

    En anonym efterforsker opdagede at behandling af ondsindet fabrikeret - webindhold kunne føre til universel udførelse af skripter på tværs af - servere.

    • - -
  • CVE-2020-3868 - -

    Marcin Towalski opdagede at behandling af ondsindet fremstillet - webindhold kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.26.4-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4627.data" diff --git a/danish/security/2020/dsa-4628.wml b/danish/security/2020/dsa-4628.wml deleted file mode 100644 index 2fef22888f8..00000000000 --- a/danish/security/2020/dsa-4628.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="5e72e7cfa1106f51c16e8eb44102aa43243e88f1" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i PHP, et vidt udbredt og generelt -anvendeligt skriptsprog, hvilke kunne medføre informationsafsløring, -lammelsesangreb eller ukorrekt validering af stinavne.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 7.0.33-0+deb9u7.

- -

Vi anbefaler at du opgraderer dine php7.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4628.data" diff --git a/danish/security/2020/dsa-4629.wml b/danish/security/2020/dsa-4629.wml deleted file mode 100644 index 6c6ba5e63aa..00000000000 --- a/danish/security/2020/dsa-4629.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="cd250cac3ca11107f1d1af9d00f8407531004d81" mindelta="1" -sikkerhedsopdatering - -

Simon Charette opdagede at Django, et webudviklingsframework på højt niveau -til Python, ikke på korrekt vis håndterede inddata i dets PostgreSQL-modul. En -fjernangriber kunne udnytte fejlen til at iværksætte -SQL-indsprøjtningsangreb.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1:1.10.7-2+deb9u8.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:1.11.28-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-django, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-django

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4629.data" diff --git a/danish/security/2020/dsa-4630.wml b/danish/security/2020/dsa-4630.wml deleted file mode 100644 index 02cf0fcd6b5..00000000000 --- a/danish/security/2020/dsa-4630.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="7f18674eb2f19afa8777c4d720d6e52061da0bb6" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at pysaml2, en Python-implementering af SAML til anvendelse i et -WSGI-miljø, var sårbar over for angreb i forbindelse med XML-signaturindpakning, -hvilket kunne medføre omgåelse af signaturverifikation.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 3.0.0-5+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 5.4.1-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine python-pysaml2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-pysaml2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-pysaml2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4630.data" diff --git a/danish/security/2020/dsa-4631.wml b/danish/security/2020/dsa-4631.wml deleted file mode 100644 index e0c1765752a..00000000000 --- a/danish/security/2020/dsa-4631.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="93558736384fe023d7def535cc056a4a2fef410a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Pillow, et -Python-visualiseringsbibliotek, hvilke kunne medføre lammelsesangreb og -potentielt udførelse af vilkårlig kode, hvis misdannede PCX-, FLI-, SGI- eller -TIFF-billeder blev behandlet.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 4.0.0-4+deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 5.4.1-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine pillow-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pillow, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pillow

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4631.data" diff --git a/danish/security/2020/dsa-4632.wml b/danish/security/2020/dsa-4632.wml deleted file mode 100644 index f25ce7cdf09..00000000000 --- a/danish/security/2020/dsa-4632.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="dd1afb1cf904bbbb51ea66428499297bc19ade13" mindelta="1" -sikkerhedsopdatering - -

Ilja Van Sprundel rapporterede om en logisk fejl i pakkefortolkeren -Extensible Authentication Protocol (EAP) i Point-to-Point Protocol Daemon -(pppd). En uautentificeret angriber kunne drage nytte af fejlen til at udløse -et stakbaseret bufferoverløb, førende til lammelsesangreb (nedbrud i -pppd-dæmonen).

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 2.4.7-1+4+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.4.7-2+4.1+deb10u1.

- -

Vi anbefaler at du opgraderer dine ppp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ppp, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/ppp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4632.data" diff --git a/danish/security/2020/dsa-4633.wml b/danish/security/2020/dsa-4633.wml deleted file mode 100644 index e93ca6058cc..00000000000 --- a/danish/security/2020/dsa-4633.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="d3f29d8015c29a9da9f70c50fcc3cb13a49a95c7" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i cURL, et URL-overførselsbibliotek.

- -
    - -
  • CVE-2019-5436 - -

    Et heapbufferoverløb i TFTP-modtagelseskoden blev opdaget, hvilket kunne - muliggøre lammelsesangreb eller udførelse af vilkårlig kode. Det påvirker - kun den gamle stabile distribution (stretch).

    • - -
  • CVE-2019-5481 - -

    Thomas Vegas opdagede en dobbelt frigivelse i FTP-KRB-koden, udløst af en - ondsindet server, som sender en meget stor datablok.

    • - -
  • CVE-2019-5482 - -

    Thomas Vegas opdagede et heapbufferoverløb, der kunne udløses når en - lille ikke-standard-TFTP-blokstørrelse blev anvendt.

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 7.52.1-5+deb9u10.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 7.64.0-4+deb10u1.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende curl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/curl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4633.data" diff --git a/danish/security/2020/dsa-4634.wml b/danish/security/2020/dsa-4634.wml deleted file mode 100644 index a13b010b6ab..00000000000 --- a/danish/security/2020/dsa-4634.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="2a240813094d4a13de048c985345c3077a3c3795" mindelta="1" -sikkerhedsopdatering - -

Qualys opdagede at OpenSMTPD's SMTP-server udførte utilstrækkelig validering -af SMTP-kommander, hvilket kunne medføre lokal rettighedsforøgelse eller -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 6.0.2p1-2+deb9u3.

- -

I den stabile distribution (buster), er dette problem rettet i -version 6.0.3p1-5+deb10u4.

- -

Vi anbefaler at du opgraderer dine opensmtpd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende opensmtpd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/opensmtpd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4634.data" diff --git a/danish/security/2020/dsa-4635.wml b/danish/security/2020/dsa-4635.wml deleted file mode 100644 index bd46a7db7f8..00000000000 --- a/danish/security/2020/dsa-4635.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="9539f4e7de197a7f0021a734f0dc306700d58c9e" mindelta="1" -sikkerhedsopdatering - -

Antonio Morales opdagede en fejl i forbindelse med anvendelse efter -frigivelse i hukommelsespoolallokatoren i ProFTPD, en ydedygtig, modulæra -FTP-/SFTP-/FTPS-server. Afbrydelse af igangværende dataoverførsler kan -ødelægge ProFTPD's hukommelsespool, førende til lammelsesangreb eller -potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.3.5b-4+deb9u4.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.3.6-4+deb10u4.

- -

Vi anbefaler at du opgraderer dine proftpd-dfsg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende proftpd-dfsg, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/proftpd-dfsg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4635.data" diff --git a/danish/security/2020/dsa-4636.wml b/danish/security/2020/dsa-4636.wml deleted file mode 100644 index 6f9158307b5..00000000000 --- a/danish/security/2020/dsa-4636.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="6a986dff4e03b3c164266e2fa4cba83cee0f3c2b" mindelta="1" -sikkerhedsopdatering - -

Der blev rapporteret at python-bleach, et hvidlistebaseret bibliotek til -HTML-rensning, var sårbar over for en mutations-XSS-sårbarhed i bleach.clean, -når noscript og et eller flere raw text-tags blev hvidlistet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.1.1-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine python-bleach-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-bleach, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-bleach

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4636.data" diff --git a/danish/security/2020/dsa-4637.wml b/danish/security/2020/dsa-4637.wml deleted file mode 100644 index 34632486218..00000000000 --- a/danish/security/2020/dsa-4637.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="44280ae920ca8f6697eb3d2e55b736bd1753e429" mindelta="1" -sikkerhedsopdatering - -

Kobus van Schoor opdagede at network-manager-ssh, en plugin der giver -VPN-integration for SSH i NetworkManager, var sårbar over for en -rettighedsforøgelsessårbarhed. En lokal bruger med rettigheder til at ændre en -forbindelse, kunne drage nytte af fejlen til at udføre vilkårlige kommandoer som -root.

- -

Denne opdatering dropper understøttelse af overførsel af ekstra -SSH-valgmuligheder til ssh-kaldet.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.2.1-1+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.2.10-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine network-manager-ssh-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende network-manager-ssh, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/network-manager-ssh

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4637.data" diff --git a/danish/security/2020/dsa-4638.wml b/danish/security/2020/dsa-4638.wml deleted file mode 100644 index e0ac3cb917f..00000000000 --- a/danish/security/2020/dsa-4638.wml +++ /dev/null @@ -1,226 +0,0 @@ -#use wml::debian::translation-check translation="6fbca817d300a20809fec1f06bb2ae3c92689156" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2019-19880 - -

    Richard Lorenz opdagede et problem i biblioteket sqlite.

    • - -
  • CVE-2019-19923 - -

    Richard Lorenz opdagede et problem med læsning udenfor grænserne i - biblioteket sqlite.

    • - -
  • CVE-2019-19925 - -

    Richard Lorenz opdagede et problem i biblioteket sqlite.

    • - -
  • CVE-2019-19926 - -

    Richard Lorenz opdagede en implementeringsfejl i biblioteket - sqlite.

    • - -
  • CVE-2020-6381 - -

    Storbritanniens National Cyber Security Centre opdagede et - heltalsoverløbsproblem i JavaScript-biblioteket v8.

    • - -
  • CVE-2020-6382 - -

    Soyeon Park og Wen Xu opdagede en typefejl i JavaScript-biblioteket - v8.

    • - -
  • CVE-2020-6383 - -

    Sergei Glazunov opdagede en typefejl i JavaScript-biblioteket - v8.

    • - -
  • CVE-2020-6384 - -

    David Manoucheri opdagede et problem med anvendelse efter frigivelse i - WebAudio.

    • - -
  • CVE-2020-6385 - -

    Sergei Glazunov opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6386 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse i - behandlingen af tale.

    • - -
  • CVE-2020-6387 - -

    Natalie Silvanovich opdagede en fejl i forbindelse med skrivning udenfor - grænserne i WebRTC-implementeringen.

    • - -
  • CVE-2020-6388 - -

    Sergei Glazunov opdagede en fejl i forbindelse med læsning udenfor - grænserne WebRTC-implementeringen.

    • - -
  • CVE-2020-6389 - -

    Natalie Silvanovich opdagede en fejl i forbindelse med skrivning udenfor - grænserne WebRTC-implementeringen.

    • - -
  • CVE-2020-6390 - -

    Sergei Glazunov opdagede en fejl i forbindelse med læsning udenfor - grænserne.

    • - -
  • CVE-2020-6391 - -

    Michał Bentkowski opdagede at inddata der ikke er tillid til blev - valideret på utilstrækkelig vis.

    • - -
  • CVE-2020-6392 - -

    Microsoft Edge Team opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6393 - -

    Mark Amery opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6394 - -

    Phil Freo opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6395 - -

    Pierre Langlois opdagede en fejl i forbindelse med læsning udenfor - grænserne error i JavaScript-biblioteket v8.

    • - -
  • CVE-2020-6396 - -

    William Luc Ritchie opdagede en fejl i biblioteket skia.

    • - -
  • CVE-2020-6397 - -

    Khalil Zhani opdagede en brugergrænsefejl.

    • - -
  • CVE-2020-6398 - -

    pdknsk opdagede en uinitialiseret variabel i biblioteket pdfium.

    • - -
  • CVE-2020-6399 - -

    Luan Herrera opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6400 - -

    Takashi Yoneuchi opdagede en error i Cross-Origin Resource - Sharing.

    • - -
  • CVE-2020-6401 - -

    Tzachy Horesh opdagede at brugerinddata blev valideret på utilstrækkelig - vis.

    • - -
  • CVE-2020-6402 - -

    Vladimir Metnew opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6403 - -

    Khalil Zhani opdagede en brugergrænsefejl.

    • - -
  • CVE-2020-6404 - -

    kanchi opdagede en fejl i Blink/Webkit.

    • - -
  • CVE-2020-6405 - -

    Yongheng Chen og Rui Zhong opdagede et problem med læsning udenfor - grænserne issue i biblioteket sqlite.

    • - -
  • CVE-2020-6406 - -

    Sergei Glazunov opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2020-6407 - -

    Sergei Glazunov opdagede en fejl i forbindelse med læsning udenfor - grænserne.

    • - -
  • CVE-2020-6408 - -

    Zhong Zhaochen opdagede en fejl i forbindelse med håndhævelse af policy i - Cross-Origin Resource Sharing.

    • - -
  • CVE-2020-6409 - -

    Divagar S og Bharathi V opdagede en fejl i - omnibox-implementeringen.

    • - -
  • CVE-2020-6410 - -

    evil1m0 opdagede en fejl i forbindelse med håndhævelse af policy.

    • - -
  • CVE-2020-6411 - -

    Khalil Zhani opdagede at brugerinddata blev valideret på utilstrækkelig - vis.

    • - -
  • CVE-2020-6412 - -

    Zihan Zheng opdagede at brugerinddata blev valideret på utilstrækkelig - vis.

    • - -
  • CVE-2020-6413 - -

    Michał Bentkowski opdagede en fejl i Blink/Webkit.

    • - -
  • CVE-2020-6414 - -

    Lijo A.T opdagede en fejl i policysikker-browsing i forbindelse med - håndhævelse af policy.

    • - -
  • CVE-2020-6415 - -

    Avihay Cohen opdagede en implementeringsfejl i JavaScript-biblioteket - v8.

    • - -
  • CVE-2020-6416 - -

    Woojin Oh opdagede at inddata der ikke er tillid til blev valideret på - utilstrækkelig vis.

    • - -
  • CVE-2020-6418 - -

    Clement Lecigne opdagede en typefejl i JavaScript-biblioteket - v8.

    • - -
  • CVE-2020-6420 - -

    Taras Uzdenov opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
- -

I den gamle stabile distribution (stretch), er sikkerhedsunderstøttelse af -chromium ophørt.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 80.0.3987.132-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4638.data" diff --git a/danish/security/2020/dsa-4639.wml b/danish/security/2020/dsa-4639.wml deleted file mode 100644 index 6eeb7f28ff8..00000000000 --- a/danish/security/2020/dsa-4639.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="27d92e2cee924cf213f42f366f3f56264952623d" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 68.6.0esr-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 68.6.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4639.data" diff --git a/danish/security/2020/dsa-4640.wml b/danish/security/2020/dsa-4640.wml deleted file mode 100644 index 4fc61fab297..00000000000 --- a/danish/security/2020/dsa-4640.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="388f5519902c3f6cf8f4f4654c97a24e656f4688" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter flere sårbarheder i Graphicsmagick: Forskellige -hukommelseshåndteringsproblemer og tilfælde af manglende eller ufuldstændig -kontrol af inddata, kunne medføre lammelsesangreb, hukommelsesafsløring eller -udførelse af vilkårlig kode, hvis misdannede mediafiler behandles.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.3.30+hg15796-1~deb9u3.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.4~hg15978-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine graphicsmagick-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende graphicsmagick, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/graphicsmagick

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4640.data" diff --git a/danish/security/2020/dsa-4641.wml b/danish/security/2020/dsa-4641.wml deleted file mode 100644 index a51a3adf4fd..00000000000 --- a/danish/security/2020/dsa-4641.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="75999c5f7196426835c0846f81f2dc4fd1805869" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarhed er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2020-10018 - -

    Sudhakar Verma, Ashfaq Ansari og Siddhant Badhe opdagede at behandling af - ondsindet fremstillet webindhold, kunne føre til udførelse af vilkårlig - kode.

    • - -
- -

I den stabile distribution (buster), er dette problem rettet i -version 2.26.4-1~deb10u2.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4641.data" diff --git a/danish/security/2020/dsa-4642.wml b/danish/security/2020/dsa-4642.wml deleted file mode 100644 index 05e2755d0a7..00000000000 --- a/danish/security/2020/dsa-4642.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="4f6a60ff0218feb0db16282437c7b9ab77ccd8dc" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke potentielt -kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:68.6.0-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:68.6.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4642.data" diff --git a/danish/security/2020/dsa-4643.wml b/danish/security/2020/dsa-4643.wml deleted file mode 100644 index 1c44346083f..00000000000 --- a/danish/security/2020/dsa-4643.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="6a551fc4692612e434c167f14f9e544b02df9f2f" mindelta="1" -sikkerhedsopdatering - -

Der blev rapporteret om at python-bleach, et hvidlistebaseret bibliotek til -santering af HTML, var ramt af en mutations-XSS-sårbarhed i bleach.clean, når -strip=False og tag'ene math eller svg og et eller flere af -RCDATA-tag'ene var hvidlistet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.1.2-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine python-bleach-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-bleach, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-bleach

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4643.data" diff --git a/danish/security/2020/dsa-4644.wml b/danish/security/2020/dsa-4644.wml deleted file mode 100644 index a0e0ead18b7..00000000000 --- a/danish/security/2020/dsa-4644.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="941d9e1a630b7b46a43a3c303c4d44e5d337ced4" mindelta="1" -sikkerhedsopdatering - -

En lammelsesangrebssårbarhed (ved at udløse højt CPU-forbrug), blev fundet i -Tor, et forbindelsesbaseret, anonymt kommanikationssystem med lave -svartider.

- -

I den stabile distribution (buster), er dette problem rettet i -version 0.3.5.10-1.

- -

I den gamle stabile distribution (stretch), er understøttelse af tor nu -ophørt. Opgrader til den stabile udgave (buster) for fortsat at modtage -opdateringer af tor.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tor, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tor

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4644.data" diff --git a/danish/security/2020/dsa-4645.wml b/danish/security/2020/dsa-4645.wml deleted file mode 100644 index 56b12ca8ec3..00000000000 --- a/danish/security/2020/dsa-4645.wml +++ /dev/null @@ -1,70 +0,0 @@ -#use wml::debian::translation-check translation="9f255d7246e224b0653339ff32337f4de3f80b46" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2019-20503 - -

    Natalie Silvanovich opdagede et problem med læsning udenfor grænserne i - biblioteket usrsctp.

    • - -
  • CVE-2020-6422 - -

    David Manouchehri opdagede et problem med anvendelse efter frigivelse i - implementeringen af WebGL.

    • - -
  • CVE-2020-6424 - -

    Sergei Glazunov opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2020-6425 - -

    Sergei Glazunov opdagede en fejl i forbindelse med håndhævelse af policy - i forbindelse med udvidelser.

    • - -
  • CVE-2020-6426 - -

    Avihay Cohen opdagede an implementeringsfejl i JavaScript-biblioteket - v8.

    • - -
  • CVE-2020-6427 - -

    Man Yue Mo opdagede et problem med anvendelse efter frigivelse i - audio-implementeringen.

    • - -
  • CVE-2020-6428 - -

    Man Yue Mo opdagede et problem med anvendelse efter frigivelse i - audio-implementeringen.

    • - -
  • CVE-2020-6429 - -

    Man Yue Mo opdagede et problem med anvendelse efter frigivelse i - audio-implementeringen.

    • - -
  • CVE-2020-6449 - -

    Man Yue Mo opdagede et problem med anvendelse efter frigivelse i - audio-implementeringen.

    • - -
- -

I den gamle stabile distribution (stretch), er sikkerhedsunderstøttelse af -chromium ophørt.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 80.0.3987.149-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4645.data" diff --git a/danish/security/2020/dsa-4646.wml b/danish/security/2020/dsa-4646.wml deleted file mode 100644 index cfd42518846..00000000000 --- a/danish/security/2020/dsa-4646.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="ea7f971c3659f70148308503d3e46e99ec797175" mindelta="1" -sikkerhedsopdatering - -

Andre Bargull opdagede et heltalsoverløb i biblioteket International -Components for Unicode (ICU), hvilket kunne medføre lammelsesangreb og -potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 57.1-6+deb9u4.

- -

I den stabile distribution (buster), er dette problem rettet i -version 63.1-6+deb10u1.

- -

Vi anbefaler at du opgraderer dine icu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende icu, se -dens sikkerhedssporingssidede på: -https://security-tracker.debian.org/tracker/icu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4646.data" diff --git a/danish/security/2020/dsa-4647.wml b/danish/security/2020/dsa-4647.wml deleted file mode 100644 index 277df5fe5e4..00000000000 --- a/danish/security/2020/dsa-4647.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="9e2bd6fdfda60b03320893da8be2d9ad75fedff5" mindelta="1" -sikkerhedsopdatering - -

Der blev rapporteret om at BlueZ's HID- og HOGP-profilimplementeringer ikke -specifikt krævede bonding mellem enheden og værten. Ondsindede enheder kunne -drage nytte af fejlen til at forbinde sig til en målvært og udgive sig for at -være en eksisterende HID-enhed, uden sikkerhed, eller at forårsage at en SDP- -eller GATT-tjenesteopdagelse fandt sted, hvilket gjorde det muligt at indsprøjte -HID-rapporter i input-undersystemet fra en ikke-bond'ede kilder.

- -

Vedrørende HID-profilen er der indført en ny opsætningsvalgmulighed -(ClassicBondedOnly), for at sikre at inddataforbindelser kun kan komme fra -bond'ede enheders forbindelser. Valgmuligheden er som standard sat til -false af hensyn til maksimal enhedskompabilitet.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 5.43-2+deb9u2.

- -

I den stabile distribution (buster), er dette problem rettet i -version 5.50-1.2~deb10u1.

- -

Vi anbefaler at du opgraderer dine bluez-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bluez, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/bluez

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4647.data" diff --git a/danish/security/2020/dsa-4648.wml b/danish/security/2020/dsa-4648.wml deleted file mode 100644 index 851f35b4180..00000000000 --- a/danish/security/2020/dsa-4648.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="a12673343c39758c8da3fdf768a0863f63d0045e" mindelta="1" -sikkerhedsopdatering - -

Russ Allbery opdagede et bufferoverløb i PAM-modulet til MIT Kerberos, -hvilket kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig -kode.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 4.7-4+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.8-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine libpam-krb5-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libpam-krb5, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libpam-krb5

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4648.data" diff --git a/danish/security/2020/dsa-4649.wml b/danish/security/2020/dsa-4649.wml deleted file mode 100644 index 00f0fb0de50..00000000000 --- a/danish/security/2020/dsa-4649.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="843d4b94f6c7ed748913bb26080036f97cc983ce" mindelta="1" -sikkerhedsopdatering - -

Felix Wilhelm fra Google Project Zero opdagede at HAProxy, en TCP/HTTP-reverse -proxy, ikke på korrekt vis håndterede HTTP/2-headere. Dermed kunne en angriber -skrive vilkårlige bytes omkring en bestemt placering i heap'en, medførende -lammelsesangreb eller potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.8.19-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine haproxy-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende haproxy, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/haproxy

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4649.data" diff --git a/danish/security/2020/dsa-4650.wml b/danish/security/2020/dsa-4650.wml deleted file mode 100644 index b3cb9c6e738..00000000000 --- a/danish/security/2020/dsa-4650.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="c519c5680a58f91a77e3ec456870ebf2eace1327" mindelta="1" -sikkerhedsopdatering - -

Miguel Onoro rapporterede at qbittorrent, en bittorrentklient med en -GUI-brugergrænseflade baseret på Qt5, tillod kommandoindsprøjtning ved hjælp af -shell-metategn i torrent name-parameteret eller current tracker-parameteret, -hvilket kunne medføre fjernudførelse af kommandoer ved hjælp af et fabrikeret -navn i et RSS-feed, hvis qbittorrent er opsat til at køre et eksternt program -ved torrentfuldførelsen.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 3.3.7-3+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.1.5-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine qbittorrent-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qbittorrent, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qbittorrent

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4650.data" diff --git a/danish/security/2020/dsa-4651.wml b/danish/security/2020/dsa-4651.wml deleted file mode 100644 index c9d910106e7..00000000000 --- a/danish/security/2020/dsa-4651.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="2cddd60bde018a03f1ad34f1b8295a74c2712156" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at nogle brugergenererede CSS-selectorer i MediaWiki, en -webstedsmotor til samarbejdsprojekter, ikke var escape't.

- -

Den gamle stabile distribution (stretch) er ikke påvirket.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:1.31.7-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mediawiki, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mediawiki

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4651.data" diff --git a/danish/security/2020/dsa-4652.wml b/danish/security/2020/dsa-4652.wml deleted file mode 100644 index b096687404f..00000000000 --- a/danish/security/2020/dsa-4652.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="66ad23979df90d80abc611771458b3473b312f2f" mindelta="1" -sikkerhedsopdatering - -

En fejl blev rapporteret i implementeringen af DTLS-protokollen i GnuTLS, et -bibliotek som implementerer TLS- og SSL-protokollerne. DTLS-klienten kunne ikke -bidrage med nogen tilfældighed til DTLS-forhandlingen, hvilket fik -DTLS-protokollens sikkerhedsgarantier til at bryde sammen.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.6.7-4+deb10u3.

- -

Vi anbefaler at du opgraderer dine gnutls28-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gnutls28, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gnutls28

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4652.data" diff --git a/danish/security/2020/dsa-4653.wml b/danish/security/2020/dsa-4653.wml deleted file mode 100644 index ed4d8b0310f..00000000000 --- a/danish/security/2020/dsa-4653.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="9f44da2d47de2ef1e61158a6a0a309ae3df3d30b" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, hvilke kunne -medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 68.6.1esr-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 68.6.1esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4653.data" diff --git a/danish/security/2020/dsa-4654.wml b/danish/security/2020/dsa-4654.wml deleted file mode 100644 index 96b74465d41..00000000000 --- a/danish/security/2020/dsa-4654.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="1d23f837f2f67939a6251d2fff61642997b88964" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2020-6450 - -

    Man Yue Mo opdagede et problem med anvendelse efter frigivelse i - WebAudio-implementeringen.

    • - -
  • CVE-2020-6451 - -

    Man Yue Mo opdagede et problem med anvendelse efter frigivelse i - WebAudio-implementeringen.

    • - -
  • CVE-2020-6452 - -

    asnine opdagede et bufferoverløbsproblem.

    • - -
- -

I den gamle stabile distribution (stretch), er sikkerhedsunderstøttelse af -chromium ophørt.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 80.0.3987.162-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4654.data" diff --git a/danish/security/2020/dsa-4655.wml b/danish/security/2020/dsa-4655.wml deleted file mode 100644 index 01e90cbc4e8..00000000000 --- a/danish/security/2020/dsa-4655.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="0ff8d253ba52a1d491e4fc1a9e3911dde77e4ca7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 68.7.0esr-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 68.7.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4655.data" diff --git a/danish/security/2020/dsa-4656.wml b/danish/security/2020/dsa-4656.wml deleted file mode 100644 index f8ccb941bd2..00000000000 --- a/danish/security/2020/dsa-4656.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="36ad925f39dd52ea8024ccc1c44f1b39c3c70d98" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne medføre -lammelsesangreb eller potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:68.7.0-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:68.7.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4656.data" diff --git a/danish/security/2020/dsa-4657.wml b/danish/security/2020/dsa-4657.wml deleted file mode 100644 index 6a3481b9093..00000000000 --- a/danish/security/2020/dsa-4657.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="8838d4831b4e5ca1ac47129f3511e8669f3c93b4" mindelta="1" -sikkerhedsopdatering - -

Felix Wilhelm fra Google Project Zero opdagede en fejl i git, et hurtigt, -skalerbart og distributeret versionsstyringssystem. Med en fabrikeret URL, som -indeholder et linjeskift, kunne credential-helper-maskineriet blive narret til -at returnere brugeroplysninger til en forkert vært.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1:2.11.0-3+deb9u6.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:2.20.1-2+deb10u2.

- -

Vi anbefaler at du opgraderer dine git-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende git, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/git

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4657.data" diff --git a/danish/security/2020/dsa-4658.wml b/danish/security/2020/dsa-4658.wml deleted file mode 100644 index cdf777f8f21..00000000000 --- a/danish/security/2020/dsa-4658.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="0cf197abc44a9f17034a72719f1ca9db44d237d5" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarhed er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2020-11793 - -

    Cim Stordal opdagede at ondsindet fabrikeret webindhold kunne føre til - udførelse af vilkårlig kode eller lammelsesangreb.

    • - -
- -

I den stabile distribution (buster), er dette problem rettet i -version 2.26.4-1~deb10u3.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4658.data" diff --git a/danish/security/2020/dsa-4659.wml b/danish/security/2020/dsa-4659.wml deleted file mode 100644 index 99d7638fe91..00000000000 --- a/danish/security/2020/dsa-4659.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="bd1e297b8f7c81fbd5bd84f9941a22fa6854154d" mindelta="1" -sikkerhedsopdatering - -

Carlo Arenas fra Google Project Zero opdagede en fejl i git, et hurtigt, -skalerbart og distributeret versionsstyringssystem. Med en fabrikeret URL, som -indeholder et linjeskift, kunne credential-helper-maskineriet blive narret til -at levere brugeroplysninger, som ikke er passende i den anvendte protokol og den -vært der blev kontaktet.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1:2.11.0-3+deb9u7.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:2.20.1-2+deb10u3.

- -

Vi anbefaler at du opgraderer dine git-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende git, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/git

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4659.data" diff --git a/danish/security/2020/dsa-4660.wml b/danish/security/2020/dsa-4660.wml deleted file mode 100644 index cb764ba6cf8..00000000000 --- a/danish/security/2020/dsa-4660.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="a9fb94ea59d5a86cf5c39dcc15debe62dfb75895" mindelta="1" -sikkerhedsopdatering - -

Andrew Bartlett opdagede awl, DAViCal Andrew's Web Libraries, ikke på korrekt -vis håndterede sessioner; det kunne gøre det muligt for en ondsindet bruger, at -udgive sig for at være andre sessioner eller brugere.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 0.57-1+deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.60-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine awl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende awl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/awl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4660.data" diff --git a/danish/security/2020/dsa-4661.wml b/danish/security/2020/dsa-4661.wml deleted file mode 100644 index 7d4b68e9cea..00000000000 --- a/danish/security/2020/dsa-4661.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="7a738c4e1ec8c3a7245d7a61af002d21f4a04fc8" mindelta="1" -sikkerhedsopdatering - -

Bernd Edlinger opdagede at misdannede data overført til funktionen -SSL_check_chain() under eller efter et TLS 1.3-håndtryk, kunne forårsage en -NULL-dereference, medførende lammelsesangreb.

- -

Den gamle stabile distribution (stretch) is not affected.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.1.1d-0+deb10u3.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4661.data" diff --git a/danish/security/2020/dsa-4662.wml b/danish/security/2020/dsa-4662.wml deleted file mode 100644 index 4a23bb45df9..00000000000 --- a/danish/security/2020/dsa-4662.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="048996981d35ec62f2cea6ba31dd6174e3d03af1" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK Java-runtime, medførende -lammelsesangreb, usikre TLS-håndtryk, omgåelse af sandkassebegræsninger eller -HTTP-svaropsplitningsangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 11.0.7+10-3~deb10u1.

- -

Vi anbefaler at du opgraderer dine openjdk-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4662.data" diff --git a/danish/security/2020/dsa-4663.wml b/danish/security/2020/dsa-4663.wml deleted file mode 100644 index b9583622379..00000000000 --- a/danish/security/2020/dsa-4663.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="de5ae73bc2b4139bec8bd6accc52e619a842ca38" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at python-reportlab, et Python-bibliotek til fremstilling af -PDF-dokumenter, var sårbar overfor en kodeinsprøjtningssårbarhed ved fortolkning -af en farveattribut. En angriber kunne drage nytte af fejlen til at udføre -vilkårlig kode, hvis et særligt fremstillet dokument blev behandlet.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 3.3.0-2+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.5.13-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine python-reportlab-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-reportlab, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-reportlab

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4663.data" diff --git a/danish/security/2020/dsa-4664.wml b/danish/security/2020/dsa-4664.wml deleted file mode 100644 index 0a9978be557..00000000000 --- a/danish/security/2020/dsa-4664.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="b354d4da60d0fc7b1c08ff9f43afd652b43e470c" mindelta="1" -sikkerhedsopdatering - -

Hanno Boeck opdagede at det var muligt at foretage skriptangreb på tværs af -servere mod webarkiverne hørende til postlisteprogrammet Mailman, ved at sende -en særlig form for vedhæftelser.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1:2.1.23-1+deb9u5.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:2.1.29-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine mailman-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mailman, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mailman

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4664.data" diff --git a/danish/security/2020/dsa-4665.wml b/danish/security/2020/dsa-4665.wml deleted file mode 100644 index c49c0836495..00000000000 --- a/danish/security/2020/dsa-4665.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="bb1ca3dc84115bfcf1f2d71e9e00510a38d44bcb" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er opdaget i QEMU, en hurtig -processoremulator, hvilke kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:3.1+dfsg-8+deb10u5.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qemu, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qemu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4665.data" diff --git a/danish/security/2020/dsa-4666.wml b/danish/security/2020/dsa-4666.wml deleted file mode 100644 index a31b7382dc1..00000000000 --- a/danish/security/2020/dsa-4666.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="4b2ec5e1415e00e824275fe4a8d21009d425e3c5" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i OpenLDAP, en fri implementering af Lightweight -Directory Access Protocol. LDAP-søgefiltre med indlejrede boolske udtræk, kunne -medføre lammelsesangreb (nedbrud i slapd-dæmon).

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 2.4.44+dfsg-5+deb9u4.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.4.47+dfsg-3+deb10u2.

- -

Vi anbefaler at du opgraderer dine openldap-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openldap, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openldap

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4666.data" diff --git a/danish/security/2020/dsa-4667.wml b/danish/security/2020/dsa-4667.wml deleted file mode 100644 index d915fbfd62d..00000000000 --- a/danish/security/2020/dsa-4667.wml +++ /dev/null @@ -1,62 +0,0 @@ -#use wml::debian::translation-check translation="ae06255bde57d831150a61d8cba709fe69cdbd83" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækage.

- -
    - -
  • CVE-2020-2732 - -

    Paulo Bonzini opdagede at KVM-implementateringen for Intel-processorer - ikke på korrekt vis håndterede instruktionsemulering ved L2-gæster med - aktiveret indlejret virtualisering. Dermed kunne det være muligt for en - L2-gæst at forårsage rettighedsforøgelse, lammelsesangreb eller - informationslækage i L1-gæsten.

    • - -
  • CVE-2020-8428 - -

    Al Viro opdagede en sårbarhed i forbindelse med anvendelse efter - frigivelse i VFS-laget. Dermed kunne lokale brugere forårsage et - lammelsesangreb (nedbrud) eller få adgang til følsomme oplysninger fra - kernehukommelse.

    • - -
  • CVE-2020-10942 - -

    Man opdagede at driveren vhost_net validerede ikke på korrekt vis - sockettyper opsat som backend'er. En lokal bruger med rettigheder til at - tilgå /dev/vhost-net kunne anvende dette til at forårsage stakkorruption - gennem fabrikerede systemkald, medførende lammelsesangreb (nedbrud) eller - muligvis rettighedsforøgelse.

    • - -
  • CVE-2020-11565 - -

    Entropy Moe rapporterede at del hukommelse-filsystemet (tmpfs) håndterede - ikke på korrekt vis en mpol-mountvalgmulighed med angivelse af en tom - nodeliste, førende til en stakbaseret skrivning udenfor grænserne. Hvis - brugernavnerum er aktiveret, kunne en lokal bruger udnytte dette til at - forårsage et lammelsesangreb (nedbrud) eller muligvis - rettighedsforøgelse.

    • - -
  • CVE-2020-11884 - -

    Al Viro rapporterede om en kapløbstilstand i hukommelseshåndteringen for - IBM Z (s390x-arkitekturen), hvilket kunne medføre at kernen udførte kode fra - et brugeradresserum. En lokal bruger kunne udnytte dette til - rettighedsforøgelse.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.19.98-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4667.data" diff --git a/danish/security/2020/dsa-4668.wml b/danish/security/2020/dsa-4668.wml deleted file mode 100644 index 9ded8d68c86..00000000000 --- a/danish/security/2020/dsa-4668.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="55fcb8e019a7a1aa2c4c76f4bfe93875f59329b5" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK Java-runtime, medførende -lammelsesangreb, usikre TLS-håndtryk, omgåelse af sandkassebegræsninger eller -HTTP-svaropsplitningsangreb.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 8u252-b09-1~deb9u1.

- -

Vi anbefaler at du opgraderer dine openjdk-8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-8, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4668.data" diff --git a/danish/security/2020/dsa-4669.wml b/danish/security/2020/dsa-4669.wml deleted file mode 100644 index 09deaae25f2..00000000000 --- a/danish/security/2020/dsa-4669.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="e52cb2abeccd7b7ce8c5ed7fbe702c571260cae1" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Node.js, hvilke kunne medføre -lammelsesangreb eller smugling af HTTP-forespørgsler.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 10.19.0~dfsg1-1.

- -

Vi anbefaler at du opgraderer dine nodejs-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nodejs, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nodejs

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4669.data" diff --git a/danish/security/2020/dsa-4670.wml b/danish/security/2020/dsa-4670.wml deleted file mode 100644 index 0d16f9e4111..00000000000 --- a/danish/security/2020/dsa-4670.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e90baee7118b8efb5569e312697b4a5aa4946e59" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i TIFF-biblioteket, hvilke kunne medføre -lammelsesangreb eller udførelse af vilkårlig kode, hvis misdannede billedfiler -blev behandlet.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 4.0.8-2+deb9u5.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tiff, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tiff

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4670.data" diff --git a/danish/security/2020/dsa-4671.wml b/danish/security/2020/dsa-4671.wml deleted file mode 100644 index ce706345db2..00000000000 --- a/danish/security/2020/dsa-4671.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="b482a2188db7af33117e421a02e7c6798da7dc9e" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedproblemer blev opdaget i plugin'en microdns i -medieafspilleren VLC, hvilke kunne medføre lammelsesangreb eller potentielt -udførelse af vilkårlig kode gennem ondsindede mDNS-pakker.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 3.0.10-0+deb9u1. Denne opdatering deaktiverer plugin'en microdns.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 3.0.10-0+deb10u1. Denne opdatering deaktiverer plugin'en microdns.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende vlc, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/vlc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4671.data" diff --git a/danish/security/2020/dsa-4672.wml b/danish/security/2020/dsa-4672.wml deleted file mode 100644 index b57330c5a00..00000000000 --- a/danish/security/2020/dsa-4672.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ffffc9b67d7073835cc5ab69eb8d2b441c97b371" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Apache Traffic Server, en reverse- og -forward-proxyserver, hvilke kunne medføre lammelsesangreb eller -forespørgselssmuglingsangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 8.0.2+ds-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine trafficserver-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende trafficserver, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/trafficserver

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4672.data" diff --git a/danish/security/2020/dsa-4673.wml b/danish/security/2020/dsa-4673.wml deleted file mode 100644 index e33d4d5a144..00000000000 --- a/danish/security/2020/dsa-4673.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b87bde36d2abc6f7ef8c35ec836dcf7b8a557d3f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Tomcats servlet og JSP-motor, hvilke kunne -medføre HTTP-forespørgselssmugling og kodeudførelse i AJP-connector'en -(deaktiveret som standard i Debian).

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 8.5.54-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine tomcat8-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tomcat8, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tomcat8

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4673.data" diff --git a/danish/security/2020/dsa-4674.wml b/danish/security/2020/dsa-4674.wml deleted file mode 100644 index c1ef23dfb5e..00000000000 --- a/danish/security/2020/dsa-4674.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="d99c4fdf000143f5ceb1f98cf8f1c00088b2c7aa" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at roundcube, en temaunderstøttende AJAX-baseret webmailløsning -til IMAP-servere, ikke på korrekt vis behandlede og fornuftighedskontrollerede -forespørgsler. Dermed var det muligt for en fjernangriber at iværksætte enten -forfalskning af forespørgsler på tværs af websteder (CSRF), som tvang en -autentificeret bruger til at blive logget af, eller udførelse af skripter på -tværs af websteder (XSS) førende til udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.2.3+dfsg.1-4+deb9u4.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.3.11+dfsg.1-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine roundcube-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende roundcube, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/roundcube

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4674.data" diff --git a/danish/security/2020/dsa-4675.wml b/danish/security/2020/dsa-4675.wml deleted file mode 100644 index 6ac48eb31ee..00000000000 --- a/danish/security/2020/dsa-4675.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="944be6f7085dd5c1ddb24f12c0ddb3a2291010f4" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i GraphicsMagick, et sæt kommandolinjeprogrammer -til behandling af billedfiler, hvilke kunne føre til informationsafsløring, -lammelsesangreb eller udførelse af vilkårlig kode, hvis misdannede billedfiler -blev behandlet.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.3.30+hg15796-1~deb9u4.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.4+really1.3.35-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine graphicsmagick-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende graphicsmagick, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/graphicsmagick

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4675.data" diff --git a/danish/security/2020/dsa-4676.wml b/danish/security/2020/dsa-4676.wml deleted file mode 100644 index b76ca20d5d5..00000000000 --- a/danish/security/2020/dsa-4676.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="94066500f85a7b6e8329fb76419f97100ec1e464" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i salt, et ydedygtigt program til -fjernudførelse, hvilke kunne medføre hentning af brugertokens fra saltmasteren, -udførelse af vilkårlige kommandoer på saltminions, adgang til vilkårlige mapper -for autentificerede brugere eller vilkårlig udførelse på salt-api-værter.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 2016.11.2+ds-1+deb9u3.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2018.3.4+dfsg1-6+deb10u1.

- -

Vi anbefaler at du opgraderer dine salt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende salt, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/salt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4676.data" diff --git a/danish/security/2020/dsa-4677.wml b/danish/security/2020/dsa-4677.wml deleted file mode 100644 index 5cfa4fe631b..00000000000 --- a/danish/security/2020/dsa-4677.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="d71f4e1fab884d2b0c4504a39e43bb316cdfbe73" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Wordpress, et webbloggingværktøj. De gjorde -det muligt for fjernangribere at iværksætte forskellige former for angreb i -forbindelse med udførelse af skripter på tværs af websteder (XSS) og -forfalskning af forespørgsler på tværs af websteder (CSRF), oprette filer på -serveren, afsløre private oplysninger, oprette åbne viderestillinger, forgifte -cache, omgå autorisationsadgang og omgå fornuftighedskontrol af inddata.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 4.7.5+dfsg-2+deb9u6.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 5.0.4+dfsg1-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wordpress, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wordpress

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4677.data" diff --git a/danish/security/2020/dsa-4678.wml b/danish/security/2020/dsa-4678.wml deleted file mode 100644 index 64f5a512500..00000000000 --- a/danish/security/2020/dsa-4678.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="f3712edbc50b2b49a21a2a68a865f2f44a9dbda2" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne føre udførelse af vilkårlig kode eller -informationsafsløring.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 68.8.0esr-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 68.8.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4678.data" diff --git a/danish/security/2020/dsa-4679.wml b/danish/security/2020/dsa-4679.wml deleted file mode 100644 index c4ae6f98cde..00000000000 --- a/danish/security/2020/dsa-4679.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="fa03cc42bcbd3ca556ecf5e9be7bc78c8162be74" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev fundet i EC2-credentials-API'et i Keystone, -identitetstjensten OpenStack: Enhver bruger autentificeret indenfor et -begrænset område (trust/oauth/applikation-credential), kunne oprette en -EC2-credential med en forøget rettighed, så som at få adgang til admin, -mens brugeren er tildelt en begrænset viewer-rolle.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2:14.2.0-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine keystone-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende keystone, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/keystone

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4679.data" diff --git a/danish/security/2020/dsa-4680.wml b/danish/security/2020/dsa-4680.wml deleted file mode 100644 index 79f3a351045..00000000000 --- a/danish/security/2020/dsa-4680.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="0cfee114b2d0c22d16e262ece0a0804aac60d237" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Tomcats servlet og JSP-motor, hvilke kunne -medføre smugling af HTTP-forespørgsler, udførelse af kode i AJP-connector'en -(som standard deaktiveret i Debian) eller manden i midten-angreb mod -JMX-grænsefladen.

- -

I den stabile distribution (buster), er disse problemer rettet i version -9.0.31-1~deb10u1. Rettelsen af -\ -CVE-2020-1938 kan kræve opsætningsændringer, når Tomcat anvendes med -AJP-connector'en, fx i kombination med libapache-mod-jk. For eksempel er -attributten secretRequired nu som standard opsat til true. I -påvirkede opsætninger, anbefales man at gennemgå -\ -https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html, før opdateringen -bliver udrullet.

- -

Vi anbefaler at du opgraderer dine tomcat9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tomcat9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tomcat9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4680.data" diff --git a/danish/security/2020/dsa-4681.wml b/danish/security/2020/dsa-4681.wml deleted file mode 100644 index 403601d067f..00000000000 --- a/danish/security/2020/dsa-4681.wml +++ /dev/null @@ -1,62 +0,0 @@ -#use wml::debian::translation-check translation="9366447bdb2abdccc3962d87981f5cce43bf471c" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2020-3885 - -

    Ryan Pickren opdagede at en fil-URL kunne blive behandlet på ukorrekt - vis.

    • - -
  • CVE-2020-3894 - -

    Sergei Glazunov opdagede at en kapløbstilstand kunne gøre det muligt for - en applikation at læse hukommelse, som der er begrænset adgang til.

    • - -
  • CVE-2020-3895 - -

    grigoritchy opdagede at behandling af ondsindet fremstillet webindhold - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2020-3897 - -

    Brendan Draper opdagede at en fjernangriber kunne være i stand til at - forårsage udførelse af vilkårlig kode.

    • - -
  • CVE-2020-3899 - -

    OSS-Fuzz opdagede at en fjernangriber kunne være i stand til at - forårsage udførelse af vilkårlig kode.

    • - -
  • CVE-2020-3900 - -

    Dongzhuo Zhao opdagede at behandling af ondsindet fremstillet - webhindhold kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2020-3901 - -

    Benjamin Randazzo opdagede at behandling af ondsindet fremstillet - webindhold kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2020-3902 - -

    Yigit Can Yilmaz opdagede at behandling af ondsindet fremstillet - webindhold kunne føre til et skriptangreb på tværs af servere.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.28.2-2~deb10u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4681.data" diff --git a/danish/security/2020/dsa-4682.wml b/danish/security/2020/dsa-4682.wml deleted file mode 100644 index 38534ad1790..00000000000 --- a/danish/security/2020/dsa-4682.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="acc205af8df220e66e7247cb7e5d3d9f4e91c92e" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i proxycachingserveren Squid, -hvilke kunne medføre omgåelse af sikkerhedsfiltre, informationsafsløring, -udførelse af vilkårlig kode eller lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.6-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine squid-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende squid, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/squid

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4682.data" diff --git a/danish/security/2020/dsa-4683.wml b/danish/security/2020/dsa-4683.wml deleted file mode 100644 index 28f018fbbbb..00000000000 --- a/danish/security/2020/dsa-4683.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="38cfad79116634fa3fcc6418e2ec0e46b9112a9d" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne medføre -forfalskning af afsenderens viste mailadresse, lammelsesangreb eller potentielt -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:68.8.0-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:68.8.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4683.data" diff --git a/danish/security/2020/dsa-4684.wml b/danish/security/2020/dsa-4684.wml deleted file mode 100644 index 665d8939816..00000000000 --- a/danish/security/2020/dsa-4684.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b4c0202042b3164caa38c476cc049ae28a84ae5f" mindelta="1" -sikkerhedsopdatering - -

Stephan Zeisberg opdagede at implementeringen af libreswan IPsec kunne blive -tvunget ind i et nedbrud/genstart ved hjælp af en misdannet IKEv1 Informational -Exchange-pakke, medførende lammelsesangreb.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.27-6+deb10u1.

- -

Vi anbefaler at du opgraderer dine libreswan-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libreswan, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libreswan

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4684.data" diff --git a/danish/security/2020/dsa-4685.wml b/danish/security/2020/dsa-4685.wml deleted file mode 100644 index cea4f8fa54b..00000000000 --- a/danish/security/2020/dsa-4685.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="7a3c55cca4998748cc3fecf815532f255dce1769" mindelta="1" -sikkerhedsopdatering - -

Shuaibing Lu opdagede at manglende rensning af inddata i implementeringen af -ar/tar i APT, pakkehåndteringsprogrammet på højt niveau, kunne medføre -lammelsesangreb ved behandling af særlig fremstillede deb-filer.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.4.10.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.8.2.1.

- -

Vi anbefaler at du opgraderer dine apt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende apt, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/apt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4685.data" diff --git a/danish/security/2020/dsa-4686.wml b/danish/security/2020/dsa-4686.wml deleted file mode 100644 index 0145a10c5df..00000000000 --- a/danish/security/2020/dsa-4686.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="0be4f192638b9e776c63d0cd0ee741c9a203596a" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at klassen SocketServer, der følger med apache-log4j1.2, et -logningsbibliotek til java, var sårbar i forbindelse med deserialisering af -data der ikke er tillid til. En angriber kunne drage nytte af fejlen til at -udføre vilkårlig kode i loggerapplikationens kontekst, ved at sende en særligt -fremstillet logevent.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1.2.17-7+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.2.17-8+deb10u1.

- -

Vi anbefaler at du opgraderer dine apache-log4j1.2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende apache-log4j1.2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/apache-log4j1.2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4686.data" diff --git a/danish/security/2020/dsa-4687.wml b/danish/security/2020/dsa-4687.wml deleted file mode 100644 index e995844e208..00000000000 --- a/danish/security/2020/dsa-4687.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="9cb21a21caa186dd43526c6b107aa0d6fe8cabc7" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at exim4, en mailtransportagent, var ramt af en sårbarhed i -forbindelse med omgåelse af autentifikation i spa-autentifikationsdriveren. -Spa-autentifikationsdriveren er ikke aktiveret som standard.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 4.89-2+deb9u7.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.92-8+deb10u4.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende exim4, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/exim4

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4687.data" diff --git a/danish/security/2020/dsa-4688.wml b/danish/security/2020/dsa-4688.wml deleted file mode 100644 index 844752775e0..00000000000 --- a/danish/security/2020/dsa-4688.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="e709fe675228f1ee3d27bcbec3bc8c970d13b1b4" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i vhost-koden i DPDK, et sæt af -biblioteker til hurtig behandling af pakker, hvilke kunne medføre -lammelsesangreb eller udførelse af vilkårlig kode af ondsindede -gæster/containere.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 16.11.11-1+deb9u2.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 18.11.6-1~deb10u2.

- -

Vi anbefaler at du opgraderer dine dpdk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dpdk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/dpdk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4688.data" diff --git a/danish/security/2020/dsa-4689.wml b/danish/security/2020/dsa-4689.wml deleted file mode 100644 index 7a7981e98c0..00000000000 --- a/danish/security/2020/dsa-4689.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="139ced0522f792565594fd4bc65bf27ae29bd20d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i BIND, en DNS-serverimplementering.

- -
    - -
  • CVE-2019-6477 - -

    Man opdagede at TCP-pipelinede forespørgsler kunne omgå - tcp-client-begrænsninger, medførende lammelsesangreb.

    • - -
  • CVE-2020-8616 - -

    Man opdagede at BIND ikke på tilstrækkelig vis begrænsede antallet af - udførte fetches, når der behandles referrals. En angriber kunne drage nytte - af fejlen til at forårsage et lammelsesangreb (forringelse af ydeevne) eller - anvende rekursionsserveren i et reflection-angreb med en høj - forstærkelsesfaktor.

    • - -
  • CVE-2020-8617 - -

    Man opdagede at en logisk fejl i koden, der kontrollerer - TSIG-gyldighed, kunne anvendes til at udløse en assertion failure, - medførende lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:9.10.3.dfsg.P4-12.3+deb9u6.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:9.11.5.P4+dfsg-5.1+deb10u1.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bind9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/bind9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4689.data" diff --git a/danish/security/2020/dsa-4690.wml b/danish/security/2020/dsa-4690.wml deleted file mode 100644 index cf32569ac40..00000000000 --- a/danish/security/2020/dsa-4690.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="0e6f7c5d78a1107035ee3fa4bbf988b214470b84" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i mailserveren Dovecot, hvilke kunne føre til -nedbrud i tjenesterne submission, submission-login eller lmtp, medførende -lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:2.3.4.1-5+deb10u2.

- -

Vi anbefaler at du opgraderer dine dovecot-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dovecot, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/dovecot

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4690.data" diff --git a/danish/security/2020/dsa-4691.wml b/danish/security/2020/dsa-4691.wml deleted file mode 100644 index e795e843b19..00000000000 --- a/danish/security/2020/dsa-4691.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="7258e8ed24b368bd5d4247393060727d8f8cf318" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i PDNS Recursor, en resolving navneserver; et -trafikforstærkelsesangreb mod tredjeparters autoritative navneservere -(NXNSAttack) og utilstrækkelig validering af NXDOMAIN-svar, som mangler en -SOA.

- -

Versionen af pdns-recursor i den gamle stabile distribution (stretch) er ikke -længere understøttet. Hvis disse sikkerhedsproblemer påvirker din opsætning, -bør du opgradere til den stabile distribution (buster).

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.1.11-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine pdns-recursor-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pdns-recursor, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pdns-recursor

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4691.data" diff --git a/danish/security/2020/dsa-4692.wml b/danish/security/2020/dsa-4692.wml deleted file mode 100644 index aa9450b77a2..00000000000 --- a/danish/security/2020/dsa-4692.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5b1ae97b50cd9a6d8a1d2c63e4ddfe2062924b71" mindelta="1" -sikkerhedsopdatering - -

Georgi Guninski og Qualys Research Labs opdagede adskillige sårbarheder i -qmail (der leveres i Debian som netqmail med yderligere patches), hvilke kunne -medføre udførelse af vilkårlig kode, omgåelse af mailadresseverifikation og en -lokal informationslækage om hvorvidt en fil findes eller ej.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.06-6.2~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.06-6.2~deb10u1.

- -

Vi anbefaler at du opgraderer dine netqmail-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende netqmail, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/netqmail

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4692.data" diff --git a/danish/security/2020/dsa-4693.wml b/danish/security/2020/dsa-4693.wml deleted file mode 100644 index af3124132cb..00000000000 --- a/danish/security/2020/dsa-4693.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="0a95992a82c8a75470149c1e2f0fc2eccd2b295f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Drupal, et komplet framework til -indholdshåndtering, hvilke kunne føre til en åben viderestilling eller udførelse -af skripter på tværs af websteder.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 7.52-2+deb9u10.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende drupal7, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/drupal7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4693.data" diff --git a/danish/security/2020/dsa-4694.wml b/danish/security/2020/dsa-4694.wml deleted file mode 100644 index 4769f5b38ef..00000000000 --- a/danish/security/2020/dsa-4694.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="f75654688f6e9dd06e68fca49b38b4d697ac6c1d" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i Unbound, en kun rekursiv-cachende DNS-server; et -trafikforstærkelsesangreb mod trejdeparters autoritative navneservere -(NXNSAttack) og utilstrækkelig rensning af svar fra opstrømserbere, kunne -medføre lammelsesangreb eller en uendelig løkke.

- -

Versionen af Unbound i den gamle stabile distribution (stretch) er ikke -længere understøttet. Hvis disse sikkerhedsproblemer påvirker din opsætning, -bør du opgradere til den stabile distribution (buster).

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.9.0-2+deb10u2.

- -

Vi anbefaler at du opgraderer dine unbound-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende unbound, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/unbound

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4694.data" diff --git a/danish/security/2020/dsa-4695.wml b/danish/security/2020/dsa-4695.wml deleted file mode 100644 index 3d329037308..00000000000 --- a/danish/security/2020/dsa-4695.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="b3d8ab1e40c9044fbaa16ccdbb9a6facde37d84f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode eller et -timingangreb mod kryptografiske nøgler.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 68.9.0esr-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 68.9.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4695.data" diff --git a/danish/security/2020/dsa-4696.wml b/danish/security/2020/dsa-4696.wml deleted file mode 100644 index 2d00aaafc25..00000000000 --- a/danish/security/2020/dsa-4696.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="8a9d28872927128f394cf9ebc0af4bb6a4486f27" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Node.js, hvilket kunne medføre lammelsesangreb -og potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 10.21.0~dfsg-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine nodejs-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nodejs, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nodejs

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4696.data" diff --git a/danish/security/2020/dsa-4697.wml b/danish/security/2020/dsa-4697.wml deleted file mode 100644 index 559f256952f..00000000000 --- a/danish/security/2020/dsa-4697.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="d20ba79eb4847e955c5fd84c1b837f5d73b6bb7b" mindelta="1" -sikkerhedsopdatering - -

En fejl blev rapporteret i TLS-sessionens ticketnøglekonstruktion i GnuTLS, -et bibliotek der implementerer protokollerne TLS og SSL. Fejlen forårsagede at -TLS-serveren ikke på sikker vis konstruerede en nøgle til kryptering af -sessiontickets, som tog højde for den af applikationen leverede hemmelighed, -hvilket gjorde det muligt for en manden i midten-angriber at omgå -autentifikationen i TLS 1.3 og gendanne tidligere konversationer i TLS 1.2.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.6.7-4+deb10u4.

- -

Vi anbefaler at du opgraderer dine gnutls28-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gnutls28, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gnutls28

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4697.data" diff --git a/danish/security/2020/dsa-4698.wml b/danish/security/2020/dsa-4698.wml deleted file mode 100644 index 4bf1085fe54..00000000000 --- a/danish/security/2020/dsa-4698.wml +++ /dev/null @@ -1,245 +0,0 @@ -#use wml::debian::translation-check translation="a871b5fd7d3849d5e29ce5a2e7e4dd60e8408d58" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2019-2182 - -

    Hanjun Guo og Lei Li rapporterede om en kapløbstilstand i arm64-koden til - håndtering af virtuel hukommelse, hvilket kunne føre til en - informationsafsløring, lammelsesangreb (nedbrud) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2019-5108 - -

    Mitchell Frank fra Cisco opdagede at når IEEE 802.11-stakken (WiFi) blev - anvendt i AP-tilstand med roaming, blev der udløst roaming for en nyligt - tilknyttet station, før stationen var blevet autentificeret. En angriber - indenfor rækkevidde af AP'et, kunne udnytte fejlen til at forårsage et - lammelsesangreb, enten ved at fylde en switching-tabel op eller ved at - viderestille trafik væk fra andre stationer.

    • - -
  • CVE-2019-19319 - -

    Jungyeon opdagede at et fabrikeret filsystem kunne medføre at - ext4-implementeringen deallokerede eller renallokerede journalblokke. En - bruger med tilladelse til at mount'e filsystemer, kunne udnytte fejlen til - at forårsage et lammelsesangreb (nedbrud) eller muligvis - rettighedsforøgelse.

    • - -
  • CVE-2019-19462 - -

    Værktøjet syzbot fandt en manglende fejlkontrol i - relay-biblioteket, der anvendes til at implementere forskellige filer - under debugfs. En lokal bruger, med rettigheder til at tilgå debugfs, kunne - udnytte fejlen til at forårsage et lammelsesangreb (nedbrud) eller muligvis - rettighedsforøgelse.

    • - -
  • CVE-2019-19768 - -

    Tristan Madani rapporterede om en kapløbstilstand i debugfaciliteten - blktrace, hvilket kunne medføre anvendelse efter frigivelse. En lokal - bruger, som er i stand til at udløse fjernelse af blokenheder, kunne - muligvis udnytte fejlen til at forårsage et lammelsesangreb (nedbrud) eller - rettighedsforøgelse.

    • - -
  • CVE-2019-20806 - -

    En potentiel nullpointerdereference blev opdaget i mediedriveren tw5864. - Sikkerhedspåvirkningen er uklar.

    • - -
  • CVE-2019-20811 - -

    Hulk Robot-værktøjet fandt en reference-optællingsfejl i en fejlsti i - network-undersystemet. Sikkerhedspåvirkningen er uklar.

    • - -
  • CVE-2020-0543 - -

    Efterforskere ved VU Amsterdam opdagede at på nogle Intel-CPU'er, som - understøtter RDRAND- og RDSEED-instruktioner, kan en del af tilfældige - værdier genereret af disse instruktioner blive anvendt i en senere - spekulativ udførelse på en vilkårlig kerne i den samme fysiske CPU. - Afhængigt af hvordan disse instruktioner anvendes af applikationer, kunne en - lokal bruger eller VM-gæst udnytte fejlen til at få adgang til følsomme - oplysninger, så som kryptografiske nøgler fra andre brugere eller VM'er.

    - -

    Sårbarheden kan afhjælpes med en microcode-opdatering, enten som en del - af systemfirmware (BIOS) eller ved hjælp af pakken intel-microcode i Debians - arkivsektion non-free. I forbindelse med denne opdatering rapporterer vi kun - om sårbarheden og mulighed for at deaktivere afhjælpelsen, hvis den ikke er - nødvendig.

    • - -
  • CVE-2020-2732 - -

    Paulo Bonzini opdagede at KVM-implementeringen for Intel-processorer ikke - på korrekt vis håndterede instruktionsemulering for L2-gæster, når indlejret - virtualisering er aktiveret. Dermed kunne det være muligt for en L2-gæst at - forårsage rettighedsforøgelse, lammelsesangreb eller informationslækager i - L1-gæsten.

    • - -
  • CVE-2020-8428 - -

    Al Viro opdagede en potentiel anvendelse efter frigivelse i - filesystem-core (vfs). En lokal bruger kunne udnytte fejlen til at - forårsage et lammelsesangreb (nedbrud) eller muligvis få fat i følsomme - oplysninger fra kernen.

    • - -
  • CVE-2020-8647, - CVE-2020-8649 - -

    Hulk Robot-værktøjet fandt en potentiel MMIO-adgang udenfor grænserne i - vgacon-driveren. En lokal bruger med rettigheder til at tilgå en virtuel - terminal (/dev/tty1 osv.) på et system, der anvender vgacon-driveren, kunne - udnytte fejlen til at forårsage et lammelsesangreb (nedbrud eller - hukommelseskorruption) eller muligvis rettighedsforøgelse.

    • - -
  • CVE-2020-8648 - -

    Værktøjet syzbot fandt en kapløbstilstand i virtual terminal-driveren, - hvilken kunne medføre anvendelse efter frigivelse. En lokal bruger med - rettigheder til at tilgå en virtuel terminal, kunne anvende fejlen til at - forårsage et lammelsesangreb (nedbrud eller hukommelseskorruption) eller - muligvis rettighedsforøgelse.

    • - -
  • CVE-2020-9383 - -

    Jordy Zomer rapporterede om en ukorrekt intervalkontrol i floppydriveren, - hvilken kunne føre til statisk adgang udenfor grænserne. En lokal bruger - med rettigheder til at tilgå et diskettedrev, kunne udnytte fejlen til at - forårsage et lammelsesangreb (nedbrud eller hukommelseskorruption) eller - muligvis rettighedsforøgelse.

    • - -
  • CVE-2020-10711 - -

    Matthew Sheets rapporterede om problemer med NULL-pointerdereferencer i - undersystemet SELinux mens der modtages CIPSO-pakker med null-kategori. En - fjernangriber kunne drage nytte af fejlen til at forårsage et - lammelsesangreb (nedbrud). Bemærk at dette problem ikke påvirker de binære - pakker, som distribueres i Debian, da CONFIG_NETLABEL ikke er - aktiveret.

    • - -
  • CVE-2020-10732 - -

    En informationslækage af privat kernehukommelse til brugerrummet blev - fundet i kernens implementering af core dumping-brugerrumprocesser.

    • - -
  • CVE-2020-10751 - -

    Dmitry Vyukov rapporterede at undersystemet SELinux ikke på korrekt vis - håndterede validering af flere meddelelser, hvilket kunne gøre det muligt - for en priviligeret bruger at omgå SELinux' netlinkbegrænsninger.

    • - -
  • CVE-2020-10757 - -

    Fan Yang rapporterede om en fejl i den måde, mremap håndterede DAX-hugepages, - hvilket gjorde det muligt for en lokal bruger at forøge sine - rettigheder.

    • - -
  • CVE-2020-10942 - -

    Man opdagede at vhost_net-driveren ikke på korrekt vis validerede typen - af sockets opsat som backends. En lokal bruger med rettigheder til at tilgå - /dev/vhost-net, kunne udnytte fejlen til at forårsage stakkorruption gennem - fabrikerede systemkald, medførende lammelsesangreb (nedbrud) eller muligvis - rettighedsforøgelse.

    • - -
  • CVE-2020-11494 - -

    Man opdagede at netværksdriveren slcan (serial line CAN) ikke - fuldstændigt initialiserede CAN-headere for modtagne pakker, medførende - en informationslækage fra kernen til brugerrummet eller over - CAN-netværket.

    • - -
  • CVE-2020-11565 - -

    Entropy Moe rapporterede at delt hukommelse-filsystemet (tmpfs) ikke på - korrekt vis håndterede en mpol-mountvalgmulighed, som angiver en tom - nodeliste, førende til en stakbaseret skrivning udenfor grænserne. Hvis - brugernavnerum er aktiveret, kunne en lokal bruger udnytte fejltn til at - forårsage et lammelsesangreb (nedbrud) eller muligvis - rettighedsforøgelse.

    • - -
  • CVE-2020-11608, - CVE-2020-11609, - CVE-2020-11668 - -

    Man opdagede at mediedriverne ov519, stv06xx og xirlink_cit ikke på - korrekt vis validerede USB-enhedsdescriptors. En fysisk tilstedeværende - bruger, med en særligt fremstillet USB-enhed, kunne udnytte fejlen til at - forårsage et lammelsesangreb (nedbrud) eller muligvis - rettighedsforøgelse.

    • - -
  • CVE-2020-12114 - -

    Piotr Krysiuk opdagede en kapløbstilstand mellem umount- og - pivot_root-handlinger i filesystem-core (vfs). En lokal bruger med en - CAP_SYS_ADMIN-kapabilitet i ethvert brugernavnerum, kunne udnytte fejlen til - at forårsage et lammelsesangreb (nedbrud).

    • - -
  • CVE-2020-12464 - -

    Kyungtae Kim rapporterede om en kapløbstilstand i USB-core, hvilken kunne - medføre anvendelse efter frigivelse. Det er uklart hvordan denne fejl kan - udnyttes, men det medføre et lammelsesangreb (nedbrud eller - hukommelseskorruption) eller rettighedsforøgelse.

    • - -
  • CVE-2020-12652 - -

    Tom Hatskevich rapporterede en fejl i mptfusion-storagedriverne. En - ioctl-handler hentede et parameter to gange fra brugerhukommelsen, hvilket - skabte en kapløbstilstand, som kunne medføre ukorrekt låsning af interne - datastrukturer. En lokal bruger med rettigheder til at tilgå /dev/mptctl, - kunne udnytte fejlen til at forårsage et lammelsesangreb (nedbrud eller - hukommelseskorruption) eller rettighedsforøgelse.

    • - -
  • CVE-2020-12653 - -

    Man opdagede at WiFi-driveren mwifiex ikke validerede scanforespørgsler - tilstrækkeligt, medførende et potentielt heap-bufferoverløb. En lokal - bruger med CAP_NET_ADMIN-kapabiliteten, kunne udnytte fejlen til at - forårsage et lammelsesangreb (nedbrud eller hukommelseskorruption) eller - muligvis rettighedsforøgelse.

    • - -
  • CVE-2020-12654 - -

    Man opdagede at WiFi-driveren mwifiex ikke validerede WMM-parametre - modtaget fra et accesspoint (AP), medførende et potentielt - heap-bufferoverløb. Et ondsindet AP kunne udnytte fejlen til at forårsage - et lammelsesangreb (nedbrud eller hukommelseskorruption) eller muligvis - udførelse af kode på et sårbart system.

    • - -
  • CVE-2020-12770 - -

    Man opdagede at sg-driveren (SCSI generic) ikke på korrekt vis frigav - interne ressourcer i en bestemt fejlsituation. En lokal bruger med - rettigheder til at tilgå en sg-enhed, kunne muligvis anvende fejlen til - at forårsage et lammelsesangreb (udmattelse af ressourcer).

    • - -
  • CVE-2020-13143 - -

    Kyungtae Kim rapporterede om en potentiel heap-skrivning udenfor - grænserne i USB-gadget-undersystemet. En lokal bruger med rettigheder til - at skrive til gadgetopsætningsfilsystemet, kunne anvende fejlen til at - forårsage et lammelsesangreb (nedbrud eller hukommelseskorruption) eller - potentielt rettighedsforøgelse.

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet i -version 4.9.210-1+deb9u1. Versionen retter også nogle relaterede fejl, som ikke -har deres egne CVE-ID'er, samt en regression i macvlan-driveren, opstået i -forbindelse med den tidligere punktopdatering (fejl nummer 952660).

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4698.data" diff --git a/danish/security/2020/dsa-4699.wml b/danish/security/2020/dsa-4699.wml deleted file mode 100644 index 9aba25cd0bf..00000000000 --- a/danish/security/2020/dsa-4699.wml +++ /dev/null @@ -1,117 +0,0 @@ -#use wml::debian::translation-check translation="d948bd9589feece12bc709aa1b03a99f72526fc6" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2019-3016 - -

    Man opdagede at KVM-implementeringen for x86 ikke altid udførte - TLB-flush, når der er behov for det, hvis den paravirtualiserede - TLB-flush var aktiveret. Det kunne føre til afsløring af følsomme - oplysninger indenfor en gæste-VM.

    • - -
  • CVE-2019-19462 - -

    Værktøjet syzbot fandt en manglende fejlkontrol i - relay-biblioteket, der anvendes til at implementere forskellige filer - under debugfs. En lokal bruger, med rettigheder til at tilgå debugfs, kunne - udnytte fejlen til at forårsage et lammelsesangreb (nedbrud) eller muligvis - rettighedsforøgelse.

    • - -
  • CVE-2020-0543 - -

    Efterforskere ved VU Amsterdam opdagede at på nogle Intel-CPU'er, som - understøtter RDRAND- og RDSEED-instruktioner, kan en del af tilfældige - værdier genereret af disse instruktioner blive anvendt i en senere - spekulativ udførelse på en vilkårlig kerne i den samme fysiske CPU. - Afhængigt af hvordan disse instruktioner anvendes af applikationer, kunne en - lokal bruger eller VM-gæst udnytte fejlen til at få adgang til følsomme - oplysninger, så som kryptografiske nøgler fra andre brugere eller VM'er.

    - -

    Sårbarheden kan afhjælpes med en microcode-opdatering, enten som en del - af systemfirmware (BIOS) eller ved hjælp af pakken intel-microcode i Debians - arkivsektion non-free. I forbindelse med denne opdatering rapporterer vi kun - om sårbarheden og mulighed for at deaktivere afhjælpelsen, hvis den ikke er - nødvendig.

    • - -
  • CVE-2020-10711 - -

    Matthew Sheets rapporterede om problemer med NULL-pointerdereferencer i - undersystemet SELinux mens der modtages CIPSO-pakker med null-kategori. En - fjernangriber kunne drage nytte af fejlen til at forårsage et - lammelsesangreb (nedbrud). Bemærk at dette problem ikke påvirker de binære - pakker, som distribueres i Debian, da CONFIG_NETLABEL ikke er - aktiveret.

    • - -
  • CVE-2020-10732 - -

    En informationslækage af privat kernehukommelse til brugerrummet blev - fundet i kernens implementering af core dumping-brugerrumprocesser.

    • - -
  • CVE-2020-10751 - -

    Dmitry Vyukov rapporterede at undersystemet SELinux ikke på korrekt vis - håndterede validering af flere meddelelser, hvilket kunne gøre det muligt - for en priviligeret bruger at omgå SELinux' netlinkbegrænsninger.

    • - -
  • CVE-2020-10757 - -

    Fan Yang rapporterede om en fejl i den måde, mremap håndterede DAX-hugepages, - hvilket gjorde det muligt for en lokal bruger at forøge sine - rettigheder.

    • - -
  • CVE-2020-12114 - -

    Piotr Krysiuk opdagede en kapløbstilstand mellem umount- og - pivot_root-handlinger i filesystem-core (vfs). En lokal bruger med en - CAP_SYS_ADMIN-kapabilitet i ethvert brugernavnerum, kunne udnytte fejlen til - at forårsage et lammelsesangreb (nedbrud).

    • - -
  • CVE-2020-12464 - -

    Kyungtae Kim rapporterede om en kapløbstilstand i USB-core, hvilken kunne - medføre anvendelse efter frigivelse. Det er uklart hvordan denne fejl kan - udnyttes, men det medføre et lammelsesangreb (nedbrud eller - hukommelseskorruption) eller rettighedsforøgelse.

    • - -
  • CVE-2020-12768 - -

    En fejl blev opdaget i KVM-implementeringen for AMD-processorer, hvilken - kunne medføre en hukommelseslækage. Sikkerhedspåvirkningen er - uklar.

    • - -
  • CVE-2020-12770 - -

    Man opdagede at sg-driveren (SCSI generic) ikke på korrekt vis frigav - interne ressourcer i en bestemt fejlsituation. En lokal bruger med - rettigheder til at tilgå en sg-enhed, kunne muligvis anvende fejlen til - at forårsage et lammelsesangreb (udmattelse af ressourcer).

    • - -
  • CVE-2020-13143 - -

    Kyungtae Kim rapporterede om en potentiel heap-skrivning udenfor - grænserne i USB-gadget-undersystemet. En lokal bruger med rettigheder til - at skrive til gadgetopsætningsfilsystemet, kunne anvende fejlen til at - forårsage et lammelsesangreb (nedbrud eller hukommelseskorruption) eller - potentielt rettighedsforøgelse.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i version -4.19.118-2+deb10u1. Denne version retter også nogle relaterede fejl, som ikke -har deres egne CVE-ID'er, samt en regression i <linux/swab.h>-UAPI-headeren, -opstået i den tidligere punktopdatering (fejl nummer 960271).

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4699.data" diff --git a/danish/security/2020/dsa-4700.wml b/danish/security/2020/dsa-4700.wml deleted file mode 100644 index 6bef2fbf04e..00000000000 --- a/danish/security/2020/dsa-4700.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="7f7f3290be01ccc1b1a82ca7df183db4f6021748" mindelta="1" -sikkerhedsopdatering - -

Matei Badanoiu og LoRexxar@knownsec opdagede at roundcube, en -temaunderstøttende AJAX-baseret webmailløsning til IMAP-servere, ikke på korrekt -vis behandlede og rensede forespørgsler. Dermed kunne en fjernangriber være i -stand til at iværksætte Cross-Side Scripting (XSS)-angreb, førende til udførelse -af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.2.3+dfsg.1-4+deb9u5.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.3.13+dfsg.1-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine roundcube-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende roundcube, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/roundcube

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4700.data" diff --git a/danish/security/2020/dsa-4701.wml b/danish/security/2020/dsa-4701.wml deleted file mode 100644 index 3daf05eae5b..00000000000 --- a/danish/security/2020/dsa-4701.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="90833ca5169a5ef4cdeac320dd3d7016a5d5f8d2" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering indeholder opdateret CPU-microcode til nogle former for -Intel-CPU'er, og leverer afhjælpning af hardwaresårbarhederne Special Register -Buffer Data Sampling -(CVE-2020-0543), -Vector Register Sampling -(CVE-2020-0548) -og L1D Eviction Sampling -(CVE-2020-0549).

- -

Microcode-opdateringen til HEDT- og Xeon-CPU'er med signature 0x50654, som -var vendt om DSA 4565-2, leveres nu igen med et rettet udgivelse.

- -

Opstrøms opdatering til Skylake-U/Y (signature 0x406e3) kunne ikke medtages i -denne opdatering, på grund af rapporterede hængninger ved boot.

- -

For flere oplysninger, se -\ -https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html, -\ -https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 3.20200609.2~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 3.20200609.2~deb10u1.

- -

Vi anbefaler at du opgraderer dine intel-microcode-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende intel-microcode, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/intel-microcode

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4701.data" diff --git a/danish/security/2020/dsa-4702.wml b/danish/security/2020/dsa-4702.wml deleted file mode 100644 index f6d445a47cd..00000000000 --- a/danish/security/2020/dsa-4702.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="769e4524608bc6521e5b87e396fb219b60ec8f5e" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne medføre -etablering af en ikke-krypteret IMAP-forbindelse, lammelsesangreb eller -potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 1:68.9.0-1~deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:68.9.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4702.data" diff --git a/danish/security/2020/dsa-4703.wml b/danish/security/2020/dsa-4703.wml deleted file mode 100644 index f3ec298ec10..00000000000 --- a/danish/security/2020/dsa-4703.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="9b6396fd11e4d3583fd04b89212b64aeb305fbb0" mindelta="1" -sikkerhedsopdatering - -

Tre sårbarheder er fundet i MySQL Connector/J JDBC-driveren.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 5.1.49-0+deb9u1.

- -

Vi anbefaler at du opgraderer dine mysql-connector-java-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mysql-connector-java, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mysql-connector-java

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4703.data" diff --git a/danish/security/2020/dsa-4704.wml b/danish/security/2020/dsa-4704.wml deleted file mode 100644 index 1c16dc1fe1b..00000000000 --- a/danish/security/2020/dsa-4704.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="3ebf750b1d390b983cfb684bd2531240ccade3bc" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i medieafspilleren VLC, hvilken kunne medføre -udførelse af vilkårlig kode eller lammelsesangreb, hvis en misdannet videofil -blev åbnet.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 3.0.11-0+deb9u1.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.0.11-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende vlc, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/vlc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4704.data" diff --git a/danish/security/2020/dsa-4705.wml b/danish/security/2020/dsa-4705.wml deleted file mode 100644 index 6427fb3e0e0..00000000000 --- a/danish/security/2020/dsa-4705.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="c5d9fd4f88d62ad74c2c73f7fadec53bad22ff0c" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Django, et webudviklingsframework på højt niveau til Python, -ikke på korrekt vis rensede inddata. Dermed kunne det være muligt for en -fjernangriber, at iværksætte SQL-indsprøjtningsangreb, udføre skripter på tværs -af websteder (XSS) eller lække følsomme oplysninger.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:1.10.7-2+deb9u9.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:1.11.29-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine python-django-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-django, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-django

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4705.data" diff --git a/danish/security/2020/dsa-4706.wml b/danish/security/2020/dsa-4706.wml deleted file mode 100644 index a91284a35cf..00000000000 --- a/danish/security/2020/dsa-4706.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="4a12acab5b07c8a49064a6e76224c15a35b4cf1c" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Drupal, et komplet indholdshåndteringsframework, var ramt af -en forespørgselsforfalskning på tværs af servere.

- -

For flere oplysninger, se opstrøms bulletin på -\ -https://www.drupal.org/sa-core-2020-004.

- -

I den gamle stabile distribution (stretch), er dette problem rettet -i version 7.52-2+deb9u11.

- -

Vi anbefaler at du opgraderer dine drupal7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende drupal7, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/drupal7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4706.data" diff --git a/danish/security/2020/dsa-4707.wml b/danish/security/2020/dsa-4707.wml deleted file mode 100644 index baa59bfe09d..00000000000 --- a/danish/security/2020/dsa-4707.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="edb77bc2e2bfb9b4750d3b3fa98593bc94f77371" mindelta="1" -sikkerhedsopdatering - -

Damian Poddebniak og Fabian Ising opdagede to sikkerhedsproblemer i -STARTTLS-håndteringen i mailklienten Mutt, hvilke kunne muliggøre manden i -midten-angreb.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1.7.2-1+deb9u3.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.10.1-2.1+deb10u2.

- -

Vi anbefaler at du opgraderer dine mutt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mutt, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mutt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4707.data" diff --git a/danish/security/2020/dsa-4708.wml b/danish/security/2020/dsa-4708.wml deleted file mode 100644 index 326c35f4c9d..00000000000 --- a/danish/security/2020/dsa-4708.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="0e52e3a90f2bad134c2ecc2ac45a781519be4a47" mindelta="1" -sikkerhedsopdatering - -

Damian Poddebniak og Fabian Ising opdagede to sikkerhedsproblemer i -STARTTLS-håndteringen i mailklienten Mutt, hvilke kunne muliggøre manden i -midten-angreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 20180716+dfsg.1-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine neomutt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende neomutt, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/neomutt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4708.data" diff --git a/danish/security/2020/dsa-4709.wml b/danish/security/2020/dsa-4709.wml deleted file mode 100644 index 032245411c3..00000000000 --- a/danish/security/2020/dsa-4709.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="5411f57dc4aff53e34a6c8edf29ad797206f054c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Wordpress, et webbloggingværktøj. De gjorde -det muligt for fjernangribere at iværksætte forskellige angreb i forbindelse med -udførelse af skripter på tværs af websteder (XSS), oprette åbne -viderestillinger, forøge rettigheder og omgå autorisationsadgang.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 5.0.10+dfsg1-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wordpress, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wordpress

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4709.data" diff --git a/danish/security/2020/dsa-4710.wml b/danish/security/2020/dsa-4710.wml deleted file mode 100644 index 7143ab45c01..00000000000 --- a/danish/security/2020/dsa-4710.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="5674e0a4a2ce228b684101aa0dd7178c7180f327" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i Apache Traffic Server, en reverse og forward -proxyserver, hvilket kunne medføre lammelsesangreb gennem misdannede -HTTP/2-headere.

- -

I den stabile distribution (buster), er dette problem rettet i -version 8.0.2+ds-1+deb10u3.

- -

Vi anbefaler at du opgraderer dine trafficserver-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende trafficserver, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/trafficserver

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4710.data" diff --git a/danish/security/2020/dsa-4711.wml b/danish/security/2020/dsa-4711.wml deleted file mode 100644 index 3f2efba4947..00000000000 --- a/danish/security/2020/dsa-4711.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="3ce93908ff9ed5d5edeae5cc5bcfa241d553b2f8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i coturn, en TURN- og STUN-server til -VoIP.

- -
    - -
  • CVE-2020-4067 - -

    Felix Doerre rapporterede at STUN-svarbufferen ikke var korrekt - initialiseret, hvilket kunne gøre det muligt for en angriber at lække bytes - i padding-bytes fra en anden klients forbindelse.

    • - -
  • CVE-2020-6061 - -

    Aleksandar Nikolic rapporterede at en fabrikeret HTTP POST-forespørgsel - kunne føre til informationslækager og anden dårlig opførsel.

    • - -
  • CVE-2020-6062 - -

    Aleksandar Nikolic rapporterede at en fabrikeret HTTP POST-forespørgsel - kunne føre til servernedbrud og lammelsesangreb.

    • - -
- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 4.5.0.5-1+deb9u2.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.5.1.1-1.1+deb10u1.

- -

Vi anbefaler at du opgraderer dine coturn-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende coturn, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/coturn

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4711.data" diff --git a/danish/security/2020/dsa-4712.wml b/danish/security/2020/dsa-4712.wml deleted file mode 100644 index 66e01b3ef91..00000000000 --- a/danish/security/2020/dsa-4712.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e39095ba048972164e6022e01f5c2897253625d0" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter adskillige sårbarheder i Imagemagick: Forskellige -hukommelseshåndteringsproblemer og tilfælde af manglende eller ufuldstændig -rensning af inddata, kunne medføre lammelsesangreb, hukommelsesblotlæggelse -eller potentielt udførelse af vilkårlig kode, hvis misdannede billedfiler blev -behandlet.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 8:6.9.10.23+dfsg-2.1+deb10u1.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende imagemagick, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/imagemagick

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4712.data" diff --git a/danish/security/2020/dsa-4713.wml b/danish/security/2020/dsa-4713.wml deleted file mode 100644 index 2f742c213fb..00000000000 --- a/danish/security/2020/dsa-4713.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="bc2f22f228e45d71d44ae9812378344fb71291f8" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 68.10.0esr-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 68.10.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4713.data" diff --git a/danish/security/2020/dsa-4714.wml b/danish/security/2020/dsa-4714.wml deleted file mode 100644 index b01e9cdd2f9..00000000000 --- a/danish/security/2020/dsa-4714.wml +++ /dev/null @@ -1,349 +0,0 @@ -#use wml::debian::translation-check translation="199d32e49c566aa1abc65f7de70d8ec9fcf6eeb9" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2020-6423 - -

    Et problem med anvendelse efter frigivelse blev fundet i - audioimplementeringen.

    • - -
  • CVE-2020-6430 - -

    Avihay Cohen opdagede et typeforvirringsproblem i JavaScript-biblioteket - v8.

    • - -
  • CVE-2020-6431 - -

    Luan Herrera opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6432 - -

    Luan Herrera opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6433 - -

    Luan Herrera opdagede en fejl i forbindelse med håndhævelse af policy i - udvidelser.

    • - -
  • CVE-2020-6434 - -

    HyungSeok Han opdagede et problem med anvendelse efter frigivelse i - udviklerværktøjerne.

    • - -
  • CVE-2020-6435 - -

    Sergei Glazunov opdagede en fejl i forbindelse med håndhævelse af policy - i udvidelser.

    • - -
  • CVE-2020-6436 - -

    Igor Bukanov opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2020-6437 - -

    Jann Horn opdagede en implementeringsfejl i WebView.

    • - -
  • CVE-2020-6438 - -

    Ng Yik Phang opdagede en fejl i forbindelse med håndhævelse af policy i - udvidelser.

    • - -
  • CVE-2020-6439 - -

    remkoboonstra opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6440 - -

    David Erceg opdagede en implementeringsfejl i udvidelser.

    • - -
  • CVE-2020-6441 - -

    David Erceg opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6442 - -

    B@rMey opdagede en implementeringsfejl i sidecachen.

    • - -
  • CVE-2020-6443 - -

    @lovasoa opdagede en implementeringsfejl i udviklerværktøjerne.

    • - -
  • CVE-2020-6444 - -

    mlfbrown opdagede en uinitialiseret variabel i - WebRTC-implementeringen.

    • - -
  • CVE-2020-6445 - -

    Jun Kokatsu opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6446 - -

    Jun Kokatsu opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6447 - -

    David Erceg opdagede en implementeringsfejl i udviklerværktøjerne.

    • - -
  • CVE-2020-6448 - -

    Guang Gong opdagede et problem med anvendelse efter frigivelse i - JavaScript-biblioteket v8.

    • - -
  • CVE-2020-6454 - -

    Leecraso og Guang Gong opdagede et problem med anvendelse efter - frigivelse i udvidelser.

    • - -
  • CVE-2020-6455 - -

    Nan Wang og Guang Gong opdagede et problem med læsning udenfor grænserne - WebSQL-implementeringen.

    • - -
  • CVE-2020-6456 - -

    Michał Bentkowski opdagede utilstrækkelig validering af inddata, som der - ikke er tillid til.

    • - -
  • CVE-2020-6457 - -

    Leecraso og Guang Gong opdagede et problem med anvendelse efter - frigivelse i talegenkendelsen.

    • - -
  • CVE-2020-6458 - -

    Aleksandar Nikolic opdagede et problem med læsning og skrivning udenfor - grænserne i pdfium-biblioteket.

    • - -
  • CVE-2020-6459 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse i - payments-implementeringen.

    • - -
  • CVE-2020-6460 - -

    Man opdagede at URL-formatteringen blev valideret på utilstrækkelig - vis.

    • - -
  • CVE-2020-6461 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2020-6462 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse in - taskscheduling.

    • - -
  • CVE-2020-6463 - -

    Pawel Wylecial opdagede et problem med anvendelse efter frigivelse i - ANGLE-biblioteket.

    • - -
  • CVE-2020-6464 - -

    Looben Yang opdagede et typeforvirringsproblem i Blink/Webkit.

    • - -
  • CVE-2020-6465 - -

    Woojin Oh opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2020-6466 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse.

    • - -
  • CVE-2020-6467 - -

    ZhanJia Song opdagede et problem med anvendelse efter frigivelse i - WebRTC-implementeringen.

    • - -
  • CVE-2020-6468 - -

    Chris Salls og Jake Corina opdagede et typeforvirringsproblem i - JavaScript-biblioteket v8.

    • - -
  • CVE-2020-6469 - -

    David Erceg opdagede en fejl i forbindelse med håndhævelse af policy i - udviklerværktøjerne.

    • - -
  • CVE-2020-6470 - -

    Michał Bentkowski opdagede utilstrækkelig validering af data, der ikke er - tillid til.

    • - -
  • CVE-2020-6471 - -

    David Erceg opdagede en fejl i forbindelse med håndhævelse af policy i - udviklerværktøjerne.

    • - -
  • CVE-2020-6472 - -

    David Erceg opdagede en fejl i forbindelse med håndhævelse af policy i - udviklerværktøjerne.

    • - -
  • CVE-2020-6473 - -

    Soroush Karami og Panagiotis Ilia opdagede en fejl i forbindelse med - håndhævelse af policy i Blink/Webkit.

    • - -
  • CVE-2020-6474 - -

    Zhe Jin opdagede et problem med anvendelse efter frigivelse i - Blink/Webkit.

    • - -
  • CVE-2020-6475 - -

    Khalil Zhani opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2020-6476 - -

    Alexandre Le Borgne opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6478 - -

    Khalil Zhani opdagede en implementeringsfejl i - fuldskærmstilstand.

    • - -
  • CVE-2020-6479 - -

    Zhong Zhaochen opdagede en implementeringsfejl.

    • - -
  • CVE-2020-6480 - -

    Marvin Witt opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6481 - -

    Rayyan Bijoora opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6482 - -

    Abdulrahman Alqabandi opdagede en fejl i forbindelse med håndhævelse af - policy i udviklerværktøjerne.

    • - -
  • CVE-2020-6483 - -

    Jun Kokatsu opdagede en fejl i forbindelse med håndhævelse af policy i - payments.

    • - -
  • CVE-2020-6484 - -

    Artem Zinenko opdagede utilstrækkelig validering af brugerdata i - ChromeDriver-implementeringen.

    • - -
  • CVE-2020-6485 - -

    Sergei Glazunov opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6486 - -

    David Erceg opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6487 - -

    Jun Kokatsu opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6488 - -

    David Erceg opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6489 - -

    @lovasoa opdagede en implementeringsfejl i udviklerværktøjerne.

    • - -
  • CVE-2020-6490 - -

    Der blev opdaget utilstrækkelig validering af data, der ikke er tillid - til.

    • - -
  • CVE-2020-6491 - -

    Sultan Haikal opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2020-6493 - -

    A problem med anvendelse efter frigivelse blev opdaget i - WebAuthentication-implementeringen.

    • - -
  • CVE-2020-6494 - -

    Juho Nurimen opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2020-6495 - -

    David Erceg opdagede en fejl i forbindelse med håndhævelse af policy i - udviklerværktøjerne.

    • - -
  • CVE-2020-6496 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - payments.

    • - -
  • CVE-2020-6497 - -

    Rayyan Bijoora opdagede et problem med hændhævelse af policy.

    • - -
  • CVE-2020-6498 - -

    Rayyan Bijoora opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2020-6505 - -

    Khalil Zhani opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2020-6506 - -

    Alesandro Ortiz opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2020-6507 - -

    Sergei Glazunov opdagede en skrivning udenfor grænserne - JavaScript-biblioteket v8.

    • - -
  • CVE-2020-6509 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - udvidelser.

    • - -
  • CVE-2020-6831 - -

    Natalie Silvanovich opdagede en bufferoverløbsproblem i - SCTP-biblioteket.

    • - -
- -

I den gamle stabile distribution (stretch), er sikkerhedsunderstøttelse af -chromium ophørt.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 83.0.4103.116-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4714.data" diff --git a/danish/security/2020/dsa-4715.wml b/danish/security/2020/dsa-4715.wml deleted file mode 100644 index d0abdfadfb0..00000000000 --- a/danish/security/2020/dsa-4715.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="5524498f6e91d81d4de3b1e061e9eb56e0b86d48" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering retter adskillige sårbarheder i Imagemagick: Forskellige -hukommelseshåndteringsproblemer og tilfælde af manglende eller ufuldstændig -rensning af inddata, kunne medføre lammelsesangreb, hukommelsesblotlæggelse -eller potentielt udførelse af vilkårlig kode, hvis misdannede billedfiler blev -behandlet.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 8:6.9.7.4+dfsg-11+deb9u8.

- -

Vi anbefaler at du opgraderer dine imagemagick-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende imagemagick, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/imagemagick

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4715.data" diff --git a/danish/security/2020/dsa-4716.wml b/danish/security/2020/dsa-4716.wml deleted file mode 100644 index fb4b63354e0..00000000000 --- a/danish/security/2020/dsa-4716.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c0a1882c4c41799ca07c3299889571d6b39fe1aa" mindelta="1" -sikkerhedsopdatering - -

Etienne Champetier opdagede at Docker, en Linux-containerruntime, oprettede -netværksbroer, der som standard accepterede IPv6-routerannonceringer. Dermed -kunne det være muligt for en angriber med kapabiliteten CAP_NET_RAW i en -container, at forfalske routerannonceringer, medførende informationsafsløring -eller lammelsesangreb.

- -

I den stabile distribution (buster), er dette problem rettet i -version 18.09.1+dfsg1-7.1+deb10u2.

- -

Vi anbefaler at du opgraderer dine docker.io-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende docker.io, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/docker.io

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4716.data" diff --git a/danish/security/2020/dsa-4717.wml b/danish/security/2020/dsa-4717.wml deleted file mode 100644 index 39cc83f089c..00000000000 --- a/danish/security/2020/dsa-4717.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e3038ece1bbcbe724fcc1c546b43d488eabcad09" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i PHP, et vidt udbredt og generelt -anvendeligt skriptsprog, hvilke kunne medføre informationsafsløring, -lammelsesangreb eller potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 7.0.33-0+deb9u8.

- -

Vi anbefaler at du opgraderer dine php7.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.0, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/php7.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4717.data" diff --git a/danish/security/2020/dsa-4718.wml b/danish/security/2020/dsa-4718.wml deleted file mode 100644 index 0a17cf851a5..00000000000 --- a/danish/security/2020/dsa-4718.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="616abcd7a2eb7901829b787599a6907c75aa4c01" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne medføre -lammelsesangreb eller potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (stretch), er disse problemer rettet -i version 1:68.10.0-1~deb9u1.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:68.10.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4718.data" diff --git a/danish/security/2020/dsa-4719.wml b/danish/security/2020/dsa-4719.wml deleted file mode 100644 index 2b82f32a8b6..00000000000 --- a/danish/security/2020/dsa-4719.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="55cb6b8e2d5f20bdabfef5dd55acfe47a064f417" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i PHP, et vidt udbredt og generelt -anvendeligt skriptsprog, hvilke kunne medføre informationsafsløring, -lammelsesangreb eller potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 7.3.19-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine php7.3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.3, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/php7.3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4719.data" diff --git a/danish/security/2020/dsa-4720.wml b/danish/security/2020/dsa-4720.wml deleted file mode 100644 index e243bf937bd..00000000000 --- a/danish/security/2020/dsa-4720.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="92b55131b2b928f48ba4292312fdc4577a5b34f1" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at roundcube, en temaunderstøttende AJAX-baseret -webmailløsning til IMAP-servere, ikke på korrrekt vis rensede indgående -mails. Dermed kunne en fjernangriber iværksætte angreb i forbindelse med -udførelse af skripter på tværs af websteder (XSS).

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.3.14+dfsg.1-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine roundcube-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende roundcube, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/roundcube

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4720.data" diff --git a/danish/security/2020/dsa-4721.wml b/danish/security/2020/dsa-4721.wml deleted file mode 100644 index 99c54e46be4..00000000000 --- a/danish/security/2020/dsa-4721.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="35022c48a0167d79ad83f69c33eea08bda088d57" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i fortolkningsprogrammet til sproget Ruby.

- -
    - -
  • CVE-2020-10663 - -

    Jeremy Evans rapporterede om en sårbarhed i forbindelse med oprettelse af - usikre objekter i json-gem, som distribueres med Ruby. Ved fortolkning af - visse JSON-dokumenter, som kan blive tvunget til at oprette vilkårlige - objekter på målsystemet.

    • - -
  • CVE-2020-10933 - -

    Samuel Williams rapporterede om en fejl i socket-biblioteket, som kunne - føre til udstilling af muligvis følsomme data fra - fortolkningsprorgammet.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.5.5-3+deb10u2.

- -

Vi anbefaler at du opgraderer dine ruby2.5-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby2.5, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/ruby2.5

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4721.data" diff --git a/danish/security/2020/dsa-4722.wml b/danish/security/2020/dsa-4722.wml deleted file mode 100644 index ff6c004ce80..00000000000 --- a/danish/security/2020/dsa-4722.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="8bcb17cc83a3b091dcab8bd4792c01368ff68d63" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i multimedieframeworket FFmpeg, hvilke kunne -medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis -misdannede filer/streams blev behandlet.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 7:4.1.6-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ffmpeg, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ffmpeg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4722.data" diff --git a/danish/security/2020/dsa-4723.wml b/danish/security/2020/dsa-4723.wml deleted file mode 100644 index efcc0611185..00000000000 --- a/danish/security/2020/dsa-4723.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="a83576b1b2cdcd7d2e92a58fa57f31ac751c6719" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisor'en Xen, hvilke kunne medføre -lammelsesangreb, gæst til vært-rettighedsforøgelse eller -informationslækager.

- -

I den stabile distribution (buster), er disse problemer rettet i version -4.11.4+24-gddaaccbbab-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4723.data" diff --git a/danish/security/2020/dsa-4724.wml b/danish/security/2020/dsa-4724.wml deleted file mode 100644 index a320d234b65..00000000000 --- a/danish/security/2020/dsa-4724.wml +++ /dev/null @@ -1,64 +0,0 @@ -#use wml::debian::translation-check translation="47c9da48bb2e6ee7f5d51bb1bfb0e169808fcbf0" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2020-9802 - -

    Samuel Gross opdagede at behandling af ondsindet fremstillet webindhold - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2020-9803 - -

    Wen Xu opdagede at behandling af ondsindet fremstillet webindhold kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2020-9805 - -

    En anonym efterforsker opdagede at behandling af ondsindet fremstillet - webindhold kunne føre til univerel udførelse af skripter på tværs af - servere.

    • - -
  • CVE-2020-9806 - -

    Wen Xu opdagede at behandling af ondsindet fremstillet webindhold kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2020-9807 - -

    Wen Xu opdagede at behandling af ondsindet fremstillet webindhold kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2020-9843 - -

    Ryan Pickren opdagede at behandling af ondsindet fremstillet webindhold - kunne føre til et angreb med udførelse af skripter på tværs af - servere.

    • - -
  • CVE-2020-9850 - -

    @jinmo123, @setuid0x0_ og @insu_yun_en opdagede at en fjernangriber kunne - være i stand til at udføre vilkårlig kode.

    • - -
  • CVE-2020-13753 - -

    Milan Crha opdagede at en angriber kunne være i stand til at udføre - kommandoer udenfor bubblewrap-sandkassen.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.28.3-2~deb10u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4724.data" diff --git a/danish/security/2020/dsa-4725.wml b/danish/security/2020/dsa-4725.wml deleted file mode 100644 index d1356d9c17d..00000000000 --- a/danish/security/2020/dsa-4725.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="573a893fbb97c170b5442d72d8c5cd0ba909ec60" mindelta="1" -sikkerhedsopdatering - -

Damian Poddebniak og Fabian Ising opdagede en sårbarhed i forbindelse med -indsprøjtning af svar i Evolutions dataserver, hvilket kunne muliggøre manden i -midten-angreb (MITM).

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.30.5-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine evolution-data-server-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende evolution-data-server, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/evolution-data-server

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4725.data" diff --git a/danish/security/2020/dsa-4726.wml b/danish/security/2020/dsa-4726.wml deleted file mode 100644 index 4921779d8c9..00000000000 --- a/danish/security/2020/dsa-4726.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="56fd70e09ae3617f299ae8abe378050d9cf5ea9d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i NSS, et sæt af kryptografiske biblioteker, -hvilke kunne medføre sidekanals-/timingangreb eller lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2:3.42.1-1+deb10u3.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nss, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nss

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4726.data" diff --git a/danish/security/2020/dsa-4727.wml b/danish/security/2020/dsa-4727.wml deleted file mode 100644 index 352cce375f4..00000000000 --- a/danish/security/2020/dsa-4727.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="ea28c5244e42207ca67ce1ab6818b9fd50db6bfd" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Tomcat-servlet'en og i JSP-motoren, hvilke -kunne medføre udførelse af kode eller lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 9.0.31-1~deb10u2.

- -

Vi anbefaler at du opgraderer dine tomcat9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tomcat9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tomcat9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4727.data" diff --git a/danish/security/2020/dsa-4728.wml b/danish/security/2020/dsa-4728.wml deleted file mode 100644 index b09303c387b..00000000000 --- a/danish/security/2020/dsa-4728.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="e590a239dcce3b070e4860792afe52129f37a9bb" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i QEMU, en hurtig -processoremulator, hvilke kunne medføre lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:3.1+dfsg-8+deb10u6.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qemu, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qemu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4728.data" diff --git a/danish/security/2020/dsa-4729.wml b/danish/security/2020/dsa-4729.wml deleted file mode 100644 index b567afbd9b8..00000000000 --- a/danish/security/2020/dsa-4729.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="ffddd5e9578fe1c7064e58923a8769e75e8ca768" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer blev fundet i libopenmpt, et C++- og C-bibliotek der -fungerer på flere platforme til dekodning af tracker-musikfiler, hvilke kunne -medføre lammelseangreb og potentielt udførelse af vilkårlig kode, hvis -misdannede musikfiler blev behandlet.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.4.3-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine libopenmpt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libopenmpt, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libopenmpt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4729.data" diff --git a/danish/security/2020/dsa-4730.wml b/danish/security/2020/dsa-4730.wml deleted file mode 100644 index 328d454bad4..00000000000 --- a/danish/security/2020/dsa-4730.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="cdcf3bccf115a6d16bbc80940463b8f456ccc51b" mindelta="1" -sikkerhedsopdatering - -

Michal Bentkowski opdagede at ruby-sanitize, en hvidlistebaseret HTML-renser, -var sårbar over for en sårbarhed i forbindelse med omgåelse af HTML-rensning, -når der blev anvendt relaxed eller når en tilpasset opsætning tillod -visse elementer. Indhold i et <math>- eller <svg>-element, kunne -ikke renses korrekt, selv når math og svg ikke var på allowlist'en.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.6.6-2.1~deb10u1.

- -

Vi anbefaler at du opgraderer dine ruby-sanitize-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-sanitize, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-sanitize

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4730.data" diff --git a/danish/security/2020/dsa-4731.wml b/danish/security/2020/dsa-4731.wml deleted file mode 100644 index fe8700523e6..00000000000 --- a/danish/security/2020/dsa-4731.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e5ebed88a6ca84d6781c3676b6e1cfd282647465" mindelta="1" -sikkerhedsopdatering - -

En heltalsoverløbsfejl førende til et stakbaseret bufferoverløb, blev opdaget -i redis, en persistent key-value-database. En fjernangriber kunne udnytte -fejlen til at forårsage et lammelsesangreb (applikationsnedbrud).

- -

I den stabile distribution (buster), er dette problem rettet i -version 5:5.0.3-4+deb10u2.

- -

Vi anbefaler at du opgraderer dine redis-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende redis, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/redis

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4731.data" diff --git a/danish/security/2020/dsa-4732.wml b/danish/security/2020/dsa-4732.wml deleted file mode 100644 index 81fd096110e..00000000000 --- a/danish/security/2020/dsa-4732.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="08802b1e499665f8e9fb73be7d5414905c29a061" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer blev opdaget i proxycachingserveren Squid, hvilke -kunne medføre cacheforgiftning, smugling af forespørgsler og ufuldstændig -validering af værtsnavne i cachemgr.cgi.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.6-1+deb10u3.

- -

Vi anbefaler at du opgraderer dine squid-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende squid, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/squid

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4732.data" diff --git a/danish/security/2020/dsa-4733.wml b/danish/security/2020/dsa-4733.wml deleted file mode 100644 index dca9e5cf0ff..00000000000 --- a/danish/security/2020/dsa-4733.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="7026d582b1c7da56c7ce3c7ba63f7c8f62f88e59" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ukorrekt hukommelseshåndtering i implementeringen af -SLIRP-networking, kunne medføre lammelsesangreb eller potentielt udførelse af -vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:3.1+dfsg-8+deb10u7. Desuden retter denne opdatering en regression -forårsaget af patch'en af -\ -CVE-2020-13754, der kunne føre til startfejl i nogle Xen-opsætninger.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qemu, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qemu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4733.data" diff --git a/danish/security/2020/dsa-4734.wml b/danish/security/2020/dsa-4734.wml deleted file mode 100644 index ecae1f17611..00000000000 --- a/danish/security/2020/dsa-4734.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="8b058d6a2e9e0e2d07176bfbdc9423af6aa251cb" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, medførende -lammelsesangreb, omgåelse af adgang/sandkassebegrænsninger eller -informationsafsløring.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 11.0.8+10-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine openjdk-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4734.data" diff --git a/danish/security/2020/dsa-4735.wml b/danish/security/2020/dsa-4735.wml deleted file mode 100644 index 38126895ba3..00000000000 --- a/danish/security/2020/dsa-4735.wml +++ /dev/null @@ -1,65 +0,0 @@ -#use wml::debian::translation-check translation="f316e0ce25840c6590881cb5b3cec62cc137c07d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i bootloader'en GRUB2.

- -
    - -
  • CVE-2020-10713 - -

    Der blev fundet en i koden til fortolkning af grub.cfg, hvilken gjorde - det muligt at bryde UEFI Secure Boot og indlæse vilkårlig kode. Flere - oplysninger finder man i: - \ - https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/

    • - -
  • CVE-2020-14308 - -

    Man opdagede at grub_malloc ikke validerede størrelsesallokeringen, - hvilket muliggjorde et aritmetisk overløb og efterfølgende et heapbaseret - bufferoverløb.

    • - -
  • CVE-2020-14309 - -

    Et heltalsoverløb i grub_squash_read_symlink kunne føre til et - headbaseret bufferoverløb.

    • - -
  • CVE-2020-14310 - -

    Et heltalsoverløb i read_section_from_string kunne føre til et - heapbaseret bufferoverløb.

    • - -
  • CVE-2020-14311 - -

    Et heltalsoverløb i grub_ext2_read_link kunne føre til et heapbaseret - bufferoverløb.

    • - -
  • CVE-2020-15706 - -

    script: Undgå en anvendelse efter frigivelse, når en funktion redefineres - under udførslen.

    • - -
  • CVE-2020-15707 - -

    En heltalsoverløbsfejl blev fundet i initrd's - størrelseshåndtering.

    • - -
- -

Flere oplysninger findes i: -\ -https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.02+dfsg1-20+deb10u1.

- -

Vi anbefaler at du opgraderer dine grub2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende grub2, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/grub2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4735.data" diff --git a/danish/security/2020/dsa-4736.wml b/danish/security/2020/dsa-4736.wml deleted file mode 100644 index 8c199e69276..00000000000 --- a/danish/security/2020/dsa-4736.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c922ff2f85c3e6ced97aa321123557fdf0ba72e8" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlige kode eller en -informationslækage.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 68.11.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4736.data" diff --git a/danish/security/2020/dsa-4737.wml b/danish/security/2020/dsa-4737.wml deleted file mode 100644 index 9a255b605e5..00000000000 --- a/danish/security/2020/dsa-4737.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="4e8d3994fbaacf53438b99443d1ef2f901ce05f7" mindelta="1" -sikkerhedsopdatering - -

Ashley Newson opdagede at XRDP sessions manager havde en -lammelsesangrebssårbarhed. En lokal angriber kunne yderligere drage nytte af -fejlen til at udgive sig for at være XRDP sessions manager, og opsnappe -vilkårlige brugerloginoplysninger, som overføres til XRDP, godkende og afvise -vilkårlige loginoplysninger eller til kapre eksisterende xorgxrdp-sessions.

- -

I den stabile distribution (buster), er dette problem rettet i -version 0.9.9-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine xrdp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xrdp, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xrdp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4737.data" diff --git a/danish/security/2020/dsa-4738.wml b/danish/security/2020/dsa-4738.wml deleted file mode 100644 index 1bf19c0e564..00000000000 --- a/danish/security/2020/dsa-4738.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1b9e701ad895f7c8dde90a6c65ee06ee23a2cc60" mindelta="1" -sikkerhedsopdatering - -

Dominik Penner opdagede at arkivhåndteringsprogrammet Ark ikke rensede -udpakningsstier, hvilke kunne medføre at ondsindet fremstillede arkiver skrev -udenfor udpakningsstien.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4:18.08.3-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine ark-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ark, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ark

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4738.data" diff --git a/danish/security/2020/dsa-4739.wml b/danish/security/2020/dsa-4739.wml deleted file mode 100644 index dffee59c1ae..00000000000 --- a/danish/security/2020/dsa-4739.wml +++ /dev/null @@ -1,54 +0,0 @@ -#use wml::debian::translation-check translation="e0e83a446207444c8d7cbfe76be73fc5338ccab7" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2020-9862 - -

    Ophir Lojkine opdagede at kopiering af en URL fra Web Inspector, kunne - føre til kommandoindsprøjtning.

    • - -
  • CVE-2020-9893 - -

    0011 opdagede at en fjernangriber kunne være i stand til at forårsage en - uventet programafslutning eller udførelse af vilkårlig kode.

    • - -
  • CVE-2020-9894 - -

    0011 opdagede at en fjernangriber kunne være i stand til at forårsage en - uventet programafslutning eller udførelse af vilkårlig kode.

    • - -
  • CVE-2020-9895 - -

    Wen Xu opdagede at en fjernangriber kunne være i stand til at forårsage - en uventet programafslutning eller udførelse af vilkårlig kode.

    • - -
  • CVE-2020-9915 - -

    Ayoub Ait Elmokhtar opdagede at behandling af ondsindet fremstillet - webindhold kunne forhindre Content Security Policy i at blive - håndhævet.

    • - -
  • CVE-2020-9925 - -

    En anonym efterforsker opdagede at behandling af ondsindet fremstillet - webindhold kunne føre til universel udførelse af skripter på tværs af - servere.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.28.4-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4739.data" diff --git a/danish/security/2020/dsa-4740.wml b/danish/security/2020/dsa-4740.wml deleted file mode 100644 index b062cc0a485..00000000000 --- a/danish/security/2020/dsa-4740.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a307a0dac1af4573a041ffa477dce801fe442767" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne medføre -lammelsesangreb eller potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:68.11.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4740.data" diff --git a/danish/security/2020/dsa-4741.wml b/danish/security/2020/dsa-4741.wml deleted file mode 100644 index 6f38654e170..00000000000 --- a/danish/security/2020/dsa-4741.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f417dc0bef6410b2249b3ecb8a4ac173480635c9" mindelta="1" -sikkerhedsopdatering - -

Tobias Stoeckmann opdagede et heltalsoverløb i JSON-biblioteket json-c, -hvilket kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig -kode, hvis store misdannede JSON-filer blev behandlet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 0.12.1+ds-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine json-c-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende json-c, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/json-c

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4741.data" diff --git a/danish/security/2020/dsa-4742.wml b/danish/security/2020/dsa-4742.wml deleted file mode 100644 index 8aa15f2c2ff..00000000000 --- a/danish/security/2020/dsa-4742.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="2f2e4e4ed7b781eff447b99c3d177c672b61e21f" mindelta="1" -sikkerhedsopdatering - -

Tim Starling opdagede to sårbarheder i firejail, et sandkasseprogram til -begrænsning af afviklingsmiljøet for programmer, der ikke er tillid til.

- -
    - -
  • CVE-2020-17367 - -

    Der blev rapporteret at firejail ikke respekterede - end-of-options-separatoren (--), hvilke gjorde det muligt for en - angriber med kontrol over kommandolinjeparametrene hørende til et program i - sandkassen, at skrive data til en angivet fil.

    • - -
  • CVE-2020-17368 - -

    Der blev rapporteret at firejail, når der viderestilles uddata gennem - --output eller --output-stderr, så samles alle kommandolinjeparametre i - en enkelt streng, som overføres til en shell. En angriber, der har kontrol - over kommandolinjeparametrene hørende til et program i sandkassen, kunne - drage nytte af fejlen til at udføre vilkårlige kommandoer.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.9.58.2-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine firejail-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firejail, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firejail

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4742.data" diff --git a/danish/security/2020/dsa-4743.wml b/danish/security/2020/dsa-4743.wml deleted file mode 100644 index b31b356455f..00000000000 --- a/danish/security/2020/dsa-4743.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="ea4695cc27694f8fc80eb1e6329c9fd24548d384" mindelta="1" -sikkerhedsopdatering - -

En fejl blev opdaget i ruby-kramdown, en hurtig, ren ruby, -Markdown-fortolker og -converter, hvilke kunne medføre utilsigtigt læseadgang -til filer, eller utilsigtet udførelse af indlejret Ruby-kode, når -{::options /}-udvidelsen blev anvendt sammen med valgmuligheden -template.

- -

Opdateringen indfører en ny valgmulighed, forbidden_inline_options, -til begrænsning af de valgmuligheder, som er tilladt med -{::options /}-udvidelsen. Som standard er valgmuligheden -template forbudt.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.17.0-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine ruby-kramdown-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-kramdown, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-kramdown

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4743.data" diff --git a/danish/security/2020/dsa-4744.wml b/danish/security/2020/dsa-4744.wml deleted file mode 100644 index c26570292fb..00000000000 --- a/danish/security/2020/dsa-4744.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="143b5edcd9c9f2a19ad8b68426833a133c5cfe48" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at roundcube, en temaunderstøttende AJAX-baseret -webmailløsning til IMAP-servere, var ramt af en sårbarhed i forbindelse med -udførelse af skripter på tværs af servere ved håndtering af ugyldigt -svg- og math tag-indhold.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.3.15+dfsg.1-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine roundcube-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende roundcube, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/roundcube

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4744.data" diff --git a/danish/security/2020/dsa-4745.wml b/danish/security/2020/dsa-4745.wml deleted file mode 100644 index aa345671ac0..00000000000 --- a/danish/security/2020/dsa-4745.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="7fbf113ef094837f72d2bdb71154488accfe2afb" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i mailserveren Dovecot.

- -
    - -
  • CVE-2020-12100 - -

    Modtagelse af mail med dybt indlejrede MIME-dele, førte til - ressourceudmattelse, da Dovecot forsøgte at fortolke det.

    • - -
  • CVE-2020-12673 - -

    Dovecots NTLM-implementering kontrollede ikke på korrekt vis - meddelelsesbufferstørrelsen, hvilket førte til et nedbrud ved læsning forbi - allokeringen.

    • - -
  • CVE-2020-12674 - -

    Dovecots implementering af RPA-mekanismen tillod meddelelser med en - længde på nul, hvilket senere førte til assert-nedbrud.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:2.3.4.1-5+deb10u3.

- -

Vi anbefaler at du opgraderer dine dovecot-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dovecot, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/dovecot

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4745.data" diff --git a/danish/security/2020/dsa-4746.wml b/danish/security/2020/dsa-4746.wml deleted file mode 100644 index 46dbd1c9fa7..00000000000 --- a/danish/security/2020/dsa-4746.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="4336abe86a49e12943eb9b9ea334670f09ed6b54" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i net-snmp, et samling af Simple Network -Management Protocol-programmer, hvilke kunne føre til rettighedsforøgelse.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 5.7.3+dfsg-5+deb10u1.

- -

Vi anbefaler at du opgraderer dine net-snmp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende net-snmp, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/net-snmp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4746.data" diff --git a/danish/security/2020/dsa-4747.wml b/danish/security/2020/dsa-4747.wml deleted file mode 100644 index 50d153ae7c3..00000000000 --- a/danish/security/2020/dsa-4747.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="518a7803359678db05da2d9b06e674aab4073a2f" mindelta="1" -sikkerhedsopdatering - -

En mappegennemløbssårbarhed blev opdaget i Icinga Web 2, en webgrænseflade -til Icinga, hvilken kunne medføre afsløring af filer, som er læsbare for -processen.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.6.2-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine icingaweb2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende icingaweb2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/icingaweb2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4747.data" diff --git a/danish/security/2020/dsa-4748.wml b/danish/security/2020/dsa-4748.wml deleted file mode 100644 index 509c7602b84..00000000000 --- a/danish/security/2020/dsa-4748.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="f608e4db49e6cb7ea48b9fee91ffab3cc8d5c11c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Ghostscript, den -GPL-licenserede PostScript-/PDF-fortolker, hvilke kunne medføre lammelsesangreb -og potentielt udførelse af vilkårlig kode, hvis misdannede dokumentfiler blev -behandlet.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 9.27~dfsg-2+deb10u4.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ghostscript, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ghostscript

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4748.data" diff --git a/danish/security/2020/dsa-4749.wml b/danish/security/2020/dsa-4749.wml deleted file mode 100644 index 22cdab366bd..00000000000 --- a/danish/security/2020/dsa-4749.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="17f01874d49c6a574936a09667741e3d63ccdbda" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode eller at uønskede -eller ondsindede udvidelser blev installeret.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 68.12.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4749.data" diff --git a/danish/security/2020/dsa-4750.wml b/danish/security/2020/dsa-4750.wml deleted file mode 100644 index f774b27c889..00000000000 --- a/danish/security/2020/dsa-4750.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7060e6d28fcf2f959a5d7be907131d1d7b70b7f4" mindelta="1" -sikkerhedsopdatering - -

Der blev rapporteret om at Lua-modulet til Nginx, en højtydende web- og -reverseproxyserver, var sårbar overfor en sårbarhed i forbindelse med smugling -af HTTP-forespørgsler.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.14.2-2+deb10u3.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nginx, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/nginx

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4750.data" diff --git a/danish/security/2020/dsa-4751.wml b/danish/security/2020/dsa-4751.wml deleted file mode 100644 index 154e0d091c2..00000000000 --- a/danish/security/2020/dsa-4751.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="f542876b792062f3c2d2e7040bc21033b1fbc887" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Squid, en komplet webproxycache, hvilke -kunne medføre forespørgselsopsplitning, forespørgselssmugling (førende til -cacheforgiftning) og lammelsesangreb, når der blev behandlet fabrikerede -cachedigest-svarmeddelelser.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.6-1+deb10u4.

- -

Vi anbefaler at du opgraderer dine squid-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende squid, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/squid

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4751.data" diff --git a/danish/security/2020/dsa-4752.wml b/danish/security/2020/dsa-4752.wml deleted file mode 100644 index f9326aa8b4f..00000000000 --- a/danish/security/2020/dsa-4752.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="5346ad19e1bb39a2123f70e49de6fe4ffa9caa5b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i BIND, en DNS-server-implementering.

- -
    - -
  • CVE-2020-8619 - -

    Man opdagede at et asterisktegn i en tom ikke-terminal, kunne forårsage - en assertionfejl, medførende lammelsesangreb.

    • - -
  • CVE-2020-8622 - -

    Dave Feldman, Jeff Warren og Joel Cunningham rapporterede at et trunkeret - TSIG-svar, kunne føre til en assertionfejl, medførende - lammelsesangreb.

    • - -
  • CVE-2020-8623 - -

    Lyu Chiy rapporterede at en fejl i den indbyggede PKCS#11-kode, kunne - føre til en fjernudløsbar assertionfejl, medførende - lammelsesangreb.

    • - -
  • CVE-2020-8624 - -

    Joop Boonen rapporterede at update-policy-reglerne af typen - subdomain, blev håndhævet på forkert vis, hvilket gjorde det muligt - at opdatere alle dele af zonen, sammen med det tilsigtede - underdomæne.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:9.11.5.P4+dfsg-5.1+deb10u2.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bind9, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/bind9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4752.data" diff --git a/danish/security/2020/dsa-4753.wml b/danish/security/2020/dsa-4753.wml deleted file mode 100644 index 262bdfdbfde..00000000000 --- a/danish/security/2020/dsa-4753.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ac7ded650ad95977c0af57ac41dc59efcd7e5d28" mindelta="1" -sikkerhedsopdatering - -

En heapbaseret bufferoverløbsfejl blev opdaget i MuPDF, en -letvægts-PDF-fremviser, hvilken kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode, hvis en misdannet PDF-fil blev åbnet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.14.0+ds1-4+deb10u1.

- -

Vi anbefaler at du opgraderer dine mupdf-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mupdf, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mupdf

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4753.data" diff --git a/danish/security/2020/dsa-4754.wml b/danish/security/2020/dsa-4754.wml deleted file mode 100644 index 937f1edd68d..00000000000 --- a/danish/security/2020/dsa-4754.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="958314d2c44403b1e7e52a101ee2cceaba26ea73" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev fundet i Thunderbird, hvilke kunne -medføre udførelse af vilkårlig kode eller utilsigtet installering af -udvidelser.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:68.12.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4754.data" diff --git a/danish/security/2020/dsa-4755.wml b/danish/security/2020/dsa-4755.wml deleted file mode 100644 index d16d6cb051a..00000000000 --- a/danish/security/2020/dsa-4755.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="780d252ffaf680836cda837cd5f28e1485f96081" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i billedbiblioteket OpenEXR, hvilke -kunne medføre lammelsesangreb og potentielt udførelse af vilkårlig kode, når der -blev behandlet misdannede EXR-billedfiler.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.2.1-4.1+deb10u1.

- -

Vi anbefaler at du opgraderer dine openexr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openexr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openexr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4755.data" diff --git a/danish/security/2020/dsa-4756.wml b/danish/security/2020/dsa-4756.wml deleted file mode 100644 index d3d360dedde..00000000000 --- a/danish/security/2020/dsa-4756.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="3fbbca4921406382e3b6172f575f8c87cbcc5ea6" mindelta="1" -sikkerhedsopdatering - -

Faidon Liambotis opdagede at Lilypond, et program til at sætte noder, ikke -begrænsede medtagelse af Postscript- og SVG-kommandoer, når der blev kørt i -sikker tilstand, hvilket kunne medføre udførelse af vilkårlig kode, når der -blev render'et en typesheet-fil med indlejret Postscript-kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.19.81+really-2.18.2-13+deb10u1.

- -

Vi anbefaler at du opgraderer dine lilypond-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lilypond, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lilypond

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4756.data" diff --git a/danish/security/2020/dsa-4757.wml b/danish/security/2020/dsa-4757.wml deleted file mode 100644 index 031c8253ea1..00000000000 --- a/danish/security/2020/dsa-4757.wml +++ /dev/null @@ -1,52 +0,0 @@ -#use wml::debian::translation-check translation="2592e40c5d7143a6f575ff96f6127ba4fb3f18d5" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i HTTPD-serveren Apache.

- -
    - -
  • CVE-2020-1927 - -

    Fabrice Perez rapporterede at visse mod_rewrite-opsætninger var sårbare - over for en åben viderestilling.

    • - -
  • CVE-2020-1934 - -

    Chamal De Silva opdagede at modulet mod_proxy_ftp anvendte uinitialiseret - hukommelse, når det var en proxy for en ondsindet FTP-backend.

    • - -
  • CVE-2020-9490 - -

    Felix Wilhelm opdagede at en særligt fremstillet værdi for headeren - Cache-Digest i en HTTP/2-forespørgsel, kunne forårsage et nedbrud når - serveren efterfølgende faktisk prøvede at HTTP/2-PUSH'e en - ressource.

    • - -
  • CVE-2020-11984 - -

    Felix Wilhelm rapporterede om en bufferoverløbsfejl i modulet - mod_proxy_uwsgi, hvilken kunne medføre informationsafsløring eller - potentielt fjernudførelse af kode.

    • - -
  • CVE-2020-11993 - -

    Felix Wilhelm rapporterede at når trace/debug var aktiveret for - HTTP/2-modulet, kunne visse traffic edge-mønstre forårsage - logningsstatements i den forkerte forbindelse, medførende samtidig - anvendelse af hukommelsespools.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.4.38-3+deb10u4.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende apache2, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/apache2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4757.data" diff --git a/danish/security/2020/dsa-4758.wml b/danish/security/2020/dsa-4758.wml deleted file mode 100644 index 691770525d2..00000000000 --- a/danish/security/2020/dsa-4758.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="bfcc219f5681a7e9fe3402cc59af5549d48a67c0" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i X-serveren X.Org. Manglende rensning af -inddata i X-serverudvidelser kunne medføre lokal rettighedsforøgelse, hvis -X-serveren er opsat til at køre med root-rettigheder. Desuden er en -ASLR-omgåelse rettet.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2:1.20.4-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xorg-server, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xorg-server

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4758.data" diff --git a/danish/security/2020/dsa-4759.wml b/danish/security/2020/dsa-4759.wml deleted file mode 100644 index a3c43f07e34..00000000000 --- a/danish/security/2020/dsa-4759.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="54cb7987eeaacf4385374a59f97f480a812c4ae5" mindelta="1" -sikkerhedsopdatering - -

Fabian Vogt rapporterede at arkivmanageren Ark ikke rensede udpakningsstier, -hvilket kunne medføre ondsindet fremstillede arkiver med symlinks, der skrives -udenfor udpakningsmappen.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4:18.08.3-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine ark-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ark, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/ark

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4759.data" diff --git a/danish/security/2020/dsa-4760.wml b/danish/security/2020/dsa-4760.wml deleted file mode 100644 index b2f445abe33..00000000000 --- a/danish/security/2020/dsa-4760.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="669c87408de3af72c047aaa7ef3786903984b7ba" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i QEMU, en hurtig -processoremulator:

- -
    - -
  • CVE-2020-12829 - -

    Et heltalsoverløb i sm501-displayenheden kunne medføre - lammelsesangreb.

    • - -
  • CVE-2020-14364 - -

    En skrivning udenfor grænserne i USB-emuleringskoden kunne medføre - gæst til vært-kodeudførelse.

    • - -
  • CVE-2020-15863 - -

    Et bufferoverløb i XGMAC-netværksdriveren kunne medføre lammelsesangreb - eller udførelse af vilkårlig kode.

    • - -
  • CVE-2020-16092 - -

    En udløsbar assert i e1000e- og vmxnet3-enhederne kunne medføre - lammelsesangreb.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:3.1+dfsg-8+deb10u8.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qemu, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qemu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4760.data" diff --git a/danish/security/2020/dsa-4761.wml b/danish/security/2020/dsa-4761.wml deleted file mode 100644 index 8580c67ba91..00000000000 --- a/danish/security/2020/dsa-4761.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="176fe9aed0fbc36fe1bc0303df50e4f7e7fa68d4" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ZeroMQ, et letvægtsbibliotek til kernel messaging, ikke på -korrekt vis håndterede forbindende peers før et handshake var fuldført. En -fjern, uautentificeret klient, der forbinder sig til en applikation ved hjælp af -biblioteket libzmq, kørende med en socket som lytter med aktiveret -CURVE-kryptering/autentifikation, kunne drage nytte af fejlen til at forårsage -et lammelsesangreb, der påvirkede autentificerede og krypterede klienter.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.3.1-4+deb10u2.

- -

Vi anbefaler at du opgraderer dine zeromq3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende zeromq3, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/zeromq3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4761.data" diff --git a/danish/security/2020/dsa-4762.wml b/danish/security/2020/dsa-4762.wml deleted file mode 100644 index 3ac24b62f7a..00000000000 --- a/danish/security/2020/dsa-4762.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="77a1a54a1e720b7b6a4728d7991dec5b71920476" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at standardopsætningsfilerne til at køre Lemonldap::NG Web -SSO-systemet på webserveren Nginx, var sårbare over for autorisationsomgåelse af -URL-adgangsregler. Debian-pakkerne anvender som standard ikke Nginx..

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.0.2+ds-7+deb10u5, opdateringen leverer rettede eksempler på -opsætning, som skal integreres i udrullede Lemonldap::NG baseret på Nginx.

- -

Vi anbefaler at du opgraderer dine lemonldap-ng-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lemonldap-ng, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lemonldap-ng

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4762.data" diff --git a/danish/security/2020/dsa-4763.wml b/danish/security/2020/dsa-4763.wml deleted file mode 100644 index 29fcf5ef6b8..00000000000 --- a/danish/security/2020/dsa-4763.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f4c135d01ebacd4f69abc7f34e19ce2af0d49d07" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at utilstrækkelig rensning af modtagne netværkspakker i -Teeworlds' spilserver, et online-2-D-platformskydespil til flere personer, -kunne medføre lammelsesangreb.

- -

I den stabile distribution (buster), er dette problem rettet i -version 0.7.2-5+deb10u1.

- -

Vi anbefaler at du opgraderer dine teeworlds-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende teeworlds, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/teeworlds

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4763.data" diff --git a/danish/security/2020/dsa-4764.wml b/danish/security/2020/dsa-4764.wml deleted file mode 100644 index 6a9646b8019..00000000000 --- a/danish/security/2020/dsa-4764.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="5f3e79ef877d23efa55fa544436afab853649de5" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer blev opdaget i modulerne pgsql og mysql hørende til -IRC-dæmonen InspIRCd, hvilke kunne medføre lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.0.27-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine inspircd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende inspircd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/inspircd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4764.data" diff --git a/danish/security/2020/dsa-4765.wml b/danish/security/2020/dsa-4765.wml deleted file mode 100644 index 07c6e8f26ea..00000000000 --- a/danish/security/2020/dsa-4765.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b065b1cb4aeee3043ecfbff6dedae4d7f50fbcaf" mindelta="1" -sikkerhedsopdatering - -

Ervin Hegedues opdagede at ModSecurity v3 aktiverede global regulær -udtryk-matching, hvilket kunne medføre lammelsesangreb. For yderligere -oplysninger, se \ -https://coreruleset.org/20200914/cve-2020-15598/

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.0.3-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine modsecurity-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende modsecurity, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/modsecurity

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4765.data" diff --git a/danish/security/2020/dsa-4766.wml b/danish/security/2020/dsa-4766.wml deleted file mode 100644 index 3c2606841f1..00000000000 --- a/danish/security/2020/dsa-4766.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="7f3364db3e477a10e1a23c76dc53d567620d9ab7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i webframeworket Rails, hvilke -kunne medføre udførelse af skripter på tværs af websteder, informationslækager, -udførelse af kode, forfalskning af forespørgsler på tværs af websteder eller -omgåelse af uploadbegrænsninger.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2:5.2.2.1+dfsg-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende rails, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/rails

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4766.data" diff --git a/danish/security/2020/dsa-4767.wml b/danish/security/2020/dsa-4767.wml deleted file mode 100644 index 97959c8654e..00000000000 --- a/danish/security/2020/dsa-4767.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="dbf424479529f1ce388c9563597e59b1ae9a621e" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i MediaWiki, en webstedsmotor til -samarbejde: SpecialUserRights kunne lække hvorvidt en bruger findes eller ej, -adskillige kodestier manglende rensning af HTML, hvilket muliggjorde udførelse -af skripter på tværs af websteder og TOTP-validering havde utilstrækkelig -hastighedsbegrænsning mod brute force-forsøg på logon.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:1.31.10-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mediawiki, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mediawiki

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4767.data" diff --git a/danish/security/2020/dsa-4768.wml b/danish/security/2020/dsa-4768.wml deleted file mode 100644 index 7aa37410bb3..00000000000 --- a/danish/security/2020/dsa-4768.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="48834d10a4104ac36c3f9d5f545e09374d165f06" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode, udførelse af -skripter på tværs af websteder eller forfalskning af en downloads ophav.

- -

Debian følger Firefox udvidet support-udgaver (ESR). Supporten af -68.x-serien er ophørt, så begyndende med denne opdatering, følger vi nu -78.x-udgaverne.

- -

Mellem 68.x og 78.x, har Firefox haft et antal funktionalitetsopdateringer. -For flere oplysninger, se -\ -https://www.mozilla.org/en-US/firefox/78.0esr/releasenotes/

- -

I den stabile distribution (buster), er disse problemer rettet i -version 78.3.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4768.data" diff --git a/danish/security/2020/dsa-4769.wml b/danish/security/2020/dsa-4769.wml deleted file mode 100644 index c3aa4b07e45..00000000000 --- a/danish/security/2020/dsa-4769.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="084086e7e0be0ea4314be25891e17ee613e4971f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarhed er opdaget i hypervisor'en Xen, hvilke kunne medføre -lammelsesangreb, gæst til vært-rettighedsforøgelse eller -informationslækager.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.11.4+37-g3263f257ca-1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4769.data" diff --git a/danish/security/2020/dsa-4770.wml b/danish/security/2020/dsa-4770.wml deleted file mode 100644 index 3ba757fc998..00000000000 --- a/danish/security/2020/dsa-4770.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="ff8a3d6698e4eb0dad68c425924fd9c4c266c453" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb.

- -

Debian følger Thunderbirds opstrømsudgivelser. Understøttelse af 68.x-serien -er ophørt, så begyndende med denne opdatering følger vi 78.x-udgivelserne.

- -

Med 78.x-serien ophører understøttelse af nogle tilføjelser. Også begyndende -med 78, har Thunderbird indbygget understøttelse af OpenPGP. Hvis du i -øjeblikket anvender Enigmail-tilføjelse til PGP, så se de medfølgende NEWS- og -README.Debian.gz-filer for oplysninger om hvordan du kan migrere dine -nøgler.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:78.3.1-2~deb10u2.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4770.data" diff --git a/danish/security/2020/dsa-4771.wml b/danish/security/2020/dsa-4771.wml deleted file mode 100644 index bcf605cfc87..00000000000 --- a/danish/security/2020/dsa-4771.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="222ebe7a6bf7922775555dd58f45e6374e0bd033" mindelta="1" -sikkerhedsopdatering - -

Frediano Ziglio opdagede adskillige bufferoverløbssårbarheder i -QUIC-billeddekodningsprocessen i spice, et klient- og serverbibliotek til -SPICE-protokollen, hvilke kunne medføre lammelsesangreb eller muligvis -udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 0.14.0-1.3+deb10u1.

- -

Vi anbefaler at du opgraderer dine spice-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spice, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/spice

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4771.data" diff --git a/danish/security/2020/dsa-4772.wml b/danish/security/2020/dsa-4772.wml deleted file mode 100644 index 07d9497bedc..00000000000 --- a/danish/security/2020/dsa-4772.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="8694e8a0aa6b66cc5eac0865b3ee6a1d16f88792" mindelta="1" -sikkerhedsopdatering - -

Priyank Nigam opdagede at HttpComponents Client, en Java -HTTP-agentimplementering, kunne misfortolke en misdannet autoritetskomponent i -en forespørgsels-URI, og vælge den forkert målvært til udførelse af -forespørgslen.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.5.7-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine httpcomponents-client-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende httpcomponents-client, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/httpcomponents-client

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4772.data" diff --git a/danish/security/2020/dsa-4773.wml b/danish/security/2020/dsa-4773.wml deleted file mode 100644 index 8cbcceaed52..00000000000 --- a/danish/security/2020/dsa-4773.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="7c87d7393452c5b5f751f8802a32709ff0440f1d" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i yaws, en højtydende HTTP 1.1-webserver skrevet -i Erlang.

- -
    - -
  • CVE-2020-24379 - -

    Implementeringen af WebDAV var sårbar over for en XML External - Entity-indsprøjtningssårbarhed (XXE).

    • - -
  • CVE-2020-24916 - -

    Implementeringen af CGI rensede ikke på korrekt vis CGI-forespørgsler, - hvilket gjorde det muligt for en fjernangriber at udføre vilkårlige - shell-kommandoer gennem navne på særligt fremstillede udførbare - CGI-filer.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.0.6+dfsg-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine yaws-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende yaws, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/yaws

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4773.data" diff --git a/danish/security/2020/dsa-4774.wml b/danish/security/2020/dsa-4774.wml deleted file mode 100644 index 50fec7b661b..00000000000 --- a/danish/security/2020/dsa-4774.wml +++ /dev/null @@ -1,61 +0,0 @@ -#use wml::debian::translation-check translation="43f8d7b8b91b167696b5c84ec0911bab7b7073f2" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til udførelse -af vilkårlig kode, rettighedsforøgelse, lammelsesangreb eller -informationslækager.

- -
    - -
  • CVE-2020-12351 - -

    Andy Nguyen opdagede en fejl i Bluetooth-implementeringen i den måde, - L2CAP-pakker med A2MP CID håndteres. En fjernangriber indenfor kort - afstand, med kendskab til offerets Bluetooth-enhedsadresse, kunne sende en - ondsindet l2cap-pakke, og forårsage et lammelsesangreb eller muligvis - udførelse af vilkårlig kode med kernerettigheder.

    • - -
  • CVE-2020-12352 - -

    Andy Nguyen opdagede en fejl i Bluetooth-implementeringen. - Stakhukommelse blev ikke initialiseret på korrekt vis, ved håndtering af - visse AMP-pakker. En fjernangriber indenfor kort afstand, med kendskab til - offerets Bluetooth-enhedsadresse, kunne få fat i - kernestakoplysninger.

    • - -
  • CVE-2020-25211 - -

    En fejl blev opdaget i netfilter-undersystemet. En lokal angriber, der - er i stand til at indsprøjte conntrack Netlink-opsætning, kunne forårsage et - lammelsesangreb.

    • - -
  • CVE-2020-25643 - -

    ChenNan fra Chaitin Security Research Lab opdagede en fejl i modulet - hdlc_ppp. Ukorrekt validering af inddata i funktionen the ppp_cp_parse_cr() - kunne føre til hukommelseskorruption og informationsafsløring.

    • - -
  • CVE-2020-25645 - -

    En fejl blev opdaget i grænsefladedriveren til GENEVE-indkapslet trafik, - når den er kombineret med IPsec. Hvis IPsec er opsat til at kryptere - trafik til den specifikke UDP-port, som anvendes af GENEVE-tunnellen, blev - data ledt gennem tunnellen ikke på korrekt vis route't over den krypterede - forbindelse, og blev i stedet sendt ukrypteret.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.19.152-1. Sårbarhederne er rettet ved at rebase til den nye stabile -opstrømsversion 4.19.152, der indeholder yderligere fejlrettelser.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4774.data" diff --git a/danish/security/2020/dsa-4775.wml b/danish/security/2020/dsa-4775.wml deleted file mode 100644 index b388821acc0..00000000000 --- a/danish/security/2020/dsa-4775.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="47ed719741866bf1f4d6a0b2a4d1fc150669ebcc" mindelta="1" -sikkerhedsopdatering - -

En mappegennemløbssårbarhed blev opdaget i python-flask-cors, en -Flask-udvidelse til håndtering af Cross Origin Resource Sharing (CORS), hvilket -muliggjorde adgang til private ressourcer.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.0.7-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine python-flask-cors-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-flask-cors, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-flask-cors

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4775.data" diff --git a/danish/security/2020/dsa-4776.wml b/danish/security/2020/dsa-4776.wml deleted file mode 100644 index 6485221ff7f..00000000000 --- a/danish/security/2020/dsa-4776.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="7abec7b84c0b87a48c40352b6c19775c91833576" mindelta="1" -sikkerhedsopdatering - -

Et sikkerhedsproblem blev opdaget i databaseserveren MariaDB.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:10.3.25-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine mariadb-10.3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mariadb-10.3, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mariadb-10.3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4776.data" diff --git a/danish/security/2020/dsa-4777.wml b/danish/security/2020/dsa-4777.wml deleted file mode 100644 index 6574a0e4b5e..00000000000 --- a/danish/security/2020/dsa-4777.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ed1e1f09f1a02b5fb64ecaaa2d2c1ad889848e27" mindelta="1" -sikkerhedsopdatering - -

Sergei Glazunov opdagede en heapbaseret bufferoverløbssårbarhed i -håndteringen af indlejrede PNG-bitmaps i FreeType. Åbning af misdannede -skrifttyper kunne medføre lammelsesangreb eller udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i version -2.9.1-3+deb10u2.

- -

Vi anbefaler at du opgraderer dine freetype-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende freetype, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/freetype

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4777.data" diff --git a/danish/security/2020/dsa-4778.wml b/danish/security/2020/dsa-4778.wml deleted file mode 100644 index 33a5c1a29d3..00000000000 --- a/danish/security/2020/dsa-4778.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="ed4ab617fb1a1ab8f472460310403cbe8e0ab0b2" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i version -78.4.0esr-1~deb10u2.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4778.data" diff --git a/danish/security/2020/dsa-4779.wml b/danish/security/2020/dsa-4779.wml deleted file mode 100644 index 07c97932436..00000000000 --- a/danish/security/2020/dsa-4779.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="49c9c02fcd35a748d1bc71dbd76f36e2398379b9" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, hvilke kunne medføre -lammelsesangreb, informationsafsløring, omgåelse af adgang- og -sandkassebegrænsninger eller accept af certifikater, der ikke er tillid til.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 11.0.9+11-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine openjdk-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4779.data" diff --git a/danish/security/2020/dsa-4780.wml b/danish/security/2020/dsa-4780.wml deleted file mode 100644 index d57a1aea3fb..00000000000 --- a/danish/security/2020/dsa-4780.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="77fef7df03831026857223475848c017b9663843" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:78.4.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4780.data" diff --git a/danish/security/2020/dsa-4781.wml b/danish/security/2020/dsa-4781.wml deleted file mode 100644 index 04f1fa6bb3b..00000000000 --- a/danish/security/2020/dsa-4781.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="24a8e6648a8e931c21fe16282c314fc49bd9e50f" mindelta="1" -sikkerhedsopdatering - -

Vaisha Bernard opdagede at Blueman, et grafisk program til håndtering af -bluetooth, udførte utilstrækkelig validering af en D-Bus-grænseflade, hvilket -kunne medføre lammelsesangreb eller rettighedsforøgelse.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.0.8-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine blueman-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende blueman, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/blueman

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4781.data" diff --git a/danish/security/2020/dsa-4782.wml b/danish/security/2020/dsa-4782.wml deleted file mode 100644 index 298bf91a0c1..00000000000 --- a/danish/security/2020/dsa-4782.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="3b636d189609fe2f99f2d043ce92a23b50564375" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i håndteringen af normailsering med modrdn, blev opdaget i -OpenLDAP, en fri implementering af Lightweight Directory Access Protocol. En -ikke-autentificeret fjernangriber kunne udnytte fejlen til at forårsage et -lammelsesangreb (nedbrud i slapd-dæmonen) gennem en særligt fremstillet -pakke.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.4.47+dfsg-3+deb10u3.

- -

Vi anbefaler at du opgraderer dine openldap-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openldap, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openldap

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4782.data" diff --git a/danish/security/2020/dsa-4783.wml b/danish/security/2020/dsa-4783.wml deleted file mode 100644 index 8c03951ed97..00000000000 --- a/danish/security/2020/dsa-4783.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="62e867385e657a2c428718f79bffc5913ae54876" mindelta="1" -sikkerhedsopdatering - -

Fabian Vogt opdagede en fejl i sddm, en moderne displaymanager til X11. En -lokal angriber kunne drage nytte af en kapløbstilstand ved oprettelse af -Xauthority-filen, til at forøge sine rettigheder.

- -

I den stabile distribution (buster), er dette problem rettet i -version 0.18.0-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine sddm-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende sddm, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/sddm

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4783.data" diff --git a/danish/security/2020/dsa-4784.wml b/danish/security/2020/dsa-4784.wml deleted file mode 100644 index 2eaa7ec2b54..00000000000 --- a/danish/security/2020/dsa-4784.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="32eb021ce69470e37f636a50dfbdc3ae0caae152" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Wordpress, et webbloggingværktøj. De gjorde -det muligt for fjernangribere at køre usikker deserialisering, indlejre spam, -udføre forskellige angreb i forbindelse med Cross-Site Scripting (XSS) eller -Cross-Site Request Forgery (CSRF), forøge rettigheder, køre vilkårlig kode, samt -slette vilkårlige filer.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 5.0.11+dfsg1-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wordpress, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wordpress

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4784.data" diff --git a/danish/security/2020/dsa-4785.wml b/danish/security/2020/dsa-4785.wml deleted file mode 100644 index ed86de3e365..00000000000 --- a/danish/security/2020/dsa-4785.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="38473d2400c549003eb093bbd5cd612b743114dd" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at raptor2, et RDF-fortolkningsbibliotek, var ramt af -heapbaserede bufferoverløbsfejl, hvilke kunne medføre lammelsesangreb eller -potentielt udførelse af vilkårlig kode, hvis en særligt fremstillet fil blev -behandlet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.0.14-1.1~deb10u1.

- -

Vi anbefaler at du opgraderer dine raptor2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende raptor2, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/raptor2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4785.data" diff --git a/danish/security/2020/dsa-4786.wml b/danish/security/2020/dsa-4786.wml deleted file mode 100644 index 95ecc12c9f8..00000000000 --- a/danish/security/2020/dsa-4786.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="fe4c1fad846bf71114de153423dd8c842e66ed7d" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at en grænsekontrol i libexif, et bibliotek til fortolkning af -EXIF-filer, kunne optimeres væk af compileren, medførende et potentielt -bufferoverløb.

- -

I den stabile distribution (buster), er dette problem rettet i -version 0.6.21-5.1+deb10u5.

- -

Vi anbefaler at du opgraderer dine libexif-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libexif, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libexif

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4786.data" diff --git a/danish/security/2020/dsa-4787.wml b/danish/security/2020/dsa-4787.wml deleted file mode 100644 index 44ed862590d..00000000000 --- a/danish/security/2020/dsa-4787.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="818bc9ca653d5fd8cdbc924b0732dffb39f9d3ec" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i moin, en Python-klon af WikiWiki.

- -
    - -
  • CVE-2020-15275 - -

    Catarina Leite opdagede at moin var sårbar over for en gemt XSS-sårbarhed - gennem SVG-vedhæftelser.

    • - -
  • CVE-2020-25074 - -

    Michael Chapman opdagede at moin var sårbar over for en sårbarhed i - forbindelse med fjernudførelse af kode gennem en cache-action.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.9.9-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine moin-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende moin, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/moin

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4787.data" diff --git a/danish/security/2020/dsa-4788.wml b/danish/security/2020/dsa-4788.wml deleted file mode 100644 index f2fe8636257..00000000000 --- a/danish/security/2020/dsa-4788.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="4894519de93479b64fd24edbaa2775ffe0e67ed3" mindelta="1" -sikkerhedsopdatering - -

Et tilfælde af anvendelse efter frigivelse blev findet i webbrowseren Mozilla -Firefox, hvilket potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 78.4.1esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4788.data" diff --git a/danish/security/2020/dsa-4789.wml b/danish/security/2020/dsa-4789.wml deleted file mode 100644 index d1093f5a43d..00000000000 --- a/danish/security/2020/dsa-4789.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="d9df05ea9bcda9e60d3904cbe3a0f3b2bab462dd" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at codemirror, en browserbaseret teksteditor, implementeret i -JavaScript, var sårbar over for et lammelsesangreb i forbindelse med regulære -udtryk.

- -

I den stabile distribution (buster), er dette problem rettet i -version 5.43.0-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine codemirror-js-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende codemirror-js, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/codemirror-js

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4789.data" diff --git a/danish/security/2020/dsa-4790.wml b/danish/security/2020/dsa-4790.wml deleted file mode 100644 index 650fba30b86..00000000000 --- a/danish/security/2020/dsa-4790.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="2ef47fea430f56ad287c79129641120cbea6aef8" mindelta="1" -sikkerhedsopdatering - -

En anvendelse efter frigivelse blev fundet i Thunderbird, hvilket potentielt -kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:78.4.2-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4790.data" diff --git a/danish/security/2020/dsa-4791.wml b/danish/security/2020/dsa-4791.wml deleted file mode 100644 index 3ca47fcdbd1..00000000000 --- a/danish/security/2020/dsa-4791.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="b35f3578f60fe18b9150a0924ba18826c4d6be4c" mindelta="1" -sikkerhedsopdatering - -

Ken Gaillot opdagede en sårbarhed i programmet Pacemaker til -ressourceadministration af klynger: Hvis ACL'er var opsat for brugere i gruppen -haclient, kunne ACL-begrænsninger omgås gennem ubegrænset -IPC-kommunikation, medførende udførelse af kode med root-rettigheder på tværs af -klyngen.

- -

Hvis klyngevalgmuligheden enable-acl ikke er aktiveret, kan medlemmer -af gruppen haclient ændre Pacemakers Cluster Information Base, uden -begrænsninger, hvilket allerede giver dem disse muligheder, så der er ikke -yderligere bloglæggelse ved en sådan opsætning.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.0.1-5+deb10u1.

- -

Vi anbefaler at du opgraderer dine pacemaker-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pacemaker, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pacemaker

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4791.data" diff --git a/danish/security/2020/dsa-4792.wml b/danish/security/2020/dsa-4792.wml deleted file mode 100644 index a748deeea9e..00000000000 --- a/danish/security/2020/dsa-4792.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e6c23bf32eb3390fbeabb08bb19f804fcbc2efb3" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder i kontrollen af certifikatlistesyntaksen og håndteringen af -CSN-normalisering blev opdaget i OpenLDAP, en implementering af Lightweight -Directory Access Protocol. En uautentificeret fjernangriber kunne drage nytte -af disse fejl til at forårsage et lammelsesangreb (nedbrud i slapd-dæmonen) -ved hjælp af særligt fremstillede pakker.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.4.47+dfsg-3+deb10u4.

- -

Vi anbefaler at du opgraderer dine openldap-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openldap, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openldap

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4792.data" diff --git a/danish/security/2020/dsa-4793.wml b/danish/security/2020/dsa-4793.wml deleted file mode 100644 index 6a27c50b4a6..00000000000 --- a/danish/security/2020/dsa-4793.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="01ea964cfe7307b04fa9acda572fbb35e75d9d34" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode, -informationsafsløring, phishing, udførelse af skripter på tværs af websteder -eller et DNS-rebindingangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 78.5.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4793.data" diff --git a/danish/security/2020/dsa-4794.wml b/danish/security/2020/dsa-4794.wml deleted file mode 100644 index d5df2aa084f..00000000000 --- a/danish/security/2020/dsa-4794.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="a77a111514f428d19555f1fbbcfd53999d9d5f39" mindelta="1" -sikkerhedsopdatering - -

En heapbaseret bufferoverløbsfejl blev opdaget i MuPDF, en -letvægts-PDF-fremviser, hvilken kunne medføre lammelsesangreb eller udførelse -af vilkårlig kode, hvis misdannede dokumenter blev åbnet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.14.0+ds1-4+deb10u2.

- -

Vi anbefaler at du opgraderer dine mupdf-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mupdf, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/mupdf

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4794.data" diff --git a/danish/security/2020/dsa-4795.wml b/danish/security/2020/dsa-4795.wml deleted file mode 100644 index dabcca181d3..00000000000 --- a/danish/security/2020/dsa-4795.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="77f6c6ffc4351230bbf6de54a49a4d73644aa4c1" mindelta="1" -sikkerhedsopdatering - -

Demi Obeneour opdagede at ubegrænset rekursion i ASN1-fortolkeren i libkrb5, -kunne medføre lammelsesangreb.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.17-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende krb5, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/krb5

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4795.data" diff --git a/danish/security/2020/dsa-4796.wml b/danish/security/2020/dsa-4796.wml deleted file mode 100644 index 910ea7c41ca..00000000000 --- a/danish/security/2020/dsa-4796.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a2fe5cd27b7eedde80ea1e6ca891c1ae5314fcc1" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode eller lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:78.5.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4796.data" diff --git a/danish/security/2020/dsa-4797.wml b/danish/security/2020/dsa-4797.wml deleted file mode 100644 index e2df44f32c8..00000000000 --- a/danish/security/2020/dsa-4797.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="9008fd088ac7830da54eead9922fc56073220815" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2020-9948 - -

    Brendan Draper opdagede at behandling af ondsindet fremstillet - webindhold, kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2020-9951 - -

    Marcin Noga opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2020-9983 - -

    zhunki opdagede at behandling af ondsindet fremstillet webindhold, kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2020-13584 - -

    Cisco opdagede at behandling af ondsindet fremstillet webindhold, kunne - føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.30.3-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4797.data" diff --git a/danish/security/2020/dsa-4798.wml b/danish/security/2020/dsa-4798.wml deleted file mode 100644 index 5ed482e6c51..00000000000 --- a/danish/security/2020/dsa-4798.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ee39b5bf5c4b20218b693e1097819eda8f312d5c" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at SPIP, en webstedsmotor til udgivelser på internettet, -kontrollerede ikke på korrekt vis sine inddata. Dermed kunne autentificerede -brugere udføre vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.2.4-1+deb10u3.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spip, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/spip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4798.data" diff --git a/danish/security/2020/dsa-4799.wml b/danish/security/2020/dsa-4799.wml deleted file mode 100644 index ae54760476c..00000000000 --- a/danish/security/2020/dsa-4799.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="0bfac536f987e8669fb3459ac6ce097e4a8556c4" mindelta="1" -sikkerhedsopdatering - -

Guenal Davalan rapporterede om en fejl i x11vnc, en VNC-server der muliggør -fjernadgang til en eksisterende X-session. x11vnc opretter delte -hukommelsessegmenter med 0777-mode. En lokal angriber kunne drage nytte af -fejlen til informationsafsløring, lammelsesangreb eller interferens med en anden -brugers VNC-session på værten.

- -

I den stabile distribution (buster), er dette problem rettet i -version 0.9.13-6+deb10u1.

- -

Vi anbefaler at du opgraderer dine x11vnc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende x11vnc, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/x11vnc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4799.data" diff --git a/danish/security/2020/dsa-4800.wml b/danish/security/2020/dsa-4800.wml deleted file mode 100644 index cfebe3b368d..00000000000 --- a/danish/security/2020/dsa-4800.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="cf352e7c81827460aa4e72f28305a794a25189b3" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i libproxy, et bibliotek til automatisk -håndtering af proxyopsætning, hvilke kunne medføre lammelsesangreb eller -muligvis udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.4.15-5+deb10u1.

- -

Vi anbefaler at du opgraderer dine libproxy-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libproxy, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libproxy

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4800.data" diff --git a/danish/security/2020/dsa-4801.wml b/danish/security/2020/dsa-4801.wml deleted file mode 100644 index f616ac148d6..00000000000 --- a/danish/security/2020/dsa-4801.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="640681293aeb5a5c716a7d13d9aa732ea601a106" mindelta="1" -sikkerhedsopdatering - -

Et bufferoverløb blev opdaget i Brotli, en generelt anvendelig programsamling -til tabsfri komprimering.

- -

I den stabile distribution (buster), er dette problem rettet i version -1.0.7-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine brotli-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende brotli, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/brotli

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4801.data" diff --git a/danish/security/2020/dsa-4802.wml b/danish/security/2020/dsa-4802.wml deleted file mode 100644 index 996d50c7758..00000000000 --- a/danish/security/2020/dsa-4802.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="1efdaeff47e09a5430403d98cdcceb78fdbdf74c" mindelta="1" -sikkerhedsopdatering - -

Chiaki Ishikawa opdagede et stakoverløb i håndteringen af SMTP-serverstatus, -hvilken potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:78.5.1-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4802.data" diff --git a/danish/security/2020/dsa-4803.wml b/danish/security/2020/dsa-4803.wml deleted file mode 100644 index 12333d377a4..00000000000 --- a/danish/security/2020/dsa-4803.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="853e7157b6c69b10b7ad57e8eb149eeb8835c89d" mindelta="1" -sikkerhedsopdatering - -

Jan-Niklas Sohn opdagede at XKB-udvidelsen i Xorg X-serveren, udførte -ufuldstændig rensning af inddata, hvilket kunne medføre rettighedsforøgelse.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2:1.20.4-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xorg-server, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xorg-server

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4803.data" diff --git a/danish/security/2020/dsa-4804.wml b/danish/security/2020/dsa-4804.wml deleted file mode 100644 index 141db0512d9..00000000000 --- a/danish/security/2020/dsa-4804.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="52c25a73651cdd0f6563886626d1d0f9e77703f5" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget hypervisor'en Xen, hvilke kunne medføre -lammelsesangreb, rettighedsforøgelse eller informationslækager.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.11.4+57-g41a822c392-1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4804.data" diff --git a/danish/security/2020/dsa-4805.wml b/danish/security/2020/dsa-4805.wml deleted file mode 100644 index 736e33e6dcb..00000000000 --- a/danish/security/2020/dsa-4805.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="5361d530d3775946c18aa99359098765fef27557" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Apache Traffic Server, en reverse- og -forwardproxyserver:

- -
    - -
  • CVE-2020-17508 - -

    ESI-plugin'en var sårbar over for hukommelsesafsløring.

    • - -
  • CVE-2020-17509 - -

    Valgmuligheden til negativ cache var sårbar over for - cacheforgiftning.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 8.0.2+ds-1+deb10u4.

- -

Vi anbefaler at du opgraderer dine trafficserver-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende trafficserver, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/trafficserver

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4805.data" diff --git a/danish/security/2020/dsa-4806.wml b/danish/security/2020/dsa-4806.wml deleted file mode 100644 index 870d6060fb5..00000000000 --- a/danish/security/2020/dsa-4806.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c729654b8b27b17cf75c7c41de57c26fb0f1d02e" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at manglende rensning af inddata i minidlna, en letvægts- -DLNA/UPnP-AV-server, kunne medføre udførelse af vilkårlig kode. Desuden var -minidlna ramt af UPnP-sårbarheden CallStranger.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.2.1+dfsg-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine minidlna-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende minidlna, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/minidlna

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4806.data" diff --git a/danish/security/2020/dsa-4807.wml b/danish/security/2020/dsa-4807.wml deleted file mode 100644 index 2cf103f412b..00000000000 --- a/danish/security/2020/dsa-4807.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="a81106f7b85b7f3ec2fc49a5ea04ee1e4a0b7111" mindelta="1" -sikkerhedsopdatering - -

David Benjamin opdagede en fejl i funktionen GENERAL_NAME_cmp(), hviken kunne -forårsage en NULL-dereference, medførende lammelsesangreb.

- -

Yderligere oplysniger findes i opstrøms bulletin: -\ -https://www.openssl.org/news/secadv/20201208.txt

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.1.1d-0+deb10u4.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/openssl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4807.data" diff --git a/danish/security/2020/dsa-4808.wml b/danish/security/2020/dsa-4808.wml deleted file mode 100644 index 58f18ba095b..00000000000 --- a/danish/security/2020/dsa-4808.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="1c44da99abdcc572c0a11652a632da1dfa09d628" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at manglende rensning af inddata i ar-/tar-implementeringerne i -APT, pakkehåndteringsprogrammet på højt niveau, kunne medføre læsning udenfor -grænserne eller uendelige løkker, medførende lammelsesangreb ved behandling af -misdannede deb-filer.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.8.2.2.

- -

Vi anbefaler at du opgraderer dine apt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende apt, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/apt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4808.data" diff --git a/danish/security/2020/dsa-4809.wml b/danish/security/2020/dsa-4809.wml deleted file mode 100644 index 81ce3ecb49c..00000000000 --- a/danish/security/2020/dsa-4809.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="177915392051c5520c0eeb218c4d26110a695316" mindelta="1" -sikkerhedsopdatering - -

Forskellige hukommelses- og fildescriptorlækager blev opdaget i -Python-grænsefladen til APT-pakkehåndteringens runtimebibliotek, hvilke kunne -medføre lammelsesangreb.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.8.4.2.

- -

Vi anbefaler at du opgraderer dine python-apt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-apt, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-apt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4809.data" diff --git a/danish/security/2020/dsa-4810.wml b/danish/security/2020/dsa-4810.wml deleted file mode 100644 index 14690ad84a6..00000000000 --- a/danish/security/2020/dsa-4810.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="422c1a2029b44bd82236ff5b0b402513dd2c5b8a" mindelta="1" -sikkerhedsopdatering - -

Yaniv Nizry opdagede at clean-modulet i lxml, Python-bindinger til libxml2 og -libxslt, kunne omgås.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.3.2-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine lxml-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lxml, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lxml

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4810.data" diff --git a/danish/security/2020/dsa-4811.wml b/danish/security/2020/dsa-4811.wml deleted file mode 100644 index 6767b17a9b1..00000000000 --- a/danish/security/2020/dsa-4811.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="1e5f62f34bcc8da30f41325ca8cb664f8713412c" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at standardsortlisten i XStream, et Java-bibliotek til -serialisering af objekter til XML og tilbage igen, var sårbar over for udførelse -af vilkårlige shellkommandoer, ved at manipulere med den behandlede -inddatastrøm.

- -

For yderligere dybdegående sikring anbefales det at skifte til -hvidlistefremgangsmåden i XStreams sikkerhedsframework. For yderligere -oplysninger, se -\ -https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.4.11.1-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine libxstream-java-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libxstream-java, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libxstream-java

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4811.data" diff --git a/danish/security/2020/dsa-4812.wml b/danish/security/2020/dsa-4812.wml deleted file mode 100644 index 0499de773eb..00000000000 --- a/danish/security/2020/dsa-4812.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="413d84f94ed95dc443860b5c01ced890a3d079ef" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisor'en Xen:

- -

Flere sikkerhedsproblemer, som påvirker Xenstore, kunne medføre adgang på -tværs af domæner (lammelsesangreb, informationslækager eller -rettighedsforøgelse) eller lammelsesangreb mod xenstored.

- -

Yderligere sårbarheder kunne medføre gæst til vært-lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.11.4+57-g41a822c392-2.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4812.data" diff --git a/danish/security/2020/dsa-4813.wml b/danish/security/2020/dsa-4813.wml deleted file mode 100644 index b4120548e87..00000000000 --- a/danish/security/2020/dsa-4813.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e4169c02d604d087402edc425d03a12498b1acaa" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode, -informationsafsløring eller omgåelse af CSS-rensning.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 78.6.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4813.data" diff --git a/danish/security/2020/dsa-4814.wml b/danish/security/2020/dsa-4814.wml deleted file mode 100644 index 73dda6d5f04..00000000000 --- a/danish/security/2020/dsa-4814.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="3bcb07ac79215b801fafacf8e2f96929da3e7a67" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at xerces-c, et valideringsbibliotek til fortolkning af XML til -C++, ikke på korrekt vis scanede DTD'er. Anvendelse efter -frigivelse-sårbarheden, som var resultatet af dette problem, gjorde det muligt -for en fjernangriber at benytte en særligt fremstillet XML-fil til at få -applikationen til at gå ned, eller til potentielt at udføre vilkårlig kode. -Bemærk at patch'en som retter dette problem, kommer som følge af en nyligt -opstået hukommelseslækage.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.2.2+debian-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine xerces-c-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xerces-c, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xerces-c

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4814.data" diff --git a/danish/security/2020/dsa-4815.wml b/danish/security/2020/dsa-4815.wml deleted file mode 100644 index 95eb780dea7..00000000000 --- a/danish/security/2020/dsa-4815.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="363db9b6da2f5fc2a5ca52a848bb373866791844" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode, lammelsesangreb eller informationslækage.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:78.6.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4815.data" diff --git a/danish/security/2020/dsa-4816.wml b/danish/security/2020/dsa-4816.wml deleted file mode 100644 index 772ea9fc9f4..00000000000 --- a/danish/security/2020/dsa-4816.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="a8cb97c201a8d45a55a7f5eaee9906dba8146ca1" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er opdaget i MediaWiki, et webstedsmotor til -samarbejdsprojekter, hvilke kunne medføre udførelse af skripter på tværs af -websteder eller blotlæggelse af skjulte brugere.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:1.31.12-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mediawiki, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mediawiki

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4816.data" diff --git a/danish/security/2020/dsa-4817.wml b/danish/security/2020/dsa-4817.wml deleted file mode 100644 index dbb3245ee44..00000000000 --- a/danish/security/2020/dsa-4817.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="39622941f7edb860ecb91d028749e4646a223ee6" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i PEAR-pakken Archive_Tar til håndtering af -tar-filer i PHP, som potentielt gjorde det muligt for en fjernangriber at udføre -vilkårlig kode eller overskrive filer.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:1.10.6+submodules+notgz-1.1+deb10u1.

- -

Vi anbefaler at du opgraderer dine php-pear-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php-pear, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php-pear

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4817.data" diff --git a/danish/security/2020/dsa-4818.wml b/danish/security/2020/dsa-4818.wml deleted file mode 100644 index 81dd02b2059..00000000000 --- a/danish/security/2020/dsa-4818.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="3f0f1a56a7218bc43e4769bf32b0352523c9a436" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Sympa, et program til postlistehåndtering, -hvilket kunne medføre lokal rettighedsforøgelse, lammelsesangreb eller -uautoriseret adgang gennem SOAP-API'et.

- -

Desuden, for at afhjælpe -\ -CVE-2020-26880, er sympa_newaliases-wrapper ikke længere som standard -installeret setuid root. Et nyt Debconf-spørgsmål er indført, for at -muliggøre setuid-installationer i opsætninger hvor det er nødvendigt.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 6.2.40~dfsg-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine sympa-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende sympa, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/sympa

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4818.data" diff --git a/danish/security/2020/dsa-4819.wml b/danish/security/2020/dsa-4819.wml deleted file mode 100644 index 356d3a8f1b5..00000000000 --- a/danish/security/2020/dsa-4819.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e16ef96d005299e94ef1566037aa03ca560f5d1f" mindelta="1" -sikkerhedsopdatering - -

Stephane Chauveau opdagede at implementeringen af grafikprotokollen i Kitty, -en GPU-baseret terminalemulator, ikke rensede et filnavn når der blev returneret -en fejlmeddelelse, hvilket kunne medføre udførelse af vilkårlige -shell-kommandoer, når der vises en fil med kommandoen cat.

- -

I den stabile distribution (buster), er dette problem rettet i -version 0.13.3-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine kitty-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende kitty, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/kitty

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4819.data" diff --git a/danish/security/2020/dsa-4820.wml b/danish/security/2020/dsa-4820.wml deleted file mode 100644 index 5073f1b5701..00000000000 --- a/danish/security/2020/dsa-4820.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="6db6669bbf0a79c0b400f97ed17d0e64d26e337b" mindelta="1" -sikkerhedsopdatering - -

Pritam Singh opdagede en åben viderestilling i workflowformularerne i -OpenStack Horizon.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3:14.0.2-3+deb10u2.

- -

Vi anbefaler at du opgraderer dine horizon-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende horizon, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/horizon

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4820.data" diff --git a/danish/security/2020/dsa-4821.wml b/danish/security/2020/dsa-4821.wml deleted file mode 100644 index 3abbfa7ef35..00000000000 --- a/danish/security/2020/dsa-4821.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="ac4a3040fa04b98f1db354527f6cdb1ecb042cb4" mindelta="1" -sikkerhedsopdatering - -

Alex Birnberg opdagede at roundcube, en skinbar AJAX-baseret webmailløsning -til IMAP-servers, var sårbar over for en sårbarhed i forbindelse med udførelse -af skripter på tværs af websteder ved håndtering af HTML- eller ren -tekst-meddelelser med ondsindet indhold.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.3.16+dfsg.1-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine roundcube-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende roundcube, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/roundcube

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2020/dsa-4821.data" diff --git a/danish/security/2020/index.wml b/danish/security/2020/index.wml deleted file mode 100644 index e410aa98efa..00000000000 --- a/danish/security/2020/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -Sikkerhedsbulletiner fra 2020 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list_security -#use wml::debian::translation-check translation="1ed08b85438644aeac272b25eee88bcc365092dc" - -<:= get_directory_security_list ('.', '$(ENGLISHDIR)/security/2020' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2021/Makefile b/danish/security/2021/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2021/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2021/dsa-4822.wml b/danish/security/2021/dsa-4822.wml deleted file mode 100644 index 716895cb3bf..00000000000 --- a/danish/security/2021/dsa-4822.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ce053bc67f7e188f5978ad5bbfd7c2786669f07c" mindelta="1" -sikkerhedsopdatering - -

David Cook rapporterede om flere hukommelsessikkerhedsproblemer, som -påvirkede RPC-protokollen i p11-kit, et bibliotek som leverer en metode til -indlæsning og opregning af PKCS#11-moduler.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.23.15-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine p11-kit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende p11-kit, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/p11-kit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4822.data" diff --git a/danish/security/2021/dsa-4823.wml b/danish/security/2021/dsa-4823.wml deleted file mode 100644 index 09652ed5402..00000000000 --- a/danish/security/2021/dsa-4823.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="df41ee2d83423c2e6bcdc9061671b96ead8a6074" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ukorrekt validering af JWT-tokens i InfluxDB, en tidsserie-, -metrik- og analytikdatabase, hvilket kunne medføre omgåelse af -autentificering.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.6.4-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine influxdb-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende influxdb, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/influxdb

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4823.data" diff --git a/danish/security/2021/dsa-4824.wml b/danish/security/2021/dsa-4824.wml deleted file mode 100644 index 2618503a3d3..00000000000 --- a/danish/security/2021/dsa-4824.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b7239518c823ae53e2826fd2e71efbc6e91007e3" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i webbrowseren Chromium, hvilke -kunne medføre udførelse af vilkårlig kode, lammelsesangreb eller -informationsafsløring.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 87.0.4280.88-0.4~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4824.data" diff --git a/danish/security/2021/dsa-4825.wml b/danish/security/2021/dsa-4825.wml deleted file mode 100644 index f33bef999ef..00000000000 --- a/danish/security/2021/dsa-4825.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="28bc87857803972597b697f1aafdfc05773ea8db" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i mailserveren Dovecot.

- -
    - -
  • CVE-2020-24386 - -

    Når imap-davle er aktiv, kunne en angriber (med gyldige loginoplysninger - til at tilgå mailserveren) få Dovecot til at opdage filsystemets - mappestrukturer og tilgå andre brugeres mail gennem særligt fremstillede - kommandoer.

    • - -
  • CVE-2020-25275 - -

    Innokentii Sennovskiy rapporterede at mailaflevering og -fortolkning i - Dovecot kunne gå ned, når den 10000. MIME-del var en message/rfc822 (eller - hvis ophavet var multipart/digest). Fejlen blev indført af tidligere - ændringer, som løste - \ - CVE-2020-12100.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:2.3.4.1-5+deb10u5.

- -

Vi anbefaler at du opgraderer dine dovecot-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dovecot, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/dovecot

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4825.data" diff --git a/danish/security/2021/dsa-4826.wml b/danish/security/2021/dsa-4826.wml deleted file mode 100644 index 061274e1167..00000000000 --- a/danish/security/2021/dsa-4826.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="27a3db159df9f47798f0f5c818d5f1dafdd4a815" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Node.js, hvilke kunne medføre lammelsesangreb -og potentielt udførelse af vilkårlig kode eller smugling af -HTTP-forespørgsler.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 10.23.1~dfsg-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine nodejs-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nodejs, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nodejs

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4826.data" diff --git a/danish/security/2021/dsa-4827.wml b/danish/security/2021/dsa-4827.wml deleted file mode 100644 index 9973a24c11d..00000000000 --- a/danish/security/2021/dsa-4827.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="2250192440b4e4662c2bd0c7ab63e34e6ff313ee" mindelta="1" -sikkerhedsopdatering - -

En sikkerhedsfejl blev fundet i webbrowseren Mozilla Firefox, hvilken -potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 78.6.1esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4827.data" diff --git a/danish/security/2021/dsa-4828.wml b/danish/security/2021/dsa-4828.wml deleted file mode 100644 index fa74b51baf5..00000000000 --- a/danish/security/2021/dsa-4828.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="c7278d0cf5a2c92a64386bb83ed50bdb7e9b56f4" mindelta="1" -sikkerhedsopdatering - -

Liaogui Zhong opdagede to sikkerhedsproblemer i XStream, et Java-bibliotek -til serialisering af objekter til XML og tilbage igen, hvilke kunne medføre -sletning af filer eller forfalskning af serversideforespørgsler under -unmarshalling.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.4.11.1-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine libxstream-java-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libxstream-java, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libxstream-java

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4828.data" diff --git a/danish/security/2021/dsa-4829.wml b/danish/security/2021/dsa-4829.wml deleted file mode 100644 index 6bd90c24e55..00000000000 --- a/danish/security/2021/dsa-4829.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="6deb41e83064921e63d318734179cf3b4d8867e0" mindelta="1" -sikkerhedsopdatering - -

En fejl blev opdaget i coturn, en TURN- og STUN-server til VoIP. Som -standard tillader coturn ikke peers på loopbackadresser (127.x.x.x og ::1). En -fjernangriber kunne omgå beskyttelsen gennem en særligt fremstillet -forespørgsel, som anvender peeradressen 0.0.0.0 og narrer coturn til at -relay'e til loopbackgrænsefladen. Hvis der lyttes på IPv6, er -loopbackgrænsefladen også tilgængelig ved at anvende enten [::1] eller [::] som -adressen.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.5.1.1-1.1+deb10u2.

- -

Vi anbefaler at du opgraderer dine coturn-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende coturn, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/coturn

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4829.data" diff --git a/danish/security/2021/dsa-4830.wml b/danish/security/2021/dsa-4830.wml deleted file mode 100644 index 4ca8e4ad3c5..00000000000 --- a/danish/security/2021/dsa-4830.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="cc173b8d34b89c7d43e8628759e88ae4a67b7db9" mindelta="1" -sikkerhedsopdatering - -

Simon McVittie opdagede en fejl i servicen flatpak-portal, som kunne gøre det -muligt for applikationer i sandkasser at udføre vilkårlig kode på værtssystemet -(undslippelse fra sandkassen).

- -

Flatpak-portalens D-Bus-service (flatpak-portal, også kendt under sit -D-Bus-servicenavn org.freedesktop.portal.Flatpak), tillod at apps i en -Flatpak-sandkasse til at starte deres egne underprocesser i en ny -sandkasseinstans, enten med de samme sikkerhedsindstillinger som den kaldende -eller med mere restriktive sikkerhedsindstillinger. Eksempelvis anvendes det i -Flatpak-pakkede webbrowsere så som Chromium, til at starte underprocesser som -vil behandle webindhold der ikke er tillid til, og give disse underprocesser en -mere restriktiv sandkasse end browseren selv.

- -

I sårbare versioner overførte Flatpak-portalservicen miljøvariabler, angivet -af den kaldende, til processer som ikke er i sandkasser på værtssystemet, og i -særdeleshed til flatpaks run-kommando, som anvendes til at starte den nye -sandkasseinstans. En ondsindet eller komprimitteret Flatpak-app kunne opsætte -miljøvariabler, som flatpaks run-kommando har tillid til, og anvendes dem til at -udføre vilkårlig kode, som ikke er i en sandkasse.

- -

I den stabile distribution (buster), er dette problem rettet i version -1.2.5-0+deb10u2.

- -

Vi anbefaler at du opgraderer dine flatpak-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende flatpak, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/flatpak

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4830.data" diff --git a/danish/security/2021/dsa-4831.wml b/danish/security/2021/dsa-4831.wml deleted file mode 100644 index 8ab79bad4a8..00000000000 --- a/danish/security/2021/dsa-4831.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="6d1643a67509927d077347faabf9fdb8fdcb2dc5" mindelta="1" -sikkerhedsopdatering - -

Johan Smits opdagede at ruby-redcarpet, en markdown-fortolker, ikke på -korrekt vis valideres sine inddata. Dermed kunne en angriber iværksætte et -angreb i forbindelse med udførelse af skripter på tværs af websteder.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.4.0-4+deb10u1.

- -

Vi anbefaler at du opgraderer dine ruby-redcarpet-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-redcarpet, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-redcarpet

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4831.data" diff --git a/danish/security/2021/dsa-4832.wml b/danish/security/2021/dsa-4832.wml deleted file mode 100644 index 99ac9845d2e..00000000000 --- a/danish/security/2021/dsa-4832.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="a5c79088ff2296ccbad43ece8403cb9d49aa69ac" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget webbrowseren Chromium, hvilke -kunne medføre udførelse af vilkårlig kode, lammelsesangreb eller -informationsafsløring.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 87.0.4280.141-0.1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4832.data" diff --git a/danish/security/2021/dsa-4833.wml b/danish/security/2021/dsa-4833.wml deleted file mode 100644 index 971cffe9224..00000000000 --- a/danish/security/2021/dsa-4833.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="44daa28d7165e7856597605819dd8a2aa51c048f" mindelta="1" -sikkerhedsopdatering - -

Andrew Wesie opdagede et bufferoverløb i H264-understøttelsen i -multimedieframeworket GStreamer, hvilket potentielt kunne medføre udførelse af -vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.14.4-1deb10u1.

- -

Vi anbefaler at du opgraderer dine gst-plugins-bad1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gst-plugins-bad1.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4833.data" diff --git a/danish/security/2021/dsa-4834.wml b/danish/security/2021/dsa-4834.wml deleted file mode 100644 index 478b5ac346c..00000000000 --- a/danish/security/2021/dsa-4834.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="13bfa3423af65169b2f2d0d153f852ba4103dd3c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i medieafspilleren VLC, hvilke kunne -medføre udførelse af vilkårlig kode eller lammelsesangreb, hvis en misdannet -mediefil blev åbnet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.0.12-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende vlc, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/vlc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4834.data" diff --git a/danish/security/2021/dsa-4835.wml b/danish/security/2021/dsa-4835.wml deleted file mode 100644 index e09b39e5b92..00000000000 --- a/danish/security/2021/dsa-4835.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="3fea03cb934f83fd2586afe70178153c8330281f" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Tomcat-servlet'en og JSP-motoren, hvilke kunne -føre til informationsafsløring.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 9.0.31-1~deb10u3.

- -

Vi anbefaler at du opgraderer dine tomcat9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tomcat9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tomcat9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4835.data" diff --git a/danish/security/2021/dsa-4836.wml b/danish/security/2021/dsa-4836.wml deleted file mode 100644 index 8d9fea34e06..00000000000 --- a/danish/security/2021/dsa-4836.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="9510422e7838a480b1a6078d836538bb3c6b029a" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i LLPD-implementeringen af Open vSwitch, en -softwarebaseret virtuel ethernet-switch, hvilke kunne medføre -lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.10.6+ds1-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine openvswitch-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openvswitch, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openvswitch

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4836.data" diff --git a/danish/security/2021/dsa-4837.wml b/danish/security/2021/dsa-4837.wml deleted file mode 100644 index b7e9a362ad4..00000000000 --- a/danish/security/2021/dsa-4837.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="23b235270837433bab2ef3d3919d771d79b42a73" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i salt, et ydedygtigt program til håndtering -af fjernudførelse. Fejlene kunne medføre omgåelse af autentifikation og kald af -Salg SSH, oprettelse af certifikater med svage filrettigheder gennem -TLS-udførelsesmodulet eller shellindsprøjtninger med Salt API'et ved hjælp af -SSH-klienten.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2018.3.4+dfsg1-6+deb10u2.

- -

Vi anbefaler at du opgraderer dine salt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende salt, se -dens sikkerhedssporingssidede på: -https://security-tracker.debian.org/tracker/salt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4837.data" diff --git a/danish/security/2021/dsa-4838.wml b/danish/security/2021/dsa-4838.wml deleted file mode 100644 index 9e0f132a7c8..00000000000 --- a/danish/security/2021/dsa-4838.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7332091fb9221dc7f16942318bcf63cea083ed52" mindelta="1" -sikkerhedsopdatering - -

Tavis Ormandy opdagede en hukommelseslækagefejl i fortolkningen af -rfc822-gruppemodtager i Mutt, et tekstbaseret mailprogram som understøtter MIME, -GPG, PGP og threading; fejlen kunne medføre lammelsesangreb.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.10.1-2.1+deb10u5.

- -

Vi anbefaler at du opgraderer dine mutt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mutt, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/mutt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4838.data" diff --git a/danish/security/2021/dsa-4839.wml b/danish/security/2021/dsa-4839.wml deleted file mode 100644 index 5fbecc42cb2..00000000000 --- a/danish/security/2021/dsa-4839.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="3430520092002ba2cf08a905c95e82635551b172" mindelta="1" -sikkerhedsopdatering - -

Qualys Research Labs opdagede en heapbaseret bufferoverløbssårbarhed i sudo, -et program designet til at give begrænsede superbrugerrettigheder til specifikke -brugere. Enhver lokal bruger (sudoere og ikke-sudoere) kunne udnytte fejlen til -root-rettighedsforøgelse.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.8.27-1+deb10u3.

- -

Vi anbefaler at du opgraderer dine sudo-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende sudo, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/sudo

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4839.data" diff --git a/danish/security/2021/dsa-4840.wml b/danish/security/2021/dsa-4840.wml deleted file mode 100644 index e5c1f5cc037..00000000000 --- a/danish/security/2021/dsa-4840.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="105f0db4e352f9e78b2dc8c412985cf171a97805" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode eller -informationsafsløring.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 78.7.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4840.data" diff --git a/danish/security/2021/dsa-4841.wml b/danish/security/2021/dsa-4841.wml deleted file mode 100644 index 2cc123a6675..00000000000 --- a/danish/security/2021/dsa-4841.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="29834dabc5508da0cafcf2a974c4ab5c7943d209" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Simple Linux Utility til -Resource Management (SLURM), en system til ressourcehåndtering og jobplanlægning -af klynger, hvilke kunne medføre lammelsesangreb, informationsafsløring eller -rettighedsforøgelse.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 18.08.5.2-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine slurm-llnl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende slurm-llnl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/slurm-llnl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4841.data" diff --git a/danish/security/2021/dsa-4842.wml b/danish/security/2021/dsa-4842.wml deleted file mode 100644 index 526feb43a36..00000000000 --- a/danish/security/2021/dsa-4842.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="6c95eff37261f5db13f187dc4c5f8c9ce72e75bc" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i Thunderbird, hvilke kunne føre til -udførelse af vilkårlig kode, lammelsesangreb eller en informationslækage.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:78.7.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4842.data" diff --git a/danish/security/2021/dsa-4843.wml b/danish/security/2021/dsa-4843.wml deleted file mode 100644 index 8b6f83bfd50..00000000000 --- a/danish/security/2021/dsa-4843.wml +++ /dev/null @@ -1,94 +0,0 @@ -#use wml::debian::translation-check translation="7d4e416de9b0d5870d3b56d250bdbed4f5cdde8b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2020-27815 - -

    En fejl blev rapporteret i JFS-filsystemskoden, som tillod at en lokal - angriber med mulighed for at opsætte udvidede attributter, kunne forårsage - et lammelsesangreb.

    • - -
  • CVE-2020-27825 - -

    Adam pi3 Zabrocki rapporterede om en fejl i forbindelse med - anvendelse efter frigivelse i logikken til ændring af størrelsen på ftraces - ringbuffer, på grund af en kapløbstilstand, hvilken kunne medføre - lammelsesangreb eller informationslækage.

    • - -
  • CVE-2020-27830 - -

    Shisong Qin rapporterede om en NULL-pointerdereferencefejl i - skærmlæsercoredriveren Speakup.

    • - -
  • CVE-2020-28374 - -

    David Disseldorp opdagede at LIO SCSI-målimplementeringen udførte - utilstrækkelig kontrol af visse XCOPY-forespørgsler. En angriber med - adgang til en LUN samt viden om Unit Serial Number-tildelinger, kunne drage - nytte af fejlen til at læse og skrive til enhver LIO-backstore, uafhængigt - af SCSI-transportindstillingerne.

    • - -
  • CVE-2020-29568 (XSA-349) - -

    Michael Kurth og Pawel Wieczorkiewicz rapporterede at frontends kunne - udløse en OOM i backends, ved at opdatere en overvåget sti.

    • - -
  • CVE-2020-29569 (XSA-350) - -

    Olivier Benjamin og Pawel Wieczorkiewicz rapporterede om en fejl i - forbindelse med anvendelse efter frigivelse, hvilken kunne udløses af en - blockfrontend i Linux' blkback. En gæst der ikke opfører sig korrekt, kunne - udløse et dom0-nedbrud ved uafbrudt at tilslutte og fjerne en - blockfrontend.

    • - -
  • CVE-2020-29660 - -

    Jann Horn rapporterede om et inkonsistent låsningsproblem i - tty-undersystemet, hvilket kunne gøre det muligt for en lokal angriber at - iværksætte et læsning efter frigivelse-angreb mod TIOCGSID.

    • - -
  • CVE-2020-29661 - -

    Jann Horn rapporterede om et låsningsproblem i tty-undersystemet, hvilket - kunne medføre en anvendelse efter frigivelse. En lokal angriber kunne drage - nytte af fejlen til hukommelseskorruption eller rettighedsforøgelse.

    • - -
  • CVE-2020-36158 - -

    En bufferoverløbsfejl blev opdaget i mwifiex-WiFi-driveren, hvilken kunne - medføre lammelsesangreb eller udførelse af vilkårlig kode gennem en lang - SSID-værdi.

    • - -
  • CVE-2021-3347 - -

    Man opdagede at PI-futexe'er havde anvendelse efter frigivelse i - kernestakken under fejlhåndtering. En upriviligeret bruger kunne udnytte - fejlen til at få kerne til at gå ned (medførende lammelsesangreb) eller til - rettighedsforøgelse.

    • - -
  • CVE-2021-20177 - -

    En fejl blev opdaget i Linux-implementeringen af stringmatching i en - pakke. En priviligeret bruger (med root eller CAP_NET_ADMIN) kunne drage - nytte af fejlen til at forårsage en kernepanik, når der blev indsat - iptables-regler.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.19.171-2.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4843.data" diff --git a/danish/security/2021/dsa-4844.wml b/danish/security/2021/dsa-4844.wml deleted file mode 100644 index c4764a2f9e5..00000000000 --- a/danish/security/2021/dsa-4844.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="3b85f13b6ae7d2b5dc01f391605934669f18117f" mindelta="1" -sikkerhedsopdatering - -

Moshe Kol og Shlomi Oberman fra JSOF opdagede flere sårbarheder i dnsmasq, en -lille caching-DNS-proxy og DHCP-/TFTP-server. De kunne medføre lammelsesangreb, -cacheforgiftning eller udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.80-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine dnsmasq-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dnsmasq, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/dnsmasq

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4844.data" diff --git a/danish/security/2021/dsa-4845.wml b/danish/security/2021/dsa-4845.wml deleted file mode 100644 index cdf70cf80f7..00000000000 --- a/danish/security/2021/dsa-4845.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="5953186c6296cf5c12835b1379935c80bc126430" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i OpenLDAP, en fri implementering af -Lightweight Directory Access Protocol. En uautentificeret fjernangriber kunne -drage nytte af disse fejl til at forårsage et lammelsesangreb (nedbrud i -slapd-dæmonen, uendelige løkker) gennem særligt fremstillede pakker.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.4.47+dfsg-3+deb10u5.

- -

Vi anbefaler at du opgraderer dine openldap-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openldap, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openldap

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4845.data" diff --git a/danish/security/2021/dsa-4846.wml b/danish/security/2021/dsa-4846.wml deleted file mode 100644 index f28ea92d0ea..00000000000 --- a/danish/security/2021/dsa-4846.wml +++ /dev/null @@ -1,169 +0,0 @@ -#use wml::debian::translation-check translation="603ec322379c4d19ac2617c6e9f713349947c37e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget webbrowseren chromium.

- -
    - -
  • CVE-2020-16044 - -

    Ned Williamson opdagede et problem med anvendelse efter frigivelse i - implementeringen af WebRTC.

    • - -
  • CVE-2021-21117 - -

    Rory McNamara opdagede et problem med policyhåndhævelse i - Cryptohome.

    • - -
  • CVE-2021-21118 - -

    Tyler Nighswander opdagede et datavalideringsproblem i - JavaScript-biblioteket v8.

    • - -
  • CVE-2021-21119 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - mediehåndteringen.

    • - -
  • CVE-2021-21120 - -

    Nan Wang og Guang Gong opdagede et problem med anvendelse efter - frigivelse i implementeringen af WebSQL.

    • - -
  • CVE-2021-21121 - -

    Leecraso og Guang Gong opdagede et problem med anvendelse efter - frigivelse i Omnibox.

    • - -
  • CVE-2021-21122 - -

    Renata Hodovan opdagede et problem med anvendelse efter frigivelse i - Blink/WebKit.

    • - -
  • CVE-2021-21123 - -

    Maciej Pulikowski opdagede et datavalideringsproblem.

    • - -
  • CVE-2021-21124 - -

    Chaoyang Ding opdagede et problem med anvendelse efter frigivelse i - talegenkendelsen.

    • - -
  • CVE-2021-21125 - -

    Ron Masas opdagede et problem med policyhåndhævelse.

    • - -
  • CVE-2021-21126 - -

    David Erceg opdagede et problem med policyhåndhævelse i - udvidelser.

    • - -
  • CVE-2021-21127 - -

    Jasminder Pal Singh opdagede et problem med policyhåndhævelse i - udvidelser.

    • - -
  • CVE-2021-21128 - -

    Liang Dong opdagede et bufferoverløbsproblem i Blink/WebKit.

    • - -
  • CVE-2021-21129 - -

    Maciej Pulikowski opdagede et problem med policyhåndhævelse.

    • - -
  • CVE-2021-21130 - -

    Maciej Pulikowski opdagede et problem med policyhåndhævelse.

    • - -
  • CVE-2021-21131 - -

    Maciej Pulikowski opdagede et problem med policyhåndhævelse.

    • - -
  • CVE-2021-21132 - -

    David Erceg opdagede en implementeringsfejl i - udviklerværktøjerne.

    • - -
  • CVE-2021-21133 - -

    wester0x01 opdagede et problem med policyhåndhævelse.

    • - -
  • CVE-2021-21134 - -

    wester0x01 opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2021-21135 - -

    ndevtk opdagede en implementeringsfejl i Performance API.

    • - -
  • CVE-2021-21136 - -

    Shiv Sahni, Movnavinothan V og Imdad Mohammed opdagede en fejl med - policyhåndhævelse.

    • - -
  • CVE-2021-21137 - -

    bobbybear opdagede en implementeringsfejl i udviklerværktøjerne.

    • - -
  • CVE-2021-21138 - -

    Weipeng Jiang opdagede et problem med anvendelse efter frigivelse i - udviklerværktøjerne.

    • - -
  • CVE-2021-21139 - -

    Jun Kokatsu opdagede en implementeringsfejl i iframe-sandkassen.

    • - -
  • CVE-2021-21140 - -

    David Manouchehri opdagede uinitialiseret hukommelse i implementeringen - af USB.

    • - -
  • CVE-2021-21141 - -

    Maciej Pulikowski opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2021-21142 - -

    Khalil Zhani opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2021-21143 - -

    Allen Parker og Alex Morgan opdagede et bufferoverløbsproblem i - udvidelser.

    • - -
  • CVE-2021-21144 - -

    Leecraso og Guang Gong opdagede et bufferoverløbsproblem.

    • - -
  • CVE-2021-21145 - -

    Et problem med anvendelse efter frigivelse blev opdaget.

    • - -
  • CVE-2021-21146 - -

    Alison Huffman og Choongwoo Han opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2021-21147 - -

    Roman Starkov opdagede en implementeringsfejl i biblioteket - skia.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 88.0.4324.146-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4846.data" diff --git a/danish/security/2021/dsa-4847.wml b/danish/security/2021/dsa-4847.wml deleted file mode 100644 index 2f0f46f2aed..00000000000 --- a/danish/security/2021/dsa-4847.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="f948129211d92c2e0093fb2dbf1fe25c4da5f837" mindelta="1" -sikkerhedsopdatering - -

En informationslækagesårbarhed til fjernbrugere og en bufferoverløbssårbarhed -til fjernbrugere blev opdaget i ConnMan, et program til netværkshåndtering af -indlejrede enheder, hvilke kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.36-2.1~deb10u1.

- -

Vi anbefaler at du opgraderer dine connman-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende connman, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/connman

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4847.data" diff --git a/danish/security/2021/dsa-4848.wml b/danish/security/2021/dsa-4848.wml deleted file mode 100644 index 9d20fcf59a2..00000000000 --- a/danish/security/2021/dsa-4848.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="35d36e32dc79a523fa0577da0912f84adca764e0" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i implementeringen af -programmeringssproget Go, hvilke kunne medføre lammelsesangreb, og -implementeringen af P-224-kurver kunne generere ukorrekte uddata.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.11.6-1+deb10u4.

- -

Vi anbefaler at du opgraderer dine golang-1.11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende golang-1.11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/golang-1.11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4848.data" diff --git a/danish/security/2021/dsa-4849.wml b/danish/security/2021/dsa-4849.wml deleted file mode 100644 index 60757d06124..00000000000 --- a/danish/security/2021/dsa-4849.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="6a616753f50ac040bb0442c928584ff59857f54c" mindelta="1" -sikkerhedsopdatering - -

Roman Fiedler opdagede en sårbarhed i OverlayFS-koden i firejail, et -sandkasseprogram til begrænsning af afviklingsmiljøet for programmer man ikke -har tillid til, hvilken kunne medføre root-rettighedsforøgelse. Denne -opdatering aktiverer OverlayFS-understøttelse i firejail.

- -

I den stabile distribution (buster), er dette problem rettet i -version 0.9.58.2-2+deb10u2.

- -

Vi anbefaler at du opgraderer dine firejail-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firejail, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firejail

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4849.data" diff --git a/danish/security/2021/dsa-4850.wml b/danish/security/2021/dsa-4850.wml deleted file mode 100644 index ef119820a5b..00000000000 --- a/danish/security/2021/dsa-4850.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="5c3dfa640369c614f0e6c9553cd46fdf11abddde" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at zstd, et komprimeringsværktøj, midlertidigt udstillede en -globalt skrivbar version af sit uddata, selv hvis den originale fil havde -restriktive rettigheder.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.3.8+dfsg-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine libzstd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libzstd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libzstd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4850.data" diff --git a/danish/security/2021/dsa-4851.wml b/danish/security/2021/dsa-4851.wml deleted file mode 100644 index 4a9d1e29e8b..00000000000 --- a/danish/security/2021/dsa-4851.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="d006ce565fcf7220e57c35571bee0fdf83341df6" mindelta="1" -sikkerhedsopdatering - -

Thomas Akesson opdagede en fjernudløsbar sårbarhed i modulet mod_authz_svn i -Subversion, et versionsstyringssystem. Når der inde i arkivet blev anvendt -authz-regler med valgmuligheden AuthzSVNReposRelativeAccessFile, kunne en -uautoriseret fjern klient drage nytte af fejlen til at forårsage et -lammelsesangreb ved at sende en forespørgsel til en ikke-eksisterende -arkiv-URL.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.10.4-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine subversion-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende subversion, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/subversion

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4851.data" diff --git a/danish/security/2021/dsa-4852.wml b/danish/security/2021/dsa-4852.wml deleted file mode 100644 index 49afd7f958f..00000000000 --- a/danish/security/2021/dsa-4852.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1c4239860022f3a722fee53eebd9a97b979ab14b" mindelta="1" -sikkerhedsopdatering - -

Joakim Hindersson opdagede at Open vSwitch, en softwarebaseret virtuel -ethernet-switch, tillod at en ondsindet bruger kunne forårsage et -lammelsesangreb ved at sende særligt fremstillede pakker.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.10.7+ds1-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine openvswitch-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openvswitch, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openvswitch

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4852.data" diff --git a/danish/security/2021/dsa-4853.wml b/danish/security/2021/dsa-4853.wml deleted file mode 100644 index 1936c324b29..00000000000 --- a/danish/security/2021/dsa-4853.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b277300840a940d2378dcbdbbc797aff8067437d" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at SPIP, en webstedsmotor til udgivelser, tillod at en ondsindet -bruger kunne udføre scriptangreb på tværs af websteder, tilgå følsomme -oplysninger eller udføre vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.2.4-1+deb10u4.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spip, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/spip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4853.data" diff --git a/danish/security/2021/dsa-4854.wml b/danish/security/2021/dsa-4854.wml deleted file mode 100644 index 59b5666693f..00000000000 --- a/danish/security/2021/dsa-4854.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="c85aa63fe1c5972ca4ac07ff9adf7c38a41f1475" mindelta="1" -sikkerhedsopdatering - -

Følende sårbarhed er opdagget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2020-13558 - -

    Marcin Noga opdagede at behandling af ondsindet fabrikeret webindhold - kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (buster), er dette problem rettet i -version 2.30.5-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4854.data" diff --git a/danish/security/2021/dsa-4855.wml b/danish/security/2021/dsa-4855.wml deleted file mode 100644 index d079c80de6e..00000000000 --- a/danish/security/2021/dsa-4855.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="0b9c89566ef13daffbc9185681dac5de2ae0d592" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i OpenSSL, et Secure Sockets -Layer-værktøjssæt. En overløbsfejl i x64_64 Montgomery-kvadratfunktionen, blev -der fundet et heltalsoverløb i CipherUpdate og en NULL-pointerdereferencefejl i -X509_issuer_and_serial_hash(), hvilke kunne medføre lammelsesangreb.

- -

Yderligere oplysninger findes i opstrøms bulletiner -\ -https://www.openssl.org/news/secadv/20191206.txt og -\ -https://www.openssl.org/news/secadv/20210216.txt.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.1.1d-0+deb10u5.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/openssl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4855.data" diff --git a/danish/security/2021/dsa-4856.wml b/danish/security/2021/dsa-4856.wml deleted file mode 100644 index f25fd60c9c6..00000000000 --- a/danish/security/2021/dsa-4856.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="3db6cc25244cc7b89a4f96961d7636ae98e489e1" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev fundet i PHP, et vidt udbredt og generelt -anvendeligt open source-skriptsprog, hvilke kunne medføre lammelsesangreb, -informationsafsløring, cookieforfalskning eller ukorrekt kryptering.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 7.3.27-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine php7.3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.3, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4856.data" diff --git a/danish/security/2021/dsa-4857.wml b/danish/security/2021/dsa-4857.wml deleted file mode 100644 index 3d0f1df3480..00000000000 --- a/danish/security/2021/dsa-4857.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="f11c835c6487253210688706e7b7c11464c54a6c" mindelta="1" -sikkerhedsopdatering - -

En bufferoverløbssårbarhed blev opdaget i implementeringen af SPNEGO, som -påvirkede GSSAPI-sikkerhedspolicyforhandling i BIND, en -DNS-serverimplementering, hvilken kunne medføre lammelsesangreb (dæmonnedbrud) -eller pootentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:9.11.5.P4+dfsg-5.1+deb10u3.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bind9, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/bind9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4857.data" diff --git a/danish/security/2021/dsa-4858.wml b/danish/security/2021/dsa-4858.wml deleted file mode 100644 index 4526b65a259..00000000000 --- a/danish/security/2021/dsa-4858.wml +++ /dev/null @@ -1,70 +0,0 @@ -#use wml::debian::translation-check translation="0f4f3e8210b7403850a5550da354ea08036f8c2f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2021-21148 - -

    Mattias Buelens opdagede et bufferoverløbsproblem i - JavaScript-biblioteket V8.

    • - -
  • CVE-2021-21149 - -

    Ryoya Tsukasaki opdagedet stakoverløbsproblem i implementeringen af Data - Transfer.

    • - -
  • CVE-2021-21150 - -

    Woojin Oh opdagede et problem med anvendelse efter frigivelse i - fildownloaderen.

    • - -
  • CVE-2021-21151 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - betalingssystemet.

    • - -
  • CVE-2021-21152 - -

    Et bufferoverløb blev opdaget i mediehåndteringen.

    • - -
  • CVE-2021-21153 - -

    Jan Ruge opdagede et stakoverløbsproblem i GPU-processen.

    • - -
  • CVE-2021-21154 - -

    Abdulrahman Alqabandi opdagede et bufferoverløbsproblem i - implementeringen af Tab Strip.

    • - -
  • CVE-2021-21155 - -

    Khalil Zhani opdagede et bufferoverløbsproblem i implementeringen af Tab - Strip.

    • - -
  • CVE-2021-21156 - -

    Sergei Glazunov opdagede et bufferoverløbsproblem i - JavaScript-biblioteket V8.

    • - -
  • CVE-2021-21157 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - implementeringen af Web Sockets.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 88.0.4324.182-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4858.data" diff --git a/danish/security/2021/dsa-4859.wml b/danish/security/2021/dsa-4859.wml deleted file mode 100644 index 8e73b303b4f..00000000000 --- a/danish/security/2021/dsa-4859.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="123908fe74f54620222a349a507f9178a2faf07a" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at zstd, et komprimeringsværktøj, var sårbar over for en -kapløbstilstand: der blev i et meget kort tidsrum, midlertidigt udstillet en -verdenslæsbar version af dets inddata, selv hvis den originale fil havde -restriktive rettigheder.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.3.8+dfsg-3+deb10u2.

- -

Vi anbefaler at du opgraderer dine libzstd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libzstd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libzstd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4859.data" diff --git a/danish/security/2021/dsa-4860.wml b/danish/security/2021/dsa-4860.wml deleted file mode 100644 index 36ed8db0226..00000000000 --- a/danish/security/2021/dsa-4860.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="17b26eb27e095ada2631f748a90b0252c6b1437d" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i Certificate List Exact Assertion-valideringen blev opdaget i -OpenLDAP, en fri implementering af Lightweight Directory Access Protocol. En -uautoriseret fjernangriber kunne drage nytte af fejlen til at forårsage et -lammelsesangreb (nedbrud i slapd-dæmonen) gennem særligt fremstillede -pakker.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.4.47+dfsg-3+deb10u6.

- -

Vi anbefaler at du opgraderer dine openldap-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openldap, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openldap

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4860.data" diff --git a/danish/security/2021/dsa-4861.wml b/danish/security/2021/dsa-4861.wml deleted file mode 100644 index 70e3ae88e85..00000000000 --- a/danish/security/2021/dsa-4861.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="25518192d421a3133547e82abb73fb6b6e248f73" mindelta="1" -sikkerhedsopdatering - -

Felix Weinmann rapporterede om en fejl i håndteringen af kombinationstegn i -screen, en terminal-multiplexer med VT100-/ANSI-terminalemulering, hvilken kunne -medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode gennem en -særligt fremstillet UTF-8-tegnsekvens.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.6.2-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine screen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende screen, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/screen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4861.data" diff --git a/danish/security/2021/dsa-4862.wml b/danish/security/2021/dsa-4862.wml deleted file mode 100644 index 8198c888d87..00000000000 --- a/danish/security/2021/dsa-4862.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7dfc4e9cb47cfdd07f29cd7fd327dd0b8aaa8173" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode eller -informationsafsløring.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 78.8.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4862.data" diff --git a/danish/security/2021/dsa-4863.wml b/danish/security/2021/dsa-4863.wml deleted file mode 100644 index b9ed292368d..00000000000 --- a/danish/security/2021/dsa-4863.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="7d3c74be8da3768df1cdde9dc5637023c2b5b5e2" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Node.js, hvilke kunne medføre lammelsesangreb -eller DNS-rebinding-angreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 10.24.0~dfsg-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine nodejs-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nodejs, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nodejs

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4863.data" diff --git a/danish/security/2021/dsa-4864.wml b/danish/security/2021/dsa-4864.wml deleted file mode 100644 index 2855754b2e6..00000000000 --- a/danish/security/2021/dsa-4864.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="8270ea7b516481664732e77ea8ce861b543af400" mindelta="1" -sikkerhedsopdatering - -

Beast Glatisant og Jelmer Vernooij rapporterede at python-aiohttp, et -asynkronst HTTP-klient-/-serverframework, var ramt af en åben -viderestilling-sårbarhed. Et ondsidet fremstillet link til en aiohttp-baseret -webserver, kunne viderestille browseren til et andet websted.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.5.1-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine python-aiohttp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-aiohttp, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-aiohttp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4864.data" diff --git a/danish/security/2021/dsa-4865.wml b/danish/security/2021/dsa-4865.wml deleted file mode 100644 index 1f05e8e959a..00000000000 --- a/danish/security/2021/dsa-4865.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="d2d43f7892fddceb361d33ffe2506775b6501ee8" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Docker, en -Linux-containerruntime, hvilke kunne medføre lammelsesangreb, en -informationslækage eller rettighedsforøgelse.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 18.09.1+dfsg1-7.1+deb10u3.

- -

Vi anbefaler at du opgraderer dine docker.io-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende docker.io, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/docker.io

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4865.data" diff --git a/danish/security/2021/dsa-4866.wml b/danish/security/2021/dsa-4866.wml deleted file mode 100644 index c762b195e39..00000000000 --- a/danish/security/2021/dsa-4866.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="197573ef4537798421da834e851fd3167f2c315b" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre udførelse af vilkårlig kode eller informationsafsløring.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:78.8.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4866.data" diff --git a/danish/security/2021/dsa-4867.wml b/danish/security/2021/dsa-4867.wml deleted file mode 100644 index 1841c2eaaa9..00000000000 --- a/danish/security/2021/dsa-4867.wml +++ /dev/null @@ -1,63 +0,0 @@ -#use wml::debian::translation-check translation="938f7bfa52fa35f75b35de70bbd10bfc81e42e8d" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i bootloaderen GRUB2.

- -
    - -
  • CVE-2020-14372 - -

    Man opdagede at acpi-kommandoen tillod at en priviligeret bruger kunne - indlæse fabrikerede ACPI-tabeller når Secure Boot er aktiveret.

    • - -
  • CVE-2020-25632 - -

    En sårbarhed i forbindelse med anvendelse efter frigivelse, blev fundet - i kommandoen rmmod.

    • - -
  • CVE-2020-25647 - -

    En sårbarhed i forbindelse med skrivning udenfor grænserne, blev fundet i - funktionen grub_usb_device_initialize(), som kaldes for at håndtere - initialisering af USB-enheder.

    • - -
  • CVE-2020-27749 - -

    En stakbufferoverløbsfejl blev fundet i - grub_parser_split_cmdline.

    • - -
  • CVE-2020-27779 - -

    Man opdagede at kommandoen cutmem tillod at en priviligeret bruger kunne - fjerne hukommelsesområder når Secure Boot er aktiveret.

    • - -
  • CVE-2021-20225 - -

    En sårbarhed i forbindelse med skrivning udenfor heapgrænserne, blev - fundet i fortolkeren af valgmuligheder på kort form.

    • - -
  • CVE-2021-20233 - -

    En fejl i forbindelse med skrivning udenfor heapgrænserne, fandtes på - grund af en fejlberegning af krævet plads til citationstegn i dannelsen af - menuen.

    • - -
- -

Yderligere detaljerede oplysninger finder man i -\ -https://www.debian.org/security/2021-GRUB-UEFI-SecureBoot

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.02+dfsg1-20+deb10u4.

- -

Vi anbefaler at du opgraderer dine grub2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende grub2, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/grub2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4867.data" diff --git a/danish/security/2021/dsa-4868.wml b/danish/security/2021/dsa-4868.wml deleted file mode 100644 index ba010e40f13..00000000000 --- a/danish/security/2021/dsa-4868.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="006daf76b7a3784fc9a98c6aa4e9d974bd37ee63" mindelta="1" -sikkerhedsopdatering - -

Anton Lydike opdagede at sandkassebegrænsinger i Flatpak, et framework til -applikationsudruling af skrivebordsapps, kunne omgås gennem en ondsindet -.desktop-fil.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.2.5-0+deb10u4.

- -

Vi anbefaler at du opgraderer dine flatpak-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende flatpak, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/flatpak

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4868.data" diff --git a/danish/security/2021/dsa-4869.wml b/danish/security/2021/dsa-4869.wml deleted file mode 100644 index 1694c6cdc5f..00000000000 --- a/danish/security/2021/dsa-4869.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7e741156a7b4ee4c68a922120710712b2edb8714" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i biblioteket libtiff og de medfølgende værktøjer, -hvilke kunne medføre lammelsesangreb eller udførelse af vilkårlig kode, hvis -misdannede billeder behandles.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.1.0+git191117-2~deb10u2.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tiff, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tiff

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4869.data" diff --git a/danish/security/2021/dsa-4870.wml b/danish/security/2021/dsa-4870.wml deleted file mode 100644 index 6760e8eecc5..00000000000 --- a/danish/security/2021/dsa-4870.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="bc9daa7cf8ef9da4b5ef33a9214535a3957f1a98" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Pygments, en syntaksfremhævelsespakke skrevet i Python, kunne -tvinges ind i en uendelig løkke, medførende lammelsesangreb.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.3.1+dfsg-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine pygments-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pygments, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pygments

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4870.data" diff --git a/danish/security/2021/dsa-4871.wml b/danish/security/2021/dsa-4871.wml deleted file mode 100644 index a9094dae2dc..00000000000 --- a/danish/security/2021/dsa-4871.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="69c44b4938d0936033bc793b57cffb7c8404c94a" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Tor, et anonymt forbindelsesbaseret -kommunikationssystem med lave svartider, hvilke kunne føre til for højt -CPU-forbrug eller forårsage at mappeautoriteten gik ned.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.3.5.14-1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tor, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/tor

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4871.data" diff --git a/danish/security/2021/dsa-4872.wml b/danish/security/2021/dsa-4872.wml deleted file mode 100644 index f863d3b8f97..00000000000 --- a/danish/security/2021/dsa-4872.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="a4f18a105422eab245e7cde3c375d59fe11a0221" mindelta="1" -sikkerhedsopdatering - -

Toni Huttunen opdagede at Shibboleths serviceproviders skabelonmotor, som -anvendes til at danne fejlsider, kunne misbruges til phishingangreb.

- -

For yderligere oplysninger, se opstrøms bulletin på: -\ -https://shibboleth.net/community/advisories/secadv_20210317.txt

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.0.4+dfsg1-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine shibboleth-sp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende shibboleth-sp, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/shibboleth-sp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4872.data" diff --git a/danish/security/2021/dsa-4873.wml b/danish/security/2021/dsa-4873.wml deleted file mode 100644 index 7e5584a1787..00000000000 --- a/danish/security/2021/dsa-4873.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="c4efd022c19cb41eceec5c2392ac917f380e9926" mindelta="1" -sikkerhedsopdatering - -

Jianjun Chen opdagede at proxycaching-serveren Squid var sårbar over for -smugling af HTTP-forespørgsler.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.6-1+deb10u5.

- -

Vi anbefaler at du opgraderer dine squid-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende squid, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/squid

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4873.data" diff --git a/danish/security/2021/dsa-4874.wml b/danish/security/2021/dsa-4874.wml deleted file mode 100644 index c0600410e38..00000000000 --- a/danish/security/2021/dsa-4874.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e76306c03cc0728ed930aca7664bec83d40cb48f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode, -informationsafsløring eller forfalskningsangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 78.9.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4874.data" diff --git a/danish/security/2021/dsa-4875.wml b/danish/security/2021/dsa-4875.wml deleted file mode 100644 index baf5bdaef33..00000000000 --- a/danish/security/2021/dsa-4875.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="8c14bd4b35ccb6c85a6d61b611ecd724ecc1b07a" mindelta="1" -sikkerhedsopdatering - -

En NULL-pointerdereference blev fundet i signature_algorithms-behandlingen i -OpenSSL, et Secure Sockets Layer-værktøjssæt, hvilken kunne medføre -lammelsesangreb.

- -

Yderligere oplysninger findes i opstrøms bulletin: -\ -https://www.openssl.org/news/secadv/20210325.txt

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.1.1d-0+deb10u6.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/openssl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4875.data" diff --git a/danish/security/2021/dsa-4876.wml b/danish/security/2021/dsa-4876.wml deleted file mode 100644 index 9f84eb6b75c..00000000000 --- a/danish/security/2021/dsa-4876.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="9be84f1e18e515dc37d2472b250e48267d15d7f2" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre udførelse af vilkårlig kode eller informationsafsløring.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:78.9.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4876.data" diff --git a/danish/security/2021/dsa-4877.wml b/danish/security/2021/dsa-4877.wml deleted file mode 100644 index 2c783b95c4a..00000000000 --- a/danish/security/2021/dsa-4877.wml +++ /dev/null @@ -1,58 +0,0 @@ -#use wml::debian::translation-check translation="9b6e2575a6c497232661fc247cef61ab70393208" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2020-27918 - -

    Liu Long opdagede at behandling af ondsindet fremstillet webindhold - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2020-29623 - -

    Simon Hunt opdagede at brugere kunne være forhindret i fuldstændigt at - slette deres browserhistorik under visse omstændigheder.

    • - -
  • CVE-2021-1765 - -

    Eliya Stein opdagede at ondsindet fremstillet webindhold kunne overtræde - iframe-sandkasse-policy'en.

    • - -
  • CVE-2021-1789 - -

    @S0rryMybad opdagede at behandling af ondsindet fremstillet webindhold - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-1799 - -

    Gregory Vishnepolsky, Ben Seri og Samy Kamkar opdagede at et ondsindet - websted kunne være i stand til at tilgå begrænsede porte på vilkårlige - servere.

    • - -
  • CVE-2021-1801 - -

    Eliya Stein opdagede at behandling af ondsindet fremstillet webindhold - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-1870 - -

    En anonym efterforsker opdagede at behandling af ondsindet fremstillet - webindhold kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.30.6-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4877.data" diff --git a/danish/security/2021/dsa-4878.wml b/danish/security/2021/dsa-4878.wml deleted file mode 100644 index 4a1f105916f..00000000000 --- a/danish/security/2021/dsa-4878.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="0461babd4045c668ef371434514b74143f1e6925" mindelta="1" -sikkerhedsopdatering - -

Ben Caller opdagede at Pygments, en syntaksfremhævelsesapkke skrevet i Python -3, anvendte regulære udtryk, som kunne medføre lammelsesangreb.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.3.1+dfsg-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine pygments-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pygments, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pygments

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4878.data" diff --git a/danish/security/2021/dsa-4879.wml b/danish/security/2021/dsa-4879.wml deleted file mode 100644 index b6faf609290..00000000000 --- a/danish/security/2021/dsa-4879.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="efb6f22251ea8d4d778fd8afbc8938adb9515fc3" mindelta="1" -sikkerhedsopdatering - -

Damian Lukowski opdagede en fejl i spamassassin, et Perl-baseret spamfilter, -som anvender tekstanalyse. Ondsindede regelopsætningsfiler, muligvis hentet fra -en opdateringsserver, kunne udføre vilkårlig kommandoer i adskillige -scenarier.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.4.2-1+deb10u3.

- -

Vi anbefaler at du opgraderer dine spamassassin-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spamassassin, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/spamassassin

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4879.data" diff --git a/danish/security/2021/dsa-4880.wml b/danish/security/2021/dsa-4880.wml deleted file mode 100644 index 792bc37424d..00000000000 --- a/danish/security/2021/dsa-4880.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b9b8d39d9b0a40634514dbd361ab55c99f898bc0" mindelta="1" -sikkerhedsopdatering - -

Kevin Chung opdagede at lxml, en Python-binding bibliotekerne til libxml2 og -libxslt, ikke på korrekt vis rensede sine inddata. Dermed kunne en ondsindet -brugere iværksætte et angreb i forbindelse med udførelse af skripter på tværs af -websteder.

- -

I den stabile distribution (buster), er dette problem rettet i -version 4.3.2-1+deb10u3.

- -

Vi anbefaler at du opgraderer dine lxml-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lxml, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lxml

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4880.data" diff --git a/danish/security/2021/dsa-4881.wml b/danish/security/2021/dsa-4881.wml deleted file mode 100644 index b8015e87eeb..00000000000 --- a/danish/security/2021/dsa-4881.wml +++ /dev/null @@ -1,76 +0,0 @@ -#use wml::debian::translation-check translation="1ee140ecea4124e2849e2bc5c2de4b63b838e5c5" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i cURL, et URL-overførselsbibliotek:

- -
    - -
  • CVE-2020-8169 - -

    Marek Szlagor rapporterede at libcurl kunne narres til at foranstille en - del af adgangskoden til værtsnavnet før det blev slået op, potentielt - førende til en lækage af den delvise adgangskode over netværket og til - DNS-serveren/-serverne.

    • - -
  • CVE-2020-8177 - -

    sn rapporterede at curl kunne narres af en ondsindet server til at - overskrive en lokal fil ved hjælp af valgmulighederne -J - (--remote-header-name) og -i (--include) på den samme - kommandolinje.

    • - -
  • CVE-2020-8231 - -

    Marc Aldorasi rapporterede at libcurl kunne anvende den forkerte - forbindelse når en applikation, som anvender libcurls multi-API, opsætter - valgmuligheden CURLOPT_CONNECT_ONLY, hvilke kunne føre til - informationslækager.

    • - -
  • CVE-2020-8284 - -

    Varnavas Papaioannou rapporterede at en ondsindet server kunne anvende - PASV-svaret til at narre curl til for at forbinde sig tilbage til en - vilkårlig IP-adresse og port, potentielt førende til at curl udtrak - oplysninger om tjenester, som ellers er private og ikke - offentliggjorte.

    • - -
  • CVE-2020-8285 - -

    xnynx rapporterede at libcurl kunne løbe tør for plads på stakken, når - der funktionaliteten til FTP-wildcardmatching blev anvendt - (CURLOPT_CHUNK_BGN_FUNCTION).

    • - -
  • CVE-2020-8286 - -

    Der blev rapporteret at libcurl ikke kontrollede om et OCSP-svar faktisk - svarede til certifikatet, som det var hensigten.

    • - -
  • CVE-2021-22876 - -

    Viktor Szakats rapporterede at libcurl ikke fjernede brugerens - loginoplysninger fra URL'en, når det automatisk udfyldte Referer - HTTP-forespørgselsheaderfeltet i udgående HTTP-forespørgsler.

    • - -
  • CVE-2021-22890 - -

    Mingtao Yang rapporterede at ved anvendelse af en HTTPS-proxy og TLS 1.3, - kunne libcurl forveksle sessiontickets ankommende fra HTTPS-proxy'en som var - de i stedet ankommet fra den fjerne server. Dermed kunne en HTTPS-proxy - være i stand til at narre libcurl til at anvende den forkerte sessionticket - for værten, og dermed omgå server-TLS-certifikatkontrollen.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 7.64.0-4+deb10u2.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende curl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/curl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4881.data" diff --git a/danish/security/2021/dsa-4882.wml b/danish/security/2021/dsa-4882.wml deleted file mode 100644 index e6068605de9..00000000000 --- a/danish/security/2021/dsa-4882.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="8133d077a584f4d118b8e095f094d6df1b7d2613" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i in openjpeg2, open-source JPEG -2000-codec'et, hvilke kunne medføre lammelsesangreb eller udførelse af vilkårlig -kode, når der blev åbnet et misdannet billede.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.3.0-2+deb10u2.

- -

Vi anbefaler at du opgraderer dine openjpeg2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjpeg2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjpeg2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4882.data" diff --git a/danish/security/2021/dsa-4883.wml b/danish/security/2021/dsa-4883.wml deleted file mode 100644 index a8bfbced95b..00000000000 --- a/danish/security/2021/dsa-4883.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="589db08df24e40fd0b032493c1dc117284d973d2" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at manglende rensning af inddata i funktionen template() i -biblioteket Underscore JavaScript, kunne medføre udførelse af vilkårlig -kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.9.1~dfsg-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine underscore-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende underscore, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/underscore

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4883.data" diff --git a/danish/security/2021/dsa-4884.wml b/danish/security/2021/dsa-4884.wml deleted file mode 100644 index 03c69e14409..00000000000 --- a/danish/security/2021/dsa-4884.wml +++ /dev/null @@ -1,41 +0,0 @@ -#use wml::debian::translation-check translation="8841a09ee24923f86538151f0ba51430b8414c1a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i ldb, en LDAP-lignede indlejret database -opbygget på toppen af TDB.

- -
    - -
  • CVE-2020-10730 - -

    Andrew Bartlett opdagede en NULL-pointerdereference og anvendelse efter - frigivelse-fejl ved håndtering af LDAP-kontrollerne ASQ og - VLV, samt kombinationer med LDAP-funktionaliteten - paged_results.

    • - -
  • CVE-2020-27840 - -

    Douglas Bagnall opdagede en heapkorruptionsfejl gennem fabrikerede - DN-strenge.

    • - -
  • CVE-2021-20277 - -

    Douglas Bagnall opdagede en sårbarhed i forbindelse med læsning udenfor - grænserne i håndteringen af LDAP-attributter, som i begyndelsen indeholder - adskillige mellemrum efter hinanden.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2:1.5.1+really1.4.6-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine ldb-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ldb, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/ldb

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4884.data" diff --git a/danish/security/2021/dsa-4885.wml b/danish/security/2021/dsa-4885.wml deleted file mode 100644 index 022a6d97608..00000000000 --- a/danish/security/2021/dsa-4885.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e826822a70576345bd987d3fb677288adbed23cf" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Netty, et Java -NIO-klient-/serverframework, hvilke kunne medføre smugling af -HTTP-forespørgsler, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:4.1.33-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine netty-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende netty, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/netty

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4885.data" diff --git a/danish/security/2021/dsa-4886.wml b/danish/security/2021/dsa-4886.wml deleted file mode 100644 index bc6ae2f26e2..00000000000 --- a/danish/security/2021/dsa-4886.wml +++ /dev/null @@ -1,213 +0,0 @@ -#use wml::debian::translation-check translation="cd0bf8b46e55223d74a3837b6bf7fc8d93156c9a" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2021-21159 - -

    Khalil Zhani opdagede et bufferoverløbsproblem i - faneimplementeringen.

    • - -
  • CVE-2021-21160 - -

    Marcin Noga opdagede et bufferoverløbsproblem i WebAudio.

    • - -
  • CVE-2021-21161 - -

    Khalil Zhani opdagede et bufferoverløbsproblem i - faneimplementeringen.

    • - -
  • CVE-2021-21162 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - implementeringen af WebRTC.

    • - -
  • CVE-2021-21163 - -

    Alison Huffman opdagede et datavalideringsproblem.

    • - -
  • CVE-2021-21165 - -

    Alison Huffman opdagede en fejl i lydimplementeringen.

    • - -
  • CVE-2021-21166 - -

    Alison Huffman opdagede en fejl i lydimplementeringen.

    • - -
  • CVE-2021-21167 - -

    Leecraso og Guang Gong opdagede et problem med anvendelse efter - frigivelse i implementeringen af bogmærker.

    • - -
  • CVE-2021-21168 - -

    Luan Herrera opdagede en fejl i forbindelse med håndhævelse af policy i - appcache.

    • - -
  • CVE-2021-21169 - -

    Bohan Liu og Moon Liang opdagede et problem med tilgang udenfor grænserne - i JavaScript-biblioteket v8.

    • - -
  • CVE-2021-21170 - -

    David Erceg opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2021-21171 - -

    Irvan Kurniawan opdagede en fejl i brugergrænsefladen.

    • - -
  • CVE-2021-21172 - -

    Maciej Pulikowski opdagede en fejl i forbindelse med håndhævelse af - policy i File System API.

    • - -
  • CVE-2021-21173 - -

    Tom Van Goethem opdagede en netværksbaseret informationslækage.

    • - -
  • CVE-2021-21174 - -

    Ashish Guatam Kambled opdagede en implementeringsfejl i - Referrer-policy.

    • - -
  • CVE-2021-21175 - -

    Jun Kokatsu opdagede en implementeringsfejl i Site - Isolation-funktionaliteten.

    • - -
  • CVE-2021-21176 - -

    Luan Herrera opdagede en implementeringsfejl i - fuldskærmstilstand.

    • - -
  • CVE-2021-21177 - -

    Abdulrahman Alqabandi opdagede en fejl i forbindelse med håndhævelse af - policy i Autofill-funktionaliteten.

    • - -
  • CVE-2021-21178 - -

    Japong opdagede en fejl i Compositor-implementeringen.

    • - -
  • CVE-2021-21179 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - netværksimplementeringen.

    • - -
  • CVE-2021-21180 - -

    Abdulrahman Alqabandi opdagede et problem med anvendelse efter frigivelse - i fanesøgningsfunktionaliteten.

    • - -
  • CVE-2021-21181 - -

    Xu Lin, Panagiotis Ilias og Jason Polakis opdagede en - sidekanalsinformationslækage i Autofill-funktionaliteten.

    • - -
  • CVE-2021-21182 - -

    Luan Herrera opdagede en fejl i forbindelse med håndhævelse af policy i - implementeringen af webstedsnavigeringen.

    • - -
  • CVE-2021-21183 - -

    Takashi Yoneuchi opdagede en implementeringsfejl i Performance - API.

    • - -
  • CVE-2021-21184 - -

    James Hartig opdagede en implementeringsfejl i Performance API.

    • - -
  • CVE-2021-21185 - -

    David Erceg opdagede en fejl i forbindelse med håndhævelse af policy i - Extensions.

    • - -
  • CVE-2021-21186 - -

    dhirajkumarnifty opdagede en fejl i forbindelse med håndhævelse af policy - i QR-scanningsimplementeringen.

    • - -
  • CVE-2021-21187 - -

    Kirtikumar Anandrao Ramchandani opdagede en datavalideringsfejl i - URL-formateringen.

    • - -
  • CVE-2021-21188 - -

    Woojin Oh opdagede et problem med anvendelse efter frigivelse i - Blink/Webkit.

    • - -
  • CVE-2021-21189 - -

    Khalil Zhani opdagede en fejl i forbindelse med håndhævelse af policy - Payments-implementeringen.

    • - -
  • CVE-2021-21190 - -

    Zhou Aiting opdagede anvendelse af uinitialiseret hukommelse i - biblioteket pdfium.

    • - -
  • CVE-2021-21191 - -

    raven opdagede et problem med anvendelse efter frigivelse i - implementeringen af WebRTC.

    • - -
  • CVE-2021-21192 - -

    Abdulrahman Alqabandi opdagede et bufferoverløbsproblem i - faneimplementeringen.

    • - -
  • CVE-2021-21193 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - Blink/Webkit.

    • - -
  • CVE-2021-21194 - -

    Leecraso og Guang Gong opdagede et problem med anvendelse efter - frigivelse i skærmfangstfunktionaliteten.

    • - -
  • CVE-2021-21195 - -

    Liu og Liang opdagede et problem med anvendelse efter frigivelse i - JavaScript-biblioteket v8.

    • - -
  • CVE-2021-21196 - -

    Khalil Zhani opdagede et bufferoverløbsproblem i - faneimplementeringen.

    • - -
  • CVE-2021-21197 - -

    Abdulrahman Alqabandi opdagede et bufferoverløbsproblem i - faneimplementeringen.

    • - -
  • CVE-2021-21198 - -

    Mark Brand opdagede et problem med læsning udenfor grænserne i - implementeringen af Inter-Process Communication.

    • - -
  • CVE-2021-21199 - -

    Weipeng Jiang opdagede et problem med anvendelse efter frigivelse i - vindue- og eventhåndteringen Aura.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 89.0.4389.114-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4886.data" diff --git a/danish/security/2021/dsa-4887.wml b/danish/security/2021/dsa-4887.wml deleted file mode 100644 index 5eae738c2ee..00000000000 --- a/danish/security/2021/dsa-4887.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="2a6100941a3801a8f5470ecdddd11610057f653b" mindelta="1" -sikkerhedsopdatering - -

Et problem med anvendelse efter frigivelse blev opdaget i Lib3MF, en -C++-implementering af 3D Manufacturing Format, hvilket kunne medføre udførelse -af vilkårlig kode, hvis en misdannet fil blev åbnet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.8.1+ds-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine lib3mf-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lib3mf, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lib3mf

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4887.data" diff --git a/danish/security/2021/dsa-4888.wml b/danish/security/2021/dsa-4888.wml deleted file mode 100644 index f3ad695a7c1..00000000000 --- a/danish/security/2021/dsa-4888.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="f611de8f53cdfa903fa4cd4bb41a9d92b4392632" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Xen-hypervisoren, hvilke kunne medføre -lammelsesangreb, rettighedsforøgelse eller hukommelsesblotlæggelse.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.11.4+99-g8bce4698f6-1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4888.data" diff --git a/danish/security/2021/dsa-4889.wml b/danish/security/2021/dsa-4889.wml deleted file mode 100644 index 5bd4897e0a3..00000000000 --- a/danish/security/2021/dsa-4889.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="963714a121bf3d4807e783cc151d1a470c79e455" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i MediaWiki, en webstedsmotor -til samarbejdsprojekter, hvilke kunne medføre ufuldstændig -side-/blokeringsbeskyttelse, lammelsesangreb eller udførelse af kode på tværs af -websteder.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:1.31.14-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mediawiki, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mediawiki

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4889.data" diff --git a/danish/security/2021/dsa-4890.wml b/danish/security/2021/dsa-4890.wml deleted file mode 100644 index 90701e7a85a..00000000000 --- a/danish/security/2021/dsa-4890.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="34627e1fa75b4537f132f73c06962ceb0edbecf0" mindelta="1" -sikkerhedsopdatering - -

Stan Hu opdagede at kramdown, et rent Ruby Markdown-fortolknings- og -konverteringsprogram, udførte utilstrækkelig validering af navnerum med -Rouge-syntaksfremhævelsesformatering.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.17.0-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine ruby-kramdown-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-kramdown, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-kramdown

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4890.data" diff --git a/danish/security/2021/dsa-4891.wml b/danish/security/2021/dsa-4891.wml deleted file mode 100644 index a16044ed7b4..00000000000 --- a/danish/security/2021/dsa-4891.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="bc4597a78a2d791a60141819c561ae083d02f394" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Tomcats servlet og JSP-motor, hvilke kunne -medføre informationsafsløring eller lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 9.0.31-1~deb10u4.

- -

Vi anbefaler at du opgraderer dine tomcat9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tomcat9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tomcat9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4891.data" diff --git a/danish/security/2021/dsa-4892.wml b/danish/security/2021/dsa-4892.wml deleted file mode 100644 index 024fdf6ead1..00000000000 --- a/danish/security/2021/dsa-4892.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="76bacc94741c5ec0f96367878e4b456becb9625d" mindelta="1" -sikkerhedsopdatering - -

Der blev rapporteret om at python-bleach, et hvidlistebaseret bibliotek til -HTML-resning, var ramt af en mutations-XSS-sårbarhed i bleach.clean, når -svg eller math er blandt de tilladte tags, 'p' eller br er -blandt de tilladte tags, style, title, noscript, -script, textarea, noframes, iframe eller xmp -er blandt de tilladte tags, og 'strip_comments=False' er opsat.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.1.2-0+deb10u2.

- -

Vi anbefaler at du opgraderer dine python-bleach-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-bleach, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-bleach

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4892.data" diff --git a/danish/security/2021/dsa-4893.wml b/danish/security/2021/dsa-4893.wml deleted file mode 100644 index 88614cdd213..00000000000 --- a/danish/security/2021/dsa-4893.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b05083b8938f7799fb6c338127e07a6d3ce8d7d4" mindelta="1" -sikkerhedsopdatering - -

Jan-Niklas Sohn opdagede at manglende rensning af inddata i XInput-udvidelsen -i X.org X-server, kunne medføre rettighedsforøgelse, hvis X-serveren kører som -priviligeret.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2:1.20.4-1+deb10u3.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xorg-server, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xorg-server

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4893.data" diff --git a/danish/security/2021/dsa-4894.wml b/danish/security/2021/dsa-4894.wml deleted file mode 100644 index e5839f96170..00000000000 --- a/danish/security/2021/dsa-4894.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="cf828e41fc475b76bdd615132256f7af116d1f59" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at PEAR's Archive_Tar-pakke til håndtering af tar-filer i PHP, -var ramt af en mappegennemløbsfejl på grund af utilstrækkelig kontrol af -symbolske links.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1:1.10.6+submodules+notgz-1.1+deb10u2.

- -

Vi anbefaler at du opgraderer dine php-pear-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php-pear, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php-pear

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4894.data" diff --git a/danish/security/2021/dsa-4895.wml b/danish/security/2021/dsa-4895.wml deleted file mode 100644 index bcb21d13214..00000000000 --- a/danish/security/2021/dsa-4895.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="fd72a7c8fd74ef6c6c050ccbe1112bf6c91fa60b" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode, -informationsafsløring, rettighedsforøgelse eller forfalskning.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 78.10.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4895.data" diff --git a/danish/security/2021/dsa-4896.wml b/danish/security/2021/dsa-4896.wml deleted file mode 100644 index 969222c0936..00000000000 --- a/danish/security/2021/dsa-4896.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="346129ad26ee51540ac9498331dbf2309270cf54" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Wordpress, et webbloggingværktøj. De gjorde -det muligt for fjernangribere at iværksætte XML External Entity-angreb (XXE), og -tilgå privat indhold.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 5.0.12+dfsg1-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wordpress, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wordpress

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4896.data" diff --git a/danish/security/2021/dsa-4897.wml b/danish/security/2021/dsa-4897.wml deleted file mode 100644 index f03524a4f9d..00000000000 --- a/danish/security/2021/dsa-4897.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b711ae603db0a80294bd13db39ad9995ff012653" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre udførelse af vilkårlig kode eller informationsafsløring. Desuden -blev en række sikkerhedsproblemer løst i OpenPGP-understøttelsen.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:78.10.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4897.data" diff --git a/danish/security/2021/dsa-4898.wml b/danish/security/2021/dsa-4898.wml deleted file mode 100644 index b887c1df2ce..00000000000 --- a/danish/security/2021/dsa-4898.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="282fe47153ee7ae459dbd068bec0e572c214acb8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i wpa_supplicant og hostapd.

- -
    - -
  • CVE-2020-12695 - -

    Man opdagede at hostapd ikke på korrekt vis håndterede - UPnP-tilmeldingsmeddelelser under visse omstændigheder, hvilket gjorde det - muligt for en angriber at forårsage et lammelsesangreb.

    • - -
  • CVE-2021-0326 - -

    Man opdagede at wpa_supplicant ikke på korrekt vis behandlede - P2P-gruppeoplysninger (Wi-Fi Direct) fra aktive gruppeejere. En angriber - indenfor radioafstand af enheden der kører P2P, kunne drage nytte af fejlen - til at forårsage et lammelsesangreb eller potentielt udføre vilkårlig - kode.

    • - -
  • CVE-2021-27803 - -

    Man opdagede at wpa_supplicant ikke på korrekt vis behandlede P2P's provision - discovery-forespørgsler (Wi-Fi Direct). En angriber indenfor radioafstand af - enheden der kører P2P, kunne drage nytte af fejlen til at forårsage et - lammelsesangreb eller potentielt udføre vilkårlig kode.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2:2.7+git20190128+0c1e29f-6+deb10u3.

- -

Vi anbefaler at du opgraderer dine wpa-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpa, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/wpa

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4898.data" diff --git a/danish/security/2021/dsa-4899.wml b/danish/security/2021/dsa-4899.wml deleted file mode 100644 index 8c2960b0a2e..00000000000 --- a/danish/security/2021/dsa-4899.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="127ab92eb8c7cb554d69982b5b1f863c6544808e" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at OpenJDK's Java-platform på ufuldstændig vis håndhævede -opsætningsindstillinger, som anvendes i verifikation af Jar-signering.

- -

I den stabile distribution (buster), er dette problem rettet i -version 11.0.11+9-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine openjdk-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4899.data" diff --git a/danish/security/2021/dsa-4900.wml b/danish/security/2021/dsa-4900.wml deleted file mode 100644 index e6a015a6074..00000000000 --- a/danish/security/2021/dsa-4900.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="38c91a31715eae673dd4fea2c29277152d4efd52" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i plugins til mediaframeworket GStreamer, -hvilke kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig -kode, hvis en misdannet mediefil blev åbnet.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.14.4-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine gst-plugins-good1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gst-plugins-good1.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gst-plugins-good1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4900.data" diff --git a/danish/security/2021/dsa-4901.wml b/danish/security/2021/dsa-4901.wml deleted file mode 100644 index 7b63cc5056f..00000000000 --- a/danish/security/2021/dsa-4901.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="25a02353ade96e0d7de76e59e48e3846dc223271" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i til medieframeworket GStreamer, hvilke -kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis -en misdannet mediefil blev åbnet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.15.0.1+git20180723+db823502-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine gst-libav1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gst-libav1.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gst-libav1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4901.data" diff --git a/danish/security/2021/dsa-4902.wml b/danish/security/2021/dsa-4902.wml deleted file mode 100644 index c43bd8173a0..00000000000 --- a/danish/security/2021/dsa-4902.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1350b12138426f0ddce9c7b6fefb0d05f2e43b0c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i plugins til medieframeworket GStreamer, -hvilke kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig -kode, hvis en misdannet mediafil blev åbnet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.14.4-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine gst-plugins-bad1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gst-plugins-bad1.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4902.data" diff --git a/danish/security/2021/dsa-4903.wml b/danish/security/2021/dsa-4903.wml deleted file mode 100644 index d269114d5b3..00000000000 --- a/danish/security/2021/dsa-4903.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b59966aa791e5ac4b51cdea815238d32ef907378" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i plugins til medieframeworket -GStreamer, hvilke kunne medføre lammelsesangreb eller potentielt udførelse af -vilkårlig kode, hvis en misdannet mediefil blev åbnet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.14.4-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine gst-plugins-base1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gst-plugins-base1.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gst-plugins-base1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4903.data" diff --git a/danish/security/2021/dsa-4904.wml b/danish/security/2021/dsa-4904.wml deleted file mode 100644 index 8ce2e34b4a7..00000000000 --- a/danish/security/2021/dsa-4904.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="af51061fe132ea7e95f0c8e4945c9ac5d9c38362" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i plugins til medieframeworket GStreamer, -hvilke kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig -kode, hvis en misdannet mediefil blev åbnet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.14.4-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine gst-plugins-ugly1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gst-plugins-ugly1.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gst-plugins-ugly1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4904.data" diff --git a/danish/security/2021/dsa-4905.wml b/danish/security/2021/dsa-4905.wml deleted file mode 100644 index fbb894059d3..00000000000 --- a/danish/security/2021/dsa-4905.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="90225f939cba12d08795c4f97d8604b5038087ea" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Shibboleth Service Provider var sårbar over for en -NULL-pointerdereferencefejl i den cookie-baserede funktionalitet til -reetablering af session. En fjern, uautentificeret angriber kunne drage nytte -af fejlen til at forårsage et lammelsesangreb (nedbrud i -shibd-dæmonen/-servicen).

- -

For yderligere oplsyninger, se opstrøms bulleting på -\ -https://shibboleth.net/community/advisories/secadv_20210426.txt

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.0.4+dfsg1-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine shibboleth-sp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende shibboleth-sp, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/shibboleth-sp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4905.data" diff --git a/danish/security/2021/dsa-4906.wml b/danish/security/2021/dsa-4906.wml deleted file mode 100644 index a08e4f1bb8d..00000000000 --- a/danish/security/2021/dsa-4906.wml +++ /dev/null @@ -1,137 +0,0 @@ -#use wml::debian::translation-check translation="222fe2a8c3db7e4bec94b5d9a4a285666247753c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2021-21201 - -

    Gengming Liu og Jianyu Chen opdagede et problem med anvendelse efter - frigivelse.

    • - -
  • CVE-2021-21202 - -

    David Erceg opdagede et problem med anvendelse efter frigivelse i - udvidelser.

    • - -
  • CVE-2021-21203 - -

    asnine opdagede et problem med anvendelse efter frigivelse i - Blink/Webkit.

    • - -
  • CVE-2021-21204 - -

    Tsai-Simek, Jeanette Ulloa og Emily Voigtlander opdagede et problem med - anvendelse efter frigivelse i Blink/Webkit.

    • - -
  • CVE-2021-21205 - -

    Alison Huffman opdagede en fejl i forbindelse med håndhævelse af - policy.

    • - -
  • CVE-2021-21207 - -

    koocola og Nan Wang opdagede et problem med anvendelse efter frigivelse i - den indekserede database.

    • - -
  • CVE-2021-21208 - -

    Ahmed Elsobky opdagede en datavalideringsfejl i - QR-kode-scanneren.

    • - -
  • CVE-2021-21209 - -

    Tom Van Goethem opdagede en implementeringsfejl i Storage API.

    • - -
  • CVE-2021-21210 - -

    @bananabr opdagede en fejl i netværksimplementeringen.

    • - -
  • CVE-2021-21211 - -

    Akash Labade opdagede en fejl i navigeringsimplementeringen.

    • - -
  • CVE-2021-21212 - -

    Hugo Hue og Sze Yui Chau opdagede en fejl i brugergrænsefladen til - netværksopsætning.

    • - -
  • CVE-2021-21213 - -

    raven opdagede et problem med anvendelse efter frigivelse i - implementeringen af WebMIDI.

    • - -
  • CVE-2021-21214 - -

    Et problem med anvendelse efter frigivelse blev opdaget i - netværksimplementeringen.

    • - -
  • CVE-2021-21215 - -

    Abdulrahman Alqabandi opdagede en fejl i - Autofill-funktionaliteten.

    • - -
  • CVE-2021-21216 - -

    Abdulrahman Alqabandi opdagede en fejl i - Autofill-funktionaliteten.

    • - -
  • CVE-2021-21217 - -

    Zhou Aiting opdagede anvendelse af uinitialiseret hukommelse i - biblioteket pdfium.

    • - -
  • CVE-2021-21218 - -

    Zhou Aiting opdagede anvendelse af uinitialiseret hukommelse i - biblioteket pdfium.

    • - -
  • CVE-2021-21219 - -

    Zhou Aiting opdagede anvendelse af uinitialiseret hukommelse i - biblioteket pdfium.

    • - -
  • CVE-2021-21221 - -

    Guang Gong opdagede utilstrækkelig validering af inddata, der ikke er - tillid til.

    • - -
  • CVE-2021-21222 - -

    Guang Gong opdagede et bufferoverløbsproblem i JavaScript-biblioteket - v8.

    • - -
  • CVE-2021-21223 - -

    Guang Gong opdagede et heltalsoverløbsproblem.

    • - -
  • CVE-2021-21224 - -

    Jose Martinez opdagede en typefejl i JavaScript-biblioteket v8.

    • - -
  • CVE-2021-21225 - -

    Brendon Tiszka opdagede et problem med tilgang til hukommelse udenfor - grænserne i JavaScript-biblioteket v8.

    • - -
  • CVE-2021-21226 - -

    Brendon Tiszka opdagede et problem med anvendelse efter frigivelse i - netværksimplementeringen.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 90.0.4430.85-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4906.data" diff --git a/danish/security/2021/dsa-4907.wml b/danish/security/2021/dsa-4907.wml deleted file mode 100644 index 63cb88dc30a..00000000000 --- a/danish/security/2021/dsa-4907.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1645656b0fdda069ea939823b641b521e070322a" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at composer, et program håndtering af afhængigheder til PHP, -ikke på korrekt vis rensende Mercurial-URL'er, hvilket kunne føre til udførelse -af vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.8.4-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine composer-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende composer, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/composer

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4907.data" diff --git a/danish/security/2021/dsa-4908.wml b/danish/security/2021/dsa-4908.wml deleted file mode 100644 index 56b33feca1e..00000000000 --- a/danish/security/2021/dsa-4908.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="3c2d583686885b6b0dd6755da1d07d5aad442923" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libhibernate3-java, en kraftfuld, højtydende service til -objekt/relation-vedholdenhed og forespørgsler, var sårbar over for en sårbarhed -i forbindelse med SQL-indsprøjtning, hvilket gjorde det muligt for en angriber -at tilgå uautoriserede oplysninger eller muligvis foretage yderligere -angreb.

- -

I den stabile distribution (buster), er dette problem rettet i -version 3.6.10.Final-9+deb10u1.

- -

Vi anbefaler at du opgraderer dine libhibernate3-java-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libhibernate3-java, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libhibernate3-java

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4908.data" diff --git a/danish/security/2021/dsa-4909.wml b/danish/security/2021/dsa-4909.wml deleted file mode 100644 index 0815312dabb..00000000000 --- a/danish/security/2021/dsa-4909.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="022e55922f28ad2d0ab4d75ed4d28a027bafddfa" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i BIND, en DNS-server-implementering.

- -
    - -
  • CVE-2021-25214 - -

    Greg Kuechle opdagede at en misdannet indgående IXFR-overførsel kunne - udløse en assertionfejl i named, medførende lammelsesangreb.

    • - -
  • CVE-2021-25215 - -

    Siva Kakarla opdagede at named kunne gå ned når en DNAME-post placeret i - ANSWER-afsnittet under DNAME-forfølgelse, viste sig at være det endelige - svar på en klientforespørgsel.

    • - -
  • CVE-2021-25216 - -

    Man opdagede at SPNEGO-implementeringen, som anvendes af BIND, var sårbar - over for en bufferoverløbssårbarhed. Denne opdatering skifter til at - anvende SPNEGO-implementeringe fra Kerberos-bibliotekerne.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:9.11.5.P4+dfsg-5.1+deb10u5.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bind9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/bind9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4909.data" diff --git a/danish/security/2021/dsa-4910.wml b/danish/security/2021/dsa-4910.wml deleted file mode 100644 index b70bc932e41..00000000000 --- a/danish/security/2021/dsa-4910.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="f49b295b01084c860c0032c8ddfe81848385d182" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i libimage-exiftool-perl, et bibliotek og program -til læsning og skrivning af metaoplysninger i multimediefiler, hvilke kunne -medføre udførelse af vilkårlig kode, hvis en misdannet DjVu-fil blev -behandlet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 11.16-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine libimage-exiftool-perl-pakker.

- -

For the detailed security status of libimage-exiftool-perl please refer -to dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libimage-exiftool-perl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4910.data" diff --git a/danish/security/2021/dsa-4911.wml b/danish/security/2021/dsa-4911.wml deleted file mode 100644 index 94688935897..00000000000 --- a/danish/security/2021/dsa-4911.wml +++ /dev/null @@ -1,54 +0,0 @@ -#use wml::debian::translation-check translation="35405b68aa31c415947c277663980744599dc1e0" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2021-21227 - -

    Gengming Liu opdagede et datavalideringsproblem i JavaScript-biblioteket - v8.

    • - -
  • CVE-2021-21228 - -

    Rob Wu opdagede en fejl i forbindelse med håndhævelse af policy.

    • - -
  • CVE-2021-21229 - -

    Mohit Raj opdagede en fejl i brugergrænsefalden i - fildownloaderen.

    • - -
  • CVE-2021-21230 - -

    Manfred Paul opdagede anvendelse af en forkert type.

    • - -
  • CVE-2021-21231 - -

    Sergei Glazunov opdagede et datavalideringsproblem i - JavaScript-biblioteket v8.

    • - -
  • CVE-2021-21232 - -

    Abdulrahman Alqabandi opdagede et problem med anvendelse efter frigivelse - i udviklerværktøjerne.

    • - -
  • CVE-2021-21233 - -

    Omair opdagede et bufferoverløbsproblem i ANGLE-biblioteket.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 90.0.4430.93-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4911.data" diff --git a/danish/security/2021/dsa-4912.wml b/danish/security/2021/dsa-4912.wml deleted file mode 100644 index bf1c03ed100..00000000000 --- a/danish/security/2021/dsa-4912.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="56768c7a99cf0cbe86447ced01029373fca40a16" mindelta="1" -sikkerhedsopdatering - -

Qualys Research Labs rapporterede om flere sårbarheder i Exim, et -mailtransportprogram, hvilke kunne medføre lokal rettighedsforøgelse og -fjernudførelse af kode.

- -

Flere oplysninger kan findes i Qualys' bulletin på -\ -https://www.qualys.com/2021/05/04/21nails/21nails.txt.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.92-8+deb10u6.

- -

Vi anbefaler at du opgraderer dine exim4-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende exim4, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/exim4

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4912.data" diff --git a/danish/security/2021/dsa-4913.wml b/danish/security/2021/dsa-4913.wml deleted file mode 100644 index 67444e88b05..00000000000 --- a/danish/security/2021/dsa-4913.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="290419c60a628c5b8195c7e17212b9225b4e581e" mindelta="1" -sikkerhedsopdatering - -

Jeremy Galindo opdagede hukommelsestilgang udenfor grænserne i Hivex, et -bibliotek til fortolkning af Windows Registrys hivefiler.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.3.18-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine hivex-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende hivex, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/hivex

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4913.data" diff --git a/danish/security/2021/dsa-4914.wml b/danish/security/2021/dsa-4914.wml deleted file mode 100644 index fe840d0c65a..00000000000 --- a/danish/security/2021/dsa-4914.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="6cfe62108e876ed75b80dfd30a64955bb9c38cc8" mindelta="1" -sikkerhedsopdatering - -

Et bufferoverløb blev opdaget i Graphviz, hvilket potentielt kunne føre til -udførelse af vilkårlig kode, når der blev behandlet en misdannet fil.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.40.1-6+deb10u1.

- -

Vi anbefaler at du opgraderer dine graphviz-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende graphviz, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/graphviz

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4914.data" diff --git a/danish/security/2021/dsa-4915.wml b/danish/security/2021/dsa-4915.wml deleted file mode 100644 index 6bc923e9503..00000000000 --- a/danish/security/2021/dsa-4915.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c30e5c2de6ee2fb5d511cb8957fc4e1574ebfcce" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er opdaget i databasesystemet PostgreSQL, -hvilke kunne føre til udførelse af vilkårlig kode eller afsløring af -hukommelsesindhold.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 11.12-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine postgresql-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende postgresql-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/postgresql-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4915.data" diff --git a/danish/security/2021/dsa-4916.wml b/danish/security/2021/dsa-4916.wml deleted file mode 100644 index 69a2af25b18..00000000000 --- a/danish/security/2021/dsa-4916.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="6f72b96446a301193c523484e863993ec321b6ce" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev fundet i Prosody, en -letvægts-Jabber/XMPP-server, hvilke kunne føre til lammelsesangreb eller -informationsafsløring.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.11.2-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine prosody-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende prosody, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/prosody

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4916.data" diff --git a/danish/security/2021/dsa-4917.wml b/danish/security/2021/dsa-4917.wml deleted file mode 100644 index 3554c0085ae..00000000000 --- a/danish/security/2021/dsa-4917.wml +++ /dev/null @@ -1,96 +0,0 @@ -#use wml::debian::translation-check translation="1fe97ede528cadc78447b1edeb9a753b00b0639c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i webbrowseren chromium.

- -
    - -
  • CVE-2021-30506 - -

    @retsew0x01 opdagede en fejl i Web Apps' - installeringsgrænseflade.

    • - -
  • CVE-2021-30507 - -

    Alison Huffman opdagede en fejl i Offline-tilstand.

    • - -
  • CVE-2021-30508 - -

    Leecraso og Guang Gong opdagede et bufferoverløbsproblem i - implementeringen af Media Feeds.

    • - -
  • CVE-2021-30509 - -

    David Erceg opdagede et problem med skrivning udenfor grænserne i - implementeringen af Tab Strip.

    • - -
  • CVE-2021-30510 - -

    Weipeng Jiang opdagede en kapløbstilstand i windowmanageren - aura.

    • - -
  • CVE-2021-30511 - -

    David Erceg opdagede et problem med læsning udenfor grænserne i - implementeringen af Tab Strip.

    • - -
  • CVE-2021-30512 - -

    ZhanJia Song opdagede et problem med anvendelse efter frigivelse i - notifikationsimplementeringen.

    • - -
  • CVE-2021-30513 - -

    Man Yue Mo opdagede en ukorrekt type i JavaScript-biblioteket - v8.

    • - -
  • CVE-2021-30514 - -

    koocola og Wang opdagede et problem med anvendelse efter frigivelse i - Autofill-funktionaliteten.

    • - -
  • CVE-2021-30515 - -

    Rong Jian og Guang Gong opdagede et problem med anvendelse efter - frigivelse i API'et til filsystemadgang.

    • - -
  • CVE-2021-30516 - -

    ZhanJia Song opdagede et bufferoverløbsproblem i - browserhistorikken.

    • - -
  • CVE-2021-30517 - -

    Jun Kokatsu opdagede et bufferoverløbsproblem i - læsningstilstand.

    • - -
  • CVE-2021-30518 - -

    laural opdagede anvendelse af en ukorrekt type i JavaScript-biblioteket - v8.

    • - -
  • CVE-2021-30519 - -

    asnine opdagede et problem med anvendelse efter frigivelse i - Payments-funktionaliteten.

    • - -
  • CVE-2021-30520 - -

    Khalil Zhani opdagede et problem med anvendelse efter frigivelse i - implementeringen af Tab Strip.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 90.0.4430.212-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4917.data" diff --git a/danish/security/2021/dsa-4918.wml b/danish/security/2021/dsa-4918.wml deleted file mode 100644 index 4379299649f..00000000000 --- a/danish/security/2021/dsa-4918.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="8d93d5810a67977c85cb1cefeb20885ff14b641c" mindelta="1" -sikkerhedsopdatering - -

Ukorrekt håndtering af stinavne i ruby-rack-cors, et middlewareprodukt som -gør Rack-baserede apps CORS-kompatible, kunne medføre adgang til private -ressourcer.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.0.2-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine ruby-rack-cors-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-rack-cors, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-rack-cors

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4918.data" diff --git a/danish/security/2021/dsa-4919.wml b/danish/security/2021/dsa-4919.wml deleted file mode 100644 index 8c4b936b171..00000000000 --- a/danish/security/2021/dsa-4919.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="12f7288bcb404ef289c56cb96b09a8eebe58157e" mindelta="1" -sikkerhedsopdatering - -

Jasper Lievisse Adriaanse rapporterede om en heltalsoverløbsfejl i lz4, et -algoritmebibliotek til hurtig LZ-komprimering, medførende -hukommelseskorruption.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.8.3-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine lz4-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lz4, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/lz4

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4919.data" diff --git a/danish/security/2021/dsa-4920.wml b/danish/security/2021/dsa-4920.wml deleted file mode 100644 index aa0060c9e5d..00000000000 --- a/danish/security/2021/dsa-4920.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="b8f7e1cd2958693280dee390cf5aafaa3e015bf6" mindelta="1" -sikkerhedsopdatering - -

Roman Fiedler rapporterede om manglende længdevalidering i forskellige -funktioner som leveres af libx11, X11's bibliotek på klientsiden, hvilket gjorde -det muligt at indsprøjte X11-protokolkommandoer i X-klienter, førende til -udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2:1.6.7-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine libx11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libx11, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/libx11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4920.data" diff --git a/danish/security/2021/dsa-4921.wml b/danish/security/2021/dsa-4921.wml deleted file mode 100644 index e907fb58c48..00000000000 --- a/danish/security/2021/dsa-4921.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="0d59fbb60f35ecb180007fb5e18c4ccbf88c4e39" mindelta="1" -sikkerhedsopdatering - -

Luis Merino, Markus Vervier og Eric Sesterhenn opdagede en forskydelse med én -i Nginx, en højtydende web- og reverse-proxyserver, hvilke kunne medføre -lammelsesangreb og potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.14.2-2+deb10u4.

- -

Vi anbefaler at du opgraderer dine nginx-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nginx, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nginx

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4921.data" diff --git a/danish/security/2021/dsa-4922.wml b/danish/security/2021/dsa-4922.wml deleted file mode 100644 index 89a10ec3e71..00000000000 --- a/danish/security/2021/dsa-4922.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="99bef2209bc5c277701891ac56b83f117f199a71" mindelta="1" -sikkerhedsopdatering - -

Amir Sarabadani og Kunal Mehta opdagede at importfunktionaliteten i -Hyperkitty, webgrænsefladen til at tilgå Mailman 3-arkiver, ikke begrænsede -visningen af private arkiver under importen, dvs. at under importen af et -privat Mailman 2-arkiv, var arkivet offentligt tilgængeligt indtil importen blev -afsluttet.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.2.2-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine hyperkitty-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende hyperkitty, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/hyperkitty

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4922.data" diff --git a/danish/security/2021/dsa-4923.wml b/danish/security/2021/dsa-4923.wml deleted file mode 100644 index 554fec8d23f..00000000000 --- a/danish/security/2021/dsa-4923.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="edf273a4209c8afbee5b25c76291ca9c743d23e3" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2021-1788 - -

    Francisco Alonso opdagede at behandling af ondsindet fremstillet - webindhold kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-1844 - -

    Clement Lecigne og Alison Huffman opdagede at behandling af ondsindet - fremstillet webindhold kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-1871 - -

    En anonym efterforsker opdagede at en fjernangriber kunne være i stand - til at forårsage udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.32.1-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4923.data" diff --git a/danish/security/2021/dsa-4924.wml b/danish/security/2021/dsa-4924.wml deleted file mode 100644 index 732de758ecd..00000000000 --- a/danish/security/2021/dsa-4924.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="3167a1fcc4d87d4d977f9fabb292deb2f30192cf" mindelta="1" -sikkerhedsopdatering - -

Adskillige lammelsesangrebssårbarheder blev opdaget i proxycachingserveren -Squid.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.6-1+deb10u6.

- -

Vi anbefaler at du opgraderer dine squid-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende squid, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/squid

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4924.data" diff --git a/danish/security/2021/dsa-4925.wml b/danish/security/2021/dsa-4925.wml deleted file mode 100644 index 7e240f1819b..00000000000 --- a/danish/security/2021/dsa-4925.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="b5a2368765099d5120af7cd73578d12052a3788d" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 78.11.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4925.data" diff --git a/danish/security/2021/dsa-4926.wml b/danish/security/2021/dsa-4926.wml deleted file mode 100644 index d936ceed6c5..00000000000 --- a/danish/security/2021/dsa-4926.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="16bcfcc6b2b7892dcf4503526b5f4b2add037283" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at lasso, et bibliotek som implementerer SAML 2.0- og Liberty -Alliance-standarder, ikke på korrekt vis kontrollerede at alle assertions i et -SAML-svar blev signeret korrekt, hvilket gjorde det muligt for en angriber at -udgive sig for brugere eller omgå adgangskontrol.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.6.0-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine lasso-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lasso, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/lasso

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4926.data" diff --git a/danish/security/2021/dsa-4927.wml b/danish/security/2021/dsa-4927.wml deleted file mode 100644 index 5a615d83711..00000000000 --- a/danish/security/2021/dsa-4927.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="743cbcec69844a383d9a0e350c7b808072ecd39a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre udførelse af vilkårlig kode. Desuden blev der løst to -sikkerhedsproblemer i understøttelsen af OpenPGP.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:78.11.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4927.data" diff --git a/danish/security/2021/dsa-4928.wml b/danish/security/2021/dsa-4928.wml deleted file mode 100644 index 9540da8812c..00000000000 --- a/danish/security/2021/dsa-4928.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="8e4af93e3e9d929f5b5afd9d25b7ad619f4645ca" mindelta="1" -sikkerhedsopdatering - -

Et bufferoverløb blev opdaget i HTMLDOC, en HTML-behandler, som genererer -indekseret HTML, PS og PDF, hvilke potentielt kunne medføre udførelse af -vilkårlig kode. Desuden blev et antal nedbrud løst.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1.9.3-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine htmldoc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende htmldoc, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/htmldoc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4928.data" diff --git a/danish/security/2021/dsa-4929.wml b/danish/security/2021/dsa-4929.wml deleted file mode 100644 index 67431df2348..00000000000 --- a/danish/security/2021/dsa-4929.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="02bfc3769e92f460d4a648f811843a48c2c77920" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i webframeworket Rails, hvilke -kunne medføre lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2:5.2.2.1+dfsg-1+deb10u3.

- -

Vi anbefaler at du opgraderer dine rails-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende rails, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/rails

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4929.data" diff --git a/danish/security/2021/dsa-4930.wml b/danish/security/2021/dsa-4930.wml deleted file mode 100644 index e66c2d92e26..00000000000 --- a/danish/security/2021/dsa-4930.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="73cad3ae5723b12aa256e6a0ab95caf68d98793c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i libwebp, implementeringen af -billedformatet WebP, hvilke kunne medføre lammelsesangreb, hukommelsesafsløring -eller potentielt udførelse af vilkårlig kode, hvis misdannede billedfiler blev -behandlet.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.6.1-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine libwebp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libwebp, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libwebp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4930.data" diff --git a/danish/security/2021/dsa-4931.wml b/danish/security/2021/dsa-4931.wml deleted file mode 100644 index db0f7f8c3f9..00000000000 --- a/danish/security/2021/dsa-4931.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="cd5feca9c9b2c8942facd97d90ae843325b1ab44" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisor'en Xen, hvilke kunne medføre -lammelsesangreb eller informationslækager.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.11.4+107-gef32c7afa2-1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4931.data" diff --git a/danish/security/2021/dsa-4932.wml b/danish/security/2021/dsa-4932.wml deleted file mode 100644 index 0e739942b3f..00000000000 --- a/danish/security/2021/dsa-4932.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1885f0799c6a980bcc2d46ebceca20d8e7c5bc28" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder blev opdaget i Tor, et forbindelsesbaseret -anonymt kommunikationssystem med lave svartider, hvilke kunne føre til -lammelsesangreb eller spoofing.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.3.5.15-1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tor, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tor

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4932.data" diff --git a/danish/security/2021/dsa-4933.wml b/danish/security/2021/dsa-4933.wml deleted file mode 100644 index 0905a87fa44..00000000000 --- a/danish/security/2021/dsa-4933.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="fbbd6d620a3b8c0b91322f3f8d48f61a5c2981b6" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i nettle, et kryptografisk bibliotek på -lavt niveau, hvilke kunne medføre lammelsesangreb (fjernt nedbrud i -RSA-dekryptering gennem særligt fremstillet ciphertext, nedbrud ved verifikation -af ECDSA-signatur) eller ukorrekt verifikation af ECDSA-signaturer.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 3.4.1-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine nettle-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nettle, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nettle

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4933.data" diff --git a/danish/security/2021/dsa-4934.wml b/danish/security/2021/dsa-4934.wml deleted file mode 100644 index a9ad0b05d93..00000000000 --- a/danish/security/2021/dsa-4934.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="d5484a72e71b8da89fe25f18d5d9248fab4b56c6" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering indeholder opdateret CPU-microcode til nogle former for -Intel-CPU'er, og leverer afhjælpning af sikkerhedssårbarheder, der kunne medføre -rettighedsforøgelse i forbindelse med VT-d og forskellige sidekanalangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 3.20210608.2~deb10u1.

- -

Bemærk at der er to rapporterede regressioner; ved nogle CoffeeLake-CPU'er, -kan denne opdatering medføre at iwlwifi holder op med at virke -(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56) -og ved nogle Skylake R0/D0-CPUer på systemer, der anvender en meget forældet -firmware/BIOS, vil systemet hænge ved boot: -(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31)

- -

Hvis du er påvirket at disse problemer, kan du løse det ved at deaktivere -indlæsning af microcode ved boot (som dokumenteret i README.Debian, der også er -tilgængelig online på -\ -https://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/README.Debian)

- -

Vi anbefaler at du opgraderer dine intel-microcode-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende intel-microcode, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/intel-microcode

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4934.data" diff --git a/danish/security/2021/dsa-4935.wml b/danish/security/2021/dsa-4935.wml deleted file mode 100644 index 2cdf48f7f9b..00000000000 --- a/danish/security/2021/dsa-4935.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="15b6bec94f1cf640510449f9fe4015084c4c0708" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev fundet i PHP, et vidt udbredt og generelt -anvendeligt open source-skriptsprog, hvilke kunne føre til en SSRF-omgåelse af -FILTER_VALIDATE_URL-kontrollen samt lammelsesangreb eller potentielt udførelse -af vilkårlig kode i Firebird-PDO'en.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 7.3.29-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine php7.3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.3, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4935.data" diff --git a/danish/security/2021/dsa-4936.wml b/danish/security/2021/dsa-4936.wml deleted file mode 100644 index 5b824b239de..00000000000 --- a/danish/security/2021/dsa-4936.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="4be2b091c25c6ac980fc7632b3b90ad19b308ff9" mindelta="1" -sikkerhedsopdatering - -

En læsning udenfor grænserne blev opdaget i funktionen uv__idna_to_ascii() i -Libuv, et bibliotek til asynkron notifikation om events, hvilken kunne medføre -lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.24.1-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine libuv1-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libuv1, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libuv1

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4936.data" diff --git a/danish/security/2021/dsa-4937.wml b/danish/security/2021/dsa-4937.wml deleted file mode 100644 index 74cbeb7ffba..00000000000 --- a/danish/security/2021/dsa-4937.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="969217b0f40311f19c818f4a2aed598edc9bf2c6" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i Apaches HTTP-server, hvilke kunne medføre -lammelsesangreb. Desuden kunne implementeringen af valgmuligheden MergeSlashes -medføre uventet virkemåde.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.4.38-3+deb10u5.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende apache2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/apache2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4937.data" diff --git a/danish/security/2021/dsa-4938.wml b/danish/security/2021/dsa-4938.wml deleted file mode 100644 index 5ea97beb8f4..00000000000 --- a/danish/security/2021/dsa-4938.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="f03905d87009337c984ca94d21c8407c38893fa2" mindelta="1" -sikkerhedsopdatering - -

Miroslav Lichvar rapporterede at programmet ptp4l i linuxptp, en -implementering af Precision Time Protocol (PTP), ikke validerede feltet -messageLength i indkommende meddelelser, hvilket gjorde det muligt for en -fjernangriber at forårsage et lammelsesangreb, informationslækage eller -potentielt fjernudførelse af kode.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.9.2-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine linuxptp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linuxptp, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linuxptp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4938.data" diff --git a/danish/security/2021/dsa-4939.wml b/danish/security/2021/dsa-4939.wml deleted file mode 100644 index a0d68b70db2..00000000000 --- a/danish/security/2021/dsa-4939.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="e65f932260f4df1d2f6e3c04feec56406a0340bf" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 78.12.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4939.data" diff --git a/danish/security/2021/dsa-4940.wml b/danish/security/2021/dsa-4940.wml deleted file mode 100644 index 7e2a2df1046..00000000000 --- a/danish/security/2021/dsa-4940.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="7678c6dc2fb134b99ec225ce21ca3cd931d06e88" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 1:78.12.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4940.data" diff --git a/danish/security/2021/dsa-4941.wml b/danish/security/2021/dsa-4941.wml deleted file mode 100644 index 054b6e76dd8..00000000000 --- a/danish/security/2021/dsa-4941.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="158226aad5fbf7d8645b13853a75c3562078bbc7" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2020-36311 - -

    En fejl blev opdaget i KVM-undersystemet til AMD-CPU'er, hvilket gjorde - det muligt for en angriber at forårsage et lammelsesangreb ved at udløse - destruktion af en stor SEV-VM.

    • - -
  • CVE-2021-3609 - -

    Norbert Slusarek rapporterede om en kapløbstilstandssårbarhed i - netværksprotokollen CAN BCM, hvilken gjorde det muligt for en lokal angriber - at forøge rettigheder.

    • - -
  • CVE-2021-33909 - -

    Qualys Research Labs opdagede en size_t-to-int-konverteringssårbarhed i - Linux-kernens filsystemlag. En upriviligeret lokal angriber, som er i - stand til at oprette, mounte og dernæst slette en dyb mappestruktur, hvis - totale stilængde overstiger 1 GB, kunne drage nytte af fejlen til - rettighedsforøgelse.

    - -

    Flere oplysninger finder man i Qualys' bulletin på: - \ - https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt

    • - -
  • CVE-2021-34693 - -

    Norbert Slusarek opdagede en informationslækage i netværksprotokollen CAN - BCM. En lokal angriber kunne drage nytte af fejlen til at få fat i følsomme - oplysninger fra kernestakhukommelsen.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 4.19.194-3.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4941.data" diff --git a/danish/security/2021/dsa-4942.wml b/danish/security/2021/dsa-4942.wml deleted file mode 100644 index c97cd73ee9a..00000000000 --- a/danish/security/2021/dsa-4942.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="48746be51c584895907f61cadde08b88bba638a8" mindelta="1" -sikkerhedsopdatering - -

Qualys Research Labs opdagede at en angriberkontrolleret allokering med brug -af alloca()-funktionen, kunne medføre hukommelseskorruption, hvilket gjorde det -muligt at få systemd til at gå ned, og dermed hele styresystemet.

- -

Flere oplysninger finder man i Qualys' bulletin på: -\ -https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt

- -

I den stabile distribution (buster), er dette problem rettet i -version 241-7~deb10u8.

- -

Vi anbefaler at du opgraderer dine systemd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende systemd, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/systemd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4942.data" diff --git a/danish/security/2021/dsa-4943.wml b/danish/security/2021/dsa-4943.wml deleted file mode 100644 index 8219b41d0a9..00000000000 --- a/danish/security/2021/dsa-4943.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="e49d74229aaafee36a90345e5500c466899fb81f" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i lemonldap-ng, et web-SSO-system. Fejlene -kunne medføre informationsafsløring, autentifikationsomgåelse, eller kunne gøre -det muligt for en angriber, at forsøge sit autentifikationsniveau eller udgive -sig for at være en anden bruger, særligt når lemonldap-ng er opsat til at -forøge autentifikationsniveauet for brugere som autentificeres gennem en -sekundær faktor.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.0.2+ds-7+deb10u6.

- -

Vi anbefaler at du opgraderer dine lemonldap-ng-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lemonldap-ng, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lemonldap-ng

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4943.data" diff --git a/danish/security/2021/dsa-4944.wml b/danish/security/2021/dsa-4944.wml deleted file mode 100644 index c43327e94c9..00000000000 --- a/danish/security/2021/dsa-4944.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c58742bc6eed922d7c255902d3a51e24d7a3745b" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Key Distribution Center (KDC) i krb5, MIT's implementering af -Kerberos, var sårbar over for en NULL-pointerdereferencefejl. En -uautentificeret bruger kunne drage nytte af fejlen til at forårsage et -lammelsesangreb (KDC-nedbrud) ved at sende en forespørgsel indeholdende et -PA-ENCRYPTED-CHALLENGE-padataelement uden at anvende FAST.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.17-3+deb10u2.

- -

Vi anbefaler at du opgraderer dine krb5-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende krb5, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/krb5

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4944.data" diff --git a/danish/security/2021/dsa-4945.wml b/danish/security/2021/dsa-4945.wml deleted file mode 100644 index db1da6ad7f5..00000000000 --- a/danish/security/2021/dsa-4945.wml +++ /dev/null @@ -1,92 +0,0 @@ -#use wml::debian::translation-check translation="79d3502f9416ddb5b313214ab9f721d43b0d4107" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2021-21775 - -

    Marcin Towalski opdagede at en særligt fremstillet webside potentielt - kunne føre til informationslækage og yderligere hukommelseskorruption. For - at udløse sårbarheden, skulle et offer narres til at besøge en ondsindet - webside.

    • - -
  • CVE-2021-21779 - -

    Marcin Towalski opdagede at en særligt fremstillet webside potentielt - kunne føre til informationslækage og yderligere hukommelseskorruption. For - at udløse sårbarheden, skulle et offer narres til at besøge en ondsindet - webside.

    • - -
  • CVE-2021-30663 - -

    En anonym efterforsker opdagede at behandling af ondsindet fabrikeret - webindhold kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30665 - -

    yangkang opdagede at behandling af ondsindet fabrikeret webindhold kunne - føre til udførelse af vilkårlig kode. Apple er opmærksom på en rapport om - at dette problem i praksis har været udnyttet.

    • - -
  • CVE-2021-30689 - -

    En anonym efterforsker opdagede at ondsindet fabrikeret webindhold kunne - føre til universiel udførelse af skripter på tværs af servere.

    • - -
  • CVE-2021-30720 - -

    David Schutz opdagede at et ondsindet websted kunne være i stand til at - tilgå porte med begrænset adgang på vilkårlige servere.

    • - -
  • CVE-2021-30734 - -

    Jack Dates opdagede at behandling af ondsindet fabrikeret indhold kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30744 - -

    Dan Hite opdagede at behandling af ondsindet fabrikeret webindhold kunne - føre til universel udførelse af skripter på tværs af servere.

    • - -
  • CVE-2021-30749 - -

    En anonym efterforsker opdagede at behandling af ondsindet fabrikeret - webindhold kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30758 - -

    Christoph Guttandin opdagede at behandling af ondsindet fabrikeret - webindhold kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30795 - -

    Sergei Glazunov opdagede at behandling af ondsindet fabrikeret webindhold - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30797 - -

    Ivan Fratric opdagede at behandling af ondsindet fabrikeret webindhold - kunne føre til udførelse af kode.

    • - -
  • CVE-2021-30799 - -

    Sergei Glazunov opdagede at behandling af ondsindet fabrikeret - webindhold kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.32.3-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4945.data" diff --git a/danish/security/2021/dsa-4946.wml b/danish/security/2021/dsa-4946.wml deleted file mode 100644 index 058de964b33..00000000000 --- a/danish/security/2021/dsa-4946.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ef763b8db391f549d9938b5c8a192309f25d0024" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, medførende omgåelse af -sandkassebegrænsninger, ukorrekt validering af signerede Jars eller -informationsafsløring.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 11.0.12+7-2~deb10u1.

- -

Vi anbefaler at du opgraderer dine openjdk-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4946.data" diff --git a/danish/security/2021/dsa-4947.wml b/danish/security/2021/dsa-4947.wml deleted file mode 100644 index c618978cdf9..00000000000 --- a/danish/security/2021/dsa-4947.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="2d3e4967c66e205139d3f2a19a7c0ed353cf1767" mindelta="1" -sikkerhedsopdatering - -

Andrea Fioraldi opdagede et bufferoverløb i libsndfile, et bibliotek til -læsning/skrivning af lydfiler, hvilket kunne medføre lammelsesangreb eller -potentielt udførelse af vilkårlig kode ved behandling af en misdannet -lydfil.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.0.28-6+deb10u1.

- -

Vi anbefaler at du opgraderer dine libsndfile-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libsndfile, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libsndfile

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4947.data" diff --git a/danish/security/2021/dsa-4948.wml b/danish/security/2021/dsa-4948.wml deleted file mode 100644 index 13377a6630f..00000000000 --- a/danish/security/2021/dsa-4948.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="ede24ae392348712f4d13e596b96d08f8a914387" mindelta="1" -sikkerhedsopdatering - -

Et bufferoverløb blev opdaget i stavekontrollen Aspell, hvilket kunne medføre -udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.60.7~20110707-6+deb10u1.

- -

Vi anbefaler at du opgraderer dine aspell-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende aspell, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/aspell

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4948.data" diff --git a/danish/security/2021/dsa-4949.wml b/danish/security/2021/dsa-4949.wml deleted file mode 100644 index 7455ac28d91..00000000000 --- a/danish/security/2021/dsa-4949.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="3d4bd285d0dbc3200e9f0b997f93899e9ff75471" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Jetty, en Java-servletmotor og --webserver, hvilke kunne medføre udførelse af skripter på tværs af websteder, -informationsafsløring, rettighedsforøgelse eller lammelsesangreb.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 9.4.16-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine jetty9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende jetty9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/jetty9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4949.data" diff --git a/danish/security/2021/dsa-4950.wml b/danish/security/2021/dsa-4950.wml deleted file mode 100644 index d034971df92..00000000000 --- a/danish/security/2021/dsa-4950.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a97e8471e45507bdca135f4dda299c077ff36ed9" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i Ansible, et system til håndtering af -opsætninger, udrulning og udførelse af opgaver, hvilke kunne medføre -informationsafsløring eller indsprøjtning af parameter. Desuden blev en -kapløbstilstand rettet i become_user.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 2.7.7+dfsg-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine ansible-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ansible, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ansible

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4950.data" diff --git a/danish/security/2021/dsa-4951.wml b/danish/security/2021/dsa-4951.wml deleted file mode 100644 index 297859d2899..00000000000 --- a/danish/security/2021/dsa-4951.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="6aa682f4f094fddd41be2462f4e493e841ffb1ac" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Bluez, Linux Bluetooth-protokolstakken.

- -
    - -
  • CVE-2020-26558 / - CVE-2021-0129 - -

    Man opdagede at Bluez ikke på korrekt vis kontrollerede rettigheder under - pairinghandlingen, hvilket kunne gøre det muligt for en angriber at udgive - sig for at være den enhed, som startede forbindelsen.

    • - -
  • CVE-2020-27153 - -

    Jay LV opdagede en dobbelt frigivelse-fejl i rutinen disconnect_cb() i - gattool. En fjernangriber kunne drage nytte af fejlen under en - tjenesteopdagelse til lammelsesangreb, eller potentielt til udførelse af - vilkårlig kode.

    • - -
- -

I den stabile distribution (buster), er disse problemer rettet i -version 5.50-1.2~deb10u2.

- -

Vi anbefaler at du opgraderer dine bluez-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bluez, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/bluez

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4951.data" diff --git a/danish/security/2021/dsa-4952.wml b/danish/security/2021/dsa-4952.wml deleted file mode 100644 index 66c1b07e89f..00000000000 --- a/danish/security/2021/dsa-4952.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="2fdc9738be8390f52c150dda83c9fbc564d44d5d" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Tomcats servlet og JSP-motor, hvilke kunne -medføre smugling af HTTP-forespørgsler, omgåelse af udlogningsbegrænsninger -eller autentifikationer ved hjælp af varianter af et gyldigt brugernavn.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 9.0.31-1~deb10u5.

- -

Vi anbefaler at du opgraderer dine tomcat9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tomcat9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tomcat9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4952.data" diff --git a/danish/security/2021/dsa-4953.wml b/danish/security/2021/dsa-4953.wml deleted file mode 100644 index 2ce426ca342..00000000000 --- a/danish/security/2021/dsa-4953.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="3baaada0b618e1123e38c378057efb3990225649" mindelta="1" -sikkerhedsopdatering - -

Thorsten Glaser og Axel Beckert rapporterede at ynx, en ikke-grafisk -webbrowser (teksttilstand), ikke på korrekt vis håndterede underkomponenten -userinfo i en URI, hvilket kunne føre til lækage af loginoplysninger i -klartekst i SNI-data.

- -

I den stabile distribution (buster), er dette problem rettet i -version 2.8.9rel.1-3+deb10u1.

- -

Vi anbefaler at du opgraderer dine lynx-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lynx, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/lynx

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4953.data" diff --git a/danish/security/2021/dsa-4954.wml b/danish/security/2021/dsa-4954.wml deleted file mode 100644 index 9129f65ce48..00000000000 --- a/danish/security/2021/dsa-4954.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="51344094e10a6d3654bfb99d6ddb7fd5f2988a51" mindelta="1" -sikkerhedsopdatering - -

Philipp Jeitner og Haya Shulman opdagede en fejl i c-ares, et bibliotek som -udfører asynkrone DNS-forespørgsler og navneopløsninger. Manglende kontrol af -inddata ved værtsnavne modtaget fra DNS-servere, kunnne føre til at uddata med -forkerte værtsnavne (medførende domænekapring).

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.14.0-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine c-ares-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende c-ares, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/c-ares

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4954.data" diff --git a/danish/security/2021/dsa-4955.wml b/danish/security/2021/dsa-4955.wml deleted file mode 100644 index b9a57ae3557..00000000000 --- a/danish/security/2021/dsa-4955.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="cba2ec6a4ecf2da99858d59090fee879df8df365" mindelta="1" -sikkerhedsopdatering - -

Philipp Jeitner og Haya Shulman opdagede et stakbaseret bufferoverløb i -libspf2, et bibliotek til kontrol af mailafsendere med SPF, hvilket kunne -medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode, når -der behandledes en særligt fabrikeret SPF-post.

- -

I den stabile distribution (buster), er dette problem rettet i -version 1.2.10-7.1~deb10u1.

- -

Vi anbefaler at du opgraderer dine libspf2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libspf2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libspf2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4955.data" diff --git a/danish/security/2021/dsa-4956.wml b/danish/security/2021/dsa-4956.wml deleted file mode 100644 index 1894491580a..00000000000 --- a/danish/security/2021/dsa-4956.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="cb965557ab8252dac7cd0d194529817660e969e4" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 78.13.0esr-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4956.data" diff --git a/danish/security/2021/dsa-4957.wml b/danish/security/2021/dsa-4957.wml deleted file mode 100644 index 50e5bc3828a..00000000000 --- a/danish/security/2021/dsa-4957.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="9af081dd46d0785cd7e6e99021c30ef1bda0d1fa" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Apache Traffic Server, en reverse og -forward proxyserver, hvilke kunne medføre lammelsesangreb, smugling af -HTTP-forespørgsler eller forgiftning af cache.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 8.0.2+ds-1+deb10u5.

- -

Vi anbefaler at du opgraderer dine trafficserver-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende trafficserver, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/trafficserver

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4957.data" diff --git a/danish/security/2021/dsa-4958.wml b/danish/security/2021/dsa-4958.wml deleted file mode 100644 index 7c9ad97f260..00000000000 --- a/danish/security/2021/dsa-4958.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="f62bac74a975df0d8fc148e4fd22275e3833f5a7" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Exiv2, et C++-bibliotek og et -kommandolinjeværktøj til håndtering af billedmetadata, hvilket kunne medføre -lammelsesangreb eller udførelse af vilkårlig kode hvis en misdannet fil blev -fortolket.

- -

I den stabile distribution (buster), er disse problemer rettet i -version 0.25-4+deb10u2.

- -

Vi anbefaler at du opgraderer dine exiv2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende exiv2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/exiv2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4958.data" diff --git a/danish/security/2021/dsa-4959.wml b/danish/security/2021/dsa-4959.wml deleted file mode 100644 index dfded27599b..00000000000 --- a/danish/security/2021/dsa-4959.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e0222cf367a5263a80a29645fe9ef421889293c6" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre udførelse af vilkårlig kode.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:78.13.0-1~deb11u1.

- -

I den gamle stabile distribution (buster), er disse problemer rettet i -version 1:78.13.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4959.data" diff --git a/danish/security/2021/dsa-4960.wml b/danish/security/2021/dsa-4960.wml deleted file mode 100644 index a3601e3b68c..00000000000 --- a/danish/security/2021/dsa-4960.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="0ef64561227e59f8f24772a07d8b7a05db0d0e31" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i HAProxy, en hurtig og pålidelig -load-balancing reverse proxy, hvilke kunne medføre smugling af -HTTP-forespørgsler. Ved omhyggeligt at fabrikere HTTP/2-forespørgsler, var det -muligt at smugle en anden HTTP-forespørgsel til backend'en valgt af -HTTP/2-forespørgslen. Ved visse opsætninger var det muligt for en angriber, at -sende en HTTP-forespørgsel til en backend, og dermed omgå logikken til valg af -backend.

- -

En kendt måde at undgå fejlene på, er at deaktivere HTTP/2 og sætte -tune.h2.max-concurrent-streams til 0 i sektionen global.

- -

global tune.h2.max-concurrent-streams 0

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.2.9-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine haproxy-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende haproxy, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/haproxy

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4960.data" diff --git a/danish/security/2021/dsa-4961.wml b/danish/security/2021/dsa-4961.wml deleted file mode 100644 index 4c3b7d7cc5f..00000000000 --- a/danish/security/2021/dsa-4961.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="f06e2808e33a8a7710f82dd1644ed0f5fe11df66" mindelta="1" -sikkerhedsopdatering - -

Henry de Valence rapporterede om en fejl i koden til signaturverifikation i -Tor, et forbindelsesbaseret anonyms kommunikationssystem med lave svartider. En -fjernangriber kunne drage nytte af fejlen til at forårsage en assertionfejl, -medførende lammelsesangreb.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 0.3.5.16-1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 0.4.5.10-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine tor-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tor, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/tor

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4961.data" diff --git a/danish/security/2021/dsa-4962.wml b/danish/security/2021/dsa-4962.wml deleted file mode 100644 index 562554f55b5..00000000000 --- a/danish/security/2021/dsa-4962.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="ec4e586fae885b532a9b1b9d6d35a4b8d95a721a" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i LedgerSMB, et regnskabs- og ERP-program, -hvilke kunne medføre udførelse af skripter på tværs af websteder eller -clickjacking.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1.6.9+ds-1+deb10u2.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.6.9+ds-2+deb11u2.

- -

Vi anbefaler at du opgraderer dine ledgersmb-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ledgersmb, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ledgersmb

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4962.data" diff --git a/danish/security/2021/dsa-4963.wml b/danish/security/2021/dsa-4963.wml deleted file mode 100644 index 5d10a1ea4c5..00000000000 --- a/danish/security/2021/dsa-4963.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="6485968c0f180fd4720e21f7f0bdc48b3c3bf4f0" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i OpenSSL, et Secure Sockets -Layer-værktøjssæt.

- -
    - -
  • CVE-2021-3711 - -

    John Ouyang rapporterede om en bufferoverløbssårbarhed i - SM2-dekryptering. En angriber i stand til at præsentere SM2-indhold til - dekryptering til en applikation, kunne drage nytte af fejlen to at ændre - applikationsvirkemåde eller forårsage at applikationen gik ned - (lammelsesangreb).

    • - -
  • CVE-2021-3712 - -

    Ingo Schwarze rapporterede en bufferoverløbsfejl ved behandling af - ASN.1-strenge i funktionen X509_aux_print(), hvilket kunne medføre - lammelsesangreb.

    • - -
- -

Yderligere oplysninger findes i opstrøms bulletin: -\ -https://www.openssl.org/news/secadv/20210824.txt

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1.1.1d-0+deb10u7.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1.1.1k-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/openssl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4963.data" diff --git a/danish/security/2021/dsa-4964.wml b/danish/security/2021/dsa-4964.wml deleted file mode 100644 index 380de7e2d95..00000000000 --- a/danish/security/2021/dsa-4964.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="a60fa871122117cd7fcd74f71b26eb61234afd21" mindelta="1" -sikkerhedsopdatering - -

Michael Catanzaro rapporterede om et problem i Grilo, et framework til at -finde og gennemse medier. TLS-certifikatverifikation er ikke aktiveret på -SoupSessionAsync-objekter oprettet af Grilo, hvilket betyder at brugerne er -sårbare over for netværks-MITM-angreb.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 0.3.7-1+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 0.3.13-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine grilo-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende grilo, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/grilo

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4964.data" diff --git a/danish/security/2021/dsa-4965.wml b/danish/security/2021/dsa-4965.wml deleted file mode 100644 index 6ea375415f5..00000000000 --- a/danish/security/2021/dsa-4965.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="592abfaf19b48d71d302fdabb322115ccb417ecd" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at et bufferoverløb i rekeying i libssh, kunne medføre -lammelsesangreb eller potentielt udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (buster) er ikke påvirket.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 0.9.5-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine libssh-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libssh, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libssh

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4965.data" diff --git a/danish/security/2021/dsa-4966.wml b/danish/security/2021/dsa-4966.wml deleted file mode 100644 index efd772240b9..00000000000 --- a/danish/security/2021/dsa-4966.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="1fb2ae292f5db5e72fafc7259e8d06f11f7aab92" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i multimedieframeworket GPAC, -hvilke kunne medføre lammelsesangreb eller udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (buster) er ikke påvirket.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1.0.1+dfsg1-4+deb11u1.

- -

Vi anbefaler at du opgraderer dine gpac-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gpac, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gpac

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4966.data" diff --git a/danish/security/2021/dsa-4967.wml b/danish/security/2021/dsa-4967.wml deleted file mode 100644 index 3bc9be6473b..00000000000 --- a/danish/security/2021/dsa-4967.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="117b4a335868aeb3fa87061a991b7a95beb201d1" mindelta="1" -sikkerhedsopdatering - -

Etienne Stalmans opdagede at unsquashfs i squashfs-tools, værktøjerne til at -oprette og udtrække Squashfs-filsystemer, ikke validerede filnavne til gennemløb -udenfor målmappen. En angriber kunne drage nytte af fejlen til skrivning til -vilkårlige filer på filsystemet, hvis et misdannet Squashfs-aftryk blev -behandlet.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1:4.3-12+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1:4.4-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine squashfs-tools-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende squashfs-tools, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/squashfs-tools

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4967.data" diff --git a/danish/security/2021/dsa-4968.wml b/danish/security/2021/dsa-4968.wml deleted file mode 100644 index 0e3b7fe757b..00000000000 --- a/danish/security/2021/dsa-4968.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="1eb3932e2f83538a9ef6b953c8a65a929524bda5" mindelta="1" -sikkerhedsopdatering - -

Ori Hollander rapporterede at manglende kontrol af headernavnet længde i -funktionerne htx_add_header() og htx_add_trailer() i HAProxy, en hurtig og -pålidelig load balancing-reverse proxy, kunne medføre angreb i forbindelse med -smugling af forespørgsler eller opsplitning af svar.

- -

Desuden løser denne opdatering #993303, som opståd i DSA 4960-1, hvilket -medførte at HAProxy ikke kunne håndtere URL'er med HTTP/2 indeholdende -//.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.2.9-2+deb11u2.

- -

Vi anbefaler at du opgraderer dine haproxy-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende haproxy, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/haproxy

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4968.data" diff --git a/danish/security/2021/dsa-4969.wml b/danish/security/2021/dsa-4969.wml deleted file mode 100644 index e00c282ccb1..00000000000 --- a/danish/security/2021/dsa-4969.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="7271cd065085fb10d014d231d76bc7e799098272" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 78.14.0esr-1~deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 78.14.0esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4969.data" diff --git a/danish/security/2021/dsa-4970.wml b/danish/security/2021/dsa-4970.wml deleted file mode 100644 index 51928d82b22..00000000000 --- a/danish/security/2021/dsa-4970.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="80f219d5ad25ebfa3029836ec90f3c9b44ffb479" mindelta="1" -sikkerhedsopdatering - -

Kevin Israel opdagede at Postorius, den administrative webfrontend til -Mailman 3, ikke validerede hvorvidt en indlogget bruger ejer mailadressen, -når et abonnement ophæves.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1.2.4-1+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.3.4-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine postorius-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende postorius, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/postorius

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4970.data" diff --git a/danish/security/2021/dsa-4971.wml b/danish/security/2021/dsa-4971.wml deleted file mode 100644 index 0384e4a5756..00000000000 --- a/danish/security/2021/dsa-4971.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="df8787fcc27c8f46df559b42b1ad6eb64029aa8b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i NTFS-3G, NTFS-driver til FUSE med -understøttelse af læsning og skrivning. En lokal bruger kunne drage nytte af -fejlene til lokal root-rettighedsforøgelse.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:2017.3.23AR.3-3+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:2017.3.23AR.3-4+deb11u1.

- -

Vi anbefaler at du opgraderer dine ntfs-3g-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ntfs-3g, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/ntfs-3g

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4971.data" diff --git a/danish/security/2021/dsa-4972.wml b/danish/security/2021/dsa-4972.wml deleted file mode 100644 index eaf3f329406..00000000000 --- a/danish/security/2021/dsa-4972.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="c7890a2562bcf3265d8a6ec48d164e22718a2009" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Ghostscript, GPL PostScript/PDF-fortolkeren, ikke på korrekt -vis validerede adgang til IO-enhederne %pipe%, %handle% og -%printer%, hvilket kunne medføre udførelse af vilkårlig kode, hvis en -misdannet Postscript-fil blev behandlet (på trods af at sandkassen -dSAFER var -aktiveret).

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 9.53.3~dfsg-7+deb11u1.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ghostscript, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ghostscript

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4972.data" diff --git a/danish/security/2021/dsa-4973.wml b/danish/security/2021/dsa-4973.wml deleted file mode 100644 index ff962edd7a6..00000000000 --- a/danish/security/2021/dsa-4973.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="6ba20d3399e411c39faa453e9a77b20b046a4a8b" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1:78.14.0-1~deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1:78.14.0-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4973.data" diff --git a/danish/security/2021/dsa-4974.wml b/danish/security/2021/dsa-4974.wml deleted file mode 100644 index 4645030655e..00000000000 --- a/danish/security/2021/dsa-4974.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="8f4d5d36cfd58919423f5b3477d0c4d7c3725e78" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Nextclouds desktopklient, hvilke kunne medføre -informationsafsløring.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.5.1-3+deb10u2.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 3.1.1-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine nextcloud-desktop-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nextcloud-desktop, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nextcloud-desktop

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4974.data" diff --git a/danish/security/2021/dsa-4975.wml b/danish/security/2021/dsa-4975.wml deleted file mode 100644 index 8127da190d8..00000000000 --- a/danish/security/2021/dsa-4975.wml +++ /dev/null @@ -1,31 +0,0 @@ -#use wml::debian::translation-check translation="b9f9d99d4282926c508e1e4290af054e259997d4" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarhed blev opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2021-30858 - -

    En anonym efterforsker opdagede at behandling af ondsindet fremstillet - webindhold, kunne føre til udførelse af vilkårlig kode. Apple er opmærksom - på en rapport om at dette problem kan have været aktivt udnyttet.

    • - -
- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.32.4-1~deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.32.4-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4975.data" diff --git a/danish/security/2021/dsa-4976.wml b/danish/security/2021/dsa-4976.wml deleted file mode 100644 index 7860b62c953..00000000000 --- a/danish/security/2021/dsa-4976.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="e292e724b19f989085bc7f6aa80c96ee1aa3a097" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarhed er opdaget i webmotoren wpewebkit:

- -
    - -
  • CVE-2021-30858 - -

    En anonym efterforsker opdagede at behandling af ondsindet fremstillet - webindhold, kunne føre til udførelse af vilkårlig kode. Apple er opmærksom - på en rapport om at dette problem kan have været aktivt udnyttet.

    • - -
- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.32.4-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine wpewebkit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpewebkit, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpewebkit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4976.data" diff --git a/danish/security/2021/dsa-4977.wml b/danish/security/2021/dsa-4977.wml deleted file mode 100644 index 977a52b77b8..00000000000 --- a/danish/security/2021/dsa-4977.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="145ac14348dfb7d321fdf8808e5e364ab1e9032f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisor'en Xen, hvilke kunne medføre i -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -

Med ophøret af opstrømsunderstøttelse af 4.11-forgreningen, er versionen af -xen i den gamle stabile distribution (buster) ikke længere understøttet. Hvis -du er afhængig af sikkerhedsunderstøttelse af din Xen-installation, så -anbefales det at opdatere til den stabile distribution (bullseye).

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 4.14.3-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4977.data" diff --git a/danish/security/2021/dsa-4978.wml b/danish/security/2021/dsa-4978.wml deleted file mode 100644 index 9e2a3ec6f8f..00000000000 --- a/danish/security/2021/dsa-4978.wml +++ /dev/null @@ -1,124 +0,0 @@ -#use wml::debian::translation-check translation="cb61e48c0b590145d526b25534c156232550c9c0" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2020-3702 - -

    En fejl blev fundet i driveren til Atheros IEEE 802.11n-familien af - chipset (ath9k), hvilket muliggjorde informationsafsløring.

    • - -
  • CVE-2020-16119 - -

    Hadar Manor rapporterede om anvendelse efter frigivelse i - implementeringen af DCCP-protokollen i Linux-kernen. En lokal angriber - kunne drage nytte af fejlen til at forårsage et lammelsesangreb eller - potentielt udføre vilkårlig kode.

    • - -
  • CVE-2021-3653 - -

    Maxim Levitsky opdagede en sårbarhed i implementeringen af - KVM-hypervisor'en til AMD-processorerer i Linux-kernen: Manglende - validering af WMCB-feltet int_ctl kunne gøre det muligt for en - ondsindet L1-gæst at aktivere AVIC-understøttelse (Advanced Virtual - Interrupt Controller) for L2-gæster. L2-gæsten kunne drage nytte af - fejlen til at skrive til et begrænset, men dog relativ stor delmængde - af værtens fysiske hukommelse.

    • - -
  • CVE-2021-3656 - -

    Maxim Levitsky og Paolo Bonzini opdagede en fejl i implementeringen af - KVM-hypervisor'en til AMD-processorer i Linux-kernen. Manglende validering - af WMCB-feltet virt_ext kunne gøre det muligt for en ondsindet - L1-gæst at deaktivere begge VMLOAD-/VMSAVE-opfangelser og VLS (Virtual - VMLOAD/VMSAVE) for L2-gæsten. Under disse omstændigheder, var L2-gæsten i - stand til at køre VMLOAD/VMSAVE uden opfangelser, og dermed læse/skrive dele - af værtens fysiske hukommelse.

    • - -
  • CVE-2021-3679 - -

    En fejl i Linux-kernens tracingmodulfunktionalitet kunne gøre det muligt - for en priviligeret lokal bruger (med CAP_SYS_ADMIN-muligheden), at - forårsage et lammelsesangreb (ressourceudsultning).

    • - -
  • CVE-2021-3732 - -

    Alois Wohlschlager rapporterede om en fejl i implementeringen af - undersystemet overlayfs, hvilket gjorde det muligt for en lokal angriber, - med rettigheder til at mount'e et filsystem, at blotlægge filer skjult i den - oprindelige mount.

    • - -
  • CVE-2021-3739 - -

    En NULL-pointerdereferencefejl blev fundet i filsystemet btrfs, hvilket - gjorde det muligt for en lokal angreber, med CAP_SYS_ADMIN-muligheden, at - forårsage et lammelsesangreb.

    • - -
  • CVE-2021-3743 - -

    En hukommelseslæsning udenfor grænserne blev opdaget i implementeringen - af routeprotokollen Qualcomm IPC, hvilket gjorde det muligt at forårsage - lammelsesangreb eller informationslækage.

    • - -
  • CVE-2021-3753 - -

    Minh Yuan rapporterede om en kapløbstilstand i vt_k_ioctl i - drivers/tty/vt/vt_ioctl.c, hvilke kunne forårsage en læsning udenfor - grænserne i vt.

    • - -
  • CVE-2021-37576 - -

    Alexey Kardashevskiy rapporterede om et bufferoverløb i KVM-undersystemet - på powerpc-platformen, hvilke gjorde det muligt for - KVM-gæstestyresystemsbrugere at forårsage hukommelseskorruption på - værten.

    • - -
  • CVE-2021-38160 - -

    En fejl i virtio_console blev opdaget, hvilket muliggjorde datakorruption - eller datatab gennem en enhed, der ikke er tillid til.

    • - -
  • CVE-2021-38166 - -

    En heltalsoverløbsfejl i BPF-undersystemet kunne gøre det muligt for en - lokal angriber at forårsage et lammelsesangreb eller potentielt udførelse af - vilkårlig kode. Fejlen er som standard afhjulpet i Debian, da - upriviligerede kald til bpf() er deaktiveret.

    • - -
  • CVE-2021-38199 - -

    Michael Wakabayashi rapporterede om en fejl i implementeringen af - NFSv4-klienten, hvor ukorrekt forbindelsesopsætningsrækkefølge, muliggjorde - at handlinger fra en fjern NFSv4-server kunne forårsage - lammelsesangreb.

    • - -
  • CVE-2021-40490 - -

    En kapløbstilstand blev opdaget i ext4-undersystemet ved skrivning til en - inline_data-fil mens dens xattrs ændres. Det kunne medføre - lammelsesangreb.

    • - -
  • CVE-2021-41073 - -

    Valentina Palmiotti opdagede en fejl i io_uring, hvilket gjorde det - muligt for en lokal angriber at forøge rettigheder.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.10.46-5. Denne opdatering indeholder rettelser vedrørende #993948 og -#993978.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4978.data" diff --git a/danish/security/2021/dsa-4979.wml b/danish/security/2021/dsa-4979.wml deleted file mode 100644 index 7689f760522..00000000000 --- a/danish/security/2021/dsa-4979.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="906b922dbc10b9ef2d511f647952832b5fabc61b" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev fundet i MediaWiki, en webstedsmotor til -samarbejdsprojekter, hvilke kunne medføre udførelse af skripter på tværs af -websteder, lammelsesangreb og omgåelse af begrænsninger i udvidelsen -Replace Text.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:1.31.16-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:1.35.4-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mediawiki, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mediawiki

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4979.data" diff --git a/danish/security/2021/dsa-4980.wml b/danish/security/2021/dsa-4980.wml deleted file mode 100644 index fa7eb4abd20..00000000000 --- a/danish/security/2021/dsa-4980.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7faefffc3274a573d5c5f07519cdb24891c4093c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemeer blev opdaget i QEMU, en hurtig -processoremulator, hvilke kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:5.2+dfsg-11+deb11u1.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qemu, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qemu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4980.data" diff --git a/danish/security/2021/dsa-4981.wml b/danish/security/2021/dsa-4981.wml deleted file mode 100644 index 67f93e4b6bc..00000000000 --- a/danish/security/2021/dsa-4981.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="67497a8fa36e45e02dc4c83683e31e3e9c185249" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet i -version 78.15.0esr-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 78.15.0esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4981.data" diff --git a/danish/security/2021/dsa-4982.wml b/danish/security/2021/dsa-4982.wml deleted file mode 100644 index fc29806658f..00000000000 --- a/danish/security/2021/dsa-4982.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="5ccf6f35aca5c2fe23efdaee39652b59f684e253" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er fundet i Apaches HTTP-server, hvilke kunne medføre -lammelsesangreb. Desuden blev der opdaget en sårbarhed i mod_proxy, som gjorde -det muligt for en angriber kunne udnytte til at narre serveren til at -videresende forespørgsler til vilkårlige ophavsserere.

- -

I den gamle stabile distribution (buster), er disse problemer rettet i -version 2.4.38-3+deb10u6.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.4.51-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende apache2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/apache2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4982.data" diff --git a/danish/security/2021/dsa-4983.wml b/danish/security/2021/dsa-4983.wml deleted file mode 100644 index 0f9b9d9ad17..00000000000 --- a/danish/security/2021/dsa-4983.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="546016c2142ac66b3cadc5d6f9f7358a846ad458" mindelta="1" -sikkerhedsopdatering - -

Pavel Toporkov opdagede en sårbarhed i Neutron, OpenStacks virtuelle -netværksservice, hvilken gjorde det muligt at genopsætte dnsmasq gennem en -fabrikerede dhcp_extra_opts-parametre.

- -

I den gamle stabile distribution (buster), er dette problem rettet i -version 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1. Denne opdatering -retter også -\ -CVE-2021-20267.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2:17.2.1-0+deb11u1. Denne opdatering retter også -\ -CVE-2021-38598.

- -

Vi anbefaler at du opgraderer dine neutron-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende neutron, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/neutron

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4983.data" diff --git a/danish/security/2021/dsa-4984.wml b/danish/security/2021/dsa-4984.wml deleted file mode 100644 index 7407bfa0978..00000000000 --- a/danish/security/2021/dsa-4984.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="5004ac5f8a314d76777de79849730426b3f783fc" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at sandkassebegrænsninger i Flatpak, et -applikationsudrulningsframework til skrivebordsapps, kunne omgås for en -Flatpak-app med direkte adgang til AF_UNIX-sockets, ved at manipulere med VFS'en -med brug af mount-relaterede syscalls, som ikke er blokeret af Flatpaks -denylist-seccomp-filter.

- -

Flere oplysninger finder man i opstrøms bulletin på -\ -https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.10.5-0+deb11u1.

- -

Vi anbefaler at du opgraderer dine flatpak-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende flatpak, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/flatpak

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4984.data" diff --git a/danish/security/2021/dsa-4985.wml b/danish/security/2021/dsa-4985.wml deleted file mode 100644 index b64a3d7f917..00000000000 --- a/danish/security/2021/dsa-4985.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="5677f831faba6fc42e12b69e1db8c3f47b443c3c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Wordpress, et webbloggingværktøj. De -gjorde det muligt for fjernangribere at udføre skripter på tværs af websteder -(XSS) eller udgive sig for at være andre brugere.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 5.0.14+dfsg1-0+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.7.3+dfsg1-0+deb11u1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wordpress, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wordpress

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4985.data" diff --git a/danish/security/2021/dsa-4986.wml b/danish/security/2021/dsa-4986.wml deleted file mode 100644 index 9a267872c14..00000000000 --- a/danish/security/2021/dsa-4986.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="5fbd24a15ccc413ef021754d0b9d106e907776b6" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i Tomcats servlet og JSP-motor, hvilke kunne -medføre lammelsesangreb.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 9.0.31-1~deb10u6.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 9.0.43-2~deb11u2.

- -

Vi anbefaler at du opgraderer dine tomcat9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tomcat9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tomcat9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4986.data" diff --git a/danish/security/2021/dsa-4987.wml b/danish/security/2021/dsa-4987.wml deleted file mode 100644 index 2624293af6f..00000000000 --- a/danish/security/2021/dsa-4987.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="75db51116e3e1517bac6af6033ec38e988b46653" mindelta="1" -sikkerhedsopdatering - -

Richard Weinberger rapporterede at unsquashfs i squashfs-tools, værktøjerne -til at oprette og udpakke Squashfs-filsystemer, ikke kontrollerede for -duplikerede filnavne i en mappe. En angriber kunne drage nytte af fejlen til -at skrive til vilkårlige filer på filsystemet, hvis et misdannet -Squashfs-filaftryk blev behandlet.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1:4.3-12+deb10u2.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1:4.4-2+deb11u2.

- -

Vi anbefaler at du opgraderer dine squashfs-tools-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende squashfs-tools, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/squashfs-tools

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4987.data" diff --git a/danish/security/2021/dsa-4988.wml b/danish/security/2021/dsa-4988.wml deleted file mode 100644 index 1919348b5f3..00000000000 --- a/danish/security/2021/dsa-4988.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="6940e240daafc70abfffda0a32c4ffe5cd80c3b7" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer blev opdaget i LibreOffices understøttelse af digitale -signaturer i ODF-dokumenter, hvilket kunne medføre at der blev vist ukorrekte -signaturindikatorer/-tidsstemplinger.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:7.0.4-4+deb11u1.

- -

Vi anbefaler at du opgraderer dine libreoffice-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libreoffice, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libreoffice

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4988.data" diff --git a/danish/security/2021/dsa-4989.wml b/danish/security/2021/dsa-4989.wml deleted file mode 100644 index ba30e8c5769..00000000000 --- a/danish/security/2021/dsa-4989.wml +++ /dev/null @@ -1,50 +0,0 @@ -#use wml::debian::translation-check translation="21199125ec27fcc04d1d656a9f0bf8050249091a" mindelta="1" -sikkerhedsopdatering - -

Efterforskere hos United States of America National Security Agency (NSA) -opdagede to lammelsesangrebssårbarheder i strongSwan, en IKE/IPsec-suite.

- -
    - -
  • CVE-2021-41990 - -

    RSASSA-PSS-signaturer hvis parametre definerer en meget høj salt-længde, - kunne udløse et heltalsoverløb, som kunne føre til en segmenteringsfejl.

    - -

    Generering af en signatur, der omgår padding-tjekket til at udløse - nedbrudet, kræver adgang til den private nøgle, som signerede certifikatet. - Dog behøver der ikke at være tillid til certifikatet. Da plugin'erne gmp og - openssl begge tjekker om et fortolket certifikat er selvsigneret (og - signaturen er gyldig), kan det for eksempel udløses af et ikke-relateret - selvsigneret CA-certifikat, sendt af en initiator.

    • - -
  • CVE-2021-41991 - -

    Når certifikatcachen i hukommelsen er fyldt op, prøver den på tilfældig - vis at erstatte mindre benyttede forekomster. Afhængigt af den genererede - tilfældige værdi, kunne det føre til et heltalsoverløb, som medfører en - double-dereference og et kald, som benytter hukommelse udenfor grænserne, - der sandsynligvis vil føre til en segmenteringsfejl.

    - -

    Fjernudførelse af kode kan ikke helt udelukkes, men angribere har ingen - kontrol over den dereferencerede hukommelse, så det virker usandsynligt på - nuværende tidspunkt.

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 5.7.2-1+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.9.1-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende strongswan, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/strongswan

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4989.data" diff --git a/danish/security/2021/dsa-4990.wml b/danish/security/2021/dsa-4990.wml deleted file mode 100644 index 96139a2c69c..00000000000 --- a/danish/security/2021/dsa-4990.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="4607ef3304c90d4fadda6bdfb2b1323235095d09" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i multimedieframeworket FFmpeg, hvilke kunne -medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis -misdannede filer/streams blev behandlet.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 7:4.1.8-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ffmpeg, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ffmpeg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4990.data" diff --git a/danish/security/2021/dsa-4991.wml b/danish/security/2021/dsa-4991.wml deleted file mode 100644 index a78425025f3..00000000000 --- a/danish/security/2021/dsa-4991.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="4005def0be888471b5b0a3c2dcb6b210215b600e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i mailman, et webbaseret program til -håndtering af postlister, hvilke kunne medføre indsprøjtning af vilkårlig -indehold gennem indstillingerne og private arkivers loginside, samt -CSRF-angreb eller rettighedsforøgelse gennem brugerindstillingssiden.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:2.1.29-1+deb10u2.

- -

Vi anbefaler at du opgraderer dine mailman-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mailman, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mailman

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4991.data" diff --git a/danish/security/2021/dsa-4992.wml b/danish/security/2021/dsa-4992.wml deleted file mode 100644 index 304909a3e9c..00000000000 --- a/danish/security/2021/dsa-4992.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="e30d8c3e3eef4666bd00fe1c0c37858f8c661b22" mindelta="1" -sikkerhedsopdatering - -

En læsning udenfor grænserne og skrivefejl blev opdaget i PHP-FPM-koden, -hvilken kunne medføre rettighedsforøgelse fra en lokal upriviligeret bruger til -root-brugeren.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 7.4.25-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine php7.4-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.4, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/php7.4

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4992.data" diff --git a/danish/security/2021/dsa-4993.wml b/danish/security/2021/dsa-4993.wml deleted file mode 100644 index a4781ba2219..00000000000 --- a/danish/security/2021/dsa-4993.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="3a2f5ef0438fa1cf46172b24d12c79dc3c62b89e" mindelta="1" -sikkerhedsopdatering - -

En læsning udenfor grænserne og skrivefejl blev opdaget i PHP-FPM-koden, -hvilken kunne medføre rettighedsforøgelse fra en lokal upriviligeret bruger til -root-brugeren.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 7.3.31-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine php7.3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.3, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/php7.3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4993.data" diff --git a/danish/security/2021/dsa-4994.wml b/danish/security/2021/dsa-4994.wml deleted file mode 100644 index ad56588d107..00000000000 --- a/danish/security/2021/dsa-4994.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="acb43b2fa87aa8f8184583d892758460fd5b2d7a" mindelta="1" -sikkerhedsopdatering - -

Kishore Kumar Kothapalli opdagede at lameservercachen i BIND, en -DNS-serverimplementering, kunne misbruges af en angriber til i betydelig grad at -forrige resolverens ydeevne, medførende lammelsesangreb (store forsinkelser i -svar til klientforespørgsler og DNS-timeouts på klientværter).

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1:9.11.5.P4+dfsg-5.1+deb10u6.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1:9.16.22-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bind9, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/bind9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4994.data" diff --git a/danish/security/2021/dsa-4995.wml b/danish/security/2021/dsa-4995.wml deleted file mode 100644 index fe46e5b53e8..00000000000 --- a/danish/security/2021/dsa-4995.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="75b99797a7e35c030fc904a603d0d4186d4c5ac4" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2021-30846 - -

    Sergei Glazunov opdagede at behandling af ondsindet fremstillet - webindhold kunne føre udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30851 - -

    Samuel Gross opdagde at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af kode.

    • - -
  • CVE-2021-42762 - -

    En anonym rapportør opdagede en begrænset omgåelse af - Bubblewrap-sandkassen, hvilket gjorde det muligt for en proces i en - sandkasse, at narre værtsprocesser til at tro, at sandkasseprocessen i er - indespærret.

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.34.1-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.34.1-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4995.data" diff --git a/danish/security/2021/dsa-4996.wml b/danish/security/2021/dsa-4996.wml deleted file mode 100644 index 0e8ffbe6bdc..00000000000 --- a/danish/security/2021/dsa-4996.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="aa19ff999725f523db6dc8b014344e56842f0971" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren wpewebkit:

- -
    - -
  • CVE-2021-30846 - -

    Sergei Glazunov opdagede at behandling af ondsindet fremstillet - webindhold kunne føre udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30851 - -

    Samuel Gross opdagde at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af kode.

    • - -
  • CVE-2021-42762 - -

    En anonym rapportør opdagede en begrænset omgåelse af - Bubblewrap-sandkassen, hvilket gjorde det muligt for en proces i en - sandkasse, at narre værtsprocesser til at tro, at sandkasseprocessen i er - indespærret.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.34.1-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine wpewebkit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpewebkit, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpewebkit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4996.data" diff --git a/danish/security/2021/dsa-4997.wml b/danish/security/2021/dsa-4997.wml deleted file mode 100644 index 3061d035104..00000000000 --- a/danish/security/2021/dsa-4997.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="747da94acf47593b687d2fb72698fd771d1668c3" mindelta="1" -sikkerhedsopdatering - -

En fejl blev opdaget i tiff, et Tag Image File Format-bibliotek, hvilken -kunne medføre lammelsesangreb eller udførelse af vilkårlig kode, hvis -misdannede billedfiler blev behandlet.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 4.1.0+git191117-2~deb10u3.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tiff, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/tiff

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4997.data" diff --git a/danish/security/2021/dsa-4998.wml b/danish/security/2021/dsa-4998.wml deleted file mode 100644 index 26abf6fb241..00000000000 --- a/danish/security/2021/dsa-4998.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="143b481bcfa64906a8adcf9e8119f19c773582bb" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i multimedieframeworket FFmpeg, hvilke kunne -medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis -misdannede filer/streams blev behandlet.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 7:4.3.3-0+deb11u1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ffmpeg, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ffmpeg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4998.data" diff --git a/danish/security/2021/dsa-4999.wml b/danish/security/2021/dsa-4999.wml deleted file mode 100644 index 2130e6fff06..00000000000 --- a/danish/security/2021/dsa-4999.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="2faa27a8931d8ab518a786261a0f7370276b3c09" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Asterisk, et open source-PBX- og --telefoniværktøjssæt, hvilke kunne medføre lammelsesangreb.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:16.16.1~dfsg-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine asterisk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende asterisk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/asterisk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-4999.data" diff --git a/danish/security/2021/dsa-5000.wml b/danish/security/2021/dsa-5000.wml deleted file mode 100644 index f40b6682988..00000000000 --- a/danish/security/2021/dsa-5000.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="eaa51c821c659ec1f1e15e1402bd740b75fa5c44" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, hvilke kunne medføre -lammelsesangreb, ukorrekt anvendelse af Kerberos-ticket, valg af svage ciphers -eller informationsafsløring.

- -

Den gamle stabile distribution (buster), har brug for yderlige opdateringer, -for at blive i stand til at opbygge 11.0.13. En opdatering vil blive stillet -til rådighed gennem en opfølgende bulletin.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 11.0.13+8-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine openjdk-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5000.data" diff --git a/danish/security/2021/dsa-5001.wml b/danish/security/2021/dsa-5001.wml deleted file mode 100644 index cb51126399e..00000000000 --- a/danish/security/2021/dsa-5001.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="5fc26377337281b40c5a05fdb69ec2278831a18e" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Redis, en persistent -key-value-database, hvilke kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 5:5.0.14-1+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5:6.0.16-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine redis-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende redis, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/redis

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5001.data" diff --git a/danish/security/2021/dsa-5002.wml b/danish/security/2021/dsa-5002.wml deleted file mode 100644 index 280aaff5e75..00000000000 --- a/danish/security/2021/dsa-5002.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="f42a59628807fcc3f52ba48f3ea922838a8e1ee6" mindelta="1" -sikkerhedsopdatering - -

En fejl blev opdaget i containerd, en åben og pålidelig containerruntime. -Utilstrækkeligt begrænsede rettigheder i container-root og i plugin-mapper, -kunne medføre en rettighedsforøgelse.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.4.5~ds1-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine containerd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende containerd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/containerd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5002.data" diff --git a/danish/security/2021/dsa-5003.wml b/danish/security/2021/dsa-5003.wml deleted file mode 100644 index 5fc77e3310d..00000000000 --- a/danish/security/2021/dsa-5003.wml +++ /dev/null @@ -1,74 +0,0 @@ -#use wml::debian::translation-check translation="fe8a2087097d88ffc91293a2c8530e551b714fce" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Samba, en SMB/CIFS-fil-, print- og -loginserver til Unix.

- -
    - -
  • CVE-2016-2124 - -

    Stefan Metzmacher rapporterede at SMB1-klientforbindelse kunne - nedgraderes til ren tekst-autentifikation.

    • - -
  • CVE-2020-25717 - -

    Andrew Bartlett rapporterede at Samba kunne mappe domænebrugere til - lokale brugere på en uønsket måde, hvilket muliggjorde rettighedsforøgelse. - Opdateringen indfører et nyt parameter min domain uid (som standard - sat til 1000), for ikke at acceptere en UNIX-uid under denne værdi.

    • - -
  • CVE-2020-25718 - -

    Andrew Bartlett rapporterede at Samba som AD DC, når kombineret med en - RODC, ikke bekræftede hvorvidt RODC'en havde tilladelse til at udskrive en - ticket for den bruger, hvilket gjorde det muligt for en RODC at udskrive - administratortickets.

    • - -
  • CVE-2020-25719 - -

    Andrew Bartlett rapporterede at Samba som AD DC, ikke altid stolede på - SID'en og PAC i Kerberos-tickets, og kunne blive forvirret vedrørende den - bruger, en ticket repræsenterer. Hvis en priviligeret konto blev angrebet, - kunne det føre til en total domænekompromittering.

    • - -
  • CVE-2020-25721 - -

    Andrew Bartlett rapporterede at Samba som AD DC, ikke stillede en måde - til rådighed for Linux-applikationer til at få adgang til en pålidelig SID - (og samAccountName) i ustedte tickets.

    • - -
  • CVE-2020-25722 - -

    Andrew Bartlett rapporterede at Samba som AD DC, ikke foretog - tilstrækkelig adgangs- og overensstemmelseskontrol af opbevarede data, som - potentielt muliggjorde en totalt domænekompromittering.

    • - -
  • CVE-2021-3738 - -

    William Ross rapporterede at Samba AD DC's RPC-server kunne anvende - hukommelse, som var frigivet når en under-forbindelse var lukket, medførende - lammelsesangreb og potentielt rettighedsforøgelse.

    • - -
  • CVE-2021-23192 - -

    Stefan Metzmacher rapporterede at hvis en klient til en Samba-server - sendte en meget stor DCE/RPC-forespørgsel, og valgte at fragmentere den, - kunne en angriber erstatte senere fragementer med deres egne data, og dermed - omgå signaturkrav.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2:4.13.13+dfsg-1~deb11u2.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende samba, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/samba

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5003.data" diff --git a/danish/security/2021/dsa-5004.wml b/danish/security/2021/dsa-5004.wml deleted file mode 100644 index ef6b5a89fc6..00000000000 --- a/danish/security/2021/dsa-5004.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="9021424ee668597a5b8130c5d1bb387ddc66dac3" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder er opdaget i XStream, et Java-bibliotek til -serialisering af objekter til XML, og tilbage igen.

- -

Sårbarhederne kunne gøre det muligt for en fjernangriber at indlæse og -udføre vilkårlig kode fra en fjern vært, kun ved at manipulere med den -behandlede inddatastream.

- -

XStream selv opsætter nu som standard en whitelist, dvs. den blokerer alle -klasser bortset fra de typer, den har eksplicitte converters for. Den havde -tidligere som standard en blacklist, dvs. den prøvede at blokere alle pt. -kendte kritiske klasse hørende til Javas runtime. Den primære årsag til -blacklisten var kompatibilitet, da det dermed var muligt uden videre at benytte -nyere versioner af XStream som erstatning. Men den tilgang har fejlet. En -voksende liste over sikkerhedsrapporter har vist, at en blackliste generelt er -usikker, bortset fra det faktum at former af tredjepartsbiblioteker end ikke var -taget i betragtning. Et blacklistscenraie bør generelt undgås, da det giver en -falsk følelse af sikkerhed.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1.4.11.1-1+deb10u3.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1.4.15-3+deb11u1.

- -

Vi anbefaler at du opgraderer dine libxstream-java-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libxstream-java, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libxstream-java

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5004.data" diff --git a/danish/security/2021/dsa-5005.wml b/danish/security/2021/dsa-5005.wml deleted file mode 100644 index 45f9237a0a0..00000000000 --- a/danish/security/2021/dsa-5005.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ec38d900248faa6f08d73c514fd79001559169f6" mindelta="1" -sikkerhedsopdatering - -

En sikkerhedssårbarhed er fundet i Kaminari, en sideinddelingsmotorplugin til -Rails 3+ og andre moderne frameworks, som kunne gøre det muligt for en angriber -at indsprøjte vilkårlig kode ind i sider med sideinddelingslinks.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1.0.1-4+deb10u1.

- -

Vi anbefaler at du opgraderer dine ruby-kaminari-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby-kaminari, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby-kaminari

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5005.data" diff --git a/danish/security/2021/dsa-5006.wml b/danish/security/2021/dsa-5006.wml deleted file mode 100644 index 628343e679f..00000000000 --- a/danish/security/2021/dsa-5006.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="d9169c6ccc89dcf0f717ca923d5518500d4c20db" mindelta="1" -sikkerhedsopdatering - -

Jacob Champion opdagede to sårbarheder i databasesystemet i PostgreSQL, -hvilke kunne medføre manden i midten-angreb.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 11.14-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine postgresql-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende postgresql-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/postgresql-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5006.data" diff --git a/danish/security/2021/dsa-5007.wml b/danish/security/2021/dsa-5007.wml deleted file mode 100644 index da0f852ff81..00000000000 --- a/danish/security/2021/dsa-5007.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="b456611dfadc3611f1de4e4f707f10f789381ae9" mindelta="1" -sikkerhedsopdatering - -

Jacob Champion opdagede to sårbarheder i databasesystemet i PostgreSQL, -hvilke kunne medføre manden i midten-angreb.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 13.5-0+deb11u1.

- -

Vi anbefaler at du opgraderer dine postgresql-13-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende postgresql-13, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/postgresql-13

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5007.data" diff --git a/danish/security/2021/dsa-5008.wml b/danish/security/2021/dsa-5008.wml deleted file mode 100644 index 1580c6f0eee..00000000000 --- a/danish/security/2021/dsa-5008.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b34649a5e021b8b0d15395efec2032243d1606a0" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at symlinkudpakningsbeskyttelser i node-tar, et Tar-arkivmodul -til Node.js kunne omgås, hvilket gjorde det muligt for et ondsindet Tar-arkiv -at symlinke ind på en vilkårlig placering.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 6.0.5+ds1+~cs11.3.9-1+deb11u2.

- -

Vi anbefaler at du opgraderer dine node-tar-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende node-tar, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/node-tar

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5008.data" diff --git a/danish/security/2021/dsa-5009.wml b/danish/security/2021/dsa-5009.wml deleted file mode 100644 index e2209e0dee8..00000000000 --- a/danish/security/2021/dsa-5009.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="65cceff6a6a0c79b613460bda15cf81d0fb25736" mindelta="1" -sikkerhedsopdatering - -

Apache Tomcat, servlet- og JSP-motoren, frigav ikke på korrekt vis en -HTTP-opgraderingsforbindelse til WebSocket-forbindelse, når -WebSocket-forbindelse blev lukket. Det medførte en hukommelseslækage som over -tid kunne føre til lammelsesangreb gennem en OutOfMemoryError.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 9.0.43-2~deb11u3.

- -

Vi anbefaler at du opgraderer dine tomcat9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tomcat9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tomcat9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5009.data" diff --git a/danish/security/2021/dsa-5010.wml b/danish/security/2021/dsa-5010.wml deleted file mode 100644 index b32c008521d..00000000000 --- a/danish/security/2021/dsa-5010.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="de5ab3891d2149f7bb025f181e7f3500a0a61350" mindelta="1" -sikkerhedsopdatering - -

Apache Santuario, XML-sikkerhed til Java, var sårbar over for et problem hvor -egenskaben secureValidation ikke blev overført korrekt, når der oprettes -et KeyInfoReference-element. Dermed kunne en angriber misbruge en XPath -Transform til at udpakke enhver lokal .xml-fil i et RetrievalMethod-element.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.0.10-2+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.0.10-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine libxml-security-java-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libxml-security-java, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libxml-security-java

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5010.data" diff --git a/danish/security/2021/dsa-5011.wml b/danish/security/2021/dsa-5011.wml deleted file mode 100644 index 76475a7760b..00000000000 --- a/danish/security/2021/dsa-5011.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="a824d864ceaa1058ff1527a86c6c43c6840b1bda" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder er opdaget i Salt, et ydedygtigt program til -håndtering af fjernudførelse, hvilke muliggjorde lokal rettighedsforøgelse på en -minion, angreb i forbindelse med indsprøjtning af skabeloner på serversiden, -utilstrækkelige kontroller af eauth-loginoplysninger, samt shell- og -kommandoindsprøjtninger eller ukorrekt validering af SSL-certifikater.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2018.3.4+dfsg1-6+deb10u3.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 3002.6+dfsg1-4+deb11u1.

- -

Vi anbefaler at du opgraderer dine salt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende salt, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/salt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5011.data" diff --git a/danish/security/2021/dsa-5012.wml b/danish/security/2021/dsa-5012.wml deleted file mode 100644 index aa511bef3c8..00000000000 --- a/danish/security/2021/dsa-5012.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="48a161a1b23b792cab2604c9c3281073297888c3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, hvilke kunne medføre -lammelsesangreb, ukorrekt anvendelse af Kerberos-ticket, valg af svage ciphers -eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 17.0.1+12-1+deb11u2.

- -

Vi anbefaler at du opgraderer dine openjdk-17-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-17, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-17

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5012.data" diff --git a/danish/security/2021/dsa-5013.wml b/danish/security/2021/dsa-5013.wml deleted file mode 100644 index 0cb4293c40a..00000000000 --- a/danish/security/2021/dsa-5013.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="0978a0ed7933d0eda7dc2623d6f930ed8af03998" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at roundcube, en temaunderstøttende AJAX-baseret -webmailløsning til IMAP-servere, ikke på korrekt vis rensede forespørgsler og -mailmeddelelser. Dermed var det muligt for en angriber at udføre skripter på -tværs af websteder (XXS) eller foretage SQL-indsprøjtning.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1.3.17+dfsg.1-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1.4.12+dfsg.1-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine roundcube-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende roundcube, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/roundcube

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5013.data" diff --git a/danish/security/2021/dsa-5014.wml b/danish/security/2021/dsa-5014.wml deleted file mode 100644 index 2160796719e..00000000000 --- a/danish/security/2021/dsa-5014.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="cae1864d7d4fc68fc959a1e8b5f4d72a7228bb82" mindelta="1" -sikkerhedsopdatering - -

Rongxin Wu opdagede en sårbarhed i forbindelse med anvendelse efter -frigivelse i biblioteket International Components for Unicode (ICU), hvilke -kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 63.1-6+deb10u2.

- -

Vi anbefaler at du opgraderer dine icu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende icu, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/icu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5014.data" diff --git a/danish/security/2021/dsa-5015.wml b/danish/security/2021/dsa-5015.wml deleted file mode 100644 index 299d85460f3..00000000000 --- a/danish/security/2021/dsa-5015.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="65a9c27818db1c1e093dd5651ca3c518685e3224" mindelta="1" -sikkerhedsopdatering - -

Andrew Bartlett opdagede at Samba, SMB/CIFS-fil-, print- og loginserver til -Unix, kunne omsætte domænebrugere til lokale brugere på en uønsket måde. Dermed -kunne en bruger i et AD-domæne potentielt få rootadgang på domænemedlemmer.

- -

Et nyt parameter min domain uid (standardværdi 1000), er tilføjet for -at angive den minimale uid, som er tilladt ved omsætning af en lokal konto til -en domænekonto.

- -

Yderligere oplysninger og omgåelser, finder man i opstrøms bulletin - -https://www.samba.org/samba/security/CVE-2020-25717.html

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2:4.9.5+dfsg-5+deb10u2. Desuden afhjælper denne opdatering -\ -CVE-2020-25722. Desværre er de krævede ændringer til at rette -yderligere CVE'er, der påvirker Samba som en AD-kompatibel domaincontroller, for -omfattende til at kunne tilbageføres. Folk der anvender Samba som en -AD-kompatibel domaincontroller, opfordres til at migrere til Debian bullseye. -Gældende fra dette tidspunkt, er opsætninger med en AD-domaincontroller ikke -længere understøttet i den gamle stabile udgave af Debian.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende samba, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/samba

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5015.data" diff --git a/danish/security/2021/dsa-5016.wml b/danish/security/2021/dsa-5016.wml deleted file mode 100644 index ce800dbf5b3..00000000000 --- a/danish/security/2021/dsa-5016.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="bec9327796d636f42b06f9d3bbbe0a0eecc68262" mindelta="1" -sikkerhedsopdatering - -

Tavis Ormandy opdagede at nss, biblioteket Mozilla Network Security Service, -var sårbart over for en heapoverløbsfejl når DSA- eller RSA-PPS-signaturer blev -kontrolleret, hvilket kunne medføre lammelsesangreb eller potentielt udførelse -af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2:3.42.1-1+deb10u4.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2:3.61-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nss, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/nss

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5016.data" diff --git a/danish/security/2021/dsa-5017.wml b/danish/security/2021/dsa-5017.wml deleted file mode 100644 index 192b42edbf6..00000000000 --- a/danish/security/2021/dsa-5017.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="72c38abeff9fbb535658a1f775598189153d7422" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisoren Xen, hvilke kunne medføre -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -

I den stabile distribution (bullseye), er disse problemer rettet i version -4.14.3+32-g9de3671772-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5017.data" diff --git a/danish/security/2021/dsa-5018.wml b/danish/security/2021/dsa-5018.wml deleted file mode 100644 index ef98bea7474..00000000000 --- a/danish/security/2021/dsa-5018.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ea73768d2c051fae750eca050014135490fdac05" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at manglende rensning af inddata i Babel, et sæt værktøjer til -internationalisering af Python-applikationer, kunne medføre udførelse af -vilkårlig kode.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.6.0+dfsg.1-1+deb10u1.

- -

Vi anbefaler at du opgraderer dine python-babel-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-babel, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-babel

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5018.data" diff --git a/danish/security/2021/dsa-5019.wml b/danish/security/2021/dsa-5019.wml deleted file mode 100644 index 16863d0f3bd..00000000000 --- a/danish/security/2021/dsa-5019.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="b7c8b9a5c35723abe247722cb4719de19f504f77" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Wireshark, et program til -netværksprotokolanalysering, hvilke kunne medføre lammelsesangreb eller -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er -\ -CVE-2021-39925 rettet i version 2.6.20-0+deb10u2.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 3.4.10-0+deb11u1.

- -

Vi anbefaler at du opgraderer dine wireshark-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wireshark, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wireshark

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5019.data" diff --git a/danish/security/2021/dsa-5020.wml b/danish/security/2021/dsa-5020.wml deleted file mode 100644 index 9bbed1184e1..00000000000 --- a/danish/security/2021/dsa-5020.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="9d48707cc1410dc9bc5673e6b67304a923f19557" mindelta="1" -sikkerhedsopdatering - -

Chen Zhaojun fra Alibaba Cloud Security Team opdagede en kritisk -sikkerhedssårbarhed i Apache Log4j, et populært logningsframework til Java. -JNDI-funktioner anvendt i opsætningen, logmeddelelser og parametre beskytter -ikke mod angriberkontrolleret LDAP og andre JNDI-relaterede endpoints. En -angriber, der kan kontrollere logmeddelelser eller logmeddelelsesparametre, -kunne udføre vilkårlig kode indlæst fra LDAP-serverne, når erstatning af -meddelelsesopslag er aktiveret. Fra version 2.15.0 er denne virkemåde som -standard deaktiveret.

- -

Denne opdatering retter også -\ -CVE-2020-9488 i den gamle stabile distribution (buster). Ukorrekt -validering af certifikater med ikke overensstemmende vært i Apache Log4j -SMTP-appenderen. Det kunne være muligt at opsnappe en SMTPS-forbindelse af et -manden i midten-angreb, hvilket kunne lække enhver logmeddelelse, der er sendt -gennem denne appender.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.15.0-1~deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.15.0-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine apache-log4j2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende apache-log4j2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/apache-log4j2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5020.data" diff --git a/danish/security/2021/dsa-5021.wml b/danish/security/2021/dsa-5021.wml deleted file mode 100644 index 4924130e9b7..00000000000 --- a/danish/security/2021/dsa-5021.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="a12fa528db97a9eb77a097b657d4e437985b141a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er opdaget i MediaWiki, en webstedsmotor til -samarbejdsprojekter: Sårbarheder i mcrundo og rollback-handlinger kunne gøre -det muligt for en angriber, at lække indhold fra private wikier eller at omgå -redigeringsbegrænsninger.

- -

For yderligere oplysninger, se -\ -https://www.mediawiki.org/wiki/2021-12_security_release/FAQ

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:1.31.16-1+deb10u2.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:1.35.4-1+deb11u2.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mediawiki, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mediawiki

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5021.data" diff --git a/danish/security/2021/dsa-5022.wml b/danish/security/2021/dsa-5022.wml deleted file mode 100644 index de6500f4c56..00000000000 --- a/danish/security/2021/dsa-5022.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="9c44c7905cd7bbe6df67ff227e8eaec739c984bb" mindelta="1" -sikkerhedsopdatering - - -

Man opdagede at rettelsen til løsning af -\ -CVE-2021-44228 i Apache Log4j, et Logging Framework for Java, var -ufuldstændig i visse ikke-standard-opsætninger. Dermed kunne angribere med -kontrol over Thread Context Map-inddata (MDC), når logningsopsætningen -anvender et ikke-standard-Pattern Layout med enten en Context Lookup (for -eksempel, $${ctx:loginId}) eller et Thread Context Map-mønster (%X, %mdc, eller -%MDC) til at fabrikere ondsindede inddata ved hjælp af et JNDI Lookup-mønster, -medførende et lammelsesangreb (DOS).

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.16.0-1~deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.16.0-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine apache-log4j2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende apache-log4j2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/apache-log4j2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5022.data" diff --git a/danish/security/2021/dsa-5023.wml b/danish/security/2021/dsa-5023.wml deleted file mode 100644 index 55a99d08697..00000000000 --- a/danish/security/2021/dsa-5023.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="6985a8d0aaada0aa722663f5905b4d69a427a1b7" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at modsecurity-apache, et Apache-modul til opstramning af -webapplikationssikkerhed, ikke på korrekt vis håndterede overdrevet indlejring -af JSON-objekter, hvilket kunne medføre lammelsesangreb. Opdateringen indfører -en ny valgmulighed, SecRequestBodyJsonDepthLimit, til begrænsning af den -maksimale forespørgselskrop til JSON-fortolkningsdybde, hvilket ModSecurity -accepterer (standardindstillingen er 10000).

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.9.3-1+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.9.3-3+deb11u1.

- -

Vi anbefaler at du opgraderer dine modsecurity-apache-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende modsecurity-apache, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/modsecurity-apache

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5023.data" diff --git a/danish/security/2021/dsa-5024.wml b/danish/security/2021/dsa-5024.wml deleted file mode 100644 index e6345482dbc..00000000000 --- a/danish/security/2021/dsa-5024.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="940fc08f633277cc6ff94f3fee14caa4f9fbc736" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Apache Log4j2, et Logging Framework for Java, ikke beskyttede -mod ukontrolleret rekursion fra self-refererede opslag. Når logningsopsætningen -anvender et ikke-standard-Pattern Layout med en Context Lookup (for eksempel, -$${ctx:loginId}), angribere med kontrol over Thread Context Map-inddata (MDC), -kunne fabrikere ondsindede inddata, som indeholder et rekursivt opslag, -medførende et lammelsesangreb.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.17.0-1~deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.17.0-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine apache-log4j2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende apache-log4j2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/apache-log4j2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5024.data" diff --git a/danish/security/2021/dsa-5025.wml b/danish/security/2021/dsa-5025.wml deleted file mode 100644 index ddb0968b365..00000000000 --- a/danish/security/2021/dsa-5025.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="727d095ea7eda689dbdc7d41857727036c3ff25b" mindelta="1" -sikkerhedsopdatering - -

En fejl blev opdaget i tang, en netværksbaseret kryptografisk -bindningsserver, hvilken kunne medføre lækning af private nøgler.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 8-3+deb11u1.

- -

Vi anbefaler at du opgraderer dine tang-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tang, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tang

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5025.data" diff --git a/danish/security/2021/dsa-5026.wml b/danish/security/2021/dsa-5026.wml deleted file mode 100644 index 3ed4e4da827..00000000000 --- a/danish/security/2021/dsa-5026.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="d8db68fcc4a4ff36a9319a063d683c9b9c88f413" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode, -informationsafsløring eller spoofing.

- -

Debian følger udvidet support-udgivelser (ESR) af Firefox. Understøttelse af -78.x-serien er ophørt, så begyndende med denne opdatering følger vi nu -91.x-udgivelserne.

- -

Mellem 78.x og 91.x, har Firefox fået en række funktionalitetsopdateringer. -For flere oplysninger, se -\ -https://www.mozilla.org/en-US/firefox/91.0esr/releasenotes/

- -

I den gamle stabile distribution (buster) er en sidste toolchain-opdatering -nødvendig, opdaterede pakker vil snarest blive gjort tilgængelige som -91.4.1esr-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i version -91.4.1esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5026.data" diff --git a/danish/security/2021/dsa-5027.wml b/danish/security/2021/dsa-5027.wml deleted file mode 100644 index 01e4a0ed8d6..00000000000 --- a/danish/security/2021/dsa-5027.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="1247c638be96d994b95522b1d00c61e3e8eaf106" mindelta="1" -sikkerhedsopdatering - -

Jan-Niklas Sohn opdagede at flere inputvalideringsfejl i X server-udvidelser -til X.org X server, kunne medføre rettighedsforøgelse, hvis X server kører -priviligeret.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2:1.20.4-1+deb10u4.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2:1.20.11-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xorg-server, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xorg-server

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5027.data" diff --git a/danish/security/2021/dsa-5028.wml b/danish/security/2021/dsa-5028.wml deleted file mode 100644 index 5f32b8dd344..00000000000 --- a/danish/security/2021/dsa-5028.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="bcf25d0bd85d80e4218ddaf6912675cf451ad915" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at SPIP, en webstedsmotor til udgivelse, kunne gøre det muligt -for en ondsindet bruger at iværksætte udførelse af skripter på tværs af -websteder, samt SQL-indsprøjtningsangreb eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 3.2.4-1+deb10u5.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 3.2.11-3+deb11u1.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spip, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/spip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5028.data" diff --git a/danish/security/2021/dsa-5029.wml b/danish/security/2021/dsa-5029.wml deleted file mode 100644 index 67ff957ad8a..00000000000 --- a/danish/security/2021/dsa-5029.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="9affba03472dfd279216a03ac43114af016c70c9" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at manglende SAML-signaturvalidering i SOGo-groupware, kunne -medføre imitationsangreb.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 4.0.7-1+deb10u2.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 5.0.1-4+deb11u1.

- -

Vi anbefaler at du opgraderer dine sogo-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende sogo, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/sogo

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5029.data" diff --git a/danish/security/2021/dsa-5030.wml b/danish/security/2021/dsa-5030.wml deleted file mode 100644 index 44988778aa1..00000000000 --- a/danish/security/2021/dsa-5030.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="a63d5885999cb0ebcd57cd7691c5848b29c84c1a" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2021-30887 - -

    Narendra Bhati opdagede at behandling af ondsindet fremstillet - webindhold, kunne føre til uventet manglende håndhævelse af Content Security - Policy.

    • - -
  • CVE-2021-30890 - -

    En anonym efterforsker opdagede at behandling af ondsindet fremstillet - webindhold, kunne føre til universel udførelse af skripter på tværs af - servere.

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.34.3-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.34.3-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5030.data" diff --git a/danish/security/2021/dsa-5031.wml b/danish/security/2021/dsa-5031.wml deleted file mode 100644 index fc43d40471a..00000000000 --- a/danish/security/2021/dsa-5031.wml +++ /dev/null @@ -1,34 +0,0 @@ -#use wml::debian::translation-check translation="f7ba21acb500a5a8c8d9b9cf78d7d35375acd6c3" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren wpewebkit:

- -
    - -
  • CVE-2021-30887 - -

    Narendra Bhati opdagede at behandling af ondsindet fremstillet - webindhold, kunne føre til uventet manglende håndhævelse af Content Security - Policy.

    • - -
  • CVE-2021-30890 - -

    En anonym efterforsker opdagede at behandling af ondsindet fremstillet - webindhold, kunne føre til universel udførelse af skripter på tværs af - servere.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.34.3-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine wpewebkit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpewebkit, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpewebkit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5031.data" diff --git a/danish/security/2021/dsa-5032.wml b/danish/security/2021/dsa-5032.wml deleted file mode 100644 index 50c9aba2996..00000000000 --- a/danish/security/2021/dsa-5032.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="dd9d6577e171f81a45c018dd08b5e985595406a3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i djvulibre, et bibliotek og værktøjssæt til -håndtering af dokumenter i DjVu-formatet. En angriber kunne få -dokumentsfremvisere til at gå, samt muligvis udføre vilkårlig kode gennem -fabrikerede DjVu files.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 3.5.27.1-10+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 3.5.28-2.

- -

Vi anbefaler at du opgraderer dine djvulibre-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende djvulibre, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/djvulibre

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5032.data" diff --git a/danish/security/2021/dsa-5033.wml b/danish/security/2021/dsa-5033.wml deleted file mode 100644 index ccd790ab43e..00000000000 --- a/danish/security/2021/dsa-5033.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="2cc03ead8a7d64de93101afe75166b9cddea6966" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i FORT RPKI-validatoren, hvilke kunne -medføre lammelsesangreb eller mappegennemløb.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1.5.3-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine fort-validator-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende fort-validator, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/fort-validator

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2021/dsa-5033.data" diff --git a/danish/security/2021/index.wml b/danish/security/2021/index.wml deleted file mode 100644 index cc457829a82..00000000000 --- a/danish/security/2021/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="6924311eff583467dfc63d4affd3eca6c37ec5be" -Sikkerhedsbulletiner fra 2021 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2021', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2022/Makefile b/danish/security/2022/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2022/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2022/dsa-5034.wml b/danish/security/2022/dsa-5034.wml deleted file mode 100644 index 948efebd927..00000000000 --- a/danish/security/2022/dsa-5034.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="41d737ee7c1756a17389f46a514bbf109193ecd1" mindelta="1" -sikkerhedsopdatering - -

Multiple sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne medføre -udførelse af vilkårlig kode, spoofing, informationsafsløring, -nedgraderingsangreb på SMTP STARTTLS-forbindelser eller misvisende visning af -OpenPGP/MIME-signaturer.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:91.4.1-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:91.4.1-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5034.data" diff --git a/danish/security/2022/dsa-5035.wml b/danish/security/2022/dsa-5035.wml deleted file mode 100644 index 07761969b0c..00000000000 --- a/danish/security/2022/dsa-5035.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="9c86c2cbe8b155155d63f34caca3d7d55c073157" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder er opdaget i Apaches HTTP-server:

- -
    - -
  • CVE-2021-44224 - -

    Når den kører som en forward proxy, var Apache afhængig af en opsætning, - der var sårbar over for lammelsesangreb eller forfalskning af forespørgsler - på serversiden.

    • - -
  • CVE-2021-44790 - -

    Et bufferoverløb i mod_lua kunne medføre lammelsesangreb eller potentielt - udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.4.38-3+deb10u7.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.4.52-1~deb11u2.

- -

Vi anbefaler at du opgraderer dine apache2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende apache2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/apache2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5035.data" diff --git a/danish/security/2022/dsa-5036.wml b/danish/security/2022/dsa-5036.wml deleted file mode 100644 index e78c444a7ad..00000000000 --- a/danish/security/2022/dsa-5036.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="7cc455fab1d664d94d15ad7ab292fca0b815ff47" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at sphinxsearch, en hurtig, alenestående -fuldteksts-SQL-søgemaskine, kunne medføre at vilkårlig filer kunne læses ved at -misbruge en opsætningsindstilling.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.2.11-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine sphinxsearch-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende sphinxsearch, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/sphinxsearch

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5036.data" diff --git a/danish/security/2022/dsa-5037.wml b/danish/security/2022/dsa-5037.wml deleted file mode 100644 index 3e0768c17e2..00000000000 --- a/danish/security/2022/dsa-5037.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="bdbd7a99a5b0f2dbae38f9cd77f0a965dcd58d62" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at roundcube, en temaunderstøttende AJAX-baseret -webmailløsning til IMAP-servere, ikke på korrekt vis rensede HTML-meddelelser. -Dermed var det muligt for en angriber at udføre skripter på tværs af websteder -(XSS).

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1.3.17+dfsg.1-1~deb10u2.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.4.13+dfsg.1-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine roundcube-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende roundcube, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/roundcube

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5037.data" diff --git a/danish/security/2022/dsa-5038.wml b/danish/security/2022/dsa-5038.wml deleted file mode 100644 index 56369e75ed3..00000000000 --- a/danish/security/2022/dsa-5038.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="079895a0f363c4aa3b0b21cf7612e1d246660b0b" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Ghostscript, -GPL-PostScript-/PDF-fortolkeren, hvilke kunne medføre lammelsesangreb og -potentielt udførelse af vilkårlig kode, hvis misdannede dokumentfiler blev -behandlet.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 9.27~dfsg-2+deb10u5.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 9.53.3~dfsg-7+deb11u2.

- -

Vi anbefaler at du opgraderer dine ghostscript-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ghostscript, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ghostscript

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5038.data" diff --git a/danish/security/2022/dsa-5039.wml b/danish/security/2022/dsa-5039.wml deleted file mode 100644 index e6283ab2619..00000000000 --- a/danish/security/2022/dsa-5039.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="b814dd560e85acc3f0359e83d631521fcae9c5c5" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Wordpress, et webbloggingværktøj. De gjorde -det muligt for fjernangribere at udføre SQL-indsprøjtning, køre ukontrollede -SQL-forespørgsler, omgå hardening eller udføre skripter på tværs af websteder -(XSS).

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 5.0.15+dfsg1-0+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.7.5+dfsg1-0+deb11u1.

- -

Vi anbefaler at du opgraderer dine wordpress-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wordpress, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wordpress

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5039.data" diff --git a/danish/security/2022/dsa-5040.wml b/danish/security/2022/dsa-5040.wml deleted file mode 100644 index 84d653384b9..00000000000 --- a/danish/security/2022/dsa-5040.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="4137e6714a1e9e39cd27261e90e9f6c024fe54ff" mindelta="1" -sikkerhedsopdatering - -

En hukommelsestilgang udenfor grænserne blev opdaget i plugin'en -mod_extforward i webserveren lighttpd, hvilke kunne medføre lammelsesangreb.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1.4.53-4+deb10u2.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.4.59-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine lighttpd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lighttpd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lighttpd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5040.data" diff --git a/danish/security/2022/dsa-5041.wml b/danish/security/2022/dsa-5041.wml deleted file mode 100644 index e342c3db8d0..00000000000 --- a/danish/security/2022/dsa-5041.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="3a1ed38b78d4d5aba5c83425ac804fe1440e831a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Cloudflares RPKI-validator, hvilke -kunne medføre lammelsesangreb eller mappegennemløb.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1.4.2-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine cfrpki-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende cfrpki, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/cfrpki

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5041.data" diff --git a/danish/security/2022/dsa-5042.wml b/danish/security/2022/dsa-5042.wml deleted file mode 100644 index 1fd4a66360e..00000000000 --- a/danish/security/2022/dsa-5042.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="c5a3aa016e5a4298ce993d64ce0a286b023535da" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Epiphany, GNOMEs webbrowser, som muliggjorde -XSS-angreb under visse omstændigheder.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 3.38.2-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine epiphany-browser-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende epiphany-browser, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/epiphany-browser

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5042.data" diff --git a/danish/security/2022/dsa-5043.wml b/danish/security/2022/dsa-5043.wml deleted file mode 100644 index 25bd187b005..00000000000 --- a/danish/security/2022/dsa-5043.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="b39262f3ea5c85a070025d1e1cb9a028cea515ac" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at lxml, en Python-binding til bibliotekterne libxml2 og libxsl, -ikke på korrekt vis rensede sine inddata, hvilke kunne føre til udførelse af -skripter på tværs af websteder.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 4.3.2-1+deb10u4.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 4.6.3+dfsg-0.1+deb11u1.

- -

Vi anbefaler at du opgraderer dine lxml-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lxml, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/lxml

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5043.data" diff --git a/danish/security/2022/dsa-5044.wml b/danish/security/2022/dsa-5044.wml deleted file mode 100644 index a269ff958f8..00000000000 --- a/danish/security/2022/dsa-5044.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="75e623bf591f4d7955df1ed8b0fd7c11f7eb8b12" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode, -informationsafsløring, lammelsesangreb eller spoofing.

- -

I den gamle stabile distribution (buster), er disse problemer rettet i -version 91.5.0esr-1~deb10u1. Alle arkitekturer er endnu ikke tilgængelige -i den gamle stabile distribution, blandt andre i386 (32-bit x86) mangler.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 91.5.0esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5044.data" diff --git a/danish/security/2022/dsa-5045.wml b/danish/security/2022/dsa-5045.wml deleted file mode 100644 index 46f8bb122ea..00000000000 --- a/danish/security/2022/dsa-5045.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="f3561e47ef9bd1209c6cee0d4e06add878af50ae" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre lammelsesangreb eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:91.5.0-2~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:91.5.0-2~deb11u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5045.data" diff --git a/danish/security/2022/dsa-5046.wml b/danish/security/2022/dsa-5046.wml deleted file mode 100644 index 9562f367607..00000000000 --- a/danish/security/2022/dsa-5046.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="ca34b7cab41b26e579a48350e1f2d79ffe26735f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den gamle stabile distribution (buster), er sikkerhedsunderstøttelse af -Chromium ophørt på grund af toolchain-problem, så det ikke længere er muligt at -opbygge aktuelle Chromium-udgaver på buster. Du kan enten opgradere til den -stabile udgave (bullseye) eller skifte til en browser, der stadig modtager -sikkerhedsunderstøttelse i buster (firefox-esr eller browsere baseret på -webkit2gtk).

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 97.0.4692.71-0.1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5046.data" diff --git a/danish/security/2022/dsa-5047.wml b/danish/security/2022/dsa-5047.wml deleted file mode 100644 index 19f7a04b868..00000000000 --- a/danish/security/2022/dsa-5047.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="1761475d76a9f879e8130429fda66118ae4f87b3" mindelta="1" -sikkerhedsopdatering - -

Matthew Wild opdagede at WebSockets-koden i Prosody, en -letvægts-Jabber/XMPP-server, var sårbar over for lammelsesangreb.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 0.11.2-1+deb10u3.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 0.11.9-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine prosody-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende prosody, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/prosody

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5047.data" diff --git a/danish/security/2022/dsa-5048.wml b/danish/security/2022/dsa-5048.wml deleted file mode 100644 index cdcf366136d..00000000000 --- a/danish/security/2022/dsa-5048.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="34a89a0561594ca4a7741b3c3ead5e0688be90c4" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at implementeringen af libreswan IPsec kunne tvinges til at gå -ned eller genstarte gennem en misdannet IKEv1-pakke, medførende -lammelsesangreb.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 4.3-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine libreswan-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libreswan, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libreswan

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5048.data" diff --git a/danish/security/2022/dsa-5049.wml b/danish/security/2022/dsa-5049.wml deleted file mode 100644 index 0ae5e5ff80a..00000000000 --- a/danish/security/2022/dsa-5049.wml +++ /dev/null @@ -1,39 +0,0 @@ -#use wml::debian::translation-check translation="f95c4fb5cb2a56eaf77f41eba98c0ac87fd478ec" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Flatpak, et applikationsudrulningsframework -til skrivebordsapplikationer.

- -
    - -
  • CVE-2021-43860 - -

    Ryan Gonzalez opdagede at Flatpak ikke på korrekt vis validerede om - rettighederne, der vises for en bruger vedrørende en applikation på - installeringstidspunktet, svarer til de faktiske rettigheder, som er tildelt - applikationen på kørselstidspunktet. Ondsindede applikationer kunne derfor - tildele sig selv rettigheder, uden brugerens samtykke.

    • - -
  • CVE-2022-21682 - -

    Flatpak forhindrede ikke altid en ondsindet bruger af flatpak-builder i - at skrive til det lokale filsystem.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet -i version 1.10.7-0+deb11u1.

- -

Bemærk at flatpak-builder af kompabilitetshensyn også skulle opdateres, og er -nu tilgængelig som version 1.0.12-1+deb11u1 i bullseye.

- -

Vi anbefaler at du opgraderer dine flatpak- og flatpak-builder-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende flatpak, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/flatpak

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5049.data" diff --git a/danish/security/2022/dsa-5050.wml b/danish/security/2022/dsa-5050.wml deleted file mode 100644 index bba9f9a80f7..00000000000 --- a/danish/security/2022/dsa-5050.wml +++ /dev/null @@ -1,89 +0,0 @@ -#use wml::debian::translation-check translation="e29a0fc272d38a01c5817ee1e8419d80e75e9d30" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, som kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2021-4155 - -

    Kirill Tkhai opdagede en datalækage i den måde, XFS_IOC_ALLOCSP-IOCTL'en - i XFS-filsystemet tillod en størrelsesforøgelse gældende for filer med - forskudte størrelser. En lokal angriber kunne drage nytte af fejlen til at - lække data på XFS-filsystemet.

    • - -
  • CVE-2021-28711, - CVE-2021-28712, - CVE-2021-28713 (XSA-391) - -

    Juergen Gross rapporterede at ondsindede PV-backends kunne forårsage et - lammelsesangreb til gæster, som serviceres af disse backends gennem - højfrekvente events, selv hvis disse backends kører i et mindre priviligeret - miljø.

    • - -
  • CVE-2021-28714, - CVE-2021-28715 (XSA-392) - -

    Juergen Gross opdagede at Xen-gæster kunne tvinge Linux' netbackdriver - til at lægge beslag på store mængder kernehukommelse, medførende - lammelsesangreb.

    • - -
  • CVE-2021-39685 - -

    Szymon Heidrich opdagede en bufferoverløbssårbarhed i - USB-gadgetundersystemet, medførende informationsafsløring, lammelsesangreb - eller rettighedsforøgelse.

    • - -
  • CVE-2021-45095 - -

    Man opdagede at Phone Network-protokoldriveren (PhoNet) havde en - referenceoptællingslækage i funktionen pep_sock_accept().

    • - -
  • CVE-2021-45469 - -

    Wenqing Liu rapporterede om hukommelsestilgang udenfor grænserne i - f2fs-implementeringen, hvis en inode havde en ugyldig sidste - xattr-forekomst. En angriber, der er i stand til at mount'e et særligt - fremstillet filaftryk, kunne drage nytte af fejlen til - lammelsesangreb.

    • - -
  • CVE-2021-45480 - -

    En hukommelseslækagefejl blev opdaget i funktionen - __rds_conn_create() i protokolundersystemet RDS (Reliable Datagram - Sockets).

    • - -
  • CVE-2022-0185 - -

    William Liu, Jamie Hill-Daniel, Isaac Badipe, Alec Petridis, Hrvoje - Misetic og Philip Papurt opdaede en heapbaseret bufferoverløbsfejl i - funktionen legacy_parse_param i Filesystem Context-funktionaliteten, hvilket - gjorde det muligt for en lokal bruger (med CAP_SYS_ADMIN-muligheden i det - aktuelle navnerum) at forøge rettigheder.

    • - -
  • CVE-2022-23222 - -

    tr3e opdagede at BPF-verifikatoren ikke på korrekt vis - begrænsede flere *_OR_NULL-pointertyper, hvilket tillod at disse typer - kunne foretage pointeraritmetik. En lokal bruger med muliged for at kalde - bpf(), kunne drage nytte af fejlen til at forøge rettigheder. Kald uden - rettighed til bpf() er som standard deaktiveret i Debian, hvilket afhjælper - fejlen.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i version -5.10.92-1. Versionen indeholder ændringer, som det var meningen skulle medtages -i den næste punktopdatering af Debian bullseye.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5050.data" diff --git a/danish/security/2022/dsa-5051.wml b/danish/security/2022/dsa-5051.wml deleted file mode 100644 index d471f8ae33e..00000000000 --- a/danish/security/2022/dsa-5051.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="2ac2d2a4f9b7a35320af39253136eaed28f5124b" mindelta="1" -sikkerhedsopdatering - -

David Bouman opdagede en heapbaseret bufferoverløbssårbarhed i -base64-funktionerne i aide, et avanceret system til opdagelse af indtrænging, -hvilken kunne udløses gennem store udvidede filattributter eller ACL'er. Det -kunne medføre lammelsesangreb eller rettighedsforøgelse.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 0.16.1-1+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 0.17.3-4+deb11u1.

- -

Vi anbefaler at du opgraderer dine aide-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende aide, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/aide

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5051.data" diff --git a/danish/security/2022/dsa-5052.wml b/danish/security/2022/dsa-5052.wml deleted file mode 100644 index 52ff0428bd7..00000000000 --- a/danish/security/2022/dsa-5052.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="6c83e985fc3af6b535adb55964157f5e4013b471" mindelta="1" -sikkerhedsopdatering - -

Matthias Gerstner rapporterede at usbview, en USB-enhedsfremviser, ikke på -korrekt vis håndterede autorisation i PolicyKits policyopsætning, hvilket kunne -medføre root-rettighedsforøgelse.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.0-21-g6fe2f4f-2+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.0-21-g6fe2f4f-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine usbview-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende usbview, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/usbview

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5052.data" diff --git a/danish/security/2022/dsa-5053.wml b/danish/security/2022/dsa-5053.wml deleted file mode 100644 index d3b39f7baef..00000000000 --- a/danish/security/2022/dsa-5053.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="712af5fece398dde454a53e2af4d9bc8c059800c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Pillow, et -billedbehandlingsbibliotek til Python, hvilke kunne medføre lammelsesangreb og -potentielt udførelse af vilkårlig kode, hvis misdannede billeder blev -behandlet.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 5.4.1-2+deb10u3.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 8.1.2+dfsg-0.3+deb11u1.

- -

Vi anbefaler at du opgraderer dine pillow-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pillow, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pillow

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5053.data" diff --git a/danish/security/2022/dsa-5054.wml b/danish/security/2022/dsa-5054.wml deleted file mode 100644 index e6f1b76f2cc..00000000000 --- a/danish/security/2022/dsa-5054.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="6ed43123bf12e046d3c079781438e62772fcba7d" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 97.0.4692.99-1~deb11u2.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5054.data" diff --git a/danish/security/2022/dsa-5055.wml b/danish/security/2022/dsa-5055.wml deleted file mode 100644 index ca58a94951e..00000000000 --- a/danish/security/2022/dsa-5055.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="fbe1364a65d5507c2b5e7690655892c887a863db" mindelta="1" -sikkerhedsopdatering - -

Qualys Research Labs opdagede to sårbarheder i util-linux' libmount. Fejlene -gjorde det muligt for en upriviligeret bruger at unmount'e andre brugeres -filsystemer, som enten selv er globalt skrivbare eller mount'et i en globalt -skrivbar mappe -(\ -CVE-2021-3996), eller til at unmoun'te FUSE-filsystemer, som hører til visse -andre brugere -(\ -CVE-2021-3995).

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.36.1-8+deb11u1.

- -

Vi anbefaler at du opgraderer dine util-linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende util-linux, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/util-linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5055.data" diff --git a/danish/security/2022/dsa-5056.wml b/danish/security/2022/dsa-5056.wml deleted file mode 100644 index 7ec85ec5c7a..00000000000 --- a/danish/security/2022/dsa-5056.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="f8545f462fdd05fa94ece499d3a78fc01e46f8ed" mindelta="1" -sikkerhedsopdatering - -

Zhuowei Zhang opdagede en fejl i EAP-autentifikationsklientkoden i -strongSwan, en IKE-/IPsec-programsuite, der kunne gøre det muligt at omgå -klienten og under nogle omstændigheder endda serverautentifikationen, eller -kunne føre til lammelsesangreb.

- -

Når der anvendes EAP-autentifikation (RFC 3748), indikeres en succesrig -gennemførelse af autentifikationen af en EAP-Success-meddelelse sendt af -serveren til klienten. strongSwans EAP-klientkode håndteres tidligere -EAP-Success-meddelelser på ukorrekt vis, enten ved at få IKE-dæmonen til at gå -ned eller afslutte EAP-metoden for tidligt.

- -

Slutresultatet er afhængigt af den anvendte opsætning, flere oplysninger -finder man i opstrøms bulletin på -\ -https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 5.7.2-1+deb10u2.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 5.9.1-1+deb11u2.

- -

Vi anbefaler at du opgraderer dine strongswan-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende strongswan, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/strongswan

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5056.data" diff --git a/danish/security/2022/dsa-5057.wml b/danish/security/2022/dsa-5057.wml deleted file mode 100644 index 44bea16c299..00000000000 --- a/danish/security/2022/dsa-5057.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="61c935acbab4a74496dcdab959253c28c9629336" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, hvilke kunne medføre -lammelsesangreb, omgåelse af deserialiseringsbegrænsninger eller -informationsafsløringer.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 11.0.14+9-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 11.0.14+9-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine openjdk-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5057.data" diff --git a/danish/security/2022/dsa-5058.wml b/danish/security/2022/dsa-5058.wml deleted file mode 100644 index 80113f6dbd9..00000000000 --- a/danish/security/2022/dsa-5058.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b44e01250950fa594e539e820a55289303631cba" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, hvilke kunne medføre -lammelsesangreb, omgåelse af deserialiseringsbegrænsninger eller -informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 17.0.2+8-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine openjdk-17-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-17, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-17

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5058.data" diff --git a/danish/security/2022/dsa-5059.wml b/danish/security/2022/dsa-5059.wml deleted file mode 100644 index c1c68cb8b21..00000000000 --- a/danish/security/2022/dsa-5059.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="e58c3261bf08e70d402154c34489c0d75670087f" mindelta="1" -sikkerhedsopdatering - -

Qualys Research Labs opdagede en lokal rettighedsforøgelse i PolicyKits -pkexec.

- -

Flere oplysninger finder man i Qualys bulletin på -\ -https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 0.105-25+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 0.105-31+deb11u1.

- -

Vi anbefaler at du opgraderer dine policykit-1-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende policykit-1, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/policykit-1

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5059.data" diff --git a/danish/security/2022/dsa-5060.wml b/danish/security/2022/dsa-5060.wml deleted file mode 100644 index 3e6add18e1b..00000000000 --- a/danish/security/2022/dsa-5060.wml +++ /dev/null @@ -1,60 +0,0 @@ -#use wml::debian::translation-check translation="341e6852d23c334b780a3b6f9546f14ecc590346" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren webkit2gtk:

- -
    - -
  • CVE-2021-30934 - -

    Dani Biro opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30936 - -

    Chijin Zhou opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30951 - -

    Pangu opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30952 - -

    WeBin opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30953 - -

    VRIJ opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30954 - -

    Kunlun Lab opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30984 - -

    Kunlun Lab opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.34.4-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.34.4-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5060.data" diff --git a/danish/security/2022/dsa-5061.wml b/danish/security/2022/dsa-5061.wml deleted file mode 100644 index 8ada2244892..00000000000 --- a/danish/security/2022/dsa-5061.wml +++ /dev/null @@ -1,57 +0,0 @@ -#use wml::debian::translation-check translation="de8e10a59080751b85f0c6e6087e8a897a021357" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget webmotoren wpewebkit:

- -
    - -
  • CVE-2021-30934 - -

    Dani Biro opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30936 - -

    Chijin Zhou opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30951 - -

    Pangu opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30952 - -

    WeBin opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30953 - -

    VRIJ opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30954 - -

    Kunlun Lab opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2021-30984 - -

    Kunlun Lab opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.34.4-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine wpewebkit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpewebkit, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpewebkit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5061.data" diff --git a/danish/security/2022/dsa-5062.wml b/danish/security/2022/dsa-5062.wml deleted file mode 100644 index eae58fa10e7..00000000000 --- a/danish/security/2022/dsa-5062.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="9899549dae85a56caf4e491d8047ff1f24f0ba49" mindelta="1" -sikkerhedsopdatering - -

Tavis Ormandy opdagede at ukorrekt fortolkning af pkcs7-sekvenser i nss, -Mozilla Network Security Service-biblioteket, kunne medføre lammelsesangreb.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2:3.42.1-1+deb10u5.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2:3.61-1+deb11u2.

- -

Vi anbefaler at du opgraderer dine nss-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nss, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/nss

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5062.data" diff --git a/danish/security/2022/dsa-5063.wml b/danish/security/2022/dsa-5063.wml deleted file mode 100644 index d8e314fc5f0..00000000000 --- a/danish/security/2022/dsa-5063.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="ad414dcf4677cc59a20846cbac77cff3f6c577ac" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i uriparser, et bibliotek som fortolker Uniform -Resource Identifiers (URI'er), hvilke kunne medføre lammelsesangreb eller -potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 0.9.1-1+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 0.9.4+dfsg-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine uriparser-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende uriparser, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/uriparser

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5063.data" diff --git a/danish/security/2022/dsa-5064.wml b/danish/security/2022/dsa-5064.wml deleted file mode 100644 index e8c4f37f0f8..00000000000 --- a/danish/security/2022/dsa-5064.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="88fdb32f4e14df227999348bfaa3c200dd95a40f" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at manglende rensning af inddata i python-nbxmpp, et Jabber/XMPP -Python-bibliotek, kunne medføre lammelsesangreb i klienter baseret på det (så -som Gajim).

- -

Den gamle stabile distribution (buster) er ikke påvirket.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.0.2-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine python-nbxmpp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-nbxmpp, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-nbxmpp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5064.data" diff --git a/danish/security/2022/dsa-5065.wml b/danish/security/2022/dsa-5065.wml deleted file mode 100644 index 6ebfd608976..00000000000 --- a/danish/security/2022/dsa-5065.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="59bee56ba47eb29058f095e9cb4b60ba8217ebb0" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at IPython, en udvidet interaktiv Python-shell, afviklede -config-filer fra den aktuelle arbejdsmappe, hvilket kunne medføre angreb på -tværs af brugere, hvis fra afviklet fra en mappe som flere brugere kan skrive -til.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 5.8.0-1+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 7.20.0-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine ipython-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ipython, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ipython

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5065.data" diff --git a/danish/security/2022/dsa-5066.wml b/danish/security/2022/dsa-5066.wml deleted file mode 100644 index b6c5f836955..00000000000 --- a/danish/security/2022/dsa-5066.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="0bde4333ac0b97cd9d74b0ee239a1847872bc944" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i fortolkeren af Ruby-sproget og de medfølgende -Rubygems, hvilke kunne medføre XML-roundtripangreb, udførelse af vilkårlig kode, -informationsafsløring, fjernelse af StartTLS i IMAP eller lammelsesangreb.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.5.5-3+deb10u4.

- -

Vi anbefaler at du opgraderer dine ruby2.5-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby2.5, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby2.5

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5066.data" diff --git a/danish/security/2022/dsa-5067.wml b/danish/security/2022/dsa-5067.wml deleted file mode 100644 index c357dc06930..00000000000 --- a/danish/security/2022/dsa-5067.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="0bde4333ac0b97cd9d74b0ee239a1847872bc944" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i fortolkeren af Ruby-sproget og de medfølgende -Rubygems, hvilke kunne informationsafsløring eller lammelsesangreb.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.7.4-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine ruby2.7-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ruby2.7, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ruby2.7

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5067.data" diff --git a/danish/security/2022/dsa-5068.wml b/danish/security/2022/dsa-5068.wml deleted file mode 100644 index d274979dcd4..00000000000 --- a/danish/security/2022/dsa-5068.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a5339ee5b714609376355ac8731b469ad2cc102b" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 98.0.4758.80-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5068.data" diff --git a/danish/security/2022/dsa-5069.wml b/danish/security/2022/dsa-5069.wml deleted file mode 100644 index 12e66097151..00000000000 --- a/danish/security/2022/dsa-5069.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="1a25c2c6caa0d63c6b98c96d12c69ede3ee4a38e" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne føre til udførelse af vilkårlig kode, -informationsafsløring eller spoofing.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 91.6.0esr-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 91.6.0esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5069.data" diff --git a/danish/security/2022/dsa-5070.wml b/danish/security/2022/dsa-5070.wml deleted file mode 100644 index 5ea680e90f6..00000000000 --- a/danish/security/2022/dsa-5070.wml +++ /dev/null @@ -1,76 +0,0 @@ -#use wml::debian::translation-check translation="4403b53e0cf3fdf0bdff2722dc29d4b864c7e8f6" mindelta="1" -sikkerhedsopdatering - - -
    - -
  • CVE-2021-4122 - -

    Milan Broz, vedligeholderenr, opdagede et problem i cryptsetup, - opsætningsværktøjet i Linux til diskkryptering.

    - -

    LUKS2's (et på disken-format) online-genkryptering er en valgfri - udvidelse, der gør det mulig for en bruger at ændre nøglen til - data-genkryptering, samtidigmed at dataenheden er tilgængelig for brug - under hele genkrypteringsprocessen.

    - -

    En angriber kunne ændre metadata på disken, til at simulere en - igangværende dekryptering med et nedbrudt (uafsluttet) genkrypteringstrin - og vedvarende dekryptere dele af LUKS2-enheden (LUKS1-enheder er også - påvirket indirekte, se nedenfor).

    - -

    Angrebet kræver gentagen fysisk adgang til LUKS2-enheden, men ikke noget - kendskab til brugeres adgangskoder.

    - -

    Dekrypteringstrinnet udføres efter en gyldig bruger aktiverer enheden med - en korrekt adgangskode og ændrede metadata.

    - -

    Størren på muligvis dekrypterede data pr. angrebstrin er afhængig af den - opsatte LUKS2-headerstørrelse (metadatastørrelsen er konfigurérbar med - LUKS2). Med LUKS2-standardparametre (16 MiB-header) og kun ét allokeret - keyslot (512 bit-nøgle til AES-XTS), simuleret dekryptering med - kontrolsumsrobusthed SHA1 (20 bytes-kontrolsum til 4096 byte-blokke), kan - den maksimale dekrypteringsstørrelse være over 3 GiB.

    - -

    Angrebet er ikke brugbart mod LUKS1-formatet, men angriberen kan opdatere - metadata på stedet til LUKS2-format, som et tyderligere trin. Til en sådan - konverteret LUKS2-header, er keyslotområdet begrænset til en dekrypteret - størrelse (med SHA1-kontrolsummer) på over 300 MiB.

    - -

    LUKS-enheder, som blev formateret ved hjælp af en binær cryptsetup-fil - fra Debian Stretch eller tidligere, anvender LUKS1. Men siden Debian Buster - er LUKS' standard på disk-formatversion LUKS2. I særdeleshed anvender - krypterede enheder, som er formateret af Debian Busters og Bullseyes - installeringsprogrammer, LUKS2 som standard.

    • - -
  • Nøgletrunkering i dm-integrity - -

    Denne opdatering løser også et problem med nøgletrunkering på - selvstændige dm-integrity-enheder, som anvender HMAC-integritetsbeskyttelse. - For sådanne eksisterende enheder med ekstra lange HMAC-nøgler (typisk med en - længde på mere end 106 bytes), kan man være nødt til manuelt at trunkere - nøglen ved hjælp af integritysetup(8)'s valgmulighed - --integrity-key-size, for på korrekt vis at mappe enheden under - 2:2.3.7-1+deb11u1 og senere.

    - -

    Kun selvstændige dm-integrity-enheder er påvirkede. dm-crypt-enheder, - herunder dem der anvender autentificeret diskkryptering, er ikke - påvirkede.

    • - -
- -

I den gamle stabile distribution (buster), findes dette problem ikke.

- -

I den stabile distribution (bullseye), er dette problem rettet i version -2:2.3.7-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine cryptsetup-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende cryptsetup, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/cryptsetup

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5070.data" diff --git a/danish/security/2022/dsa-5071.wml b/danish/security/2022/dsa-5071.wml deleted file mode 100644 index 8bc9e098490..00000000000 --- a/danish/security/2022/dsa-5071.wml +++ /dev/null @@ -1,42 +0,0 @@ -#use wml::debian::translation-check translation="7000f208a4e5ab2d7a872d4439db6ec5dcba9270" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Samba, en SMB/CIFS-fil-, print- og -loginserver til Unix.

- -
    - -
  • CVE-2021-44142 - -

    Orange Tsai rapporterede om en heapsårbarhed i forbindelse skrivning - udenfor grænserne i VFS-modulet vfs_fruit, hvilken kunne medføre - fjernudførelse af vilkårlig kode som root.

    • - -
  • CVE-2022-0336 - -

    Kees van Vloten rapporterede at Sambas AD-bruger med rettighed til at - skrive til en konto, kunne udgive sig for at være vilkårlige - tjenester.

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet i -version 2:4.9.5+dfsg-5+deb10u3. Jævnfør 5015-1, er -\ -CVE-2022-0336 ikke løst i den gamle stabile distribution (buster).

- -

I den stabile distribution (bullseye), er disse problemer rettet i version -2:4.13.13+dfsg-1~deb11u3. Yderligere er der nogle opfølgende rettelser til -\ -CVE-2020-25717 med i denne opdatering (jævnfør #1001068).

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende samba, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/samba

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5071.data" diff --git a/danish/security/2022/dsa-5072.wml b/danish/security/2022/dsa-5072.wml deleted file mode 100644 index a220248e543..00000000000 --- a/danish/security/2022/dsa-5072.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="ee04f46c954ffc5bf443850c66d2c35e66852301" mindelta="1" -sikkerhedsopdatering - -

Marcel Neumann, Robert Altschaffel, Loris Guba og Dustin Hermann opdagede at -debian-edu-config, et sæt af opsætningsfiler som anvendes i Debian Edu-blend'en, -opsatte usikre rettigheder til brugeres webshares (~/public_html), hvilket kunne -medføre rettighedsforøgelse.

- -

Hvis PHP-funktionaliteten er nødvendig i brugerens webshares, så se -/usr/share/doc/debian-edu-config/README.public_html_with_PHP-CGI+suExec.md

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.10.65+deb10u8.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.11.56+deb11u3.

- -

Vi anbefaler at du opgraderer dine debian-edu-config-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende debian-edu-config, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/debian-edu-config

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5072.data" diff --git a/danish/security/2022/dsa-5073.wml b/danish/security/2022/dsa-5073.wml deleted file mode 100644 index 5b451e8a4d1..00000000000 --- a/danish/security/2022/dsa-5073.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="5cbd6ec3090a1f25dbf34fb0d534216af53b2ef8" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Expat, et C-bibliotek til XML-fortolkning, -hvilke kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig -kode, hvis en misdannet XML-fil blev behandlet.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.2.6-2+deb10u2.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.2.10-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine expat-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende expat, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/expat

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5073.data" diff --git a/danish/security/2022/dsa-5074.wml b/danish/security/2022/dsa-5074.wml deleted file mode 100644 index 37487a219b3..00000000000 --- a/danish/security/2022/dsa-5074.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="f87da97ce68e491048f9d9386587867e70a4edcc" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre lammelsesangreb eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:91.6.0-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:91.6.0-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5074.data" diff --git a/danish/security/2022/dsa-5075.wml b/danish/security/2022/dsa-5075.wml deleted file mode 100644 index eedad095dfb..00000000000 --- a/danish/security/2022/dsa-5075.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="8a7953e887cd20753dae5f4b9d4702dfaf7b9e98" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Minetest, et sandkasse-videospil og --spilfremstillingssystem. Problemer kunne gøre det muligt for angribere at -manipulere med spilmods og give dem en urimelig fordel til ulempe for andre -brugere. Fejlene kunne også misbruges til lammelsesangreb mod en -Minetest-server, hvis hvis brugerinddata blev overført direkte til -minetest.deserialize uden først at serialisere dem, så kunne en ondsindet -bruger køre Lua-kode i servermiljøet.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 0.4.17.1+repack-1+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.3.0+repack-2.1+deb11u1.

- -

Vi anbefaler at du opgraderer dine minetest-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende minetest, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/minetest

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5075.data" diff --git a/danish/security/2022/dsa-5076.wml b/danish/security/2022/dsa-5076.wml deleted file mode 100644 index f4f411e92e7..00000000000 --- a/danish/security/2022/dsa-5076.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="abfb144498116750fd286e9c4c163a74c8c74491" mindelta="1" -sikkerhedsopdatering - -

Sikkerhedsefterforskere ved JFrog Security og Ismail Aydemir, opdagede to -sårbarheder i forbindelse med fjernudførelse af kode i H2 Java -SQL-databasemotoren, hvilke kunne udnyttes gennem forskellige angrebsvinkler, -primært gennem H2 Console og ved at indlæse skræddersyede klasser fra fjerne -servere gennem JNDI. H2 Console er et udviklerværktøj, som ikke er en -reverse-dependency i Debian. Det er deaktiveret i de (gamle) stabile udgaver. -Databaseudviklere anbefales som minimum af anvende version 2.1.210-1, som pt. er -tilgængelig i den ustabile udgave af Debian.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1.4.197-4+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1.4.197-4+deb11u1.

- -

Vi anbefaler at du opgraderer dine h2database-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende h2database, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/h2database

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5076.data" diff --git a/danish/security/2022/dsa-5077.wml b/danish/security/2022/dsa-5077.wml deleted file mode 100644 index 23ac6df4400..00000000000 --- a/danish/security/2022/dsa-5077.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="06511a96fdf32fbac73ddf76be2f3258b1c7b435" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i LibreCAD, en applikation til -computer aided design (CAD), hvilke kunne medføre lammelsesangreb eller -udførelse af vilkårlig kode, hvis en misdannet CAD-fil blev åbnet.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.1.3-1.2+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.1.3-1.3+deb11u1.

- -

Vi anbefaler at du opgraderer dine librecad-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende librecad, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/librecad

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5077.data" diff --git a/danish/security/2022/dsa-5078.wml b/danish/security/2022/dsa-5078.wml deleted file mode 100644 index 68dfe43d2ee..00000000000 --- a/danish/security/2022/dsa-5078.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="dcf86adf061c386a0fc377fda8ff1f638c073181" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at zsh, en ydedygtig shell og skriptsprog, ikke forhindrede -rekursiv udvidelse af prompten. Det gjorde det muligt for en angriber at -udføre vilkårlige kommandoer i en brugers shell, eksempelvis ved at narre en -vcs_info-bruger til at foretage en checkout af en git-forgrening med et særligt -fremstillet navn.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 5.7.1-1+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 5.8-6+deb11u1.

- -

Vi anbefaler at du opgraderer dine zsh-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende zsh, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/zsh

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5078.data" diff --git a/danish/security/2022/dsa-5079.wml b/danish/security/2022/dsa-5079.wml deleted file mode 100644 index 76878d76617..00000000000 --- a/danish/security/2022/dsa-5079.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="d888e2ade95d2f8de7ce316199604ad0b4532236" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 98.0.4758.102-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5079.data" diff --git a/danish/security/2022/dsa-5080.wml b/danish/security/2022/dsa-5080.wml deleted file mode 100644 index 0edd6ff5e8a..00000000000 --- a/danish/security/2022/dsa-5080.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="1e2c7904f886a0df1be1762f24541d3f5cb14419" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i snapd, en dæmon og værktøj, som gør det -muligt at anvende Snap-pakker, hvilke kunne medføre omgåelse af -adgangsbegrænsninger eller rettighedsforøgelse.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.37.4-1+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.49-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine snapd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende snapd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/snapd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5080.data" diff --git a/danish/security/2022/dsa-5081.wml b/danish/security/2022/dsa-5081.wml deleted file mode 100644 index 92ead9bb49f..00000000000 --- a/danish/security/2022/dsa-5081.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="756dc274bb4fd8201c0d39772c0234ad0df729b2" mindelta="1" -sikkerhedsopdatering - -

Reginaldo Silva opdagede en (Debian-specifik) undslippelse fra Lua-sandkassen -i Redis, en persistent nøgle-værdi-database.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 5:5.0.14-1+deb10u2.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 5:6.0.16-1+deb11u2.

- -

Vi anbefaler at du opgraderer dine redis-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende redis, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/redis

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5081.data" diff --git a/danish/security/2022/dsa-5082.wml b/danish/security/2022/dsa-5082.wml deleted file mode 100644 index b11fff36ef9..00000000000 --- a/danish/security/2022/dsa-5082.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="972097b32a62a3fb5c8fa555236360b990f32ec8" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer blev fundet i PHP, et vidt udbredt og generelt -anvendeligt open source-skriptsprog, hvilke kunne medføre informationsafsløring -eller lammelsesangreb.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 7.4.28-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine php7.4-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.4, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.4

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5082.data" diff --git a/danish/security/2022/dsa-5083.wml b/danish/security/2022/dsa-5083.wml deleted file mode 100644 index fac24babc45..00000000000 --- a/danish/security/2022/dsa-5083.wml +++ /dev/null @@ -1,47 +0,0 @@ -#use wml::debian::translation-check translation="6e870b6792da4e7e1a7e4057c3da1f0e3ca31df8" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder opdaget i webmotoren WebKitGTK:

- -
    - -
  • CVE-2022-22589 - -

    Heige og Bo Qu opdagede at behandling af en ondsindet fremstillet - mailmeddelelse, kunne føre til afvikling af vilkårligt JavaScript.

    • - -
  • CVE-2022-22590 - -

    Toan Pham opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-22592 - -

    Prakash opdagede at behandling af ondsindet fremstillet webindhold, kunne - forhindre håndhævelse af Content Security Policy.

    • - -
  • CVE-2022-22620 - -

    En anonum efterforsker opdagede at behandling af ondsindet fremstillet - webindhold, kunne føre til udførelse af vilkårlig kode. Apple er bekendt - med en rapport om at dette problem kan have været under aktiv - udnyttelse.

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.34.6-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.34.6-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5083.data" diff --git a/danish/security/2022/dsa-5084.wml b/danish/security/2022/dsa-5084.wml deleted file mode 100644 index d7980427812..00000000000 --- a/danish/security/2022/dsa-5084.wml +++ /dev/null @@ -1,44 +0,0 @@ -#use wml::debian::translation-check translation="1d9bcf6bed3d3d7c0303a9d113875c0eb8da2364" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget webmotoren WPE WebKit:

- -
    - -
  • CVE-2022-22589 - -

    Heige og Bo Qu opdagede at behandling af en ondsindet fremstillet - mailmeddelelse, kunne føre til afvikling af vilkårligt JavaScript.

    • - -
  • CVE-2022-22590 - -

    Toan Pham opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-22592 - -

    Prakash opdagede at behandling af ondsindet fremstillet webindhold, kunne - forhindre håndhævelse af Content Security Policy.

    • - -
  • CVE-2022-22620 - -

    En anonum efterforsker opdagede at behandling af ondsindet fremstillet - webindhold, kunne føre til udførelse af vilkårlig kode. Apple er bekendt - med en rapport om at dette problem kan have været under aktiv - udnyttelse.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.34.6-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine wpewebkit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpewebkit, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpewebkit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5084.data" diff --git a/danish/security/2022/dsa-5085.wml b/danish/security/2022/dsa-5085.wml deleted file mode 100644 index 4190bf624c6..00000000000 --- a/danish/security/2022/dsa-5085.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="93a7a51e5d2ae2d50e46d55d252b86728e3c32f3" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Expat, et C-bibliotek til XML-fortolkning, -hvilke kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig -kode, hvis en misdannet XML-fil blev behandlet.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.2.6-2+deb10u3.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.2.10-2+deb11u2.

- -

Vi anbefaler at du opgraderer dine expat-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende expat, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/expat

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5085.data" diff --git a/danish/security/2022/dsa-5086.wml b/danish/security/2022/dsa-5086.wml deleted file mode 100644 index 19d1d5171aa..00000000000 --- a/danish/security/2022/dsa-5086.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="41610d0871c80a94ed495d4ba35ccde84cbd0681" mindelta="1" -sikkerhedsopdatering - -

En skrivning udenfor grænserne blev opdaget i Thunderbird, hvilken kunne -udløses gennem en misdannet mailmeddelelse.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1:91.6.1-1~deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1:91.6.1-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5086.data" diff --git a/danish/security/2022/dsa-5087.wml b/danish/security/2022/dsa-5087.wml deleted file mode 100644 index a5f243c801d..00000000000 --- a/danish/security/2022/dsa-5087.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="a17ab1c01a162742ea0c2f05cfd7ae7af5687afc" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at SQL-plugin'en i cyrus-sasl2, et bibliotek som implementerer -Simple Authentication and Security Layer, var sårbar over for et -SQL-indsprøjtningsangreb. En autentificeret fjernangriber kunne drage nytte af -fejlen til at udføre vilkårlige SQL-kommandoer og til rettighedsforøgelse.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.1.27+dfsg-1+deb10u2.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.1.27+dfsg-2.1+deb11u1.

- -

Vi anbefaler at du opgraderer dine cyrus-sasl2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende cyrus-sasl2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/cyrus-sasl2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5087.data" diff --git a/danish/security/2022/dsa-5088.wml b/danish/security/2022/dsa-5088.wml deleted file mode 100644 index 26166fbcda0..00000000000 --- a/danish/security/2022/dsa-5088.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="5d750660e3db7f0c5eccb5dc451d9a0f2e491cbf" mindelta="1" -sikkerhedsopdatering - -
    - -
  • CVE-2021-36740 - -

    Martin Blix Grydeland opdagede at Varnish var sårbar overfor smugling af - forespørgsler-angreb, hvis HTTP/2-protokollen er aktiveret.

    • - -
  • CVE-2022-23959 - -

    James Kettle opdagede et angreb i forbindelse med smugling af - forespørgsler mod implementeringen af HTTP/1-protokollen i Varnish.

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 6.1.1-1+deb10u3.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 6.5.1-1+deb11u2.

- -

Vi anbefaler at du opgraderer dine varnish-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende varnish, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/varnish

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5088.data" diff --git a/danish/security/2022/dsa-5089.wml b/danish/security/2022/dsa-5089.wml deleted file mode 100644 index 1731b378c46..00000000000 --- a/danish/security/2022/dsa-5089.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="04e76b0c1a89837c796e8f6361f02ca677ecffea" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 99.0.4844.51-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5089.data" diff --git a/danish/security/2022/dsa-5090.wml b/danish/security/2022/dsa-5090.wml deleted file mode 100644 index b2b53865934..00000000000 --- a/danish/security/2022/dsa-5090.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="3c743d7ce3f11aecaeac7d0fc456e8cf918ee660" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, hvilke -medførte udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 91.6.1esr-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 91.6.1esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5090.data" diff --git a/danish/security/2022/dsa-5091.wml b/danish/security/2022/dsa-5091.wml deleted file mode 100644 index 84a0b372d57..00000000000 --- a/danish/security/2022/dsa-5091.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="0390261262cbe41b6f76a709cc6a95b10b9718cf" mindelta="1" -sikkerhedsopdatering - -

Felix Wilhelm opdagede at containerds containerruntime var sårbar overfor -informationsafsløring gennem misdannede containerfilaftryk.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.4.13~ds1-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine containerd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende containerd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/containerd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5091.data" diff --git a/danish/security/2022/dsa-5092.wml b/danish/security/2022/dsa-5092.wml deleted file mode 100644 index 3b277e83c03..00000000000 --- a/danish/security/2022/dsa-5092.wml +++ /dev/null @@ -1,82 +0,0 @@ -#use wml::debian::translation-check translation="14d91c5e8b991574bd42901de0e30d4eb4a8bb7e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationlækager.

- -
    - -
  • CVE-2021-43976 - -

    Zekun Shen og Brendan Dolan-Gavitt opdagede en fejl i funktionen - mwifiex_usb_recv() i USB-driveren Marvell WiFi-Ex. En angriber, der er i - stand til at tilslutte en fabrikeret USB-enhed, kunne drage nytte af fejlen - til at forårsage et lammelsesangreb.

    • - -
  • CVE-2022-0330 - -

    Sushma Venkatesh Reddy opdagede en manglende GPU TLB-flush i - i915-driveren, medførende lammelsesangreb eller - rettighedsforøgelse.

    • - -
  • CVE-2022-0435 - -

    Samuel Page og Eric Dumazet rapporteret om et stakoverløb i - netværksmodulet til protokollen Transparent Inter-Process Communication - (TIPC), medførende lammelsesangreb eller potentielt udførelse af vilkårlig - kode.

    • - -
  • CVE-2022-0516 - -

    Man opdagede at et utilstrækkeligt tjek i KVM-undersystemet til s390x, - kunne muliggøre uautoriseret læse- og skriveadgang til hukommelse.

    • - -
  • CVE-2022-0847 - -

    Max Kellermann opdagede en fejl i håndteringen af pipebufferflag. En - angriber kunne drage nytte af fejlen til lokal rettighedsforøgelse.

    • - -
  • CVE-2022-22942 - -

    Man opdagede at forkert håndtering af fildescriptorer i driveren VMware - Virtual GPU (vmwgfx), kunne medføre informationslækage eller - rettighedsforøgelse.

    • - -
  • CVE-2022-24448 - -

    Lyu Tao rapporterede om en fejl i NFS-implementeringen i Linux-kernen, - når der håndteres forespørgsler til at åbne en mappe til en almindelig fil, - hvilket kunne medføre en informationslækage.

    • - -
  • CVE-2022-24959 - -

    En hukommelseslækage blev opdaget i funktionen yam_siocdevprivate() i - YAM-driveren til AX.25, hvilken kunne medføre lammelsesangreb.

    • - -
  • CVE-2022-25258 - -

    Szymon Heidrich rapporterede at USB Gadget-undersystemet manglede visse - valideringer af descriptorforespørgsler til grænseflade-OS, medførende - hukommelseskorruption.

    • - -
  • CVE-2022-25375 - -

    Szymon Heidrich rapporterede at RNDIS USB-gadget manglende validering af - størrelsen på kommandoen RNDIS_MSG_SET, medførende informationslækage fra - kernehukommelse.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.10.92-2.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5092.data" diff --git a/danish/security/2022/dsa-5093.wml b/danish/security/2022/dsa-5093.wml deleted file mode 100644 index ba56313433e..00000000000 --- a/danish/security/2022/dsa-5093.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="62eba5dd2b2607b995841a06673d6829e283e2ca" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at SPIP, en webstedsmotor til udgivelse, kunne gøre det muligt -for en ondsindet bruger, at udføre vilkårlig kode.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 3.2.4-1+deb10u7.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 3.2.11-3+deb11u3.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spip, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/spip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5093.data" diff --git a/danish/security/2022/dsa-5094.wml b/danish/security/2022/dsa-5094.wml deleted file mode 100644 index 694a1dcddd6..00000000000 --- a/danish/security/2022/dsa-5094.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="eae80d2fb1b6aa42e3c75d3fed21e1d8faf46e92" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne medføre -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:91.6.2-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:91.6.2-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5094.data" diff --git a/danish/security/2022/dsa-5095.wml b/danish/security/2022/dsa-5095.wml deleted file mode 100644 index 0b9c91bd5c3..00000000000 --- a/danish/security/2022/dsa-5095.wml +++ /dev/null @@ -1,79 +0,0 @@ -#use wml::debian::translation-check translation="57142714136b016072b02516b529006538983a39" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2020-36310 - -

    En fejl blev opdaget i KVM-implementeringen til AMD-processorer, hvilken - kunne føre til en uendelig løkke. En ondsindet VM-gæst kunne udnytte fejlen - til at forårsage et lammelsesangreb.

    • - -
  • CVE-2022-0001 (INTEL-SA-00598) - -

    Efterforskere ved VUSec opdagede at Branch History Buffer i - Intel-processorer kunne udnyttes til at iværksætte informationssidekanaler - med spekulativ udførelse. Problemet svarer til Spectre variant 2, men - kræver yderligere afhjælpningsforanstaltninger på nogle processorer.

    - -

    Det kan udnyttes til at få fat i følsomme oplysninger fra en anden - sikkerhedskontekt, eksempelvis fra brugerrummet til kernen, eller fra en - KVM-gæst til kernen.

    • - -
  • CVE-2022-0002 (INTEL-SA-00598) - -

    Et problem svarende til - \ - CVE-2022-0001, men dækker udnyttelse indenfor en sikkerhedskontekst, - eksempelvis fra JIT-kompileret kode i en sandkasse til værtskode i den - samme proces.

    - -

    Det er delvist afhjulpet ved at deaktivere eBPF for upriviligerede - brugere med sysctl: kernel.unprivileged_bpf_disabled=2. Det er allerede - standarden i Debian 11 bullseye.

    • - -
  • CVE-2022-0487 - -

    En anvendelse efter frigivelse blev opdaget i MOXART SD/MMC Host - Controller-supportdriveren. Fejlen påvirker ikke Debians binære pakker, da - CONFIG_MMC_MOXART ikke er opsat.

    • - -
  • CVE-2022-0492 - -

    Yiqi Sun og Kevin Wang rapporterede at undersystemet cgroup-v1 ikke på - korrekt vis begrænsede adgang til release-agent-funktionaliteten. En lokal - bruger kunne drage nytte af fejlen til rettighedsforøgelse og omgåelse af - navnerumsisolation.

    • - -
  • CVE-2022-0617 - -

    butt3rflyh4ck opdagede en NULL-pointerdereference i UDF-filsystemet. En - lokal bruger, der kan mounte et særligt fremstillet UDF-filaftryk, kunne - udnytte fejlen til at få systemet til at gå ned.

    • - -
  • CVE-2022-25636 - -

    Nick Gregory rapporterede om en heapfejl i forbindelse med skrivning - udenfor grænserne i netfilter-undersystemet. En bruger med kapabiliteten - CAP_NET_ADMIN, kunne udnytte fejlen til lammelsesangreb eller muligvis - rettighedsforøgelse.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet -i version 5.10.103-1. Opdateringen indeholder desuden mange flere fejlrettelser -fra de stabile opdateringer fra 5.10.93 til 5.10.103, begge inklusive.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5095.data" diff --git a/danish/security/2022/dsa-5096.wml b/danish/security/2022/dsa-5096.wml deleted file mode 100644 index 19a7eb8c7f7..00000000000 --- a/danish/security/2022/dsa-5096.wml +++ /dev/null @@ -1,376 +0,0 @@ -#use wml::debian::translation-check translation="55f28f8ffad4f01a052c4b81349871fabf4f6e93" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2020-29374 - -

    Jann Horn fra Google rapporterede om en fejl i Linux' håndtering af - virtuel hukommelse. En forælder- og et barnproces deler i begyndelsen al - deres hukommelse, men når en af dem skriver til en delt side, duplikeres - siden og delingen ophører (copy-on-write). Men i tilfælde af at en - handling så som vmsplice() krævede at kernen modtog en yderligere reference - til en delt side, og copy-on-write optræder under handlingen, kunne kernen - have tilgået den forkerte proces' hukommelse. I nogle programmer kunne det - føre til en informationslækage eller datakorruption.

    - -

    Dette problem er allerede rettet i de fleste arkitekturer, men ikke på - MIPS og System z. Det løses af denne opdatering.

    • - -
  • CVE-2020-36322, - CVE-2021-28950 - -

    Værktøjet syzbot opdagede at implementeringen af FUSE - (filesystem-in-user-space), ikke på korrekt vis håndterede en FUSE-server, - som returnerer ugyldige filattributter. En lokal bruger med rettigheder til - at køre en FUSE-server, kunne udnytte det fejlen til at forårsage et - lammelsesangreb (nedbrud).

    - -

    Den oprindelige rettelse heraf, indførte et andet potentielt - lammelsesangreb (uendelig løkke i kernerummet), hvilket også er - rettet.

    • - -
  • CVE-2021-3640 - -

    Lin Ma opdagede en kapløbstilstand i implementeringen af - Bluetooth-protokollen, hvilken kunne køre til en anvendelse efter - frigivelse. En lokal bruger kunne udnytte fejlen til at forårsage et - lammelsesangreb (hukommelseskorruption eller nedbrud) eller muligvis - til rettighedsforøgelse.

    • - -
  • CVE-2021-3744, - CVE-2021-3764 - -

    minihanshen rapporterede om fejl i ccp-driveren til AMD Cryptographic - Coprocessors, hvilke kunne føre til en ressourcelækage. På systemer, der - anvender driveren, kunne en lokal bruger udnytte fejlen til at forårsage et - lammelsesangreb.

    • - -
  • CVE-2021-3752 - -

    Likang Luo fra NSFOCUS Security Team opdagede en fejl i implementeringen - af Bluetooth L2CAP, der kunne føre til en anvendelse efter frigivelse. En - lokal bruger kunne udnytte fejlen til at forårsage et lammelsesangreb - (hukommelseskorruption eller nedbrud) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2021-3760, - CVE-2021-4202 - -

    Lin Ma opdagede kapløbstilstande i NCI-driveren (NFC Controller - Interface), hvilke kunne føre til en anvendelse efter frigivelse. En lokal - bruger kunne udnytte fejlen til at forårsage et lammelsesangreb - (hukommelseskorruption eller nedbrud) eller muligvis til - rettighedsforøgelse.

    - -

    Driveren er ikke aktiveret i Debians officielle - kerneopsætninger.

    • - -
  • CVE-2021-3772 - -

    En fejl blev fundet i implementeringen af SCTP-protokollen, hvilke kunne - gøre det muligt for en netværksforbundet angriber, at afbryde en - SCTP-tilknytning. Angriberen behøvede kun at kende eller gætte IP-adressen - og portene, som benyttes i tilknytningen.

    • - -
  • CVE-2021-4002 - -

    Man opdagede at hugetlbfs, det virtuelle filsystem, der anvendes af - applikationer til at allokere enorme sider i RAM, ikke tømte CPU'ens TLB i - et tilfælde, hvor det var nødvendigt. Under nogle omstændigheder, ville en - lokal bruger være i stand til at læse og skrive enorme sider, efter deres - frigivelse og genallokering til en anden proces. Det kunne føre til - rettighedsforøgelse, lammelsesangreb eller informationslækager.

    • - -
  • CVE-2021-4083 - -

    Jann Horn rapporterede om en kapløbstilstand i de lokale (Unix) - sockets-garbagecollector, hvilket kunne føre til anvendelse efter - frigivelse. En lokal bruger kunne udnytte det til at forårsage et - lammelsesangreb (hukommelseskorruption eller nedbrud) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2021-4135 - -

    En fejl blev fundet i driveren netdevsim, hvilken kunne føre til en - informationslækage.

    - -

    Driveren er ikke aktiveret i Debians officielle - kerneopsætninger.

    • - -
  • CVE-2021-4155 - -

    Kirill Tkhai opdagede en datalækage i den måde, IOCTL'en XFS_IOC_ALLOCSP - i XFS-filsystemet muliggjorde at filer med en ikke-justeret størrelse kunne - gøre større på. En lokal angriber kunne drage nytte af fejlen til at lække - data fra XFS-filsystemet.

    • - -
  • CVE-2021-4203 - -

    Jann Horn rapporterede om en kapløbstilstand i implementeringen af de - lokale (Unix-) sockets, hvilken kunne føre til en anvendelse efter - frigivelse. En lokal bruger kunne udnytte fejlen til at lække følsomme - oplysninger fra kernen.

    • - -
  • CVE-2021-20317 - -

    Man opdagede at timerkøstrukturen kunne blive korrupt, førende til at - ventende tasks aldrig blev vækket. En lokal bruger med visse rettigheder, - kunne udnytte fejlen til at forårsage et lammelsesangreb (hængende - system).

    • - -
  • CVE-2021-20321 - -

    En kapløbstilstand blev opdaget i filsystemsdriveren overlayfs. En lokal - bruger med adgang til en overlayfs-mount og til dens overliggende mappe, - kunne udnytte fejlen til rettighedsforøgelse.

    • - -
  • CVE-2021-20322 - -

    En informationslækage blev opdaget i IPv4-implementeringen. En - fjernangriber kunne udnytte fejlen til hurtigt at opdage hvilke UDP-porte, - et system anvender, gørende det lettere for vedkommende at udføre et - DNS-forgiftningsangreb mod det system.

    • - -
  • CVE-2021-22600 - -

    Værktøjet syzbot fandt en fejl i implementeringen af packetsocket - (AF_PACKET), hvilken kunne føre til ukorrekt frigivelse af hukommense. En - lokal bruger med kapabiliteten CAP_NET_RAW (i et hvilket som helst - brugernavnerum), kunne udnytte fejlen til lammelsesangreb - (hukommelseskorruption eller nedbrud) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2021-28711, - CVE-2021-28712, - CVE-2021-28713 (XSA-391) - -

    Juergen Gross rapporterede om at ondsindede PV-backends kunne forårsage - et lammelsesangreb mod gæster, der serviceres af disse backends gennem - hyppigt forekommende events, selv hvis disse backends kører i et mindre - prviligeret miljø.

    • - -
  • CVE-2021-28714, - CVE-2021-28715 (XSA-392) - -

    Juergen Gross opdagede at Xen-gæster kunne tvinge Linux' netbackdriver - til at lægge beslag på store mængder kernehukommelse, medførende - lammelsesangreb.

    • - -
  • CVE-2021-38300 - -

    Piotr Krysiuk opdagede en fejl i den klassiske BPF (cBPF) JIT-kompiler - til MIPS-arkitekturer. En lokal bruger kunne udnytte fejlen til at udføre - vilkårlig kode i kernen.

    - -

    Problemet er afhjulpet ved at sætte sysctl net.core.bpf_jit_enable=0, - hvilket er standarden. Det er *ikke* afhjulpet ved at deaktivere - upriviligeret anvendelse af eBPF.

    • - -
  • CVE-2021-39685 - -

    Szymon Heidrich opdagede en bufferoverløbssårbarhed i - USB-gadgetundersystemet, medførende informationsafsløring, lammelsesangreb - eller rettighedsforøgelse.

    • - -
  • CVE-2021-39686 - -

    En kapløbstilstand blev opdaget i Android-binderdriveren, der kunne føre - til ukorrekte sikkerhedstjek. På systemer hvor binderdriveren er indlæst, - kunne en lokal bruger udnytte fejlen til rettighedsforøgelse.

    • - -
  • CVE-2021-39698 - -

    Linus Torvalds rapporterede om en fejl i implementeringen af filpolling, - hvilken kunne føre til en anvendelse efter frigivelse. En lokal bruger - kunne udnytte fejlen til lammelsesangreb (hukommelseskorruption eller - nedbrud) eller muligvis til rettighedsforøgelse.

    • - -
  • CVE-2021-39713 - -

    Værktøjet syzbot fandt en kapløbstilstand i network - scheduling-undersystemet, hvilken kunne føre til en anvendelse efter - frigivelse. En lokal bruger kunne udnytte fejlen til lammelsesangreb - (hukommelseskorruption eller nedbrud) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2021-41864 - -

    Et heltalsoverløb blev opdaget i Extended BPF-undersystemet (eBPF). En - lokal bruger kunne udnytte fejlen til lammelsesangreb (hukommelseskorruption - eller nedbrud) eller muligvis til rettighedsforøgelse.

    - -

    Det kan afhjælpes ved at sætte sysctl kernel.unprivileged_bpf_disabled=1, - hvilket deaktiverer anvendelse af eBPF ved upriviligerede brugere.

    • - -
  • CVE-2021-42739 - -

    Et heapbufferoverløb blev opdaget i firedtv-driveren til - FireWire-forbundne DVB-modtagere. En lokal bruger med adgang til en - firedtv-enhed, kunne udnytte fejlen til lammelsesangreb - (hukommelseskorruption eller nedbrud) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2021-43389 - -

    Active Defense Lab hos Venustech opdagede en fejl i CMTP-undersystemet, - ved anvendelse fra Bluetooth, hvilken kunne føre til en læsning udenfor - grænserne og objekttypeforvirring. En lokal bruger med kapabiliteten - CAP_NET_ADMIN i det indledende brugernavnerum, kunne udnytte fejlen til - lammelsesangreb (hukommelseskorruption eller nedbrud) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2021-43975 - -

    Brendan Dolan-Gavitt rapporterede om en fejl i funktionen - hw_atl_utils_fw_rpc_wait() i ethernedenhedsdriveren aQuantia AQtion, hvilken - kunne medføre lammelsesangreb eller udførelse af vilkårlig kode.

    • - -
  • CVE-2021-43976 - -

    Zekun Shen og Brendan Dolan-Gavitt opdagede en fejl i funktionen - mwifiex_usb_recv() i USB-driveren Marvell WiFi-Ex. En angriber, der er i - stand til at tilslutte en fabrikeret USB-enhed, kunne drage nytte af fejlen - til at forårsage et lammelsesangreb.

    • - -
  • CVE-2021-44733 - -

    En kapløbstilstand blev opdaget i undersystemet Trusted Execution - Environment (TEE) til Arm-processorer, hvilken kunne føre til en anvendelse - efter frigivelse. En lokal bruger med rettigheder til at tilgå en - TEE-enhed, kunne udnytte fejlen til lammelsesangreb (hukommelseskorruption - eller nedbrud) eller muligvis til rettighedsforøgelse.

    • - -
  • CVE-2021-45095 - -

    Man opdagede at Phone Network-protokoldriveren (PhoNet), havde en - referenceoptællingslækage i funktionen pep_sock_accept().

    • - -
  • CVE-2021-45469 - -

    Wenqing Liu rapporterede om en hukommelsestilgang udenfor grænserne i - f2fs-implementeringen, hvis en inode har en ugyldig sidste xattr-post. En - angriber, der er i stand til at mounte et særligt fremstillet filaftryk, - kunne drage nytte af fejlen til lammelsesangreb.

    • - -
  • CVE-2021-45480 - -

    En hukommelseslækagefejl blev opdaget i funktionen __rds_conn_create() i - RDS-protokolundersystemet (Reliable Datagram Sockets).

    • - -
  • CVE-2022-0001 (INTEL-SA-00598) - -

    Efterforskere ved VUSec opdagede at Branch History Buffer i - Intel-processorer kunne udnyttes til at iværksætte informationssidekanaler - med spekulativ udførelse. Problemet svarer til Spectre variant 2, men - kræver yderligere afhjælpningsforanstaltninger på nogle processorer.

    - -

    Det kan udnyttes til at få fat i følsomme oplysninger fra en anden - sikkerhedskontekt, eksempelvis fra brugerrummet til kernen, eller fra en - KVM-gæst til kernen.

    • - -
  • CVE-2022-0002 (INTEL-SA-00598) - -

    Et problem svarende til - \ - CVE-2022-0001, men dækker udnyttelse indenfor en sikkerhedskontekst, - eksempelvis fra JIT-kompileret kode i en sandkasse til værtskode i den - samme proces.

    - -

    Det er delvist afhjulpet ved at deaktivere eBPF for upriviligerede - brugere med sysctl: kernel.unprivileged_bpf_disabled=2. Det gør denne - opdatering som standard.

    • - -
  • CVE-2022-0322 - -

    Eiichi Tsukata opdagede en fejl i funktionen sctp_make_strreset_req() i - implementeringen af SCTP-netværksprotokollen, hvilken kunne medføre - lammelsesangreb.

    • - -
  • CVE-2022-0330 - -

    Sushma Venkatesh Reddy opdagede en manglende GPU TLB-flush i - i915-driveren, medførende lammelsesangreb eller - rettighedsforøgelse.

    • - -
  • CVE-2022-0435 - -

    Samuel Page og Eric Dumazet rapporteret om et stakoverløb i - netværksmodulet til protokollen Transparent Inter-Process Communication - (TIPC), medførende lammelsesangreb eller potentielt udførelse af vilkårlig - kode.

    • - -
  • CVE-2022-0487 - -

    En anvendelse efter frigivelse blev opdaget i MOXART SD/MMC Host - Controller-supportdriveren. Fejlen påvirker ikke Debians binære pakker, da - CONFIG_MMC_MOXART ikke er opsat.

    • - -
  • CVE-2022-0492 - -

    Yiqi Sun og Kevin Wang rapporterede at undersystemet cgroup-v1 ikke på - korrekt vis begrænsede adgang til release-agent-funktionaliteten. En lokal - bruger kunne drage nytte af fejlen til rettighedsforøgelse og omgåelse af - navnerumsisolation.

    • - -
  • CVE-2022-0617 - -

    butt3rflyh4ck opdagede en NULL-pointerdereference i UDF-filsystemet. En - lokal bruger, der kan mounte et særligt fremstillet UDF-filaftryk, kunne - udnytte fejlen til at få systemet til at gå ned.

    • - -
  • CVE-2022-0644 - -

    Hao Sun rapporterede om en manglende kontrol af fillæsningsrettigheder i - systemkaldene finit_module() og kexec_file_load(). Sikkerhedspåvirkningen - af fejlen er uklar, da disse systemkald normalt kun er tilgængelige til - root-brugeren.

    • - -
  • CVE-2022-22942 - -

    Man opdagede at forkert håndtering af fildescriptorer i driveren VMware - Virtual GPU (vmwgfx), kunne medføre informationslækage eller - rettighedsforøgelse.

    • - -
  • CVE-2022-24448 - -

    Lyu Tao rapporterede om en fejl i NFS-implementeringen i Linux-kernen, - når der håndteres forespørgsler til at åbne en mappe til en almindelig fil, - hvilket kunne medføre en informationslækage.

    • - -
  • CVE-2022-24959 - -

    En hukommelseslækage blev opdaget i funktionen yam_siocdevprivate() i - YAM-driveren til AX.25, hvilken kunne medføre lammelsesangreb.

    • - -
  • CVE-2022-25258 - -

    Szymon Heidrich rapporterede at USB Gadget-undersystemet manglede visse - valideringer af descriptorforespørgsler til grænseflade-OS, medførende - hukommelseskorruption.

    • - -
  • CVE-2022-25375 - -

    Szymon Heidrich rapporterede at RNDIS USB-gadget manglende validering af - størrelsen på kommandoen RNDIS_MSG_SET, medførende informationslækage fra - kernehukommelse.

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet i -version 4.19.232-1. Denne opdatering indeholder mange yderligere fejlrettelser -fra stabile opdateringer, herunder 4.19.209-4.19.232.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5096.data" diff --git a/danish/security/2022/dsa-5097.wml b/danish/security/2022/dsa-5097.wml deleted file mode 100644 index d914c84cb04..00000000000 --- a/danish/security/2022/dsa-5097.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="608e558b803051bb2fbaf6349d4b3630abb69790" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode, -informationsafsløring, spoofing eller omgåelse af sandkasse.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 91.7.0esr-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 91.7.0esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5097.data" diff --git a/danish/security/2022/dsa-5098.wml b/danish/security/2022/dsa-5098.wml deleted file mode 100644 index 796401d0b8d..00000000000 --- a/danish/security/2022/dsa-5098.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="dc502758a5ceed23cd3b1d842a7aa36f609fe4fa" mindelta="1" -sikkerhedsopdatering - -

Jeremy Mousset opdagde to sårbarheder i forbindelse med XML-fortolkning i -applikationsplatformen Tryton, hvilke kunne medføre informationsafsløring eller -lammelsesangreb.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 5.0.4-2+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.0.33-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine tryton-server-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tryton-server, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tryton-server

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5098.data" diff --git a/danish/security/2022/dsa-5099.wml b/danish/security/2022/dsa-5099.wml deleted file mode 100644 index df3c7b3384f..00000000000 --- a/danish/security/2022/dsa-5099.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="6724117df667d1f1e23ccb97f8f6e57a5ae345c6" mindelta="1" -sikkerhedsopdatering - -

Jeremy Mousset opdagde to sårbarheder i forbindelse med XML-fortolkning i -applikationsplatformen Tryton, hvilke kunne medføre informationsafsløring eller -lammelsesangreb.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 5.0.1-3+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.0.8-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine tryton-proteus-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tryton-proteus, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tryton-proteus

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5099.data" diff --git a/danish/security/2022/dsa-5100.wml b/danish/security/2022/dsa-5100.wml deleted file mode 100644 index dff1fc6bcb3..00000000000 --- a/danish/security/2022/dsa-5100.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="56b1b784b27a092ab7a68d303cec8f5430a4d143" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i serveren til Network Block Device (NBD), hvilke -kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:3.19-3+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:3.21-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine nbd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nbd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nbd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5100.data" diff --git a/danish/security/2022/dsa-5101.wml b/danish/security/2022/dsa-5101.wml deleted file mode 100644 index 65b4bb30b1b..00000000000 --- a/danish/security/2022/dsa-5101.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="e0c226c0aed6aed5fcbf971617b61c5255b0f1f4" mindelta="1" -sikkerhedsopdatering - -

Emmet Leahy rapporterede at libphp-adodb, et bibliotek med -databaseabstraktionslag til PHP, tillod indsprøjtning af værdier i en -PostgreSQL-forbindelsesstreng. Afhængigt af hvordan biblioteket anvendes, kunne -fejlen medføre omgåelse af autentifikation, afsløring af serverens IP-adresse -eller have andre ikke-angivene følger.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 5.20.14-1+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 5.20.19-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine libphp-adodb-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libphp-adodb, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libphp-adodb

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5101.data" diff --git a/danish/security/2022/dsa-5102.wml b/danish/security/2022/dsa-5102.wml deleted file mode 100644 index eb724dfe863..00000000000 --- a/danish/security/2022/dsa-5102.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="250f25125b50f82e2e1d202b9e3382cb8dc32a9c" mindelta="1" -sikkerhedsopdatering - -

En fejl blev opdaget i den måde HAProxy, en hurtig og pålidelig -loadbalancing reverseproxy, behandlede HTTP-svar indeholdende headeren -Set-Cookie2, hvilket kunne medføre en ubegrænset løkke, forårsagende et -lammelsesangreb.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.2.9-2+deb11u3.

- -

Vi anbefaler at du opgraderer dine haproxy-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende haproxy, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/haproxy

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5102.data" diff --git a/danish/security/2022/dsa-5103.wml b/danish/security/2022/dsa-5103.wml deleted file mode 100644 index 52ce347096b..00000000000 --- a/danish/security/2022/dsa-5103.wml +++ /dev/null @@ -1,30 +0,0 @@ -#use wml::debian::translation-check translation="ccbe28e935d5f926bfb38368d839bae77b408510" mindelta="1" -sikkerhedsopdatering - -

Tavis Ormandy opdagede at funktionen BN_mod_sqrt() i OpenSSL, kunne narres -ind i en uendelig løkke. Det kunne medføre lammelsesangreb gennem misdannede -certifikater.

- -

Yderligere oplysninger finder man i opstrøms bulletin: -\ -https://www.openssl.org/news/secadv/20220315.txt

- -

Desuden retter denne opdatering en carry propagation-fejl specifik for -MIPS-arkitekturen i .

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1.1.1d-0+deb10u8.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.1.1k-1+deb11u2.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5103.data" diff --git a/danish/security/2022/dsa-5104.wml b/danish/security/2022/dsa-5104.wml deleted file mode 100644 index 0ceffab1ed3..00000000000 --- a/danish/security/2022/dsa-5104.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a444b3c2a6f1ed0c03fd89bb3977aa80df7b66e5" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 99.0.4844.74-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5104.data" diff --git a/danish/security/2022/dsa-5105.wml b/danish/security/2022/dsa-5105.wml deleted file mode 100644 index 6e5ff559cb8..00000000000 --- a/danish/security/2022/dsa-5105.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="a092708ff5eecfd352ab04fbec54c1b3c5b7fa1a" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev fundet i DNS-serveren BIND, hvilke kunne medføre -lammelsesangreb eller cacheforgiftning.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1:9.11.5.P4+dfsg-5.1+deb10u7.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1:9.16.27-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bind9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/bind9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5105.data" diff --git a/danish/security/2022/dsa-5106.wml b/danish/security/2022/dsa-5106.wml deleted file mode 100644 index ed9ee08131f..00000000000 --- a/danish/security/2022/dsa-5106.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="217d6738fdadd4efa5646573237272373e217536" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre udførelse af vilkårlig kode eller informationsafsløring.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:91.7.0-2~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:91.7.0-2~deb11u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5106.data" diff --git a/danish/security/2022/dsa-5107.wml b/danish/security/2022/dsa-5107.wml deleted file mode 100644 index ed52104ba7b..00000000000 --- a/danish/security/2022/dsa-5107.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="2512799f874ef3634b2bc86aaffbc41707f0caba" mindelta="1" -sikkerhedsopdatering - -

Marlon Starkloff opdagede at twig, en skabelonmotor til PHP, ikke på korrekt -vis håndhævede brug af sandkassen. Dermed kunne en ondsindet bruger udføre -vilkårlig kode.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.14.3-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine php-twig-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php-twig, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php-twig

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5107.data" diff --git a/danish/security/2022/dsa-5108.wml b/danish/security/2022/dsa-5108.wml deleted file mode 100644 index 176f0a316ad..00000000000 --- a/danish/security/2022/dsa-5108.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="a60700cce65fac87d6e63bdce4f8f7c963d6c8ed" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i libtiff-biblioteket og de medfølgende -værktøjer, hvilke kunne medføre lammelsesangreb, hvis misdannede billedfiler -blev behandlet.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 4.1.0+git191117-2~deb10u4.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 4.2.0-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine tiff-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tiff, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tiff

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5108.data" diff --git a/danish/security/2022/dsa-5109.wml b/danish/security/2022/dsa-5109.wml deleted file mode 100644 index 3fc616e7a25..00000000000 --- a/danish/security/2022/dsa-5109.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="467f6d0fb48880d34895c088d48ead8684c41d6b" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Freeware Advanced Audio Decoder, hvilke -kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis -misdannede mediefiler blev behandlet.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.10.0-1~deb10u1.

- -

Vi anbefaler at du opgraderer dine faad2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende faad2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/faad2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5109.data" diff --git a/danish/security/2022/dsa-5110.wml b/danish/security/2022/dsa-5110.wml deleted file mode 100644 index b2ef3cf8216..00000000000 --- a/danish/security/2022/dsa-5110.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="93e5c2495b88e459bb4ca945ada379cd186baf49" mindelta="1" -sikkerhedsopdatering - -

Et sikkerhedsproblem blev opdaget i Chromium, hvilket kunne medføre udførelse -af vilkårlig kode, hvis et ondsindet websted blev besøgt.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 99.0.4844.84-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5110.data" diff --git a/danish/security/2022/dsa-5111.wml b/danish/security/2022/dsa-5111.wml deleted file mode 100644 index 4d677a76444..00000000000 --- a/danish/security/2022/dsa-5111.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="3c97c5602871647ca8f058a5c05499bfa5f9f04b" mindelta="1" -sikkerhedsopdatering - -

Danilo Ramos opdagede at ukorrekt hukommelseshåndtering i zlibs -deflate-funktionalitet, kunne medføre lammelsesangreb eller potentielt udførelse -af vilkårlig kode, hvis særligt fabrikerede inddata blev behandlet.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1:1.2.11.dfsg-1+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1:1.2.11.dfsg-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine zlib-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende zlib, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/zlib

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5111.data" diff --git a/danish/security/2022/dsa-5112.wml b/danish/security/2022/dsa-5112.wml deleted file mode 100644 index fdbe59b1d5e..00000000000 --- a/danish/security/2022/dsa-5112.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a09168a8e3b94ef87be032eb0d9e3eeda2db60ba" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 100.0.4896.60-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5112.data" diff --git a/danish/security/2022/dsa-5113.wml b/danish/security/2022/dsa-5113.wml deleted file mode 100644 index a77edd7b068..00000000000 --- a/danish/security/2022/dsa-5113.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="6b7163da33de5e2327b29289dc2310a30111836f" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode, -informationsafsløring eller spoofing.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 91.8.0esr-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 91.8.0esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5113.data" diff --git a/danish/security/2022/dsa-5114.wml b/danish/security/2022/dsa-5114.wml deleted file mode 100644 index af9cfb532a5..00000000000 --- a/danish/security/2022/dsa-5114.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="17b81406de90cd82a8d8adf39806d4464b14bad2" mindelta="1" -sikkerhedsopdatering - -

Sergei Glazunov opdagede et sikkerhedsproblem i Chromium, hvilket kunne -medføre udførelse af vilkårlig kode, hvis et ondsindet websted blev besøgt.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 100.0.4896.75-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5114.data" diff --git a/danish/security/2022/dsa-5115.wml b/danish/security/2022/dsa-5115.wml deleted file mode 100644 index 00778810ca0..00000000000 --- a/danish/security/2022/dsa-5115.wml +++ /dev/null @@ -1,40 +0,0 @@ -#use wml::debian::translation-check translation="80ec62fa09ecbf6fd3e7cfceecc5afbd22ab3d5e" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren WebKitGTK:

- -
    - -
  • CVE-2022-22624 - -

    Kirin opdagede at behandling af ondsindet fremstillet webindhold, kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-22628 - -

    Kirin opdagede at behandling af ondsindet fremstillet webindhold, kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-22629 - -

    Jeonghoon Shin opdagede at behandling af ondsindet fremstillet - webindhold, kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.36.0-3~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.36.0-3~deb11u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5115.data" diff --git a/danish/security/2022/dsa-5116.wml b/danish/security/2022/dsa-5116.wml deleted file mode 100644 index 62fcaf5dda9..00000000000 --- a/danish/security/2022/dsa-5116.wml +++ /dev/null @@ -1,37 +0,0 @@ -#use wml::debian::translation-check translation="616b6e86c5a91534ae78f1af00ef28964eafb8f2" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren WPE WebKit:

- -
    - -
  • CVE-2022-22624 - -

    Kirin opdagede at behandling af ondsindet fremstillet webindhold, kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-22628 - -

    Kirin opdagede at behandling af ondsindet fremstillet webindhold, kunne - føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-22629 - -

    Jeonghoon Shin opdagede at behandling af ondsindet fremstillet - webindhold, kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.36.0-2~deb11u1.

- -

Vi anbefaler at du opgraderer dine wpewebkit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpewebkit, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpewebkit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5116.data" diff --git a/danish/security/2022/dsa-5117.wml b/danish/security/2022/dsa-5117.wml deleted file mode 100644 index 09002539b63..00000000000 --- a/danish/security/2022/dsa-5117.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="ad0e183ed82b6c7f163a0fac0f29479f560a1806" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisor'en Xen, hvilke kunne medføre -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 4.14.4+74-gd7b22226b5-1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5117.data" diff --git a/danish/security/2022/dsa-5118.wml b/danish/security/2022/dsa-5118.wml deleted file mode 100644 index 2723ba1e157..00000000000 --- a/danish/security/2022/dsa-5118.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="640876f4af02872c61b24c836123e106231c9ca6" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er opdaget i Thunderbird, hvilke kunne medføre -lammelsesangreb eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:91.8.0-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:91.8.0-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5118.data" diff --git a/danish/security/2022/dsa-5119.wml b/danish/security/2022/dsa-5119.wml deleted file mode 100644 index 03fcf796bbf..00000000000 --- a/danish/security/2022/dsa-5119.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="db3c16a066355af630de96e011541fd523a7b343" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Subversion, et versionsstyringssystem.

- -
    - -
  • CVE-2021-28544 - -

    Evgeny Kotkov rapporterede at Subversion-servere afslører - copyfrom-stier, der burde være skjulte ifølge de opsatte stibaserede - autorisationsregler (authz).

    • - -
  • CVE-2022-24070 - -

    Thomas Weissschuh rapporterede at Subversions mod_dav_svn var sårbar over - for en anvendelse efter frigivelse, når der blev slået stibaserede - autorisationsregler op, hvilket kunne medføre lammelsesangreb (nedbrud af - HTTPD-worker'en som håndterer forespørgslen).

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1.10.4-1+deb10u3.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1.14.1-3+deb11u1.

- -

Vi anbefaler at du opgraderer dine subversion-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende subversion, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/subversion

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5119.data" diff --git a/danish/security/2022/dsa-5120.wml b/danish/security/2022/dsa-5120.wml deleted file mode 100644 index 08cede035b9..00000000000 --- a/danish/security/2022/dsa-5120.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="4e2b331d631c5a52349f3405107773c51aaa206c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 100.0.4896.88-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5120.data" diff --git a/danish/security/2022/dsa-5121.wml b/danish/security/2022/dsa-5121.wml deleted file mode 100644 index 0f5d4d568ee..00000000000 --- a/danish/security/2022/dsa-5121.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="14c4bb173f6180fd77ea2edb5dd7b71175e48586" mindelta="1" -sikkerhedsopdatering - -

Et sikkerhedsproblem blev opdaget i Chromium, hvilket kunne medføre udførelse -af vilkårlig kode.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 100.0.4896.127-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5121.data" diff --git a/danish/security/2022/dsa-5122.wml b/danish/security/2022/dsa-5122.wml deleted file mode 100644 index 1ab376f1071..00000000000 --- a/danish/security/2022/dsa-5122.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="6e45de6f15c50ec979e1c12d40f3f257b02ab336" mindelta="1" -sikkerhedsopdatering - -

cleemy desu wayo rapporterede at ukorrekt håndtering af filnavne af zgrep i -gzip, GNU-komprimeringsværktøjerne, kunne medføre overskrivning af vilkårlige -filer eller udførelse af vilkårlig kode, hvis en fil med et særligt fremstillet -filnavn blev behandlet.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1.9-3+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.10-4+deb11u1.

- -

Vi anbefaler at du opgraderer dine gzip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gzip, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/gzip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5122.data" diff --git a/danish/security/2022/dsa-5123.wml b/danish/security/2022/dsa-5123.wml deleted file mode 100644 index 2a5f170682a..00000000000 --- a/danish/security/2022/dsa-5123.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="a6a9643824415563c729eef4897a11e7af6b1eed" mindelta="1" -sikkerhedsopdatering - -

cleemy desu wayo rapporterede at ukorrekt håndtering af filnavne af xzgrep i -xz-utils, komprimeringsværktøjer til XZ-formatet, kunne medføre overskrivning af -vilkårlige filer eller udførelse af vilkårlig kode, hvis en fil med et særligt -fremstillet filnavn blev behandlet.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 5.2.4-1+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 5.2.5-2.1~deb11u1.

- -

Vi anbefaler at du opgraderer dine xz-utils-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xz-utils, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xz-utils

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5123.data" diff --git a/danish/security/2022/dsa-5124.wml b/danish/security/2022/dsa-5124.wml deleted file mode 100644 index 684202f1ccf..00000000000 --- a/danish/security/2022/dsa-5124.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="0db7efc47262561822153d3a21375ec1a98b67bf" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i multimedieframeworket FFmpeg, hvilke kunne -medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis -misdannede filer/streams blev behandlet.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 7:4.3.4-0+deb11u1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ffmpeg, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ffmpeg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5124.data" diff --git a/danish/security/2022/dsa-5125.wml b/danish/security/2022/dsa-5125.wml deleted file mode 100644 index 4748dee567a..00000000000 --- a/danish/security/2022/dsa-5125.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="dca8b12e8fcaea419253dfbbc59cd254a30e36e7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 101.0.4951.41-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5125.data" diff --git a/danish/security/2022/dsa-5126.wml b/danish/security/2022/dsa-5126.wml deleted file mode 100644 index 728a1d35166..00000000000 --- a/danish/security/2022/dsa-5126.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="2fc2c4b813888b4f4ba0a1d71132e5a1c86f41c9" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i multimedieframeworket FFmpeg, hvilke kunne -medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode, hvis -misdannede filer/streams blev behandlet.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 7:4.1.9-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine ffmpeg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ffmpeg, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ffmpeg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5126.data" diff --git a/danish/security/2022/dsa-5127.wml b/danish/security/2022/dsa-5127.wml deleted file mode 100644 index dbd4262894f..00000000000 --- a/danish/security/2022/dsa-5127.wml +++ /dev/null @@ -1,142 +0,0 @@ -#use wml::debian::translation-check translation="d65a53d18834a941829aaf85abcf1935333ebf52" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2021-4197 - -

    Eric Biederman rapporterede at ukorrekte rettighedskontroller i - implementeringen af cgroup-procesmigreringen, kunne gøre det muligt for en - lokal angriber at forsøge rettigheder.

    • - -
  • CVE-2022-0168 - -

    En NULL-pointerdereferencefejl blev fundet i implementeringen af - CIFS-klienten, kunne gøre det muligt for en lokal angriber med - CAP_SYS_ADMIN-rettigheder for at få systemet til at gå ned. - Sikkerhedspåvirkningen er ubetydelig, da CAP_SYS_ADMIN i sagens natur giver - mulighed for at afvise service.

    • - -
  • CVE-2022-1016 - -

    David Bouman opdagede en fejl i undersystemet netfilter, hvor funktionen - nft_do_chain ikke initialiserede registerdata, som nf_tables-udtryk kunne - læse fra og skrive til. En lokal angriber kunne drage nytte af dette til at - læse følsomme oplysninger.

    • - -
  • CVE-2022-1048 - -

    Hu Jiahui opdagede en kapløbstilstand i undersystemet sound, som kunne - medføre en anvendelse efter frigivelse. En lokal bruger, med rettigheder - til at tilgå en PCM-lydenhed, kunne drage nytte af fejlen til at få systemet - til at gå ned eller potentielt til rettighedsforøgelse.

    • - -
  • CVE-2022-1158 - -

    Qiuhao Li, Gaoning Pan og Yongkang Jia opdagede en fejl i - KVM-implementeringen til x86-processorer. En lokal bruger med adgang til - /dev/kvm, kunne få MMU-emulatoren til at opdatere sidetabelforekomstflag på - den forkerte adresse. Det kunne udnyttes til at forårsage et - lammelsesangreb (hukommelseskorruption eller nedbrud) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2022-1195 - -

    Lin Ma opdagede kapløbstilstande i amatørradiodriverne 6pack og mkiss, - hvilke kunne føre til en anvendelse efter frigivelse. En lokal bruger kunne - udnytte disse til at forårsage et lammelsesangreb (hukommelseskorruption - eller nedbrud) eller muligvis til rettighedsforøgelse.

    • - -
  • CVE-2022-1198 - -

    Duoming Zhou opdagede en kapløbstilstand i amatørradiodriveren 6pack, - hvilke kunne føre til anvendelse efter frigivelse. En lokal bruger kunne - udnytte dette til at forårsage et lammelsesangreb (hukommelseskorruption - eller nedbrud) eller muligvis til rettighedsforøgelse.

    • - -
  • CVE-2022-1199, - CVE-2022-1204, - CVE-2022-1205 - -

    Duoming Zhou opdagede kapløbsstande i amatørradioprotokollen AX.25, - hvilke kunne føre til anvendelse efter frigivelse eller - NULL-pointerdereference. En lokal bruger kunne udnytte dette til at - forårsage et lammelsesangreb (hukommelseskorruption eller nedbrud) eller - muligvis til rettighedsforøgelse.

    • - -
  • CVE-2022-1353 - -

    Værktøjet TCS Robot, fandt en informationslækage i undersystemet PF_KEY. - En lokal bruger kunne modtage en netlink-meddelelse, når en IPsec-dæmon - registrerer sig hos kernen, og dette kunne indeholde følsomme - oplysninger.

    • - -
  • CVE-2022-1516 - -

    En NULL-pointerdereferencefejl i implementeringen af X.25-sættet af - standardiserede netværksprotokoller, hvilken kunne medføre - lammelsesangreb.

    - -

    Denne driver er ikke aktiveret i Debians officielle - kerneopsætninger.

    • - -
  • CVE-2022-26490 - -

    Bufferoverløb i STMicroelectronics coredriver ST21NFCA, kunne medføre - lammelsesangreb eller rettighedsforøgelse.

    - -

    Denne driver er ikke aktiveret i Debians officielle - kerneopsætninger.

    • - -
  • CVE-2022-27666 - -

    valis rapporterede om et muligt bufferoverløb i IPsecs - ESP-transformationskode. En lokal bruger kunne drage nytte af fejlen til at - forårsage et lammelsesangreb eller til rettighedsforøgelse.

    • - -
  • CVE-2022-28356 - -

    Beraphin opdagede at ANSI/IEEE 802.2 LLC type 2-driveren ikke på korrekt - vis udføre referenceoptælling i nogle fejlstier. En lokal angriber kunne - drage nytte af fejlen til at forårsage et lammelsesangreb.

    • - -
  • CVE-2022-28388 - -

    En dobbelt frigivelse-sårbarhed blev opdaget i 8 devices' - USB2CAN-græsefladedriver.

    • - -
  • CVE-2022-28389 - -

    En dobbelt frigivelse-sårbarhed blev opdaget i Microchip CAN BUS - Analyzers grænsefladedriver.

    • - -
  • CVE-2022-28390 - -

    En dobbelt frigivelse-sårbarhed blev opdaget i EMS CPC-USB/ARM7 CAN/USB's - græsefladedriver.

    • - -
  • CVE-2022-29582 - -

    Jayden Rivers og David Bouman opdagede en sårbarhed i forbindelse med - anvendelse efter frigivelse i undersystemet io_uring, på grund af en - kapløbstilstand i io_uring-timeouts. En lokal upriviligeret bruger kunne - drage nytte af fejlen til rettighedsforøgelse.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.10.113-1.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5127.data" diff --git a/danish/security/2022/dsa-5128.wml b/danish/security/2022/dsa-5128.wml deleted file mode 100644 index 3a8d7e7c758..00000000000 --- a/danish/security/2022/dsa-5128.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="8c3e5b1a4c77e08d181bc804bed6015bf21d953e" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, hvilke kunne medføre -informationsafsløring, ukorrekt validering af ECDSA-signaturer eller -lammelsesangreb.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 17.0.3+7-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine openjdk-17-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-17, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-17

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5128.data" diff --git a/danish/security/2022/dsa-5129.wml b/danish/security/2022/dsa-5129.wml deleted file mode 100644 index b8ed94c59a8..00000000000 --- a/danish/security/2022/dsa-5129.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="07aedfac078ea42a0d89807047a4beaf884a6b08" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne føre til udførelse af vilkårlig kode, -informationsafsløring eller spoofing.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 91.9.0esr-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 91.9.0esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5129.data" diff --git a/danish/security/2022/dsa-5130.wml b/danish/security/2022/dsa-5130.wml deleted file mode 100644 index b79d7d7105a..00000000000 --- a/danish/security/2022/dsa-5130.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="38d1cbf1eac6bb8574857c5b8145e10150f1ba9f" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i vhost-koden i DPDK, et sæt biblioteker til -hurtig behandling af pakker, hvilke kunne medføre lammelsesangreb eller -udførelse af vilkårlig kode.

- -

Den gamle stabile distribution (buster) is not affected.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 20.11.5-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine dpdk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dpdk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/dpdk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5130.data" diff --git a/danish/security/2022/dsa-5131.wml b/danish/security/2022/dsa-5131.wml deleted file mode 100644 index b8d5d3d4a9e..00000000000 --- a/danish/security/2022/dsa-5131.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="e3529c9058e0bf0057f35bee95d86dcec0cba8b2" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, hvilke kunne medføre -informationsafsløring eller lammelsesangreb.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 11.0.15+10-1~deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 11.0.15+10-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine openjdk-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5131.data" diff --git a/danish/security/2022/dsa-5132.wml b/danish/security/2022/dsa-5132.wml deleted file mode 100644 index 6a3934c46ad..00000000000 --- a/danish/security/2022/dsa-5132.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="99c90413611d1af5e2da5cc471f1194e20b475de" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at ecdsautils, en samling af CLI-værktøjer til ECDSA-elliptisk -kurve-kryptografi, verificerede nogle kryptografiske signaturer på forkert vis: -En signatur kun bestående af nuller blev altid betragtet som gyldig, hvilket -gjorde det simpelt at forfalske signaturer.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 0.3.2+git20151018-2+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 0.3.2+git20151018-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine ecdsautils-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ecdsautils, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ecdsautils

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5132.data" diff --git a/danish/security/2022/dsa-5133.wml b/danish/security/2022/dsa-5133.wml deleted file mode 100644 index 698bd878530..00000000000 --- a/danish/security/2022/dsa-5133.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="1a873a3b39aadf7c7082b8594e8b6582b674cf41" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i QEMU, en hurtig -processoremulator, hvilke kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1:5.2+dfsg-11+deb11u2.

- -

Vi anbefaler at du opgraderer dine qemu-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende qemu, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/qemu

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5133.data" diff --git a/danish/security/2022/dsa-5134.wml b/danish/security/2022/dsa-5134.wml deleted file mode 100644 index 55cd8f25312..00000000000 --- a/danish/security/2022/dsa-5134.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="2bfbfdbfea77fbd432eab0574703498f1eff298b" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 101.0.4951.64-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5134.data" diff --git a/danish/security/2022/dsa-5135.wml b/danish/security/2022/dsa-5135.wml deleted file mode 100644 index 8de35797ec6..00000000000 --- a/danish/security/2022/dsa-5135.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="037fa4561676ff3c28fc12b148776f9bfc81ffed" mindelta="1" -sikkerhedsopdatering - -

Alexander Lakhin opdagede at funktionaliteten autovacuum og adskillige -kommandoer, kunne slippe ud af sandkassen til sikkerhedsbegrænsede -handlinger.

- -

For yderligere oplysninger, så opstrøms annoncering på -\ -https://www.postgresql.org/support/security/CVE-2022-1552//

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 11.16-0+deb10u1.

- -

Vi anbefaler at du opgraderer dine postgresql-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende postgresql-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/postgresql-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5135.data" diff --git a/danish/security/2022/dsa-5136.wml b/danish/security/2022/dsa-5136.wml deleted file mode 100644 index 575e5852a59..00000000000 --- a/danish/security/2022/dsa-5136.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="8bc66b06ca8c297465a3c5d01cba9d40531811fe" mindelta="1" -sikkerhedsopdatering - -

Alexander Lakhin opdagede at funktionaliteten autovacuum og adskillige -kommandoer, kunne slippe ud af sandkassen til sikkerhedsbegrænsede -handlinger.

- -

For yderligere oplysninger, så opstrøms annoncering på -\ -https://www.postgresql.org/support/security/CVE-2022-1552//

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 13.7-0+deb11u1.

- -

Vi anbefaler at du opgraderer dine postgresql-13-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende postgresql-13, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/postgresql-13

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5136.data" diff --git a/danish/security/2022/dsa-5137.wml b/danish/security/2022/dsa-5137.wml deleted file mode 100644 index 334cb96c2af..00000000000 --- a/danish/security/2022/dsa-5137.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="967b29d247d11429537f8210905d9beceab0908f" mindelta="1" -sikkerhedsopdatering - -

Jakub Wilk opdagede en lokal rettighedsforøgelse i needrestart, et værktøj -til kontrol af hvilke dæmoner, der skal genstartes efter opgraderinger af -biblioteker. Regulære udtræk til genkendelse af fortolkerne af Perl, Python og -Ruby, var ikke anchored, hvilket gjorde det muligt for en lokal bruger at forøge -rettigheder når needrestart forsøgte at afgøre om fortolkerne benyttede gamle -kildefiler.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 3.4-5+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 3.5-4+deb11u1.

- -

Vi anbefaler at du opgraderer dine needrestart-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende needrestart, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/needrestart

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5137.data" diff --git a/danish/security/2022/dsa-5138.wml b/danish/security/2022/dsa-5138.wml deleted file mode 100644 index 50547c81f15..00000000000 --- a/danish/security/2022/dsa-5138.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="cc0b6bbfabeb0c81a22ced1a2b16f59bcaad9386" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Waitress WSGI-serveren var sårbar over for smugling af -HTTP-forespørgsler under nogle omstændigheder, når den anvendes bagved en -proxy.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1.2.0~b2-2+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.4.4-1.1+deb11u1.

- -

Vi anbefaler at du opgraderer dine waitress-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende waitress, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/waitress

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5138.data" diff --git a/danish/security/2022/dsa-5139.wml b/danish/security/2022/dsa-5139.wml deleted file mode 100644 index b15bfb4c91f..00000000000 --- a/danish/security/2022/dsa-5139.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="219ea1b7a29439fcf7543aa731400ff3eaae4061" mindelta="1" -sikkerhedsopdatering - -

Elison Niven opdagede at skriptet c_rehash, som leveres med OpenSSL, ikke -rensede shell-metategn, hvilket kunne medføre udførelse af vilkårlige -kommandoer.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1.1.1n-0+deb10u2.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.1.1n-0+deb11u2.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5139.data" diff --git a/danish/security/2022/dsa-5140.wml b/danish/security/2022/dsa-5140.wml deleted file mode 100644 index b48488207b3..00000000000 --- a/danish/security/2022/dsa-5140.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="53bda8ac7ba56c75f1a7feb5ce557f89b84f571e" mindelta="1" -sikkerhedsopdatering - -

Jacek Konieczny opdagede en SQL-indsprøjtningssårbarhed i backend'en back-sql -til slapd i OpenLDAP, en fri implementering af Lightweight Directory Access -Protocol, hvilket gjorde det muligt for en angriber, at ændre databasen under en -LDAP-søgehandling, når et særligt fremstillet søgefilter blev behandlet.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.4.47+dfsg-3+deb10u7.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.4.57+dfsg-3+deb11u1.

- -

Vi anbefaler at du opgraderer dine openldap-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openldap, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openldap

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5140.data" diff --git a/danish/security/2022/dsa-5141.wml b/danish/security/2022/dsa-5141.wml deleted file mode 100644 index 72de3a78da4..00000000000 --- a/danish/security/2022/dsa-5141.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="87764cf7c020ec5d8f75e771605e620525d515fe" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre lammelsesangreb eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:91.9.0-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:91.9.0-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5141.data" diff --git a/danish/security/2022/dsa-5142.wml b/danish/security/2022/dsa-5142.wml deleted file mode 100644 index ffd0bab93dd..00000000000 --- a/danish/security/2022/dsa-5142.wml +++ /dev/null @@ -1,26 +0,0 @@ -#use wml::debian::translation-check translation="af4a84dddb8f6dc6837adebdd2cdcefb432b644e" mindelta="1" -sikkerhedsopdatering - -

Felix Wilhelm rapporterede at flere bufferhåndteringsfunktioner i libxml2, et -bibliotek som indeholder understøttelse af læsning, ændring og skrivning af XML- -og HTML-filer, ikke kiggede efter heltalsoverløb, medførende hukommelseskrivning -udenfor grænserne hvis særligt fremstillede mange gigabyte store XML-filer blev -behandlet. En angriber kunne drage nytte af fejlen til lammelsesangreb eller -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.9.4+dfsg1-7+deb10u4.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.9.10+dfsg-6.7+deb11u2.

- -

Vi anbefaler at du opgraderer dine libxml2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libxml2, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/libxml2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5142.data" diff --git a/danish/security/2022/dsa-5143.wml b/danish/security/2022/dsa-5143.wml deleted file mode 100644 index 74840c08d0f..00000000000 --- a/danish/security/2022/dsa-5143.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="a9e90aab60f81cde0fdeeff1c33da182da5c0572" mindelta="1" -sikkerhedsopdatering - -

Manfred Paul opdagede to sikkerhedsproblemer i webbrowseren Mozilla Firefox, -hvilke kunne medføre udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 91.9.1esr-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 91.9.1esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5143.data" diff --git a/danish/security/2022/dsa-5144.wml b/danish/security/2022/dsa-5144.wml deleted file mode 100644 index d8eb00cc98c..00000000000 --- a/danish/security/2022/dsa-5144.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="1c2803607d4643a698f435f8675d262fb7e0aea0" mindelta="1" -sikkerhedsopdatering - -

Flere fejl er opdaget i HTCondor, et system til administration af -distribueret workload, hvilke gjorde det muligt for brugere kun med læseadgang -til en vilkårlig dæmon, at anvende en anden autentifikationsmetode end den -administratoren har angivet. Hvis administratoren har opsat læse- og -skrivemetoderne til at indeholde CLAIMTOBE, var det da muligt at udgive sig for -at være en anden bruger, og indsende eller fjerne jobs.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 8.6.8~dfsg.1-2+deb10u1.

- -

Vi anbefaler at du opgraderer dine condor-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende condor, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/condor

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5144.data" diff --git a/danish/security/2022/dsa-5145.wml b/danish/security/2022/dsa-5145.wml deleted file mode 100644 index b252f9bc739..00000000000 --- a/danish/security/2022/dsa-5145.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="eff7900824fe89c99c2c82825cc8c0ab462b94f3" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i komprimeringsprogrammet lrzip, hvilke -kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 0.631+git180528-1+deb10u1. Denne opdatering løser også -CVE-2021-27345, -CVE-2020-25467 og -CVE-2021-27347.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 0.641-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine lrzip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lrzip, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lrzip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5145.data" diff --git a/danish/security/2022/dsa-5146.wml b/danish/security/2022/dsa-5146.wml deleted file mode 100644 index ea767d9f87f..00000000000 --- a/danish/security/2022/dsa-5146.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="4a0b285afcf302bf8c134bfeed85c3503502d602" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder blev opdaget i Puma, en HTTP-server til -Ruby-/Rack-applikationer, hvilke kunne medføre smugling af HTTP-forespørgsler -eller informationafsløring.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 4.3.8-1+deb11u2.

- -

Vi anbefaler at du opgraderer dine puma-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende puma, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/puma

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5146.data" diff --git a/danish/security/2022/dsa-5147.wml b/danish/security/2022/dsa-5147.wml deleted file mode 100644 index 145097de73a..00000000000 --- a/danish/security/2022/dsa-5147.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="71e6fbbbb1650c7f4911f670b9047a3875708682" mindelta="1" -sikkerhedsopdatering - -

Max Justicz rapporterede om en mappegennemløbssårbarhed i -Dpkg::Source::Archive i dpkg, Debians pakkehåndteringssystem. Det påvirker -udpakning af kildekodepakker, der ikke er tillid til, i kildekodepakkeformaterne -v2 og v3, som indeholder en debian.tar.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1.19.8.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.20.10.

- -

Vi anbefaler at du opgraderer dine dpkg-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dpkg, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/dpkg

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5147.data" diff --git a/danish/security/2022/dsa-5148.wml b/danish/security/2022/dsa-5148.wml deleted file mode 100644 index 04fa47f9a91..00000000000 --- a/danish/security/2022/dsa-5148.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="815c2ef9548fbe97e3119bb95b707e6d0d011b93" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 102.0.5005.61-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5148.data" diff --git a/danish/security/2022/dsa-5149.wml b/danish/security/2022/dsa-5149.wml deleted file mode 100644 index 579c497b775..00000000000 --- a/danish/security/2022/dsa-5149.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="8040e214864f9ddba4abc15473beff0ca3e2f881" mindelta="1" -sikkerhedsopdatering - -

Joshua Mason opdagede at en logisk fejl i valideringen af den hemmelige -nøgle, der anvendes i autorisationstilstanden local i udskriftssystemet -CUPS, kunne medføre rettighedsforøgelse.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.2.10-6+deb10u6.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.3.3op2-3+deb11u2.

- -

Vi anbefaler at du opgraderer dine cups-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende cups, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/cups

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5149.data" diff --git a/danish/security/2022/dsa-5150.wml b/danish/security/2022/dsa-5150.wml deleted file mode 100644 index 7b6d69b590c..00000000000 --- a/danish/security/2022/dsa-5150.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="0a146ff0bd4568a8ff5f91d8869ae78024dfecbb" mindelta="1" -sikkerhedsopdatering - -

Peter Agten opdagede at flere moduler til TCP-syslogmodtagelse i rsyslog, en -system- og kernelogningsdæmon, indeholdt bufferoverløbsfejl når octet-optalt -framing blev benyttet, hvilke kunne medføre lammelsesangreb eller potentielt -udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 8.1901.0-1+deb10u2.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 8.2102.0-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine rsyslog-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende rsyslog, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/rsyslog

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5150.data" diff --git a/danish/security/2022/dsa-5151.wml b/danish/security/2022/dsa-5151.wml deleted file mode 100644 index fa6b11ac6cf..00000000000 --- a/danish/security/2022/dsa-5151.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="5bc655b04ad10666ec6447e58622dd561e17e87e" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedssårbarheder er opdaget i smarty3, PHP-skabelonmotoren der kan -kompileres. Skabelonforfattere, som er i stand til at køre adgangsbegrænsede -statiske PHP-metoder elelr endda vilkårlig PHP-kode, ved at fabrikere en -ondsindet math-streng eller ved at vælge et ugyldigt {block}- eller -{include}-filnavn. Hvis en math-streng blev overført som brugerleverede data -til math-funktionen, kunne fjernbrugere også være i stand til at køre vilkårlig -PHP-kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 3.1.39-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine smarty3-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende smarty3, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/smarty3

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5151.data" diff --git a/danish/security/2022/dsa-5152.wml b/danish/security/2022/dsa-5152.wml deleted file mode 100644 index 76f003dedb7..00000000000 --- a/danish/security/2022/dsa-5152.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="48115d25a8604a330188a31581732ac1398d3cde" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at SPIP, en webstedsmotor til udgivelse, tillod at en ondsindet -bruger kunne udføre skripter på tværs af servere.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 3.2.4-1+deb10u8.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 3.2.11-3+deb11u4.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spip, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/spip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5152.data" diff --git a/danish/security/2022/dsa-5153.wml b/danish/security/2022/dsa-5153.wml deleted file mode 100644 index 98e56526698..00000000000 --- a/danish/security/2022/dsa-5153.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="6402730635004dad9699f87bd5b6ca8359fe8536" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Apache Traffic Server, en reverse og forward -proxyserver, hvilke kunne medføre smugling af HTTP-forespørgsler eller -manden i midten-angreb (MITM).

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 8.0.2+ds-1+deb10u6.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 8.1.1+ds-1.1+deb11u1.

- -

Vi anbefaler at du opgraderer dine trafficserver-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende trafficserver, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/trafficserver

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5153.data" diff --git a/danish/security/2022/dsa-5154.wml b/danish/security/2022/dsa-5154.wml deleted file mode 100644 index c0341b8823b..00000000000 --- a/danish/security/2022/dsa-5154.wml +++ /dev/null @@ -1,56 +0,0 @@ -#use wml::debian::translation-check translation="97c27f996b83d25078a910a4ed9e19cae7e68487" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren WebKitGTK:

- -
    - -
  • CVE-2022-26700 - -

    ryuzaki opdagede at behandling af ondsindet fremstillet webindhold, kunne - føre til udførelse af kode.

    • - -
  • CVE-2022-26709 - -

    Chijin Zhou opdagede at behandling af ondsindet fremstillet webindholdd, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-26716 - -

    SorryMybad opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-26717 - -

    Jeonghoon Shin opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-26719 - -

    Dongzhuo Zhao opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-30293 - -

    Chijin Zhou opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode eller til et lammelsesangreb - (applikationsnedbrud).

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.36.3-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.36.3-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5154.data" diff --git a/danish/security/2022/dsa-5155.wml b/danish/security/2022/dsa-5155.wml deleted file mode 100644 index 7d0a0a2a3ed..00000000000 --- a/danish/security/2022/dsa-5155.wml +++ /dev/null @@ -1,53 +0,0 @@ -#use wml::debian::translation-check translation="97c27f996b83d25078a910a4ed9e19cae7e68487" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren WPE WebKit:

- -
    - -
  • CVE-2022-26700 - -

    ryuzaki opdagede at behandling af ondsindet fremstillet webindhold, kunne - føre til udførelse af kode.

    • - -
  • CVE-2022-26709 - -

    Chijin Zhou opdagede at behandling af ondsindet fremstillet webindholdd, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-26716 - -

    SorryMybad opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-26717 - -

    Jeonghoon Shin opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-26719 - -

    Dongzhuo Zhao opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-30293 - -

    Chijin Zhou opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode eller til et lammelsesangreb - (applikationsnedbrud).

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.36.3-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine wpewebkit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpewebkit, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpewebkit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5155.data" diff --git a/danish/security/2022/dsa-5156.wml b/danish/security/2022/dsa-5156.wml deleted file mode 100644 index b61c3082a07..00000000000 --- a/danish/security/2022/dsa-5156.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="0d5c0a1d5936151ffa87088a5b9d843ea5861e54" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode, -informationsafsløring eller spoofing.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 91.10.0esr-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 91.10.0esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5156.data" diff --git a/danish/security/2022/dsa-5157.wml b/danish/security/2022/dsa-5157.wml deleted file mode 100644 index e407d971d31..00000000000 --- a/danish/security/2022/dsa-5157.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="e61f99c4627e187c60d6bbaa4dc6bb5e6feb2e50" mindelta="1" -sikkerhedsopdatering - -

Jeffrey Bencteux rapporterede om to sårbarheder i cifs-utils, Common Internet -File System-værktøjerne, hvilke kunne medføre rettighedsforøgelse -(CVE-2022-27239) -eller en informationslækage -(CVE-2022-29869).

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2:6.8-2+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2:6.11-3.1+deb11u1.

- -

Vi anbefaler at du opgraderer dine cifs-utils-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende cifs-utils, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/cifs-utils

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5157.data" diff --git a/danish/security/2022/dsa-5158.wml b/danish/security/2022/dsa-5158.wml deleted file mode 100644 index 96118fa1b93..00000000000 --- a/danish/security/2022/dsa-5158.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="2dd7c9aee023b25c5108aeca1499604ca97c5744" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre lammelsesangreb eller udførelse af vilkårlig kode.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:91.10.0-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:91.10.0-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5158.data" diff --git a/danish/security/2022/dsa-5159.wml b/danish/security/2022/dsa-5159.wml deleted file mode 100644 index 778ac9c5636..00000000000 --- a/danish/security/2022/dsa-5159.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="94fdfa724544155992c2a71606d0e7b15a364af7" mindelta="1" -sikkerhedsopdatering - -

Elton Nokaj opdagede at ukorrekt fejlhåndtering i Bottle, et WSGI-framework -til Python, kunne medføre afsløring af følsomme oplysninger.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 0.12.15-2+deb10u2.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 0.12.19-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine python-bottle-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende python-bottle, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/python-bottle

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5159.data" diff --git a/danish/security/2022/dsa-5160.wml b/danish/security/2022/dsa-5160.wml deleted file mode 100644 index 0c7776f3d4e..00000000000 --- a/danish/security/2022/dsa-5160.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="0355ea000031bfde698c0b62f04f3ce30d47290b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i NTFS-3G, en læsnings- og skrivningsdriver -til NTFS i FUSE. En lokal bruger kunne drage nytte af fejlene til lokal -root-rettighedsforøgelse.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:2017.3.23AR.3-3+deb10u2.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:2017.3.23AR.3-4+deb11u2.

- -

Vi anbefaler at du opgraderer dine ntfs-3g-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ntfs-3g, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/ntfs-3g

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5160.data" diff --git a/danish/security/2022/dsa-5161.wml b/danish/security/2022/dsa-5161.wml deleted file mode 100644 index 71e10dca957..00000000000 --- a/danish/security/2022/dsa-5161.wml +++ /dev/null @@ -1,87 +0,0 @@ -#use wml::debian::translation-check translation="e92eab10cf723e2d5c0c43d72db58a57da07845b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2022-0494 - -

    scsi_ioctl() var sårbar over for en informationslækage, der kun kunne - udnyttes af brugere med kapabiliteterne CAP_SYS_ADMIN eller - CAP_SYS_RAWIO.

    • - -
  • CVE-2022-0854 - -

    Ali Haider opdagede en potentiel informationslækage i undersystemet DMA. - På systemer hvor funktionaliteten swiotlb er nødvendig, kunne det være - muligt for en lokal bruger at læse følsomme oplysninger.

    • - -
  • CVE-2022-1012 - -

    Randomiseringen ved beregning af port-offset i IP-implementeringen blev - forbedret.

    • - -
  • CVE-2022-1729 - -

    Norbert Slusarek opdagede en kapløbstilstand i undersystemet perf, - hvilken kunne medføre lokal rettighedsforøgelse til root. - Standardopsætningen i Debian forhindrer udnyttelse af fejlen, med mindre - eftergivende indstillinger er taget i anvendelse i - kernel.perf_event_paranoid sysctl.

    • - -
  • CVE-2022-1786 - -

    Kyle Zeng opdagede en anvendelse efter frigivelse i undersystemet - io_uring, hvilke kunne medføre lokal rettighedsforøgelse til root.

    • - -
  • CVE-2022-1789 / - CVE-2022-1852 - -

    Yongkang Jia, Gaoning Pan og Qiuhao Li opdagede to - NULL-pointer-dereferencer i KVM's håndtering af CPU-instruktioner, - medførende lammelsesangreb.

    • - -
  • CVE-2022-32250 - -

    Aaron Adams opdagede en anvendelse efter frigivelse i Netfilter, hvilken - kunne medføre lokal rettighedsforøgelse til root.

    • - -
  • CVE-2022-1972 - -

    Ziming Zhang opdagede en skrivning udenfor grænserne i Netfilter, hvilken - kunne medføre lokal rettighedsforøgelse til root.

    • - -
  • CVE-2022-1974 / - CVE-2022-1975 - -

    Duoming Zhou opdagede at NFC netlink-grænsefladen var sårbar over for - lammelsesangreb.

    • - -
  • CVE-2022-21499 - -

    Man opdagede at kernedebuggeren kunne anvendes til at omgå UEFI Secure - Boot-begrænsninger.

    • - -
  • CVE-2022-28893 - -

    Felix Fu opdagede en anvendelse efter frigivelse i implmenteringen af - protokollen Remote Procedure Call (SunRPC), hvilken kunne medføre - lammelsesangreb eller en informationslækage.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.10.120-1.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5161.data" diff --git a/danish/security/2022/dsa-5162.wml b/danish/security/2022/dsa-5162.wml deleted file mode 100644 index 664727ac19c..00000000000 --- a/danish/security/2022/dsa-5162.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="220cf298a896eb5f416cccc904a0ea4fed31b8db" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i containerds container-runtime, hvilke kunne -medføre lammelsesangreb eller ufuldstændig begrænsning af kapabiliteter.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1.4.13~ds1-1~deb11u2.

- -

Vi anbefaler at du opgraderer dine containerd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende containerd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/containerd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5162.data" diff --git a/danish/security/2022/dsa-5163.wml b/danish/security/2022/dsa-5163.wml deleted file mode 100644 index 6d2b8d3a0de..00000000000 --- a/danish/security/2022/dsa-5163.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="6d8564f8bf2f76cd0d6172eb62b25c21c3fa1002" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 102.0.5005.115-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5163.data" diff --git a/danish/security/2022/dsa-5164.wml b/danish/security/2022/dsa-5164.wml deleted file mode 100644 index 71207f121b0..00000000000 --- a/danish/security/2022/dsa-5164.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="8d45b3395866ce4a8c137c4e0d14a1386136116f" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at exo, et supportbibliotek til skrivebordsmiljøet Xfce, gjorde -det muligt at udføre fjerne .desktop-filer. Under visse omstændigheder kunne en -angriber udnytte sårbarheden, til at narre en bruger til at udføre vilkårlig -kode på platformen med denne brugers rettigheder.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 0.12.4-1+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 4.16.0-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine exo-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende exo, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/exo

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5164.data" diff --git a/danish/security/2022/dsa-5165.wml b/danish/security/2022/dsa-5165.wml deleted file mode 100644 index bad8b921c2d..00000000000 --- a/danish/security/2022/dsa-5165.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="1cca66a3a97777a60b9c5d630904864876508d20" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i medieafspilleren VLC, hvilke kunne -medføre udførelse af vilkårlig kode eller lammelsesangreb, hvis en misdannet fil -blev åbnet.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 3.0.17.4-0+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 3.0.17.4-0+deb11u1.

- -

Vi anbefaler at du opgraderer dine vlc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende vlc, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/vlc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5165.data" diff --git a/danish/security/2022/dsa-5166.wml b/danish/security/2022/dsa-5166.wml deleted file mode 100644 index 374e5d7b914..00000000000 --- a/danish/security/2022/dsa-5166.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="fc8a7b9cee1d27b2c4158a68d165c141b3f4d5f4" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer blev opdaget i Simple Linux Utility til Resource -Management (SLURM), et system til håndtering og jobplanlægning af -klyngeressourcer, hvilke kunne medføre rettighedsforøgelse.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 20.11.7+really20.11.4-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine slurm-wlm-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende slurm-wlm, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/slurm-wlm

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5166.data" diff --git a/danish/security/2022/dsa-5167.wml b/danish/security/2022/dsa-5167.wml deleted file mode 100644 index 44bedbf44c5..00000000000 --- a/danish/security/2022/dsa-5167.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="34577fe835eb410a7d36c59a5a88babb466c607d" mindelta="1" -sikkerhedsopdatering - -

Matthias Gerstner opdagede at valgmuligheden --join i Firejail, en sandkasse -til begrænsning af et applikationsmiljø, var sårbar over for en lokal -rettighedsforøgelse til root.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 0.9.58.2-2+deb10u3.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 0.9.64.4-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine firejail-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firejail, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firejail

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5167.data" diff --git a/danish/security/2022/dsa-5168.wml b/danish/security/2022/dsa-5168.wml deleted file mode 100644 index 34b4be4b7bc..00000000000 --- a/danish/security/2022/dsa-5168.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="307a0f8b02380990b6fc1aa7ec83ae91ae0fcd95" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 103.0.5060.53-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5168.data" diff --git a/danish/security/2022/dsa-5169.wml b/danish/security/2022/dsa-5169.wml deleted file mode 100644 index b4480418904..00000000000 --- a/danish/security/2022/dsa-5169.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="8ba846663dfdffc11431cfff619ddfd9ae7ee244" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at skriptet c_rehash, som distribueres med OpenSSL, ikke rensede -shell-metategn, hvilket kunne medføre udførelse af vilkårlige kommandoer.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1.1.1n-0+deb10u3.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.1.1n-0+deb11u3.

- -

Vi anbefaler at du opgraderer dine openssl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openssl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openssl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5169.data" diff --git a/danish/security/2022/dsa-5170.wml b/danish/security/2022/dsa-5170.wml deleted file mode 100644 index fd529fe53a9..00000000000 --- a/danish/security/2022/dsa-5170.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="5e50e409d7e59f66b793d972d2c24a7cc6b906af" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder blev opdaget i Node.js, hvilke kunne medføre smugling -af HTTP-forespørgsler, en omgåelse af certifikatverifikation eller forgiftning -af prototype.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 12.22.12~dfsg-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine nodejs-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende nodejs, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/nodejs

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5170.data" diff --git a/danish/security/2022/dsa-5171.wml b/danish/security/2022/dsa-5171.wml deleted file mode 100644 index c291e22ee98..00000000000 --- a/danish/security/2022/dsa-5171.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="bf3aefbd9be97d0ca8c1685ef203e418a303094c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i proxycacheserveren Squid:

- -
    - -
  • CVE-2021-28116 - -

    Amos Jeffries opdagede en informationslækage hvis WCCPv2 er - aktiveret

    • - -
  • CVE-2021-46784 - -

    Joshua Rogers opdagede at en fejl i fortolkningen af svar fra - Gopher-server, kunne medføre lammelsesangreb

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 4.6-1+deb10u7.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 4.13-10+deb11u1.

- -

Vi anbefaler at du opgraderer dine squid-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende squid, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/squid

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5171.data" diff --git a/danish/security/2022/dsa-5172.wml b/danish/security/2022/dsa-5172.wml deleted file mode 100644 index cd8d0560736..00000000000 --- a/danish/security/2022/dsa-5172.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="7a91332cbe4e13b6add69518f00c374ed6bcda96" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre til udførelse af vilkårlig kode eller -spoofing.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 91.11.0esr-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 91.11.0esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5172.data" diff --git a/danish/security/2022/dsa-5173.wml b/danish/security/2022/dsa-5173.wml deleted file mode 100644 index 62f2beaa641..00000000000 --- a/danish/security/2022/dsa-5173.wml +++ /dev/null @@ -1,290 +0,0 @@ -#use wml::debian::translation-check translation="56cd72821e38080a5918e1d806721388e90fd0f6" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til en -rettighedsforøgelse, lammelsesangreb eller informationlækager.

- -
    - -
  • CVE-2021-4197 - -

    Eric Biederman rapporterede at ukorrekt rettighedskontrol i - implementeringen af cgroup-procesmigrering, kunne gøre det muligt for en - lokal angriber at forøge rettigheder.

    • - -
  • CVE-2022-0494 - -

    scsi_ioctl() var sårbar over for en informationslækage, som kun kunne - udnyttes af brugere med kapabiliteterne CAP_SYS_ADMIN eller - CAP_SYS_RAWIO.

    • - -
  • CVE-2022-0812 - -

    Man opdagede at RDMA-transporten til NFS (xprtrdma) fejlberegnede - størrelsen af meddelelsesheadere, hvilket kunne føre til en lækage af - følsomme oplysninger mellemen NFS-servere og -klienter.

    • - -
  • CVE-2022-0854 - -

    Ali Haider opdagede en potentiel informationslækage i DMA-undersystemet. - På systemer, hvor funktionaliteten swiotlb er nødvendig, kunne det være - muligt for en lokal bruger at læse følsomme oplysninger.

    • - -
  • CVE-2022-1011 - -

    Jann Horn opdagede en fejl i implementeringen af FUSE (Filesystem in - User-Space). En lokal bruger med rettigheder til at mounte - FUSE-filsystemer, kunne udnytte fejlen til at forårsage en anvendelse efter - frigivelse og læsning af følsomme oplysninger.

    • - -
  • CVE-2022-1012, - CVE-2022-32296 - -

    Moshe Kol, Amit Klein og Yossi Gilad opdagede en svaghed i den tilfældige - udvælgelse af TCP-kildeporte.

    • - -
  • CVE-2022-1016 - -

    David Bouman opdagede en fejl i undersystemet netfilter, hvor funktionen - nft_do_chain ikke initialiserede registerdata, som nf_tables-udtryk kan læse - fra og skrive til. En lokal angriber kunne drage nytte af fejlen til at - læse følsomme oplysninger.

    • - -
  • CVE-2022-1048 - -

    Hu Jiahui opdagede en kapløbstilstand i sound-undersystemet, hvilken - kunne medføre en anvendelse efter frigivelse. En lokal bruger med - rettigheder til at tilgå en PCM-lydenhed, kunne drage nytte af fejlen til at - få systemet til at gå ned eller potentielt til rettighedsforøgelse.

    • - -
  • CVE-2022-1195 - -

    Lin Ma opdagede kapløbstilstande i amatørradiodriverne 6pack og mkiss, - hvilke kunne føre til en anvendelse efter frigivelse. En lokal bruger kunne - udnytte fejlene til at forårsage lammelsesangreb (hukommelseskorruption - eller nedbrud) eller muligvis til rettighedsforøgelse.

    • - -
  • CVE-2022-1198 - -

    Duoming Zhou opdagede en kapløbstilstand i amatørradiodriveren 6pack, - hvilken kunne føre til en anvendelse efter frigivelse. En lokal bruger - kunne udnytte fejlen til at forårsage et lammelsesangreb - (hukommelseskorruption eller nedbrud) eller potentielt til - rettighedsforøgelse.

    • - -
  • CVE-2022-1199, - CVE-2022-1204, - CVE-2022-1205 - -

    Duoming Zhou opdagede kapløbstilstande i amatørradioprotokollen AX.25, - hvilke kunne føre til en anvendelse efter frigivelse eller - nullpointer-dereference. En lokal bruger kunne udnytte fejlen til at - forårsage et lammelsesangreb (hukommelseskorruption eller nedbrud) eller - muligvis til rettighedsforøgelse.

    • - -
  • CVE-2022-1353 - -

    Værktøjet TCS Robot fandt en informationslækage i undersystemet PF_KEY. - En lokal bruger kunne modtage en netlink-meddelelse, når en IPsec-dæmon - registrerede sig hos kernen, og dette kunne indeholde følsomme - oplysninger.

    • - -
  • CVE-2022-1419 - -

    Minh Yuan opdagede en kapløbstilstand i den virtuelle GPU-driver vgem, - hvilken kunne føre til en anvendelse efter frigivelse. En lokal bruger med - rettigheder til at tilgå GPU-enheden, kunne udnytte fejlen til at forårsage - et lammelsesangreb (nedbrud eller hukommelseskorruption) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2022-1516 - -

    En NULL-pointerdereferencefejl i implementeringen af X.25-sættet af - standardiserede netværksprotokoller, kunne medføre lammelsesangreb.

    - -

    Denne driver er ikke aktiveret i Debians officielle - kerneopsætninger.

    • - -
  • CVE-2022-1652 - -

    Minh Yuan opdagede en kapløbstilstand i floppy-driveren, hvilken kunne - føre til en anvendelse efter frigivelse. En lokal bruger med rettigheder - til at tilgå en diskettedrevsenhed, kunne udnytte fejlen til at forårsage - et lammelsesangreb (nedbrud eller hukommelseskorruption) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2022-1729 - -

    Norbert Slusarek opdagede en kapløbstilstand i perf-undersystemet, - hvilken kunne medføre lokal rettighedsforøgelse til root. - Standardindstillingerne i Debian forhindrer udnyttelse, med mindre mere - lempelige rettighedsindstillinger er opsat i sysctl'en - kernel.perf_event_paranoid.

    • - -
  • CVE-2022-1734 - -

    Duoming Zhou opdagede kapløbstilstande i NFC-driveren nfcmrvl, hvilke - kunne føre til en anvendelse efter frigivelse, dobbelt frigivelse eller - null-pointerdereference. En lokal bruger kunne være i stand til at udnytte - disse fejl til lammelsesangreb (nedbrud eller hukommelseskorruption) eller - muligvis til rettighedsforøgelse.

    - -

    Denne driver er ikke aktiveret i Debians officielle - kerneopsætninger.

    • - -
  • CVE-2022-1974, - CVE-2022-1975 - -

    Duoming Zhou opdagede at NFC-netlinkgrænsefladen var sårbar over for et - lammelsesangreb.

    • - -
  • CVE-2022-2153 - -

    kangel rapporterede om en fejl i KVM-implementeringen til - x86-processorer, hvilken kunne føre til en null-pointerdereference. En - lokal bruger med rettigheder til at tilgå /dev/kvm, kunne udnytte fejlen - til at forårsage et lammelsesangreb (nedbrud).

    • - -
  • CVE-2022-21123, - CVE-2022-21125, - CVE-2022-21166 - -

    Forskellige efterforskerere opdagede fejl i Intel x86-processorer, samlet - betegnet som MMIO Stale Data-sårbarheder. Disse svarer til de tidligere - offentliggjorte Microarchitectural Data Sampling-problemer (MDS), og kunne - udnyttes af lokale brugere til at lække følsome oplysninger.

    - -

    For nogle CPU'er, kræver afhjælpelserne af disse problemer opdateret - mikrokode. En opdateret intel-microcode-pakke, kan senere blive stillet til - rådighed. Den opdaterede CPU-mikrokode kan også blive gjort tilgængelige - som en del af en systemfirmware-opdatering (BIOS).

    - -

    Flere oplysninger om afhjælpelserne, finder man i - - eller i pakken linux-doc-4.19.

    • - -
  • CVE-2022-23960 - -

    Efterforskere ved VUSec opdagede at Branch History Buffer i - Arm-processorer, kunne udnyttes til at oprette informationssidekanaler med - spekulativ udførelse. Problemet svarer til Spectre variant 2, men kræver - yderligere afhjælpelser i nogle processorer.

    - -

    Dette blev tidligere afhjulpet for 32 bit-Arm-arkitekturer (armel og - armhf), og er nu også afhjulpet for 64 bit-Arm (arm64).

    - -

    Det kunne udnyttes til at få adgang til følsomme oplysninger fra en - anden sikkerhedskontekst, så som brugerrum til kernen, eller fra en KVM-gæst - til kernen.

    • - -
  • CVE-2022-26490 - -

    Bufferoverløb i coredriveren STMicroelectronics ST21NFCA, kunne medføre - lammelsesangreb eller rettighedsforøgelse.

    - -

    Denne driver er ikke aktiveret i Debians officielle - kerneopsætninger.

    • - -
  • CVE-2022-27666 - -

    valis rapporterede om et muligt bufferoverløb i IPsec - ESP-transformationskoden. En lokal bruger kunne drage nytte af fejlen til - at forårsage et lammelsesangreb eller til rettighedsforøgelse.

    • - -
  • CVE-2022-28356 - -

    Beraphin opdagede at ANSI/IEEE 802.2 LLC type 2-driveren ikke på - korrekt vis udførte referenceoptælling på nogle fejlstier. En lokal - angriber kunne drage nytte af fejlen til at forårsage - lammelsesangreb.

    • - -
  • CVE-2022-28388 - -

    En dobbelt frigivelse-sårbarhed blev opdaget i 8 devices' - USB2CAN-grænsefladedriver.

    • - -
  • CVE-2022-28389 - -

    En dobbelt frigivelse-sårbarhed blev opdaget i Microchip CAN BUS - Analyzers grænsefladedriver.

    • - -
  • CVE-2022-28390 - -

    En dobbelt frigivelse-sårbarhed blev opdaget i EMS CPC-USB/ARM7 - CAN/USB-grænsefladedriver.

    • - -
  • CVE-2022-29581 - -

    Kyle Zeng opdagede en referenceoptællingsfejl i netværksklassifikatoren - cls_u32, hvilken kunne føre til en anvendelse efter frigivelse. En lokal - bruger kunne udnytte fejlen til at forårsage et lammelsesangreb (nedbrud - eller hukommelseskorruption) eller muligvis til - rettighedsforøgelse.

    • - -
  • CVE-2022-30594 - -

    Jann Horn opdagede en fejl i samspillet mellem undersystemerne ptrace og - seccomp. En proces lagt i en sandkasse ved hjælp af seccomp(), men stadig - med rettigheder til at anvende ptrace(), kunne udnytte fejlen til at fjerne - seccomp-begrænsningerne.

    • - -
  • CVE-2022-32250 - -

    Aaron Adams opdagede en anvendelse efter frigivelse i Netfilter, hvilken - kunne medføre lokal rettighedsforøgelse til root.

    • - -
  • CVE-2022-33981 - -

    Yuan Ming fra Tsinghua University rapporterede om en kapløbstilstand i - floppy-driveren, som involverede anvendelse af ioctl'en FDRAWCMD, hvilken - kunne føre til en anvendelse efter frigivelse. En lokal bruger med adgang - til en diskettedrevsenhed, kunne udnytte fejlen til at forårsage et - lammelsesangreb (nedbrud eller hukommelseskorruption) eller muligvis til - rettighedsforøgelse. Denne ioctl er nu blevet deaktiveret som - standard.

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer -rettet i version 4.19.249-2.

- -

På grund af et problem med signeringstjensten (jf. Debians fejl #1012741), -kan modulet vport-vxlan ikke indlæses i den signerede kerne på amd64 i denne -opdatering.

- -

Denne opdatering retter også en regression i undersystemet network scheduler -(fejl #1013299).

- -

For 32 bit-Arm-arkitekturer (armel og armhf), aktiverer denne opdateringer -optimerede implementeringer af flere kryptografiske og CRC-algoritmer. For i -hvert fald AES skulle dette fjerne en timing-sidekanal, der kunne føre til en -lækage af følsomme oplysninger.

- -

Denne opdatering indeholder mange flere fejlrettelser fra de stabile -opderinger 4.19.236-4.19.249, begge inklusive, herunder af fejl #1006346. -Random-driveren er tilbageført fra Linux 5.19, hvilket retter talrige -ydelses- og korrekthedsproblemer. Nogle ændringer vil være synlige:

- -
    - -
  • Entropipuljestørrelsen er nu 256 bit, i stedet for 4096. Du kan være - nødt til at justere opsætningen af systemovervågnings- eller - brugerrumsentropi-opsamlingstjenster, til at tage højde for ændringen.
    • - -
  • På systemer uden en hardware-RNG, vil kernen måske logge flere - anvendelser af /dev/urandom, før den er helt initialiseret. Disse - anvendelser blev tidligere optalt for lavt, og er dermed ikke en - regression.
    • - -
- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5173.data" diff --git a/danish/security/2022/dsa-5174.wml b/danish/security/2022/dsa-5174.wml deleted file mode 100644 index fedfcb5a525..00000000000 --- a/danish/security/2022/dsa-5174.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="164444cbecfd020d8d175f39ee937174aa31976a" mindelta="1" -sikkerhedsopdatering - -

Demi Marie Obenour opdagede en fejl i GnuPG, som muliggjorde -signaturforfalskning ved hjælp af vilkårlig indsprøjtning i statuslinjen. En -angriber, der kontrollerer den hemmelige del af enhver signeringskapabel nøgle -eller undernøgle i offerets nøglering, kunne drage nytte af fejlen til at -levere en korrekt formateret signatur, som nogle programmer, herunder gpgme, -accepterer som værende gyldig, og med et underskriftsfingeraftryk valgt af -angriberen.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 2.2.12-1+deb10u2.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.2.27-2+deb11u2.

- -

Vi anbefaler at du opgraderer dine gnupg2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gnupg2, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/gnupg2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5174.data" diff --git a/danish/security/2022/dsa-5177.wml b/danish/security/2022/dsa-5177.wml deleted file mode 100644 index dcff02ec3e5..00000000000 --- a/danish/security/2022/dsa-5177.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e2f261a78f5eafa8da8ff87ec1ff505aa2222ca7" mindelta="1" -security update - -

Arseniy Sharoglazov opdagede adskillige sikkerhedsproblemer i LDAP Account -Manager (LAM), en webfrontend til håndtering af konti i en LDAP-directory, -hvilke kunne medføre informationsafsløring eller uautentificeret fjernudførelse -af kode.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 8.0.1-0+deb11u1.

- -

Vi anbefaler at du opgraderer dine ldap-account-manager-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende ldap-account-manager, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/ldap-account-manager

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5177.data" diff --git a/danish/security/2022/dsa-5178.wml b/danish/security/2022/dsa-5178.wml deleted file mode 100644 index bae83d97547..00000000000 --- a/danish/security/2022/dsa-5178.wml +++ /dev/null @@ -1,46 +0,0 @@ -#use wml::debian::translation-check translation="006fd719ddd7701428df2e4ab411c878c33ce4ba" mindelta="1" -sikkerhedsopdatering - -

Denne opdatering indeholder opdateret CPU-mikrokode til nogle af Intel -CPU-typer, med afhjælpelse af sikkerhedssårbarheder.

- - - -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 3.20220510.1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 3.20220510.1~deb11u1.

- -

Vi anbefaler at du opgraderer dine intel-microcode-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende intel-microcode, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/intel-microcode

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5178.data" diff --git a/danish/security/2022/dsa-5179.wml b/danish/security/2022/dsa-5179.wml deleted file mode 100644 index 67748b76721..00000000000 --- a/danish/security/2022/dsa-5179.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="435683d1174de7bc10428da6d5d629b10af1ce9e" mindelta="1" -sikkerhedsopdatering - -

Charles Fol opdagede to sikkerhedsproblemer i PHP, et vidt udbredt og -generelt anvendeligt open source-skriptsprog, hvilke kunne medføre -lammelsesangreb eller potentielt udførelse af vilkårlig kode:

- -
    - -
  • CVE-2022-31625 - -

    Ukorrekt hukommelseshåndtering i funktionen pg_query_params().

    • - -
  • CVE-2022-31626 - -

    Et bufferoverløb i mysqld-udvidelsen.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 7.4.30-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine php7.4-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende php7.4, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/php7.4

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5179.data" diff --git a/danish/security/2022/dsa-5180.wml b/danish/security/2022/dsa-5180.wml deleted file mode 100644 index a843a6c6e5c..00000000000 --- a/danish/security/2022/dsa-5180.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="99b73dca9061f1edfdd9f7595a030a00eb47452c" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 103.0.5060.114-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5180.data" diff --git a/danish/security/2022/dsa-5181.wml b/danish/security/2022/dsa-5181.wml deleted file mode 100644 index 47e68e46a97..00000000000 --- a/danish/security/2022/dsa-5181.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="3f23b56e7451102ddf68b78669a3f961f3d25e97" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i Request Tracker, et udvidbart system til -sporing af fejlrapporter.

- -
    - -
  • CVE-2022-25802 - -

    Man opdagede at Request Tracker var sårbar over for et angreb i - forbindelse med udførelse af skripter på tværs af websteder (XSS), når der - blev vist indhold med forfalskede indholdstyper.

    • - -
- -

Yderligere opdagede man at Request Tracker ikke udførte en komplet -rettighedskontrol ved tilgang til skræddersyede fil- eller billedtypefelter, -muligvis gørende det muligt at tilgå disse skræddersyede felter for brugere uden -rettigheder til at tilgå de tilknyttede objekter, medførende -informationsafsløring.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 4.4.3-2+deb10u2.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 4.4.4+dfsg-2+deb11u2.

- -

Vi anbefaler at du opgraderer dine request-tracker4-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende request-tracker4, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/request-tracker4

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5181.data" diff --git a/danish/security/2022/dsa-5182.wml b/danish/security/2022/dsa-5182.wml deleted file mode 100644 index a86ae717c68..00000000000 --- a/danish/security/2022/dsa-5182.wml +++ /dev/null @@ -1,35 +0,0 @@ -#use wml::debian::translation-check translation="b1de770d6b0dfde17e3b2206eca31c5b7bc39809" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren WebKitGTK:

- -
    - -
  • CVE-2022-22677 - -

    En anonym efterforsker opdagede at videoen i et webRTC-opkald, kunne - blive afbrudt hvis lydoptagelsen blev afbrudt.

    • - -
  • CVE-2022-26710 - -

    Chijin Zhou opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 2.36.4-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.36.4-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5182.data" diff --git a/danish/security/2022/dsa-5183.wml b/danish/security/2022/dsa-5183.wml deleted file mode 100644 index 640a4a85dce..00000000000 --- a/danish/security/2022/dsa-5183.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="d09e45f00b67053edac6ab89569b7cd9da293e38" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget webmotoren WPE WebKit:

- -
    - -
  • CVE-2022-22677 - -

    En anonym efterforsker opdagede at videoen i et webRTC-opkald, kunne - blive afbrudt hvis lydoptagelsen blev afbrudt.

    • - -
  • CVE-2022-26710 - -

    Chijin Zhou opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.36.4-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine wpewebkit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpewebkit, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpewebkit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5183.data" diff --git a/danish/security/2022/dsa-5184.wml b/danish/security/2022/dsa-5184.wml deleted file mode 100644 index dbf6b0615d9..00000000000 --- a/danish/security/2022/dsa-5184.wml +++ /dev/null @@ -1,25 +0,0 @@ -#use wml::debian::translation-check translation="0e15219c67c419f6ccdb0f041ab3fedd1ea44795" mindelta="1" -sikkerhedsopdatering - -

Adskillige sårbarheder er opdaget i hypervisor'en Xen, hvilke kunne medføre -rettighedsforøgelse. Desuden indeholder denne opdatering en afhjælpelse af det -spekulativ udførelse-angreb kaldet Retbleed samt MMIO stale -data-sårbarhederne.

- -

For yderligere oplysninger, så følgende sider: -https://xenbits.xen.org/xsa/advisory-404.html -https://xenbits.xen.org/xsa/advisory-407.html

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 4.14.5+24-g87d90d511c-1.

- -

Vi anbefaler at du opgraderer dine xen-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xen, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xen

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5184.data" diff --git a/danish/security/2022/dsa-5185.wml b/danish/security/2022/dsa-5185.wml deleted file mode 100644 index b920cb08a2e..00000000000 --- a/danish/security/2022/dsa-5185.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="3b7d95dd5d41249db787b663174ded57b828f5e9" mindelta="1" -sikkerhedsopdatering - -

En mappegennemløbssårbarhed blev opdaget i Metadata Anonymisation Toolkit, -hvilken kunne medføre informationsafsløring gennem et misdannet ZIP-arkiv.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 0.8.0-3+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 0.12.1-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine mat2-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mat2, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mat2

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5185.data" diff --git a/danish/security/2022/dsa-5186.wml b/danish/security/2022/dsa-5186.wml deleted file mode 100644 index 681dd8ef7d9..00000000000 --- a/danish/security/2022/dsa-5186.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="7e7fa475850d0e6a7f96393074f1e0fdc84ccf45" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder i forbindelse med udførelse af skripter på tværs af websteder, -blev opdaget i Django Rest Framework, et værktøjssæt til opbygning af -web-API'er.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 3.9.0-1+deb10u1.

- -

Den stabile distribution (bullseye) er ikke påvirket.

- -

Vi anbefaler at du opgraderer dine djangorestframework-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende djangorestframework, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/djangorestframework

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5186.data" diff --git a/danish/security/2022/dsa-5187.wml b/danish/security/2022/dsa-5187.wml deleted file mode 100644 index 1d8ad12f2be..00000000000 --- a/danish/security/2022/dsa-5187.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="09467d1249c09802b9228633d273504648ffe4f6" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 103.0.5060.134-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5187.data" diff --git a/danish/security/2022/dsa-5188.wml b/danish/security/2022/dsa-5188.wml deleted file mode 100644 index 21daa18838e..00000000000 --- a/danish/security/2022/dsa-5188.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="751424b394ca901a4f1d8c0367cc1bf988032bf5" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, hvilke kunne medføre -udførelse af vilkårlig Java-bytecode eller omgåelse af Java-sandkassen.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 11.0.16+8-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 11.0.16+8-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine openjdk-11-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-11, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-11

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5188.data" diff --git a/danish/security/2022/dsa-5189.wml b/danish/security/2022/dsa-5189.wml deleted file mode 100644 index 1baf5bc5d7a..00000000000 --- a/danish/security/2022/dsa-5189.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="c3d11b2ea96d3dd5334b32e1eeafd0eb82c42f1d" mindelta="1" -sikkerhedsopdatering - -

Simon Josefsson opdagede en hukommelseslæsning uden for grænserne i GNU SASL, -en implementering af frameworket Simple Authentication and Security Layer, -hvilken kunne medføre lammelsesangreb.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1.8.0-8+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.10.0-4+deb11u1.

- -

Vi anbefaler at du opgraderer dine gsasl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gsasl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gsasl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5189.data" diff --git a/danish/security/2022/dsa-5190.wml b/danish/security/2022/dsa-5190.wml deleted file mode 100644 index 132f821962d..00000000000 --- a/danish/security/2022/dsa-5190.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="0040418538f743c060704c1f2c0b3518764c782f" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at SPIP, en webstedsmotor til udgivelse, gjorde det muligt for -en ondsindet bruger, at udføre vilkårlig kode eller forøge rettigheder.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 3.2.4-1+deb10u9.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 3.2.11-3+deb11u5.

- -

Vi anbefaler at du opgraderer dine spip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende spip, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/spip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5190.data" diff --git a/danish/security/2022/dsa-5191.wml b/danish/security/2022/dsa-5191.wml deleted file mode 100644 index aed14c74a97..00000000000 --- a/danish/security/2022/dsa-5191.wml +++ /dev/null @@ -1,60 +0,0 @@ -#use wml::debian::translation-check translation="fa7bd3e4644f60a727dbe8b56ea07b03f7ff7fc2" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til -rettighedsforøgelse, lammelsesangreb eller informationslækager:

- -
    - -
  • CVE-2021-33655 - -

    En bruger med adgang til en framebuffer-console-driver, kunne forårsage - en hukommelsesskrivning udenfor grænserne via ioctl'en - FBIOPUT_VSCREENINFO.

    • - -
  • CVE-2022-2318 - -

    En anvendelse efter frigivelse i understøttelsen af Amateur Radio X.25 - PLP (Rose), kunne medføre lammelsesangreb.

    • - -
  • CVE-2022-26365, - CVE-2022-33740, - CVE-2022-33741, - CVE-2022-33742 - -

    Roger Pau Monne opdagede at Xens block- og network-PV-enhedsfrontends, - ikke nulstillede hukommelsesregioner før de blev delt med backend'en, - hvilket kunne medføre informationsafsløring. Desuden blev der opdaget at - granttabellens granularitet ikke tillod deling af mindre end en 4k-side, - hvilket også kunne medføre informationsafsløring.

    • - -
  • CVE-2022-33743 - -

    Jan Beulich opdagede at ukorrekt hukommelseshåndtering i Xens - netværksbackend, kunne føre til lammelsesangreb.

    • - -
  • CVE-2022-33744 - -

    Oleksandr Tyshchenko opdagede at ARM Xen-gæster kunne forårsage et - lammelsesangreb mod Dom0 gennem paravirtuelle enheder.

    • - -
  • CVE-2022-34918 - -

    Arthur Mongodin opdagede et heapbufferoverløb i undersystemet Netfilter, - hvilket kunne medføre lokal rettighedsforøgelse.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.10.127-2.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5191.data" diff --git a/danish/security/2022/dsa-5192.wml b/danish/security/2022/dsa-5192.wml deleted file mode 100644 index c6c1e5386e7..00000000000 --- a/danish/security/2022/dsa-5192.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="a728c276b0894d7147b62196294d7422fd8afa0b" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i OpenJDK's Java-runtime, hvilke kunne medføre -udførelse af vilkårlig Java-bytecode eller omgåelse af Java-sandkassen.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 17.0.4+8-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine openjdk-17-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende openjdk-17, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/openjdk-17

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5192.data" diff --git a/danish/security/2022/dsa-5193.wml b/danish/security/2022/dsa-5193.wml deleted file mode 100644 index 02cb387c43c..00000000000 --- a/danish/security/2022/dsa-5193.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="69b28da477cec0e43e1c85874cd9922b7d39ee3e" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke kunne medføre spoofing.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 91.12.0esr-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 91.12.0esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5193.data" diff --git a/danish/security/2022/dsa-5194.wml b/danish/security/2022/dsa-5194.wml deleted file mode 100644 index 5f760f8e6b3..00000000000 --- a/danish/security/2022/dsa-5194.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="9f5830ca77290ac240f48ff0daff4d4dcf749446" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Booth, et klynge-tickethåndteringssystem, ikke på korrekt vis -begrænsede intra-node-kommunikation, når programmet var opsat med -opsætningsdirektivet authfile.

- -

I den gamle stabile distribution (buster), er dette problem rettet -i version 1.0-162-g27f917f-2+deb10u1.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.0-237-gdd88847-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine booth-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende booth, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/booth

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5194.data" diff --git a/danish/security/2022/dsa-5195.wml b/danish/security/2022/dsa-5195.wml deleted file mode 100644 index 2ce6602283f..00000000000 --- a/danish/security/2022/dsa-5195.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="dcb1c12853b04e68e76314636239c5cfa0f3f9a6" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre spoofing.

- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 1:91.12.0-1~deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:91.12.0-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5195.data" diff --git a/danish/security/2022/dsa-5196.wml b/danish/security/2022/dsa-5196.wml deleted file mode 100644 index 276c150a0d2..00000000000 --- a/danish/security/2022/dsa-5196.wml +++ /dev/null @@ -1,43 +0,0 @@ -#use wml::debian::translation-check translation="f9b3401db5e222ddd741acdd79fc20ed59ed8961" mindelta="1" -sikkerhedsopdatering - -

Flere sikkerhedssårbarheder er fundet i libpgjava, den officielle PostgreSQL -JDBC-driver.

- -
    - -
  • CVE-2020-13692 - -

    En XML External Entity-svaghed (XXE) blev fundet i PostgreSQL - JDBC.

    • - -
  • CVE-2022-21724 - -

    JDBC-driveren kontrollerede ikke om visse klasser implementerede det - forventede interface, før klassen blev instantieret. Det kunne føre til - udførelse af kode gennem vilkårlige klasser.

    • - -
  • CVE-2022-26520 - -

    En angriber (som kontrollerer jdbc-URLen eller -egenskaber) kunne kalde - java.util.logging.FileHandler til at skrive til vilkårlige filer gennem - loggerFile- og loggerLevel-forbindelsesegenkaber.

    • - -
- -

I den gamle stabile distribution (buster), er disse problemer rettet -i version 42.2.5-2+deb10u1.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 42.2.15-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine libpgjava-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libpgjava, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libpgjava

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5196.data" diff --git a/danish/security/2022/dsa-5197.wml b/danish/security/2022/dsa-5197.wml deleted file mode 100644 index 97cbf812e7d..00000000000 --- a/danish/security/2022/dsa-5197.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="e0c7eaf0ffb5979e75abcc9bd78207f4a2e70117" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedssårbarheder er opdaget i cURL, et -URL-overførselsbibliotek. Fejlene kunne gøre det muligt for fjernangribere at -få fat i følsomme oplysninger, lække autentifikations- eller cookieheaderdata, -eller muliggøre et lammelsesangreb.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 7.74.0-1.3+deb11u2.

- -

Vi anbefaler at du opgraderer dine curl-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende curl, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/curl

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5197.data" diff --git a/danish/security/2022/dsa-5198.wml b/danish/security/2022/dsa-5198.wml deleted file mode 100644 index 413604bacc2..00000000000 --- a/danish/security/2022/dsa-5198.wml +++ /dev/null @@ -1,38 +0,0 @@ -#use wml::debian::translation-check translation="d3c36081141f159ff0a43ff0c5bf3e0e2f57fde3" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer blev opdaget i Jetty, en Java-servlet-motor og --webserver.

- -
    - -
  • CVE-2022-2047 - -

    I Eclipse Jetty, ved fortolkning af autoritetssegementet hørende til en - http-scheme-URI, genkendte Jetty HttpURI-klassen fejlagtigt ugyldigt inddata - som et værtsnavn. Det kunne føre til fejl i et proxyscenarie.

    • - -
  • CVE-2022-2048 - -

    I Eclipse Jettys HTTP/2-serverimplementering, når der blev stødt på en - ugyldig HTTP/2-forespørgsel, var der en fejl i fejlhåndteringen, der kunne - medføre at de aktive forbindelser og tilhørende ressourcer ikke blev ryddet - op på korrekt vis. Det kunne medføre et lammelsesangreb, hvor der ikke var - tilstrækkeligt med ressourcer tilbage til at behandle korrekte - forespørgsler.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 9.4.39-3+deb11u1.

- -

Vi anbefaler at du opgraderer dine jetty9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende jetty9, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/jetty9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5198.data" diff --git a/danish/security/2022/dsa-5199.wml b/danish/security/2022/dsa-5199.wml deleted file mode 100644 index e1f26976f22..00000000000 --- a/danish/security/2022/dsa-5199.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="c740d92444183113153cfe61a85e5e1f027efa9a" mindelta="1" -sikkerhedsopdatering - -

Jan-Niklas Sohn opdagede at adskillige fejl i forbindelse med validering af -inddata i Xkb-udvidelsen hørende til X.org's X-server, kunne medføre -rettighedsforøgelse hvis X-serveren kørte som priviligeret.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2:1.20.11-1+deb11u2.

- -

Vi anbefaler at du opgraderer dine xorg-server-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende xorg-server, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/xorg-server

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5199.data" diff --git a/danish/security/2022/dsa-5200.wml b/danish/security/2022/dsa-5200.wml deleted file mode 100644 index 54c141c910f..00000000000 --- a/danish/security/2022/dsa-5200.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="81a0a0402619d89cad50ef1e7558d519e74ebb3a" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at libtirpc, et transport-uafhængigt RPC-bibliotek, ikke på -korrekt vis håndterede inaktive TCP-forbindelser. En fjernangriber kunne drage -nytte af fejlen til at forårsage et lammelsesangreb.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.3.1-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine libtirpc-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libtirpc, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libtirpc

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5200.data" diff --git a/danish/security/2022/dsa-5201.wml b/danish/security/2022/dsa-5201.wml deleted file mode 100644 index 47bea0d8c48..00000000000 --- a/danish/security/2022/dsa-5201.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="e8d40bf71f7cc63c5c0b60bce4a1f845d52d9086" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 104.0.5112.79-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5201.data" diff --git a/danish/security/2022/dsa-5202.wml b/danish/security/2022/dsa-5202.wml deleted file mode 100644 index 9e3abb6b38b..00000000000 --- a/danish/security/2022/dsa-5202.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="3a206fecfc1df5d752e4250343dc6bb6952ff4b0" mindelta="1" -sikkerhedsopdatering - -

Sandipan Roy opdagede to sårbarheder i InfoZIP's unzipprogram, et -udpakningsprogram til .zip-filer, hvilke kunne medføre lammelsesangreb eller -potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 6.0-26+deb11u1.

- -

Vi anbefaler at du opgraderer dine unzip-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende unzip, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/unzip

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5202.data" diff --git a/danish/security/2022/dsa-5203.wml b/danish/security/2022/dsa-5203.wml deleted file mode 100644 index 1dcdbfe2b89..00000000000 --- a/danish/security/2022/dsa-5203.wml +++ /dev/null @@ -1,22 +0,0 @@ -#use wml::debian::translation-check translation="8db46aa0e33c250219b342a4397709dcb0b86258" mindelta="1" -sikkerhedsopdatering - -

Jaak Ristioja opdagede en dobbelt frigivelse-sårbarhed i GnuTLS, et bibliotek -til implementering af protokollerne TLS og SSL, under verifikation af -pkcs7-signaturer. En fjernangriber kunne drage nytte af fejlen til at få en -applikation, der anvender GnuTLS-biblioteket, til at gå ned (lammelsesangreb) -eller potentielt udførelse af vilkårlig kode.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 3.7.1-5+deb11u2.

- -

Vi anbefaler at du opgraderer dine gnutls28-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gnutls28, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gnutls28

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5203.data" diff --git a/danish/security/2022/dsa-5204.wml b/danish/security/2022/dsa-5204.wml deleted file mode 100644 index 91dd2ba5572..00000000000 --- a/danish/security/2022/dsa-5204.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="ed7c8c59ad31e240b99bdcd1c1e7172d1d355ce6" mindelta="1" -sikkerhedsopdatering - -

Adam Doupe opdagede adskillige sårbarheder i Gstreamer-plugins til demux af -Mastroska- og AVI-filer, hvilket kunne medføre lammelsesangreb eller udførelse -af vilkårlig kode.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1.18.4-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine gst-plugins-good1.0-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gst-plugins-good1.0, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gst-plugins-good1.0

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5204.data" diff --git a/danish/security/2022/dsa-5205.wml b/danish/security/2022/dsa-5205.wml deleted file mode 100644 index 820deb84638..00000000000 --- a/danish/security/2022/dsa-5205.wml +++ /dev/null @@ -1,56 +0,0 @@ -#use wml::debian::translation-check translation="cbe9cd7fab7b8b8992562b1757c8d4d429b5c67c" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Samba, en SMB/CIFS-fil-, -print- og -loginserver til Unix.

- -
    - -
  • CVE-2022-2031 - -

    Luke Howard rapporterede at Samba AD-brugere kunne omgå visse - begrænsninger i forbindelse med ændring af adgangskoder. En bruger, der er - blevet bedt om at skifte sin adgangskode, kunne udnytte fejlen til at få fat - i og anvende ticket til andre services.

    • - -
  • CVE-2022-32742 - -

    Luca Moro rapporterede at en SMB1-klient med skriveadgang til et share, - kunne forårsage at serverhukommelsesindhold kunne lækkes.

    • - -
  • CVE-2022-32744 - -

    Joseph Sutton rapporterede at Samba AD-brugere kunne fabrikere - adgangskodeændringsbeskeder for enhver bruger, medførende - rettighedsforøgelse.

    • - -
  • CVE-2022-32745 - -

    Joseph Sutton rapporterede at Samba AD-brugere kunne få serverprocessen - til at gå ned ved hjælp af en særligt fremstillet tilføjelses- eller - ændringsforespørgsel i LDAP.

    • - -
  • CVE-2022-32746 - -

    Joseph Sutton og Andrew Bartlett rapporterede at Samba AD-brugere kunne - forårsage en anvendelse efter frigivelse i serverprocessen, med en særligt - fremstillet tilføjelses- eller ændringsforespørgsel til LDAP.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2:4.13.13+dfsg-1~deb11u5. Rettelsen af -\ -CVE-2022-32745, krævede en opdatering af ldb 2:2.2.3-2~deb11u2, for at rette -fejlen.

- -

Vi anbefaler at du opgraderer dine samba-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende samba, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/samba

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5205.data" diff --git a/danish/security/2022/dsa-5206.wml b/danish/security/2022/dsa-5206.wml deleted file mode 100644 index e6a1cfdc489..00000000000 --- a/danish/security/2022/dsa-5206.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="bab458d574b4b45bba48034bc16dd70f3fa14303" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i Apache Traffic Server, en reverse- og -forwardproxyserver, hvilke kunne medføre smugling af HTTP-forespørgsler, -cacheforgiftning eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 8.1.5+ds-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine trafficserver-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende trafficserver, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/trafficserver

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5206.data" diff --git a/danish/security/2022/dsa-5207.wml b/danish/security/2022/dsa-5207.wml deleted file mode 100644 index 172d3bf0764..00000000000 --- a/danish/security/2022/dsa-5207.wml +++ /dev/null @@ -1,85 +0,0 @@ -#use wml::debian::translation-check translation="0413fa50844efcfa46bf7f8f7809d825fd42fffa" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder er opdaget i Linux-kernen, hvilke kunne føre til -rettighedsforøgelse, lammelsesangreb eller informationslækager.

- -
    - -
  • CVE-2022-2585 - -

    En fejl i forbindelse med anvendelse efter frigivelse i implementeringen - af POSIX CPU-timere, kunne medføre lammelsesangreb eller lokal - rettighedsforøgelse.

    • - -
  • CVE-2022-2586 - -

    En anvendelse efter frigivelse i undersystemet Netfilter, kunne medføre - lokal rettighedsforøgelse for en bruger med kapabiliteten CAP_NET_ADMIN i - ethvert bruger- eller netværksnavnerum.

    • - -
  • CVE-2022-2588 - -

    Zhenpeng Lin opdagede en fejl i forbindelse med anvendelse efter - frigivelse i implementeringen af filteret cls_route, hvilken kunne medføre - lokal rettighedsforøgelse for en bruger med kapabiliteten CAP_NET_ADMIN i - ethvert bruger- eller netværksnavnerum.

    • - -
  • CVE-2022-26373 - -

    Man opdagede at visse processorer med Intels Enhanced Indirect Branch - Restricted Speculation-muligheder (eIBRS), som er undtagelser til - dokumenterede egenskaber i nogle situationer, hvilket kunne medføre - informationsafsløring.

    - -

    Intels beskrivelse af problemet, kan findes på -

    • - -
  • CVE-2022-29900 - -

    Johannes Wikner og Kaveh Razavi rapporterede at for - AMD/Hygon-processorer, kunne fejltrænede forgreningsforudsigelser til - returinstruktioner, kunne muliggøre vilkårlig spekulativ kodeudførelse under - visse mikroarkitekturafhængige betingelser.

    - -

    En liste over påvirkede AMD CPU-typer, kan findes på -

    • - -
  • CVE-2022-29901 - -

    Johannes Wikner og Kaveh Razavi rapporterede at for Intel-processorer - (Intel Core generation 6, 7 og 8), var beskyttelsen mod indsprøjtningsangreb - i forbindelse med spekulative forgreningsmål, utilstrækkelig under nogle - omstændigheder, hvilken kunne muliggøre vilkårlig, spekulativ udførelse af - vilkårlig kode under visse mikroarkitekturafhængige betingelser.

    - -

    Flere oplysninger finder man på -

    • - -
  • CVE-2022-36879 - -

    En fejl blev opdaget i xfrm_expand_policies i undersystemet xfrm, hvilken - kunne forårsage at en referenceoptælling kunne blive smidt væk to - gange.

    • - -
  • CVE-2022-36946 - -

    Domingo Dirutigliano og Nicola Guerrera rapporterede om en - hukommelseskorruptionsfejl i undersystemet Netfilter, hvilken kunne medføre - lammelsesangreb.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.10.136-1.

- -

Vi anbefaler at du opgraderer dine linux-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende linux, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/linux

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5207.data" diff --git a/danish/security/2022/dsa-5208.wml b/danish/security/2022/dsa-5208.wml deleted file mode 100644 index bdb61a0040f..00000000000 --- a/danish/security/2022/dsa-5208.wml +++ /dev/null @@ -1,18 +0,0 @@ -#use wml::debian::translation-check translation="3e353809cc4b4860ceee3927702e52b1caed9dc3" mindelta="1" -sikkerhedsopdatering - -

Michael Catanzaro opdagede et bufferoverløb i webbrowseren Epiphany.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 3.38.2-1+deb11u3.

- -

Vi anbefaler at du opgraderer dine epiphany-browser-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende epiphany-browser, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/epiphany-browser

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5208.data" diff --git a/danish/security/2022/dsa-5209.wml b/danish/security/2022/dsa-5209.wml deleted file mode 100644 index 133ef812446..00000000000 --- a/danish/security/2022/dsa-5209.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="2230414c07eefed044d0e0a6c0a852ea4593f19b" mindelta="1" -sikkerhedsopdatering - -

Yu Zhang og Nanyu Zhong opdagede flere sårbarheder i net-snmp, en samling af -Simple Network Management Protocol-applikationer, hvilke kunne medføre -lammelsesangreb eller udførelse af vilkårlig kode.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.9+dfsg-4+deb11u1.

- -

Vi anbefaler at du opgraderer dine net-snmp-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende net-snmp, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/net-snmp

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5209.data" diff --git a/danish/security/2022/dsa-5210.wml b/danish/security/2022/dsa-5210.wml deleted file mode 100644 index 329019d9260..00000000000 --- a/danish/security/2022/dsa-5210.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="5b85430ed729e79fc9c5a6b5e4e7ef8318f3fd36" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren WebKitGTK:

- -
    - -
  • CVE-2022-32792 - -

    Manfred Paul opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-32816 - -

    Dohyun Lee opdagede at besøg hos et websted, der har placeret ondsindet - indhold i frames, kunne føre til UI-forfalskning.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.36.6-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5210.data" diff --git a/danish/security/2022/dsa-5211.wml b/danish/security/2022/dsa-5211.wml deleted file mode 100644 index fbc8239d9db..00000000000 --- a/danish/security/2022/dsa-5211.wml +++ /dev/null @@ -1,32 +0,0 @@ -#use wml::debian::translation-check translation="4d01667976e1539e2c1e4db20e640fadd9b41ed7" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren WPE WebKit:

- -
    - -
  • CVE-2022-32792 - -

    Manfred Paul opdagede at behandling af ondsindet fremstillet webindhold, - kunne føre til udførelse af vilkårlig kode.

    • - -
  • CVE-2022-32816 - -

    Dohyun Lee opdagede at besøg hos et websted, der har placeret ondsindet - indhold i frames, kunne føre til UI-forfalskning.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.36.6-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine wpewebkit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpewebkit, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpewebkit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5211.data" diff --git a/danish/security/2022/dsa-5212.wml b/danish/security/2022/dsa-5212.wml deleted file mode 100644 index b919f929703..00000000000 --- a/danish/security/2022/dsa-5212.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="099a605d13fa535371362cfbf27c522821a66428" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 104.0.5112.101-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5212.data" diff --git a/danish/security/2022/dsa-5213.wml b/danish/security/2022/dsa-5213.wml deleted file mode 100644 index 242ba9953a0..00000000000 --- a/danish/security/2022/dsa-5213.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="62a9347ab03f598f32fdf4026d71c301c4fe2962" mindelta="1" -sikkerhedsopdatering - -

Julian Gilbey opdagede at schroot, et værktøj som gør det muligt for brugere -at udføre kommandoer i et chroot-miljø, havde for lempelige regler for chroot- -eller sessionnavne, hvilket muliggjorde et lammelsesangreb mod schroot-servicen -for alle brugere, der kunne starte en schroot-session.

- -

Bemærk at eksisterende chroots og sessions kontrolleres under opgraderingen, -og en opgradering afbrydes hvis der i fremtiden genkendes ugyldige navne.

- -

Før opgraderingen kan der kigges efter problematiske sessioner og chroots med -følgende kommando:

- -schroot --list --all | LC_ALL=C grep -vE '^[a-z]+:[a-zA-Z0-9][a-zA-Z0-9_.-]*$' - -

Se - -for hvad man skal gøre i den situation.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.6.10-12+deb11u1.

- -

Vi anbefaler at du opgraderer dine schroot-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende schroot, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/schroot

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5213.data" diff --git a/danish/security/2022/dsa-5214.wml b/danish/security/2022/dsa-5214.wml deleted file mode 100644 index 903a7dbe721..00000000000 --- a/danish/security/2022/dsa-5214.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="40fa3843859f76888d9221a1ae28393eeb0f184b" mindelta="1" -sikkerhedsopdatering - -

Adskillige bufferoverløb blev opdaget i Kicad, en samling af programmer til -fremstilling af printplader, hvilke kunne medføre udførelse af vilkårlig kode, -ved misdannede Gerber/Excellon-filer.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 5.1.9+dfsg1-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine kicad-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende kicad, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/kicad

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5214.data" diff --git a/danish/security/2022/dsa-5215.wml b/danish/security/2022/dsa-5215.wml deleted file mode 100644 index 20e0e430c01..00000000000 --- a/danish/security/2022/dsa-5215.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="b1fbb16f1b5efdd791b29fa0eef5840dddbd1d5b" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed blev opdaget i open-vm-tools, en open source-implementering af -VMware Tools, hvilken gjorde det mulig for en upriviligeret gæst, at forøge sine -rettigheder som root-bruger i den virtuelle maskine.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2:11.2.5-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine open-vm-tools-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende open-vm-tools, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/open-vm-tools

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5215.data" diff --git a/danish/security/2022/dsa-5216.wml b/danish/security/2022/dsa-5216.wml deleted file mode 100644 index 5d213275afa..00000000000 --- a/danish/security/2022/dsa-5216.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="28a96c6b75cb4af39ababce6603e0f26120ea8b9" mindelta="1" -sikkerhedsopdatering - -

Nick Wellnhofer opdagede at funktionen xsltApplyTemplates i libxslt, et -runtimebibliotek til XSLT-behandling, var sårbar over for en fejl i forbindelse -med anvendelse efter frigivelse, medførende lammelsesangreb eller potentielt -udførelse af vilkårlig kode, hvis en særligt fremstillet fil blev behandlet.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1.1.34-4+deb11u1.

- -

Vi anbefaler at du opgraderer dine libxslt-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libxslt, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/libxslt

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5216.data" diff --git a/danish/security/2022/dsa-5217.wml b/danish/security/2022/dsa-5217.wml deleted file mode 100644 index b5e54f27d34..00000000000 --- a/danish/security/2022/dsa-5217.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="4e76b927afbed7234b15b70cbe973162603746b1" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode eller spoofing.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 91.13.0esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5217.data" diff --git a/danish/security/2022/dsa-5218.wml b/danish/security/2022/dsa-5218.wml deleted file mode 100644 index c988707ed8f..00000000000 --- a/danish/security/2022/dsa-5218.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="01ddff9e4465c15cc10ede6adadf71d61eead0ec" mindelta="1" -sikkerhedsopdatering - -

Evgeny Legerov rapporterede om en heapbaseret bufferoverløbssårbarhed i -inflate-handlingen i zlib, hvilken kunne medføre lammelsesangreb eller -potentielt udførelse af vilkårlig kode, hvis særligt fremstillet inddata blev -behandlet.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1:1.2.11.dfsg-2+deb11u2.

- -

Vi anbefaler at du opgraderer dine zlib-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende zlib, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/zlib

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5218.data" diff --git a/danish/security/2022/dsa-5219.wml b/danish/security/2022/dsa-5219.wml deleted file mode 100644 index da9b2ab23bb..00000000000 --- a/danish/security/2022/dsa-5219.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="23faf311c5609ca5f3e8f7b83ff607771d48ad37" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren WebKitGTK:

- -
    - -
  • CVE-2022-32893 - -

    En anonym efterforsker opdagede at behandling af ondsindet fremstillet - webindhold, kunne føre til udførelse af vilkårlig kode. Apple er opmærksom - på en rapport om at problemet har været aktivt udnyttet.

    • - -
- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.36.7-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5219.data" diff --git a/danish/security/2022/dsa-5220.wml b/danish/security/2022/dsa-5220.wml deleted file mode 100644 index 81078c5c44c..00000000000 --- a/danish/security/2022/dsa-5220.wml +++ /dev/null @@ -1,28 +0,0 @@ -#use wml::debian::translation-check translation="5eff97398b434a9348247cd1395f14ab9c002a66" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarheder er opdaget i webmotoren WPE WebKit:

- -
    - -
  • CVE-2022-32893 - -

    En anonym efterforsker opdagede at behandling af ondsindet fremstillet - webindhold, kunne føre til udførelse af vilkårlig kode. Apple er opmærksom - på en rapport om at problemet har været aktivt udnyttet.

    • - -
- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.36.7-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine wpewebkit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpewebkit, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpewebkit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5220.data" diff --git a/danish/security/2022/dsa-5221.wml b/danish/security/2022/dsa-5221.wml deleted file mode 100644 index 3e1aad12489..00000000000 --- a/danish/security/2022/dsa-5221.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="896737888bb26bdfa1365098c567402ce995de8a" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre lammelsesangreb eller udførelse af vilkårlig kode.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:91.13.0-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5221.data" diff --git a/danish/security/2022/dsa-5222.wml b/danish/security/2022/dsa-5222.wml deleted file mode 100644 index 6f00917e066..00000000000 --- a/danish/security/2022/dsa-5222.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="d4ab36a87f08d9ff56a4f4fa15790d60d2e5237e" mindelta="1" -sikkerhedsopdatering - -

Et bufferoverløb blev opdaget i vhost-koden i DPDK, et sæt biblioteker til -hurtig pakkebehandling, hvilken kunne medføre lammelsesangreb eller udførelse af -vilkårlig kode af ondsindede gæster/containere.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 20.11.6-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine dpdk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende dpdk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/dpdk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5222.data" diff --git a/danish/security/2022/dsa-5223.wml b/danish/security/2022/dsa-5223.wml deleted file mode 100644 index 19b7b0b2fbd..00000000000 --- a/danish/security/2022/dsa-5223.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="5b2340fdd339cb906561309b41a917d7700418f4" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 105.0.5195.52-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5223.data" diff --git a/danish/security/2022/dsa-5224.wml b/danish/security/2022/dsa-5224.wml deleted file mode 100644 index 724fa21df49..00000000000 --- a/danish/security/2022/dsa-5224.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="6d53064baf3dc7d50e8d7a0538338c43c3387b30" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i poppler, et bibliotek til PDF-rendering, hvilke -kunne medføre lammelsesangreb eller udførelse af vilkårlig kode, hvis en -misdannet PDF-fil eller JBIG2-billede blev behandlet.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 20.09.0-3.1+deb11u1.

- -

Vi anbefaler at du opgraderer dine poppler-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende poppler, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/poppler

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5224.data" diff --git a/danish/security/2022/dsa-5225.wml b/danish/security/2022/dsa-5225.wml deleted file mode 100644 index 920683a789e..00000000000 --- a/danish/security/2022/dsa-5225.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="fd0b71325e40ef5f98f9043c6f329258e7d8751e" mindelta="1" -sikkerhedsopdatering - -

Et sikkerhedsproblem blev opdaget i Chromium, hvilket kunne medføre udførelse -af vilkårlig kode.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 105.0.5195.102-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5225.data" diff --git a/danish/security/2022/dsa-5226.wml b/danish/security/2022/dsa-5226.wml deleted file mode 100644 index 4c36e7a981c..00000000000 --- a/danish/security/2022/dsa-5226.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="2746641fba7f4860adea81b9df950510dc59b99a" mindelta="1" -sikkerhedsopdatering - -

To sikkerhedsproblemer blev opdaget i pcs, et værktøj til opsætning af -corosync og pacemaker:

- -
    - -
  • CVE-2022-1049 - -

    Man opdagede at udløbne konti stadig var i stand til at logge ind via - PAM.

    • - -
  • CVE-2022-2735 - -

    Ondrej Mular opdagede at ukorrekte rettigheder til en Unix-socket opsat - til intern kommunikation, kunne medføre rettighedsforøgelse.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 0.10.8-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine pcs-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende pcs, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/pcs

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5226.data" diff --git a/danish/security/2022/dsa-5227.wml b/danish/security/2022/dsa-5227.wml deleted file mode 100644 index 5e831b25d34..00000000000 --- a/danish/security/2022/dsa-5227.wml +++ /dev/null @@ -1,24 +0,0 @@ -#use wml::debian::translation-check translation="528bc4e5d04ccadc8b122fc584d4ea0922382bba" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Gson, et Java-bibliotek der kan anvendes til at konvertere -Java-objekter til deres JSON-repræsentationer og omvendt, var sårbar over for en -deserialiseringsfejl. En applikation kunne deserialisere data, der ikke er -tillid til, uden på tilstrækkelig vis at kontrollere, at de dannede data var -gyldige, dermed kunne angriberen få kontrol over tilstanden eller afviklingen af -udførelsen. Det kunne føre til et lammelsesangreb eller endda udførelse af -vilkårlig kode.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.8.6-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine libgoogle-gson-java-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende libgoogle-gson-java, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/libgoogle-gson-java

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5227.data" diff --git a/danish/security/2022/dsa-5228.wml b/danish/security/2022/dsa-5228.wml deleted file mode 100644 index 6cb69f41cad..00000000000 --- a/danish/security/2022/dsa-5228.wml +++ /dev/null @@ -1,36 +0,0 @@ -#use wml::debian::translation-check translation="c5e6056b6cfe4c47b624ccc6e664ff19613d23b7" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i gdk-pixbuf, GDK's Pixbuf-bibliotek.

- -
    - -
  • CVE-2021-44648 - -

    Sahil Dhar rapporterede om en heapbaseret bufferoverløbssårbarhed, når - der blev dekodet en lzw-komprimeret billedatastream, hvilket kunne medføre - udførelse af vilkårlig kode eller lammelsesangreb, hvis et misdannet - GIF-billede blev behandlet.

    • - -
  • CVE-2021-46829 - -

    Pedro Ribeiro rapporterede om en heapbaseret bufferoverløbssårbarhed, - ved compositing eller clearing af frames i GIF-filer, hvilket kunne medføre - udførelse af vilkårlig kode eller lammelsesangreb, hvis misdannede - GIF-billeder blev behandlet.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 2.42.2+dfsg-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine gdk-pixbuf-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gdk-pixbuf, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/gdk-pixbuf

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5228.data" diff --git a/danish/security/2022/dsa-5229.wml b/danish/security/2022/dsa-5229.wml deleted file mode 100644 index 8e3c7c7d384..00000000000 --- a/danish/security/2022/dsa-5229.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="cf624b414730012e58e7a1817e16cd09ac838cc3" mindelta="1" -sikkerhedsopdatering - -

To sårbarheder blev opdaget i FreeCAD, et CAD/CAM-program, hvilke kunne -medføre udførelse af vilkårlige shell-kommandoer, når der blev åbnet en -misdannet fil.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 0.19.1+dfsg1-2+deb11u1.

- -

Vi anbefaler at du opgraderer dine freecad-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende freecad, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/freecad

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5229.data" diff --git a/danish/security/2022/dsa-5230.wml b/danish/security/2022/dsa-5230.wml deleted file mode 100644 index 9ed8e042fe2..00000000000 --- a/danish/security/2022/dsa-5230.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="fc26a1a5d14c72bf932cf3cdfdde435544b2bfc7" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 105.0.5195.125-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5230.data" diff --git a/danish/security/2022/dsa-5231.wml b/danish/security/2022/dsa-5231.wml deleted file mode 100644 index 3a784a687cd..00000000000 --- a/danish/security/2022/dsa-5231.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="0de71c884669ee44ab278768a2c98cf218b099ec" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i ConnMan, et netværkshåndteringsprogram til -indlejrede enheder, hvilket kunne meføre lammelsesangreb eller udførelse af -vilkårlig kode.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1.36-2.2+deb11u1.

- -

Vi anbefaler at du opgraderer dine connman-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende connman, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/connman

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5231.data" diff --git a/danish/security/2022/dsa-5232.wml b/danish/security/2022/dsa-5232.wml deleted file mode 100644 index cb9e695444d..00000000000 --- a/danish/security/2022/dsa-5232.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="0e22aa4e9083fe9f43c1a43f7bc11596c5449318" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at funktionen wordexp() i tinygltf, et bibliotek til indlæse og -gemme glTF-filer (GL Transmission Format), var sårbart over for -kommandoudførelse ved behandling af filer, der ikke er tillid til.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.5.0+dfsg-3+deb11u1.

- -

Vi anbefaler at du opgraderer dine tinygltf-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende tinygltf, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/tinygltf

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5232.data" diff --git a/danish/security/2022/dsa-5233.wml b/danish/security/2022/dsa-5233.wml deleted file mode 100644 index 94a2f1db8df..00000000000 --- a/danish/security/2022/dsa-5233.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="3c1e1bf5bdf14a4595ab40b5de0b7b01f00695da" mindelta="1" -sikkerhedsopdatering - -

Maher Azzouzi opdagede at manglende rensning af inddata i windowmanageren -Enlightenment, kunne medføre lokal rettighedsforøgelse til root.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 0.24.2-8+deb11u1.

- -

Vi anbefaler at du opgraderer dine e17-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende e17, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/e17

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5233.data" diff --git a/danish/security/2022/dsa-5234.wml b/danish/security/2022/dsa-5234.wml deleted file mode 100644 index 7f72e908f42..00000000000 --- a/danish/security/2022/dsa-5234.wml +++ /dev/null @@ -1,23 +0,0 @@ -#use wml::debian::translation-check translation="87b62ede06fbd3d69d5b0b5410c7c08820e1515a" mindelta="1" -sikkerhedsopdatering - -

En sårbarhed i forbindelse med udførelse af vilkårlig kode, blev opdaget i -fish, en kommandolinjeshell. Når fishs standardopsætning benyttes, ændring til -en mappe automatisk udførte `git`-kommander for at vise oplysninger om det -aktuelle repository på kommandolinjens prompt. Sådanne repositories kan -indeholde opsætninger for de enkelte repositories, som ændrer gits virkemåde, -herunder udførelse af vilkårlig kommandoer.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 3.1.2-3+deb11u1.

- -

Vi anbefaler at du opgraderer dine fish-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende fish, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/fish

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5234.data" diff --git a/danish/security/2022/dsa-5235.wml b/danish/security/2022/dsa-5235.wml deleted file mode 100644 index e44863c9e63..00000000000 --- a/danish/security/2022/dsa-5235.wml +++ /dev/null @@ -1,51 +0,0 @@ -#use wml::debian::translation-check translation="3508f9a531af1aca0b0e166eb9e274f958f07db9" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i BIND, en DNS-serverimplementering.

- -
    - -
  • CVE-2022-2795 - -

    Yehuda Afek, Anat Bremler-Barr og Shani Stajnrod opdagede at en fejl i - resolverkoden kunne medføre at named brugte al for megen tid på at behandle - store delegeringer, hvilket i betydelig grad forværede resolverens ydeevne - og medførte lammelsesangreb.

    • - -
  • CVE-2022-3080 - -

    Maksym Odinintsev opdagede at resolveren kunne gå ned når stale cache og - stale answers er aktiveret med stale-answer-timeout sat til nul. En - fjernangriber kunne drage nytte af fejlen til at forårsage et - lammelsesangreb (dæmonnedbrud) gennem særligt fremstillede forespørgsler til - resolveren.

    • - -
  • CVE-2022-38177 - -

    Man opdagede at DNSSEC-verifikationskode til ECDSA-algoritmen var sårbar - over for en hukommelseslækagefejl. En fjernangriber kunne drage nytte af - fejlen til at forårsage, at BIND forbrugte ressourcer, medførende et - lammelsesangreb.

    • - -
  • CVE-2022-38178 - -

    Man opdagede at DNSSEC-verifikationskode til EdDSA-algoritmen var sårbar - over for en hukommelseslækagefejl. En fjernangriber kunne drage nytte af - fejlen til at forårsage, at BIND forbrugte ressourcer, medførende et - lammelsesangreb.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:9.16.33-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine bind9-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende bind9, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/bind9

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5235.data" diff --git a/danish/security/2022/dsa-5236.wml b/danish/security/2022/dsa-5236.wml deleted file mode 100644 index 9425125e9dc..00000000000 --- a/danish/security/2022/dsa-5236.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="fa4d2720a7a9c952b26f190555b88a8617d2f056" mindelta="1" -sikkerhedsopdatering - -

Rhodri James opdagede en heapsårbarhed i forbindelse med anvendelse efter -frigivelse i funktionen doContent i Expat, et C-bibliotek til XML-fortolkning, -hvilken kunne medføre lammelsesangreb eller potentielt udførelse af vilkårlig -kode, hvis en misdannet XML-fil blev behandlet.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.2.10-2+deb11u4.

- -

Vi anbefaler at du opgraderer dine expat-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende expat, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/expat

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5236.data" diff --git a/danish/security/2022/dsa-5237.wml b/danish/security/2022/dsa-5237.wml deleted file mode 100644 index 998d53a0c56..00000000000 --- a/danish/security/2022/dsa-5237.wml +++ /dev/null @@ -1,29 +0,0 @@ -#use wml::debian::translation-check translation="056c7d3e1ab716c9f4f43368e7a895525176f3a9" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer er fundet i webbrowseren Mozilla Firefox, -hvilke potentielt kunne medføre udførelse af vilkårlig kode, CSP-omgåelse -eller sessionsfastholdelse.

- -

Debian følger Firefoxs udvidet support-udgivelser (ESR). Support af -91.x-serien er ophørt, så begyndende med denne opdatering, følger vi nu -102.x-udgivelserne.

- -

Mellem 91.x og 102.x, har Firefox haft en række funktionsopdateringer. -For flere oplysninger, se -\ -https://www.mozilla.org/en-US/firefox/102.0esr/releasenotes/

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 102.3.0esr-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine firefox-esr-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende firefox-esr, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/firefox-esr

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5237.data" diff --git a/danish/security/2022/dsa-5238.wml b/danish/security/2022/dsa-5238.wml deleted file mode 100644 index 22bae1496ea..00000000000 --- a/danish/security/2022/dsa-5238.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="85efc2fdf097f7bca6fcd70b832032abe20e14c0" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Thunderbird, hvilke kunne -medføre lammelsesangreb eller udførelse af vilkårlig kode.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:102.3.0-1~deb11u1. Debian følger Thunderbirds opstrømsudgivelser. -Support af 91.x-serien er ophørt, så begyndende med denne opdatering, -følger vi nu 102.x-serien.

- -

Vi anbefaler at du opgraderer dine thunderbird-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende thunderbird, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/thunderbird

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5238.data" diff --git a/danish/security/2022/dsa-5239.wml b/danish/security/2022/dsa-5239.wml deleted file mode 100644 index 769eccbe1dd..00000000000 --- a/danish/security/2022/dsa-5239.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="21128b97da1bf2d14697d8b29ad19b1b2ceba800" mindelta="1" -sikkerhedsopdatering - -

En heapbaseret bufferoverløbssårbarhed blev opdaget i gdal, et Geospatial -Data Abstraction Library, hvilket kunne medføre lammelsesangreb eller -potentielt udførelse af vilkårlig kode, hvis en særligt fremstillet fil blev -behandlet med PCIDSK-driveren.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 3.2.2+dfsg-2+deb11u2.

- -

Vi anbefaler at du opgraderer dine gdal-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende gdal, se -dens sikkerhedssporingssidede på: -\ -https://security-tracker.debian.org/tracker/gdal

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5239.data" diff --git a/danish/security/2022/dsa-5240.wml b/danish/security/2022/dsa-5240.wml deleted file mode 100644 index 3a85093475a..00000000000 --- a/danish/security/2022/dsa-5240.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="636bc59f4c060704d2037eaf8faa065fb2b450b7" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarhed er opdaget i webmotoren WebKitGTK:

- -
    - -
  • CVE-2022-32886 - -

    P1umer, afang5472 og xmzyshypnc opdagede at behandling af ondsindet - fremstillet webindhold, kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.38.0-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine webkit2gtk-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende webkit2gtk, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/webkit2gtk

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5240.data" diff --git a/danish/security/2022/dsa-5241.wml b/danish/security/2022/dsa-5241.wml deleted file mode 100644 index c67bec39fd7..00000000000 --- a/danish/security/2022/dsa-5241.wml +++ /dev/null @@ -1,27 +0,0 @@ -#use wml::debian::translation-check translation="5c7492196396829ab4360502df63c0f1d8c60dd0" mindelta="1" -sikkerhedsopdatering - -

Følgende sårbarhed er opdaget i webmotoren WPE WebKit:

- -
    - -
  • CVE-2022-32886 - -

    P1umer, afang5472 og xmzyshypnc opdagede at behandling af ondsindet - fremstillet webindhold, kunne føre til udførelse af vilkårlig kode.

    • - -
- -

I den stabile distribution (bullseye), er dette problem rettet i -version 2.38.0-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine wpewebkit-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende wpewebkit, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/wpewebkit

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5241.data" diff --git a/danish/security/2022/dsa-5242.wml b/danish/security/2022/dsa-5242.wml deleted file mode 100644 index 347c8800418..00000000000 --- a/danish/security/2022/dsa-5242.wml +++ /dev/null @@ -1,21 +0,0 @@ -#use wml::debian::translation-check translation="a4b4f7a78c584f96ae227e569434be34ce7c57cd" mindelta="1" -sikkerhedsopdatering - -

Man opdagede at Commandline-klassen i maven-shared-utils, en samling af -forskellige værktøjsklasser til buildsystemet Maven, kunne udsende strenge -med dobbelte anførelsestegn uden korrekt indkapsling, hvilket muliggjorde -shell-indsprøjtningsangreb.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 3.3.0-1+deb11u1.

- -

Vi anbefaler at du opgraderer dine maven-shared-utils-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende maven-shared-utils, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/maven-shared-utils

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5242.data" diff --git a/danish/security/2022/dsa-5243.wml b/danish/security/2022/dsa-5243.wml deleted file mode 100644 index 9d3bb53cc40..00000000000 --- a/danish/security/2022/dsa-5243.wml +++ /dev/null @@ -1,33 +0,0 @@ -#use wml::debian::translation-check translation="facb505d95d838491acb3aab03c314a249510e68" mindelta="1" -sikkerhedsopdatering - -

Flere sårbarheder blev opdaget i lighttpd, en hurtig webserver med et -minimalt hukommelsesaftryk.

- -
    - -
  • CVE-2022-37797 - -

    En ugyldig HTTP-forespørgsel (websocket-handshake) kunne medføre en - NULL-pointerdereference i modulet wstunnel.

    • - -
  • CVE-2022-41556 - -

    En ressourcelækage i mod_fastcgi og mod_scgi kunne føre til et - lammelsesangreb efter et stort antal dårlige HTTP-forespørgsler.

    • - -
- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1.4.59-1+deb11u2.

- -

Vi anbefaler at du opgraderer dine lighttpd-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende lighttpd, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/lighttpd

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5243.data" diff --git a/danish/security/2022/dsa-5244.wml b/danish/security/2022/dsa-5244.wml deleted file mode 100644 index 9bf658fb775..00000000000 --- a/danish/security/2022/dsa-5244.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="93d969541a5c0f01297890c3a71e037f4658d588" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 106.0.5249.61-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5244.data" diff --git a/danish/security/2022/dsa-5245.wml b/danish/security/2022/dsa-5245.wml deleted file mode 100644 index b61837e6857..00000000000 --- a/danish/security/2022/dsa-5245.wml +++ /dev/null @@ -1,19 +0,0 @@ -#use wml::debian::translation-check translation="33271c39a2770360c7a4c743fece7c3fade8b26d" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i Chromium, hvilke kunne medføre -udførelse af vilkårlig kode, lammelsesangreb eller informationsafsløring.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 106.0.5249.91-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine chromium-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende chromium, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/chromium

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5245.data" diff --git a/danish/security/2022/dsa-5246.wml b/danish/security/2022/dsa-5246.wml deleted file mode 100644 index 547bdd28a34..00000000000 --- a/danish/security/2022/dsa-5246.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="fea5704fb1e08a3f63c36a4e59ff004fd08f0b28" mindelta="1" -sikkerhedsopdatering - -

Adskillige sikkerhedsproblemer blev opdaget i MediaWiki, en webstedsmotor til -samarbejde, hvilke kunne medføre i begrænset omgåelse, informationslækager, -udførelse af skripter på tværs af websteder eller lammelsesangreb.

- -

I den stabile distribution (bullseye), er disse problemer rettet i -version 1:1.35.8-1~deb11u1.

- -

Vi anbefaler at du opgraderer dine mediawiki-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende mediawiki, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/mediawiki

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5246.data" diff --git a/danish/security/2022/dsa-5247.wml b/danish/security/2022/dsa-5247.wml deleted file mode 100644 index b96bdec81f6..00000000000 --- a/danish/security/2022/dsa-5247.wml +++ /dev/null @@ -1,20 +0,0 @@ -#use wml::debian::translation-check translation="03cd22032d668b282cf33a3e802cd099b8aa15a5" mindelta="1" -sikkerhedsopdatering - -

Douglas Mendizabal opdagede at Barbican, OpenStacks Key Management Service, -fortolkede på ukorrekt vis forespørgsler, hvilket kunne gøre det muligt for en -autentificeret bruger, at omgå Barbicans adgangsregler.

- -

I den stabile distribution (bullseye), er dette problem rettet i -version 1:11.0.0-3+deb11u1.

- -

Vi anbefaler at du opgraderer dine barbican-pakker.

- -

For detaljeret sikkerhedsstatus vedrørende barbican, se -dens sikkerhedssporingsside på: -\ -https://security-tracker.debian.org/tracker/barbican

- - -# do not modify the following line -#include "$(ENGLISHDIR)/security/2022/dsa-5247.data" diff --git a/danish/security/2022/index.wml b/danish/security/2022/index.wml deleted file mode 100644 index 87ddc39400d..00000000000 --- a/danish/security/2022/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="c427ae58768f49e24a1c6866e719648dc7078e1a" -Sikkerhedsbulletiner fra 2022 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2022', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/2023/Makefile b/danish/security/2023/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/2023/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/2023/index.wml b/danish/security/2023/index.wml deleted file mode 100644 index b6d965e6dd9..00000000000 --- a/danish/security/2023/index.wml +++ /dev/null @@ -1,14 +0,0 @@ -#use wml::debian::translation-check translation="3ea1ca0c202829c45394f7e5667bb4d0c08a2cdd" -Sikkerhedsbulletiner fra 2023 -#use wml::debian::template title="" GEN_TIME="yes" -#use wml::debian::recent_list - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/2023', '', 'dsa-\d+' ) :> - -

Du kan modtage de seneste sikkerhedsbulletiner fra Debian ved at abonnere -på vores postliste -\ -debian-security-announce. -Du kan også -\ -kigge i listens arkiv.

diff --git a/danish/security/undated/Makefile b/danish/security/undated/Makefile deleted file mode 100644 index 7e02cbb1a57..00000000000 --- a/danish/security/undated/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(subst webwml/danish,webwml/english,$(CURDIR))/Makefile diff --git a/danish/security/undated/index.wml b/danish/security/undated/index.wml deleted file mode 100644 index 135e53f23c1..00000000000 --- a/danish/security/undated/index.wml +++ /dev/null @@ -1,6 +0,0 @@ -#use wml::debian::template title="Sikkerhedsbulletiner fra sidst i '97 og tidligt i '98" GEN_TIME="yes" -#use wml::debian::recent_list -#use wml::debian::translation-check translation="118bbba7772258864cea0391dc2fcecd44b8f358" - -<:= get_recent_list ('.', '0', '$(ENGLISHDIR)/security/undated', 'list', '\d+\w*' ) :> - -- cgit v1.2.3